Meridian Credit — Lifecycle Management Platform

Portfolio Overview

CRE & Commercial — 18 connections · 34 obligors · as of 25 Mar 2026

Total Exposure

€487.3M

↑ €12.4M vs Q4 2025

Avg LTV (CRE)

61.4%

↑ 1.8pp — vs 65% limit

Avg DSCR

1.42x

Covenant min: 1.20x

Stage 2/3 Exposure

€64.1M

↑ €8.2M — 13.2% of book

ECL Provision

€9.7M

Coverage 15.1%

Exposure by Risk Tier (€M)

T1 Performing

€351.5M

T2 Early Warning

€56.2M

T3 Watchlist

€35.8M

T4 Distressed

€25.1M

T5 Default

€18.7M

LTV Concentration (CRE Only)

<40% LTV

€64.2M

40–55% LTV

€101.8M

55–65% LTV

€81.5M

65–75% LTV

€32.0M

>75% LTV

€14.5M

Avg LTV

61.4%

Max LTV

81.2%

IFRS 9 Stage Analysis

Stage 1 — 12M ECL€423.2M (86.8%)

Stage 2 — Lifetime ECL (SICR)€45.4M (9.3%)

Stage 3 — Credit-Impaired€18.7M (3.8%)

POCI Assets€0.0M

Total ECL€9.74M

S2 → S3 Migration (QoQ)€3.2M ↑

Weighted Avg PD (book)1.84%

Weighted Avg LGD28.3%

CRE Sector Breakdown

Office

€110.6M

Industrial/Logistics

€87.3M

Retail

€52.4M

Residential Dev

€34.9M

Mixed Use

€23.3M

Hotel/Leisure

€17.4M

Pending Actions

⊞

Covenant Test Due

Aldgate Tower Portfolio — 31 Mar

Overdue

⊠

UTP Assessment

Brennan Retail Group — Triggered

Due

◫

Financials Update

3 obligors — FY 2025 outstanding

3

⚡

Annual Review Due

Greenfield Logistics — 15 Apr

21d

Maturity Profile (12-Month View)

Q1'26

Q2'26

Q3'26

Q4'26

Maturing in <3 months€42.3M (3 facilities)

Maturing in 3–6 months€28.7M (2 facilities)

Repricing in <3 months€87.4M

Fixed Rate (% total)24.3%

Alerts & Actions

Real-time early warning system — 7 open items

All (7)

Critical (2)

Covenant (2)

Financial (2)

Market (1)

🔴

UTP Trigger — Brennan Retail Group

Covenant breach on ICR (0.84x vs 1.10x minimum) combined with 3 missed interest payments triggers mandatory UTP assessment under credit policy §4.2.

Triggered: 22 Mar 2026 — Exposure: €28.4M — T4 Distressed

🔴

LTV Covenant Breach — Aldgate Tower Portfolio

Latest CBRE valuation (Mar 2026) indicates LTV of 76.8% against contractual limit of 70.0%. Headroom fully consumed. Equity cure or margin step-up required.

Triggered: 20 Mar 2026 — Exposure: €42.3M — T3 Watchlist → T4

🟠

DSCR Headroom Tightening — Greenfield Logistics Park

H2 2025 financials show DSCR of 1.24x, approaching the 1.20x covenant minimum. Two major tenants (32% of rent roll) have break clauses in June 2026.

Flagged: 18 Mar 2026 — Exposure: €34.7M — T2 Early Warning

🟠

Financials Outstanding — FY 2025 Annual Accounts

3 obligors have not submitted FY2025 annual accounts. Deadline was 28 Feb 2026. Contractual reporting deadline breached for Solano Properties Ltd.

Last Reminder: 10 Mar 2026 — 3 obligors affected

🟡

Office Sector Vacancy Risk — Dublin 2 Portfolio

CBRE sector report shows Dublin 2 Grade B office vacancy at 22.4% (+4.2pp YoY). Borrower's asset at 89% occupancy but anchor tenant lease expires Oct 2026.

Flagged: 15 Mar 2026 — Sector trigger

🔵

Annual Review Due — Harrington Capital Group

Annual credit review due by 15 Apr 2026. Updated financials, property valuations, and covenant testing required. Connection risk tier T2 — 34 days to deadline.

Due: 15 Apr 2026 — Exposure: €56.8M

🔵

Facility Maturity — Shannon Industrial Estate (6m)

€18.2M term loan matures 28 Sep 2026. Early engagement on refinancing required. Current LTV 58.4%, DSCR 1.51x — well-positioned for renewal.

Maturity: 28 Sep 2026 — 187 days

Connections

18 connections under management — click to drill into obligors

Harrington Capital Group

CONN-0012 · 4 obligors · 8 facilities

T2 Early Warning IFRS9 S2 CRE

Total Exp: €56.8M

Aldgate Tower Portfolio

CONN-0007 · 1 obligor · 2 facilities

T4 Distressed IFRS9 S3 Office

Total Exp: €42.3M

Brennan Retail Group

CONN-0019 · 2 obligors · 4 facilities

T4 Distressed IFRS9 S3 Retail

Total Exp: €28.4M

Greenfield Logistics

CONN-0024 · 2 obligors · 3 facilities

T2 Early Warning IFRS9 S2 Industrial

Total Exp: €34.7M

Shannon Industrial Estate

CONN-0031 · 1 obligor · 2 facilities

T1 Performing IFRS9 S1 Industrial

Total Exp: €18.2M

Harrington Capital Group

CONN-0012 · Relationship Manager: Sarah Collins · Opened: Jan 2019

T2 Early Warning IFRS9 Stage 2

Total Exposure

€56.8M

Drawn

€51.2M

Undrawn

€5.6M

Credit Grade

BB+

Economic Dependence & Group Structure

Harrington Capital Group (HoldCo)

→

Harrington Office REIT Ltd

64% rev +

Harrington Dev Co

36% rev

Harrington Office REIT Ltd

→ cash up →

HoldCo debt service

HoldCo facility €8.2M

⚠ Economic dependence: HoldCo debt service depends on REIT dividend upstreaming. If REIT occupancy falls below 80%, dividend restriction triggers under REIT facility. Current occupancy: 87%.

