From 2f8ff5caff0d9deebdeba1622753e4f4b1c827b8 Mon Sep 17 00:00:00 2001 From: roost-io Date: Tue, 6 Jan 2026 15:03:36 +0000 Subject: [PATCH] Functional test generated by RoostGPT Using AI Model gpt-5 --- functional_tests/README.md | 22 + .../.roost/roost_metadata.json | 34 + .../TCSBaNCS_functional-after-fix_clone.csv | 29 + ...CSBaNCS_functional-after-fix_clone.feature | 600 ++++++++++++++++++ .../TCSBaNCS_functional-after-fix_clone.json | 1 + .../TCSBaNCS_functional-after-fix_clone.xlsx | Bin 0 -> 43805 bytes 6 files changed, 686 insertions(+) create mode 100644 functional_tests/README.md create mode 100644 functional_tests/TCSBaNCS_functional-after-fix_clone/.roost/roost_metadata.json create mode 100644 functional_tests/TCSBaNCS_functional-after-fix_clone/TCSBaNCS_functional-after-fix_clone.csv create mode 100644 functional_tests/TCSBaNCS_functional-after-fix_clone/TCSBaNCS_functional-after-fix_clone.feature create mode 100644 functional_tests/TCSBaNCS_functional-after-fix_clone/TCSBaNCS_functional-after-fix_clone.json create mode 100644 functional_tests/TCSBaNCS_functional-after-fix_clone/TCSBaNCS_functional-after-fix_clone.xlsx diff --git a/functional_tests/README.md b/functional_tests/README.md new file mode 100644 index 00000000..c5a70611 --- /dev/null +++ b/functional_tests/README.md @@ -0,0 +1,22 @@ +# Roost Generated Functional Test + +**Execution Date:** 1/6/2026, 3:03:36 PM + +**Test Unique Identifier:** "TCSBaNCS_functional-after-fix_clone" + +**Input(s):** + 1. bankspromot.txt + Path: /var/tmp/Roost/RoostGPT/TCSBaNCS_functional-after-fix_clone/f8424915-29fc-4409-af62-243718e73530/bankspromot.txt + 2. tcsdoc1.docx + Path: /var/tmp/Roost/RoostGPT/TCSBaNCS_functional-after-fix_clone/f8424915-29fc-4409-af62-243718e73530/tcsdoc1.docx + 3. tcsdoc2.docx + Path: /var/tmp/Roost/RoostGPT/TCSBaNCS_functional-after-fix_clone/f8424915-29fc-4409-af62-243718e73530/tcsdoc2.docx + +**Test Output Folder:** + 1. [TCSBaNCS_functional-after-fix_clone.json](TCSBaNCS_functional-after-fix_clone/TCSBaNCS_functional-after-fix_clone.json) + 2. [TCSBaNCS_functional-after-fix_clone.feature](TCSBaNCS_functional-after-fix_clone/TCSBaNCS_functional-after-fix_clone.feature) + 3. [TCSBaNCS_functional-after-fix_clone.csv](TCSBaNCS_functional-after-fix_clone/TCSBaNCS_functional-after-fix_clone.csv) + 4. [TCSBaNCS_functional-after-fix_clone.xlsx](TCSBaNCS_functional-after-fix_clone/TCSBaNCS_functional-after-fix_clone.xlsx) + +--- + diff --git a/functional_tests/TCSBaNCS_functional-after-fix_clone/.roost/roost_metadata.json b/functional_tests/TCSBaNCS_functional-after-fix_clone/.roost/roost_metadata.json new file mode 100644 index 00000000..aa71b849 --- /dev/null +++ b/functional_tests/TCSBaNCS_functional-after-fix_clone/.roost/roost_metadata.json @@ -0,0 +1,34 @@ +{ + "project": { + "name": "TCSBaNCS_functional-after-fix_clone", + "created_at": "2026-01-06T15:03:36.148Z", + "updated_at": "2026-01-06T15:03:36.148Z" + }, + "files": { + "input_files": [ + { + "fileName": "TCSBaNCS_functional-after-fix_clone.txt", + "fileURI": "/var/tmp/Roost/RoostGPT/TCSBaNCS_functional-after-fix_clone/f8424915-29fc-4409-af62-243718e73530/functional_tests/TCSBaNCS_functional-after-fix_clone/TCSBaNCS_functional-after-fix_clone.txt", + "fileSha": "cf83e1357e" + }, + { + "fileName": "bankspromot.txt", + "fileURI": "/var/tmp/Roost/RoostGPT/TCSBaNCS_functional-after-fix_clone/f8424915-29fc-4409-af62-243718e73530/functional_tests/TCSBaNCS_functional-after-fix_clone/bankspromot.txt", + "fileSha": "0664b099ba" + }, + { + "fileName": "tcsdoc1.docx", + "fileURI": "/var/tmp/Roost/RoostGPT/TCSBaNCS_functional-after-fix_clone/f8424915-29fc-4409-af62-243718e73530/functional_tests/TCSBaNCS_functional-after-fix_clone/tcsdoc1.docx", + "fileSha": "2cd5271236" + }, + { + "fileName": "tcsdoc2.docx", + "fileURI": "/var/tmp/Roost/RoostGPT/TCSBaNCS_functional-after-fix_clone/f8424915-29fc-4409-af62-243718e73530/functional_tests/TCSBaNCS_functional-after-fix_clone/tcsdoc2.docx", + "fileSha": "55a242034e" + } + ] + }, + "api_files": { + "input_files": [] + } +} \ No newline at end of file diff --git a/functional_tests/TCSBaNCS_functional-after-fix_clone/TCSBaNCS_functional-after-fix_clone.csv b/functional_tests/TCSBaNCS_functional-after-fix_clone/TCSBaNCS_functional-after-fix_clone.csv new file mode 100644 index 00000000..38e82993 --- /dev/null +++ b/functional_tests/TCSBaNCS_functional-after-fix_clone/TCSBaNCS_functional-after-fix_clone.csv @@ -0,0 +1,29 @@ +Agent SSO login with MFA, language switch, RBAC menu enforcement and UI masking +Idle timeout redirects to login and expired token reuse is denied +Account lockout after 5 failed password attempts shows generic message and audits +RBAC menu API returns allowed tiles by role +Outside Bank transfer - create, dual approvals, File 15/1051/1052 processing and duplicate SA suppression +Equity Buy - self-transaction prevention and maker limit exceeded authorization path +Foreign SELL restated to average price at EOD with SEC/TAF and duplicate broker file suppression +MF purchase lifecycle with auto price correction and after cut-off offline handling +Manual match passes within tolerance and blocks on instrument mismatch or tolerance exceed +Tax Simulation returns results and optional Sell places an order; errors are secure +Within Bank transfer - multiple beneficiaries percent split validation and settlement +ETF path alert forces selection; Equity and Funds paths diverge on fees and lifecycle +ETF path alert cannot be bypassed via deep link +Extranet trade - blocks, 1051 mismatch, BO capture, block release, 1052 settlement and duplicate suppression +Executed order amendment - dual approvals, reversal and reposting with correction portfolio +Custody fee daily accrual and quarterly posting with exemptions and caps +Market data entitlement enforcement and indicators per agent profile +Attempt to force live market data via API is blocked and audited +Position recon detects, ages, repairs; duplicate file ingestion suppressed; auditor read-only enforced +File 32 and 1091 ingestion, reconciliation or extract, duplicate suppression and malformed alert +ADR/GDR conversion legs linked by External Reference 2 and settled via 1052 +Outside Bank transfer with 'Transfer without Identification' tax event and zero-cost lots +POA maker requires supervisor approval before execution +Customer authentication for multiple service modes and invalid/throttled attempts +Throttle after 3 invalid authentication attempts +Call Center denies Third Party Transfer initiation for foreign holdings (BO-only) +BO creates Third Party Delivery Out/In, approves and settles without TASE files; report generated +Fractional full-sell transit deal created at EOD and settled via 1052; duplicate SA suppressed +1054 failures and pending - create blocks, cancel or settle, alert on malformed, suppress duplicates \ No newline at end of file diff --git a/functional_tests/TCSBaNCS_functional-after-fix_clone/TCSBaNCS_functional-after-fix_clone.feature b/functional_tests/TCSBaNCS_functional-after-fix_clone/TCSBaNCS_functional-after-fix_clone.feature new file mode 100644 index 00000000..01ba4ac5 --- /dev/null +++ b/functional_tests/TCSBaNCS_functional-after-fix_clone/TCSBaNCS_functional-after-fix_clone.feature @@ -0,0 +1,600 @@ +Feature: Secure Trading Platform - E2E Access, Trading, Transfers, Reconciliation, Fees, and Audit + + # Shared setup for both API and UI tests + Background: + Given the API base URL is set from environment 'BASE_URL' + And the default headers include 'Content-Type: application/json' + And the authorization token is available in environment 'AUTH_TOKEN' + And the browser is launched with default locale 'en-US' + + # UI Tests + @ui @security @sso @mfa @rbac + Scenario Outline: Agent SSO login with MFA, language switch, RBAC menu enforcement and UI masking + Given I am on the Call Center login page + When I select language '' + And I start SSO login and complete MFA with a valid OTP + Then I should see the home page with role-based menus visible and restricted tiles hidden + And I should see all masked fields per policy on the screen + And the web access log should contain a GET to the login URL without PII + And the IdP audit should show an AuthnRequest and successful MFA with a correlationId + And the backend audit should contain 'login_success' and a USER_SESSION row with expiry + + Examples: + | language | + | EN | + | HE | + + @ui @security @session + Scenario: Idle timeout redirects to login and expired token reuse is denied + Given I am logged in as Agent via SSO with MFA + And I remain idle for 15 minutes + When I click any navigation item after idle timeout + Then I should be redirected to the login page + And the session store should show expiry and an 'idle_timeout' audit event + When I open a bookmarked deep link using the expired token + Then I should see a generic access denied error without stack trace or PII + And the gateway logs should show a 401 with a correlationId and no sensitive details + + @ui @security @lockout + Scenario: Account lockout after 5 failed password attempts shows generic message and audits + Given I am on the Call Center login page + When I enter an invalid password 5 times + Then I should see a generic lockout message without reason codes + And the IdP audit should show 'account_lockout' + And a security event should be raised for SOC monitoring + + # API Tests + @api @rbac + Scenario Outline: RBAC menu API returns allowed tiles by role + Given the authorization token is set for role '' + When I send a GET request to '/menu' + Then the response status should be 200 + And the response should contain '' + And the response should not contain '' + + Examples: + | role | allowedTile | restrictedTile | + | Agent | trading_tiles | admin_console | + | Supervisor | auth_queue | user_mgmt_write | + + # API Tests - Outside Bank Security Transfer with dual approvals and file-based lifecycle + @api @transfers @maker_checker @tase @idempotency + Scenario: Outside Bank transfer - create, dual approvals, File 15/1051/1052 processing and duplicate SA suppression + Given the authorization token is set + When I send a POST request to '/transfer/create' with payload + """ + { + "portfolioId": "PORT001", + "securities": [ + {"instrumentId": "TASE:AAA", "quantity": 10.50}, + {"instrumentId": "TASE:BBB", "quantity": 0.25} + ], + "beneficiary": { + "type": "outside_bank", + "bankCode": "012", + "branchCode": "034", + "accountNo": "12345678", + "sameEntity": false + }, + "case": {"code": "REL", "subCase": "SIB_SPOUSE"} + } + """ + Then the response status should be 201 + And the response should contain 'orderId' + And the database 'SEC_TRANSFER_ORDER' should have status 'U' for the created order + When I send a POST request to '/authorization/assign' with payload + """ + { "orderId": "", "assignee": "checker1" } + """ + Then the response status should be 200 + When I send a POST request to '/authorization/approve' with payload + """ + { "orderId": "", "level": 1, "remarks": "L1 OK" } + """ + Then the response status should be 200 + When I send a POST request to '/authorization/approve' with payload + """ + { "orderId": "", "level": 2, "remarks": "L2 OK" } + """ + Then the response status should be 200 + And the AUTH_QUEUE should be closed for '' + When I send a POST request to '/files/15/send' with payload + """ + { "businessDate": "2025-01-15", "orders": [""] } + """ + Then the response status should be 202 + And the audit log should contain 'file15_sent' for '' + When I send a POST request to '/files/1051/ingest' with payload + """ + { "fileName": "1051_20250115.dat", "checksum": "abc123", "businessDate": "2025-01-15" } + """ + Then the response status should be 202 + When I send a POST request to '/files/1052/ingest' with payload + """ + { "fileName": "1052_20250116.dat", "checksum": "def456", "businessDate": "2025-01-16" } + """ + Then the response status should be 202 + And a 'SETTLEMENT_ADVICE' should be created and matched to the open delivery + When I re-ingest the same 1052 file with payload + """ + { "fileName": "1052_20250116.dat", "checksum": "def456", "businessDate": "2025-01-16" } + """ + Then the response status should be 200 + And the audit log should contain 'duplicate_sa_suppressed' for '' + And the UI Security Transfer History should show status 'Settled' and reconciliation 'Reconciled' + + # UI Tests - Equity Order validations + @ui @orders @security + Scenario Outline: Equity Buy - self-transaction prevention and maker limit exceeded authorization path + Given I am in Order Entry for customer portfolio 'PORT001' + When I enter side '' for symbol '' with quantity '' at price '' and click Place Order + Then I should see '' + And the order status should be '' + And the audit trail should include '' + + Examples: + | side | symbol | qty | price | expectedMessage | expectedStatus | expectedAudit | + | Buy | AAA | 100 | 100.00 | Self-Transactions are not allowed in TASE | Not Placed | validation_blocked(self_txn) | + | Buy | CCC | 2000 | 250.00 | 610070 - Maker Limit Exceeded - Authorization Required | U - Authorization Pending | auth_requested(610070) | + + # API Tests - Foreign SELL broker average price restatement and idempotency + @api @foreign @fees @idempotency + Scenario: Foreign SELL restated to average price at EOD with SEC/TAF and duplicate broker file suppression + Given the authorization token is set + When I send a POST request to '/order/place' with payload + """ + { "portfolioId": "PORTFX1", "instrumentId": "NASDAQ:XYZ", "side": "Sell", "quantity": 120, "price": 10.00, "orderType": "Limit" } + """ + Then the response status should be 201 + When I send a POST request to '/order/confirm' with payload + """ + { "orderId": "" } + """ + Then the response status should be 200 + And DEALS should show partial executions for '' + When I send a POST request to '/files/broker/ingest' with payload + """ + { "fileName": "broker_avg_20250115.csv", "checksum": "beef00", "businessDate": "2025-01-15" } + """ + Then the response status should be 202 + And the audit log should contain 'broker_avg_applied' for '' + And DEALS should contain one averaged deal with tags 'Comm','SEC','TAF' + When I re-ingest the same broker file with payload + """ + { "fileName": "broker_avg_20250115.csv", "checksum": "beef00", "businessDate": "2025-01-15" } + """ + Then the response status should be 200 + And the audit log should contain 'duplicate_ingest_suppressed' for 'broker_avg_20250115.csv' + + # API Tests - Mutual Funds cut-off and price correction (auto and manual) + @api @mutualfunds + Scenario Outline: MF purchase lifecycle with auto price correction and after cut-off offline handling + Given the authorization token is set + When I send a POST request to '/mf/order/place' with payload + """ + { "portfolioId": "PORTMF1", "fundSymbol": "MF:ABC", "action": "Purchase", "units": 100.000, "requestTime": "" } + """ + Then the response status should be 201 + And the ORDERS row should have status '' + When I send a POST request to '/files/1051/ingest' with payload + """ + { "fileName": "1051_MF_20250115.dat", "checksum": "1a2b3c", "businessDate": "2025-01-15" } + """ + Then the response status should be 202 + And allocations should be posted at NAV(T) if applicable + When I send a POST request to '/files/1051/ingest' with payload + """ + { "fileName": "1051_MF_CORR_20250116.dat", "checksum": "4d5e6f", "businessDate": "2025-01-16", "correction": true } + """ + Then the response status should be 202 + And the audit log should contain '' + + Examples: + | requestTime | expectedInitialStatus | expectedCorrectionAudit | + | 2025-01-15T15:30Z | Pending/Transit | mf_price_auto_corrected | + | 2025-01-15T17:00Z | Offline/Pending Next | mf_price_auto_corrected | + + # UI Tests - Manual Matching for 1052 with tolerance and instrument enforcement + @ui @recon @manualMatch + Scenario Outline: Manual match passes within tolerance and blocks on instrument mismatch or tolerance exceed + Given I open the Manual Matching screen + When I select Open Delivery '' and Settlement Advice '' and click Match + Then I should see '' + And the database should reflect '' + + Examples: + | odRef | saRef | expectedResult | expectedDbState | + | OD-1001 | SA-1001 | Match successful and nostro posted | OPEN_DELIVERY/SA marked Matched | + | OD-2002 | SA-3003 | Instrument id mandatory error | No DB changes | + | OD-4004 | SA-4004 | Amount difference exceeds tolerance | No match; specific error displayed | + + # UI Tests - Tax Simulation and Sell from results + @ui @tax @matrix + Scenario Outline: Tax Simulation returns results and optional Sell places an order; errors are secure + Given I am in Tax Simulation for portfolio 'PORT001' + When I simulate for symbol '' with quantity '' and price '' + Then I should see tax results with totals and rounding half-even + And the audit should include 'tax_simulation_requested' + When I click Sell on the simulation line and confirm + Then the order should be created with source 'taxsim' or show '' + + Examples: + | symbol | qty | simPrice | expectedError | + | AAA | 10.000 | 100.12 | | + | BBB | 9999 | 50.0000 | Quantity exceeds available validation | + + # UI Tests - Within Bank transfer with percent split and Same Entity logic + @ui @transfers + Scenario Outline: Within Bank transfer - multiple beneficiaries percent split validation and settlement + Given I open Security Transfer and select two symbols with fractional quantities + When I choose Within Bank, case 'Transfer between relatives', add two beneficiaries with percent split '' and '' + And I click Verify, Preview and Release + Then I should see '' + And the order status should be '' + + Examples: + | p1 | p2 | expectedMessage | expectedStatus | + | 50 | 50 | Authorization required popup and assign to checker | U - Authorization Required | + | 60 | 40 | Percent split not equal to 100 | Not Released | + + # UI Tests - ETF path alert enforcement for Equity vs Funds lifecycles + @ui @etf @fees + Scenario Outline: ETF path alert forces selection; Equity and Funds paths diverge on fees and lifecycle + Given I open the ETF List and search for symbol '' + When I click an order link and the ETF Order Panel Alert is shown + And I choose '' path and place the order + Then I should see preview with '' + And the lifecycle should be '' + + Examples: + | etf | path | expectedFeeType | expectedLifecycle | + | ETF1 | Equity | ST Commission | T trade -> Executed -> Reconciled (1051) | + | ETF1 | Funds | MF commission | Allocated (1051) -> Settled (1052) | + + @ui @etf @security + Scenario: ETF path alert cannot be bypassed via deep link + Given I previously chose the Funds path for an ETF + When I attempt to open Equity Order Entry via deep link + Then I should be re-prompted with the ETF Order Panel Alert + And the gateway should log a 403 validation without stack trace + + # API Tests - Extranet off-floor trade capture and reconciliation + @api @extranet @recon @idempotency + Scenario: Extranet trade - blocks, 1051 mismatch, BO capture, block release, 1052 settlement and duplicate suppression + Given the authorization token is set + When I send a POST request to '/blocks/create' with payload + """ + { "portfolioId": "PORT001", "type": "cash", "amount": 100000.00, "reason": "Extranet BUY estimate" } + """ + Then the response status should be 201 + When I send a POST request to '/recon/ingest1051' with payload + """ + { "fileName": "1051_20250115.dat", "checksum": "aa11", "businessDate": "2025-01-15" } + """ + Then the response status should be 202 + And the audit log should contain 'recon_mismatch_1051' + When I send a POST request to '/bo/trade/capture' with payload + """ + { "portfolioId": "PORT001", "instrumentId": "TASE:ZZZ", "side": "Buy", "quantity": 1000, "price": 95.00, "category": "EXTRANET" } + """ + Then the response status should be 201 + When I send a POST request to '/files/1052/ingest' with payload + """ + { "fileName": "1052_20250116.dat", "checksum": "bb22", "businessDate": "2025-01-16" } + """ + Then the response status should be 202 + And settlement postings should be created and blocks released + When I re-ingest '/files/1052/ingest' with the same payload + Then the response status should be 200 + And the audit log should contain 'duplicate_sa_suppressed' + + # API Tests - Post-execution amendment requiring two approvals + @api @amendment @maker_checker + Scenario: Executed order amendment - dual approvals, reversal and reposting with correction portfolio + Given the authorization token is set + When I send a POST request to '/amendment/create' with payload + """ + { "orderId": "ORD-EXEC-1001", "amendType": "Non-Derivative", "fields": {"price": 101.25, "portfolioId": "CORR-PORT"}, "remarks": "Correct price and move quantity" } + """ + Then the response status should be 201 + And an AUTH_QUEUE entry should exist for 'ORD-EXEC-1001' + When I send a POST request to '/authorization/approve' with payload + """ + { "refId": "", "level": 1, "remarks": "L1 OK" } + """ + Then the response status should be 200 + When I send a POST request to '/authorization/approve' with payload + """ + { "refId": "", "level": 2, "remarks": "L2 OK" } + """ + Then the response status should be 200 + And MOVEMENTS should include reversal and corrected postings + And AUDIT_LOG should contain 'amendment_applied' + + # API Tests - Custody fee accrual daily and quarterly caps/leap-year + @api @fees @custody + Scenario Outline: Custody fee daily accrual and quarterly posting with exemptions and caps + Given the authorization token is set + When I send a POST request to '/fees/custody/runDaily' with payload + """ + { "asOfDate": "", "simulate": false } + """ + Then the response status should be 202 + And AUDIT_LOG should contain '' + When I send a POST request to '/fees/custody/runQuarter' with payload + """ + { "quarterEnd": "" } + """ + Then the response status should be 202 + And MOVEMENTS should show a single consolidated debit with caps applied '' + + Examples: + | asOfDate | quarterEnd | expectedDailyAudit | capApplied | + | 2024-02-29 | 2024-03-31 | custody_fee_accrued | false | + | 2025-06-15 | 2025-06-30 | custody_fee_accrued | true | + + # UI + API Tests - Market data entitlements and abuse prevention + @ui @entitlements @marketdata + Scenario Outline: Market data entitlement enforcement and indicators per agent profile + Given I am logged into the Call Center as '' + When I open '' + Then I should see '' + And unauthorized features should show a secure generic message + + Examples: + | agentProfile | widget | indicator | + | Agent A | Market Watch | Prices are delayed for 20 minutes | + | Agent A | Index Watch | Live | + | Agent B | Get Quote | Access denied or delayed-only | + + @api @entitlements @security + Scenario: Attempt to force live market data via API is blocked and audited + Given the authorization token is set for role 'Agent B' + When I send a GET request to '/md/quote?symbol=TASE:AAA&live=true' + Then the response status should be 403 + And the audit log should contain 'md_access_denied' with scope_mismatch + + # API Tests - Position reconciliation 1053/871, repair, duplicate suppression; auditor read-only + @api @recon @positions @idempotency + Scenario: Position recon detects, ages, repairs; duplicate file ingestion suppressed; auditor read-only enforced + Given the authorization token is set + When I send a POST request to '/files/1053/ingest' with payload + """ + { "fileName": "1053_20250115.dat", "checksum": "c1", "businessDate": "2025-01-15" } + """ + Then the response status should be 202 + When I send a POST request to '/files/871/ingest' with payload + """ + { "fileName": "871_20250115.dat", "checksum": "c2", "businessDate": "2025-01-15" } + """ + Then the response status should be 202 + When I send a POST request to '/recon/positions/run' with payload + """ + { "asOfDate": "2025-01-15" } + """ + Then the response status should be 202 + And a recon exception should be created for instrument with drift 0.001 + When I post a position adjustment to repair the drift + Then the next run should move the item to Reconciled and retain exception history + When I re-ingest '1053_20250115.dat' and '871_20250115.dat' + Then duplicates should be suppressed with 'duplicate_ingest_suppressed' audit + When an Auditor attempts a repair action via '/recon/positions/run' + Then the response status should be 403 and RBAC_DENIED should be logged + + # API Tests - Net Settlement File 32 and Fee 1091 ingestion and recon with config toggle + @api @recon @fees @file32 @1091 @ctrml + Scenario Outline: File 32 and 1091 ingestion, reconciliation or extract, duplicate suppression and malformed alert + Given the authorization token is set + When I send a POST request to '/files/32/ingest' with payload + """ + { "fileName": "32_20250115_D.dat", "checksum": "d1", "businessDate": "2025-01-15", "recordType": "D" } + """ + Then the response status should be 202 + When I send a POST request to '/files/1091/ingest' with payload + """ + { "fileName": "1091_20250115.dat", "checksum": "d2", "businessDate": "2025-01-15" } + """ + Then the response status should be 202 + When I send a POST request to '/recon/fees/run' with payload + """ + { "businessDate": "2025-01-15", "taseFeeSetup": "" } + """ + Then the response status should be 202 + And the system should '' + When I re-ingest the same '1091_20250115.dat' and '32_20250115_D.dat' + Then duplicate_file_suppressed should be audited + When I ingest a malformed 1091 with bad length + Then CTRLM should alert and the file should be rejected without DB writes + + Examples: + | setup | expectedOutcome | + | on | reconcile fees and produce difference report | + | off | generate CSV extract without automated match | + + # API Tests - ADR/GDR dual-leg conversion with linkage and settlement + @api @delivery @adr_gdr @maker_checker + Scenario: ADR/GDR conversion legs linked by External Reference 2 and settled via 1052 + Given the authorization token is set + When I send a POST request to '/delivery/create' with payload + """ + { "type": "DeliveryOut", "deliveryKind": "LocalToADR", "portfolioId": "PORT001", "instrumentId": "TASE:AAA", "quantity": 100.000, "externalRef2": "LINK-ADR-001" } + """ + Then the response status should be 201 + When I send a POST request to '/delivery/create' with payload + """ + { "type": "DeliveryIn", "deliveryKind": "ADRToLocal", "portfolioId": "PORT001", "instrumentId": "ADR:AAA", "quantity": 100.000, "externalRef2": "LINK-ADR-001" } + """ + Then the response status should be 201 + When I send a POST request to '/authorization/approve' with payload + """ + { "refId": "", "level": 1 } + """ + Then the response status should be 200 + When I send a POST request to '/authorization/approve' with payload + """ + { "refId": "", "level": 1 } + """ + Then the response status should be 200 + When I send a POST request to '/files/1052/ingest' with payload + """ + { "fileName": "1052_20250116.dat", "checksum": "ee55", "businessDate": "2025-01-16" } + """ + Then the response status should be 202 + And both OPEN_DELIVERY rows should be matched and settled with nostro postings + When I re-ingest the same 1052 + Then the audit should contain 'duplicate_sa_suppressed' + And LOTS_UPDATE should be produced for the conversion + + # API Tests - Outside Bank transfer (Tax Event) with zero-cost receiver lots + @api @transfers @tax + Scenario: Outside Bank transfer with 'Transfer without Identification' tax event and zero-cost lots + Given the authorization token is set + When I send a POST request to '/transfer/create' with payload + """ + { + "portfolioId": "PORT001", + "securities": [{"instrumentId": "TASE:AAA", "quantity": 10.25}], + "beneficiary": {"type": "outside_bank", "bankCode": "012", "branchCode": "034", "accountNo": "12345678", "sameEntity": false}, + "case": {"code": "TAX_EVENT", "label": "Transfer without Identification"} + } + """ + Then the response status should be 201 + When I send a POST request to '/authorization/approve' with payload + """ + { "orderId": "", "level": 1 } + """ + Then the response status should be 200 + When I send a POST request to '/files/15/send' with payload + """ + { "businessDate": "2025-01-15", "orders": [""] } + """ + Then the response status should be 202 + When I send a POST request to '/files/1051/ingest' with payload + """ + { "fileName": "1051_20250115.dat", "checksum": "ff66", "businessDate": "2025-01-15" } + """ + Then the response status should be 202 + When I send a POST request to '/files/1052/ingest' with payload + """ + { "fileName": "1052_20250116.dat", "checksum": "gg77", "businessDate": "2025-01-16" } + """ + Then the response status should be 202 + When I send a POST request to '/eod/tax/postings' with payload + """ + { "businessDate": "2025-01-16", "orderId": "" } + """ + Then the response status should be 202 + And MOVEMENTS should include tax postings and LOTS_UPDATE should show zero cost for receiver with taxIdentifier=2 + + # UI Tests - POA restriction requires independent approval + @ui @orders @poa @maker_checker + Scenario: POA maker requires supervisor approval before execution + Given I am logged in as an Agent who is POA on the target account + And I open Order Entry and create a small BUY within maker limits + When I click Place Order + Then I should see a message 'Order requires authorization' + And the order status should be 'U - Authorization Pending' + And after a non-POA supervisor approves, the order should execute and reconcile (1051) + And the audit should include 'poa_validation_blocked' and 'supervisor_approved' + + # UI Tests - Customer authentication across service modes and throttling + @ui @auth @masking @throttle + Scenario Outline: Customer authentication for multiple service modes and invalid/throttled attempts + Given I am on the Customer Authentication screen + When I select Service Mode '' and Identification Type '' and enter '' + And I click Authenticate + Then I should see '' + And masking should be applied to portfolio references + And the audit should include '' + + Examples: + | serviceMode | idType | idValue | expectedOutcome | expectedAudit | + | Phone | National ID | 123456789 | Portfolio List displayed | customer_lookup success | + | Fax | Passport | A1234567 | Portfolio List displayed | customer_lookup success | + | Phone | National ID | 12X! | Validation error shown | customer_lookup failure | + + @ui @auth @throttle + Scenario: Throttle after 3 invalid authentication attempts + Given I am on the Customer Authentication screen + When I attempt invalid authentication 3 times within 10 minutes + Then I should see a generic throttling message + And the audit should include 'lookup_throttled' + + # API + UI Tests - Third Party Transfer (BO-only) with single-level approval and reporting + @ui @transfers @rbac + Scenario: Call Center denies Third Party Transfer initiation for foreign holdings (BO-only) + Given I am in Security Transfer for a foreign holding + When I choose Outside Bank and Transfer Case 'Third Party Transfer' + Then I should see a message 'Third-party transfer handled by Back Office' + And creation should be denied per RBAC and audited + + @api @transfers @thirdparty @maker_checker + Scenario: BO creates Third Party Delivery Out/In, approves and settles without TASE files; report generated + Given the authorization token is set + When I send a POST request to '/delivery/create' with payload + """ + { "type": "DeliveryOut", "deliveryKind": "ThirdParty", "portfolioId": "PORTFX1", "instrumentId": "NYSE:ABC", "quantity": 250.75, "custodianCode": "CUSTX" } + """ + Then the response status should be 201 + When I send a POST request to '/authorization/approve' with payload + """ + { "refId": "", "level": 1 } + """ + Then the response status should be 200 + When I send a POST request to '/settlement/run' with payload + """ + { "asOfDate": "2025-01-15", "mode": "third_party" } + """ + Then the response status should be 202 + And MOVEMENTS and POSITION should be updated without any 1051/1052 + When I send a POST request to '/reports/export' with payload + """ + { "reportId": "ThirdPartyTransfer", "businessDate": "2025-01-15" } + """ + Then the response status should be 200 + And REPORT_ARCHIVE should contain the generated report + + # API Tests - Fractional residual transit deal creation and 1052-driven settlement + @api @fractional @batch @idempotency + Scenario: Fractional full-sell transit deal created at EOD and settled via 1052; duplicate SA suppressed + Given the authorization token is set + When I send a POST request to '/batch/fraction/run' with payload + """ + { "asOfDate": "2025-01-15" } + """ + Then the response status should be 202 + And DEALS should contain a transit deal category 'TRANSIT' between client and fraction portfolio + When I send a POST request to '/files/1052/ingest' with payload + """ + { "fileName": "1052_20250116.dat", "checksum": "hh88", "businessDate": "2025-01-16" } + """ + Then the response status should be 202 + And settlement postings should be generated for the fractional leg + When I re-ingest the same 1052 + Then the audit should include 'duplicate_sa_suppressed' + + # API Tests - Failed/Pending trades via 1054, manual blocks, cancellation, alerts and idempotency + @api @1054 @blocks @ctrml @idempotency + Scenario: 1054 failures and pending - create blocks, cancel or settle, alert on malformed, suppress duplicates + Given the authorization token is set + When I send a POST request to '/files/1054/ingest' with payload + """ + { "fileName": "1054_20250115.dat", "checksum": "ii99", "businessDate": "2025-01-15" } + """ + Then the response status should be 202 + And RECON_STATUS should mark a BUY as Failed and a SELL as Pending + When I send a POST request to '/blocks/create' with payload + """ + { "portfolioId": "PORT001", "type": "custody", "instrumentId": "TASE:BUYFAIL", "quantity": 100, "reason": "1054 failed BUY" } + """ + Then the response status should be 201 + When I send a POST request to '/orders/cancel' with payload + """ + { "orderId": "ORD-BUY-FAIL-1", "reason": "1054 failure" } + """ + Then the response status should be 200 + And MOVEMENTS should show block releases on cancellation + When I re-ingest the same 1054 + Then 'duplicate_file_suppressed' should be audited + When I ingest a malformed 1054 with bad record length + Then CTRLM should alert and no partial writes should occur diff --git a/functional_tests/TCSBaNCS_functional-after-fix_clone/TCSBaNCS_functional-after-fix_clone.json b/functional_tests/TCSBaNCS_functional-after-fix_clone/TCSBaNCS_functional-after-fix_clone.json new file mode 100644 index 00000000..90df0248 --- /dev/null +++ b/functional_tests/TCSBaNCS_functional-after-fix_clone/TCSBaNCS_functional-after-fix_clone.json @@ -0,0 +1 @@ +[{"type":"reference","title":"E2E Data Flow Map - Agent SSO login, MFA, session timeout and lockout","description":"Mapping only; not a functional test. Shows cross-system flow for secure access incl. idle timeout and account lockout.","testId":"MAP-SEC-001","testDescription":"Input in Call Center -> Request to Backend -> Backend validations/rules -> Backend state change -> Response to Call Center -> What to verify (UI + DB/log/audit)","prerequisites":"ASSUMPTION: SSO provider available with MFA; lockout after 5 failed attempts; idle timeout 15 minutes; logout invalidates tokens in both tiers.","stepsToPerform":"1 | Call Center | Agent opens login URL and selects language (EN/HE). | Login page rendered; language switches. | Web access log records GET; no PII leakage in HTML. \n2 | Call Center->Backend | Submit SSO credentials + MFA challenge. | Credentials routed to IdP; MFA prompt received. | SSO/IdP logs show AuthnRequest with correlationId. \n3 | Call Center | Enter valid OTP; submit. | MFA accepted. | IdP audit shows MFA method and success. \n4 | Backend | Validate roles (Agent), entitlements (market data), and branch MU. | Session created with role scopes; issue short-lived token. | DB session table row with expiry; auth audit event created (login_success). \n5 | Backend->Call Center | Return session + role menu. | Trading tiles visible per role; restricted tiles hidden. | UI menu config matches RBAC matrix. \n6 | Call Center | Idle for 15 minutes. | Session times out; user returned to login on next action. | Session table shows expiry; logout audit (idle_timeout). \n7 | Call Center->Backend | Attempt re-use of expired token via bookmarked deep link. | Access denied; generic error shown; no stack trace/PII. | Gateway log 401 with correlationId; no sensitive details. \n8 | Call Center | Perform 5 failed password attempts. | Account locked; message indicates lockout without reason codes. | IdP audit shows lockout; security event raised to SOC/Kibana.","expectedResult":"Successful SSO with MFA; correct RBAC menus; enforced idle timeout; safe lockout behavior; complete immutable audit trail.","systemsInvolved":"Call Center, Backend","rolesInvolved":"Agent, Supervisor, Auditor","dataSensitivity":"PII (user id, names), session tokens","interfacesUsed":"SSO/IdP, RBAC service, Session store","filesInvolved":"NA","auditEventsToVerify":"login_success, idle_timeout, token_invalid, account_lockout","dbTablesToVerify":"USER_SESSION, RBAC_ROLE_MAP, AUDIT_LOG","apiEndpointsToVerify":"/sso/assert, /auth/token, /menu","logsToCheck":"Web access log, IdP auth log, Backend audit log","messagesShown":"Generic lockout message; no reason codes; localized text","masksApplied":"Phone +972*****1234, email a***@domain.com displayed only in profile; never on errors","negativeVariations":"Reuse expired token; brute-force invalid password attempts; change Accept-Language to inject script (XSS) should be neutralized","boundaryValues":"Exactly 5 failed attempts trigger lockout; 15:00 minute idle timeout","stateTransitions":"Unauthenticated -> Authenticated -> Timed-out/Locked","timingAssumptions":"ASSUMPTION: Session TTL 30m; idle timeout 15m; lockout auto-unlock after 30m","regulatoryReferences":"ISA/BOI security expectations for access control; Internal Security Policy","coverageTags":"mapping, security, SSO, MFA, session, RBAC, audit"},{"type":"reference","title":"E2E Data Flow Map - Customer identification and Security Transfer (beneficiary add)","description":"Mapping only; not a functional test. Shows end-to-end for customer authentication and initiating a security transfer with beneficiary details.","testId":"MAP-SEC-002","testDescription":"Input in Call Center -> Request to Backend -> Backend validations/rules -> Backend state change -> Response to Call Center -> What to verify (UI + DB/log/audit)","prerequisites":"Customer exists with holdings in TASE and Foreign markets; agent has Trading role; transfer outside bank enabled.","stepsToPerform":"1 | Call Center | Authenticate customer with Service Mode Phone, Identification Type National ID and Identification Number. | Portfolio List returned for selection. | Backend matches CIF; audit customer_lookup event. \n2 | Call Center->Backend | Select portfolio; open Security Transfer > Select Security. | Positions fetched (settled only) with previous close; fractional qty allowed. | Position service returns available_qty; price service returns prev_close. \n3 | Call Center | Enter transfer qty (may be fractional) for multiple securities. | UI shows consolidated transfer value in account currency. | FX rate applied if required; rounding per config. \n4 | Call Center->Backend | Proceed to Add Beneficiary; choose Outside Bank; input Bank/Branch/Account; Same Entity unchecked; choose Transfer Case 'Transfer between relatives' + subcase 'Spouse of a sister/brother'. | System validates bank/branch; enables beneficiary owner details capture. | Reference tables for bank/branch; validate identification format. \n5 | Backend | Run rules: CA ex-date block, MF transfer restrictions, Same Entity logic; POA/AML manual check flagged (manual). | If passes, create transfer order in Authorized; else To Be Repaired. | Order row created with status U - Authorization Required if maker-checker applies. \n6 | Call Center | Preview shows commission and comments; agent agrees to fees and submits for authorization. | Authorization popup appears to assign to Checker or Pool. | Authorization queue item created. \n7 | Backend | Write audit trail: transfer_created, fee_computed, auth_requested; lock key fields. | Audit immutable with correlation id; E-Journal shows Initiated By Me. | Audit persists with user/time/ip. \n8 | Backend->Call Center | Confirmation number returned; history screen shows 'Released' after approvals and EOD file 15 dispatch. | UI and Security Transfer History reflect statuses; later matched via 1051/1052. | Reconciliation status updated.","expectedResult":"Customer identification succeeds; security transfer initiated with correct validations; authorization workflow engaged; fees computed; audit present; later reconciled via TASE files.","systemsInvolved":"Call Center, Backend","rolesInvolved":"Agent, Supervisor/Authorizer, BO Operator","dataSensitivity":"PII (National ID), account numbers","interfacesUsed":"Position service, Market rates, GoAnywhere routing, CTRLM jobs","filesInvolved":"TASE File 15 (outbound), 1051/1052 (inbound)","auditEventsToVerify":"customer_lookup, transfer_created, fee_computed, auth_requested","dbTablesToVerify":"SEC_TRANSFER_ORDER, AUTH_QUEUE, E_JOURNAL, AUDIT_LOG, POSITION","apiEndpointsToVerify":"/customer/authenticate, /transfer/create, /authorization/assign","logsToCheck":"Call Center UI logs, Backend service logs, CTRLM job logs","messagesShown":"Alerts for CA ex-date, MF transfer restriction, info for 'Transfer without Identification' if selected","masksApplied":"Owner phone +972*****1234, email a***@domain.com; National ID masked except last 3 digits on UI; full in secure DB only","negativeVariations":"Select MF for transfer to other entity -> blocked; Choose Outside Bank with non-TASE instrument -> error","boundaryValues":"Transfer fractional qty 0.001; consolidated value rounding to 2 decimals","stateTransitions":"Released -> Authorized -> Pend Settle/Open Delivery -> Settled; To Be Repaired if validation fails","authorizationPath":"Assign to Specific Authorizer vs Pool; dual approvals if configured","reconciliationKeys":"TASE movement id, Event id, Security id, Quantity, Price","matchingTolerance":"Amount tolerance at custodian role level (ASSUMPTION: 0.50 ILS)","timingAssumptions":"ASSUMPTION: File 15 at BOD T+1, 1051/1052 at EOD T/T+1; polling window 30 min","regulatoryReferences":"TASE transfer processes; ISA/ITA same entity rules; BOI controls","coverageTags":"mapping, identity, transfers, maker-checker, reconciliation, audit"},{"type":"reference","title":"Terminology Mapping - Call Center vs Backend","description":"Key field name equivalence used across both systems and files. Mapping is informational to aid verification. Items marked ASSUMPTION where docs are silent.","testId":"MAP-TERM-003","testDescription":"Field mappings to ensure parity across UI, DB, and external files.","prerequisites":"Have access to UI labels and DB schema metadata/audit events.","stepsToPerform":"Customer ID (Call Center) = CIF_ID (Backend) [ASSUMPTION]\nPortfolio Reference (Call Center) = PORTFOLIO_ID (Backend)\nInternal Order Number (Call Center) = ORDER_ID (Backend)\nChannel Transaction No. (Call Center) = CHANNEL_TXN_ID (Backend)\nAuthorization Queue Transaction Reference (Call Center) = AUTH_REF_NO (Backend)\nSecurity Symbol (Call Center) = INSTRUMENT_ID or TASE_SYMBOL (Backend)\nTransfer Case (Call Center) = TRANSFER_CASE_CODE (Backend)\nSame Entity (Call Center) = SAME_ENTITY_IND (Backend)\nOrder Status (Call Center) = ORDER_STATUS_CODE (Backend) with U/C flags for maker-checker\nTrade Book Exchange Trade Number (Call Center) = EXCH_TRADE_NO (Backend) = Exec ID in TASE 1051\nSettlement Advice ID (Backend) = SA_ID mapped to TASE movement id in 1052\nE-Journal Initiated By Me (Call Center) = AUDIT_LOG.USER_ACTION=INITIATED (Backend)","expectedResult":"Testers can trace end-to-end with consistent names; reconciliations and audits use the same business keys.","systemsInvolved":"Call Center, Backend","rolesInvolved":"QA, Auditor","dataSensitivity":"PII/transactional identifiers","interfacesUsed":"TASE file keys, Internal APIs","filesInvolved":"1051/1052 mapping to deal/open-delivery/settlement-advice","auditEventsToVerify":"All events carry mapped keys above","dbTablesToVerify":"ORDERS, DEALS, OPEN_DELIVERY, SETTLEMENT_ADVICE, AUTH_QUEUE, AUDIT_LOG","apiEndpointsToVerify":"NA","logsToCheck":"Cross-system correlation IDs include mapped keys","messagesShown":"NA","masksApplied":"Display masked identifiers in UI as per policy; full values only in DB/audit","negativeVariations":"If any mapping mismatch is found, raise DEFECT with evidence of UI vs DB vs file divergence","boundaryValues":"Key lengths per interface specs (e.g., 20–32 chars)","stateTransitions":"NA","regulatoryReferences":"Auditability and traceability per ISA/BOI","coverageTags":"terminology, mapping, audit, reconciliation"},{"type":"security","title":"Outside Bank Security Transfer - Dual maker–checker approvals, fees, TASE files, idempotency","description":"End-to-end security transfer to another bank with assignment to Checker #1 and Checker #2, commission computation, EOD/BOD dispatch (File 15) and inbound matching (1051/1052). Includes duplicate settlement advice prevention and audit trail verification.","testId":"SEC-TRF-004","testDescription":"Validate RBAC, maker–checker (two levels), validations (CA ex-date, MF restriction, Same Entity), fractional quantity handling, file-based async processing and idempotent reconciliation.","prerequisites":"Customer portfolio with settled TASE equity positions; Call Center Agent role; Supervisor (Checker #1) and Head Office Authorizer (Checker #2) available; BO Operator monitoring CTRLM; Custodian tolerance configured; Fees package active.","stepsToPerform":"| Step # | Actor/System | Action | Expected Result | Technical Verification (DB/Log/API) |\n1 | Agent/Call Center | Authenticate customer by National ID; open Security Transfer > Select Security; choose two securities; set fractional transfer qty 10.5 and 0.25. | UI shows consolidated transfer value (ILS); CA indicator visible where applicable. | POSITION and price service calls; FX and rounding as per config.\n2 | Agent/Call Center | Add Beneficiary: Outside Bank; enter valid Bank/Branch/Account; uncheck Same Entity; choose Transfer Case 'Transfer between relatives' and subcase 'Sister/brother'. | Beneficiary owner details required; validation passes. | Reference tables BANK, BRANCH lookups; validation logs OK.\n3 | Backend | Run validations: block MF to other entity, block if ex-date match, verify TASE-only for outside bank, allow fractional qty. | No blocking errors; order created with status U - Authorization Required. | SEC_TRANSFER_ORDER row with status U; AUDIT_LOG transfer_created.