a) the internal control infrastructure, given the nature, scope and complexity of the digital financial advice business operation;

b) the appropriateness of third-party system or tools used;

c) validation of the underlying models;

d) the algorithm's functionality;

e) the cyber security policies and controls;

f) the completeness and accuracy of client profiling process including the relevant KYC requirements;

g) controls on client data protection and confidentiality.