Linked Obligors

Obligor	Role	Risk Tier	IFRS9	Exposure	PD%
Harrington Office REIT Ltd	Borrower	T2	S2	€38.4M	1.82%
Harrington Dev Co Ltd	Borrower	T2	S2	€10.2M	2.14%
Harrington Capital Group	Guarantor	T2	S2	€8.2M	1.95%

Obligor Profile

Harrington Office REIT Ltd — OBL-2247

Harrington Office REIT Ltd

OBL-2247 · CRN: 478231 · Connection: Harrington Capital Group

T2 Early Warning IFRS9 S2 BB+

Total Exposure

€38.4M

PD (12-Month)

1.82%

LGD

24.7%

ECL (12M)

€173k

IncorporationIreland, 2014

Legal StructureREIT (Designated)

SectorCommercial Real Estate — Office

No. of Properties4 (Dublin 2, 4 & Cork)

Current Occupancy87.2%

WAULT3.4 years

Aggregate MV (CBRE)€72.4M

Net Passing Rent€4.82M p.a.

Risk Snapshot

Risk TierT2 Early Warning

IFRS9 StageStage 2 — SICR

Credit GradeBB+

PD (12M)1.82%

PD (Lifetime)8.74%

LGD24.7%

EAD€38.4M

ECL (Lifetime)€829k

Last Rated14 Feb 2026

SICR TriggerPD +150bps vs orig.

Facilities & Exposure

Facility ID	Type	Limit	Drawn	Utilisation	Rate	Maturity	LTV	DSCR	Status
FAC-8821	CRE Term Loan	€22.0M	€22.0M	100%	E+1.85%	Jun 2027	63.2%	1.28x	Performing
FAC-8822	CRE Revolver	€10.0M	€7.4M	74%	E+2.10%	Jun 2027	—	—	Performing
FAC-9104	Business Credit Card	€250k	€187k	75%	18.9%	Rolling	—	—	Performing
FAC-9201	Working Capital	€750k	€620k	83%	E+2.40%	Annual	—	—	High Util.

Exposures & Facilities

Full portfolio view — all facility types

Obligor	Facility	Type	Limit	Drawn	Undrawn	Rate	Maturity	LTV	Collateral	Tier
Harrington Office REIT	FAC-8821	CRE Term	€22.0M	€22.0M	—	E+1.85%	Jun 2027	63.2%	First Charge	T2
Harrington Office REIT	FAC-8822	CRE Revolver	€10.0M	€7.4M	€2.6M	E+2.10%	Jun 2027	—	Second Charge	T2
Aldgate Tower SPV	FAC-7741	CRE Term	€38.5M	€38.5M	—	E+2.40%	Mar 2026	76.8%	First Charge	T4
Aldgate Tower SPV	FAC-7742	Cap-ex Facility	€3.8M	€3.8M	—	E+2.75%	Mar 2026	—	Second Charge	T4
Brennan Retail Ltd	FAC-9921	CRE Term	€20.0M	€20.0M	—	E+2.90%	Dec 2026	71.2%	First Charge	T4
Brennan Retail Ltd	FAC-9922	Working Capital	€5.0M	€4.8M	€0.2M	E+3.50%	Jun 2026	—	Debenture	T4
Brennan Retail Ltd	FAC-9923	Biz Credit Card	€500k	€498k	€2k	21.9%	Rolling	—	Unsecured	T4
Brennan Retail Ltd	FAC-9924	SBLC	€3.1M	—	€3.1M	1.25% p.a.	Dec 2026	—	Cash Deposit	T4
Greenfield Logistics	FAC-6612	CRE Term	€28.0M	€28.0M	—	E+1.95%	Sep 2028	54.8%	First Charge	T2
Greenfield Logistics	FAC-6613	Capex Facility	€8.0M	€4.2M	€3.8M	E+2.25%	Sep 2028	—	Second Charge	T2
Shannon Industrial	FAC-5501	CRE Term	€18.2M	€18.2M	—	E+1.45%	Sep 2026	58.4%	First Charge	T1

Collateral Register

Linked assets by facility — most recent valuations

Asset	Type	Location	Linked Facility	Charge	Last Val.	Valuer	MV (€)	Loan (€)	LTV	Next Val.
1–4 Burlington Road, D4	Office	Dublin 4	FAC-8821	First	Oct 2025	CBRE	€34.8M	€22.0M	63.2%	Oct 2026
Aldgate Tower, EC1	Office	London EC1	FAC-7741	First	Mar 2026	CBRE	€50.1M	€38.5M	76.8%	Sep 2026
Liffey Valley Retail Park	Retail	Dublin 22	FAC-9921	First	Jan 2026	Savills	€28.1M	€20.0M	71.2%	Jul 2026
Greenfield Logistics Park, Athlone	Industrial	Athlone, WM	FAC-6612	First	Dec 2025	Knight Frank	€51.1M	€28.0M	54.8%	Dec 2026
Shannon Industrial Estate, Unit 1–14	Industrial	Shannon, Clare	FAC-5501	First	Nov 2025	Lisney	€31.2M	€18.2M	58.4%	Nov 2026

Covenant Testing Calculator

Automated covenant testing with pre-populated financial data

⚠ Covenant Test Period: H2 2025 (31 Dec 2025) — Next Test: 31 Mar 2026
Pre-populated from latest uploaded financials. Edit actual values to recalculate. Results are indicative; formal test requires CFO sign-off.

Loan-to-Value (LTV)

Total Debt / CBRE Market Value

0%65% limit

≤ 65.0%

PASS

Headroom: 1.8pp · Valuation basis: CBRE Oct 2025 · MV: €34.8M · Loan: €22.0M

Debt Service Cover Ratio (DSCR)

Net Operating Income / Total Debt Service

0x1.20x min

≥ 1.20x

PASS

Headroom: 0.08x · NOI: €2.82M · Debt Service: €2.20M · Annualised

Interest Cover Ratio (ICR)

EBITDA / Net Interest Expense

0x1.50x min

≥ 1.50x

PASS

Headroom: 0.81x · EBITDA: €3.24M · Net Interest: €1.40M

Occupancy Rate

Rent Roll Occupancy (% of GLA)

