Live Oak Labs Bankability Report

Northwind Capital

Report type
Company Bankability Report
Status
Illustrative internal draft
Programme fit
Embedded SMB Finance
Use case
Embedded working-capital tooling for vertical SaaS platforms selling into SMB banking
Generated
2026-07-13
Recommended decision
Advance to structured diligence remediation.

Composite bankability

0/100
Diligence-ready

Diligence-ready. Advance to structured diligence remediation.

Start Over
01

Executive Bankability Score

DimensionScoreStatusNotes
Bank Workflow Fit94/100GreenProduct is tied to a real bank-owned workflow with a named owner and credible pull.
Diligence Readiness77/100YellowDiligence posture is coming together; several artifacts are still missing or draft.
Integration Clarity22/100RedIntegration posture demands too much bank engineering or too much production access for a first pilot.
AI / Model-Risk ReadinessN/AAI section was skipped; excluded from composite.
UK LegibilityN/AUK section was skipped; excluded from composite.
Pilot Readiness77/100YellowPilot has the outline of a controlled test but is missing metrics, kill criteria, or ownership.
Composite68/100YellowDiligence-ready
Overall decisionAdvance to structured diligence remediation.

Dimension detail

Bank Workflow Fit

0/100

Product is tied to a real bank-owned workflow with a named owner and credible pull.

Top signals

  • WF-001Named bank workflow owner
  • WF-002Primary workflow specified
  • WF-003Evidence of buyer pull

Diligence Readiness

0/100

Diligence posture is coming together; several artifacts are still missing or draft.

Top signals

  • DI-001SOC 2 / ISO evidence
  • DI-006Encryption posture
  • DI-002Penetration test status

Integration Clarity

0/100

Integration posture demands too much bank engineering or too much production access for a first pilot.

Top signals

  • IN-002No production write access in first pilot
  • IN-004API / webhook ingestion available
  • IN-001Integration posture

Top gaps

  • IN-003No live customer data in first pilot
  • IN-006Exit / portability posture

AI / Model Risk

n/a/100

AI section was skipped; excluded from composite.

UK Legibility

n/a/100

UK section was skipped; excluded from composite.

Pilot Readiness

0/100

Pilot has the outline of a controlled test but is missing metrics, kill criteria, or ownership.

Top signals

  • PI-001Pilot objective
  • PI-002Success metric
  • PI-003Kill criteria

Top gaps

  • PI-004Bounded scope
02

Company and Product Summary

Core argumentNorthwind Capital is described as: Embedded working-capital tooling for vertical SaaS platforms selling into SMB banking.

Operational design

  • Target workflow: SMB working-capital origination via partner vertical SaaS.
  • Named bank owner: Head of SMB Lending.
  • Stage: seed.

Execution artifact

Northwind Capital Evidence Dossier

Governance test

Can a bank product owner, risk officer, compliance reviewer, and model-risk reviewer understand what this records, what it does not, who controls it, and how evidence is verified?

03

Strategic Fit With Live Oak Labs

Core argumentProgramme fit: Embedded SMB Finance.

Operational design

  • Enter the programme under bounded labels — not a general 'trust layer' claim.
  • Anchor to one bank workflow rather than a portfolio pitch.

Execution artifact

Live Oak Use-Case Memo

Governance test

Does the company enter with one bounded workflow rather than a broad platform claim?

04

Bank Workflow Fit

Core argumentNorthwind Capital fits where banks need proof that an automated or semi-automated system behaved within approved boundaries.

Operational design

  • Primary workflow: SMB working-capital origination via partner vertical SaaS.
  • Current workaround: Manual referrals emailed weekly from partner platforms.
  • Evidence of pull: medium.

Execution artifact

Bank Workflow Fit Map

Governance test

If the workflow owner and evidence buyer cannot be named, the offering becomes too abstract to underwrite.

05

Integration Surface

Core argumentThe product should be easiest to adopt when it acts as a sidecar, not a core production system.

Operational design

  • Posture: core read.
  • Production access in first pilot: no.
  • Live customer data in first pilot: yes.

Execution artifact

Integration Surface Map

Governance test

The first pilot should remain read-only or evidence-only and require no production write access.

06

Data-Flow Map

Core argumentEvidence capture can easily become data overcollection. The data model must be narrow, intentional, and reviewable.

