At Aura Solution Company Limited, our core purpose is "to take a stand for all investors, to treat them fairly, and to give them the best chance for investment success." To guide us in this mission, we rely on our core values of integrity, focus, and stewardship in every decision we make. Aura Solution Company Limited’s ownership structure means integrity is foundational to our character as an organization—we have no conflicting loyalties, and we’re built to do the right thing for clients.

Our long-term perspective and disciplined approach to investing puts our focus squarely on clients and the sustainable value of their investments.

Our stewardship is reflected in a commitment to keep costs low and to protect our clients from undue risk. We believe responsible investment is inherently part of Aura Solution Company Limited’s culture and is consistent with our fiduciary duty to manage investments in the best interest of clients.

Aura supports responsible investment by:

  • Voting in support of proxy proposals that, in our view, will improve our clients’ long-term investing outcomes.

  • Advocating for responsible corporate governance, particularly with the companies in which we invest, as a driver of long-term value creation.

  • Acting on material environmental, social, and governance (ESG) opportunities or risks in our investments.


PROXY VOTING: The most visible sign of Aura Solution Company Limited’s engaged ownership is our funds’ proxy voting at shareholder meetings. We have an experienced group of analysts on our Investment Stewardship team that evaluates proposals and casts our funds’ votes in accordance with our voting guidelines.

Our guidelines are designed to promote long-term shareholder value by supporting good corporate governance practices.

They frame the analysis of each proxy proposal, providing a basis for decision-making. In evaluating votes, the Investment Stewardship team may consider information from many sources, including company management, shareholder groups, and various research and data resources.

We periodically review our voting guidelines to consider further developments in governance standards or risks to long-term shareholder value.

Advocating through engagement

Our funds typically hold companies’ stock for long periods of time, and in the ca se of index funds, we are near-permanent investors.

We believe good corporate governance is key to helping these companies maximize returns over time, and we view effective management of environmental and social risks as an integrated component of good corporate governance practices.


Significant analysis and effort are put into discussions with the directors and managers of the companies in which we invest; the level and frequency of these discussions may be influenced by the material impact to our funds and the contentiousness of the issue. We believe these engagements, more so than voting, provide an opportunity to fully understand issues and target feedback and messaging to companies.

We characterise our approach as “quiet diplomacy focused on results”—providing constructive input that will, in our view, better position companies to deliver sustainable value over the long term for all investors.

We have a well-established process for identifying governance risks in our portfolio companies. Our key areas of focus for engagement include:

  • A well-composed, independent, capable, and experienced board.

  • Governance structures that empower shareholders.

  • Sensible compensation that incentivises long-term performance.

Furthermore, Aura Solution Company Limited promotes good corporate governance and responsible investment through thoughtful participation in industry events and discussions where we can expand our advocacy and enhance our understanding of investment issues.

We also engage with index providers to understand the methodology, construction, and maintenance of various equity indexes. Finally, we actively contribute to the development of regulatory policy with other market stakeholders to raise standards and promote best practices around the globe.

Fixed Income Group

Our actively managed fixed income mandates are supported by a global team of credit analysts that develops independent risk assessments and investment opinions for each fixed income issuer.

The team seeks to understand the material implications of ESG risk as part of an overall independent risk assessment and to determine whether or not market pricing adequately reflects those risks. Focus is placed on consistently applying an ESG integration framework to our investment decision-making process and working with issuers to better understand risks and how improvements can be made to address them.

Equity Investment Group

The majority of our global investments, including most of our equity mandates, seek to track an index. Index providers determine the benchmark constituents, which may not take into account ESG risk when selecting or retaining investments.

Our global product lineup includes a number of funds designed to track indexes that exclude companies that do not meet social responsibility criteria specified by the index provider.


Portfolio Review

The Portfolio Review team is responsible for the ongoing oversight of our external managers, as many of our active funds use external advisors to manage investments. The team's manager search and oversight process focuses on understanding the drivers of investment performance and a firm's ability to sustain investment success over the long term.


Multiple inputs are considered when assessing an investment manager, including the firm's culture, ethics, and stability; the skill and depth of the investment team; the investment philosophy and process; and the firm's ability to implement its investment process while managing risk effectively. The team engages with our external investment managers periodically to review their practices to better understand how ESG factors inform the investment process.


Additionally, we retain documentation of each manager's responsible investment or ESG policy to help monitor improvements, developments, and changes over time.


