Page 1 of 1

Digital Custodian Due Diligence Questionnaire

1. Company Overview

1.1 Please provide a summary of your organisation and your role as a digital custodian.

1.2 What is your ownership structure? Are you independently owned or part of a group?

1.3 What regulatory permissions do you hold (e.g. FCA)? Please include licence details

1.4 What are your current Assets Under Administration (AUA) and account numbers?

1.5 Are you subject to regular external audits? If so, by whom and how frequently?

1.6 Have there been any significant organisational changes or events in the past 12 months?

2. Financial Stability

2.1 Please provide your most recent audited or management accounts.

2.2 Are you currently profitable? Include EBITDA or net profit if available.

2.3 What is your capital adequacy position relative to your regulatory requirement?

2.4 Have you raised external funding recently? If so, please share details and valuation.

3. Corporate Governance

3.1 Please provide a list of directors and senior management, including roles and experience.

3.2 Please provide your authorised signatory list.

3.3 What governance structures do you have in place (e.g. board committees, risk oversight)?

3.4 Do you operate any independent oversight functions (e.g. non-executive directors, risk committees)?

4. Staffing and Leadership

4.1 How many employees do you have in total? Please separate by UK and overseas.

4.2 What is your staff turnover rate?

4.3 Who are the key contacts for operations, technology, and relationship management?

4.4 How is succession planning handled for senior roles?

5. Development Roadmap

5.1 What product or platform enhancements are planned over the next 12–24 months?

5.2 How do you prioritise feature development? Do customers have input?

5.3 Do you provide a product roadmap or public changelog?

6. Product Availability Roadmap

We are acutely aware that Seccl does not currently support several of the products requested by IQ. Please detail your current position, roadmap, or plans for the following product and service features. If not currently supported, indicate if/when you plan to offer them and what dependencies or blockers exist.

For each product or service not currently supported, please describe:

1. Whether support is planned or under review

2. Target delivery timeline or current status 3. Dependencies or blockers

4. Any regulatory, operational, or technical constraints

6.1 Venture Capital Trusts (VCTs) Can you support custody, reporting, and trading of VCTs?

6.2 Gilts Are UK government securities (gilts) available for custody or execution?

6.3 Multi-currency capability Do you support custody and transactions in multiple currencies (e.g. USD, EUR)?
Will you offer multi-currency client accounts and foreign exchange facilities?

6.4 Fixed Term Deposits Can you facilitate access to fixed-term cash products or structured deposits?

6.5 Faster Withdrawals What is your current SLA for client withdrawals?
Are there plans to support same-day payments, Faster Payments, or instant withdrawals?

6.6 Servicing Non-UK Residents Are there jurisdictions or client profiles that are excluded from onboarding?
What is your policy for expatriates or international investors?

6.7 Onshore Investment Bonds Can you hold and report on UK onshore bonds provided by life companies?

6.8 Offshore Investment Bonds Can you hold or provide valuations for offshore bonds?
Do you support integration with third-party bond providers? What is your current status and integration plan for less technically enabled providers (e.g. Utmost)? Are you able to manually support valuation feeds or documentation workflows?

6.9 Lifetime ISAs (LISAs) Do you support Lifetime ISAs, including government bonus claims and eligibility checks?
If not, are there plans to offer LISAs in the future?
Will you support all withdrawal types (e.g. first home, age 60, early access with penalty)?

6.10 Tax Packs Do you provide or plan to offer tax packs for clients at year-end, including detailed reporting for Capital Gains Tax and other tax liabilities? Do you offer different tax reporting periods for clients in different jurisdictions?
If not currently available, when can this be expected?

7. API & Technology Architecture

7.1 Please describe your API architecture (e.g. REST, GraphQL). Include a link to your documentation if available.

7.2 What services are exposed via the API (e.g. trading, reconciliation, account management)?

7.3 Do you provide sandbox or test environments?

7.4 What is your average and guaranteed API uptime?

7.5 What is your standard SLA for API latency and error resolution?

7.6 How do you manage versioning and notify users of changes?

7.7 What monitoring or logging tools are available for API clients?

7.8 Are webhooks or event-driven integrations supported?

8. Custody & Asset Protection

8.1 Are client assets held in segregated accounts and fully off your balance sheet?

8.2 Do you act as a direct custodian, or do you use sub-custodians or third-party institutions? If so, who are they?

8.3 Are nominee structures used for asset registration? Please describe.

8.4 How do you comply with the FCA CASS rules?

8.5 What protections are in place in the event of insolvency or operational failure?

8.6 Is insurance in place to protect client assets? If so, what is the coverage scope and limit?

8.7 Are you able to facilitate trading in international securities (e.g. US equities, ETFs listed on overseas exchanges)?