Data classPilot posture
Vendor documentsAllowed with permission
System logs (event IDs, timestamps)Allowed if non-sensitive
AI outputs (summaries, recommendations)Allowed with model-risk review
Human approvalsAllowed
Customer PIIApproved
Model prompts / retrieved contextRedact or hash where possible

Execution artifact

Data-Flow Map

Governance test

No data-flow map, no pilot.

07

Bank Diligence Pack Status

Core argumentA product that sells trust infrastructure must be stronger than the average early-stage SaaS on its own diligence posture.

Evidence itemStatus
SOC 2 / ISOin progress
Pen testplanned
Incident responsedraft
DR / BCPdraft
Subprocessor registerneeds register
Encryptionplanned documented

Execution artifact

Bank Diligence Pack v0.1

Governance test

Is there enough evidence to survive a formal vendor-risk review?

08

RACI / Control Ownership

Core argumentThe product must clarify whether it records evidence, verifies evidence, interprets evidence, or makes decisions — those are different control roles.

Operational design

  • Bank remains accountable for regulated decisions.
  • Accountable owner (this side): Bank Head of SMB Lending.
  • Responsible owner (this side): Northwind product lead.
  • Escalation path: Bank SMB → Chief Credit Officer.

Execution artifact

Pilot RACI Matrix

Governance test

The company should not be positioned as the party that certifies a vendor, AI system, or regulated process unless the legal and assurance model supports that claim.

09

Operating Risk Posture

Core argumentA bank-embedded product must be a risk-managed environment: it cannot reduce opacity while creating new uncontrolled data, cyber, model, or operational exposure.

Operational design

  • Live customer data in first pilot: yes — needs written approval.
  • Production access: no.
  • No customer-impacting action in first pilot.
  • No unreviewed AI-generated compliance determinations.

Execution artifact

Risk Register

Governance test

If security, subcontractor, model-monitoring, or incident posture is inadequate only at the end of the programme, the company has not been accelerated — it has been exposed.

10

UK Beachhead Readiness

Core argumentUK financial institutions place heavy emphasis on operational resilience, outsourcing controls, data governance, auditability, and accountable technology use.

Operational design

  • Likely path: UK section skipped.
  • Buyer archetype: not named.
  • Partner archetype: not named.

Execution artifact

UK Beachhead Pack v0.1

Governance test

Do not claim UK compliance. Claim: 'helps produce reviewable evidence for UK compliance, operational resilience, vendor diligence, and AI governance workflows.'

11

Regulatory Pathway

Core argumentThe product is best positioned as non-regulated B2B infrastructure if it does not make regulated decisions, advise consumers, approve credit, initiate payments, or act as a regulated intermediary.

Operational design

  • Preliminary pathway: not yet chosen.
  • Pathway must be counsel-reviewed. Triage, not legal advice.

Execution artifact

Regulatory Pathway Memo

Governance test

Avoid: 'certifies compliance', 'approves vendors', 'automates regulatory approval', 'makes AI compliant', 'eliminates bank diligence'.

12

AI / Model-Risk Classification

Core argumentAI products must be governed by autonomy level, not generic 'AI safety' claims.

Operational design

  • AI section was skipped — no autonomy classification available.

Execution artifact

AI Governance File

Governance test

The first pilot should focus on evidence capture for AI-assisted review, not autonomous action.

13

Commercial ROI Model

Core argumentThe commercial value is not 'better logs' — it is diligence-cycle compression, audit-prep reduction, incident reconstruction, and risk-review confidence.

Operational design

  • ROI = (cost reduction + risk reduction) / (integration cost + oversight cost).
  • Model at least three quantified value drivers before Decision Day.

Execution artifact

Pilot ROI Worksheet

Governance test

If it only saves time for the startup, the bank may not care. The ROI case must show value to the bank reviewer.

14

Mentor Pod Assignment

Core argumentMentor density is the substitute for vague ecosystem access: pods must have defined roles, review cadences, and deliverable responsibilities.

Operational design

  • Product sponsor, integration architect, third-party-risk reviewer, cybersecurity reviewer, compliance lead.
  • Model-risk reviewer, operational-resilience reviewer, UK regulatory advisor, commercial buyer coach.
  • Every mentor session ends with: objection, required evidence, artifact change, owner, due date.