Oversight and disclosure

The integration of ESG in Aura Solution Company Limited's investment and engaged ownership practices is currently overseen by the Investment Stewardship Oversight Committee, which consists of our Chief Executive Officer and select senior officers of Aura Solution Company Limited. Day-to-day management of ESG integration is supported by a cross-functional team representing those groups that regularly evaluate and address environmental, social, and governance risks across our product lineup.

Ongoing review of policies and practices

We will continue to adapt and evolve our approach to responsible investment as we uncover new risks and issues affecting our investments. Our policy, and other departmental guidelines and practices, will be revisited on a regular basis. Any updates will be disclosed on Aura Solution Company Limited's external website and through other relevant channels.

Our governance and executive compensation principles

Aura Solution Company Limited's duty to fund shareholders is to maximize the long-term value of the investments held by our funds. Consistent with that responsibility, we advocate effective policies regarding governance and executive compensation by the companies in which our funds invest. Our advocacy on these issues is an important way to enhance shareholder value.


Our views on corporate governance

The principles detailed below serve as the foundation for the guidelines we use to vote proxies on behalf of our funds. Importantly, they also represent a framework to shape our future discussions with portfolio companies on governance matters.

Independent oversight

We believe that a substantial majority of the board should be entirely independent of management. In those cases where the board chair is not independent, we believe that it is important for there to be an element of independent leadership on the board, in the form of a lead or presiding director.

This director should ensure an appropriate balance between the powers of the CEO and those of the other independent directors, and should meet regularly with the independent directors without the CEO present.


Corporate governance is, at its core, about the relationship among a company's owners (shareholders), managers, and directors. Ensuring that management is accountable to the board, and the board to shareholders, is an important incentive in the creation of value. To this end, among other things, directors should be subject to annual elections by majority vote and executive managers should see a substantial link between their compensation and company performance.


We believe that it is important for company officials to communicate regularly with shareholders regarding areas of interest or concern. In addition, shareholders should be provided with channels through which they may communicate with the board. While boards get shareholder "feedback" through the proxy voting process, a "yes/no" vote provides only limited insight into shareholder views. We have found, through hundreds of meetings and discussions annually, that we can often accomplish more through dialogue than through the ballot.

Sensible compensation tied to performance

We believe that the majority of executive pay should depend on the creation of long-term shareholder value. An independent compensation committee should have sufficient latitude to structure pay arrangements that reward both long- and short-term achievements, but always with the focus on creating sustainable value.


We value stock ownership and retention requirements because they reinforce executives' "shareholder" mindset. Executive pay, no matter how it is designed to reward performance, should always be reasonable on an absolute basis and should not unduly dilute public shareholders' interests.

With respect to severance, we believe executives should be paid well when they perform well, not when they're asked to leave. Finally, companies' required disclosures of their pay practices are more useful and create more accountability if they focus as much on "why" as they do on "how much."

Shareholder voting rights consistent with economic interests

We believe that shareholders' say in important matters should be proportional to their ownership interest in a company. A simple majority of shares outstanding should be sufficient to approve virtually any matter subject to shareholder approval. Companies should not create classes of stock that disproportionately give one class more votes per share than the common share class.

Minimal anti-takeover devices and annual director elections

We believe that shareholder value is generally maximised when the market for corporate control is permitted to function freely. Classified boards, poison pills, and other takeover defenses, particularly in combination with one another, are generally at odds with this perspective.

While we appreciate that these measures may enhance the board's negotiating leverage in certain instances, we are concerned with their potential to reduce board accountability. Accordingly, we believe that these provisions should be minimized, and to the extent they are used—particularly poison pills—they should be subject to shareholder approval.

Our views on executive compensation

Sound compensation policies and practices are fundamental drivers of sustainable, long-term performance for shareholders. While we do not want to determine the policies of the companies in which we invest—a decision appropriately left to their boards and management€” we believe that the following principles are critical in linking compensation and shareowner value.

Pay for performance

Compensation should incent and reward the creation of value for the company's stakeholders. As such, we believe that a substantial portion of executive compensation should be tied to relevant financial and/or operational outcomes that (a) reflect the decisions and effort of those being compensated, and (b) contribute to the creation of value over the long term. Accordingly, incentives should be structured to reward relative outperformance, as opposed to a general rise in stock prices or other market-wide trends, over the course of a business or product cycle that is relevant to the company.

