Risk Management &
Monitoring Workflows

PORTFOLIO DIGITAL RISK DASHBOARD — WEEKLY REPORT ═══════════════════════════════════════════════════ PORTFOLIO: 1,247 positions across 5 strategies DOMAINS SCANNED: 3,891 (including subsidiaries) DATE: February 13, 2026 RISK SUMMARY BY STRATEGY: Strategy Positions Digital Risk Alerts Change vs Last Week Equities 456 LOW (12) 3 ↑ +2 alerts GQS 523 LOW (8) 1 → stable Commodities/Energy 134 MEDIUM (28) 4 ↑ +3 alerts (FlexPower ecosystem) Fixed Income 89 LOW (11) 1 → stable Credit 45 MEDIUM (24) 2 ↑ +1 alert OVERALL PORTFOLIO DIGITAL RISK SCORE: 16/100 (LOW) WEEKLY CHANGE: +3 points (slight deterioration — driven by Energy alerts)

ALERT DETAILS — 11 POSITIONS REQUIRING ATTENTION ════════════════════════════════════════════════════ RED ALERTS (2) — Immediate CRO Review: rheinland-power-gmbh.de (Energy desk — FlexPower counterparty) Risk Score: 78/100 | Exposure: $12M /login: Trading portal down 72hrs | /support: Removed /careers: All postings gone | /contact: Phone disconnected CrUX: Crashed 78 → 23 | Potential operational failure → ACTION: Suspend trading, notify energy desk, assess replacement capacity tech-innovation-corp.com (Equities — long position) Risk Score: 62/100 | Exposure: $34M /leadership: CEO + CFO departed in 10-day span /careers: -56% postings | /investors: Added "going concern" language /press: Silent for 45 days (was weekly) → ACTION: Review position size, alert PM, set stop-loss AMBER ALERTS (4) — Monitor Closely: green-electron.nl (Energy — FlexPower counterparty) Risk Score: 45/100 | Exposure: $8M /pricing: Removed | /leadership: CEO change | /investors: "strategic review" → ACTION: Reduce exposure, prepare contingency counterparty retail-brands-global.com (Credit — bond position) Risk Score: 52/100 | Exposure: $15M /careers: Freeze | /leadership: CMO + CTO departed → ACTION: Monitor weekly, consider reducing if score hits 60 media-ventures-inc.com (Equities — long) Risk Score: 41/100 | Exposure: $22M /blog: No posts in 30 days | /events: All cancelled | /partners: -4 removed → ACTION: Investigate with PM, flag for next risk committee baltic-wind-trading.de (Energy — FlexPower counterparty) Risk Score: 48/100 | Exposure: $5M /compliance: License number removed | /legal: Liability clauses changed → ACTION: Verify BaFin registration, hold new trades

COUNTERPARTY RISK TIMELINE — MERIDIAN CAPITAL GROUP ═══════════════════════════════════════════════════════ DOMAIN: meridian-capital-group.com RELATIONSHIP: Prime brokerage counterparty since 2019 CURRENT EXPOSURE: $89M DIGITAL RISK SCORE TIMELINE: Q1 2024: Score: 8 | 18/20 pages | 12 C-suite | 89 careers | CrUX 91 Q2 2024: Score: 7 | 18/20 pages | 12 C-suite | 92 careers | CrUX 92 Q3 2024: Score: 9 | 18/20 pages | 12 C-suite | 87 careers | CrUX 90 Q4 2024: Score: 11 | 18/20 pages | 11 C-suite | 78 careers | CrUX 89 Q1 2025: Score: 18 | 17/20 pages | 11 C-suite | 65 careers | CrUX 86 ↑ /events page removed, /sustainability removed Q2 2025: Score: 24 | 17/20 pages | 10 C-suite | 52 careers | CrUX 84 ↑ COO departure, hiring declining Q3 2025: Score: 31 | 16/20 pages | 10 C-suite | 41 careers | CrUX 81 ↑ /case-studies removed, /blog frequency halved Q4 2025: Score: 45 | 15/20 pages | 9 C-suite | 28 careers | CrUX 74 ↑ Chief Investment Officer departed, /partners shrinking Q1 2026: Score: 72 | 12/20 pages | 7 C-suite | 8 careers | CrUX 58 ↑ CRO + CFO + Head of Compliance departed, /compliance removed TREND: 12-MONTH DETERIORATION — Score increased 8x (8 → 72) ⚠ CRITICAL: Gradual deterioration accelerated dramatically in Q1 2026 ⚠ Crossed RED threshold (60) on Feb 3, 2026