Execution artifact

Mentor Pod Review Notes

Governance test

The pod must produce artifact changes, not general feedback.

15

Market Validation Log

Core argumentObjections are not bad; they are the raw material for bankability.

Operational design

  • Log every reviewer objection with severity and required response.
  • Close objections only when the artifact changes or a qualified reviewer accepts the response.

Execution artifact

Market Validation Log

Governance test

An objection is closed only when the report artifact changes.

16

Pilot Design

Core argumentThe first pilot should be narrow, low-customer-risk, and evidence-obvious.

Operational design

  • Objective: Prove origination cycle-time reduction for two SMB partner platforms.
  • Duration: 90 days.
  • Success metric: Median origination cycle < 10 days across 25 loans.
  • Kill criteria: Cycle-time reduction below 20% or credit-quality drift beyond baseline.

Execution artifact

Pilot Design Document

Governance test

The pilot must be rejected if it requires live customer data, production access, or automated regulatory decisioning before baseline diligence is complete.

17

Decision Day Recommendation

Core argumentRecommended decision: Advance to structured diligence remediation.

Operational design

  • Present buyer problem, validated workflow, integration design, data-flow map.
  • Present diligence status, risk controls, UK landing plan, pilot economics.
  • Make an explicit ask — pilot conversation, UK review, diligence remediation, advisory, or no-go.

Execution artifact

Decision Day Packet

Governance test

The ask should be a controlled evidence pilot, not full bank adoption.

18

Week 0–12 Programme Plan

Week 0Pre-Mortem and Cohort Charter
expand

Identify the failure mode before the sprint begins.

Core argumentWeek 0 prevents the programme from wasting bank, mentor, and founder time.

Operational design

  • Name the likely failure mode.
  • Name the weakest score dimension.
  • List missing evidence and data-risk exposure.
  • Name buyer, UK, and pilot-scope risks.
  • Weakest dimension: Integration Clarity at 22/100.
  • Likely failure mode: First pilot ingests live customer data — high approval bar.

Execution artifact

Pre-Mortem Charter

Governance test

No company should begin Week 1 without a bounded workflow, evidence-gap list, and risk posture.

Actions

  • Pre-mortem gap 1: First pilot ingests live customer data — high approval bar.
  • Pre-mortem gap 2: Pilot scope is not bounded — customer/production exposure will slow approval.
  • Pre-mortem gap 3: No exit / portability posture — UK operational-resilience gap.
Week 1Bank Workflow Orientation
expand

Translate the pitch into a bank-owned workflow.

Core argumentA fintech is not bankable until it maps to a bank-owned workflow.

Operational design

  • Chosen workflow: SMB working-capital origination via partner vertical SaaS.
  • Name the workflow, bank owner, and control owner.
  • Document current pain, workaround, and measurable value.
  • Identify the operating risk category.

Execution artifact

Live Oak Use-Case Memo

Governance test

Can a bank buyer understand what this solves and who owns it?

Actions

  • Interview the target workflow owner (or their proxy) within 5 days.
  • Draft one-page use-case memo with named buyer and measurable friction.
Week 2Bank Pain and Buyer Validation
expand

Prove the problem is real, budgeted, and painful.

Core argumentThe problem must be real, budgeted, and painful enough to justify diligence.

Operational design

  • Confirm buyer owner and budget owner.
  • Quantify friction cost and urgency.
  • Map the procurement path and decision criteria.

Execution artifact

Bank Workflow Fit Map

Governance test

A vague 'bank innovation' buyer is not enough — is the owner named?

Actions

  • Log 3–5 buyer conversations in the Market Validation Log.
  • Convert one objection into a required-evidence line item.
Week 3Technical Integration and Data Flow
expand

Map every point where the product touches bank systems and data.

Core argumentBank readiness depends on knowing where you touch bank systems and data.

Operational design

  • Document APIs, webhooks, logs, and manual paths.
  • Draw data inputs, outputs, auth, and hosting.
  • State the exit / portability path.

Execution artifact

Integration Surface Map + Data-Flow Map

Governance test

No data-flow map, no pilot.