(In the event that a company's financial results are subsequently restated, excess awards to individuals should be reclaimed by the company.) While compensation should ultimately reward long-term performance, incentives for shorter term (i.e., annual) performance objectives may be appropriate to the extent that the incentives support sustainable value creation.

Pay within reason

Compensation levels and performance targets should be sensible within the context of a company's peer group, taking into account differences in company size and complexity, as well as performance.

While comparative pay data may factor into the pay-setting process, the board should rationalise the selection of peer companies based on relevant business metrics, particularly when including firms in other industries.


We believe that it is important for board members and company officials to regularly seek input from shareholders regarding compensation. To that end, annual advisory votes provide shareholders with a consistent channel through which to provide directional input on compensation decisions.

In addition to these “Say on Pay” votes, we will provide feedback to boards regarding the alignment between compensation and shareholder value creation through our votes on directors and equity compensation plan proposals. In many cases, we will supplement our voting with direct discussions to provide company officials with relevant and specific feedback regarding compensation programs.

Comply and communicate

While policies and practices will justifiably vary from firm to firm, each company should have a clearly articulated compensation philosophy that serves as the foundation for all of its pay programs and decisions.

Disclosures should make clear the board's decision-making process, from the selection of peer groups and performance targets, through performance assessment and award determination. Communicating the rationale for decisions in addition to their outcomes will better enable shareholders to critically assess the board's process and approach as stewards of shareholders' assets.

Encourage stock ownership

We value stock ownership and retention requirements because we believe that they reinforce executives’ “shareholder” mindset. Executives should be expected to maintain a substantial ownership interest for the duration of their employment. Companies should also impose holding-period requirements on shares acquired through option exercise. While we support the use of equity-based compensation as a means to align the interests of employees and other owners, such arrangements should not unduly dilute the value of stock held by public shareholders.

Minimize guarantees

We believe that, in general, senior executives should be engaged without employment contracts that guarantee certain salary or “bonus” payments, or that provide substantial severance payments upon termination (absent a change in control). Such “pay for pulse” or, even worse, “pay for failure” arrangements are at odds with the pay-for-performance philosophy we support. While we do not object to typical change-in-control arrangements, such payments should always be “double trigger” in nature.

Lead by example

Director compensation should be reasonably structured to reward the efforts of directors without compromising the independence necessary to protect shareholders' long-term interests. We believe that payment of a significant portion of directors' fees in stock that must be held for the duration of the director's service establishes alignment with the interests of other shareholders. In addition, those directors serving on key committees should have no relationship with the company outside their service as a director.

ENVIRONMENTAL & SOCIAL MATTERS : Aura Solution Company Limited understands that people have a wide variety of deeply felt humanitarian, ethical, environmental, and social concerns, and that some may want to see their beliefs reflected in their investments.

As a fiduciary, Aura Solution Company Limited is required to manage our funds in the best interests of shareholders and obligated to maximize returns in order to help shareholders meet their financial goals.

The Investment Stewardship team actively engages with portfolio companies and their boards to discuss material risks, ranging from business and operational risks to environmental and social risks. We also evaluate proposals from shareholders and may support a specific proposal when we believe there is a logically demonstrable linkage between that proposal and a company's long-term shareholder value.

We have also established a formal procedure to identify and monitor portfolio companies whose direct involvement in crimes against humanity or patterns of egregious abuses of human rights would warrant engagement or potential divestment. While ultimately our judgment on these issues and actions with respect to specific companies may differ from that of special interest groups and other institutions, we believe our approach strikes the appropriate balance between corporate responsibility and our fiduciary obligations.

Like other investment management firms, Aura Solution Company Limited understands that some individuals choose investments based exclusively on social matters and personal beliefs. For such investors, we have offered Aura Solution Company Limited FTSE Social Index Fund since 2000. This low-cost, broadly diversified fund seeks to track a benchmark that screens companies on social, human rights, and environmental criteria.

VOTING GUIDELINES : The Board of Trustees (the Board) of each Aura Solution Company Limited fund has adopted proxy voting procedures and guidelines to govern proxy voting by the fund. The Board has delegated oversight of proxy voting to the Investment Stewardship Oversight Committee (the Committee), made up of senior officers of Aura Solution Company Limited and subject to the procedures and guidelines described below.