\n4 | Agent/Call Center | Preview; view and print Commission Details; tick 'I Agree'; click Release; Initiate Authorization -> Assign to specific Checker #1. | Authorization request created; visible in Checker #1 My Queue. | AUTH_QUEUE entry; E-JOURNAL 'Initiated By Me'.\n5 | Checker #1/Call Center | Open My Queue item; review exceptions; Approve; assign to Checker #2 (pool or specific). | Status becomes U - Authorization Pending for Checker #2. | AUTH_QUEUE updated; AUDIT_LOG auth_level1_approved.\n6 | Checker #2/Call Center | Approve transaction. | Transfer marked Released; BO validations triggered for batch dispatch. | AUTH_QUEUE final; AUDIT_LOG auth_level2_approved.\n7 | Backend/CTRLM | BOD T+1 dispatch File 15 outbound via GoAnywhere. | File 15 generated once; routing success. | Outbound file archive with checksum; CTRLM job success; AUDIT_LOG file15_sent.\n8 | Backend | Receive 1051/1052; auto-match open deliveries; ensure duplicate 1052 with same movement id/event id/qty/price is ignored. | Settlement Advice created once; matching done; positions/nestro updated; idempotency holds. | SETTLEMENT_ADVICE created once; OPEN_DELIVERY matched; AUDIT_LOG match_success; no duplicate rows.\n9 | Call Center | Security Transfer History shows Settled with reconciliation status Reconciled; fees posted to fee account. | UI reflects final state; accounting movements posted (debit/credit). | MOVEMENTS: DR/CR entries; fee GLs per setup; tax-lot transfer reflected; Kafka events NA.","expectedResult":"Transfer completes only after two approvals; correct fees; files exchanged; settlement matched; no duplication on repeated 1052; full audit across steps; UI history accurate.","systemsInvolved":"Call Center, Backend","rolesInvolved":"Agent (Maker), Supervisor/Authorizer (Checker #1), Head Office Authorizer (Checker #2), BO Operator, Auditor","dataSensitivity":"PII (IDs), account numbers, portfolio holdings","interfacesUsed":"GoAnywhere routing, CTRLM job control, TASE 15/1051/1052","filesInvolved":"File 15 (out), 1051 (in), 1052 (in)","currencies":"ILS base; positions may be USD but transfer value consolidated in ILS","exchangeRateAssumptions":"ASSUMPTION: FX rate from Market Information at EOD; round half even to 2 decimals","feeTypes":"Transfer commission (flat/percentage), third-party fees NA","matchingTolerance":"Custodian amount tolerance per role (ASSUMPTION 0.50 ILS); instrument id mandatory","timingAssumptions":"ASSUMPTION: BOD File 15 08:00; 1051 at T, 1052 at T+1 20:30; polling 30 min; retries x3","auditEventsToVerify":"transfer_created, fee_computed, auth_level1_approved, auth_level2_approved, file15_sent, sa_created, reconcile_match, settlement_posted","dbTablesToVerify":"SEC_TRANSFER_ORDER, AUTH_QUEUE, E_JOURNAL, OPEN_DELIVERY, SETTLEMENT_ADVICE, MOVEMENTS, AUDIT_LOG","apiEndpointsToVerify":"/transfer/create, /authorization/assign, /authorization/approve, /recon/manualMatch","logsToCheck":"Backend transfer service logs, Authorization service logs, Reconciliation logs, CTRLM job logs","masksApplied":"UI masks beneficiary phone +972*****1234 and email a***@domain.com; account numbers partially masked except in secure BO views","negativeVariations":"Attempt transfer of MF to different entity -> error; Pick Outside Bank with exchange != TASE -> error; Push duplicate 1052 -> ignored with audit; Checker #2 rejects -> status C – Approval Rejected with rollback (no file15).","boundaryValues":"Fractional qty 0.001; max commission cap per tariff; largest allowed quantity per instrument","stateTransitions":"U – Authorization Required -> U – Authorization Pending -> Released -> Pend Settle/Open Delivery -> Settled; or C – Approval Rejected on denial","authorizationPath":"Specific Checker vs Pool; dual approvals enforced; maker cannot self-approve","reconciliationKeys":"movement_id, event_id, instrument_id, quantity, price","messagesShown":"61088 - Mandatory Authorization for Security Transfer; CA ex-date block message; MF restriction message","errorCodesExpected":"As per Error Code List v4.0; duplicate SA prevented message","regulatoryReferences":"TASE transfer lifecycle; ISA/ITA same entity rules; BOI control on approvals","coverageTags":"security, RBAC, maker-checker, transfers, reconciliation, idempotency, audit, TASE"},{"type":"security","title":"Equity Buy Order - Maker limit exceeded -> Supervisor approval, self-transaction prevention, audit and masking","description":"End-to-end security test for equity buy where maker limit is exceeded requiring authorization. Covers pre-trade validations, TASE self-transaction rule, RBAC, safe error messages, immutable audit.","testId":"SEC-ORD-005","testDescription":"Place a Buy order that exceeds agent maker limit; route for approval; verify block on self-transaction against existing Sell; ensure audit trail and masking in UI/logs.","prerequisites":"Customer authenticated with holdings; existing Pending Sell order on same security at price 100.00; Agent maker limit set below intended order value; Supervisor available.","stepsToPerform":"| Step # | Actor/System | Action | Expected Result | Technical Verification (DB/Log/API) |\n1 | Agent/Call Center | Open Order Entry; select symbol with existing Sell; set Buy quantity/price at 100.00 (>= open Sell price). | On Place Order, self-transaction prevention triggers. | UI error 'Self-Transactions are not allowed in TASE'; no order persisted; AUDIT_LOG validation_blocked. \n2 | Agent/Call Center | Adjust to different security; set Buy amount to exceed maker limit; click Place Order. | Preview shows commission; proceed to Confirm. | Fee engine preview values. \n3 | Backend | Validate: buying power, product subscription, maker limit. | Maker limit exceeded -> exception created for authorization 610070. | ORDER created with status U - Authorization Pending; AUTH_QUEUE entry. \n4 | Agent/Call Center | Assign to Supervisor via Authorization popup (Specific Authorizer). | Request visible in Supervisor My Queue. | E-JOURNAL 'Initiated By Me'. \n5 | Supervisor/Call Center | Approve in My Queue; add remarks. | Order moves to Placed with Market (if market open) or stored for next session; status Updated. | AUTH_QUEUE closed; AUDIT_LOG supervisor_approved. \n6 | Backend | Route to market via ST-SP; receive execution (partial then full). | Order statuses: Partly Executed -> Executed; blocks adjusted. | DEALS updated; MOVEMENTS cash/custody blocks; AUDIT_LOG trade_execution. \n7 | Backend | EOD receive 1051; mark deals Reconciled; 1054 for failures (if any). | Recon status updated; no failures. | RECON tables show matched; report generated. \n8 | Call Center | Verify Trade Book reflects executions; UI masks customer PII in Order Trail; errors never show PII. | Order/Trade History accurate; masked examples applied. | Log review: no National ID/PAN printed; correlationId present.","expectedResult":"System blocks self-transaction; for allowed order, maker-limit triggers authorization; supervisor approval required; trades execute and reconcile; PII masked; complete audit.","systemsInvolved":"Call Center, Backend","rolesInvolved":"Agent (Maker), Supervisor (Checker), BO Operator, Auditor","dataSensitivity":"PII, financial transactions","interfacesUsed":"ST–SP integration for market, TASE 1051/1054","filesInvolved":"1051, 1054","currencies":"ILS","exchangeRateAssumptions":"NA","feeTypes":"ST Commission; third-party fees as configured","matchingTolerance":"NA","timingAssumptions":"ASSUMPTION: Market open; 1051 EOD T","auditEventsToVerify":"validation_blocked(self_txn), order_created, auth_requested(610070), supervisor_approved, trade_execution, recon_matched","dbTablesToVerify":"ORDERS, AUTH_QUEUE, E_JOURNAL, DEALS, MOVEMENTS, AUDIT_LOG, RECON_STATUS","apiEndpointsToVerify":"/order/place, /authorization/assign, /authorization/approve","logsToCheck":"Order validation logs, Authorization logs, Trade capture logs","masksApplied":"UI shows portfolio ref masked (XXX-XX1456); customer phone +972*****1234; no CVV/PAN present; emails like a***@domain.com","negativeVariations":"Supervisor rejects -> order cancelled with rollback; Agent tries to modify order to bypass limit -> remains blocked until approval; Error messages remain generic without limits or internal thresholds.","boundaryValues":"Order value exactly at maker limit should still require approval per policy (ASSUMPTION inclusive boundary).","stateTransitions":"Pending -> U Authorization Pending -> Placed with Market -> Partly Executed -> Executed; or C – Approval Rejected","authorizationPath":"Specific authorizer selection; Maker cannot self-approve; Pool fallback allowed","reconciliationKeys":"Instrument, Quantity, Execution Id, Price, Trade date","messagesShown":"610070 - Maker Limit Exceeded; TASE self-transaction error text","errorCodesExpected":"Self-transaction error; 610070 for maker limit","regulatoryReferences":"TASE self-transaction rule; BOI operational controls","coverageTags":"security, RBAC, maker-checker, self-transaction, masking, audit, reconciliation"},{"type":"functional","title":"Foreign SELL trade - Broker average price restatement, SEC/TAF third-party fees, split settlements","description":"End-to-end for a foreign SELL order with EOD restatement to broker average price, SELL-only SEC/TAF handling as third-party fees, and separate customer vs street-side settlement. Includes idempotency on broker file and auditability.","testId":"E2E-FOR-SELL-001","testDescription":"Place foreign SELL, receive partial executions, restate to one average-price deal at EOD using broker file, apply ST commission vs SEC/TAF fee tags correctly, settle customer at T+1 and street-side via batch, verify UI, DB, accounting, and audits.","prerequisites":"Customer authenticated in Call Center; portfolio has foreign equity position sufficient to SELL; customer is subscribed for foreign trading; fee packages configured (ST Commission; SEC and TAF as third-party on SELL only); broker connectivity available; batches enabled.","stepsToPerform":"1 | Call Center | Authenticate customer via Phone; select portfolio reference; open Trading > Order Entry. | Customer context established; trading tiles enabled. | AUDIT_LOG customer_lookup; session scopes set.\n2 | Call Center | Place SELL order for foreign equity (e.g., NASDAQ symbol) with quantity > available lot size; choose Limit; Place Order -> Preview. | Preview shows ST Commission estimate; currency USD; no SEC/TAF yet (pre-trade). | Fee engine preview call; ORDER draft not persisted until confirm.\n3 | Call Center->Backend | Confirm order. | Order accepted; status Pending. | ORDERS row created; AUDIT_LOG order_created(channel=CC).\n4 | Backend | Validate buying power not needed (SELL), product subscription, POA; route to market via ST–SP; receive intraday executions (multiple partial fills). | Order progresses to Partly Executed then Executed. | DEALS rows for partial fills; MOVEMENTS: custody blocks removed; sale proceeds staged.\n5 | Backend (EOD) | Process broker average price file (Broker Order Summary); cancel intraday partials; capture a single averaged deal with commission tags: Comm, SEC, TAF; mark SELL-only applicability. | One average-price DEAL replaces intraday breakdown; SEC/TAF recorded as third-party. | DEALS: old deals reversed, new average deal inserted; DEAL_TAGS Comm/SEC/TAF populated; AUDIT_LOG broker_avg_applied.\n6 | Backend | Post charges: ST Commission -> Fee Income; SEC -> 3rd Party account; TAF -> Broker fee expense vs broker settlement account; include in customer cost price. | Correct GL postings and fee markings. | MOVEMENTS entries with BSPL codes; fee flags third_party=true for SEC/TAF; cost_price updated.\n7 | Backend (T+1) | Run customer cash settlement batch; run street-side settlement batch for foreign (no custodian confirm files processed; settle based on recon). | Customer cash posted; open deliveries settled. | OPEN_DELIVERY marked Settled; MOVEMENTS cash DR/CR per accounting; AUDIT settlement_posted.\n8 | Backend (Recon) | Generate daily recon vs broker data; re-ingest the same broker file to test idempotency. | No duplicate restatement; recon shows matched. | RECON_STATUS matched; job logs show duplicate-suppressed with correlationId.\n9 | Call Center | Verify Trade Book shows a single execution at average price; Order/Trade History reflect consolidated fills; UI shows fee breakdown (Commission + SEC + TAF); PII masked. | Correct display; no unmasked PAN/email/phone. | UI masking rules enforced: portfolio XXX-XX1456; phone +972*****1234; email a***@domain.com.\n10 | BO Reports | Verify BO report 'broker commissions' monthly aggregation and daily execution fee report include SEC/TAF split and SELL-only tagging. | Reports contain accurate fields and amounts. | RSP report extracts generated with totals; file delivered to vault.","expectedResult":"Foreign SELL is restated to one average-price deal; SEC and TAF applied only on SELL and marked as third-party; correct accounting postings; T+1 customer cash settlement and street-side batch complete; UI and reports reflect average price and fees; duplicate broker file is idempotent; complete audit trail.","systemsInvolved":"Call Center, Backend","rolesInvolved":"Agent, Supervisor (view only), BO Operator, Auditor","dataSensitivity":"PII, portfolio identifiers, trade data","interfacesUsed":"ST–SP market routing, Broker Order Summary ingestion, Fee engine, Batch settlement","filesInvolved":"Broker Order Summary (EOD), APEX 872/869/870 (recon extracts only; not processed)","currencies":"USD trade; portfolio currency ILS for valuations","exchangeRateAssumptions":"ASSUMPTION: FX round half-even to 2 decimals at EOD rate from Market Information","feeTypes":"ST Commission, SEC (3rd party), TAF (3rd party), Broker Commission","matchingTolerance":"NA for this flow","timingAssumptions":"ASSUMPTION: Broker avg file received EOD T 19:00; customer settlement batch T+1 17:30; street-side batch T+1 20:00","auditEventsToVerify":"customer_lookup, order_created, trade_execution(partial/full), broker_avg_applied, fee_posted(commission,SEC,TAF), settlement_posted, recon_matched","dbTablesToVerify":"ORDERS, DEALS, DEAL_TAGS, MOVEMENTS, OPEN_DELIVERY, RECON_STATUS, AUDIT_LOG","apiEndpointsToVerify":"/order/place, /order/confirm, /files/broker/ingest, /batch/settlement/run","logsToCheck":"Trade capture logs, Fee engine logs, Broker file ingestion logs, Batch settlement logs","masksApplied":"Portfolio ref XXX-XX1456; PAN 4111********1111 (never displayed); phone +972*****1234; email a***@domain.com","negativeVariations":"Re-ingest same broker file -> no duplicate restatement; Broker file includes a BUY row with SEC/TAF -> system must ignore SEC/TAF for BUY and flag in recon; Broker file order ref not found -> appears in next-day recon exception report","boundaryValues":"SEC/TAF zero-amount rows; fractional average price to 4–6 decimals; maximum commission cap per tariff","stateTransitions":"Pending -> Partly Executed -> Executed -> Intraday deals reversed -> Averaged Executed -> Settled","authorizationPath":"No maker-checker for SELL unless limits breached (ASSUMPTION); supervisor may view but not approve in this case","reconciliationKeys":"Broker Order Ref, Instrument, Side, Avg Price, Exec Qty, Trade Date","messagesShown":"Generic success and preview commission texts; no sensitive thresholds","errorCodesExpected":"Broker file duplicate suppressed code (per Error Code List v4.0)","regulatoryReferences":"ISA/BOI controls on fee disclosure; SEC/TAF SELL-only applicability; Foreign trading lifecycle in doc: Foreign Trade Settlement Lifecycle; BO reports specs","coverageTags":"foreign, fees, third-party, average-price, settlement, reconciliation, idempotency, audit, masking"},{"type":"functional","title":"Mutual Funds - Cut-off, auto/manual price correction, distribution fee, Kafka document event","description":"E2E MF purchase before cut-off with allocation, auto price correction via 1051, optional manual reversal/reallocate, then daily distribution fee accrual and Kafka event emission for MF documents. Ensures money-market fund exemption.","testId":"MF-PRICECOR-002","testDescription":"Validate MF order lifecycle around cut-off, price correction handling (auto via 1051; manual via UI), daily distribution fee accrual, exemption for money-market funds, and Kafka event generation for MF docs.","prerequisites":"Customer authenticated; MF trading enabled; NAV List visible; cut-off configured (e.g., 16:00); MF policy indicator available; distribution agreement flags configured for selected funds; Kafka topic reachable.","stepsToPerform":"1 | Call Center | Open NAV List; filter by AMC; select a non-money-market MF; click Purchase before cut-off; enter Units; Place Order -> Confirm. | Order accepted; status Pending/Transit. | ORDERS created (instrument=MF); AUDIT order_created.\n2 | Backend | On T evening, process allocation (1051) clubbed on fund level; book allocation at NAV(T). | Allocation posted; customer security movement recorded. | DEALS/ALLOCATIONS created; MOVEMENTS security side.\n3 | Backend (T+1) | Receive 1051 reversal/price correction for the same fund; auto reverse old allocation and rebook at new price. | Allocation reversed and reallocated; history maintained. | ALLOCATION_REVERSAL and NEW_ALLOCATION rows; AUDIT mf_price_auto_corrected.\n4 | Call Center | Verify MF Order Book and MF Order Trail reflect reversal and reallocation entries; prices updated. | UI shows two legs with timestamps; statuses updated. | UI trail export matches DB.\n5 | Backend (Manual path) | Use 'Allocation reversal and execution handling' screen to manually 'Reverse and Reallocate' for a second MF where automatic file wasn’t received; update price after correcting 'Security Rates'. | Manual correction succeeds; audit captured. | MARKET_INFO rate update; AUDIT mf_price_manual_corrected.\n6 | Backend (Daily) | Run Distribution Fee daily accrual; include selected funds per agreement; exclude money-market. | Daily accrual computed; leap-year handled. | DIST_FEE_ACCRUAL table; flags for exemptions.\n7 | Backend (EOM) | Generate Distribution Fee monthly report per fund manager and summary for BO; emit Kafka event per MF document. | Reports delivered; Kafka events present with metadata. | RSP35491 + summary; Kafka topic records with correlationId.\n8 | Call Center | Verify Messages/Reports availability if exposed; ensure masking on any customer-facing fields. | UI shows no PII beyond policy; masked identifiers. | UI masking enforcement.\n9 | Negative pre-check | Attempt purchase after cut-off; ensure order stored as offline and allocated next business cycle. | Order not executed same day; status reflects off-market. | Flags in ORDERS (offline).","expectedResult":"MF purchased before cut-off is allocated T; later price correction reverses and reallocates automatically; manual path works when needed; distribution fees accrue daily with money-market exemptions; Kafka events emitted; all actions audited and correctly reflected on UI and reports.","systemsInvolved":"Call Center, Backend","rolesInvolved":"Agent, BO Operator, Auditor","dataSensitivity":"PII minimal; transactional MF holdings","interfacesUsed":"NAV/Market Information, TASE 1051 for MF, Kafka events, Distribution fee engine","filesInvolved":"1051 (allocation, reversal/reallocation), Distribution fee reports (monthly)","currencies":"ILS","exchangeRateAssumptions":"NA (local funds priced in ILS)","feeTypes":"Distribution Fee (MF), ST Commission (if applicable), Exemptions for money-market","matchingTolerance":"NA","timingAssumptions":"ASSUMPTION: Cut-off 16:00; 1051 MF allocation T evening; distribution fee daily batch 02:00; Kafka events after report generation","auditEventsToVerify":"order_created, mf_allocated, mf_price_auto_corrected, mf_price_manual_corrected, distribution_fee_accrued, distribution_fee_report_generated, kafka_event_emitted","dbTablesToVerify":"ORDERS, DEALS/ALLOCATIONS, MOVEMENTS, MARKET_INFO_RATES, DIST_FEE_ACCRUAL, AUDIT_LOG","apiEndpointsToVerify":"/mf/order/place, /mf/order/trail, /fees/distribution/run, /events/kafka/publish","logsToCheck":"MF allocation logs, Rate update logs, Distribution fee batch logs, Kafka producer logs","masksApplied":"Portfolio ref XXX-XX1456; phone +972*****1234; email a***@domain.com","negativeVariations":"Place order after cut-off -> offline handling; Attempt to accrue distribution fee for money-market fund -> should be excluded; Missing 1051 for correction -> manual reversal/reallocate route must be used and audited","boundaryValues":"Units with fractional up to 3 decimals; zero NAV edge case; leap-year daily accrual on Feb 29","stateTransitions":"MF order: Pending/Transit -> Allocated -> Auto Reversed -> Reallocated -> Settled (per cash flow); Manual correction path similar","authorizationPath":"No maker-checker for MF price correction per spec; BO operator privileges required (RBAC check)","reconciliationKeys":"Fund Symbol, Allocation Date, Units, NAV, Order Ref","messagesShown":"Cut-off info; price correction notifications if exposed; report availability messages","errorCodesExpected":"MF after cut-off stored offline code; manual correction validation messages","regulatoryReferences":"TASE MF processing (files 1051/544 cut-off), BOI reporting expectations, Distribution fee rules and exemptions","coverageTags":"mutual-funds, cut-off, price-correction, distribution-fee, kafka, audit, masking"},{"type":"functional","title":"Manual Matching UI for 1052 settlement advice - Instrument mandatory, tolerance, idempotency","description":"Validate manual matching of Open Deliveries with Settlement Advices from 1052, enforcing instrument id mandatory and amount tolerance, generating nostro postings, and excluding manually matched items from future auto-recon. Ensures duplicate SA prevention.","testId":"RECON-MANMATCH-003","testDescription":"Use Manual Matching UI to link open deliveries and settlement advices; verify blocking on instrument mismatch, tolerance on amount, creation of nostro postings, exclusion from further reconciliation, and duplicate SA suppression.","prerequisites":"There are unmatched Open Deliveries from trades/transfers; 1052 settlement advice file ingested with corresponding entries; custodian tolerance configured (e.g., 0.50 ILS).","stepsToPerform":"1 | Backend | Ingest 1052; ensure Settlement Advice records created once per unique (movement id,event id,security,qty,price). | SA rows present; no duplicates. | SETTLEMENT_ADVICE table; AUDIT sa_created.\n2 | Call Center | Open Manual Matching UI (Authorization/BO screens may be proxied for Head Office user view). | Lists of Open Delivery and Settlement Advice visible. | UI query to BACKEND via service.\n3 | Call Center | Select an Open Delivery and a Settlement Advice with matching instrument and quantity; click Match. | Pre-check passes; proceed to confirmation. | Validation log shows instrument match and qty equality.\n4 | Backend | Apply tolerance check on amounts as per custodian role; if within 0.50 ILS, accept. | Match created; nostro postings generated. | MOVEMENTS for nostro cash/stock; OPEN_DELIVERY and SA marked Matched.\n5 | Call Center | Verify matched units/amount fields populated; balance units/amount zero; status updated. | UI reflects Matched; no further action allowed. | Status fields updated; match timestamp.\n6 | Backend | Re-run reconciliation job; ensure manually matched pair is excluded from auto-recon. | No re-processing of matched items. | Job log: excluded_due_to_manual_match=true.