GEOPOLITICAL RISK MONITOR — FEBRUARY 2026 ═══════════════════════════════════════════ RUSSIA/BELARUS SANCTIONS COMPLIANCE: 34 portfolio companies updated /compliance pages with expanded sanctions language 12 companies removed Russian /contact office addresses (market exit signals) 3 companies still show Russian office on /contact — FLAG for compliance review CHINA REGULATORY ENVIRONMENT: 89 tech companies modified /legal pages for Chinese data localization rules 23 companies added China-specific /compliance pages /careers: 45% decline in China-based tech job postings across portfolio SIGNAL: Tech sector de-risking from China accelerating EU AI ACT IMPACT: 156 AI companies added /compliance pages mentioning EU AI Act 67 added /security pages with AI-specific safety documentation 12 companies removed EU /contact offices (potential EU market exit) SIGNAL: Regulatory compliance driving geographic decisions MIDDLE EAST EXPANSION: 34 companies added Saudi Arabia or UAE /contact addresses /careers: +234% Middle East hiring across portfolio companies /partners: 45 companies added Saudi Aramco, NEOM, or PIF as partners SIGNAL: Portfolio exposure to Middle East increasing significantly

CONCENTRATION RISK DETECTOR — DEPENDENCY MAPPING ════════════════════════════════════════════════════════ PORTFOLIO SCANNED: 1,247 positions | 3,891 domains DEPENDENCY CLUSTERS IDENTIFIED: 23 TOP 5 HIDDEN CONCENTRATION CLUSTERS: 1. AWS Infrastructure Dependency (CRITICAL) 412 portfolio companies reference AWS on /partners or /products Aggregate exposure: $4.8B across equities, credit, and quant strategies If AWS suffers major outage: correlated revenue impact across 33% of portfolio /products pages reveal: 89 companies have AWS as sole cloud provider 2. Stripe Payment Processing Cluster 267 portfolio companies list Stripe on /partners page /login pages show Stripe-powered checkout on 234 domains Aggregate exposure: $2.1B Single payment processor failure = revenue disruption for 21% of holdings 3. Taiwan Semiconductor Supply Chain 189 companies reference TSMC on /products or /about pages Country meta: 78% of these companies have no non-Taiwan fab alternatives Aggregate exposure: $3.4B Geopolitical event impact: correlated across tech, auto, energy sectors 4. Salesforce CRM Dependency 345 companies reference Salesforce on /partners Lower risk — CRM migration possible within quarters Aggregate exposure: $2.8B — operational, not existential 5. Google Cloud AI/ML Stack 156 companies reference Google Vertex AI on /products /docs pages reveal deep integration for 67 companies Aggregate exposure: $1.2B — mitigatable via multi-cloud

LIQUIDITY RISK EARLY WARNING — WEEKLY SCAN ══════════════════════════════════════════════════ UNIVERSE: 1,247 positions + 892 counterparties LIQUIDITY STRESS SIGNALS DETECTED: 7 entities HIGH SEVERITY (Score > 70): crestview-financial-services.com (Credit — $45M bond position) Liquidity Score: 82/100 /careers: Hiring frozen — 0 new posts in 45 days (was 15/week) /support: Phone support removed, chat-only — cost-cutting signal /login: Client portal experiencing 4hr+ daily outages /events: All 2026 conferences cancelled, sponsorships pulled /pricing: 3 price increases in 90 days — desperation pricing CrUX: 87 → 41 (infrastructure investment stopped) nordic-trade-solutions.se (Equities — $28M long position) Liquidity Score: 74/100 /careers: -78% postings in 60 days /support: Response times increased from hours to days /login: Added "maintenance window" notices — 8hrs/day /press: No releases in 60 days (was biweekly) CrUX: 79 → 52 MEDIUM SEVERITY (Score 40-70): pacific-asset-management.com.au (Counterparty — $67M exposure) Liquidity Score: 56/100 /careers: -45% postings | /events: 3 cancelled /pricing: Removed transparent pricing — switched to "contact us" CrUX: 81 → 68 — beginning to degrade