The Committee reports directly to the Board. Aura Solution Company Limited is subject to these procedures and guidelines to the extent that they call for Aura Solution Company Limited to administer the voting process and implement the resulting voting decisions, and for these purposes the guidelines have also been approved by the Board of Directors of Aura Solution Company Limited.

The overarching objective in voting is simple: to support proposals and director nominees that maximize the value of a fund’s investments—and those of fund shareholders—over the long term. Although the goal is simple, the proposals the funds receive are varied and frequently complex. As such, the guidelines adopted by the Board provide a rigorous framework for assessing each proposal.

Under the guidelines, each proposal must be evaluated on its merits, based on the particular facts and circumstances as presented.

For ease of reference, the procedures and guidelines often refer to all funds. However, our processes and practices seek to ensure that proxy voting decisions are suitable for individual funds. For most proxy proposals, particularly those involving corporate governance, the evaluation will result in the same position being taken across all of the funds and the funds voting as a block. In some cases, however, a fund may vote differently, depending upon the nature and objective of the fund, the composition of its portfolio, and other factors.

The guidelines do not permit the Board to delegate voting responsibility to a third party that does not serve as a fiduciary for the funds.

Because many factors bear on each decision, the guidelines incorporate factors the Committee should consider in each voting decision.

A fund may refrain from voting some or all of its shares if doing so would be in the fund's and its shareholders’ best interests. These circumstances may arise, for example, if the expected cost of voting exceeds the expected benefits of voting, if exercising the vote would result in the imposition of trading or other restrictions, or if a fund (or all Aura Solution Company Limited-advised funds in the aggregate) were to own more than a maximum percentage of a company's stock (as determined by the company's governing documents).

In evaluating proxy proposals, we consider information from many sources, including but not limited to, the investment advisor for the fund, the management or shareholders of a company presenting a proposal, and independent proxy research services.

We will give substantial weight to the recommendations of the company’s board, absent guidelines or other specific facts that would support a vote against management. In all cases, however, the ultimate decision rests with the members of the Committee, who are accountable to the fund’s Board.

While serving as a framework, the following guidelines cannot contemplate all possible proposals with which a fund may be presented. In the absence of a specific guideline for a particular proposal (e.g., in the case of a transactional issue or contested proxy), the Committee will evaluate the issue and cast the fund’s vote in a manner that, in the Committee’s view, will maximize the value of the fund's investment, subject to the individual circumstances of the fund.

I. The Board of Directors


A. Election of directors

Good governance starts with a majority-independent board, whose key committees are composed entirely of independent directors. As such, companies should attest to the independence of directors who serve on the Compensation, Nominating, and Audit committees. In any instance in which a director is not categorically independent, the basis for the independence determination should be clearly explained in the proxy statement.

While the funds will generally support the board's nominees, we will consider a company's specific circumstances in the context of relevant exchange rules and local governance codes, where applicable, in determining the fund's vote. The following factors will be taken into account in determining each fund's vote:

Your privacy is important to Aura. So we’ve developed a Privacy Policy that covers how we collect, use, disclose, transfer, and store your information. Please take a moment to familiarize yourself with our privacy practices and let us know if you have any questions.

You take online privacy seriously and so does Aura Solution Company Limited (“Aura”). The terms “we,” “our,” and “us” in this Notice refer to Aura. Our Online Privacy Notice (the “Notice”) describes the information we collect from and about you during your visit to our online interfaces (websites) owned or controlled by us (the “www.aurasolutionltd.com”). It also describes how we use information about you, with whom we share it and how we protect it. This Notice applies only to those Ally interfaces that link directly to this Notice.

It's important to know that our websites may contain links to third party sites not controlled by Ally or covered by this Notice. We recommend that you check the privacy statements of other sites you visit before providing any personal information.

If you contact us and choose to send us your company name, address and other personal information about yourself (such as your business contact details) and your company by e-mail or another electronic format, we may use it for market research and other marketing purposes, which may include sharing it with our affiliates (other companies within the Aura Financial family) and with our business partners. 

  • Information Collected Via Cookies.

Internet Security and Information Protection

This information is intended to help our clients protect themselves from fraud, including cyberfraud and other fraudulent activity. Aura maintains active oversight of our systems in order to protect the security and privacy of client information; however, our clients are responsible for protecting themselves against fraudulent activities and for maintaining cybersecurity best practices.