\n7 | Call Center | Attempt to match an Open Delivery with a Settlement Advice of a different instrument. | System blocks with error; no postings. | Error surfaced; no DB changes.\n8 | Backend | Re-ingest the same 1052 (duplicate rows). | Duplicate SA suppressed. | No new SA rows; AUDIT duplicate_sa_suppressed.\n9 | Call Center | Export the manual matching screen to verify audit trail and parity with DB. | Export matches DB keys. | Export file fields align to reconciliationKeys.","expectedResult":"Manual match succeeds when instrument matches and amounts within tolerance; nostro postings are created; matched items are excluded from further reconciliation; instrument mismatch is blocked; duplicate SA suppressed; audit complete.","systemsInvolved":"Call Center, Backend","rolesInvolved":"Head Office user (UI), BO Operator, Auditor","dataSensitivity":"Trade identifiers; no customer PII in SA lists","interfacesUsed":"TASE 1052 ingestion, Manual Matching service","filesInvolved":"1052","currencies":"ILS baseline; may include foreign depending on item currency","exchangeRateAssumptions":"ASSUMPTION: Matching amount comparisons use file currency; no FX conversion during tolerance check","feeTypes":"NA","matchingTolerance":"0.50 ILS at custodian role level (ASSUMPTION)","timingAssumptions":"ASSUMPTION: 1052 arrives T+1 ~20:30; recon job runs hourly; manual actions anytime","auditEventsToVerify":"sa_created, manual_match_success, nostro_posting_created, manual_match_excluded_from_recon, duplicate_sa_suppressed, manual_match_failed_instrument_mismatch","dbTablesToVerify":"OPEN_DELIVERY, SETTLEMENT_ADVICE, MATCH_LINK, MOVEMENTS, AUDIT_LOG","apiEndpointsToVerify":"/recon/manualMatch, /files/1052/ingest, /recon/run","logsToCheck":"Reconciliation logs, Manual match service logs, File ingestion logs","masksApplied":"UI shows no PAN/phone/email; trade numbers only","negativeVariations":"Instrument mismatch -> error; Amount difference > tolerance -> block with specific message; Attempt to unmatch a matched item -> disallowed and audited","boundaryValues":"Amount difference exactly equal to tolerance (0.50 ILS) should pass; quantity with fractional (e.g., 0.001) must be supported","stateTransitions":"Open Delivery: Pend Settle -> Matched -> Settled; Settlement Advice: New -> Matched; items excluded from further recon after manual match","authorizationPath":"Manual match allowed for BO Operator/Head Office role only (RBAC); maker-checker not required (ASSUMPTION)","reconciliationKeys":"movement_id, event_id, instrument_id, quantity, price","messagesShown":"Instrument id mandatory error; tolerance exceed message","errorCodesExpected":"Duplicate SA prevention code; Instrument mismatch error code (per Error Code List v4.0)","regulatoryReferences":"TASE 1052 processing; matching rules and tolerance; custodial controls; BOI auditability","coverageTags":"reconciliation, manual-matching, tolerance, nostro, idempotency, audit, RBAC"},{"type":"functional","title":"Tax Simulation end-to-end with MATRIX and optional Sell from results","description":"Validate Call Center Tax Simulation flow calling Backend and MATRIX, with edited quantity/price, result review, and optional Sell action. Verify EOD tax postings on settlement date, updated lots file, and counters for last 10 days.","testId":"TAXSIM-004","testDescription":"Run Tax Simulation for selected securities; verify MATRIX-calculated tax-to-pay/refund; trigger 'Sell' from results to place an order; validate postings occur on settlement date and positions/lots update in valuation; ensure entitlement-driven market data rule adherence.","prerequisites":"Customer authenticated; holdings available; market data subscription set (simulation allowed even with delayed market data per spec); MATRIX reachable; EOD tax jobs enabled.","stepsToPerform":"1 | Call Center | Open Tax Simulation; select two securities; set custom Quantity and Price (<= available qty); click Simulate. | UI accepts inputs; sends request to Backend. | Request payload includes CIF/Portfolio, symbols, qty, price.\n2 | Backend->MATRIX | Forward simulation request to Tax Engine MATRIX with positions/lots context; wait for response. | MATRIX returns tax per line and total. | AUDIT tax_simulation_requested/succeeded.\n3 | Call Center | Review results: Transaction Amount, Profit/Loss in ILS, Taxable Amount, Tax Rate, Tax to Pay/Refund; verify 'Sell' button visible per row. | Values displayed; rounding correct. | UI calculations match response; rounding half-even.\n4 | Call Center | Click 'Sell' on one line; confirm order with entered price/quantity. | Order created; standard pre-trade validations executed. | ORDERS row created from tax_simulation context; AUDIT order_created(source=taxsim).\n5 | Backend | Route to market; receive execution; update cash/custody blocks per trade. | Order status Executed (or Partly Executed). | DEALS, MOVEMENTS updated.\n6 | Backend (EOD Settlement Date) | Send day’s security movements to Tax Engine; receive Tax/Refund details for trades settling today; post tax to customer accounts; ingest updated lots and counters file (last 10 days). | Tax postings created; valuation reflects new lots; counters available. | MOVEMENTS tax component; LOTS_UPDATE table; COUNTERS_10D file stored; AUDIT tax_posted, lots_updated.\n7 | Call Center | Check Portfolio Valuation/Detailed shows updated cost price and lots; Tax Simulation run again shows updated quantities. | UI reflects updated holdings/lots. | Parity between UI and DB.\n8 | Entitlements | Ensure live/delayed market data rules are respected (Tax Simulation allowed even if other features are delayed). | No entitlement error for simulation; quotes may be delayed. | Subscription matrix applied.","expectedResult":"Tax Simulation returns accurate results; 'Sell' from results creates an order and executes; tax is posted on settlement date; lots updated and reflected in valuation; counters stored; entitlements honored; complete audit trail.","systemsInvolved":"Call Center, Backend","rolesInvolved":"Agent, BO Operator (EOD jobs), Auditor","dataSensitivity":"PII, portfolio positions, tax amounts","interfacesUsed":"MATRIX Tax Engine, Market Information (for prices), Batch EOD jobs","filesInvolved":"Tax results file (settlement-date), Updated lots file, Counters last 10 days","currencies":"ILS primary; FX conversion for foreign holdings as per rates","exchangeRateAssumptions":"EOD FX from Market Information; round half-even 2 decimals; tax base in ILS","feeTypes":"Tax postings only (not fees)","matchingTolerance":"NA","timingAssumptions":"ASSUMPTION: MATRIX response < 5s; EOD lot update post settlement run 21:00; postings same day as settlement date","auditEventsToVerify":"tax_simulation_requested, tax_simulation_succeeded, order_created(source=taxsim), trade_execution, tax_posted, lots_updated, counters_file_ingested","dbTablesToVerify":"ORDERS, DEALS, MOVEMENTS (tax), LOTS_UPDATE, PORTFOLIO_VALUATION, AUDIT_LOG","apiEndpointsToVerify":"/tax/simulate, /order/place, /eod/tax/postings","logsToCheck":"Tax simulation service logs, MATRIX request/response logs, EOD postings logs","masksApplied":"Portfolio ref XXX-XX1456; phone +972*****1234; email a***@domain.com","negativeVariations":"Attempt to simulate with quantity > available -> validation error; Retry the same simulation rapidly -> idempotent response per correlationId; Network timeout to MATRIX -> user sees generic retryable error; 'Sell' for ETF should display ETF path alert if initiated outside ETF list","boundaryValues":"Fractional quantity 0.001; zero or negative P/L edge cases; price at 4 decimals","stateTransitions":"Simulation (no state) -> Order Pending -> Executed -> Settlement -> Tax posted","authorizationPath":"If maker limit exceeded during 'Sell', route to supervisor per bank policy (not the main path here)","reconciliationKeys":"Portfolio ID, Symbol, Quantity, Price, Trade Date, Settlement Date","messagesShown":"ETF Order Panel Alert when applicable; generic simulation success/error","errorCodesExpected":"Quantity exceeds available; MATRIX timeout; entitlement check not required for simulation per table","regulatoryReferences":"Tax Engine integration; settlement-date tax posting; ISA/ITA taxation; Market data subscription matrix","coverageTags":"tax, MATRIX, simulation, sell-from-sim, valuation, lots, entitlements, audit"},{"type":"functional","title":"Within Bank Security Transfer - Multiple beneficiaries percent split, Same Entity logic, EOD auto-settlement","description":"E2E within-bank transfer between relatives with multiple beneficiaries and percent split summing to 100%, fractional quantities, Same Entity auto-computation, single-level maker–checker, and EOD auto-settlement including Tax Engine lot transfer.","testId":"TRF-WITHIN-005","testDescription":"Initiate within-bank transfer selecting 'Transfer between relatives'; add two beneficiaries with percent split; verify Same Entity behavior, commission preview, maker–checker approval, EOD settlement without TASE files, and Tax Engine updates.","prerequisites":"Customer authenticated; settled positions available (including fractional); beneficiaries’ accounts exist in same bank; authorization workflow configured (single checker); fees package active.","stepsToPerform":"1 | Call Center | Open Transfers > Security Transfer; Select Security screen auto-loads settled positions; choose two symbols; edit fractional Transfer Qty (e.g., 10.5 and 0.25). | Consolidated Transfer Value displayed in account currency; CA indicator shown if applicable. | Position and price services return data.\n2 | Call Center | Proceed to Add Beneficiary; choose 'Within Bank'; select Transfer Case 'Transfer between relatives'; add two beneficiaries; enter percent split 50 and 50; verify Same Entity box behavior. | Multiple beneficiary rows allowed; Same Entity auto-computed by BP ID; if different entities, Transfer Case enabled. | UI validations triggered per decision table.\n3 | Call Center | Click Verify; Preview shows Commission Details; tick 'I Agree'; Release. | Exception raised for authorization; option to assign to checker. | AUTH_QUEUE entry created; AUDIT transfer_created, fee_computed.\n4 | Call Center (Checker) | Open My Queue; review; Approve with remarks. | Status moves to Released. | AUTH_QUEUE closed; AUDIT auth_level1_approved.\n5 | Backend | Mark order for EOD auto-settlement (within-bank); generate DR/CR security movements across portfolios for both beneficiaries per percentage; handle fractional splits accurately. | Transfer status Settled after EOD; positions updated. | MOVEMENTS security; POSITION balances; AUDIT settlement_posted.\n6 | Backend | Send movements to Tax Engine; ensure tax-lot layers also transferred; compute Same Entity Tax Identifier flag based on case and Same Entity indicator. | Tax Engine lots reflect new owner(s); correct identifier values (1 or 2). | LOTS_UPDATE sent; TAX_IDENTIFIER flag set.\n7 | Call Center | Security Transfer History shows Settled with two beneficiary legs; Commission posted to fee account. | UI shows final state with references; amounts reconcile. | History screen export matches DB.\n8 | RBAC/Masking | Ensure maker cannot self-approve; PII masked on UI and logs. | RBAC enforced; masking visible. | Audit includes user ids and IP; no PII leakage.","expectedResult":"Within-bank multi-beneficiary transfer with fractional quantities settles EOD; percent split applied; Same Entity rules applied; maker–checker enforced; fees posted; tax lots transferred; full audit recorded; UI and DB consistent.","systemsInvolved":"Call Center, Backend","rolesInvolved":"Agent (Maker), Checker (Supervisor), BO Operator, Auditor","dataSensitivity":"PII (owner IDs), account references, holdings","interfacesUsed":"Position service, Market rates, Tax Engine EOD","filesInvolved":"NA (within-bank auto-settlement; no TASE file)","currencies":"ILS (order-level value always in ILS)","exchangeRateAssumptions":"If foreign holdings exist, value conversion to ILS at EOD FX; round half-even 2 decimals","feeTypes":"Transfer commission (flat/percentage); no third-party fees","matchingTolerance":"NA","timingAssumptions":"ASSUMPTION: EOD within-bank settlement 20:00; Tax Engine file after settlement","auditEventsToVerify":"transfer_created, fee_computed, auth_level1_approved, settlement_posted, lots_updated","dbTablesToVerify":"SEC_TRANSFER_ORDER, AUTH_QUEUE, E_JOURNAL, MOVEMENTS, POSITION, AUDIT_LOG","apiEndpointsToVerify":"/transfer/create, /authorization/assign, /authorization/approve","logsToCheck":"Transfer service logs, Authorization logs, EOD settlement logs","masksApplied":"Account refs partially masked; phone +972*****1234; email a***@domain.com; National ID masked except last 3 on UI","negativeVariations":"Percent split totals 99 or 101 -> error; Selecting a Transfer Case other than 'Transfer between relatives' should not allow multiple beneficiaries; Attempt to include a Mutual Fund position with Same Entity unchecked -> blocked per rule","boundaryValues":"Fractional quantity 0.001; two beneficiaries percent 50/50; exactly 100% total required","stateTransitions":"U – Authorization Required -> Released -> Settled","authorizationPath":"Single checker; maker cannot self-approve; assign to specific vs pool","reconciliationKeys":"Order Number, Portfolio ID (source/targets), Instrument, Quantity per leg","messagesShown":"61088 - Mandatory Authorization for Security Transfer (within bank variant); CA ex-date alert if applicable","errorCodesExpected":"Percent split not equal to 100; MF to different entity restriction code","regulatoryReferences":"ISA/ITA same entity and relatives taxonomy; BOI control on approvals; Tax lot transfer requirement","coverageTags":"transfers, within-bank, multi-beneficiary, fractional, maker-checker, tax-lots, RBAC, masking, audit"},{"type":"functional","title":"ETF order path selection alert, fee consequences, and settlement route","description":"Validate ETF List path alert forcing agent to choose Equity path vs Mutual Fund path, ensure distinct fees and lifecycles apply, entitlements honored, and full auditability.","testId":"ETF-PATH-001","testDescription":"From ETF List, place the same ETF via Equity path and via Mutual Fund path; compare validations, commissions, lifecycle (T trade vs NAV allocation), and settlement flows. Verify alerts, entitlements, UI vs DB parity, and audit.","prerequisites":"Customer authenticated in Call Center; ETF in scope on both TASE and MF tracks; fee packages configured (ST Commission for Equity, MF commission/distribution rules for Funds path); market open; agent has Trading role; MF cut-off configured. ASSUMPTION: No maker–checker required for standard ETF orders.","stepsToPerform":"1 | Call Center | Open ETF List; search ETF by symbol; click Buy/Sell link (Equity path) on the same ETF. | ETF Order Panel Alert is displayed requiring path selection. | UI shows alert modal; events log shows alert_shown.\n2 | Call Center | Choose Equity Order Path; fill quantity/price (Limit), validity Good For Day; Place Order -> Preview. | Preview shows ST Commission only; market data shown per subscription; ETF path label=Equity. | Fee engine preview rows; ORDER draft context includes path=equity.\n3 | Backend | On confirm, perform validations: buying power, product subscription, TASE parameters; route via ST–SP. | Order Accepted -> Pending/Placed with Market. | ORDERS row created; AUDIT order_created(path=equity).\n4 | Backend | Receive execution intraday (partial -> full); create deals and blocks; EOD 1051 recon. | Status updates Partly Executed -> Executed; deal reconciled. | DEALS/MOVEMENTS populated; RECON 1051 matched.\n5 | Call Center | Verify Trade Book shows executions; Order Trail shows path=Equity; PII masked (portfolio XXX-XX1456). | UI correct; no PII leakage. | Logs redact phone +972*****1234 and email a***@domain.com.\n6 | Call Center | From ETF List now click Purchase/Redeem (Funds path) for the same ETF; choose Purchase before cut-off; Place -> Confirm. | Preview shows MF commission per funds path; ETF path label=Funds. | ORDER created with instrument=Fund; fee preview includes distribution applicability info.\n7 | Backend | T evening: process allocation (1051 clubbed at fund level). | Allocation posted at NAV(T). | ALLOCATIONS and MOVEMENTS security side.\n8 | Backend | T+1 evening: process 1052 settlement (street side) and contractual/actual customer cash settlement as configured. | Settlement completed; positions updated. | OPEN_DELIVERY settled; MOVEMENTS cash postings.\n9 | Call Center | Compare Equity vs Funds orders in MF Order Book/Order Book; verify different fees and different lifecycle timestamps; export both trails. | Distinct lifecycles and fees visible and exported. | Exports match DB and audit.\n10 | Negative/Entitlements | Attempt deep-linking directly to Equity Order Entry for ETF after previously choosing Funds path, bypassing alert. | System still re-prompts ETF path alert; cannot bypass. | Gateway logs show 403/validation error without stack trace.","expectedResult":"ETF path alert must be enforced; Equity path applies ST commission and T trade lifecycle; Funds path applies MF commission and allocation/clearing lifecycle; entitlements respected; masking and audit intact.","systemsInvolved":"Call Center, Backend","rolesInvolved":"Agent, Supervisor (view only), BO Operator, Auditor","dataSensitivity":"PII minimal; portfolio identifiers; fee amounts","interfacesUsed":"ST–SP market routing (Equity path), TASE 1051/1052 for MF path, Fee engine","filesInvolved":"1051 (MF allocation), 1052 (MF settlement)","currencies":"ILS for valuation; ETF trade currency per instrument","exchangeRateAssumptions":"ASSUMPTION: EOD FX round half-even 2 decimals for valuations","feeTypes":"ST Commission (Equity), MF commission/distribution applicability note (Funds path)","matchingTolerance":"NA","timingAssumptions":"ASSUMPTION: MF cut-off 16:00; 1051 MF allocation T evening; 1052 MF settlement T+1 20:30; equity 1051 EOD T","auditEventsToVerify":"etf_path_alert_shown, order_created(path=equity), trade_execution, recon_matched_1051, mf_order_created(path=funds), mf_allocated_1051, settlement_posted_1052","dbTablesToVerify":"ORDERS, DEALS, MOVEMENTS, ALLOCATIONS, OPEN_DELIVERY, AUDIT_LOG","apiEndpointsToVerify":"/etf/list, /order/place, /order/confirm, /mf/order/place","logsToCheck":"UI event logs (alert display), Order service logs, Fee engine logs, File ingestion logs","masksApplied":"Portfolio ref XXX-XX1456; PAN 4111********1111 never displayed; phone +972*****1234; email a***@domain.com","negativeVariations":"Try to suppress ETF path alert via querystring -> alert reappears; Place Funds path order after cut-off -> stored offline; Attempt to apply MF distribution fee to ETF Equity path -> must not apply","boundaryValues":"Quantity at min tick; price exactly at threshold boundary per TASE validation","stateTransitions":"Equity: Pending -> Placed with Market -> Partly Executed -> Executed -> Reconciled; Funds: Pending/Transit -> Allocated (1051) -> Settled (1052)","authorizationPath":"No maker–checker unless maker limit breached (ASSUMPTION); supervisor cannot self-approve","reconciliationKeys":"Instrument, Exchange, Quantity, Price/NAV, Trade/Allocation date","messagesShown":"ETF Order Panel Alert text; MF cut-off info on screen; generic success messages","errorCodesExpected":"ETF path required validation code (per Error Code List v4.0); MF after cut-off offline code","regulatoryReferences":"TASE trading rules for ETFs; MF allocation/clearing via files 1051/1052; BOI disclosure of fees","coverageTags":"etf, path-alert, fees, allocation, settlement, entitlements, audit"},{"type":"functional","title":"Extranet off-floor trade capture, blocks, T+1 BO entry, and recon","description":"End-to-end validation of Extranet trades: place blocks via Call Center, off-floor trade done externally, EOD mismatch in 1051, BO captures trade T+1 with correct category, releases blocks, and reconciles/settles.","testId":"EXTRANET-002","testDescription":"Simulate an off-floor customer trade. Validate cash/custody blocks applied by Call Center, 1051 mismatch report at EOD, BO next-day manual capture with category 'Extranet transaction out of exchange', expiry of blocks, and 1052 settlement.","prerequisites":"Customer authenticated; agent has Trading role; BO operator role available; exchange open; Extranet facility available; reconciliation and settlement batches enabled.","stepsToPerform":"1 | Call Center | Authenticate customer (Service Mode Phone, National ID); select portfolio; navigate to Order Entry. | Customer context set. | AUDIT customer_lookup.\n2 | Call Center | For intended BUY, apply manual cash block equal to estimated consideration + fees; for SELL, apply custody block on symbol. | Blocks visible in Fund Balance > Blocked Cash Details and Portfolio Block Details. | MOVEMENTS provisional blocks; UI drill-down shows block refs.\n3 | External (Extranet) | Second authorized person places off-floor order on TASE Extranet. | No immediate trade in BaNCS. | N/A in DB until EOD.\n4 | Backend (EOD T) | Ingest 1051; generate mismatch report showing order not present in BaNCS (off-floor). | Mismatch entry created. | RECON report RSP34290; AUDIT recon_mismatch_1051.\n5 | Backend (T+1 morning) | BO operator captures trade manually in BO with OrderCategory='Extranet transaction out of exchange'; input execution details and commissions per file. | Trade stored; reconciliation status pending. | DEALS inserted with category=EXTRANET; AUDIT extranet_trade_captured.\n6 | Backend | Expire or release the earlier blocks applied at Call Center. | Blocks released; balances updated. | MOVEMENTS block release entries; block refs closed.\n7 | Backend (T+1 20:30) | Ingest 1052 settlement advice; link to open delivery for this trade (auto/manual if needed). | Settlement advice matched and posted. | SETTLEMENT_ADVICE created; OPEN_DELIVERY matched; MOVEMENTS cash/nostro generated.\n8 | Call Center | Verify Trade Book/Order History reflect the captured trade with category; no pending blocks remain; PII masked. | UI accurate and masked. | Phone +972*****1234, email a***@domain.com.\n9 | Reports | Verify RSP34410 Technical Short/other relevant reports unaffected; mismatch report clears next cycle. | Reports correct. | Report archives show cleared mismatch for this item.