0%80% min

≥ 80.0%

PASS

Covenant Stress Test — Sensitivity Analysis

LTV — Valuation Decline

-5% MV66.5% — BREACH

-10% MV70.2% — BREACH

-15% MV74.4% — BREACH

DSCR — Rate Rise

+100bps1.21x — Near Limit

+150bps1.17x — BREACH

+200bps1.12x — BREACH

DSCR — Vacancy Rise

-5% occupancy1.22x — Near Limit

-10% occupancy1.16x — BREACH

-15% occupancy1.09x — BREACH

Test Summary

✓

3 / 4 PASS

As of H2 2025 financials

Test Date25 Mar 2026

Financial PeriodH2 2025

Tested BySarah Collins

Next Test Due30 Jun 2026

Covenant History

H1 20254/4 Pass

H2 20244/4 Pass

H1 20244/4 Pass

H2 20233/4 — LTV Waiver

H1 20234/4 Pass

Unlikely to Pay (UTP) Assessment

EBA/GL/2016/07 compliant — structured UTP indicator scoring

⚠ UTP Assessment Triggered — Brennan Retail Group Ltd
Trigger: ICR breach (0.84x vs 1.10x min) + 3 missed interest payments (90+ DPD on FAC-9922). Assessment mandatory under credit policy §4.2. Complete all sections and save before escalation.

A. Financial Distress Indicators

A1. Covenant breach (any financial covenant)

ICR breach — 0.84x vs 1.10x

A2. Failure to meet scheduled debt service (principal or interest)

3 missed payments — 90+ DPD

A3. Distressed restructuring (margin concession, capitalised interest, extension)

No forbearance to date

A4. Borrower has sought insolvency protection or filed for examinership

A5. Going concern doubt raised in most recent audited financial statements

FY2025 audit — material uncertainty

B. Operational & Market Indicators

B1. Significant deterioration in revenue / NOI (>15% YoY decline)

Revenue -22% YoY

B2. Loss of major tenant / customer (>20% of revenue)

Anchor tenant (31% rev) vacated

B3. Significant adverse change in market conditions (sector-specific)

Retail sector vacancy +6.8pp

B4. Borrower drawing on emergency/unplanned credit lines

WC facility 96% utilised

B5. Adverse legal proceedings / regulatory action against borrower

C. Qualitative Assessment

Management Assessment & Outlook

Restructuring Viability

Recommended Action

UTP Score

8/10

UNLIKELY TO PAY

NPE Classification Required

Financial (A)3/5 positive

Operational (B)4/5 positive

Qualitative (C)Uncertain

DPD Status90+ DPD (3 pmts)

NPE Threshold≥5 positive indicators

Automatic NPE trigger: 90+ DPD AND going concern doubt AND covenant breach. Mandatory Stage 3 reclassification required.

Exposure at Risk

Total Exposure€28.4M

Secured€20.0M (FAC-9921)

Unsecured€8.4M

Collateral MV€28.1M

Net Shortfall€0.3M (secured)

Reqd. Provision~€4.1M (est.)

Financial Statements

Harrington Office REIT Ltd — FY 2025 / FY 2024 comparison

Income Statement (€'000)

Line Item	FY 2025	FY 2024	Δ %
Gross Rental Income	5,241	5,480	-4.4%
Service Charge Recoveries	312	298	+4.7%
Void Costs / Bad Debt	(187)	(112)	-67%
Net Rental Income	5,366	5,666	-5.3%
Operating Expenses	(2,124)	(2,008)	-5.8%
Management Fees	(412)	(398)	-3.5%
EBITDA	2,830	3,260	-13.2%
Depreciation / Amortisation	(48)	(45)	—
Net Finance Costs	(1,224)	(1,180)	-3.7%
Fair Value Gain / (Loss) — IP	(1,420)	580	N/M
Profit / (Loss) Before Tax	(862)	2,615	N/M
Taxation	—	(82)	—
Profit / (Loss) After Tax	(862)	2,533	N/M

Balance Sheet (€'000)

Line Item	FY 2025	FY 2024
ASSETS
Investment Property (at fair value)	72,380	73,800
Other Fixed Assets	142	158
Total Non-Current Assets	72,522	73,958
Trade Receivables	618	521
Cash & Equivalents	1,240	2,180
Total Current Assets	1,858	2,701
Total Assets	74,380	76,659
EQUITY & LIABILITIES
Share Capital & Premium	28,400	28,400
Retained Earnings / (Deficit)	(1,218)	3,214
Total Equity	27,182	31,614
Bank Debt (Term + Revolver)	43,540	41,220
Deferred Tax	218	218
Total Non-Current Liabilities	43,758	41,438
Trade Payables	820	714
Accrued Interest	620	480
Total Current Liabilities	1,440	1,607
Total Equity & Liabilities	74,380	76,659

Derived Credit Ratios

Gross LTV60.2%

Net LTV58.5%

DSCR1.28x

ICR2.31x

Gearing (D/E)1.60x

Net Debt/EBITDA14.9x

EBITDA Margin52.7%

Yield on Cost7.42%

Cash Position€1.24M ↓

Cash Burn~€78k/mo

Financial Document Log

Document	Period	Uploaded	Source	Status
FY 2025 Annual Accounts	Dec 2025	14 Mar 2026	Customer Upload	Verified
H2 2025 Management Accounts	Dec 2025	28 Feb 2026	Customer Upload	Verified
CBRE Valuation Report	Oct 2025	15 Nov 2025	Third Party	Verified
FY 2024 Audited Accounts	Dec 2024	12 Apr 2025	Customer Upload	Verified
FY 2025 Rent Roll	Mar 2026	—	Requested	Outstanding

Sector Intelligence

Commercial Real Estate — Ireland & UK — March 2026

🏢 Office Market

Elevated Risk

Dublin CBD Vacancy

16.2% ↑

Dublin 2 Grade B Vacancy

22.4% ↑

Prime Rent (per sq ft)

€62.50 →

Prime Yield

5.50% ↑

Q1'26 Take-up (sq ft)

180k ↓

Capital Value Trend

-8.2% YoY

⚠ Structural headwinds: hybrid working, occupier flight to quality. Grade B/secondary offices face sustained repricing pressure. ESG compliance increasingly required for letting success.

🏭 Industrial / Logistics

Low Risk

National Vacancy Rate

3.4% →

Prime Rent (per sq ft)

€9.50 ↑

Prime Yield

4.75% →

Q1'26 Demand (sq ft)

620k ↑

Capital Value Trend

+4.1% YoY

New Supply Pipeline

Moderate

✅ Structural tailwinds from e-commerce and near-shoring. Strong rental growth in Greater Dublin and Shannon corridor. Occupier demand robust; supply constrained by planning.