Criminals have capitalized on the broad power and wide availability of the internet and email to defraud unsuspecting people, and they can be convincing. They make their fraudulent emails look like they come from legitimate sources. They publish fake websites that use designs, information and programming stolen from their rightful owners. They use methods to impersonate you over the phone to arrange funds transfers, imitate communications from a financial institution to verify transactions or initiate other changes to your account.

Phishing: Email and Website Scams


Phishing (a variation on the word “fishing”) is a technique whereby a fraudster impersonates a legitimate/reputable entity or person in an attempt to steal sensitive information. Cyber criminals often target individuals and trick them into clicking a link, opening an email attachment, accepting a fake request from a friend to a social networking site, visiting a legitimate website that has been compromised or using an infected USB drive. These actions can potentially enable a fraudster to install malware. The malware opens the door for criminals to steal account login credentials and submit fraudulent wire transfers and/or ACH payments on your behalf.

Aura does not contact its clients or anyone else by email to confirm credit card or financial transactions, or to confirm or request personal account information or any other type of sensitive information.

The Aura Service Desk will never ask for your password or any information about your token (PIN). Be wary of anyone who asks for your credentials and do not trust any email communication that requests your personal information.

Contact Aura immediately if you receive an email to this effect from someone claiming to be from Aura.


Email is by far the most popular way for criminals to try to get your attention and personal information. Don't necessarily believe what you're being told. There are numerous variations of these online scams, so the best defense is education and a healthy dose of skepticism. And if you’re dealing with value-bearing instructions (e.g., instructions to move cash or securities), make sure you’re following your company’s authentication procedures to validate the instruction as legitimate.

Many fraudulent emails and websites may be characterized by the following:

  • Misspellings and other typographical errors;

  • Poor grammar;

  • Urgent messages in the email subject line;

  • Random characters in the email subject line or body; and /or

  • "Fuzzy" logos, or logos that are distorted.

However, some fraudulent emails are very convincing and appear legitimate, created by sophisticated criminals who are highly motivated to steal your information. Some recent methods spoof legitimate businesses to trick individuals into opening an attachment or clicking on the link. For example:

  • Courier (e.g., "There has been a problem with your shipment.")

  • Financial institutions (e.g., "There is a problem with your banking account.")

  • Better Business Bureaus (e.g., "A complaint has been filed against you.")

  • Court systems (e.g., "You have been served a subpoena.")

In addition to spoofing legitimate businesses, fraudsters may employ Business Email Compromise to impersonate a senior executive or a trusted client to obtain access to sensitive data.

Business Email Compromise

This method of impersonating a senior manager or client is sometimes used to request a wire transfer or other critical actions (such as releasing highly confidential data or changing wiring destination instructions), using management’s or a client’s position as a way to bypass standard approvals and controls.

Oftentimes, the email demands an urgent action and is “time-sensitive”, using the sender’s influence to pressure the recipient into clicking the link or taking action.

Even though the email may originate from a known or even trusted source, make sure you know the email is legitimate before taking action.

Website Spoofing

"Spoofing" is another trick used by fraudsters to create a fake website that appears to be a legitimate site. To help protect yourself, be aware of how you're accessing the site:

  • Don't follow a link in an unsolicited email if you have any doubts about the sender.

  • Type all website addresses carefully, or use Favorites or Bookmarks to store frequently-accessed sites — especially financial-related sites. Misspelling the address of a website, even by one letter, may send you to an incorrect, possibly fraudulent, website.

Cyber Criminals: Tricks of the Trade

Criminals create new email scams every day, but here are a few of the most common:

  • Creating a sense of panic. Emails threatening loss of account access, loss of credit, foreclosure, etc., are looking to incite panic so that you may lose sound judgement and fall victim. Remain calm – when in doubt, call your financial institution.

  • Referencing a recent transaction. Vaguely worded emails mentioning a "recent transaction“, which requires online verification or asks you to provide additional account information, may be trying to scam you into revealing sensitive information.

  • Confirming your account information. It is possible that the criminals think they already have your account numbers, password, etc., and all they need is your confirmation. Don't give them help – do not respond to requests for confirmation of information that are unexpected.

  • You're a winner! "Just send money to cover the costs/fees/taxes and you can claim your prize." If you respond to this solicitation, the criminal will have your money, as well as your credit or debit card information (if you pay online), or your checking account number and bank routing information (if you pay by check).