Actions

  • Produce an evidence-sidecar architecture diagram for the first pilot.
  • State explicitly what the first pilot will NOT touch.
  • Weak integration score — redesign first pilot as a strict sidecar with no core writes.
  • Document exit / portability path in the architecture diagram.
Week 4Diligence Readiness Sprint
expand

Assemble the vendor-review evidence pack.

Core argumentThe post-demo bottleneck is vendor onboarding, not founder storytelling.

Operational design

  • Publish SOC 2 / ISO posture (or credible roadmap).
  • Publish pen-test, IR, DR/BCP, subprocessor, retention posture.
  • Publish encryption architecture, IAM model, and audit log design.

Execution artifact

Bank Diligence Pack v0.1

Governance test

Does the company have enough evidence for a serious vendor-risk review?

Actions

  • Draft evidence-verification specification.
  • Post subprocessor register with owners.
  • Weak diligence score — commission SOC 2 readiness assessment this month.
  • Publish subprocessor register with data-flow annotations.
Week 5UK Beachhead Week
expand

Translate US assumptions into UK regulatory and buyer terms.

Core argumentThe UK track is a regulatory and buyer-translation exercise, not a branding one.

Operational design

  • Map bank partner → authorised institution / principal / partner.
  • Map vendor diligence → operational resilience / outsourcing controls.
  • Map AI tooling → accountability, oversight, explainability.

Execution artifact

UK Translation Matrix + UK Beachhead Pack v0.1

Governance test

Can the company explain its UK path without overclaiming regulatory status?

Actions

  • Have UK counsel review the pathway memo before Week 8.
  • Name the first UK buyer archetype and partner archetype.
Week 6AI / Model-Risk and Control Ownership
expand

Classify AI on autonomy and instrument the controls.

Core argumentAI products need governance by autonomy level, not generic 'AI safety' claims.

Operational design

  • Classify each AI function on the Operator/Collaborator/Consultant/Approver/Observer spectrum.
  • Document human boundary, override, drift, escalation, and kill switch.
  • Name accountable owner per AI function.

Execution artifact

AI Governance File

Governance test

Does the company preserve bank accountability at every autonomy level?

Actions

  • Freeze prompt/output logging policy.
  • Draft kill-switch runbook.
Week 7RACI and Operating Risk
expand

Clarify who owns every material risk.

Core argumentBank-fintech partnerships fail when control ownership is ambiguous.

Operational design

  • Draft pilot RACI across incidents, disputes, model changes, data access, releases, outages.
  • Publish risk register with severity and control.
  • Name termination process and exit plan owner.

Execution artifact

Pilot RACI Matrix + Risk Register

Governance test

Can the bank tell who owns every material risk?

Actions

  • Have risk register reviewed by a third-party-risk advisor.
  • Confirm every 'A' in RACI is a real, named person.
Week 8Pilot Design Sprint
expand

Design a controlled, approvable first pilot.

Core argumentThe first pilot must be narrow enough to approve and meaningful enough to matter.

Operational design

  • Define objective, scope, out-of-scope, users, data set.
  • Define success metric, kill criteria, duration, fallback.
  • State evidence output.

Execution artifact

Pilot Design Document

Governance test

Would a bank operating committee approve this controlled test?

Actions

  • Confirm no live customer data and no production write access in first pilot.
  • Confirm accountable owner on the bank side.
Week 9Commercial ROI and Evidence Room
expand

Assemble the buyer-ready decision packet.

Core argumentA bank will not adopt a tool because it is interesting — it needs a decision package.

Operational design

  • Model ROI: cost reduction, risk reduction, oversight cost, integration cost.
  • Publish evidence room index.
  • Produce buyer-ready presentation and UK Beachhead Pack update.

Execution artifact

Buyer-Ready Packet (diligence + pilot + UK + ROI + evidence register)

Governance test

Can the company enter Decision Day with reviewable evidence instead of claims?

Actions

  • Validate ROI baseline with two bank-side reviewers.
  • Freeze evidence room v1.0.
Week 10Decision Day
expand

Present a bank-readiness decision, not a pitch.

Core argumentDecision Day is a bank-readiness decision, not a pitch event.

Operational design

  • Present buyer problem, validated workflow, integration design, data-flow map.
  • Present diligence status, risk controls, UK landing plan, pilot economics.
  • Make an explicit ask.

