9.1 Org design

Functions

                          [Board]
                              │
              ┌───────────────┼──────────────────┬────────────────┐
              │               │                  │                │
            [CEO]          [CRO/Risk]      [Compliance / IO]   [InfoSec]
              │
   ┌──────────┼───────────────┬─────────────────┬───────────────┐
   │          │               │                 │               │
[Business] [Credit]      [Operations]    [Engineering]      [Finance]
   │          │               │                 │               │
 Sales /   Underwriting    KYC/KYB ops     Platform team    Accounts
 partner   Credit          Disbursement    Data team        Recon
 channels  policy          LMS ops         InfoSec eng      Treasury
 DSA       Risk analytics  Collections     SRE / cloud      Tax / GST
 CA / RM   Portfolio       Reconciliation                   Investor mgmt
           Bureau          Field FI
           reporting       Customer
                           support
                           Vendor mgmt

Key roles at MVP

Role	Responsibilities
CEO	Strategy, fundraising, partner relationships
CRO (Chief Risk Officer)	Credit policy, portfolio health, ICAAP, board reporting
Compliance Officer / Company Secretary	Reg compliance, returns, RBI / SEBI / GST liaison
Head of Credit	Underwriting, manual review, deviation approvals
Head of Operations	KYC / disbursement / collections / recon teams
Head of Engineering	Platform, integrations, data, security
Head of Sales / Channels	Direct sales, DSA, CA, partner channels
Head of Finance	Accounts, tax, treasury, investor relations
InfoSec Lead	Information security, IT audit, incident response

Separation of duties (regulator-aligned)

• Credit policy distinct from credit approval at deal level — policy is centralised, deal approval is delegated per matrix.
• Maker distinct from Checker — disbursement, large repayments, manual journals.
• Operations distinct from Finance — operations executes, finance reconciles.
• Internal Audit independent of operations — reports to Audit Committee.
• Information Security independent of IT operations.

Outsourcing (per Outsourcing MD)

Outsource non-core operations:

• Recovery agents — outsourced agencies governed under your conduct rules.
• Field FI agents — regional vendors.
• Call centre overflow — vendor agents under your script + recording.
• DSAs — outsourced sales.
• CA panel — referral panel, not employees.

Keep in-house:

• Credit policy ownership and final-level credit approval.
• Risk management.
• Compliance management.
• Information security policy.
• Treasury and capital management.
• Engineering core platform.

Reporting structure principles

• CRO and Compliance Officer report to Board (with admin reporting to CEO).
• InfoSec reports to Risk Committee (with admin to CEO / CTO).
• Internal Audit reports to Audit Committee of the Board.

Cross-functional rhythms

• Daily ops standup for production health (engineering + ops + InfoSec).
• Weekly credit review (credit head + analysts + risk).
• Weekly collections review.
• Weekly sales pipeline review.
• Monthly portfolio review (CRO + credit + ops + finance + product).
• Monthly board pack.
• Quarterly board meeting with risk / audit / compliance updates.
• Quarterly partner review for each co-lending partner.