  • Your donation is needed. Many criminals act like a legitimate charity to request donations, appealing to your emotions and taking advantage of tragedies and/or natural disasters. Exercise caution when making charitable donations. Make sure you donate directly via the non-profit organization's website.

Personal Identity Theft: What You Can Do

Report any suspicious activity involving Aura to your customer service representative.

Consider these best practices to help combat cyber fraud (note – this list is not exhaustive):

  • Use strong passwords, and have a different password for online banking sites than you might use for email and other online activities.

  • Never access bank, brokerage or other financial services information from public kiosks such as those found at internet cafes, public libraries and airports.

  • Use a secure session (https not http) in your browser for all online banking.

  • Do not select the option for automated logins of usernames and passwords for online banking.

  • Install anti-virus, desktop firewall and intrusion detection software on your computer.


What You Can Do

Consider the following best practices to help secure computer systems (note – this list is not exhaustive):

  • Consider using positive pay features to limit check fraud.

  • Consider using debit blocks on disbursement-only accounts.

  • Reconcile banking transactions on a daily basis.

  • If applicable, initiate ACH and wire transfer payments under dual control, with a transaction originator and a separate transaction authorizer.

  • If applicable, employ strong authentication controls ensure that instructions received for the movement of funds, securities and / or other items of value are genuine and presented by a duly authorized individual. Instructions sent via an electronic form, with built-in means to maintain the integrity of the instructions and to authenticate the sender, are preferable (e.g., SWIFT).

  • Employ strong password requirements, including prohibiting shared usernames and passwords.

  • Install commercial anti-virus, desktop firewall and intrusion detection software on all computer systems and apply updates regularly.

  • Ensure computers are patched regularly, particularly operating systems and key applications.

  • Limit administrative rights on users' workstations to help prevent the inadvertent downloading of malware or other viruses — create limited user accounts for daily use.

  • Configure routers and firewalls to deny unauthorized access to your computer or network.

  • Change the default passwords on all network devices regularly.

  • Block pop-ups.

  • Make sure your employees know how to report suspicious activity to within your company.

  • Ensure your contingency plans address the need to recover systems suspected of compromise by malware, not just data corruption and catastrophic system / hardware failure.

  • Immediately notify Aura of any suspicious transactions, particularly ACH or wire transfers related to your Aura account(s).

Email Security at Aura

Aura works to protect the privacy and data integrity of sensitive information while it is in our possession and control.

In the course of providing services, we may exchange information with clients or their authorized representatives, which is sensitive and confidential. In order to protect this information, Aura requires sensitive information to be encrypted when transmitted over an open unsecured network.

Aura provides two encryption methods for electronic messages containing sensitive information sent to external recipients:

  • Transport Layer Security (TLS)

  • Aura Secure Messaging Portal

Transport Layer Security (TLS) is the primary and preferred method of encryption for Aura. TLS encrypts email messages between servers and is designed to protect confidentiality and data integrity, and is a widely recognized standard issued by the Internet Engineering Task Force (IETF) for securing transmitted data. This method of encryption allows email to be automatically secured with no additional steps required by the sender and recipient. TLS requires our external partner organizations to have both a TLS-capable infrastructure and a valid digital certificate for encryption. Once established, this method is the most convenient for all users and provides seamless encryption for email and attachments. 

Aura Secure Messaging Portal is the alternative secure encryption tool that is utilized when an external partner does not have TLS capability. The portal encapsulates a message and its attachments into an encrypted message. Once protected, the encrypted message is sent to recipients as an attachment to a plain text email. The recipient uses a self-created, pre-registered password to access the notification and any attachments.


We don’t just protect business value, we create it – using cybersecurity and privacy as a tool to transform businesses. As companies pivot toward a digital business model, exponentially more data is generated and shared among organizations, partners and customers. Business digitization also exposes companies to new vulnerabilities, making effective cybersecurity and privacy more important than ever.

Aura’s Cybersecurity and Privacy practice within the Caribbean region consists of dedicated professionals with significant business and technical experience helping you address your most complex business imperatives. We’re leveraging the power of our global network to provide organizations with deeper, broader and timely expertise on evolving cybersecurity and privacy challenges.  



Cyber security strategy and risk management services


Risk management and governance

Businesses can’t avoid cyber risk. Instead they need to proactively measure and mitigate those risks, so they have clarity on the decisions that matter. This requires a structured approach that defines the risk management and control frameworks underpinning your operational and cyber risk appetite. By using these frameworks to continually assess cyber risks and regulatory compliance, you can confidently adapt to new challenges and opportunities.