Execution artifact

Decision Day Packet

Governance test

The decision should be one of: advance to pilot, advance to UK review, advance to diligence remediation, continue advisory, or no-go.

Actions

  • Circulate the Decision Day Packet to reviewers 5 business days before the session.
  • Log the decision and named next step against every open objection.
Week 11Post-Mortem I: Evidence Audit
expand

Ask whether the sprint produced bank-reviewable artifacts.

Core argumentWeek 11 asks whether the report and sprint produced bank-reviewable artifacts.

Operational design

  • Review missing evidence and unresolved objections.
  • Record score movement across the 6 dimensions.
  • Log mentor notes, buyer feedback, and counsel-review items.

Execution artifact

Post-Mortem Evidence Audit

Governance test

What changed because of the sprint?

Actions

  • For every open objection, name owner + due date.
  • Version-tag every artifact touched during the sprint.
Week 12Post-Mortem II: Pilot / Cohort Readiness
expand

Convert the sprint into a 30/60/90-day execution plan.

Core argumentWeek 12 converts the sprint into a 30/60/90-day execution plan.

Operational design

  • Finalise pilot recommendation and unresolved blockers.
  • Record legal, security, and UK review needs.
  • State commercial next step.

Execution artifact

Cohort Readiness Memo

Governance test

Is the company ready for pilot, remediation, advisory support, or no-go?

Actions

  • Produce the Cohort Readiness Memo with an explicit decision recommendation.
  • Hand the 30/60/90 plan to the founder team with owners assigned.
19

30 / 60 / 90-Day Follow-Up Plan

Day 30

Due 2026-08-12

Close foundational evidence gaps.

  • ProductFinalise use-case memo and evidence schema for the first workflow.
  • SecurityProduce architecture, IAM, encryption, subcontractor, and incident docs.
  • DataComplete data-flow and retention map.
  • AI governanceClassify AI functions using the autonomy spectrum.
  • LegalDraft non-regulated B2B positioning memo.
  • UKDraft UK Beachhead Pack v0.1.
  • CommercialIdentify first three buyer personas and pilot sponsors.
  • ArchitecturePublish updated Integration Surface Map v0.2.
  • SecurityClose top 3 diligence gaps and refresh evidence index.

Output: 30-Day Evidence Completion Check

Day 60

Due 2026-09-11

Move from artifact creation to reviewer feedback.

  • ProductBuild pilot evidence capture workflow.
  • RiskComplete pilot RACI.
  • CyberComplete security evidence index and close pen-test gaps.
  • ComplianceDefine review and export format.
  • UKReview data, regulatory, and resilience posture with UK advisor.
  • CommercialSecure pilot-design feedback from 3–5 bank reviewers.

Output: 60-Day Reviewer Feedback Memo

Day 90

Due 2026-10-11

Prepare a controlled pilot or a no-go decision.

  • PilotRun controlled evidence replay against success metrics.
  • MetricsMeasure cycle-time reduction and completeness against baseline.
  • AuditExport evidence bundle and test reviewer usability.
  • LegalFinalise pilot agreement template.
  • UKConfirm UK pilot or Digital Sandbox path if appropriate.
  • CapitalDecide whether the company is ready for a strategic seed / pre-seed conversation.

Output: 90-Day Pilot Readiness Packet

20

Evidence Register

Claim / artifactStatus
Product positioningProposed / illustrative
Bank workflow use caseProposed
Non-regulated B2B pathwayPreliminary; counsel review required
UK beachhead thesisSkipped
AI governance use caseSkipped
Diligence-pack requirementsAligned with Live Oak Labs framework
Pilot designProposed
ROI metricsProposed baseline; needs buyer validation
Security posturePartial
Data-flow mapTo be supplied
Evidence verification methodTo be supplied
UK regulatory postureCounsel review required
21

Final Bankability Verdict

Northwind Capital is not yet ready for a bank pilot. Composite 68/100 — Diligence-ready. Advance to structured diligence remediation.

Bankability Preflight is an unofficial diagnostic operated by Bankabil. It is not affiliated with, endorsed by, or approved by Live Oak Bank, Live Oak Labs, Lloyd's Lab, the FCA, the PRA, or any regulator. It is not legal, regulatory, investment, or banking advice.