MODEL RISK VALIDATION AGENT — QUARTERLY AUDIT ═══════════════════════════════════════════════════ MODELS AUDITED: Credit Risk, Counterparty Risk, Market Risk (VaR) POSITIONS CHECKED: 1,247 MODEL-DOMAIN DIVERGENCES FOUND: 34 CREDIT RISK MODEL — DIVERGENCE ANALYSIS: Model rates as "Investment Grade" but domain signals say otherwise: SEVERE DIVERGENCES (7): continental-logistics-corp.com Model Rating: A- (investment grade) | Domain Score: 67/100 (HIGH RISK) /leadership: CFO + Controller departed in 30 days /careers: -72% postings | /compliance: Removed SOX section /investors: Added "material uncertainty" language to FAQ /docs: API documentation deprecated — product sunset signals Model blind spot: Leadership + compliance data not in model inputs summit-healthcare-tech.com Model Rating: BBB+ | Domain Score: 58/100 (ELEVATED) /products: 3 product pages removed (was 8, now 5) /security: HIPAA compliance badge removed /careers: Engineering hiring frozen | /docs: Stale since Aug 2025 CrUX: 84 → 56 | PageRank: 62 → 41 Model blind spot: Product portfolio contraction invisible to financials atlantic-reinsurance-group.bm Model Rating: A | Domain Score: 51/100 (ELEVATED) /compliance: Removed Bermuda Monetary Authority reference /leadership: 4 of 9 board members departed in 6 months /investors: Removed quarterly reporting schedule Model blind spot: Regulatory status changes not captured

MODEL BLIND SPOT ANALYSIS — SYSTEMATIC GAPS ════════════════════════════════════════════════════ INPUTS AVAILABLE IN DOMAIN INTELLIGENCE BUT MISSING FROM MODELS: Input Category Available Used by Model Gap Leadership stability Yes No BLIND SPOT Hiring trajectory Yes No BLIND SPOT Product portfolio size Yes No BLIND SPOT Compliance page status Yes No BLIND SPOT Infrastructure health Yes No BLIND SPOT Partner ecosystem size Yes No BLIND SPOT Support quality signals Yes No BLIND SPOT Revenue (financials) Yes Yes COVERED Debt ratios Yes Yes COVERED Market cap Yes Yes COVERED BACKTEST RESULTS: Last 3 years: 23 credit events in portfolio Model predicted: 8 of 23 (35% hit rate) Domain intelligence would have flagged: 19 of 23 (83% hit rate) Combined model + domain: 22 of 23 (96% hit rate) Adding domain signals improves model accuracy by 2.4x