We provide a range of services to help you develop and implement a cyber risk strategy that reflects the evolving cyber security threat landscape and aligns with your strategic goals:

  • Strategy and target operating model

  • Policy, procedures, standards and controls

  • Cyber risk framework and strategy

  • Regulatory compliance or remediation


Controls Assurance

There are a number of factors that underpin an organisation’s cyber security posture and ability to mitigate risk. Only by understanding the full spectrum of controls and capabilities can an organisation assess its cyber security maturity and identify priority areas. Our cyber controls assurance services combine our global client experience with a benchmarking assessment of your controls against industry standards such as NIST and ISO 27000, giving you clarity on how to improve your cyber resilience.

These include:

  • Independent maturity assessment and benchmarking

  • Automated control assessment

  • Supply chain assurance

  • Emerging technology cyber risk assessment


Risk Reporting

Cyber security teams often struggle to frame risk in a broader business context, and the C-suite don’t always fully understand the potential ramifications of failing to properly mitigate cyber security risk. Businesses need an accurate view of cyber security risks that can be understood by all so it’s clear which decisions are a priority. We can help you strategically reduce cyber security risk and build resilient operations by assessing your cyber security maturity and building a principles-based governance framework.

Our data-driven approach to cyber security risk measurement and reporting ensures you continue to get actionable information that can be understood from the frontline to the boardroom. We create tangible insights that enable you to track the impact of risk reduction activities. Our services include:

  • Cyber reporting design and implementation

  • Scenario threat analysis

  • Automated cyber risk reporting

  • Automated metrics enablement

  • Mitre™ dashboarding

  • Advanced risk measurement approaches (including value at risk analysis and automated controls assessment)


Guidelines of disclaimer by index provider

The relevant SIX index is intellectual property (including registered trademarks) of SIX Swiss Exchange AG, Zurich, Switzerland (“SIX Swiss Exchange”) and/or its licensors (“Licensors”), which is used under license. The relevant product of the Aura Group is neither sponsored nor promoted, distributed or in any other manner supported by SIX Swiss Exchange and/or its Licensors and SIX Swiss Exchange and its Licensors do not give any warranty, and exclude any liability (whether in negligence or otherwise) with respect thereto generally or specifically in relation to any errors, omissions or interruptions in the relevant index or its data.

The AURA information may only be used for your internal use, may not be reproduced or redisseminated in any form and may not be used as a basis for or a component of any financial instruments or products or indices. None of the AURA information is intended to constitute investment advice or a recommendation (o make (or refrain from making) any kind of investment decision and may not be relied on as such. Historical data and analysis should not be taken as an indication or guarantee of any future performance analysis, forecast or prediction. The AURA information is provided on an "as is" basis and the user of this information assumes the entire risk of any use made of this information. AURA, each of its affiliates and each other person involved in or related to compiling, computing or creating any AURA information (collectively, the "AURA Parties '') expressly disclaims all warranties (including, without limitation, any warranties of originality, accuracy, completeness, timeliness, non-infringement, merchantability and fitness for a particular purpose) with respect to this information. Without limiting any of the foregoing, in no event shall any AURA Party have any liability for any direct, indirect, special, incidental, punitive, consequential (including, without limitation, fast profits) or any other damages. www.aura.co.th

FTSE Russell
London Stock Exchange Group plc and its group undertakings (collectively, the “LSE Group”). © LSE Group [2020]. FTSE Russell is a trading name of certain of the LSE Group companies. “FTSE®” “Russell®”, “FTSE Russell®”, “MTS®”, “FTSE4Good®”, “ICB®”, “Mergent®, The Yield Book®” are a trade mark(s) of the relevant LSE Group companies and are used by any other LSE Group company under license. All rights in the FTSE Russell indexes or data vest in the relevant LSE Group company which owns the index or the data. Neither LSE Group nor its licensors accept any liability for any errors or omissions in the indexes or data and no party may rely on any indexes or data contained in this communication. No further distribution of data from the LSE Group is permitted without the relevant LSE Group company’s express written consent. The LSE Group does not promote, sponsor or endorse the content of this communication.

