Enterprise Trustee Platform

Trustee Portfolio
Monitoring System

TPMS  /  Full-Stack Enterprise Web Application

A role-based portfolio monitoring and compliance platform built for SC Malaysia-licensed trustee companies. Unified oversight across conventional equity, Islamic Sukuk, and digital asset funds in a single self-hosted system.

Multi-Fund Shariah Compliant Digital Assets Role-Based Access Audit Trail PDF / Excel Reports MFA Self-Hosted
TPMS
Dashboard / Portfolio Overview
LIVE
Portfolio Overview
Total AUM
MYR 247.3M
YTD Return
+6.84%
Active Funds
3
Open Breaches
2
Fund ID Type NAV (MYR) Status
MGF-01 Equity 142.1M Active
SSF-02 Sukuk 83.6M Active
QDET-03 Digital 21.6M Watch
11
Platform Modules
6
User Role Types
3
Asset Classes
7yr
Audit Retention
Platform Modules
Eleven modules. Complete fund oversight.

Purpose-built for trustee back-office operations, covering daily data entry through regulatory reporting and audit compliance.

01
Core
Dashboard
Aggregate real-time view of all managed funds. AUM, NAV, open breach count, and YTD returns rendered per the user's role and assigned fund scope.
AUM / NAV Summary Breach Alerts Fund Drill-Down Role-Filtered
02
Core
Portfolio Monitoring
Central module for fund management, holdings tracking, and transaction entry. Supports multi-fund switching with cross-tab fund filtering.
Multi-Fund Management Holdings by Asset Class Transaction Entry Cross-Tab Filtering
03
Regulatory
Compliance
Rule-based breach detection against Trust Deed investment limits, concentration caps, and Shariah restrictions. Supports manual trigger and remediation workflow.
Breach Detection Engine Remediation Workflow Breach History Shariah Rules
04
Asset Class
Fixed Income / Sukuk
Full instrument lifecycle for conventional bonds and Islamic Sukuk. Coupon and profit rate tracking, maturity scheduling, and Shariah-compliant instrument classification.
Sukuk Ijarah / Murabahah Coupon / Profit Tracking Maturity Alerts Accrued Interest
05
Asset Class
Digital Assets
Institutional management of approved digital asset holdings. Multi-wallet support, on-chain transaction tracking, and price-as-of valuation with fund-level access scoping.
Multi-Wallet Support On-Chain Transactions Price-As-Of Valuation Fund-Scoped Access
06
Asset Class
Cash and Deposits
Cash account and fixed deposit management across multiple banks. Tracks interest and Murabahah profit rates, maturity schedules, and deposit roll-over history.
Multi-Bank Accounts Fixed Deposit Tracking Murabahah Profit Roll-Over History
07
Operations
Reconciliation
Match TPMS records against external custodian or fund manager statements. Surfaces discrepancies for review and maintains a full resolution history.
Statement Matching Discrepancy Flagging Resolution Workflow Reconciliation History
08
Reporting
Reports
On-demand server-side report generation in XLSX, CSV, and branded PDF. Covers portfolio summary, holdings, transactions, compliance findings, fixed income, and cash deposits.
XLSX / CSV / PDF Branded PDF Header 6 Report Types Fund Filtered
09
Regulatory
Documents
Secure document repository for Trust Deeds, board resolutions, regulatory filings, and fund documents. Enforces SC Malaysia 7-year retention requirement with fund-level access scoping.
PDF / DOCX / XLSX 50 MB Per File 7-Year Retention Fund-Level Scope
10
Regulatory
Audit Trail
Immutable log of every meaningful system action. Captures user identity, action type, affected entity, and timestamp. Read-only for auditor role. Minimum 7-year SC Malaysia retention enforced.
User + Action + Entity Tamper-Evident 7-Year Retention Filterable Search
11
Admin
Administration
User management, fund scope assignments, system configuration, demo environment, and database backup. All company identity fields are configurable without code changes.
6-Role User Management Fund Assignments MFA Enforcement Backup / Restore
12
Auth
Authentication / MFA
TOTP multi-factor authentication via any RFC 6238 authenticator app. JWT access tokens with 15-minute expiry stored in memory, 7-day httpOnly refresh cookies, and configurable account lockout.
Google Authenticator 15-Min Access Token Account Lockout Forced Password Rotation
Access Control
Six roles, precisely scoped.

