FluxCap Financial Services — Risk Analysis
A structured risk register and the mitigation measures covering credit, funding, regulatory, operational and execution risks.
Section 24 · Business Plan
Risk Analysis
A structured risk register and the mitigation measures covering credit, funding, regulatory, operational and execution risks.
| Risk | Likelihood | Impact | Mitigation |
|---|---|---|---|
| Consumer credit defaults above plan | High | Severe | Conservative 22% launch CoR; vintage triggers pause growth; provision coverage 8%; collections automation; covenant-linked throttling |
| Regulatory change (rate caps, fintech rules) | Medium | Severe | Mix diversification to fee income; industry-body engagement; product economics stress-tested to cap revisions |
| Warehouse funding not secured on schedule | Medium | Severe | Audited vintages from month 1; early rating-agency engagement; growth throttling preserves solvency if delayed; revolver backstop |
| Fraud (application, identity, syndicated) | High | Moderate | Device fingerprinting, biometric KYC, velocity rules, ML fraud models; fraud losses embedded in CoR assumption |
| Competitive response from banks | High | Moderate | Segment focus; embedded distribution moats; speed of iteration; avoid head-on price competition |
| Key-person and specialist hiring | Medium | Moderate | 10% ESOP; investor-network sourcing; staged milestone hiring; succession planning from FY2028 |
| Interest-rate volatility | Medium | Moderate | Asset yields largely fixed-fee/short-duration reprice naturally; facility margin over prime passes base moves through partially |
| Technology delivery delay | Medium | Moderate | Buy commodity components; nine-month pilot scope discipline; penalty-backed vendor SLAs |
| Customer churn / retention below plan | Medium | Severe | FluxWell engagement; graduation pathways; cohort-retention covenant reporting from month 6 |
| Cybersecurity / data breach (POPIA) | Low-Med | Severe | Zero-trust architecture; tokenised PII; annual penetration testing; cyber insurance; breach playbook |
| Macroeconomic deterioration | Medium | Severe | Short book duration allows rapid risk-appetite tightening; scenario-tested (Section 25) |
| Concentration (employer / partner channels) | Low-Med | Moderate | ≤7.5% single-employer cap; partner diversification requirements in credit policy |
Risk governance in operation
Risk ownership follows a three-lines-of-defence model: product and
operations teams own risk in the first line; the Chief Risk Officer’s
function sets policy, monitors vintages and governs FluxScore in the
second; internal audit provides independent assurance in the third from
FY2028. Two design choices distinguish the framework from a conventional
lender’s. First, model governance is board-level: no
FluxScore version deploys to production without Credit & Model
Governance Committee approval, back-test evidence and a documented
fairness review — protecting against both credit loss and the conduct
risk of discriminatory automated decisioning. Second, growth is
formally subordinated to risk: the covenant-linked throttle in
Section 22 is mirrored internally by vintage triggers (Section 12) that
pause origination without requiring board escalation. The Company’s most
important risk asset is the shortness of its book — a portfolio that
turns over inside a year cannot trap management in a stale mistake for
long, provided monitoring detects the mistake early. Every element of
the framework is engineered for that early detection.
Confidential — this business plan is provided to prospective investors and lenders for evaluation purposes only and may not be reproduced or distributed without the written consent of FluxCap Financial Services (Pty) Ltd.