🛍 Retail Market

High Risk

Shopping Centre Vacancy

18.6% ↑

High Street Vacancy

14.2% ↑

Prime Yield

6.75% ↑

Consumer Spend (YoY)

+1.2% ↓

Capital Value Trend

-11.4% YoY

Insolvencies (Retail)

↑ 34% YoY

⛔ Structural decline continues. Discretionary retailers under severe pressure. Experiential and food/bev anchor tenants showing resilience. LTV limits should be tightened for secondary retail assets.

Macro & Credit Environment

ECB Deposit Rate2.50%

3M EURIBOR2.68%

10Y Irish Govt Bond3.12%

CRE Capital Value (Irl YoY)-3.2%

Investment Volumes Q1'26€480M ↓

Refinancing Gap (Est.)€2.1B (2026)

GDP Growth (Irl)+2.8% 2026F

Unemployment Rate4.3%

CPI (HICP)2.4%

CRE Loan Impairments↑ Sector trend

Bank CRE NPL Ratio5.8%

Sentiment IndexCautious

Maturities & Repricing

Facility maturity ladder and interest rate repricing schedule

Maturity Ladder by Quarter (€M)

42.3

Q1'26

28.7

Q2'26

11.4

Q3'26

19.2

Q4'26

31.5

H1'27

52.1

H2'27

Rate Structure — Current Portfolio

Floating (EURIBOR-linked)€369.6M (75.7%)

Fixed Rate€117.7M (24.1%)

Avg Margin (floating)E + 1.92%

Avg Margin (fixed)4.35% all-in

Nearest Repricing€87.4M — Apr 2026

NIM Impact (+100bps)+€3.7M annual income

DSCR Impact (+150bps)4 facilities at risk

Upcoming Maturities & Repricing Events

Facility	Obligor	Type	Balance	Rate	Event	Date	Days	Tier
FAC-7741	Aldgate Tower SPV	Term Loan	€38.5M	E+2.40%	Maturity	31 Mar 2026	6	T4
FAC-7742	Aldgate Tower SPV	Capex Facility	€3.8M	E+2.75%	Maturity	31 Mar 2026	6	T4
FAC-9922	Brennan Retail Ltd	Working Capital	€4.8M	E+3.50%	Maturity	30 Jun 2026	97	T4
FAC-5501	Shannon Industrial	Term Loan	€18.2M	E+1.45%	Maturity	28 Sep 2026	187	T1
FAC-8821	Harrington Office REIT	Term Loan	€22.0M	E+1.85%	Repricing	01 Apr 2026	7	T2

System Architecture

Entity relationships · microservices topology · authentication & data flow

Entity Relationship Diagram

Microservices Architecture

Login & Dashboard Sequence

Core Domain Model — Entity Relationship Diagram

Elbow connectors · Crow's-foot notation · Cardinality labeled on every relationship

Microservices Architecture — Meridian Credit Platform

Event-driven · API Gateway pattern · Domain-bounded services · Async messaging via Kafka

Service Inventory & Technology Stack

Service	Responsibility	Tech Stack	Database	Scaling	SLA
API Gateway	Routing, rate-limiting, SSL termination	Kong / AWS API GW	—	Horizontal	99.99%
Auth Service	OAuth2, JWT, MFA, RBAC, SSO	Node.js + Keycloak	PostgreSQL	Horizontal	99.99%
BFF / GraphQL	Dashboard aggregation, data stitching	Node.js / Apollo	Redis cache	Horizontal	99.95%
Connection Svc	Connections, obligors, economic dependence	Node.js / Express	PostgreSQL	Horizontal	99.9%
Exposure Svc	Facilities, collateral, payments, LTV	Java / Spring Boot	PostgreSQL	Horizontal	99.9%
Credit Risk Svc	PD/LGD/ECL, IFRS9 staging, ratings	Python / FastAPI	TimescaleDB	Compute-scaled	99.9%
Covenant Svc	Covenant calculation, UTP assessment	Python / FastAPI	PostgreSQL	Horizontal	99.9%
Alert & Workflow	EWS triggers, task management, notifications	Node.js / Temporal	Redis + PG	Horizontal	99.95%
Document Svc	PDF OCR, AI extraction, financial parsing	Python + Textract	PostgreSQL + S3	Queue-based	99.5%
Sector Intel Svc	Market data ingestion, CRE benchmarks	Python / Airflow	TimescaleDB	Scheduled	99.5%

Login & Dashboard Render — Sequence Diagram

Latency Budget — Dashboard Load (P95)

DNS + TLS handshake~40ms

API Gateway routing<5ms

JWT validation (cached)<2ms

BFF parallel service calls~180ms (P95)

GraphQL merge & shape<15ms

Network transfer (gzip)~30ms

React hydration~60ms

Total (P95 target)< 500ms

Security Controls in Flow

AuthenticationOAuth2 + PKCE

MFATOTP (Authenticator)

Session tokensJWT (15m) + Refresh (8h)

Token storagehttpOnly cookie (no XSS)

RBAC enforcementGateway + BFF layer

Data scopeRM sees own portfolio only

Audit trailAll actions → immutable log

TransportTLS 1.3 end-to-end

Feature Backlog

Epics · Features · User Stories — Meridian Credit Lifecycle Management Platform

Expand All · Collapse All

8 Epics

32 Features

124 User Stories

41 High Priority

~248 Story Points

Filter:

▶ 🔐 EP-01 · Authentication & Access Control

High Sprint 1–2 34 pts 3 Features · 14 Stories

▶ FT-1.1 · User Authentication & SSO

BEFESEC HighSprint 113 pts

US-001

As an RM, I want to log in with my corporate SSO credentials (OAuth2/OIDC) so that I don't manage separate passwords and access is centrally controlled.

Acceptance Criteria

Keycloak/Azure AD integration with OAuth2 PKCE flow

JWT access token (15 min) + httpOnly refresh cookie (8hr)

Silent token refresh runs in background before expiry

Failed login after 5 attempts triggers account lock + alert

BEAPISECHigh5 pts

US-002

As a security admin, I want all users to complete MFA (TOTP or hardware key) so that access to sensitive credit data is protected even if credentials are compromised.