8.8 In what markets do you currently support execution and settlement?

8.9 How is foreign exchange (FX) handled? Is FX conversion performed automatically or manually? What FX rates and spreads apply to currency conversions? Are client instructions required, or is it embedded in trade execution?

8.10 How are foreign dividends and corporate actions handled (e.g. currency, tax treatment, timelines)?

8.11 Can you support multi-currency settlement within UK tax wrappers (e.g. GIA or SIPP in GBP, holding USD stocks)?

8.12 Do you offer any tax reporting or relief at source on overseas holdings (e.g. US 30% withholding tax via W-8BEN)?

8.13 Are there any limitations or restrictions on buying/selling foreign securities (e.g. asset types, jurisdictions, currency exposure)?

8.14 Is insurance in place for international holdings?

9. Account Onboarding & Administration

9.1 What account types do you support (e.g. GIA, ISA, SIPP, JISA)?

9.2 What is your onboarding process for new clients and firms?

9.3 Do you support electronic ID and AML verification?

9.4 Can bulk or automated onboarding be performed via your API?

10. Operations & Support

10.1 What support structure do you provide for partner firms? Is a dedicated relationship manager assigned?

10.2 What are your standard response and resolution times for operational issues?

10.3 How are outages or degradation of service communicated?

10.4 What are your hours of service availability for operational support and incident escalation?

11. Custody System Functionality

Please describe the functionality your system provides in relation to custody, dealing, reporting, and operational integration. Where applicable, indicate whether each function is available via UI, API, or both.

11.1 Core Custody & Dealing Capabilities

11.1.1 What asset types do you currently support for custody (e.g. listed equities, funds, ETFs, bonds)?

11.1.2 Do you support fractional dealing, full units only, or both?

11.1.3 Can clients (or intermediaries) hold and trade assets within tax wrappers (e.g. ISA, SIPP)?

11.1.4 How is settlement handled (e.g. CREST, Euroclear, external brokers)? Are trades settled in-house or via external parties?