\n10 | Negative | Attempt to capture the same Extranet trade twice in BO. | Duplicate prevented or flagged; no double postings. | AUDIT duplicate_trade_suppressed; unique keys enforced.","expectedResult":"Extranet trade flow works end-to-end: blocks applied and later released, manual capture T+1 with correct category, settlement and recon completed, duplicates prevented, full audit available.","systemsInvolved":"Call Center, Backend","rolesInvolved":"Agent, BO Operator, Auditor","dataSensitivity":"PII and trade details","interfacesUsed":"TASE 1051 mismatch, 1052 settlement, Recon module","filesInvolved":"1051, 1052 (inbound)","currencies":"ILS for local trades","exchangeRateAssumptions":"NA","feeTypes":"ST Commission per setup; no third-party fees unless configured","matchingTolerance":"Per custodian role if manual match is used (ASSUMPTION 0.50 ILS)","timingAssumptions":"ASSUMPTION: 1051 EOD T ~18:00; BO capture T+1 09:00; 1052 T+1 ~20:30","auditEventsToVerify":"customer_lookup, block_created, recon_mismatch_1051, extranet_trade_captured, block_released, sa_created, settlement_posted","dbTablesToVerify":"MOVEMENTS (blocks/releases), DEALS, OPEN_DELIVERY, SETTLEMENT_ADVICE, AUDIT_LOG, RECON_STATUS","apiEndpointsToVerify":"/blocks/create, /recon/ingest1051, /bo/trade/capture, /files/1052/ingest","logsToCheck":"Block service logs, BO capture logs, File ingestion logs, Recon logs","masksApplied":"Portfolio ref XXX-XX1456; no PAN; phone +972*****1234; email a***@domain.com","negativeVariations":"BO captures with wrong OrderCategory -> should be rejected or require correction; Blocks not released after capture -> reconciliation report should flag residual blocks; Duplicate BO capture suppressed","boundaryValues":"Trade quantity fractional where instrument supports; price at min/max threshold validated","stateTransitions":"Blocks placed -> 1051 mismatch -> Manual deal captured -> Open Delivery -> Settlement Advice -> Settled","authorizationPath":"BO capture requires BO Operator privileges; no maker–checker unless bank policy (ASSUMPTION)","reconciliationKeys":"Instrument, Quantity, Price, Trade date, Exchange Trade Number (if available)","messagesShown":"Generic mismatch noted in report; no PII in errors","errorCodesExpected":"Duplicate trade suppression code; category validation error code","regulatoryReferences":"TASE Extranet handling; internal BO controls; ISA/BOI auditability","coverageTags":"extranet, blocks, recon, settlement, audit, idempotency"},{"type":"security","title":"Post-execution Order Amendment with correction portfolio and 4-eyes approval","description":"Validate Existing Order correction after execution including reversal/re-posting, usage of correction portfolio, mandatory maker–checker (two approvals), immutable audit, and safe error handling.","testId":"AMND-EXE-003","testDescription":"Correct an executed order’s price/portfolio using Order Amendment > Existing Order. Ensure correction between correction account and client account only after dual approvals; verify reversals/postings and audit trail.","prerequisites":"Executed order exists (BUY or SELL); correction portfolio configured; maker–checker workflow enabled for corrections; agent has BO access to initiate amendment (ASSUMPTION via Head Office role); Supervisor (Checker #1) and Head Office Authorizer (Checker #2) available.","stepsToPerform":"1 | Call Center | Locate executed order via In-job Trade Book or Order History; note Internal Order Number. | Order visible with executed details. | UI export matches DB.\n2 | Call Center | Open Order Amendment screen; choose Amendment Type=Non-Derivative; Amendment For=ExistingOrder; enter Order Id and Portfolio Ref. | Amendment form loads with checkboxes. | AUDIT amendment_initiated.\n3 | Call Center | Tick Price and Portfolio (moving part of trade to correction portfolio); enter corrected price; add remarks. | Form validation passes; preview staged. | Client-side validations triggered.\n4 | Backend | On Submit, validate eligibility (executed-only), available positions/cash; compute reversal and new postings impact. | Exception raised requiring authorization per policy. | AUTH_QUEUE entry created; AUDIT auth_requested(amendment_correction).\n5 | Call Center (Checker #1) | Open Authorization Queue > My Queue; review details and remarks; Approve; assign to Checker #2 per workflow. | Status U – Authorization Pending (level 2). | AUTH_QUEUE updated; AUDIT auth_level1_approved.\n6 | Call Center (Checker #2) | Approve with remarks. | Amendment authorized; backend proceeds. | AUTH_QUEUE closed; AUDIT auth_level2_approved.\n7 | Backend | Perform reversal of original postings and deals as needed; post corrected deal/allocations; move appropriate quantity/value to correction portfolio; recompute fees differences if policy. | MOVEMENTS reversal/new created; DEALS corrected; positions adjusted. | MOVEMENTS with reversal flags; DEALS_AMEND trail; AUDIT amendment_applied.\n8 | Backend | Trigger EOD updates to recon and tax engine if price/positions impacted; update cost price. | Recon reflects amended state; tax lots updated next settlement cycle. | RECON_STATUS updated; LOTS_UPDATE queued; AUDIT lots_updated_if_applicable.\n9 | Call Center | Verify Order Trail shows amendment entries with both reversal and corrected legs; E-Journal shows Initiated/Authorized By Me; PII masked. | UI consistent and masked. | Portfolio XXX-XX1456; phone +972*****1234.\n10 | Negative | Agent (maker) attempts to self-approve; or tries MissingOrder for a non-executed order. | Self-approval blocked; MissingOrder blocked unless executed-only; generic safe error messages. | RBAC logs show denial; Error code recorded.","expectedResult":"Amendment executes only after two approvals; reversals and corrected postings are accurate; correction portfolio used; audits immutable; secure errors with no sensitive leakage.","systemsInvolved":"Call Center, Backend","rolesInvolved":"Agent (Maker), Supervisor/Authorizer (Checker #1), Head Office Authorizer (Checker #2), Auditor","dataSensitivity":"Customer trade and portfolio data","interfacesUsed":"Internal amendment and authorization services; Recon and Tax Engine feeds (EOD)","filesInvolved":"NA (amendment internal); downstream EOD files to Tax Engine as per schedule","currencies":"ILS or instrument currency per order","exchangeRateAssumptions":"EOD FX for valuation updates","feeTypes":"Recalculated ST Commission differences if configured; no 3rd party unless policy","matchingTolerance":"NA","timingAssumptions":"ASSUMPTION: Amendment postings immediate; recon updates next EOD","auditEventsToVerify":"amendment_initiated, auth_requested, auth_level1_approved, auth_level2_approved, amendment_applied, reversal_posted, positions_updated","dbTablesToVerify":"ORDERS, DEALS, DEALS_AMEND (or trail), MOVEMENTS, AUTH_QUEUE, E_JOURNAL, AUDIT_LOG, PORTFOLIO_POSITION","apiEndpointsToVerify":"/amendment/create, /authorization/approve, /journal/list","logsToCheck":"Amendment service logs, Authorization logs, Posting engine logs","masksApplied":"Portfolio ref XXX-XX1456; emails a***@domain.com; no PAN or CVV anywhere","negativeVariations":"Attempt amendment on non-executed order -> error; Maker tries to approve -> blocked; Over-correction causing negative balance -> rejected with safe message","boundaryValues":"Corrected price at min/max allowed threshold; fractional quantities if instrument supports","stateTransitions":"Executed -> Amendment Requested -> U – Authorization Pending -> Authorized -> Amended/Reversed -> Reconciled","authorizationPath":"Dual approvals enforced; assign to specific vs pool; maker cannot self-approve","reconciliationKeys":"Original Order Id, Amended Deal Id, Instrument, Quantity, Price","messagesShown":"User Exception prompting authorization; generic rejection messages without internal thresholds","errorCodesExpected":"Amendment not allowed for status; self-approval blocked code","regulatoryReferences":"BOI 4-eyes control; internal amendment controls outlined under Order Amendments","coverageTags":"amendment, maker-checker, correction-portfolio, reversal, audit, RBAC"},{"type":"functional","title":"Custody fee daily accrual and quarterly aggregation with exemptions and leap-year handling","description":"Validate custody fee computation daily on holdings, accrual storage, quarterly aggregation and posting, customer notification messages, exemptions, and audit.","testId":"FEE-CUST-004","testDescription":"Run daily custody fee batch over a mixed portfolio including local/foreign and non-tradable; verify accrual math, leap-year day inclusion, quarterly aggregation posting with message 77/425, exemptions per configuration, and audit.","prerequisites":"Customer with holdings across asset classes; custody fee package configured with min/max caps; exemption flags present for selected instruments or customers; batch jobs enabled.","stepsToPerform":"1 | Backend | Run daily custody fee computation (batch). | Accruals created for all eligible holdings; exemptions skipped. | DIST/CUSTODY accrual table populated; AUDIT custody_fee_accrued.\n2 | Call Center | Open Portfolio Valuation/Detailed; verify no immediate debit—only accrual metadata if exposed. | UI shows valuation unaffected by yet-unposted fee; optional info tag. | UI parity with DB.\n3 | Backend | Simulate leap-year date (Feb 29) with holdings; rerun daily accrual. | Extra day accrual computed accurately. | Accrual amount includes Feb 29; logs show leap-year branch.\n4 | Backend | Back-date a trade correction affecting prior days; rerun daily process. | Re-computation adjusts prior-day accruals. | Accrual adjustments rows written with references.\n5 | Backend (Quarter end) | Run quarterly aggregation and posting; apply min/max caps; post to customer account. | One consolidated debit per policy; GL postings generated. | MOVEMENTS fee postings; GL BSPL codes; AUDIT custody_fee_posted.\n6 | Call Center | Verify Messages/EOD inbox shows fee message 77/425 with correct amounts and period. | Message delivered and accurate; PII masked. | Message store contains period, portfolio masked.\n7 | Reports | Generate Custody Fee report RSP34390; verify totals equal postings and accrual sums. | Report accurate; exported to vault. | Report file archived.\n8 | Negative (Exemption) | Mark a position as exempt; rerun daily accrual. | Exempt position not charged; accrual shows exclusion. | Accrual log lists exemption reason.\n9 | Negative (Caps) | Create scenario where computed fee exceeds max cap. | Applied fee truncated at cap; audit shows cap_applied=true. | Audit fields include cap flags.","expectedResult":"Custody fee accrual and quarterly posting are computed correctly with exemptions and caps; leap-year handled; customer notified; all postings and audits consistent.","systemsInvolved":"Backend, Call Center","rolesInvolved":"BO Operator, Agent (view), Auditor","dataSensitivity":"Balances/fees; PII in messages must be masked","interfacesUsed":"Batch fee engine; Reporting","filesInvolved":"Custody Fee reports (RSP34390), Message 77/425","currencies":"ILS account currency; foreign holdings valued per FX","exchangeRateAssumptions":"EOD FX applied for value base; round half-even","feeTypes":"Custody Fee (periodic); min/max caps","matchingTolerance":"NA","timingAssumptions":"ASSUMPTION: Daily accrual 02:00; quarterly posting on last business day 21:00","auditEventsToVerify":"custody_fee_accrued, custody_fee_adjusted(recalc), custody_fee_posted, message_generated_77_425","dbTablesToVerify":"CUSTODY_FEE_ACCRUAL, MOVEMENTS, AUDIT_LOG, MESSAGE_OUTBOX","apiEndpointsToVerify":"/fees/custody/runDaily, /fees/custody/runQuarter, /reports/export","logsToCheck":"Fee engine logs, GL posting logs, Message generation logs","masksApplied":"Customer messages show portfolio XXX-XX1456; phone +972*****1234; email a***@domain.com","negativeVariations":"Exempt instrument wrongly charged -> should be excluded; Fee above cap -> truncated; Back-dated correction -> accrual re-computed","boundaryValues":"Portfolio with zero market value -> zero fee; leap-year extra day accrual; min fee applied where applicable","stateTransitions":"Accrued (daily) -> Adjusted (if recalc) -> Posted (quarterly)","authorizationPath":"No maker–checker for automated postings (ASSUMPTION), BO oversight via reports","reconciliationKeys":"Portfolio Id, Instrument, Date, Accrual Amount, Posting Ref","messagesShown":"Message 77/425 with period and amount; no sensitive internal codes","errorCodesExpected":"Report generation failure; accrual job skip item recorded by CTRLM","regulatoryReferences":"BOI price list and Directive 414; customer reporting; internal fee governance","coverageTags":"fees, custody, accrual, quarterly, leap-year, reports, audit, masking"},{"type":"security","title":"Market data subscription entitlements and delayed/live enforcement across features","description":"Verify live vs delayed data entitlements per feature, proper disclaimers/indicators, secure error handling when attempting to bypass, and auditability.","testId":"ENT-MD-005","testDescription":"Validate subscription matrix from Call Center: Market Watch delayed, Index Watch live, Order Quote/Depth live for local and per-entitlement for foreign, Portfolio Valuation per privilege, Tax Simulation always allowed with delayed quotes; ensure attempts to force live data are blocked and audited.","prerequisites":"Two agent test accounts: A with full local live + foreign delayed; B with no market-data entitlements (minimal). Subscription matrix configured as per Table 3; gateway enforces scopes.","stepsToPerform":"1 | Call Center (Agent A) | Open Market Watch for local and foreign symbols. | Local and foreign show Delayed indicator and disclaimer as configured (local may be delayed by 15m; foreign delayed per policy). | UI displays 'Prices are delayed for 20 minutes' banner.\n2 | Call Center (Agent A) | Open Index Watch. | Live indices displayed without delay. | Timestamp current; indicator shows live.\n3 | Call Center (Agent A) | Open Get Quote (Order Quote) for local symbol; then open Order Depth (book). | Live L1/L2 data visible for local per matrix. | UI shows live; audit of quote_view.\n4 | Call Center (Agent A) | Open Get Quote for foreign symbol. | If entitlement==delayed, delayed depth/quotes or previous close only; clear indicator. | UI shows 'delayed' flag for foreign.\n5 | Call Center (Agent A) | Open Portfolio Valuation; verify data per entitlement and disclaimer presence. | Valuation shows prices per entitlement; disclaimer shown if delayed. | UI banner consistent.\n6 | Call Center (Agent A) | Open Tax Simulation and run for two symbols. | Simulation allowed; prices may be delayed; results returned. | AUDIT tax_simulation_requested; entitlement bypass not required.\n7 | Call Center (Agent B) | Attempt to open Get Quote/Depth for any symbol. | Access denied or delayed-only view; secure generic message without stack trace. | Gateway 403/entitlement_violation; no PII in response.\n8 | Call Center (Abuse) | Manipulate API call (e.g., add live=true or call /md/live endpoint directly) using browser dev tools. | Server denies based on token scopes; response generic. | API logs show scope_mismatch; AUDIT md_access_denied.\n9 | Call Center | Export Market Watch; ensure export shows entitlements/indicators but no customer PII. | Export present; no PII. | File content checked.","expectedResult":"Entitlements strictly enforced per feature; delayed/live indicators consistent; tax simulation permitted; abuse attempts blocked and audited; no sensitive info leaked.","systemsInvolved":"Call Center, Backend","rolesInvolved":"Agent A (live/delayed), Agent B (restricted), Auditor","dataSensitivity":"Market data; avoid PII in errors/exports","interfacesUsed":"Market Information module; subscription/RBAC service","filesInvolved":"NA","currencies":"ILS, USD as per symbol","exchangeRateAssumptions":"NA","feeTypes":"NA","matchingTolerance":"NA","timingAssumptions":"ASSUMPTION: 15-minute delay for TASE and foreign unless subscribed","auditEventsToVerify":"md_widget_viewed, quote_view(local/foreign), md_access_denied(scope), tax_simulation_requested","dbTablesToVerify":"AUDIT_LOG, SUBSCRIPTION_MATRIX, USER_ROLE_ENTITLEMENT","apiEndpointsToVerify":"/md/marketwatch, /md/quote, /md/depth, /portfolio/valuation, /tax/simulate","logsToCheck":"Gateway access logs, Market data service logs, RBAC service logs","masksApplied":"No PAN/phone/email in any market data screens; profile info masked elsewhere","negativeVariations":"Try to export raw live data without entitlement -> export blocked or downgraded to delayed; Switch language header to inject script in disclaimers -> sanitized and logged","boundaryValues":"Exactly at 15:00 delay boundary the banner still shows 'delayed' until entitlement confirms live","stateTransitions":"Unauth MD access -> Denied; Entitled MD access -> Served (live/delayed)","authorizationPath":"RBAC-based; no maker–checker","reconciliationKeys":"NA","messagesShown":"Delayed data disclaimers; generic 'Not authorized to view live market depth'","errorCodesExpected":"entitlement_violation; scope_mismatch","regulatoryReferences":"TASE delayed data policy; BOI expectations on fair disclosure and customer communication","coverageTags":"entitlements, market-data, RBAC, security, audit, masking"},{"type":"functional","title":"Position Reconciliation - TASE 1053 (local) and APEX 871 (foreign) with ageing, repair, and auditor read-only","description":"End-to-end nightly position reconciliation across local (TASE 1053) and foreign (APEX 871) vs BaNCS positions, with exception ageing, manual repair, idempotent file re-ingestion, and auditor read-only verification.","testId":"RECON-POS-1053-871-001","testDescription":"Validate that position mismatches are detected, aged, repaired, and cleared; duplicate file ingestion is suppressed; auditor can only view; all actions audited.","prerequisites":"Positions exist for at least 3 local TASE and 2 foreign symbols; intentionally create one mismatch (e.g., fractional quantity drift 0.001) in BaNCS for a TASE symbol; reconciliation batches enabled.","stepsToPerform":"1. Backend: Ingest TASE 1053 file for local positions via CTRLM/GoAnywhere. Verify technical validations (format/length) and checksum OK.\n2. Backend: Ingest APEX 871 file for foreign positions. Ensure storage-only as per spec and mark ready for recon.\n3. Backend: Run position reconciliation batch (ASSUMPTION: hourly). Compare 1053 vs BaNCS and 871 vs BaNCS; generate exceptions with ageing day=0.\n4. Call Center (Head Office user): Open BO reports/Reconciliation UI and filter by Status=Not Matched; export exceptions to CSV; confirm the known drift item is listed with correct keys (instrument, qty, portfolio).\n5. Backend: Perform repair for the drifted TASE position by posting an internal adjustment per accounting rules; log reason code; do not overcorrect fractional precision beyond configured scale.\n6. Backend: Re-run reconciliation batch; confirm the repaired item moves to Reconciled and ageing stops; previous exception is retained in history/audit.\n7. Backend: Re-ingest the exact same 1053 and 871 files (duplicate). System must suppress duplicates by business keys and record duplicate_ingest_suppressed audit; no change to recon status.\n8. Call Center (Auditor role): Access reconciliation views in read-only; attempt to perform repair is denied with RBAC message; verify exports contain no PII (only portfolio ref masked XXX-XX1456).\n9. Backend: Generate recon exception report RSP34360 (TASE); export archive; ensure correlationId and file names logged for traceability.","expectedResult":"Mismatches are detected and aged, repaired entries move to Reconciled, duplicate file ingestion is idempotent, auditor has read-only access, exports and UI reflect masked identifiers, and a complete audit trail exists.","systemsInvolved":"Call Center, Backend","rolesInvolved":"Head Office user (BO operator), Auditor","dataSensitivity":"Portfolio identifiers; positions; no PAN/CVV","interfacesUsed":"CTRLM job control, GoAnywhere routing, Reconciliation module","filesInvolved":"TASE 1053, APEX 871","currencies":"ILS for local; foreign per instrument with valuation in ILS","exchangeRateAssumptions":"ASSUMPTION: EOD FX round half-even to 2 decimals; comparison done in file currency and reported in ILS for UI","matchingTolerance":"Exact for quantity; fractional precision per instrument scale (e.g., 3dp for fractions)","timingAssumptions":"ASSUMPTION: 1053/871 arrive by 20:00; recon runs hourly with 30 min polling window","auditEventsToVerify":"file_ingested_1053, file_ingested_871, recon_started, recon_exception_created, position_adjustment_posted, recon_cleared, duplicate_ingest_suppressed","dbTablesToVerify":"POSITION, RECON_STATUS, RECON_EXCEPTION, MOVEMENTS, AUDIT_LOG, FILE_INGESTION_META","apiEndpointsToVerify":"/files/1053/ingest, /files/871/ingest, /recon/positions/run, /recon/positions/query","logsToCheck":"CTRLM job logs, File ingestion logs, Reconciliation engine logs, Audit logs","masksApplied":"Portfolio ref XXX-XX1456; phone +972*****1234; email a***@domain.com; PAN 4111********1111 never displayed","negativeVariations":"Corrupted 1053 file -> ingestion fails with CTRLM alert and no partial DB writes; Auditor attempts export of raw file -> denied; Ageing >5 days item remains not matched -> escalated severity in report (ASSUMPTION bank policy)","boundaryValues":"Fractional quantity 0.001; very large portfolio with 10,000+ lines; instrument id at max length per spec","stateTransitions":"Recon item: New -> Not Matched (age=0) -> Repaired -> Reconciled; Duplicate file: Received -> Suppressed","authorizationPath":"Repairs allowed for BO Operator only; Auditor read-only","reconciliationKeys":"Portfolio ID, Instrument ID, Quantity, Valuation Date","messagesShown":"Generic recon exception messages; no PII leakage","errorCodesExpected":"File format validation error codes per Error Code List v4.0; RBAC_DENIED for auditor edits","regulatoryReferences":"TASE 1053 position recon; BOI auditability expectations; APEX position recon usage","coverageTags":"reconciliation, positions, TASE1053, APEX871, idempotency, RBAC, audit"},{"type":"functional","title":"Net Settlement and TASE Fee Reconciliation - File 32 and 1091 ingestion, duplicate D-record prevention, CTRLM alerting","description":"Validate ingestion and archival of TASE File 32 (net settlement) and 1091 (detailed fees), reconciliation vs BaNCS where configured, generation of extracts when not configured, idempotency on duplicate terminal records, and CTRLM failure alerts.","testId":"RECON-CASH-32-1091-002","testDescription":"Ensure files are stored as-is, reconciled when TASE fee setup exists; otherwise provide extract; detect duplicate last-file indicators; verify reports and audit.","prerequisites":"At least 5 executed local trades with commissions in BaNCS; fee engine configuration toggled in two runs: (A) TASE fee configured; (B) not configured; CTRLM and GoAnywhere available.","stepsToPerform":"1. Backend: Receive and ingest File 32 via GoAnywhere; validate technical fields; archive binary with checksum; mark last-file indicator 'D' for the day.\n2. Backend: Receive and ingest 1091; store raw records; link to trades by keys (BaNCS Order Id/Allocation/Instrument) per spec; start reconciliation process when fee setup is enabled.\n3. Backend (A - fee setup on): Run reconciliation; compute deltas (BaNCS vs 1091) per trade; generate reconciliation report with difference column; update RECON tables.\n4. Backend (B - fee setup off): Rerun with setup disabled; produce CSV extract for manual reconciliation without attempting automated match; confirm flags reflect 'no setup' path.\n5. Call Center (BO Operator via reports view): Download RSP34240/TASE clearing and any fee recon outputs; verify totals align with last 32 file 'D' record; ensure UI shows Reconciled/Not Matched status per trade.\n6. Backend: Post any necessary accounting adjustments flagged by reconciliation (ASSUMPTION: adjustments require manual approval and are not auto-posted).\n7. Backend: Attempt to re-ingest the same 1091 and 32 files for the same business date and same 'D' record; system must suppress duplicates and log duplicate_file_suppressed.\n8. Backend: Ingest a malformed 1091 (bad length in a record); CTRLM should alert failure, mark file as rejected, and no DB updates occur.