Acceptance Criteria

TOTP enforced on first login; supports Google Authenticator & hardware keys

MFA bypass blocked for production environments

Recovery codes generated and stored securely

BEFESECHigh5 pts

US-003

As an RM, I want my session to auto-expire after 30 minutes of inactivity so that unattended workstations can't be exploited.

Acceptance Criteria

Inactivity timer visible in header; 2-minute warning shown

Session state saved; user returned to same view after re-auth

FEBEMed3 pts

▶ FT-1.2 · Role-Based Access Control (RBAC)

BEAPI HighSprint 18 pts

US-004

As a system admin, I want to assign users to roles (RM, Senior RM, Credit Analyst, CCO, Read-Only) so that data access is limited to what each role needs.

Acceptance Criteria

5 roles defined: RM, Senior RM, Credit Analyst, CCO, Auditor

Permissions enforced at API gateway AND service level

RM can only see connections assigned to them

CCO has read access across all connections; write access to approvals

Auditor has read-only access to all data including audit logs

BEAPIHigh5 pts

US-005

As any user, I want the UI to show or hide action buttons based on my permissions so that I don't see controls I can't use.

Acceptance Criteria

Permission context injected via JWT claims on login

Buttons/tabs hidden (not just disabled) for insufficient permissions

API returns 403 if permission bypassed via direct URL

FEBEHigh3 pts

▶ FT-1.3 · Audit Trail & Access Logging

BEDB HighSprint 28 pts

US-006

As a compliance officer, I want every create, update, and delete action recorded in an immutable audit log so that we can evidence regulatory compliance and investigate incidents.

Acceptance Criteria

Audit log stores: user_id, action, entity_type, entity_id, old_value, new_value, timestamp, IP

Immutable append-only store (no UPDATE/DELETE on audit table)

Audit events published to Kafka topic for SIEM ingestion

Retained for 7 years per regulatory requirement

BEDBHigh5 pts

US-007

As a CCO, I want to view a searchable audit timeline for any obligor so that I can reconstruct the history of credit decisions.

Acceptance Criteria

Audit timeline visible in obligor profile view

Filterable by action type, user, and date range

Before/after diff rendered for changed fields

FEBEMed3 pts

▶ ◈ EP-02 · Connection & Obligor Management

High Sprint 2–4 42 pts 4 Features · 18 Stories

▶ FT-2.1 · Connection & Group Structure

FEBEDB HighSprint 213 pts

US-008

As an RM, I want to create a Connection grouping multiple obligors (borrowers and guarantors) under a single relationship so that total group exposure and risk is visible in one place.

Acceptance Criteria

Connection entity stores: name, RM, total exposure, risk tier, IFRS9 stage, sector, opened date

CONN_OBLIGOR junction table supports multiple roles (borrower, guarantor, co-borrower)

Total exposure calculated as sum of all linked obligor drawn balances

Risk tier = max tier of any linked obligor (worst-of rule)

BEDBHigh5 pts

US-009

As an RM, I want to visualise the economic dependence chain between entities in a group so that I can identify cross-entity cash flow risk and upstream dividend dependency.

Acceptance Criteria

Visual dependency chain rendered showing parent → child → revenue % flow

Warning displayed if HoldCo debt service depends on subsidiary dividend

ECON_DEPENDENCE table stores parent_id, child_id, dep_type, revenue_pct

FEBEHigh5 pts

US-010

As an RM, I want to see a list of all connections I manage with key risk metrics at a glance so that I can prioritise my workload.

Acceptance Criteria

List shows: name, tier badge, IFRS9 stage, total exposure, no. facilities, last reviewed date

Connections sortable and filterable by tier, stage, sector

Selecting a connection loads the linked obligors in a detail panel

FEBEHigh3 pts

▶ FT-2.2 · Obligor Profile & Risk Metrics

FEBEDB HighSprint 313 pts

US-011

As an RM, I want a comprehensive obligor profile page showing legal details, risk metrics, financial metrics, and property data so that I have a single source of truth for credit monitoring decisions.

Acceptance Criteria

Profile displays: legal name, CRN/LEI, sector, incorporation date, structure

Risk panel: tier, IFRS9 stage, credit grade, PD (12M & lifetime), LGD, ECL, EAD

Property panel: occupancy, WAULT, market value, net passing rent (where applicable)

Quick-action buttons: covenant test, UTP assess, request financials

FEBEHigh8 pts

US-012

As a Credit Analyst, I want PD, LGD and ECL to be calculated automatically using the bank's credit risk model and updated on financial upload so that risk metrics are always current and manually consistent.

Acceptance Criteria

Credit Risk Service exposes /risk/calculate endpoint accepting financial data

Returns PD_12M, PD_lifetime, LGD, ECL_12M, ECL_lifetime

Recalculation triggered automatically on financial statement upload

Manual override available with mandatory justification field

Version history of risk metric changes stored in TimescaleDB

BEDBINTHigh5 pts

▶ FT-2.3 · Risk Tier & IFRS9 Stage Management

BEDBFE HighSprint 310 pts

US-013

As a Credit Analyst, I want the system to automatically assign IFRS9 stage based on defined SICR triggers and default indicators so that staging is consistent, auditable, and compliant with IFRS 9.

Acceptance Criteria

Stage 1 → 2 triggers: PD increase >100bps vs origination; 30+ DPD; watchlist flag; covenant breach

Stage 2 → 3 triggers: 90+ DPD; credit-impaired indicator; going concern doubt; UTP classification

Stage changes generate audit event and EWS alert

Override requires RM + Senior RM dual approval with documented rationale

BEDBHigh5 pts

US-014

As an RM, I want to manually update the risk tier for an obligor with a reason code so that qualitative judgement can be applied beyond model outputs.

Acceptance Criteria

Tier change dropdown + mandatory reason text field

Downgrade by more than 1 tier requires CCO approval workflow

Tier history visible in obligor audit timeline

FEBEMed5 pts

▶ FT-2.4 · Sector Intelligence Integration

BEINTFE MedSprint 58 pts

US-015

As an RM, I want to see live sector metrics (vacancy, yield, capital value trend) for the borrower's CRE sub-sector so that my credit assessment is informed by current market conditions.