Role-based access enforced at both the API route level and the frontend router. Scoped users query only their assigned funds at the SQL layer, not just the UI.

Role Fund Visibility Portfolio Compliance Fixed Income Digital Assets Cash Reports Documents Audit Trail Admin
Super AdminSystem Administrator All Funds Full Full Full Full Full Full Full Full Full
Trustee ManagerSenior Oversight All Funds Read Read Read Read Read Full Full Read None
Compliance OfficerRegulatory All Funds Read Full Read Read Read Full Full Read None
Operations StaffData Entry Assigned Only Full None Full Full Full Full Full None None
AuditorInternal / External All Funds Read Read Read Read Read Read Read Full None
Report ViewerRead-Only Stakeholder Assigned Only None None None None None Full Full None None
Full - Read and write access Read - View only, no modifications Assigned Only - Fund-scoped at SQL layer None - Route blocked, API guarded
Security and Compliance
Built for regulated environments.

Every security control is designed against SC Malaysia requirements for licensed trustee companies. Enforcement operates at the API layer, not just the user interface.

SC Malaysia Guidelines
7-Year Audit Retention
TOTP Multi-Factor Auth
Shariah Asset Classification
Fund-Level Data Isolation
Multi-Factor Authentication
TOTP-based MFA compatible with Google Authenticator and any RFC 6238 app. QR code setup built in. Admin-enforceable platform-wide via system configuration.
JWT Session Architecture
15-minute access tokens stored in memory only, never localStorage. 7-day httpOnly refresh cookies. Silent token renewal on 401 via axios interceptor. No persistent session exposure.
Fund-Level Data Isolation
Operations staff and report viewers are scoped to assigned funds at the SQL query layer via middleware. Not just UI hiding. Unauthorized fund access returns a 403, not filtered results.
Route-Level RBAC
Every Express route carries requireRole() middleware. Every React route has a <Guard roles> wrapper. Unauthorized URL access redirects to /unauthorized, not a blank screen.
Rate Limiting
Auth endpoints limited to 20 requests per 15-minute window. API endpoints limited to 500 requests per 15-minute window. Account lockout threshold and duration configurable in system settings.
Immutable Audit Log
Every create, update, delete, login, and export action is logged with user identity, action type, affected entity, and timestamp. SC Malaysia minimum 7-year retention enforced at the data layer.
Asset Coverage
Three asset classes. One system.

Conventional equity, Islamic Sukuk, and digital assets are managed through a unified interface with asset-class-specific workflows for each.

Conventional Equity
Listed and unlisted equity holdings, unit trusts, and collective investment schemes. Full transaction lifecycle management with P and L tracking across fund positions.
Instrument Types
Equities Unit Trusts REITs ETFs
Islamic / Sukuk
Shariah-compliant fixed income instruments with profit rate tracking, Shariah structure classification, maturity scheduling, and accrued profit calculation.
Instrument Types
Sukuk Ijarah Murabahah Wakalah GII
Digital Assets
Institutional management of approved digital assets. Multi-wallet tracking, on-chain transaction records, and price-as-of valuation. Fund-scoped wallet access enforced at API level.
Asset Types
Bitcoin Ethereum Digital ETFs Tokenised Assets
Data and Integration
Manual entry today. API-ready by design.

Data is currently entered by the operations team, which is standard practice for trustee back-office systems at this scale. The platform architecture supports external API integration as a phased next step.

Live
Manual Data Entry
Operations staff enter holdings, transactions, cash balances, and instrument records directly into TPMS. Every entry is logged to the audit trail. Standard operating procedure for trustee back-office at this scale.
Near-Term
Market Data Feeds
Auto-price listed equities via Bursa Malaysia market data. Auto-update digital asset valuations via CoinGecko or CoinMarketCap APIs. No formal institution agreements required. Can be implemented as a scheduled background job.
Roadmap
Bank and Custodian Feeds
Corporate banking APIs via BNM open banking initiative (Maybank, CIMB, RHB) for automated cash balance sync. Custodian position and settlement feeds via SWIFT MT535/MT940 messaging - the institutional standard at this level. Requires formal agreements with each institution.