\n9. Auditor: Verify immutable audit chain includes file name, checksum, correlationId, user/job id, and that no sensitive fee thresholds are exposed in logs.","expectedResult":"File 32 and 1091 are archived and reconciled per configuration; duplicates are suppressed; reconciliation or extract produced as applicable; CTRLM alerts on failures; UI/report parity holds with complete audit.","systemsInvolved":"Backend, Call Center","rolesInvolved":"BO Operator, Auditor","dataSensitivity":"Trading and fee data; no customer PAN/CVV","interfacesUsed":"GoAnywhere routing, CTRLM job control, Fee engine, Reconciliation module","filesInvolved":"TASE File 32, TASE 1091","currencies":"ILS","exchangeRateAssumptions":"NA (local market)","feeTypes":"ST Commission; potential TASE fees when configured","matchingTolerance":"Exact match expected at trade level for charges when configured","timingAssumptions":"ASSUMPTION: 32 and 1091 arrive EOD by 21:00; reconciliation jobs run at 21:30","auditEventsToVerify":"file32_ingested, file1091_ingested, fee_recon_started, fee_recon_diff_found, fee_recon_completed, duplicate_file_suppressed, ctrml_alert_raised","dbTablesToVerify":"RECON_CASH_32, RECON_FEE_1091, AUDIT_LOG, FILE_INGESTION_META, REPORT_ARCHIVE","apiEndpointsToVerify":"/files/32/ingest, /files/1091/ingest, /recon/fees/run, /reports/export","logsToCheck":"CTRLM logs, File ingestion logs, Reconciliation logs, Report generator logs","masksApplied":"Portfolio refs masked (XXX-XX1456) in any UI/view; phone +972*****1234; email a***@domain.com","negativeVariations":"Partial 1091 file (truncated) -> fail fast, alert, and no partial reconciliation; D-record repeated twice -> second is suppressed; Fee setup toggled mid-run -> job aborts and rolls back with safe message","boundaryValues":"Commission at configured min/max caps; very high trade counts (10k lines) in 1091; zero-fee trades","stateTransitions":"Trade recon: Unreconciled -> Reconciled/Not Matched; File ingest: Received -> Stored -> Reconciled or Rejected","authorizationPath":"Manual accounting adjustments require BO approval (ASSUMPTION); not part of auto-recon","reconciliationKeys":"BaNCS Order Id, Allocation Id, Instrument, Amount, Trade Date","messagesShown":"Generic reconciliation complete/failed messages without internal thresholds","errorCodesExpected":"File validation errors per Error Code List v4.0; duplicate suppression code","regulatoryReferences":"TASE 32/1091 reporting; BOI fee disclosure; internal auditability","coverageTags":"reconciliation, net-settlement, fees, 1091, file32, idempotency, CTRLM, audit"},{"type":"functional","title":"ADR/GDR Conversion - Linked Delivery Out/In with External Reference 2, dual-leg settlement, and tax-lot transfer","description":"Back Office captures ADR/GDR conversion using Delivery Out and Delivery In with a common linking key, enforces maker–checker where applicable, processes custodian settlement, and transfers tax lots on settlement.","testId":"TRF-ADR-GDR-003","testDescription":"Validate both legs linkage via External Reference 2, creation of open deliveries, 1052 settlement of each leg, idempotent SA creation, and proper tax-lot migration.","prerequisites":"Portfolio holds local equity eligible for ADR conversion; BO user privileges available; custodian 1052 flow enabled; maker–checker configured for Delivery In/Out (ASSUMPTION single checker).","stepsToPerform":"1. Backend (BO): Create Delivery Out for 'Local to ADR Conversion' selecting instrument, quantity (supports fractional), set Delivery Type accordingly; set External Reference 2=LINK-ADR-001.\n2. Backend (BO): Create Delivery In for ADR instrument for the matching quantity; set Delivery Type 'ADR to Local Sec Conversion' if reverse or appropriate pairing; use the same External Reference 2=LINK-ADR-001.\n3. Backend: Submit both legs; if maker–checker is enabled, route to Checker; ensure items appear in Authorization Queue with transaction type Delivery In/Out.\n4. Call Center (Checker): Approve both legs from My Queue; verify audit entries for auth_level1_approved and linkage key present in trail.\n5. Backend: Open Deliveries created for both legs; positions locked accordingly; verify OPEN_DELIVERY rows contain External Reference 2.\n6. Backend: Ingest 1052 from custodian containing settlement advices for both instruments; ensure Settlement Advice is created once per unique movement and linked by instrument and quantity; idempotency enforced on duplicates.\n7. Backend: Run settlement batch; mark both legs Settled; generate nostro postings; ensure matched items are excluded from further reconciliation runs.\n8. Backend: Send movements to Tax Engine at EOD; verify tax-lot layers are re-assigned between instruments/holders per conversion rules; audit lots_updated.\n9. Call Center: Review Security Transfer History/Delivery In/Out history screens; confirm both legs show Settled and linked via external reference in UI; export details.\n10. Negative: Approve only one leg and hold the other; verify unmatched leg remains 'To Be Repaired' and no partial posting to customer until both legs settle; try mismatching instrument on Delivery In -> validation blocks.","expectedResult":"Both conversion legs are correctly linked, authorized, settled via 1052, and tax lots are transferred. Duplicates are suppressed, partial approval is handled safely, and full audit is available.","systemsInvolved":"Backend, Call Center","rolesInvolved":"BO Operator (Maker), Checker (Supervisor), Auditor","dataSensitivity":"Positions and identifiers","interfacesUsed":"1052 ingestion, Authorization Queue, Tax Engine EOD","filesInvolved":"TASE/Custodian 1052","currencies":"Instrument currencies; UI consolidation in ILS","exchangeRateAssumptions":"EOD FX for valuation and tax lots when required; round half-even 2 decimals","matchingTolerance":"Custodian amount tolerance per role (ASSUMPTION 0.50 ILS)","timingAssumptions":"ASSUMPTION: 1052 T+1 20:30; settlement batch 21:00","auditEventsToVerify":"delivery_out_created, delivery_in_created, auth_requested, auth_level1_approved, sa_created, settlement_posted, lots_updated, duplicate_sa_suppressed","dbTablesToVerify":"DELIVERY_ORDER, OPEN_DELIVERY, SETTLEMENT_ADVICE, MOVEMENTS, AUTH_QUEUE, AUDIT_LOG, LOTS_UPDATE","apiEndpointsToVerify":"/delivery/create, /authorization/approve, /files/1052/ingest, /settlement/run","logsToCheck":"Delivery service logs, Authorization logs, Settlement logs, File ingestion logs","masksApplied":"Portfolio ref XXX-XX1456 in UI; phone +972*****1234; email a***@domain.com","negativeVariations":"External Reference mismatch between legs -> warning and block; Duplicate 1052 for a leg -> suppressed; Attempt to unmatch settled conversion -> not allowed and audited","boundaryValues":"Fractional quantity 0.001; max allowed quantity per instrument","stateTransitions":"Delivery: Authorized -> Pend Settle/Open Delivery -> Settled; Or To Be Repaired if counterpart leg missing","authorizationPath":"Single checker approval required (ASSUMPTION); maker cannot self-approve","reconciliationKeys":"External Reference 2, instrument_id, quantity, price, movement_id/event_id","messagesShown":"Conversion-specific delivery types; instrument mandatory for matching","errorCodesExpected":"Instrument mismatch, missing-counterpart-leg codes per Error Code List v4.0","regulatoryReferences":"Custodial settlement controls; ISA/BOI auditability; ADR/GDR conversion handling","coverageTags":"transfers, delivery-in-out, adr-gdr, maker-checker, reconciliation, tax-lots, idempotency, audit"},{"type":"functional","title":"Outside Bank Transfer - 'Transfer without Identification' tax event, zero-cost to receiver, tax posting on settlement","description":"Validate the special case transfer to another bank with Transfer Case 'Transfer without Identification (Tax Event)', ensuring tax identifier=2, receiver cost set to zero, tax posting on settlement date, and full file-based lifecycle.","testId":"TRF-TAXEVENT-004","testDescription":"End-to-end covering Call Center initiation, maker–checker, File 15 outbound, 1051/1052 inbound matching, tax engine postings and zero-cost lot at receiver.","prerequisites":"Customer authenticated; equity holding available; Outside Bank transfer enabled; Head Office permission to select this Transfer Case; Tax Engine integrated.","stepsToPerform":"1. Call Center (Agent): Open Security Transfer > Select Security; choose one TASE equity; set fractional transfer quantity (e.g., 10.25). Confirm consolidated transfer value in ILS.\n2. Call Center: Add Beneficiary -> Outside Bank; enter Bank/Branch/Account; ensure Same Entity unchecked; select Transfer Case 'Transfer without Identification (Tax Event)'.\n3. Backend: Validate rules: Outside Bank only for TASE, MF to other entity blocked, ex-date block, and special info message about tax event; create order requiring authorization.\n4. Call Center (Maker): Preview commission; tick 'I Agree'; Release; Initiate Authorization to specific Checker.\n5. Call Center (Checker): Approve the transfer; order moves to Released; custody blocks applied; audit recorded.\n6. Backend/CTRLM: BOD T+1 send File 15; archive and audit file15_sent; open delivery created; wait for 1051 reconciliation.\n7. Backend: Ingest 1051 and 1052; create Settlement Advice, match open delivery; enforce duplicate SA prevention; run settlement batch to post DR security movement and remove blocks.\n8. Backend (EOD Settlement Date): Send movement to Tax Engine; receive tax/refund; post tax to customer account; create lots update for receiver with zero cost; set Same Entity Tax Identifier=2.\n9. Call Center: Review Security Transfer History; verify status Settled, reconciliation Reconciled; confirm lot at receiver cost=0 (visible in valuation on their side when available); export history.\n10. Negative: Attempt to toggle Same Entity=checked while Transfer Case remains 'Transfer without Identification' -> system blocks; attempt to include Mutual Fund in selection -> blocked with rule message.","expectedResult":"Transfer completes with correct tax handling: tax identifier=2, receiver lots at zero cost, tax posted on settlement; files processed once; maker–checker enforced; UI and reports reflect final status; audit complete.","systemsInvolved":"Call Center, Backend","rolesInvolved":"Agent (Maker), Checker (Supervisor), BO Operator, Auditor","dataSensitivity":"PII (IDs), account numbers","interfacesUsed":"GoAnywhere routing, CTRLM jobs, TASE 15/1051/1052, Tax Engine","filesInvolved":"File 15 (outbound), 1051/1052 (inbound), Tax results/lots update","currencies":"Order value consolidated in ILS","exchangeRateAssumptions":"If any foreign position included (should be disallowed for Outside Bank non-TASE), value remains in ILS; round half-even","feeTypes":"Transfer commission per tariff","matchingTolerance":"Custodian amount tolerance (ASSUMPTION 0.50 ILS)","timingAssumptions":"ASSUMPTION: File 15 BOD T+1; 1051 T; 1052 T+1 20:30; tax postings on settlement-date EOD","auditEventsToVerify":"transfer_created, fee_computed, auth_requested, auth_approved, file15_sent, sa_created, reconcile_match, settlement_posted, tax_posted, lots_updated_zero_cost","dbTablesToVerify":"SEC_TRANSFER_ORDER, AUTH_QUEUE, OPEN_DELIVERY, SETTLEMENT_ADVICE, MOVEMENTS (tax), LOTS_UPDATE, AUDIT_LOG","apiEndpointsToVerify":"/transfer/create, /authorization/approve, /files/15/send, /files/1051/ingest, /files/1052/ingest, /eod/tax/postings","logsToCheck":"Transfer service logs, Authorization logs, CTRLM logs, Reconciliation logs, Tax postings logs","masksApplied":"Beneficiary phone +972*****1234 and email a***@domain.com; account numbers masked in UI; PAN 4111********1111 never displayed","negativeVariations":"Selecting MF for transfer to other entity -> blocked; Same Entity checked with tax-event case -> blocked; Duplicate 1052 -> suppressed with audit","boundaryValues":"Fractional qty 0.001; commission min/max caps","stateTransitions":"U – Authorization Required -> Released -> Pend Settle/Open Delivery -> Settled","authorizationPath":"Specific checker approval required; maker cannot self-approve; pool fallback allowed","reconciliationKeys":"movement_id, event_id, instrument_id, quantity, price","messagesShown":"Information banner: 'Transfer will be taxed and the receiving account will receive the securities at zero cost'","errorCodesExpected":"Rule violation codes per Error Code List v4.0 (MF to other entity; same-entity conflict)","regulatoryReferences":"ISA/ITA tax event handling; TASE transfer lifecycle; BOI approvals","coverageTags":"transfers, tax-event, outside-bank, maker-checker, reconciliation, tax-lots, audit"},{"type":"security","title":"POA Restriction - Employee with POA placing an order requires independent approval; secure errors and audit","description":"Validate that a bank employee who is also a Power of Attorney (POA) on a customer account cannot trade without approval from another party; ensure RBAC, safe messages, and full audit trail.","testId":"SEC-POA-ORD-005","testDescription":"Place an order by a user flagged as POA for the account; system should raise an exception requiring authorization; verify supervisor approval path, execution, and masking.","prerequisites":"Agent user flagged as bank employee and POA on the target account; supervisor available; customer authenticated; existing trading entitlements; self-transaction rule not triggered in this test.","stepsToPerform":"1. Call Center (Agent-POA): Authenticate customer via Phone; select portfolio; open Order Entry; enter a small BUY order within maker limits to isolate POA control.\n2. Backend: On 'Place Order', run pre-trade validations; detect POA flag for agent vs account; raise exception 'POA requires independent approval'; create ORDER with status U - Authorization Pending.\n3. Call Center (Agent-POA): Receive Authorization dialog; assign to specific Supervisor; verify E-Journal 'Initiated By Me' entry.\n4. Call Center (Supervisor - non-POA): Open My Queue; review POA exception; Approve with remarks; audit supervisor_approved recorded; verify maker cannot self-approve.\n5. Backend: Route order to market (ST–SP) now that approval is granted; receive execution; update deals/movements.\n6. Backend: EOD 1051 recon for the trade; update recon status to Reconciled; no failures.\n7. Call Center: Order Trail displays POA exception and approval steps; PII masked (portfolio XXX-XX1456; phone +972*****1234; email a***@domain.com); errors do not reveal internal thresholds.\n8. Negative (Bypass attempt): Agent-POA tries to place off-market order or via In-job screens to avoid approval; system still enforces POA rule and blocks until approved; audit md_attempt_bypass or rbac_denied captured.\n9. Negative (Privilege escalation): Agent-POA attempts to assign approval to self; UI prevents and backend rejects with audit self_approval_blocked.","expectedResult":"POA orders cannot proceed without independent approval; after supervisor approval the order executes and reconciles; safe error messages and masking applied; audit is complete.","systemsInvolved":"Call Center, Backend","rolesInvolved":"Agent (POA maker), Supervisor (Checker), BO Operator, Auditor","dataSensitivity":"PII and trade data","interfacesUsed":"ST–SP market routing, Authorization services","filesInvolved":"1051 (recon only for execution)","currencies":"ILS","exchangeRateAssumptions":"NA","feeTypes":"ST Commission per tariff","matchingTolerance":"NA","timingAssumptions":"ASSUMPTION: Market open; 1051 EOD","auditEventsToVerify":"poa_validation_blocked, order_created, auth_requested(poa), supervisor_approved, trade_execution, recon_matched, self_approval_blocked, bypass_attempt_blocked","dbTablesToVerify":"ORDERS, AUTH_QUEUE, E_JOURNAL, DEALS, MOVEMENTS, AUDIT_LOG, RECON_STATUS","apiEndpointsToVerify":"/order/place, /authorization/assign, /authorization/approve","logsToCheck":"Order validation logs (POA check), Authorization logs, Trade capture logs","masksApplied":"Portfolio ref XXX-XX1456; phone +972*****1234; email a***@domain.com; PAN 4111********1111 never displayed","negativeVariations":"Supervisor rejects -> order moves to C – Approval Rejected with rollback; Agent tries to split the order to avoid approval -> still blocked due to POA; Any error messages remain generic without revealing policy details","boundaryValues":"Order exactly at maker limit still requires POA approval (independent of limit policy)","stateTransitions":"Pending -> U Authorization Pending -> Placed with Market -> Executed; or C – Approval Rejected","authorizationPath":"Independent non-POA supervisor must approve; maker cannot self-approve","reconciliationKeys":"Instrument, Quantity, Price, Execution Id, Trade date","messagesShown":"Generic 'Order requires authorization' without POA role details exposed to customer","errorCodesExpected":"POA approval required code; RBAC self-approval blocked per Error Code List v4.0","regulatoryReferences":"Internal control: POA restrictions; BOI operational controls for 4-eyes","coverageTags":"security, POA, RBAC, maker-checker, audit, masking"},{"type":"reference","title":"E2E Data Flow Map - Sensitive profile change (phone/email) with re-auth and immutable audit","description":"Mapping only; not a functional test. Shows end-to-end flow for updating customer contact details from Call Center with step-up re-authentication and Backend audit/state change.","testId":"MAP-SEC-PRF-006","testDescription":"Input in Call Center -> Request to Backend -> Backend validations/rules (step-up) -> Backend state change -> Response to Call Center -> What to verify (UI + DB/log/audit).","prerequisites":"Agent is logged into Call Center via SSO; customer context selected from Customer Authentication; ASSUMPTION: Re-auth required for sensitive profile changes; OTP or supervisor PIN supported.","stepsToPerform":"1 | Call Center | From customer context, open Profile/Contact details screen; click Edit on phone/email. | Screen shows masked values +972*****1234 and a***@domain.com; edit disabled pending re-auth. | UI mask rules applied; no full PII visible.\n2 | Call Center->Backend | Click Edit; send re-auth request. | Backend returns step-up challenge (OTP or supervisor PIN). | Gateway returns 401-stepup with correlationId.\n3 | Call Center | Enter valid OTP/PIN and submit. | Challenge accepted; edit form unlocked. | IdP/step-up service audit event reauth_success.\n4 | Call Center->Backend | Submit new phone/email values. | Backend validates formats, uniqueness, change reason. | Validation logs; no PII in error text if invalid.\n5 | Backend | Persist changes as pending; generate maker–checker if bank policy requires (ASSUMPTION optional); write immutable audit with before/after masked. | Change request row created; AUDIT_LOG profile_change_requested.\n6 | Backend | Commit update (or after approval); update contact tables; stamp user, time, ip. | State changed; history version recorded. | CUSTOMER_CONTACT, CONTACT_HISTORY updated.\n7 | Backend | Emit EOD message to customer inbox if in scope; redact PII; store for report inventory. | Message created without full PAN/phone/email. | MESSAGE_OUTBOX row; template id logged.\n8 | Backend->Call Center | Return success; show masked updated values. | UI confirms update; shows +972*****1234 and a***@domain.com. | No full values in UI or logs.\n9 | Call Center | Verify E-Journal shows Initiated By Me entry referencing transaction. | Journal entry visible. | E_JOURNAL entry with correlationId.","expectedResult":"Contact change requires re-auth; data stored once; UI stays masked; immutable audit trail exists with correlation IDs; optional approval respected.","systemsInvolved":"Call Center, Backend","rolesInvolved":"Agent, Supervisor (if maker–checker), Auditor","dataSensitivity":"PII (phone, email); PAN never handled here","interfacesUsed":"IdP/step-up service, Audit service, Message service","filesInvolved":"NA","auditEventsToVerify":"reauth_challenge, reauth_success, profile_change_requested, profile_change_committed, message_generated(if any)","dbTablesToVerify":"CUSTOMER_CONTACT, CONTACT_HISTORY, AUDIT_LOG, E_JOURNAL, MESSAGE_OUTBOX","apiEndpointsToVerify":"/profile/stepup, /profile/update, /journal/list","logsToCheck":"Gateway access log (correlationId), Step-up service log, Backend audit log","messagesShown":"Generic re-auth prompt; success confirmation; validation errors without PII","masksApplied":"Phone +972*****1234, email a***@domain.com, PAN 4111********1111 never displayed","negativeVariations":"Wrong OTP/PIN -> blocked; Attempt to POST /profile/update without step-up token -> 403 with generic message; Try to save unmasked phone/email in logs -> ensure logs redact values","boundaryValues":"Max email length per validation; international phone format with country code","stateTransitions":"Edit locked -> Step-up required -> Edit unlocked -> Change requested -> Committed","timingAssumptions":"ASSUMPTION: Step-up token TTL 120s; audit write synchronous","authorizationPath":"Optional maker–checker per bank policy; maker cannot approve own change","regulatoryReferences":"BOI security expectations for step-up on sensitive data; ISA/BOI auditability","coverageTags":"mapping, security, step-up, masking, audit, RBAC"},{"type":"security","title":"Customer Authentication across service modes (Phone/Fax/Email), identification types, masking, and audit","description":"End-to-end validation of customer authentication entry points, identification formats, portfolio selection, masking, secure errors, and audit trail.","testId":"AUTH-CUST-007","testDescription":"Verify that authentication works for all service modes, supports National ID/Passport, shows masked identifiers, and rejects invalid attempts without leaking PII.","prerequisites":"Agent logged into Call Center; CIF exists with two portfolios; ASSUMPTION: 3 failed attempts within 10 minutes trigger throttle for that customer lookup.","stepsToPerform":"1 | Call Center | Open Customer Authentication; choose Service Mode=Phone; Identification Type=National ID; enter valid number; click Authenticate. | Portfolio List returned; PII masked. | Backend finds CIF; AUDIT customer_lookup success.\n2 | Call Center | Select portfolio reference; click Submit. | Trading tiles enabled in customer context. | Session scoped to portfolio; scope logged.\n3 | Call Center | Logout of customer context; repeat with Service Mode=Fax and Identification Type=Passport; enter valid Passport; Authenticate. | Portfolio list again; masking applied. | Lookup audit with service_mode=fax.\n4 | Call Center | Attempt authentication with wrong National ID format. | Validation error without echoing input. | No DB write except failed_attempt counter.\n5 | Call Center->Backend | Make 3 invalid attempts in 10 minutes (ASSUMPTION). | Throttle or soft lock for lookup shows generic message. | Rate-limit log; audit lookup_throttled.\n6 | Call Center | Post-auth, open Portfolio List export. | Export contains masked portfolio ref XXX-XX1456; no PII beyond policy. | File content verified.\n7 | Call Center | From context, open Fund Balance; verify balances load; ensure phone/email never printed in balances. | Only financial data; PII masked where applicable. | Rendering logs show redaction.\n8 | Backend | Verify source-of-truth keys map correctly (Customer ID=CIF_ID, Portfolio Ref=PORTFOLIO_ID [ASSUMPTION]). | Consistent mapping in audit. | AUDIT_LOG keys present.