Acceptance Criteria

Sector Intel Service ingests MSCI/CBRE data feed via scheduled Airflow job (daily)

Sector panel displayed on obligor profile linked via sector_code FK

Sector-level EWS triggers fire when vacancy > threshold (configurable per sector)

Historical chart shows 12-quarter trend for key sector metrics

BEINTDBMed5 pts

US-016

As an RM, I want a dedicated Sector Intelligence view with Office, Industrial, Retail and other sub-sector dashboards so that I can understand the macro backdrop for my entire portfolio.

Acceptance Criteria

Per-sector cards showing: vacancy rate, prime yield, capital value trend, sentiment

RAG status (Green/Amber/Red) calculated vs configurable thresholds

Macro overlay: ECB rate, GDP, CPI, NPL sector stats

FEMed3 pts

▶ ◧ EP-03 · Exposure & Facility Management

High Sprint 3–5 34 pts 3 Features · 14 Stories

▶ FT-3.1 · Facility Registry & Core Banking Integration

BEDBINT HighSprint 313 pts

US-017

As a Credit Analyst, I want facility data (limit, drawn, rate, maturity) to synchronise automatically from the core banking system so that exposure figures are always accurate without manual data entry.

Acceptance Criteria

Bidirectional API adapter to Temenos/Finastra core banking

Nightly batch sync + intraday delta sync for drawn balance changes >1%

Sync failures logged with alert to system admin; stale data badge shown in UI (>24hr)

Manual override possible with audit record flagging the discrepancy

BEDBINTHigh8 pts

US-018

As an RM, I want to see all facility types for an obligor (CRE loan, revolver, WC, credit card, SBLC) in one table with utilisation bars so that I have a complete picture of all credit products extended to the customer.

Acceptance Criteria

All facility types listed: term loan, revolver, capex, working capital, credit card, SBLC

Utilisation bar shown for each facility (drawn/limit)

LTV and DSCR columns shown where applicable (CRE facilities only)

>90% utilisation on working capital / credit card flags amber EWS

FEBEHigh5 pts

▶ FT-3.2 · Collateral Register & Valuation Tracking

FEBEDB HighSprint 413 pts

US-019

As a Credit Analyst, I want a collateral register linking each property asset to its securing facility with charge rank, latest valuation, and next valuation date so that LTV calculations are always based on current property values.

Acceptance Criteria

FAC_COLLATERAL junction table with: charge_rank, valuation_date, market_value, valuer, next_val_date

LTV = sum(linked facility drawn) / market_value; recalculates on new valuation upload

Alert fires 60 days before next_val_date

Alert fires if LTV breaches facility covenant threshold on valuation update

BEDBHigh8 pts

US-020

As a Credit Analyst, I want to receive valuation data via API feed from CBRE and Savills so that valuations are automatically ingested rather than manually entered.

Acceptance Criteria

Valuation API adapter for CBRE and Savills data formats

Incoming valuation matched to collateral_id via property address hash or manual mapping

Valuation flagged for RM review before applying to LTV calculation

Significant decline (>10% MoM) triggers mandatory RM review alert

BEINTMed5 pts

▶ FT-3.3 · Maturity & Repricing Dashboard

FEBE MedSprint 58 pts

US-021

As an RM, I want a maturity ladder showing all facilities expiring in the next 24 months grouped by quarter so that I can plan renewal conversations and avoid maturity surprises.

Acceptance Criteria

Bar chart grouped by quarter with total €M per bucket

Colour-coded by risk tier (red = T4/T5 maturities, amber = T3, green = T1/T2)

Alert auto-created 90 days before maturity for all facilities

Repricing date tracked separately from maturity; alert at 30 days

FEBEMed5 pts

▶ ◫ EP-04 · Financial Statements & Document Management

High Sprint 4–6 42 pts 4 Features · 18 Stories

▶ FT-4.1 · PDF Upload & AI-Powered Financial Extraction

BEINTFE HighSprint 413 pts

US-022

As an RM, I want to upload a PDF of annual accounts and have key financial line items automatically extracted and pre-populated into the balance sheet and P&L templates so that I save hours of manual data entry and reduce transcription errors.

Acceptance Criteria

AWS Textract + GPT-4 pipeline extracts P&L and balance sheet line items from uploaded PDF

Extracted values pre-populated in editable form; originals retained in S3 with version

Confidence score shown per extracted line; low confidence (<80%) highlighted for review

RM must confirm extracted values before they persist to database

Supports: audited accounts, management accounts, rent rolls, bank statements

Max file size 25MB; supported formats: PDF, XLSX, DOCX

BEINTFEHigh8 pts

US-023

As a Credit Analyst, I want financial statements stored with full version history so I can compare FY25 vs FY24 vs FY23 so that trend analysis and YoY variance commentary is always available.

Acceptance Criteria

Each statement version: period, type, upload date, source, uploaded_by, confirmed_by

Derived ratios auto-calculated: DSCR, LTV, ICR, NIM, gearing, CoR on save

Ratio history stored in TimescaleDB for trend charting

BEDBHigh5 pts

▶ FT-4.2 · Customer Financial Information Requests

FEBEINT MedSprint 510 pts

US-024

As an RM, I want to send a structured document request to the customer via the secure portal or email with a deadline and document checklist so that document collection is tracked and evidenced for covenant compliance purposes.

Acceptance Criteria

RM selects document types (accounts, rent roll, bank statements etc.) and deadline

Request sent via SendGrid email and logged in document tracker

Customer uploads via authenticated secure portal link (JWT-signed, time-limited)

Overdue requests (past deadline) auto-escalate to Senior RM

Request and response logged in audit trail with timestamps

FEBEINTMed8 pts

US-025

As a Credit Analyst, I want a reporting covenant breach alert when a customer fails to submit financials within the contractually agreed timeframe so that reporting covenant breaches are formally identified and actioned.

Acceptance Criteria

Reporting deadline stored per facility (e.g. 120 days from FY end)

Alert fires at D-30, D-14, D+1 (breach) automatically

Breach status displayed on obligor profile and covenant test

BEFEMed3 pts

▶ FT-4.3 · Financial Ratio Calculators & Trend Analysis

FEBEDB HighSprint 410 pts

US-026

As an RM, I want derived credit ratios (DSCR, ICR, LTV, gearing, cash burn) calculated automatically from uploaded financials so that ratio calculation is standardised and not subject to formula errors.