OPERATIONAL RISK WEB SCANNER — DAILY SWEEP ════════════════════════════════════════════════════ ENTITIES SCANNED: 2,139 (holdings + counterparties + vendors) OPERATIONAL ALERTS: 9 CRITICAL INFRASTRUCTURE ALERTS (3): quantcore-execution.com (Trade execution vendor) /login: Portal returning 503 errors for 18+ hours /api: API status page shows 4 endpoints degraded /support: Emergency banner — "experiencing service disruption" /security: SSL certificate expires in 3 days — not renewed CrUX: 91 → 28 (catastrophic performance drop) IMPACT: Citadel uses this vendor for 12% of equity executions clearstream-data-services.lu (Clearing data provider) /login: Added IP-restricted access notice — narrowing access /docs: API v3 documentation removed — only v2 remains /api: Rate limiting reduced from 1000/min to 100/min /support: Ticket response time increased from 2hrs to 48hrs CrUX: 82 → 61 — steady degradation over 4 weeks IMPACT: Primary clearing data feed for Fixed Income desk sentinel-cloud-hosting.com (Infrastructure vendor) /security: SOC 2 Type II certification removed from page /login: Added mandatory 2FA — may indicate breach response /support: Removed phone number, added "email only" notice /contact: Reduced from 5 offices to 2 on /contact page IMPACT: Hosts 3 internal Citadel analytics platforms ELEVATED OPERATIONAL ALERTS (6): alphastream-analytics.com /api deprecated 2 endpoints | CrUX -15pts nexgen-market-data.com /docs outdated by 90 days | /support hours reduced primebroker-tech.co.uk /login intermittent errors | /security page removed omega-risk-systems.com /api latency increased 3x | /support ticket backlog databridge-solutions.de /docs: migration notice posted | /api v2 sunset planned fintech-connect-api.io /security: PCI badge removed | CrUX dropped 22 points

TAIL RISK EVENT MONITOR — REAL-TIME DASHBOARD ══════════════════════════════════════════════════════ MONITORING: 100M+ domains | 20 page types each TAIL RISK SCORE: 34/100 (ELEVATED — above 25 baseline) SYSTEMIC STRESS INDICATORS: 1. Financial Sector Leadership Exodus 24 major financial institutions showed C-suite departures this month Normal baseline: 6-8 per month /leadership pages: 3x normal departure rate across banks, brokers, asset mgrs /press: 12 of these companies went silent (no press releases in 30+ days) SIGNAL STRENGTH: 2.8σ above normal — ELEVATED 2. Cross-Sector Hiring Collapse /careers data shows synchronized hiring decline across 4 sectors: Financial Services: -34% | Technology: -28% | Real Estate: -41% | Retail: -38% Normal inter-sector correlation: 0.15 | Current: 0.72 SIGNAL STRENGTH: 3.1σ — sectors moving in lockstep 3. Infrastructure Health (Stable) Average CrUX across monitored universe: 74 (vs 76 baseline) /login uptime across financial sector: 99.2% (normal) No systemic infrastructure deterioration detected 4. Regulatory Environment (Stable) /compliance page additions/changes: within normal range /legal page modifications: baseline levels No coordinated regulatory action signals detected

TAIL RISK SCENARIO ANALYSIS — DOMAIN-INFORMED ══════════════════════════════════════════════════════ SCENARIO A: Financial Contagion (Current signals: ELEVATED) Domain signals: 24 C-suite departures + cross-sector hiring decline Historical precedent: Similar pattern in Q3 2007 (4 months before GFC visible) Pattern match: 42% similarity to pre-crisis domain signatures Portfolio impact if materialized: -$2.1B (estimated via stress test) PROBABILITY ASSESSMENT: 8-12% (elevated from 3% baseline) SCENARIO B: Tech Infrastructure Cascade Domain signals: FinTech vendor stress (from Workflow 7) + AWS concentration If major cloud outage triggers cascading failures across 412 AWS-dependent holdings /api and /login monitoring would detect within minutes Portfolio impact if materialized: -$890M (estimated) PROBABILITY ASSESSMENT: 2-4% (within normal range) SCENARIO C: Geopolitical Shock — Taiwan Domain signals: TSMC dependency cluster (189 companies) /blog and /press: No escalation signals detected in defense/semiconductor sector /contact: No companies removing Taiwan offices (would be early signal) Portfolio impact if materialized: -$3.4B (severe) PROBABILITY ASSESSMENT: 1-2% (no domain signals of escalation)