\n9 | Auditor | Review E-Journal Initiated By Me and Authorized By Me tabs for this session; ensure read-only and complete trail. | Read-only access; full trace available. | RBAC logs for auditor.","expectedResult":"All service modes authenticate correctly with masking; invalid attempts are throttled without PII leakage; portfolio context set; audit trail complete.","systemsInvolved":"Call Center, Backend","rolesInvolved":"Agent, Auditor","dataSensitivity":"PII (National ID/Passport), account references","interfacesUsed":"Customer master service, Audit service","filesInvolved":"NA","currencies":"ILS primary (context for later flows)","auditEventsToVerify":"customer_lookup(success/failure), lookup_throttled, portfolio_context_set, export_generated","dbTablesToVerify":"CUSTOMER, PORTFOLIO, AUDIT_LOG, USER_RATE_LIMIT","apiEndpointsToVerify":"/customer/authenticate, /portfolio/list, /reports/export","logsToCheck":"Call Center UI log, Backend authentication log","messagesShown":"Generic invalid credentials/format; no echo of sensitive input","masksApplied":"Portfolio ref XXX-XX1456; phone +972*****1234; email a***@domain.com; PAN 4111********1111 never displayed","negativeVariations":"Attempt direct access to trading tiles without authentication -> denied with 401; Inject script in Identification Number -> sanitized and logged","boundaryValues":"Exact max length National ID/Passport; Unicode name handling","stateTransitions":"Unauthenticated -> Authenticated (customer context) -> Context cleared","timingAssumptions":"ASSUMPTION: Lookup SLA < 2s; throttle window 10 minutes","regulatoryReferences":"ISA/BOI customer identification; auditability requirements","coverageTags":"identity, masking, security, RBAC, audit"},{"type":"functional","title":"Third Party Transfer (no TASE) - Delivery Out/In via BO, report generation, and audit","description":"Validate third-party transfer of foreign assets to/from a custodian outside Israel. BO creates Delivery Out/In with Transfer Case=Third Party Transfer; no TASE files; Call Center view-only.","testId":"TRF-3RDPTY-008","testDescription":"Ensure BO-only initiation with correct flags, optional maker–checker (single), movement postings, Jasper report export, and full audit trail.","prerequisites":"Customer has foreign holdings; third-party custodian details available; BO Operator and Checker users available; report engine configured.","stepsToPerform":"1 | Call Center | In customer context, attempt to initiate Security Transfer with Outside Bank for a foreign holding. | UI blocks or hides third-party option; instructs to route via BO. | RBAC check denies creation; audit denial.\n2 | Backend (BO) | Open Delivery Out; choose Delivery Type=Third Party Transfer; select instrument and fractional quantity (e.g., 250.75); set custodian codes. | Order drafted; validations pass. | DELIVERY_ORDER draft row.\n3 | Backend (BO) | Create matching Delivery In if receiving from custodian; link reference if applicable. | Second leg saved. | DELIVERY_ORDER second leg with link key.\n4 | Backend | Submit orders; trigger maker–checker (single-level). | Items enter U – Authorization Required. | AUTH_QUEUE entries created; AUDIT auth_requested.\n5 | Call Center (Checker) | From Authorization Queue, review and Approve; add remarks. | Status Released; movements queued for EOD. | AUTH_QUEUE closed; AUDIT auth_level1_approved.\n6 | Backend | Run EOD settlement for third-party transfers (no TASE). | Positions and MOVEMENTS posted; no 1051/1052 generated/expected. | MOVEMENTS DR/CR; POSITION updated; flags show third_party.\n7 | Backend | Generate Third Party Transfer Jasper report for FDB; archive. | Report contains keys, quantities, custodian; no customer PII beyond policy. | REPORT_ARCHIVE stored with checksum.\n8 | Call Center | View Security Transfer History; verify entries are Settled with Transfer Case=Third Party Transfer; export. | Read-only view matches BO; masked account refs. | Export parity with DB.\n9 | Auditor | Verify complete audit chain with correlationId across create/approve/post/report. | Immutable trail present. | AUDIT_LOG entries consistent.","expectedResult":"Third-party transfer runs entirely in BO with single-level authorization; no TASE files; movements posted; reports generated; Call Center view-only with masking; audit complete.","systemsInvolved":"Backend, Call Center","rolesInvolved":"BO Operator (Maker), Checker (Supervisor), Agent (view-only), Auditor","dataSensitivity":"Positions, account references; no PAN/CVV","interfacesUsed":"Internal BO delivery services; Reporting engine","filesInvolved":"NA (no TASE for third-party)","feeTypes":"Transfer commission per tariff if applicable","auditEventsToVerify":"delivery_created_thirdparty, auth_requested, auth_level1_approved, settlement_posted, report_generated","dbTablesToVerify":"DELIVERY_ORDER, MOVEMENTS, POSITION, AUTH_QUEUE, AUDIT_LOG, REPORT_ARCHIVE","apiEndpointsToVerify":"/delivery/create, /authorization/approve, /reports/export","logsToCheck":"BO delivery service logs, Authorization logs, Report generator logs","messagesShown":"Call Center: 'Third-party transfer handled by Back Office'; Authorization: generic approval/reject messages","masksApplied":"Portfolio ref XXX-XX1456; phone +972*****1234; email a***@domain.com","negativeVariations":"Maker attempts to self-approve -> blocked; Attempt to trigger TASE file for third-party -> system should not generate; Missing custodian code -> validation error without PII","boundaryValues":"Fractional quantity 0.001; large quantity at instrument max","stateTransitions":"U – Authorization Required -> Released -> Settled","authorizationPath":"Single checker; assign specific vs pool; maker cannot self-approve","regulatoryReferences":"ISA/BOI auditability; Third-party custodian operational controls","coverageTags":"transfers, third-party, BO-only, RBAC, maker-checker, audit"},{"type":"functional","title":"Fractional Order batch for full sells - Transit deal creation and 1052-driven settlement","description":"Validate batch handling of fractional residuals from full-sell orders: create transit deal between client and fraction (bank) portfolio, price at average, settle via 1052, and reconcile.","testId":"FRAC-SELL-009","testDescription":"Place full sell; ensure leftover fraction is auto-processed into a transit deal at EOD per spec; verify postings, reconciliation, and reports.","prerequisites":"Customer has positions with fractional support; market open; batch jobs and 1052 ingestion enabled; fraction portfolio configured.","stepsToPerform":"1 | Call Center | Place SELL order with Full Sell checked for a symbol that will leave a fractional residual; confirm. | Order accepted; executes partially intraday. | ORDERS created; DEALS partials.\n2 | Backend | Throughout T, capture executions; mark order Executed; block removals done. | Executions recorded. | DEALS rows with quantities; MOVEMENTS update.\n3 | Backend (EOD) | Identify full-sell orders with fractional leftover; compute average price for the order's deals. | Eligible records flagged. | Batch log shows fraction candidates.\n4 | Backend | Create new transit deal between client and fraction (bank) portfolio for fractional quantity; tag category=Transit Deal. | Transit deal created; positions adjusted. | DEALS category=TRANSIT; MOVEMENTS both sides.\n5 | Backend | Ingest 1052; generate Settlement Advice for transit leg; match and settle. | Settlement for fractional leg completed; nostro postings created. | SETTLEMENT_ADVICE + OPEN_DELIVERY matched; MOVEMENTS cash/nostro.\n6 | Call Center | Verify Trade Book shows main executions; fraction appears in Fractional Trading Report (RSP34400). | Reports reflect transit deal. | REPORT_ARCHIVE RSP34400 present.\n7 | Backend | Ensure idempotency: re-ingest same 1052; duplicate SA suppressed. | No duplicate settlement. | FILE_INGESTION_META shows suppressed; audit event written.\n8 | Backend | Post-accounting checks: GL postings balanced; fraction portfolio net flat after settlement. | Balanced entries. | GL/BSPL checks.\n9 | Auditor | Review audit for creation of transit deal and settlement events. | Immutable chain present. | AUDIT_LOG entries.","expectedResult":"Fractional residuals auto-converted into a transit deal with average price, settled via 1052 once; no duplicates on re-ingest; UI/report parity; accounting balanced; audit complete.","systemsInvolved":"Call Center, Backend","rolesInvolved":"Agent (order), BO Operator (batches), Auditor","dataSensitivity":"Trade data; no additional PII","interfacesUsed":"ST–SP routing for trades, TASE 1052 ingestion, Batch processor","filesInvolved":"1052","currencies":"ILS for local market (or instrument currency per symbol)","auditEventsToVerify":"fraction_candidate_detected, transit_deal_created, sa_created, reconcile_match, duplicate_sa_suppressed","dbTablesToVerify":"ORDERS, DEALS (category=TRANSIT), OPEN_DELIVERY, SETTLEMENT_ADVICE, MOVEMENTS, REPORT_ARCHIVE, FILE_INGESTION_META, AUDIT_LOG","apiEndpointsToVerify":"/files/1052/ingest, /batch/fraction/run, /reports/export","logsToCheck":"Batch logs, Settlement logs, File ingestion logs","messagesShown":"Generic success; no user interaction on batch","masksApplied":"Portfolio ref XXX-XX1456 in any UI/report; phone +972*****1234; email a***@domain.com","negativeVariations":"Missing fraction portfolio setup -> batch should skip and raise alert; 1052 duplicate -> suppression with audit; Amount difference beyond tolerance -> manual match required (error shown in recon UI)","boundaryValues":"Fractional quantity exactly 0.001; orders with zero fractional remainder -> no transit deal","matchingTolerance":"Custodian amount tolerance (ASSUMPTION 0.50 ILS)","stateTransitions":"Executed -> Fraction candidate -> Transit deal created -> Pend Settle -> Settled","timingAssumptions":"ASSUMPTION: 1052 T+1 20:30; fraction batch runs post-EOD prior to settlement","regulatoryReferences":"TASE 1052; internal fractional clearing approach; auditability","coverageTags":"fractional, settlement, 1052, transit-deal, reconciliation, audit"},{"type":"functional","title":"Failed/Pending trades via TASE 1054 - manual blocks, cancellation, CTRLM alerting, and idempotency","description":"Validate end-to-end handling of failed/pending trades using 1054: create required manual blocks, cancel or settle appropriately, alert on ingestion failure, and suppress duplicates.","testId":"FAIL-1054-010","testDescription":"Ingest 1054 identifying failures/pending; apply manual blocks (cash for SELL, custody for BUY), process cancellation or later settlement, ensure CTRLM alerts on bad file, and idempotent re-ingestion.","prerequisites":"At least one BUY and one SELL executed earlier; 1054 file prepared with one failed BUY and one pending SELL; reconciliation and CTRLM configured.","stepsToPerform":"1 | Backend | Ingest 1054; parse and store statuses per deal; set reconciliation statuses. | BUY marked Failed; SELL marked Pending. | RECON_STATUS updated; AUDIT file1054_ingested.\n2 | Call Center | Open In-job Activities > Trade Book (Head Office view) to see impacted orders. | Flags show Failed/Pending; details visible. | UI query parity with DB.\n3 | Backend | For failed BUY, manually block custody positions in customer account as per spec. | Custody block created. | MOVEMENTS block entry; Block Drill Down shows ref.\n4 | Backend | For pending SELL, manually create cash block in customer account for estimated consideration. | Cash block created. | MOVEMENTS block entry; Fund Balance drill-down shows ref.\n5 | Backend | Decide on failed BUY cancellation; cancel order from ST Order list; verify reversals and block releases. | Order cancelled; movements reversed; blocks released. | ORDERS status Cancelled; MOVEMENTS reversal; AUDIT order_cancelled_due_1054.\n6 | Backend | Later receive settlement or correction for pending SELL (simulate by updating status or ingesting corrective file). | Pending cleared; blocks released post settlement. | MOVEMENTS release entries.\n7 | Backend | Re-ingest the same 1054 file. | Duplicate suppression; no additional status changes. | FILE_INGESTION_META duplicate suppressed; audit event.\n8 | Backend | Ingest a malformed 1054 (bad record length). | CTRLM raises alert; file rejected; no partial writes. | CTRLM alert log; no new rows in tables.\n9 | Call Center | Verify Fund Balance and Cash Block Drill Down/Portfolio Block Details reflect block/release lifecycle. | UI shows consistent history; masked identifiers. | UI vs DB parity; masking enforced.","expectedResult":"1054 statuses drive proper manual block actions; cancellations and releases occur correctly; duplicate 1054 suppressed; bad files alert via CTRLM; UI and DB remain consistent; full audit trail.","systemsInvolved":"Backend, Call Center","rolesInvolved":"BO Operator, Head Office user, Auditor","dataSensitivity":"Financial movements; no sensitive PII displayed","interfacesUsed":"TASE 1054 ingestion, CTRLM job control","filesInvolved":"1054","auditEventsToVerify":"file1054_ingested, manual_block_created(cash/custody), order_cancelled_due_1054, block_released, duplicate_file_suppressed, ctrml_alert_raised","dbTablesToVerify":"DEALS, ORDERS, MOVEMENTS, RECON_STATUS, FILE_INGESTION_META, AUDIT_LOG","apiEndpointsToVerify":"/files/1054/ingest, /orders/cancel, /blocks/create","logsToCheck":"File ingestion logs, CTRLM job logs, Posting engine logs","messagesShown":"Generic error for malformed file; UI shows status Failed/Pending with tooltips","masksApplied":"Portfolio ref XXX-XX1456; phone +972*****1234; email a***@domain.com","negativeVariations":"Attempt to auto-post adjustments on 1054 without manual review -> should be blocked per process; Try cancelling trade not marked as Failed -> validation error","boundaryValues":"Large blocks near account limit; zero-amount failure lines ignored","matchingTolerance":"NA for 1054 (status-driven)","stateTransitions":"Executed -> Failed/Pending (per 1054) -> Cancelled/Settled -> Blocks released","timingAssumptions":"ASSUMPTION: 1054 arrives EOD; manual actions same day; cancellation before next market session","regulatoryReferences":"TASE 1054 failures and pending handling; BOI operational controls; auditability","coverageTags":"1054, failures, manual-blocks, CTRLM, idempotency, audit, reconciliation"}] \ No newline at end of file diff --git a/functional_tests/TCSBaNCS_functional-after-fix_clone/TCSBaNCS_functional-after-fix_clone.xlsx b/functional_tests/TCSBaNCS_functional-after-fix_clone/TCSBaNCS_functional-after-fix_clone.xlsx new file mode 100644 index 0000000000000000000000000000000000000000..5a670091af7ef49d466daef4b0db933924d3a261 GIT binary patch literal 43805 zcmZ^~W0Yi3wl$izS!vs-v~AmFrES}0Wu(ojv~AnAZM^K;w=Z6Q_lz^f(%fsTIroVl zJK}_bG${MZ?O zNlDWfc!fhAt!fo|R-_j;+QKkLXxQYZzMUZ2-!T@(*xHDS(Ipx^qy77)V{uP{AlN7) zcY4cz9Dz4+bcOa?b+jMC67iw1++4BC8%ls-gLxz^XpVrxI^A+)reTt>f}bJaEA|(M zV_?S^j#5`llTfL2RZmb-Xw>1GO!h$o^Rb!O$j=rlfo&i^-sNQeXp6BUINo24AiwzR zeR}!?PZmQ;IGD%V@;*-1$LRFP@!d|LX$D^J=a7yaGlxj}}1 z{?h%-?rG$H_!UfaI#$4ovhsRbXT(htatfyH%3ryQqwt?Q0rVd`@h$#;T@c@%zN6_c zCx(Av{<&MX0Lj&p@0v6S5D@HtVd(#XtV-;W>tloyxbha=f6KI$fXXXsBP`q?XXWcA zwZ&HXgv&ZK`;Z}#DjVsD(?pjThVV>y&UIwT2cLEJk6K~+NLOvC z?VYzIM`AiJw=vrSS-DJZcTB6x1$Rvs`e-UzTBzx(1vfJ!ki<eMl2zd8q8iZ$zb-5yWLh z!;kM|ab`<7$L2>$C-mGX)lFYW=hi__Vdd-o!pu&p5oS{D`n3zMJwoUQaYi4%NClJT zgpM;{|K>6Q7uPi*h+o=MmmYN59B_IC@E}xZ!y!hgZ95CSO;Yh+w@17@V~p=5GU^ju zj1b*o?X$j$P7IY{dED%s68zsnBm7gKe@NqGVQT99|9?yeIX>dOzCjq~KtMnK4f`KU znEs(>%Ep@7ng)vh&YK5J>J_)fp95hv35KCi0VgTc5IT=3tZ0}-(Vuk4?jcM zH?!iMvDCam>bA#Clq=sarWXA-w#>=Fmp(B%59OMw82swHted{HnAMe&MZ4dttH1cX zo3S>J5DQ{fw+b{bo}Ruuo_GPDKihC(4y^}(@y&1=+FssoE?!^HUu{{jCO7xv3c`eJ z?@mlO7&^0kH37VG;(b{Ixg#H*S~X3J6n!_s7cWqDC0~a>UM?=4Jz0lqy5z(V?~a0G z#Gm@URhzmTjQa}^&(itI>XQwf>+0nDbp0)lA0_v+$-al5Q`TZ$s-@N;9K_YEp3t&tUP!fDXE zZEQ+uv^u-mqWgSU+%4hBtlo&W4b#6m8hUxUn0X%CXy=gBw4wXr>LTEeeiYjhdjhwa zKYiEZ@6z|SyD8}Gc=2M))Wrl|D>Yr2lh!$U`aAGdEjuV*((&vP#*gv!<>SrL<>ec5 zR`b_`uf_dkaIE$S_+-p~um)JO!%^VQRN!vOzh0M<&0&vtzY&NZmI1ntm;yAW~z}XbtLDY=nudOid$gR zr`iIdA0*!{1obKRL^)cYgkLPJ@e+U};1d`6{zxL1UmWCv6QwKi8dZ$CaY&U!o>3`) zADsHyTmbyD{q!dTlTttzwXsr7mv4hPjqU{&LfPFz!0FlVQ`nqSnw(SVoKx$Z)2N)& z3ciZgQ_lG`Ue39j(UD>4ff4Fw4 zrhH*scX{}2;x32Ezh6|$`4%$d|CcMgk^lRDR)i0egb(*-ExB$umt71MIMY|QJ1d8r zDP7El-yWqrw&)3F>DD02%_YimNQyjDlTSUA%FU(9a%hS?8|!sbo^Z>ruasPht^_yQ zFO<=TLCZlrBvc9GN8)pIk~E;nD?#h*IK$74Fjqlf;h>g4B*(f+GlaF@?l z1vf{~^2sf7)g!y8^1G*ma^+gtg_E@tH8Q@i)AMsB7stm^sbHUPazHL&ZvR0SW}o6a zlzG6#R1M%MqE<8i=9pcsp{syiAzeDPjjmevDkJ;*c{pTw-^sZzL*CWUfUBA8jEJDu z;856U#BpZMEK;>mXr4xyAiEXuJgUQr^syCrrD{7>qvWPQ^P_sgo&TlMdFfjXH$m zP)fkMi|O`aN-GU0r-P{kH4P|aNj2PlC=F=K$*92OH;nEZw)PEkFeP;RUcOUuIVvFc zoiF=_?2HQ7wlc@Fd_%^*A+Dx`ZIV|bx}53cH7XF7$&Q9t!@8Vo2i3URw}XkJwX3!j zq*c{$%f0*b^$h>syZchqt-FqykvfNQx(@Zb=jnI*X6E>;?}5g@+dF>Gt&25`_gz^^ z3DABz{m%EN1Z00tfb;DZe^dCT)~0wovN6aat5*hxi_dN_yN4lT>lK~Fcp|L^m$cvt zAd5L2_5W>TIHPc`DqNQaKcL5s=Cz}6p7I?aB#mBJL`$Vh&DZg!Nj&yE4dlq8d2uP8 zzlhXPpbg|GqIpRv;?oAW*s?Vm34?>D|>4TV&4~1!0`W6FV7M4H^hI_13oW)5Xk-}ul&un@0+}{ zDWQ2aoXJ%ss+ZmG<+ihaU3G}stRZQK-S6%AR>gMT%dv!hZa-xT4)?M*p9lIZMJl=0 zpiJh3R?|~LZOtIv;7sX#JbveA$E$#=J{OYLhu}FlRGm6uzg{4c7rfBAqa|V3tN=n$ z0In3M8)xXhT+U<&M@sm81?=HG)_CFn!~mZ^UMqd${!yfbzt_P2b2{6-Q^z`OY?(VW zE1<82t+p1Bu3{$$#@^RU%2_EB`LC7#=+2oOI$9NueGV>Fr%pMbmoHQ9T7YL^zZ3#| zo^vOW-OL!TjQPzvym!5k}FehQBCQ7>J73W@Zgh+BRNjnt-xHR&RH+P}O_ zAvYXR_CQJHNue~9RW4IFCCGTKuu+gHccTo+Pa{7{Ma^*!ztv-<5$~Jt1>9^5^4tITDemp93a|XFEpH*y zZ+xs>#UCv6L?z*XZK96sTLtB;kVgGs?)6xANmXqf_ z1Q-8H2m#TbC``ONzE9X-c!!B``V2F#lbls3bHa0xcr|tNb`a1v(CAh;D6oObdr?| zY{13Kml#_PFCxvUEK%#OW(nMrw2n&|1CWz14$emW@p9+lvjN6t4z&O&ibtoDeqUx? zt%kibfgqnP|K%t6@PC^44JyDjWSm_yE*}1h1OlQBY1j~3VqXx>$j(g6eyybZre2~} z#YMh!T@?Lei)_2uP?_i@S3|d6#|9dO9G&CoJTZH=)_$=vEKXc6Zkm|+B%R|}i>NJk z(=Z+d=8E*LiFyc0U0VNu9tx(HBrdMq(%f-zQdBl)i@kjpfxcD!RV(saHI9QjYpC}K z#)5N0jD_Wc7_0qQm6!fGUAd8+BDz;p`Ledkz-B)6BgR5745k8=C6+d!0$cKhX2BUnezoWsV4SoHHjbArhel{54ducz7 zD=zM(v=>^IdaXlkqj6iA9FGTw^KeMQ{uPYAkK*8ng@x!kSPTv4;gNV5s-K7G)?vC1 z=q;oFGq|R)`-O}5%2eyM?&NU%jUpfk^Nq%JwI11suS)y89oV}bv+(2iVD?R~+K98o z#9FAXk_CLRj_h_Fz3lCFMMi(H0H*FnrfM$5`m$#3PbzkmPi=Ch{Cw*^z1Ndw-p}^5 z`0y|@TA!onaTxlS6I1Oeuhg)=~0!-Trp}VxM&-~Hd8t?blB(|$B$bTJf|M|U&;?yTIL?{ptU<4Ql?Vkr$ zCksPIQxj!pM@w6Cr+*w)$2-m(aWoUjpZNjAY-^41=`cv7WTtA&Qa?cx4anQvX+V@r zS5~oUCBTL$1AtI~C5*IJH9CZ^03IEli4SL-zPlmrth1r_u|`LlVrmP=A3t@4w_w;4}H1a*BhYg zMOoDb<@qGv^X+2K>@U~pQ^niRE>+EAYK0N7Uk2Th{0qcqi|?^|g-e2b#Zdk-&%|5U z+uPOy;MVcR#<6Rip3Sc7<1;R7i+oM=Wvr27N51oIr_Ju`y`=p84#4KO$x{=_|G@6| zsZ8)i2S~~CxZkNSy<9r50#%Oa)K|&6vz#j_x!?~}tclWZG*#`zJoBq$8z{$Su#5aT zS^v4Tdsp7Pg*LaAzdFf2V+Yt-l3#e)-E;h`3lDA3n~YlIm%EeYqsCw?zBO*~sQzlv z`DGyT;-lD6u}d&DiYGtWH0Q|ju0hMjSo1W{nk_01*o?X3b{AROx>M!Ukx?IW9AY^f zgM3~aF?RUM`z$HRFTV}T$L6Ky7i|MJKNJ3`QFUm_b1!-m-{*;Tb?1_?rzW=M0(oSW zSp(QQy0e)xJIpd_pS0A(@$H}jYzx7aTfNm=z4x}dFHhc0IDU9*k8jV@Uhbu>GwkH_ z+z-A8-#2-;dFWJ+eHHd>?Pm==gFlT8_;4Pbd=$CI;sZBbd?Jf+hR%Vqw8T{peYnPe z((EOm1Fi_}28118D{74s|K|Vb(~b7))MHqpkZ$%B=6t+4HdQ?J`+<*;q|7lhvf}+h z)iSOw$$-VvjVvQpa0V7D)gqBJ_E#`d#h%ST0s5C{-MTFblH~Q%8{+lWLs+k|S}oFu zBa`1`;s8o#_IP8ISGEeD{Pp4$nfqY*zHdimIsVp=NvN^^8r)T219jp%zH6P-=)i|J z169c#u{-BGx@ii65d-$Xb}>74&i&&P;;A2(e&sgN0Ws&u(cOMwH+RoI-qjBnOP zmg{OViJ!D&$VcOyFCy61=Q(KRc;jH=`Tg}YywS2j&zH93y8GQ&Z&Fc!6finLa;aTB zmbA~}eUN1Wp-*M-z*f6kA)68c>vc^YkkuGM*Q?J*Ynfp(%D6Crav08?xK6hNo`r&@ z?z5vvho?$|6kyi{4y}iN7B|r3$0y+nfB0E}%QCNqPEfzUaRGkuOLcq)t*@juRJ*xW z(%gOF%W`=mNMCoFUHzE~*CO4SY2qD|CY`;s2d3+#X;)4jiHENTwmnB}B(9GsXJr5I zohJkH1@aw>=ceT5U_kG7!jMB|m1tu{KWXOivTVP?0g)lJCi$g3@FFl}kPa{fyX@lq z67h0}t%j_I+xYD5nKa{OIAn0+AOkKjLG=lOzZ%xHr%_QDIFKu&khGaK3qw>XfE zu*La)oTWaKk8t8=*_U|6)LxZOv!`2CXNE#fKw2F=SE8c$I+9>E>Ks z5L-e^Pr&P83;@^0wK=EE}koqpkG8IQA`a4QjYR{uu zmWzjcmb|_PZHaOYsE(sI%=xjA8XsvP_cmrc-+bCD8|O!&pR9 zv($F8=}2R*;q>*(`3-sy16|}4A-u#7$gZNI{es*xN)&(fKS6;;#DO4bmv6t_OuIoK z2B(ASNXM}FRoPKeX&{OIybDm6X39hvrHqdaK;q8%*U(j}Ml9jT{TLp63%=`=RoxV zx-dK`hgqW}%)Z`8BtRh}^@;SSD%hUEwcie-n)|b&G5dzdi|?Q(QnU=`z*&2xJB#=d z#Yb1N+Y52r{AT#n<1cOs&I5Gds@@N=$sf3U&87n&!c)@M6G+6e;#lakW*hp&Evhm=%H$gs0Tp=t&Byp)-4epV9JY#7h5IE zXweq973^G?u;RuDxZRbKH!WfIK`&D?-nf+AnC`j{y`Ah4e*k<@HpxEePqJ*_csY*L`)htt;7i6+&4ls>_GP~B zgk2$i;e2)l^{LkgO8akd$~!(keWlaSKyCyHr^t+1{hR{q2wE`bb3uSdbfUDQ#eQNB zVCa5YgxSHO(Fd4}2rT#;oX?D?oso66W~^F(&PH^=HV|!lrbPK|%Nh=`p1kv5yWCjW z9_0?g{Fuc+;F0BFF5wR{2*DCD!_Y~%-2pb+y?pG+D){h0-tBpanj8mVM_f4LJz;Fb zhJ**i>;TW<^W^&p{;??8pma0f>6FmB;1@O9PO8Ig$}+WU>-LL8hvpBLIi1P%^Y*b7 z!Du1=MVU03NCJ&*2YSjRJ*mi;%g;CqSf@QY@Y%27t7A`S6)&M&7ODxpQW_0=CF7eM z!Jz*_g+|pGz^W#pht#6B<=Kx9+)H-8+?MNhld?BR^5%-6y{)-+pPu%A=%)#!pJgFPbE>x`+Jij(BWZTD~@>Qjf1sUb^KN!%8|-$rhox$^sEUT zQtLEzI1FsGSB%SDZ_S?AiN%(jdHroV#`Xh>N922ta&A*5>MKjRZA>g4}l4wbCN<;l34RegKK*zUaJzNpP6fgC;vt1l}3!M1d`Dd={%>FB9pnUSRn}xZg+u!Hr{KyPO#*1Ky*yIJ{F{%r5fCv4*K| zUSD%?0p9g;zjUN~Ju;fQ0A+2#!i<9u}xFs1+k?wDZgi5=d|ogK|G zpLOj~Ibu#+Nlr5XSIW*1VmpnjC&{p%jIl;wsj{yrZcL6dVH8O>7u#0O5IHvw7bn*k zcsn=pNnM>dojAoK_O}E}SGF|}n1lRsf+lg3GjS0-rg*wruQJ;dXM}G&5)K6$iYI^j zR|5>TQv@v*xu>lzu1jp|PPS$wGlH%r|IE`=sQpao)dbL;to=NwhElR0s7!Mf8>QENAAZ5$Z0HaNf!pA#s1h#GxjUn$Mt0m-mc8l9kxZ02w2f?RB?~GUvB< z9kc+?0)6VK;YB*BLkkhv^vdXODF)w$vcX9A3J=URLLw##wo1dQ*uUnHAFplBFA0Nt}GvFCJ4wO50Z9*~>(aefs@DKxza3&A3A}1k=^5#eW zXcy@lr{s3Xbm`kef2=q5zi!7K{QUL=p{_U=0QOEk+- ztJh%^aW6)|;)!5nQN#OIEtqldB|QrZ*G9~rFVx-w7OP(=GG1@Bk7emfM2{2O#fGc}VnVtZ?DX?+z;v7jn2o0}uYS7}2_n1@VxT{?c@fBEFDhbWdxgtOP4(ESQtmv6)bX$e;rM29L? zXHG6m2*A+9J>cq-RXa`N_46USecDxANn3k2U>avL$z^ z5FeFbJzHG=aa1Rmu==Zh_{c{D+Do~P`ZZ;(PfyP4hjxKef>Eurb*-=ow*#D{FJu`r6>8SIvF_EK z^5pAEZws4o#n)$YpO_UO(`8UOoX=JiXftvb#;7pSRJ}!D?!=*Mrk(@PGvn?`^P!@) z|C*1Hou``a$cmx1|I3{@^&WJ*SMa1UduL6MBnTzoOB#n~V8X*xAw&A#U%# z;{-wL6*10r);YTZe)FPeK;*wRfoicoP4&&^o1ITZGQp%e6WII;QAv#bv85Za7Jrs) zA!ab^pxy+FfkJQ&Gd{bJ4T}9aNbYS6%{4Sf>;4( z5BeyHZC;JjJ?h}KI^Ll2`H1&~7|nGQG~qw+{KrJz>bu;Y4+og?5MDK~jF=LOK--F5 zw9m_s>V4z9q#PJ~vW{g9YhhFE5R7@=GCmKHKoxmWxbvI!_lQFi@(Z-WOBqkRV*-ew z5mv09-+DzrKGp;jrR|TKf1dB{SwM7c4@(+T9=qE=q_J{BaKG=D1RD-eKhqtE=zW>S z1%?|!4MUZaghoTD!Xg)`d@4=qYE>VRETc;z-?OBb;4{RLn zC(HB-=wmMC31|lgz7~r42pqzfK{;&{ESt;$Cov+?Qa}XlKL>7e-;`e@H_=IN)BDBC z@`r_0MFoBVQ&`3Nq2$syVffgH1^RI+6e}qVj?Hrbkq+0=YaLz^6`Ol4c)yH)lJa(A zr8Rf`&<8gUQZ&NzJ$4+4D+%Gwa)kP37zp%1)I~> zh_tn;4K!lmI~7Fsd4Va4nmr7HRy4szy1|<0%1=HhiMPzD>5+LWB@)nSwt~&NBJz1D z`VI4Wy*&X2D(=PBJ(R~de)_m=JxHZ;E)Xw-rXN$Em8-FdO^O*;!zbmkr}G5cL;OY< z^jaB)l=0iHdTEgpCodfMsFb;8D zI4+3Lo*bB!!2#22c$z>|By8iA81dBGb{ZkFgA?9tjn4@NGTcl|MEsgx&eA|cd98eY zcH|W=-XhXhVC&~CW}&+rg%3@w)e3UFsM(rhj)_g2Tl*ZL8=+dY@!pEV{DteU`&Tz$ zd4m7xa4ZHMe1ao7iOg@roWRj#u?8Z6=zLMc$!Xy4fdM17(qz>wR(CTPmX}&YD!wes zSx9pg3wQ9D4|G0wM_r>CKd@@&8yB{-Zy&2;1dd?f(o71r76 zi+_L#K=sEsbodz@$(cWkOIN)?2sdJIG56kr!TpGAR8QSqA4!s_#J0;)VP-TfKZf-J zpT#I6Q|y+yo*RH27OvV(_BEv48NCzNxL~Y%bBifb1fv&>Li*Qiv-KIW4C?cbMMl!T z{?|K0U5$Xl`mCFb!`wTC7IbLu>u=+}$+OyH0rk=vj+i6c@_S~qO z;2CAtkHa(<2MXxfm#ThT$w- zx#2L>>CL02(MV}F-*iJamj>GD!2E`9Q2r^W^oszN{v6?2*=h_}iaJzbJJg!EVOXoe z^#=D3JZ&R+vtOnMVMFd{d5(s}XVAcbAc?$^*y`xITBGQ?${QK@{ z&4-|ArYhq{lgJHq5PyH-D)p7$bKrW;D)i?^%F`W>cgeXxb*ddk^og{bx^iwoO?uYG zSuvuvZ`v~T_PT)wI{jeM-j=)TJ5~!jQUree+R8sEq<=|-$C}&K=`7rxhpaOTgzp3I zF32ZVM*`O1(yK2Fdb+JLy1wRm1@S0d${jtapW$}fR1Wd3-w#A=_wRdVN!smM;Z*@5 zI}9(xq)dcbM6^pZkqLYD@A5;H{7TBqFgt%I&^EKWE;c+cf^OxIn;8BHbA6?2v91?WZOOKE_}kI-r?@cHys{{+U^1y_{XmMNNBG2h2(8!bO}r;c>fTKp$KPWV(W ztq%+i4u@x%XL7fPLD;Xwzuy3EqS@j^a2wA0L%@rWRO@9FzCMW3FgiAdHg_2quY4x= zt6zJGjMDwDN^`Q+Rgu}u3;Y$SBp;Z3nJslQZVFB-q^0cAJhUP*QJC<+A~>-KzJ;v`qB}z#8KCYUUX)#MaAf(zl}JUTSV|Sb zc)oA9R!s?BHVC;F^i>U@f2#~{H`f02n}kclvMvj$Ou~H+%G@@v@gu7TT|A=na6FO1 zqDth~d~INIfr2_YRust$l=LFU`FkygGCXQziNL)YPY7l$v79bL zdJDD@EeDA(noe958EE!UCW}HXG~;?B<7+>0c9S-qO5WZ+O!fy(k8m8Z5!