Acceptance Criteria

DSCR = NOI / Total Debt Service; ICR = EBITDA / Net Interest; LTV = Debt / MV

Gearing = Net Debt / EBITDA; Cash Burn = (Opening Cash - Closing Cash) / months

Ratios displayed alongside covenant limits with RAG status

Multi-period table shows FY25 / FY24 / FY23 / FY22 side-by-side

Chart shows 8-quarter trend for key ratios

FEBEHigh8 pts

▶ FT-4.4 · Document Storage & Version Control

BEDBSEC MedSprint 68 pts

US-027

As a Credit Analyst, I want all uploaded documents stored securely in S3 with versioning, encryption at rest, and audit trail so that documents are retrievable for regulatory audit and accidental overwrite is prevented.

Acceptance Criteria

S3 bucket: AES-256 encryption, versioning enabled, MFA delete protection

Pre-signed download URLs (15 min expiry); no public access

Document log stores: filename, s3_key, version, uploaded_by, confirmed_by, document_type

Deleted documents moved to Glacier after 90 days; retained 7 years

BEDBSECMed5 pts

▶ ⊞ EP-05 · Covenant Testing & UTP Assessment

High Sprint 5–7 38 pts 3 Features · 16 Stories

▶ FT-5.1 · Automated Covenant Calculator & Stress Testing

FEBEDB HighSprint 513 pts

US-028

As an RM, I want a covenant calculator that pre-populates from the latest financials and computes LTV, DSCR, ICR and occupancy against contractual limits so that covenant testing is automated, consistent, and the results can be logged and reported.

Acceptance Criteria

Covenant types supported: LTV, DSCR, ICR, Occupancy, Gearing, Debt/EBITDA, interest cover

Calculator pre-populates from latest uploaded financials; actuals editable

Pass / Near (within 10%) / Breach status shown per covenant with RAG colour

Headroom shown in bps/pp and as percentage of limit

Results saveable to COVENANT table with test_date, tested_by, financial_period

FEBEHigh8 pts

US-029

As a Credit Analyst, I want sensitivity / stress testing on covenants showing the impact of valuation declines, rate rises, and occupancy falls so that I can identify where covenants will breach under plausible stress scenarios.

Acceptance Criteria

Stress table shows result at -5%, -10%, -15% MV decline (LTV covenants)

Stress table shows result at +100bps, +150bps, +200bps rate rise (DSCR/ICR)

Stress table shows result at -5%, -10%, -15% occupancy fall

Breach scenarios highlighted red; near-breach amber

FEBEHigh5 pts

▶ FT-5.2 · UTP Assessment Workflow (EBA Compliant)

FEBEDB HighSprint 613 pts

US-030

As an RM, I want a structured UTP assessment form aligned to EBA/GL/2016/07 indicators with automatic scoring and NPE classification recommendation so that UTP decisions are consistently applied and fully documented for regulatory review.

Acceptance Criteria

10 UTP indicator categories: covenant breach, DPD, going concern, distressed restructuring, revenue decline, tenant loss, market stress, emergency drawdown, adverse legal, operational failure

Score ≥ 5 positive indicators → mandatory NPE classification recommendation

90+ DPD + covenant breach + going concern = automatic NPE trigger (policy §4.2)

Assessment outcome logged with stage change recommendation

CCO sign-off required before NPE classification applied

FEBEDBHigh8 pts

US-031

As a Credit Analyst, I want a UTP trigger to automatically escalate to a mandatory assessment when defined conditions are met so that assessments are never missed due to oversight.

Acceptance Criteria

EWS rule engine evaluates UTP triggers on nightly batch and on payment/covenant events

Critical alert created and assigned to RM when trigger fired

Escalation to Senior RM if not actioned within 5 business days

Trigger condition and date recorded in obligor audit trail

BEAPIHigh5 pts

▶ FT-5.3 · Approval Workflows & Credit Committee Escalation

FEBEINT HighSprint 713 pts

US-032

As an RM, I want to escalate a UTP assessment or covenant waiver request to the Credit Committee with a single click, attaching the pre-populated assessment report so that escalations are fast, complete, and paper-trail documented.

Acceptance Criteria

Escalation creates approval task in Temporal workflow engine

Email notification sent to CCO and Credit Committee inbox via Teams/SendGrid

PDF report auto-generated: obligor summary, financials, covenant test, UTP indicators

Approval/rejection captured with comments; feeds back to obligor record

Audit trail records each approver, timestamp, decision

FEBEINTHigh8 pts

▶ ⚡ EP-06 · Early Warning System & Alerts

High Sprint 6–8 26 pts 3 Features · 12 Stories

▶ FT-6.1 · Rule-Based EWS Engine

BEDBAPI HighSprint 613 pts

US-033

As a Credit Analyst, I want configurable EWS rules that fire alerts based on data thresholds (LTV, DSCR, DPD, PD drift, sector metrics) so that risk deterioration is identified systematically without relying on RM discretion.

Acceptance Criteria

Rule engine supports: threshold, percentage change, absolute change, calendar date, and combined conditions

Rules evaluated nightly via Kafka consumer and on-event (covenant breach, payment miss, valuation update)

Alert severity configurable: Critical, High, Warning, Info

CCO can create/modify rules via admin UI; changes versioned and audited

Default rules pre-seeded: >90 DPD, LTV > limit, DSCR < limit, maturity < 90d, PD +150bps

BEDBHigh8 pts

US-034

As an RM, I want to receive real-time alert notifications via the app, email and Microsoft Teams so that I'm immediately aware of critical events even when not actively using the platform.

Acceptance Criteria

WebSocket push to browser/app on alert creation

Email notification via SendGrid within 5 minutes of alert creation

MS Teams webhook for Critical severity alerts

Notification preferences configurable per user (channel, severity threshold)

BEINTHigh5 pts

▶ FT-6.2 · Action Management & Task Tracking

FEBE MedSprint 78 pts

US-035

As an RM, I want to create, assign, and track credit actions (reviews, tests, calls, requests) with due dates and priority so that no credit management tasks fall through the cracks.

Acceptance Criteria

Action types: annual review, covenant test, UTP assessment, customer call, valuation instruction, restructuring discussion, waiver/consent

Actions linked to obligor; visible on dashboard pending panel

Overdue actions escalated to manager; visible in CCO dashboard count

Action log exportable to PDF for credit file documentation

FEBEMed5 pts

▶ FT-6.3 · Annual Credit Review Workflow

FEBE MedSprint 88 pts

US-036

As an RM, I want a guided annual credit review workflow that prompts for updated financials, re-rating, covenant test, UTP check, and sector assessment so that every annual review is comprehensive and consistently documented.