CORRELATION BREAKDOWN DETECTOR — WEEKLY ANALYSIS ═══════════════════════════════════════════════════════ CORRELATION PAIRS MONITORED: 2,847 CORRELATION CLUSTERS: 156 BREAKDOWNS DETECTED THIS WEEK: 4 METHODOLOGY: Agent builds "domain correlation" by comparing page-type similarity: — Companies with similar /products, /partners, /pricing = correlated — /case-studies overlap identifies shared client base — /careers role types identify shared talent pool dependencies — /about mission/sector language identifies strategic alignment CORRELATION PAIR BREAKDOWNS DETECTED: 1. Cloud ERP Pair: SAP vs Oracle Historical domain correlation: 0.89 Current domain correlation: 0.41 — BREAKDOWN SAP: /careers +23%, /partners +8 new, /case-studies +12, CrUX stable 88 Oracle: /careers -31%, /partners -5 removed, /case-studies -8 removed /pricing: SAP stable | Oracle restructured 3x in 60 days Divergence: SAP gaining market share while Oracle losing ground 2. Payments Trio: Stripe vs Adyen vs Square Historical domain correlation: 0.82 Current domain correlation: 0.54 — WEAKENING Stripe: /partners +34, /products added 3 pages, /careers +18% Adyen: Stable — /partners flat, /careers +5% Square: /products removed 2 pages, /partners -12, /careers -22% /case-studies: Stripe gained 8 enterprise case studies Square lost 3. Defense Pair: Raytheon vs Lockheed Historical domain correlation: 0.91 Current domain correlation: 0.67 — DIVERGING Raytheon: /careers +45% (hiring surge), /partners +6 new Lockheed: /careers flat, /partners -3 removed, /press delayed /about: Raytheon added "AI defense" language | Lockheed unchanged 4. Streaming Pair: Netflix vs Disney+ Historical domain correlation: 0.76 Current domain correlation: 0.88 — CONVERGING Both: /pricing restructured, /careers similar hiring patterns Disney /products page now mirrors Netflix structure — strategic mimicry

REGULATORY RISK HEATMAP — GLOBAL VIEW ════════════════════════════════════════════════════ JURISDICTIONS MONITORED: 94 countries PORTFOLIO COMPANIES WITH /compliance PAGES: 847 of 1,247 REGULATORY CHANGE EVENTS THIS MONTH: 156 HEATMAP — TOP REGULATORY RISK ZONES: Jurisdiction Sector Risk Changes Portfolio Exposure EU AI/ML CRITICAL 67 $1.8B India FinTech HIGH 34 $890M UK Crypto HIGH 28 $340M Singapore Digital Assets ELEVATED 19 $560M Brazil Data Privacy ELEVATED 15 $420M Japan Stablecoins ELEVATED 12 $280M US Banking LOW 8 $4.2B Germany Insurance LOW 5 $670M Australia Mining/ESG LOW 4 $390M DETECTION METHOD: /compliance page changes: 89 companies updated compliance language /legal page modifications: 45 companies added new regulatory references /about page jurisdiction mentions: 22 companies changed registered jurisdictions /contact office additions/removals: 34 companies shifted geographic presence /sustainability: 28 companies added ESG regulatory compliance sections

REGULATORY DEEP-DIVE — EU AI ACT IMPACT ANALYSIS ═══════════════════════════════════════════════════════ DOMAIN INTELLIGENCE — 67 REGULATORY EVENTS DETECTED: Category 1: Compliance Infrastructure Build-Out (41 companies) /compliance: 41 companies added EU AI Act-specific compliance pages /legal: 38 added "AI system classification" legal language /events: 23 companies registered for EU AI compliance conferences Average cost signal: /careers shows 3-5 compliance hires per company INTERPRETATION: Companies preparing — significant cost burden Category 2: EU Market Exit Signals (12 companies) /contact: 12 companies removed EU office addresses /about: 8 modified mission statements to exclude EU operations /compliance: 6 removed EU regulatory references entirely /sustainability: 4 companies removed EU ESG commitments INTERPRETATION: Small-to-mid caps exiting EU rather than complying Category 3: Strategic Repositioning (14 companies) /products: 14 companies relabeled AI products as "analytics" or "automation" /legal: 9 added disclaimers about AI system classifications /blog: 11 published thought leadership on "responsible AI" (new topic) INTERPRETATION: Regulatory arbitrage — relabeling to avoid classification