`1;N9TgB ze(L(5HKrABF_nbH%|35K8?i7|uvzNSFK1+99AL$1mpzzukk=OEiX!s4Wd1g3L!Sbp(e4D&$QGV({Tw88B< z3nT*1JZ}E4cc-f(0HR*k3j(e&1t+!wH;OgI)z(;1suV@w4RtLUADRmz!y&3e8j(l` z>0(Uvo3~zA%eGWY{B#|O*N0&P;8xeOGNbtpl2B*r@m-Ma+iIy1ZP1fzZZ{#h)p zn6&Y61p4WQQW6z=9HSkAQ3HMe9km#_-LSPS1S-G(4zFA9kTeNE|3^1Qa)(ARUu$^nM8V`?!TT-T9eP%Q`ZsPoC0DY>t0?8T zL-D@f3!yLAk@Vx?h$08hf?XUQ3{K7OV}cuDc6{&hg`$-?ma8>9){{ahHZ-96h-dL} z*2n~eTVo?8yc};Q5sqDugmNy4)}1J}_e^ycx~)QSod>{$p(3yrDc?Gg%rNrcK2BEK zd9kiSfC#&4To@Hj(yJA0;$)Q3!ykwSgvS3oxiQOosC+QgmKtO=mK`w*UclBiK{>1$ z3j@A@$DomL_V}#q5$dz))!?Zr(qzjAg1xQPxrvQxEFl;EDr#1iI8R@(x7BM=ttbi$ zoCs1pP?AHeE}N+|E$V#v-R$_94xa?DH_=yOzc>JcWN#m8D+UntLVG7}mc26+dcuW@iiE!kB!3-$>`Jz0 zr7aX_UFQhOQwYV@wgxwN?u{$@GAR@0G<0xP!5DEk3rDBddXZ~0L_DYm&75r4fYeLE z$HL~%Wb@RJA6ly9is&RBfbU5_2r3PXPpU>!fDZwu6?hZt%Z^AgN(riEZPuFiqvMKg z*a&7bBK}0RFmIhS#}V4W9VK6!@5ohi;Y!6$i}2TOcg9Cmc$I+E4Nuq=C`u@5sEzg6 zc5}XLnLfW5k#wtx(VGP^VNC%C)x%q#v&AuSb>dY}Xh#T)Z#ytVszos5yfY`ENQ&Ld zP$YsOw%5Z_0o#17EoRmL@wXbp+@XABhzl|>L;c;gU6wI{0z-scZ!>cwM9zl`R}fq3 z6hCOdU?6njzkEsk0hj8)c49osg{Qcn^t;i=Q|K=%D(WUfcr*%XX#bXAX!=0kI#n#y z85~ueqdC?>H!_~B((7?w4z$qTLN&SC-(3>Y*6Mis1tjAhZq*lujh>SiMzUM+4s4lI zsRuB%_|_tRsqRxucc`0lmypjB)HYhru3c^2rX$L8PoX?tdwQJt5!J>J;YIm!2X8#Vkr1=k8XJwwrvN(h2G9Zlk`wJx1F7d%uiLGORE+r*@4-D0jvD|QX>^pt zo_MTp!yp7giOCvFKIMg60tPAILI8{BKn|A-&#CH5VCfmrUB3+@sD4T2m|k+k4in^L z9j^KnZ0sI-Krzt(x|4aXncM~!%XpkbP?P0zF8$B=m@MA5va>IBc?pn?99CQ8Zyx)fFfra+nHgni$bY`FMHSbv$Fp zW~>ZTWUs#(c;M+r9l^$NRQGJZPWdQl(45CAEqmcgGig!{&Cng+VeZ>rH0_yPYD&(t zWgCSm%XNrutXc6PulRx_T(IX@$#JH$amp~(i$c|(+Do0fedTR#<S{={VGVFNOXBN_u2zkS)fn%r5^*;ORhIuP9)+a#>yT1rx! zS)3(_$DoSiG|o{Z8&8Z36UL0Jov9ImF8=ecn>K=1zjt5$liF}+^SQqvTmyHetwq>@ z`k)6t3zteP^i~ZD>{}Vn;$pkzsjz=h)?+LA=!f6K7GBAe0&UbBylYj}(hRYKy}jt? z|J~UtY3Qnmvyf;i-+6J}N;w(H@#ZCn1*hiu5yJ#rq?8&6N!5ko zH?cfnPyGENO3P5CF*PF&Qtd7Q(dQB*B;=RuC&Bv>@G>_Vi!<8TMvWpW(?Y^3TtY|p z;7R@h4-}>{;~ySQ-zPWy(_$;ZSu4)s=U_?v?6@;Qig@B@=|pt{n|vE-b5?Ieug_)~ z_mNUt{hTV35VE_Sr|GWgwX!laT56oxCJU%9&B`=hNqRv@hFnGXBI@JFCBn!~rxCy8 zIc+{0!0Mf+8zii2!RPIilS{VHm-yKId`iWK6x`hJm8Mf8zH4S{99RStQb>LUq3Su6 z1kPB`^KGxuv6!E!q!*W0O-wS@gha@5AaZPnQr*0dzJ^h48Jrl#;5jG?!~(=S+3CI+nD*jjLE%bm0*O=OC5loE8g>Ys0P-3|dc2QW&8PDCrP~;#&__0yJLgAi= zHO<)Vqb2Zy2^GLe{W~-X{Y)_Nv2vO(n%+x>7U^Ko{6oWfPQvA$Vl~o>7Xu@$k+D}& zZyQ)WL_DM?x%%=$xzfuL&jFQrUy5VIe@{+ZNZN;j>D^~7r9WdN$C_})q4|R%)I}mX zPw329q+m3pRHLC7>!d7+?Kip~x}1uAsDE17dvLI4%|hUSU~3H4tyW(V)YZRNcXNZh ziC!f$M{%;DO^+Ka`@fFiol$BC(j?R~%VF3WJaxYu4xv%?Ih@DLi^o7bW-{*@F3Bd~ zl?oycxqBM)bJ5u|h9(ne=WQwTJoT4n+eDaGZl~%p<*jI59X`H;RsLQhe{~6S?ak8A z^ax14OK4xRiBRhUujZ=PYURkNhW5R_#FbmTB$N2K=490XT!a@aNzXs5}n*D+wA#hWjgF)t&Y36TkZsx5v{XXsIF6vFJY(otwD;73s!si3IOm$UpK~|Q4yMHIzbLbk;qdN~ z;u=bg9pe@(O`3RU#@&J!c=r>V5y;`^`&$2(tc=FyN(mOpUsT)+5%NM()R=1=9T7gg z;O?Eh4T|LM<827tO8a{>s5ux*&xVrN#$50drg%=U3MWpEf0G8(N^_rX(Obrm`r?FY|i+D(?XG;%hj z)2{^~s1Vp1-mG+&ntOhu6$4$LFJ0bq%`%7O)9|X^XD59Ym88dGmV=v#Ddu(woLO_H zElous;M_y?$!S4rU2sE5cNKrF*#e&zW&(CJ*GP;(iGM4rh(w+Ov`(Ts*(<1Kr1*Xz zOPPfZs-`L*a?kZ+wMeRO@Qo|@PDObyctLE%HOcMwzF6>Z;vi52B_*x7*$c8&3h=-d zC?}}W$uPBd!XZ6bs6{5iFh=wNm^hb-zyC8Q)7;mM+|sag9M$)#?Gx3-JQzM8h8M0$ z0voTx-$^ZHNKJWC!CvFXksFJ2zuDTjCl(?5>}8#LS7dVV;G&Tqn&BJk?xvPKMXxFb z^DAlH%N3-Zee5a%YT)L+ZH$2z=PJ^?oqY5J)9Gs=-l=EYa)r{@o~*;F>^y2E$-9Zm zJa^RP)+$x3BYECk>UgRL{P)CRI3_YuRbu+zcf0^nO(#9z0%_IKG1*MR$ULB#L3&Z# zoL_QxSa>2bFy;&E37A8YA%nv?i&f`;n1gU>wtNa3Mfy~J!Yg}31P4xJWKgn2Sak{Y zG{kfGV60@JZ;5prdDB-l>|JSGQ0}=Hbo%aRPIHl(nXy&i6eGfJilG3LOY^&;$yzo2n6hNtU`-}s36o+w@DIAMYcF1g4UB7pM^w4b zCz++Xg}0_;fpT|qoMn3>v{?epTjLM}%S05O(|5N=#cYvGLTu(irRPlTt3?fNB-is7 z!r^6W!HW)i4$3^=3K8R;c6<^Ai_ zhr$s*nHfj_M??0{IJ65XF#3$Le!Ezh`i=S0jeInmGpbZ^g>%yqE#6l-UVMBzY46{w zWG~$$oIO-oKD;Q&AX+M2Sy8R?{AnjJ1^ZcAeFppR0nao7XWBNFf~t1P*0h^xiW$tUtA z#h$##zD zS8U1M1G+#lqkBV!jv*JshoWTqp(;cqcLo*`!tO(+lx2_-S;*su*z%A4fdfhjW zC~?Y4B9z6GYfo;(_R!KGttvS|X#w|_&YYPTnP5PZCuglcVkY=NX}r~qv$+*FTHe>n zN-B8}bXcT#GHE^|9l_((SS;A~2Idc6MiHBmn{cHw8+_WP`4Q3U3-&#AR zwUJ~@W|aX(oGv;%Gb`O#`V7qTSNd2#tUf>fJsbU!bG@$WqU$f&Zr)+g3bnBi|G_}? zjjMfSwdQ4q;db1v2Z=+@p|*?*x%KXJQ^ntAV__1v4sDcvg1v@oN@AM0%Ia_Tu7+E}b-GlRKc96y`qq|@ z=Bcu{L-?nY{X*6mQfBT4cfiICai;~=vo3wS`22Kf-2>>)FUZz{Hp65ScZ!lBb;kk; z6eeOg=k7h-#%RPD@SM@|F$_4w6}&wUl?C6i?h29_L)xupds6?dsp#+0ZPzG0@UbnlZkZ^-zL$llSUgSZn#Y|*F44I zUF9>X&1=8Z4T$oB{m4!)fWhcAx0$sPxv^<`gOfK^>|Axc0Edi{h01IgOIqltUQ+vp zysy=WRy4RgQsOBZ8cO;uC=_jvC=Aga$whj2?<4>3*}mj#R%Gh_z55jZ1SCmwU-TEO zCBLlwZ`cGW_vO#o`J}_y=!t+AxRHeedE~;$@?ra3at!#=jo<4~RW$F)?v+_pk(DE% zJ={C5??1J0J7r7Avj%P2Ps>Y%6|d5^J+pm{x{bLKUC0rBOyZ_!72rsS&zi(7qF0pG zKwQ(0Lezp)KJw8RI#RzeC-_*tG@`;cQ{D|vEpj@Vp`AD^Bs}bbp~Sanz|zeKXG+ZcadCD%}QEKErtEuYP!@rKS)*X9TN4RmB)uJiWevL8i>N_3Ml^9L)cB+f7J6eU<}3#rL#D-4-YYy>X~XEW!G^d! zm_)jP_dCOi=sBH`;TBushhVLFr5p?t**bm=9 zO92T-ZNAK>zHa2?{H*U{jHysJfJOI<h3IH5@b42p7|+Mn7cUOo z(ir@@|k$wj!d`p4{|BF}+p8L0Qu|)_( z_xf(T*-%0@b8|9v_a_0su)n6OH_CiZGzoRcK~RZOGC?;g4qZd@8<&yalzn(I_Z_Ru z;1K-AA}&(5_m;{+ggO4akVbBOmFYf3$9cNd1`Yo8w3#8=rSUY=UkKu2t8d!U<1o0mloj^>J*>80H_1UxK>%zb!oH4iSrfvL3SU? zCSx&U{H{wNE!6}+|LdRstBUh;tMJbGS;1#=3SD10%BN+{M^X-KyiocSst>wn8{@u9 z5p9);lNV~%P^S_>hSjPx^Rd;{zC)QR8;>_4!h}!F{3AW*bO5JrxSIozaF`|s`=>lGjvr=5Txek?zH<@~DAaBU0mnWax_?SH$utS!VF!+0*79QSM*QP z?C8ezn>45RFl(wj6ngGXZR~*#E@#pva0WX|u|WK>Ji063p)n-HvL%zr=*(ZXOH7ZG zD2e=>a8YXwfQVa{pB)A37wliv9j@eER7t#&v`zyo+u66J0+mb?VPF0+kMtZ=EzCy zFc{12lPHPqfydx<+PnG47>Y89BLWEC78{JDYTU${y7{V{&b1>?&~jOpV5M~gn)jV0 zS0JC4>kkwYLy}b(pDZ9hhG6#!b9{Bi*kI?GhA1P7#TMK!Tt-3s#9*Y4C>boLB`q;i zQR&>ZF)Mxt5&0;UsGlEsLaLIiJl6YTsnb?I)N zGBzNI<^XDiCCOrKdqnJN}IE&I{MJ$pW*>PbhD*% z(l~^>=CWj%C><@5gBD!J8;`QcH4q6DSR0Za5rDa&jV8nj@SyrD|HiRT>KGSy8to;Q z$_VJY<6%ORG-YA}qtv$FMs-o%vkIXAe>-^$7DaRHwMR$FwWW%hb4%t*^H>NNv*V$< z9(Inf6U_ga2HmTjksc14#>#b4dgX{ftH<~@-JE~@^S>N1GrqN9j)KwP+l>UV?M-9L z_x7y!xAXB&=T}WVkzB9o#+4E(XLo(S)Zd(2dLX(Lt|4PQb`c%+VHfGHc+5YR7*ICE z9V>-@Yine>VBtcUHBzo}ipfxjlh@O%7z_26msAVioauSyjf9Th6MqnpU)C-GxaZDc z=0-!*t&wP6s26?MO$N;YhR#j8olvgH{JYw0mq~F63;+20YN&O4t3)(v)D2To!rWgZ zLxWB!Vu)3|QjW`&Ku?AeGeZ3By>Tb&ubw&fV1MroZQTCe;Tt9gw5)ONCxnT4NGxG0 zGmhD~@XX1;RI#IDP5!C3Cij?7vUIh=Y_W)0TZzX=nzoS;*XOJa;0hf3W}j~Ud_{~z z)H@@fu$#|G?!NsSFPs*xhjQ!9K27Y+e)Hv9es&j-FqK#wK6B!vIQdzdfWy+b=j8YX zbTQ@3)mn>^Yz!xBsEOa5xAa3t9fN97xKMG+8em(-EIA&O)u@3@{yD=ls9rt9d7ccg z@KqO9ns0LIkRvV1%c`mUQzn5aDu!|WndGL{S`T4*?Q@OA*NNQbw!<+x>pG{nj8oTD ziRYZTmP^vP+qGGev^>{mNxO{h>X6jf_P7qAqG@C3pqtcJ$EcZZ=5iv1m$L!Bl&;qf zhG3ZTZV6M0Oa?vflyAZH$5zD9CGe2XoFHj;4h5~%ni|e2phlBk=9_HDn9u-D+x6(2 zs{JLevf9Bc8s=)fc{$eA`&??~ z?Jt~^RD{+W8J^b=0a*~C#kx~vA)~{+)AIigLA~neD_21Q?UMNU?cY3`*l4*k#{F2${+9Baj-FR3fHn1Wf z=8Aa|{YxpHc9?5xlUU1fYHDt&O{6?6=rzmFHEG|3?fJ+aAqk~$d!FB9TJ{YR0F8*q z9{QWH3duh1*>!bxVm*P#TfuVnE4fO6J`$`p)FXm2>!0dIpPwunKf+LgUJ@P9;6flv zqX47IQ<8ZQoH%Hay}hB~R;^`~w)^dPn$4GUYbG7KDWDAz>{QFdpQp67!r9p)Vud&? zmAuT<-cDHFrm`(-)z@S(?Y%RRBWH29LP{GILL<4Q1w9+s{$ASE-sCu{oc-U|y}lul z^~)XVJ+}D;-pb$9iC*`T;gOG^^x%qhgZ}gm((_hrbgupBi`&S5P5E$UTiVsy&=cbR zip5n-v}h#&^93hA{E$$U-9eakIda}-Ub7cDth50g|3W)iVNlmPwZ+>H@-#J#EKdxV zo9}4CMR`VaZ5J%1rZyi`ELRk3UxBB_F0_iyH~W1w;5FS70SI132hK#={)ifH8Fh|gbo`1^oYTZ&p@{^j z`Wx($ut5dX)KiP|XNss+89~qvS@eQaaVxic{waU1+6sWrXE8cTh)3!h!Yh;tlasVh z#z=Qzp{+uBS5J4+a`nDbyM+=_$Y>Vz0Ul)})LYiw*k>Z(U6=PRU9%~QCEb{*{9gN_ zv7jb}N;U`v$=DF6m8=p%-kNoZkEeuB6VK5aVD4p3E+}CS(rTW*35O_^W@=MDx(Sz17-zYkbzb8H|5w>biA?@VHJYm0U&_W5YjSy`r57 zz7s#IPbZUH-CDEX?q9cf4P~{O_Ijv)gzxL}AaI1(Zj$dXHQ(|y)37Ooz zkPjL*{?ay8Tq=o=jR+?9601U#2*FtQVSGW;!`wZJ@Y=6JH}z;C;Fhm3;{ZOmdlpPm z^C^$F&wa`*rke7OIc{BCdV3xT8fuJGmnK6`CPlpl0x=Nyn|ytrmQ$oa61ogu;Yxp< z5Ng>3KAr@ZT!(}A06S~c8`yWKsa7}T%Ync6ak-pg-ez)&$zH#?*%lM-2l={$vr@{f z2~K7{3Oiuqd}cuVIkE-SR1x3t%p^J?)?Z@KH(UackkwQE9?;y5tqW`)AbI>pmf z!zP7K#fGZbICN90iCr3P%+zoSRZKJF->4)fc;=Qnx1uiWp8%kCvJ0W9|S>FVu!M?G?>Y2O8Vt z+frdlTVGr-K2`yQ(rN1K($$n%hOr`0B%yZR2=`2L?9>-KNt_1O+zIBpXi9;igO`1( zvC#H!i)m3jB^@JnL$*`+u?s7-a@X=bj)-c*8ytv#N1s@U8m-+^8jm}-E)$mywPCS6 zqugfFMe;6pQ$x;ROCC>*S$nmH^p0%ksFmc_aopw`!*ScpWLqP;HAJ>PrHKN}vB{N3)qKP@2EmTm?<|o3;ScA#p&}(g({`jW-lz zpNQ=w>I7^VK8LJ=(GUsvX#4&@U0lhV%Fd4TA9>5mQp^foN~R5EG15UhReRK$q0&Xi zrN?s)Cf6qVN^i}22SdyoVBD8UIV$_L3|RI3;r6Y1sQ*zjOiLj@1Zz6butSRDXr2|j zw{+l_+X}u;*ApM$Z*eMpxyeFDm2Rs0wE;F#6g*)CN0_OVsgKA{z#skyTMmAhY4r7a z|5d-9tmdNOu+aAu+Ha`Gsbz&}#is{b1FM^`*{asFmICZzNY8yQ2S0iDyHMm9Zcj8o z;Yay8XdO|@e090U9`1JAi<%GaR@@5Q@=G>0I%09vlGEDU=_s@f4ecb=Q#)2K+V-)EN+ZfM9&4f+mEnEL-|HfeYUDTQvxR4G4* zAm2$-@qJqwYnlXPlC`?`c6=9R-=CA8_=P4$A*p0TKx^5EC}ZZRNVK#Jm8$6c4L! z7nCcYnXHPx<{RHj3Y6CtJywR(NFI1;932T7%uy|;HFguerX|s>GrdLdewlAl8U@q{ zCGiGF0w>6t^@sLFRFNdm0(qvLh_Lcr8b;G2sL4@db-nhq@UR4IYL$gA^$G;fo?(q- zhA{+=eMcjt-D$!DLAa!JOnM%vLv+q?0o%qxFG!AUz&fOJkja{HhLptzmQ0$CNA z{3l9wb4dlQ%V9SOcF<%@V(j2Dnb^3k{{x@J;xw+euXpkKs=dijyhFtj&4@>#7iTo1F^OGGscXEa%xl2yXSC87^%=HD_=83E@nbr<%w4;!M^yz}9li67hyf4%ZP0=IaKJ-2~`LneWzk+iLjvoutG3 z&f5BcnUmk#&PWWkOT3deXw;-OOx<;fOvB6Aun^4j7&tiW~vyEk}tfnW;mICS-8nyh8AXJJtK^%;q6l7-$#hGo+xj ze0nOTl+w-uh>~ruPDb?SK4t+UB!Jz2=XiBPIF-sG$2b~KOnPAQ6zkU?=SRFUuK9#E z2GQ42GYK9yp-z{M#>J+Ax>nx$U~D7u`tXN+#e>CFlOL1oRco_@g7#^-Mtcj#Z|`$W zBs=~@9OE_1Cp!8kBBb7at&qx?Z^B^EQ*)L~+>H@N$(UnISL<7Afs83uC+zgPZacNa%OT2Eq`g;VL>MbrkaJ98tSJPL_2zz?D<;47jG8T} zqIwVbO@-3z`s*P{x3wlX&QcD~WdpZw#!)Nmo^8mGpM9%GJ^&rtgRq=QPmyj7X%xC( zv;Qk9(#&EK>|l2NPwAqjjfy zhCXe*hdeW=a7j4#5!b)m#6EJ`2KoPx_y$657IdRuAM7XN;{I`gU0#wA2)a#wDO6_j z;$u#!S^UH8BA?9^>8gnxa&ju}gyS0E_;&7&2jo_al=b~1WzY~xNI%BfetoDr9Y~E; zgGiHr)>KUzABYI7%4G8iPYj8bkTz6^t5 zsYMfnN!&JUjk9!ZBcVGmEao*qkupetk>-YsG&bTHeJmFQXMDM3IxV436K&8`X`49K zAN$3&B%Kkm7?BP5VtC%izPc1$hctefNz;LhVc+x!a+FuNgiU3BCeSWRA_>0~%T!CE-cFs#TG6!85c*7qxluXaNFp|#$%RhBx#X)}_Cn8ZXzwQ;!oFhr8 z$n9C1pDCpMpk!$Nc`U7L8jqG0n{HP=JM*aH~e|n)U4%1tfPG4`!SN2OhjeO4d+*ITlppND=sk( zyI|T^#?D%E{_R>yodda_VAg5POb`E;Idjvw92A+Acb;{5>n-YRQ2a>E$tmfw71UV3*+;} zO|HB&`L_d3U$I};Qi8&M@37l$y}lIIyWmD{;d!Cao-cYx%xtp2V32_`m@%$@t{TGT z#QW?#1;d!AP~S84;1&ji2 zPmH`?AVb_!xk)__E?7DbrNn_cy8k^C37G5cC>=Zxw3Lw zpW=l8O-jX<$sld2LDI-~hf7PiNZ2fcYZ$Yu0==GH83?3bTWjF`)$wpMqIZ0DqybU& z!ixAqGoCPi@kTO^-MN8#1221^;^IKLNH%We`uh^!l)pXr_r4E6!#-fSI4du>S$MWx znm1S3wA@VgfcQ9*ndN&3P(xCGBE5I*><>Kh?p!h+>xO9a5%cLkwp9dw$|lHCQ1@?n z%4Bef{isN{W|6#7PRDv8rm$k8zo8k*+RKHp5^$p=QwJv|CWnrZZ>(wb?zuS`I=i$|7682z%0VBC?<#JPb9cFLn$Oi7b>|5 z<0cItZG$0~*35&p^86;9mBy0Rw>o!K{7!DRmGajTJgr#oa2829@77usH5U3CIM&md zYRP{D%DS<)7W(rv;q!m6TyKDM?d8yY&Io|x57pL$3fcN9$wOh!ng|dW5Q6r4D z)#aCzO1DV2dJE+*yKG=A~_M-1z?UF>dC3|TirmSwR2C1s_Ffi=ov6e#nI08MW+FpV~Q8r3+Z>% z-^VrfVz#SKp6V_orwFX$2RrcECbV>EQzpYyO1fBWG@>>=Qg^ccT{tSfrA!FB)(n0N zK!IF%wWhX;L}x)J4?6_y0@G1y__AH__%geg-nweUT~8#3$+wUPTV=f!0~Idj8V(+Q z`tYzO`Jm(*zKJ^rZi{@?doFU1Shk|D_vV#`l~Z27^vngR8w;XLIi}J!4@lD^2%B{& zX|OnW-omcqsTugL>hQDSuy^uqG;V7(#Dld{q4c_BiRt}0$i2^nwSqjJOb~rvNg4>t zfcr*8qh#}Gw@sP(6V{%OdzVS#5IVx#2!W97!YE0msfp)-iEg;hxdu&!#m=eA=VYD`OaZfWwXg2VGv5cvrqoj%F!N6nB`WsYTXHkb9)51w{bXumk=IgGKXvfVyaHi69zTI+nN zDRjP_+cY<(nc`eGK?@y@)ETPu!(&BErMai_$}5qMJ1#J}Lhcu6_1r%qsS+BPI%;7i z5Y=d}19Ev#mt&)3Kx9|&ErRv@Ku_TG;uueurlGnAT>^U`$sz{CnoTyf0&+WaIkxlX zMk|hQZ_Sn?dehLTqJ^K=&ky5QJD43s(xmnZHe`7iVn+tDFd)(nKS@%3)#ogINv(3u zycSgR-HCrpS(vV_G?N3}V8F(=t4cb0zYtytq(o!tUZ}s*P^k-U-&vFU&`lczSgO;S zII%eS{`*P8>%^*v|2Zm-gDgMix@$*jCtk*&vl!WSSQ6S%{cAKbkZ}tBLCl z4{7@*-jd&wgD3LL_@9)7N4y0j)uIGE?ZBMT;mhw3)j`p~-*d7i^M=RNS{zdPD^g-z zIIi$^G>cY~I?G7qJqNb>YmszF188CFK<)*l zRLR}Y!dx~nJ5J{9teZUz+}r&_N`{NYC7w1U(Y!-c44rVC6Lp(u0%{oPLhZuLwnSKg zC++pYYa=$-DpU-VgG=*({^A0~SN-8!_A2+wdBVoyGhSh;^2lK{LeKDmQdpr=UvlA- z6X-TIj&fp`L>u_<$c5$dzV`D|hh(_#i)v)o#8cM%wwN`6G;t?^h}@8lCDVMKMY2mk z8$Evt-W0^b9nl@`lJ^}JEG4$CwWe+i{g5?eB-ad19r(Qd`e7~&`heUFTZ2$k@i@M{ zxQwJ+TbH4LnS;aFL@Cgp6C)KPa2#7<7hO96M!*akhV-+Km22EfZwy{S^+Ws+V(VHl zlL0vWB|71K$6j8gLFmdsLefQyp>65n!kj7wcxa_Byc+i|Pn-IvIAp1z3llf~G4{rh z*7pC6G{4Li59_q}EFa=hC;`P^u>&G_&#Mi8Zt^U}-{H% z-BU5Wpp!E9Vsw=BHX2KN&BLQ@Lz7QYKew<=of$Ef$#j)i*rZKTj*@}Uieq^MPnI73 z2h-MF_$!WGT#^+?xz>)q$al1Jw_JYcy0Kpz^e+zi zQfU66e-bV)AHo3Fnp27(`)kV?-@6HsFvhJw+J|pDmHEQp^O?OHZ{Irkmj6d&X}$pT|o- zVF=_?TYExgf9|>jnVz#SMLx&Y$BeVk>NBZ}SWKwfG7+n3i?rtfM;64=XGg{wUf9fa zMdj8++Q4O3%k!|W8>_vbv0L1FL#A@v4J!ec!9f$KvxrQS>jpGkn7A$2JXgE8wUH@Cf7ASDlY8|z_uov>YF~- z22_}bYyFVHwnkxS0A09ZzG8iNYE z(&O4XhXNMa)9q=nM3*vJ^x*mibVPQ$7^ zfiGg%A#SP61)W)7fA%Q>O)^^Q&wwNIshmC(8&WGM{=Jgv1Q9~yeXE_X4jsd8)F;_V znrOK^)-!r{JUY2OC%x5rHhj#BJZZr7f3-&YXW6wwdI>0Ti7x;RKJcDUd=wq;t;WL*HEsCzX%*| z4S^xH1RDywA*B`!C9Exj8X@+cC+F#DyO4B;r~)%!Ni&X`HqKDi-7f)1`0d^u^KHa6 zmJJvVN|#fYRY|tVj=@<=B2=~w^@62zQweH{dyWhAmH1j*Lp8V={+#^r`-7yTf|dPN zIRBJ2vMyGzx(0@zQsz_QL)~$BnHUoRf}@u8RN+Q`fkp z&r~Bdn$f63mU2-Yx#@RKl4f1>T+w>Vyx5+XGZSf9%AW7tT#tG<;vNjIsdIz_Up9}q ziP7o4Ip=gk=>aK@eyYo@y(@$jBl9E;$t*0oFRR3oQ0PqVb7sC5YZgr|PAaTgArCz` z+6k8I<_%gJ)HsPZ%H8C{IugM6?Sj)8=2|I~U?{*80x2){fC{Q(f1MjpI+TWndjPh5GYi z@qm2kw5KQ%s_j#9{g=IO4&#xy3+V=;EA58j>P;p6i_fge5|E8j=&=4kN1BB&^XGr_ z%DfR18QShA=M8nNXb1I*p@cn0#!c(xE+)Pc$E_b2hAMYQD=STODK(!i$&tnog^t@?KDZFlx%RGjUNRlL!f_QGW$;kHv!|u# zAw1A@PQoQr8OG~pTDoeYFbiEi18{^_T3U%{ju+=8fe1Ne@Pb5m1#Y{kSK=oX5RYS*#Qbb*u=A0tojxN{`;=o3@Xcuj`GU%+Qh6{+_ZODLF#*!f* z6bP;aj1y78^{<`zfvO;^dOlK!qPEs3%qxZva;^5sJ^Zl>&sgao4m!Bx9te)%04s6j zG_^)iiVg`BAKt|jezDDMhl+20Fq`0#ZFr)7AA^LO@Ag^QcinxI+!*Ke(?MlhM{0~o z5H4UpD>1A2`XKny78AK_*0Or=jG}d=XjHlw9Mg2C+Vy5d>eMdQyn7>p4e8V^GQJ!n zl@f%>f*Qhiu|^y_ldbNT^8IM0bzzxw49Q-*lkZW?fNl6IQTz{;AcgBB z)jmzUMpP#Hv~GYllRG)Rn>xi81$<%Y<&H6rJA60%41S~(PjJ81hVjXrLQmkNQ=E8l z>XJzKM`CrQyRLY&p053;t*z954Szlv-teEBQ%%m!FNTxzs~?9W1|WvxL7Z=*q)o4c zw8;@U!TkM4%mC$!#X)8_d`bl9?Hl_gf+xSNLB|id3ia}*R%(H z3G;kY@y?c-CwcRbePh2eGpcAJG0SVnZ1SAMt}RWG;S=*sDG^fyhQs|t7%pdoYM7Ty z#X}#ky2Q`kP-d)#$)6}C64kttA`0q(Dx7i`Dx4s9vr%Dei8l=KPvqI}=mtvUOmj@j zF^Yng;9x)9-{1cO(modC7r1nulCu6VM}RG2XRtO@ilCH*86G89#V47PG3SyF9Fn*D zT~~x8(mdvzKMiE~k+!CCZADwJbd5vm6<#yYCTpq$d)AJke4ycyRbn6W8oZ)FBQ7h) z_shj}`KeX-)vRzvIc(5BfIKo5mEmugdZ+$|(11v-^NcU|f|o?7;h0kVqmekCSGx)- zY%JjvTPA}qp#`=ls7;EYfBI4-A0#_%07(f_qY>x<&6;i8kPMy;T=hs_O;_w`$q%dD zL{dH;U3(~Pz0dyVUZlIuRSWMtm?55eUK>Z2Xx9_vIi`Die~;Pb|RZ-sOYAV zajt%_=0vM6mD;Q)VkxGcTNNk$P|mjbuDOEhi6$)%FspDlpZ z$zb$T@6}-sXVb(|FPH+mN%>kykdwUXm6e|^=PL@$HKytjTbh`s8F#_{R8|EOaZd}K zZzfi_nG&WG_QbN*u$dve@>X+m;nhIVsW+ZA$r8P(!|sWm6ZhMvl#HvId$v_ZlU(Rqa*51XXz0_gMh)lg6#3%S}wW_iiHpLR7=xh zzRBHCKUOqJ9uv*RKwiz1o}9PlYF**M^X=2ZvAr9)|;+&2Xet6~fi$ z^fB15G{;O@h875K>HVY4bI^D&I1Qbd1Vo?t`V;~@T!g4TET0RCPs0G@lwg|@Lcaop z!x{)CQzqSkV8LY_Z1BK{VNS3-;F5&A<=D5@rXzmWZXE$KhS|C_xJ7}75AT-&=WNlLuuS8jukAsAv<7u* z!YeCV=ZcqEjTKz#47=51C$<|xV<2=~Aei@FHd67%&)5&jw>B_eyJ@?qk_DM*z%v6_ZhR!aCxAKmLx-c6yQAiIM~ zq#UURZLn0B;%w2gjw`b3wi6NSNX1#$zGfO%HfO;e1suXruw}V+!bAiNWv2SVh0I!G z8k)r&pdK7j|DwgMJVVvd2Jni@qk__>W2Kg45uCV(kE2 zu=GP)pg^A97f>w!1YPX@j2(pE&6iWT*3brS*EAZqNF3Gu?S)o1f=H3LAj#EnwNeVH z;9TJU;0{Q`xf+~RH&(qp)hPAy)2=1dy3yPwJ_g_-zQcm?x2=Lf(| zoL9t%_!80`-_F$<=(UP$g0UXUheubBPF2gDgZ&Q-V0F2X7#g!!-qqtG)+QopCW579 zIZECwjMS~8QvDz>X%1-&Pq7bHe*lW&TTx@X@P$w<5Ojr*!<`gvMG~HPB5?U($>19; zB4~Oz3jr$Ez9ZT8;BY6OzPL3WO<sGlOlEaiJwR`j8A>`F(GS1$7DZQj-4K>#& zX(YJjx1pVA8+t{Q(wdrQEk`iLQ{2bkpauG5O=|0O+n&mYb#scA*QRV`@)eMlu8xKV@6jOGNooy2VN~BV!8Q`~ ztIqwj4G((Elx}nmzR8@1KAsR8gTeEIfG+>C`?Vkude`7X3p+z_4rdO;;W{mF1P8&5 z5;u;igz!uTIV~FW=_uoz0oS|KsKUPv3B^g)uF(?55CHzU>3qDsIKTP}ow@z}1B)cJ zOyqpw_R65`>Z_8l#F6_5Ks+vX$-n(o%DBHpcyK&gm6A_V7(QzUSzvICd@rteYGlwRp<^56ZEz`S2Qf~-l2>6K ziZCVmt50R4o|IczxyU8fR0=7bj<`M<0}$B(qR;jvoaF1LYkOPkWqaf!n~Sto79 zFgwM?QRb`x@1E^#5RMbM05*)^%2sSVp{k`&ZLNyXtS*90{N78m9fNX8!#qzoBy-bH zv>ej4XKLUDoNd?AU@k;Sw~H!-fkr44bn+1=Ezv}J08rEdhVj?@)^*WiqD5RT>BwRB zqL134SUbWu)#s8=mrFW>C%-0SC@7k~Wmfu;yNAQV~k>r6FO z+V|XSII3H1ckJ1!@bH{zRv{XNIv<8Lx$CZXSm_7Fas+Bu;(qsWb0%HfWaAUc&~eR&*Zv zCxNk4|BChjoq&S#*;($>(xhy?j7NHBm%cQ(#ugNVpS7oTsm7QPlk`g(_qA|I8=%b4 z>_>o@PXEiq(NPOO_{`55fwG43FTO`#W|KCmsTD_y@fN*pJ;!M4dcC6E5vBt9R!|(5 z;;aACv@ex;zlUom()zAWK{W+Q4Hh|{a%y5sSBGSdO)O%=fNB*`SPI}}U@jAd5xMF_ zjS*7(J4;<_szARYGt2TyyT65*Ds5-uD5iZzR%kg8{r1j$NT0n-D*0~z8)XeW?P5UDL>5>CTh90v$y{eIrI#A<;XX!ddY)2;ZYRABQFIzd$ zJ#*3tYucSmRev;ChSWsr7?Uxb4cSwJOFz(n!ntT~h8e{Iqt-GX$!{m5`d-LJ*9S?fFMm^Z6t5LbP)=<+D{uc0kN$$&L{kPS`I>H^C-~hL4L<3RDS_ke@()t>BFK7# zKY2^#?P2OB!<})^&xe8Fba%{78d5rQ3w0+KYl0OxE4VFA6Dl?y{5*V*{7MaE*QVC- z9t&*nt=5Z{J{WZIYYx8X(}Opd!*Iu;JM2>07t4!2ayl`!J%a*bNx#eJ_T(G4IPDzO zXingA3N4->V!|3`k*?rCx=nXjmn}OWHUkE6xd9HhKL>L*I1ZV$88J5S!1T2*#kyhw z5G@RgoiEW$G!p%*Yk`L*1EJeIdq#^)&ZwKMN542t6g;ZKH&p+|9$UcH>wd*dYAl=x z+Y0=}!E_2ba#6s_mAO-*cD1!j9sYO!m}r#y1CC&L?0}#r9^7^zEEWpl{eN={L)^*< z1agg!!s9_cr51XF34BImEF>BV9;4LWV=WBRKhp=&)KkO@GXMzDN`8l9bP_Fd^`sPK zY3W`UBU$Vy9VIu?Jnr6vIyTr;kmq`y3?9H6=YL?Fje0d_uFq7>NVZKI#087-3MCOSKJ(AF3#Al;Hxp(? zvFN;M@b@V%8DXXN$)P0^LPs7QJCI=Gn?tu>5y+KFY%6$erWlop4UGmS%{QZlCf__Elly{Ig5x}m(Taj<@P(0J2bgLm#FEW(GLF0rq zZK!SvDV1dUa=XFs@!6KLS~W!CJT)a0Ve)v8iz>ZhTSAAWnIctKOpND89gm}3Mi0YK z8-HZH)x-F%zap7r^l8YDG37W)-1v0>P^2QqH~X59mL6B7Sk%0QzA)H!?*QneHqoViD8X7U}Nt< zRE-#y<+fs;o}*asfN;Je9U%Y?m&D@*CWA$81%1yc6!fxKf@7e|Uhrm;C2K)8U|{s# zmKw;~wRC0345sP= zsTNJ3iUrL)UgnL$ofO7REz@oljnM=xHsZbxI@<+?sbCY+E@LxmoJAE8FRyjHR#JN9QF=Wuo>o+X0ffElknLMVp|9Fu_+~WX-Uc+TE?d*bXc# zqyB2i4D2V$Arz4GD}byQ;aAeto!r2{MQjGF&SzZMP-A&fD+Ekc&v%a%9;WCr@WQZN z7Evpt@@_Sa__bf8^|nTe-UrUM0sAqcA-_d?$FWj<0qp`uEb<96%Ae?oWI&S>E_Ixr zc5^*|YsIXEoc}ch(_{HuNOlAM9mLYTkfm7v5L?MDro{>y;-NnvC#Bv#*7-%d8Ju#4 zxeE98$0bGV=G7AZb_08|#zZEtWS8qj@tkyEWL><8dE^)9+2ou)SAC-=nIhzhtx?-M z=l2UKnMr%CqA((7QZ(2IJs43B%!4MX@Ecgd!Y|<6GYp&ZptNEouV|??=f-(BVnxdl zr6h8EjHUl*^wqsz;zE~x1yUWIKWYqO-=J;a za3Rxg-OxjW0%i{!pPMJu6Tas7-QVRX;PJ$^F(g#y5v0Xjtn8X!&FKQ;bF}9~xVI`gpy&2foL-U{cygnH!sn>xwB>&oR#Bp9d2_ zMZn`?Hg}h-B_J3slUusX!Bf%$4Rd~+pXV=zPvTMp%8k5L--hX2x0K1ohic>6r*uYR zFsnv4SV#LwB&|uAcz}Dfky0dDVkZ<_(d4uM8Qga{LSgC_qC6hKa^g#>HRTDGnkl3J zq6#9dVItTo0AFm2dq+SYEH7&poe+r1Rb`u;C7s{fL#Lam9uu-J#LNgyjY>`k|MES( zj+tp&a1RtCdZK-&7Jrc zbkX!ma)b1c>G?y7Umo8?h`|v(1LI97e>E$c6SMr>ZZvyWX;4b4?e#OXO(Nuex?SQR z#*6?FfgssRxD)J<3kWOYXwVNP`h-FN=1QHD@DjZA{idk{|o6?vLknx&og*8Iq#7AUku9o@4YodvZSkUUWSJgyoXFT|XUH?^HbWp>cOsW&XNeo@o9ob= z4lIRz1yEee7A;PI1b25BJh;0P++7D9++7BD3lc0i2^I*06D+uEkO0AgyZa|M@5;OH z*Z*BL)2C|o+Iv^8K3h(mn&zF5^>NuzGmkaKL^oXe2;E!w>M}y+2-~+8@}nQAW!Y!j z5j?u5gB{Mpf%VRnu2qyYoyb*!@}_7UT8>W2wNzieA$+F;wv)AdiP+;Kv3dPyZZXRR z3k@xeVc1W9MnSZ?nsN(r2Z)?fQx`QOLC4q+e2-d zr5926Ls&LUt!@)X|7Tl@4ma|POU8*O06nQR*2^CxL{c{B3V_%f`D@#6t&?s(~M zx{WwJTX9FgQQ!PPQaBVe%6ZugeLk^6kgM|fPpTIo8$N#E+F^tBtg~`ShO93ouYKma zpU*iC&A2JrH(NQzzomn~_HlD?Gj%bAQn+jAQU6R<@x;ANW=o0e79BU5fx40r6{&UM zlh3fA5jP&Kt$WoK;UXWw13R%U#))*m5p^#8P_rF$UB67{fJ;C}RxvU*YsLt zlLc>ol=w#QQ?=&QqnkaLtRmLB0-yXX+M53>A`ojDPOD4!8;3tvSY_ zb0F?tY&I*h8k9pYtArMSKSWBKL1-SomGNlV9~4o7pyQhk zGCS`;cuE5~46BZ?uJJKo+^_76c>1?IuC4$(;ssnu(9}4D(drmlh#%zh$f%}e{zTX& zJj|*T(T@!!RcyyGM7Lv4fRb%Dmged2d}mByXEjm!(SVYfCl` zUg>nX$ZCzRZ%&I@COF2&t&mp~QHaqekD;fk`-O%%8y{AUvQXs5$)d}g`72IRuBtG*D^5X$3cKB z-!7pA8~r9tI5RqRVt&vUOc!TNWS~XIVRy~f?3YtchC}1it-xUPdiVSzMCN2?o?5sE z+zdvI4ymBqc=efN;JLIZyiN{aJCO22?Ej4K&0T84hku`vfmk}-Dl^%*0EBc&|h zF!RNVjC#b!D|fH>6;1FKeuk@*ZU`zPTTM2H;!%=W&5jOYTqx-2T>7?RUJU`Q{k5{^lI4Ye=);lSgU77Nh)5+nM5p5zcHl~} zJKw+43S}+M&xs|2eBS*u0oCoJr>YTdOw(Z4EsZf1DnUL<)jXAjFQb^{JblhnEPVg! zE=2%bkXCAvyx>sPX;WU=U_;wq-fMVuO;LSid_q&RBxP*MX+n{kh5gIC_X z!HK)>Y$rPEZK@Be%KI}5wCbml5%RpLFb@|m6x5szc)GOoQt}l)!}w8tlmDTNqDo#l z0|S2dZAd8V+(SflxLv}tA}}rR5KT^{l*L;$K)NT;L*5?RQ(eu};l^baKZ*ug6fyqR zP;0_2=k2}(6AO4MmR1&l4Qv-xXl`VPM#IT_x*|gWs}`xGTH#cdm$rx26&vKgw2xU5 zMfI(5a?d?rp?#nnSwv9+k!=_6P2Kt_#|eDWSE4vc94j$VJVB@l90r}LW5x@@#T4Ovy$QHME{4zlh=^^%P{(j0SXG} z;eZa|pxJJMtXx_aXw|g^HxB?|pgz)rE<04B)raj`%MJhlQgTZz*N-8V&T?Yg_IP`J ztj81|yJd1LN+`-=aVZi$FOrJwJ&P)qO%dV1#VInXJ`8bvQKBx~nhD)LPQWiRM$50*bQZeR!;5W{FZm@x0ji!SeD4gTxvxuyb-iqCtwZ*~C;Q zo&`p%&cNES2ll$~=8|SEx6;vOSSvo_bhJ6jILWSp-I;O6G*~`$)6QaA5E&YqE@9Gd@NA`86&~fBqx}li&!ZUHZ>uIWA*C)C$utV++`7C>h43mxV@ghpmE{HX1FQ4v5qb?V(Ehfc7*OT(7Ggebrn`7_cMt8U$AY14GId1Ev z+~B7FHSC2%4b`eGybC|uFi$bPiXqNS#{7sxUVQfw#-K;%P`gp=H;rP+NAB$gFvnW| z>&xL#C1q5w&ASw834^4wo)HQR-`w1h606mfk56A;og44JzoHE=h{}S!l^<{UNXbjd zb?v+gZFXJRjIjb~pb+ttqeMJ3N^vgsl|O3VW@~cJO9ZJd&UOK z(18g4Gy9BsKCu~b1G;tAV-Vd_p$o9V8n9{(&!ww!mwrAw7reFcaXz@f zeairm;}g_dbDmYk7io!Agw2_4@4Xt`q94e=y)5r%+{T-I+?LWgu;mwIHT+6+7leFJ z+7#{L@$HGoVJ2Z0;475>MMzIu`$_?(`27|swU;$&Dltvq;?P5;e|Lf34@rIy z9wkotx|xT@gALA?TP*j(J^vwou|wO#@_9M~g6_5f?AZ^ti9vSLJ)6pFteD$x^3fmb zB<>^XfL-t&GL>|`w$?ugIrUS2AdJ0#VPp8%{5`R|{)8mj*Hoauq>T^{l$%N?C`@FN z$j?x=ACypKByhig|8}Y-f@0sBxdx5MJb1DiDP2!Mm}f_`tYoP~Hxy;{`i;l5;hpM-XB zrX4K4r+UZAbsVzjAT3`BzQ`xq< zOfr7e4flUl`^-u#H zawOo3m!y~2)6r|p`__u)p88p0afKX;?<|3F@E>C#Imi({a;rrh#12if(p>iCnw#&) z{P&5M#Hc;*$%H~ki<2@~r-H5pW*2`WO zZI+ilAQtXwmjbsX+1Q12rBS-0u|0Wsajtybm}FFRqF&Cvj8lW^f!#}^{10&@-vosC zxCaq?IRJXJtw1#1vwo^Hmc*|O2+?958h@A~Mss-Nk8?D12v>%3nb&6z08oGWH z>;#i^&`(&x(iSG1fLM^au@R;!cF$o@O1$n;Pkl5vnElp^-~EhHDCpo0I)N6pZtNK0 z{zV%NUj8ClThK`@TJfP8Z~ezbV#UQk1T{rmU_^f9Y*7_a~bYD!oWKeYtVFhw~+|!QV$;!|I@7;)| zXJly0hq9}awRm1BUs2C`jw{#FetLk&34RTli6FO^AMu)x!MGjl@Z`$xi-^T$I{1jN zqS$4f<2T!TRVg8JgN7Y+M zPHLBX#C#5AM#W}3@+u{pcdXXF^b?4MYll0BLq0tK6O{ru9Z>_IzraZ32TCos;^u`% z+OLbpUi3Qi9nL*Mo*1fQ0})iw<|kGy*u<`ndndT{M=llzYO{kgNF2iL#``J3GnS*T z`SFTohL?*2SOHHP6r#~k>e&9L3!RAJC!2O-v18$KvMK0&&l+j9k*z$F$DtT2@Rlm($aBf9UFkaC zpFkg4@_U(Et5G0C9EahxXGD)y(u{nfzejo|E^Q=Q10wt!n8)#wDj*JI5zu!|uJ+*Y z24Gn{MVX6vlfI&MKFe6Yxi-)V(Ol<)aeOhL_| z`QtME-tAk%i!ogTqXCjDBA3b6Xnk(wZQTQGG|o#5b&@eXAQ!(A8`^fx#AuvH*-0{2 z808%J&iqIxsYTDOe- zs)StBA?}GC?40B$kLj8Avl1eC^}zpH7Z{(lq;PX?vuZpb za^A#EgSIr3x#beVr~k%?8xC)Wfe`i_l(zS(k3C$aIFp3#<*p?SavPSDgRH-;_JP}d zNkU*89L}I$ybX(w$u||fER^pBI<$mcX<>xWF*a;203O7_bJ_*-F=;&QIHeA;pzT^% zzB`#0RG`rr`Q9zgx=N!3J|?i!5=59TBS+>uF+P%p(S|pC`hfa89u*SQ8j;OFY7zS$ zg4)Xu(Wh-46?)d}=iN@GXk|_~ay?=kqja{dNM_yEjkOdWPY%|*^)5N#N#w`+JOW{v+xR4qTfn!lQ^CbeqBLy>)J%` zopx3w^(0^~Og@I0)ZG|%u$CY~xE^SfM#MpGL}p$JrGXSseTk_>S6cJp?}aJ9`Q zu|T@WLwh6MR_#XEyqk6gb&@fM!dq2$Z;u5dM9iuBJ&6|I5+sa8Jm-U(PF zjXfgF8N`S9Pp-B3FGi4-5?G^pfr0;=7Um`oXc$=b=bL<9B4z$*AVGFu1hW=dOBV;N&6 zN2xX=DCZ7!MY4o;$uuQvp)E3X_W|C~7DVjg2Kj8kaORtU)e|>azD1UVguU9gewrD!Z%zpU7YWWppwQUT%iEZ3lI^vt>tt!g#|Oe19!b)uNKBFg0lmBw z_0SmbsEGq6ErwpdNL0^M|Eo0jf<2rt&pFJ~q*#E%L3TrS+n#T7wclQuoH%rohbMiW zzw?rr!-2dwt|WYMTek|=puomh+vLZSo66a5op`Z5i^2w9Mb|ex@mGA9J2b2SnrJ}BqugVw!52!=A6t1(Pbp<4azYzb^e|wfSrZLLNpQt_ zKK5BU1<@g*LACZGaNzCX`vfJH^;q(J)n>HP;U3;_4cQ~nG>W1z>``GxE#A2+&wHXSO(A_R zY{-}UMCr0Lg~c3z2~&D5?1xZCrZEx@((ha7XRk4vzD59Ll}R$?>3Q}7vAS6U?SZU+ioN(l%p;3!g#rNzihv9X3hSR@ ze+a*3@v;XU=qfrca^rtF(nfD?I89fhD^vd(zvN)QK<+GXE~`-YH5?N@S!r!?oD}gT z{_Lxkmvi>ga$_v3Gyp<~&8{>9oVs=ZLDj`7gx-dkatZug2ehk9N&WvE)zH)T2=lTHv*TQmbXdK>vaNyIB zSkXOc1r9eF`2fMCZ%+Hk4s2UI;NJtvs~6U#0S*@Q?8;S3>Num#kBeJo_A1{3;-z)< zOI}u0RzJ%Fm`phNb!e%}g^cU?tcT~BISOCJdL&U0j?SvFrC@v*jD2}R#extdn@-9| zNWm31fZr0dzv@IypKH@e1ZP)W%cspUMuVK>1|O%{cT3%?BJ4Vxl`hieeM9{G+21&c zN$G3P74&vFy~e{j!;SaLxw(yCeY!d1IKMhOG8TDg4k35%A`=OGymK_xB!3(4cQNu= z#8}Yx;s7u3;d(lB1=Fi&J%W=ObBRXAIw9gmo*XN>?_RH#oOFl8A?PgEme&Ei<2jLB9S3otW}>!%HBC6(0vW!m z{U{ERxW1FVqZ(CZTD(LFDcpSq6YUb9jfV4{?^F(Qd?7kcaxr!ov?)*gy2= z$|IMf9h(o%eR;?3B2$uM6q2oL*LL%` zwwFDT78Bz;g6_Gf;>)CmUr-niIpicpY2rQ9G3O2MG{*gLTzArOxVmNaTTQEEi zXrtWO8$(_!p0@eVD2VXEs>xj>F(^1r)`rfa&woMu zS?VLkzJv;Yluaa!aXB4#ibUm7v0ClnHll69t*nZ55(9eZ{>S0mjxK80kB8pE*#MZV?RNet~xV-xg*b9=YxP>K{N>aQ#5MeJ&-u62Z8{2N{`9?Xl#PKV0N`ST(ITP?i1YK^#Ro^!( zjSJ#81m6&m8ke*-(T@L_YWqEqu3{gsSOXnxiK{H zzQuh}Qma^K6BOF7DJ|72A5lECDP{%@7Vg-4oKBW@6DaTryP-MUh@Y~#Kdr<` z8M+UM9mn*rB@g*`7e{Vk&wz-QI9<1w;@-1Mxxz9xx9-pS%nsNUpXT}=f zaaewN@Hq9N-?)zCbIEmQjs|)QVZ~>(xC8xZ!rZky&+>$r3qw*L*Fdf-%Wq7lxD&Pq zQlA%Rd~#Ut$J-y=FKt&&Ec+r55`k3YL$NU=BO;1=(PRAJhk&P!%cd(S{JXq@j;m8U zkz>o(IlgDt{HLe%FTS0C-0?OiGOxDd+C!B?OxVeonbY4m^{^Z`j%xB!Z$APtHoPz` zZohn9`E!H*-zy^vM{^YyM<>^RRYvA77n6dap`fT>p`g&8_wiq1rcO@3wsKCgnByYb z%dn$6obbcA{VMu!Q7zRXMjz`5D7h96#;F<=U3SS?*~>jTfyliIfrCp~VZp$XGKb5` zA)iGKQ2H4DOY}i%~Js| zz&QuQJULe?M`DJOJ=mC%Usc)JVj`?}&cu3lueX*vp{--+rv9Fnmc{pRWt<@+IKikP zf@RajebIfC@W*+|?Z7*H`swV4??i6$qY(`7_Tzq%Lx?$ye5^CQLEW0jvs}F5G$KU1 z(57?qgdpllAEQfa-mkIyM|BW|q&Dc)AoXa{0{F2tYXRIs4-)6;c5%N_ge19v4}617 zo>d2LS)?T}x1{-ksr};{A^VBBdt8!_h|aI+ND02iI&&Q37+)(H-!l5*ETH=7z0aP; z@|s)ykuzO*adbXu-%Y}n%k8(Uk%d61wWC^smqEBokuS}2t^MknM2l|hTc;CRbzj!E zo(syS+^uzjY#;f6+=j=$>fPUk?3W)h=SI(Ttv`nzjDON)?&t#igDhGO@k-j67)YLqkr^{E2Y(NCFV!A?R#yn?O!F zR`PvVlDwmpMVsDNH0slS$VS)%+w(~a>|;mlrs}4|t^DSl`7mVgR0ry&Ru&P~>hf)K zVgnEK^ls!ly>E$O-Slmn=FXVMUz@Az!MF@0P4%+XgQ<3yi}9HbI&mt4v9Xcq#R^LY z=<}_ZLl_@MLeiR4(va;?c#7#GUvwi2?*>7 z6SmA8p|rB|&$B0>0*mB)wI5|U6 zd%%BCXRtR#!hkIjP^l+>QpWH^!m~jC5O{_6|+z2 z{%l1ltvqF71B!yd3T3d5fX1Y_Jaq}@{BF@ zN^b}^;3m6Whq6}qH_x!^@hQ5TOgB#Gn%~-?R3FvD0i|?_Sc2x|6u=6@kcBE_X7OpS9R=>9U&YFDsKQ93j4pbAUrqo z&mOp1o4Nok)ZJWc9IXB*!2Z_ozia;AODLTAhlW2N8vHlM|9))nw{74*VShhF_}lJp z&;MN|{;i-P@3-fF)r@~b|9>v)6#OGi{|);QzSS(4Xs$-sc@DR{Bf){{UpyhyDNn literal 0 HcmV?d00001