Acceptance Criteria

Review wizard: 6 steps — financials, risk rating, covenants, UTP check, sector, recommendation

Progress tracked; incomplete reviews visible to CCO in management dashboard

Completed review generates PDF credit memorandum for file

Review scheduled automatically 60 days before anniversary of last review

FEBEMed8 pts

▶ ▦ EP-07 · Portfolio Dashboard & Reporting

Med Sprint 7–9 28 pts 3 Features · 14 Stories

▶ FT-7.1 · RM Portfolio Dashboard

FEBE MedSprint 710 pts

US-037

As an RM, I want a dashboard showing my total exposure, IFRS9 stage distribution, sector mix, LTV distribution, maturity profile, and pending actions so that I have an immediate overview of my portfolio's health each morning.

Acceptance Criteria

Dashboard loads in <2 seconds via BFF GraphQL query fan-out

All KPI cards update in real-time via WebSocket on alert/covenant event

Exposure and stage charts interactive — click to filter case list

Pending actions count with links to each action type

FEBEMed8 pts

▶ FT-7.2 · CCO Portfolio Aggregation & Drill-Down

FEBEDB MedSprint 813 pts

US-038

As a CCO, I want an aggregate portfolio dashboard across all RMs showing total exposure by tier, sector, IFRS9 stage, LTV band, and maturity bucket with drill-down to individual cases so that I have a complete view of portfolio risk without reviewing each RM's book individually.

Acceptance Criteria

Portfolio aggregates computed from all connections (not just assigned RM)

All charts clickable — filter drill-down panel to matching cases

Migration matrix shows QoQ tier movements in €M

Top 15 exposures table with click-through to obligor profile

Filter by RM, sector, geography, tier, stage

FEBEDBMed8 pts

▶ FT-7.3 · Regulatory & Management Reporting

BEFEINT LowSprint 98 pts

US-039

As a CCO, I want to export portfolio reports (NPE register, covenant test results, IFRS9 staging, maturity profile) to PDF and XLSX so that monthly credit committee packs and regulatory submissions can be prepared directly from the platform.

Acceptance Criteria

PDF export: pre-formatted credit committee template with logo, date, data tables

XLSX export: raw data with one sheet per report type

As-of date selectable for point-in-time snapshots

Report generation async; ready notification via WebSocket when complete

BEFEINTLow5 pts

▶ ⬡ EP-08 · Infrastructure, Platform & Non-Functional Requirements

High Sprint 1–12 32 pts 4 Features · 18 Stories

▶ FT-8.1 · Microservices Architecture & API Design

BEAPIDB HighSprint 113 pts

US-040

As the engineering team, I want all services to expose versioned REST/GraphQL APIs with OpenAPI specifications so that inter-service contracts are explicit, testable, and client-team independent.

Acceptance Criteria

All REST endpoints: /api/v1/... with versioned path; OpenAPI 3.1 spec generated from code annotations

BFF exposes GraphQL schema with type safety (codegen to TypeScript client)

API changes require version bump; breaking changes deprecated for 1 release cycle minimum

All endpoints require valid JWT; public endpoints explicitly whitelisted

BEAPIHigh5 pts

US-041

As the engineering team, I want each microservice to have its own isolated database schema so that services are independently deployable and a database change in one service doesn't break another.

Acceptance Criteria

Each service owns its PostgreSQL schema; cross-service reads via API calls only (no shared DB)

TimescaleDB for time-series data (PD/ECL history, sector metrics, ratio trends)

Redis cluster for session store and dashboard cache (TTL 60s)

Database migrations managed with Flyway; zero-downtime migration strategy documented

BEDBHigh5 pts

US-042

As the engineering team, I want Kafka event bus to decouple service-to-service communication for async workflows so that services are resilient to downstream failures and can process events independently.

Acceptance Criteria

Core topics: credit.events, alerts.triggered, covenants.tested, financials.uploaded, ratings.changed, payments.received

Consumer groups per service; at-least-once delivery with idempotent consumer pattern

Dead letter queue for failed events; Slack alert on DLQ depth > 10

Schema Registry (Confluent) for Avro schema versioning

BEAPIHigh5 pts

▶ FT-8.2 · Security, Encryption & Data Protection

BESEC HighSprint 1–28 pts

US-043

As the CISO, I want all data encrypted in transit (TLS 1.3) and at rest (AES-256) with secrets managed via HashiCorp Vault so that the platform meets GDPR, DORA, and CBI data protection requirements.

Acceptance Criteria

TLS 1.3 minimum on all service-to-service and client-to-gateway communications

AES-256 encryption at rest for all database instances and S3 buckets

No secrets in environment variables or code; all via Vault dynamic secrets

PII fields (customer name, CRN) tokenised in database; detokenised at API layer for authorised roles only

Annual penetration test; OWASP Top 10 addressed before production deployment

BESECDBHigh8 pts

▶ FT-8.3 · Performance & Observability

BEAPI MedSprint 48 pts

US-044

As the SRE team, I want distributed tracing, structured logging and metrics across all services so that performance bottlenecks and errors are diagnosable in production.

Acceptance Criteria

OpenTelemetry traces across all services; Jaeger for trace visualisation

Structured JSON logs with trace_id correlation; shipped to CloudWatch/ELK

SLOs: API p95 < 400ms; dashboard load < 2s; alert delivery < 5min

Prometheus + Grafana for service metrics; PagerDuty for on-call alerting

BEAPIMed5 pts

▶ FT-8.4 · iPad / Mobile Responsive Layout

FE MedSprint 85 pts

US-045

As an RM, I want the full platform to be usable on an iPad (Safari) with all key views accessible via a responsive layout so that I can review credit files in customer meetings or away from my desk.

Acceptance Criteria

All views render correctly at 768px, 1024px (iPad) and 1280px+ (desktop)

Tables scroll horizontally on small viewports; no horizontal overflow on container

Touch targets minimum 44×44px per Apple HIG

Tested on Safari (iOS 17), Chrome (iPad), and desktop Chrome/Firefox/Edge

Offline indicator banner shown if connectivity lost; no silent failures

FEMed5 pts