11.1.5 What is your standard trade settlement cycle (e.g. T+2)? Are there exceptions by asset type?

11.2 Model Portfolios & Rebalancing

11.2.1 Do you support model portfolio management or bulk rebalancing across accounts?

11.2.2 Are these available via API or portal?

11.2.3 Can you accommodate portfolio drift tracking or tolerance bands?

11.2.4 Is trade netting or bulk execution supported across accounts?

11.3 Fees & Charges

11.3.1 How are custody fees, adviser fees, platform fees, and third-party fees handled operationally?

11.3.2 Are fee collections automated (e.g. swept from cash holdings)?

11.3.3 Can percentage-based and fixed fees be supported?

11.3.4 Is fee configuration available via API or through your interface?

11.4 Tax & Wrapper Functionality

11.4.1 Do you perform internal tax wrapper management (e.g. ISA subscription limits, SIPP tax relief tracking)?

11.4.2 Can CGT calculations or tax reporting be generated for assets held on your system?

11.4.3 Are income distributions (e.g. dividends, interest) automatically recorded, and how are they taxed?

11.4.4 Do you support client-level tax lots and identification (e.g. share matching, S104 pool)?

11.5 Cash Management & Distributions

11.5.1 How is client cash held, protected, and reconciled?

11.5.2 Do you offer a client money account structure or virtual client ledgering?

11.5.3 Are income payments (dividends, coupons) credited to client accounts automatically?

11.5.4 How are corporate actions handled, and are elections supported?

11.6 Digital Access & Interfaces

11.6.1 Do you provide a secure portal for intermediaries or third parties to access account and transaction data?

11.6.2 Is functionality mirrored via API for integration with third-party or proprietary platforms?

11.6.3 Are customisable data feeds (e.g. for valuations, positions, transactions) available?

12. Service Providers & Outsourcing

12.1 Which third-party service providers or partners do you work with (e.g. banks, custodians, IT vendors)?

12.2 What functions are outsourced and how are these relationships governed?

12.3 How do you perform due diligence on outsourced providers? How often do you carry out these checks?

13. Security & Data Protection

13.1 Are you certified to any security standards (e.g. ISO 27001, SOC 2)?

13.2 How is data protected in transit and at rest?

13.3 What authentication methods are required for access to APIs and dashboards?

13.4 How is internal access controlled and monitored?

13.5 Do you conduct regular penetration testing? Can results be shared?

13.6 Please share your most recent results if you are able.

14. Risk Management

14.1 Please describe your risk management framework.

14.2 Who is responsible for risk and internal audit functions?

14.3 Are you covered by Professional Indemnity Insurance? What is the level of cover?

14.4 Please share your PII schedule or certificate.

15. Business Continuity & Disaster Recovery

15.1 Please share your Business Continuity (BCP) and Disaster Recovery (DRP) plans.

15.2 Where are your primary and secondary data centres located? If using a cloud provider, please indicate your primary region.

15.3 How often are your DRP and BCP plans tested, and what were the outcomes of recent tests?

15.4 Can all staff operate remotely in the event of disruption?

16. Regulatory Compliance

16.1 Have you been subject to any regulatory actions or breaches? Please provide context and outcomes

16.2 How do you monitor ongoing regulatory compliance (e.g. CASS, SMCR, AML)?

16.3 Who is your nominated Compliance Officer?

16.4 Do you maintain a compliance monitoring programme?

17. Anti-Money Laundering (AML)

17.1 Please provide your AML and Know Your Customer (KYC) policies.

17.2 Who acts as your Money Laundering Reporting Officer (MLRO)?

17.3 Do you conduct transaction monitoring and enhanced due diligence in any cases? Please provide details.

18. Conflicts of Interest

18.1 Do you have a Conflicts of Interest Policy?

Yes

18.2 Have any conflicts been identified that may be relevant to our relationship?

18.3 How are conflicts identified, mitigated, and disclosed?

19. Product Governance (PROD)

19.1 Who is your custody service designed for (e.g. platforms, advisers, DFMs), and how do you define your target market?

19.2 Do you restrict the use of your custody services to specific client types (e.g. Retail, Professional, or Eligible Counterparty), and how is that enforced?

19.3 Do you have an internal product approval or governance process for launching new services (e.g. tax wrappers, FX, asset classes)?

19.4 What controls or monitoring do you have in place to ensure your services are used only within their intended scope (e.g. jurisdiction, client type, asset type)?

20. Intermediary Due Diligence

20.1 What due diligence do you perform on firms or platforms that use your custody services (e.g. financial advisers, DFMs, technology providers)?

20.2 Do you require intermediaries to meet specific regulatory, operational, or financial criteria before onboarding?

20.3 How do you monitor intermediary activity on an ongoing basis to ensure compliance with your terms of service and regulatory expectations?

21. Client Access & Transparency

21.1 What access do you provide to intermediaries for retrieving client-level data (e.g. valuations, transactions, corporate actions), and is this available via portal, API, or both?

21.2 What standard reports or data feeds do you offer to support client reporting, compliance, and operational oversight?

21.3 How do you ensure full transparency around all fees, charges, FX rates, and transaction costs within your custody and dealing services?

22. Legal & Contractual

22.1 Please provide a sample service agreement and terms of business.

21.2 Are there any minimum volume, term, or fee commitments?

22.3 What SLAs are contractually binding, and what remedies apply for breaches?

22.4 What are your standard termination clauses?

23. References & Client Feedback

23.1 Please provide contact details for 1–2 professional references.

23.1 Do you have case studies or testimonials from other wealth management firms?

24. Authorised Signatory

I hereby declare that the information provided in this form is true and correct to the best of my knowledge and belief.

Full Name

Title

Date

Location

Contact email address

Contact number

Thank you for completing this form. Details of submitted information will not be shared externally in accordance with our mutual NDA.