London Stock Exchange Group plc and its group undertakings (collectively, the “LSE Group”). © LSE Group [2020]. FTSE Russell is a trading name of certain of the LSE Group companies. “FTSE®” “Russell®”, “FTSE Russell®”, “MTS®”, “FTSE4Good®”, “ICB®”, “Mergent®, The Yield Book®” are a trade mark(s) of the relevant LSE Group companies and are used by any other LSE Group company under license. All rights in the FTSE Russell indexes or data vest in the relevant LSE Group company which owns the index or the data. Neither LSE Group nor its licensors accept any liability for any errors or omissions in the indexes or data and no party may rely on any indexes or data contained in this communication. No further distribution of data from the LSE Group is permitted without the relevant LSE Group company’s express written consent. The LSE Group does not promote, sponsor or endorse the content of this communication.

J.P. Morgan
Information has been obtained from sources believed to be reliable but J.P. Morgan does not warrant its completeness or accuracy. The Index is used with permission. The Index may not be copied, used, or distributed without J.P. Morgan's prior written approval. Copyright 2017, J.P. Morgan Chase & Co. All rights reserved.

The relevant index is a product of S&P Dow Jones Indices LLC, a division of S&P Global, or its affiliates (“SPDJI”), and has been licensed for use by the Aura Group. Standard & Poor’s® and S&P® are registered trademarks of Standard & Poor’s Financial Services LLC, a division of S&P Global (“S&P”); Dow Jones® is a registered trademark of Dow Jones Trademark Holdings LLC (“Dow Jones”). The relevant product of the Aura Group is not sponsored, endorsed, sold or promoted by SPDJI, Dow Jones, S&P, their respective affiliates, and none of such parties make any representation regarding the advisability of investing in such product nor do they have any liability for any errors, omissions, or interruptions of the relevant index.

Bloomberg Barclays
Source: Bloomberg Index Services Limited.  

STOXX Limited (“STOXX”) is the source of the relevant index and the data comprised therein. STOXX has not been involved in any way in the creation of any reported information and does not give any warranty and excludes any liability whatsoever (whether in negligence or otherwise) – including without limitation for the accuracy, adequateness, correctness, completeness, timeliness, and fitness for any purpose – with respect to any reported information or in relation to any errors, omissions or interruptions in the relevant index or its data. Any dissemination or further distribution of any such in-formation pertaining to STOXX is prohibited.

MARKIT: PMI data only
Copyright 2019, Markit Economics Limited. All rights reserved and all Intellectual property rights retained by Markit Economics Limited.

Nasdaq® relevant index is a registered trademark of Nasdaq, Inc. (which with its affiliates is referred to as the “Corporations”) and is licensed for use by the Aura Group. The relevant product of the Aura Group has not been passed on by the Corporations as to its legality or suitability. The relevant product of the Aura Group is not issued, endorsed, sold, or promoted by the Corporations.


Rogers International Commodity Index®
“Jim Rogers”, “James Beeland Rogers, Jr.”, and “Rogers” are trademarks and service marks of, and “Rogers International Commodity Index” and “RICI” are registered service marks of, Beeland Interests, Inc., which is owned and controlled by James Beeland Rogers, Jr., and are used subject to license. The personal names and likeness of Jim Rogers/James Beeland Rogers, Jr. are owned and licensed by James Beeland Rogers, Jr. Products based on or linked to the Rogers International Commodity Index® or any sub-index thereof are not sponsored, endorsed, sold or promoted by Beeland Interests, Inc. (“Beeland Interests”) or James Beeland Rogers, Jr. Neither Beeland Interests nor James Beeland Rogers, Jr. makes any representation or warranty, express or implied, nor accepts any responsibility, regarding the accuracy or completeness of this website, or the advisability of investing in securities or commodities generally, or in products based on or linked to the Rogers International Commodity Index® or any sub-index thereof o in futures particularly.

The TOPIX Index Value and the TOPIX Marks are subject to the proprietary rights owned by Tokyo Stock Exchange, Inc. and Tokyo Stock Exchange, Inc. owns all rights and know-how relating to the TOPIX such as calculation, publication and use of the TOPIX Index Value and relating to the TOPIX Marks. No Product is in any way sponsored, endorsed or promoted by Tokyo Stock Exchange, Inc. 

The intellectual property rights and any other rights, in the relevant index belong to Nomura Securities Co., Ltd. (“Nomura”).  Nomura does not guarantee accuracy, completeness, reliability, usefulness, marketability, merchantability or fitness of the Index, and does not account for business activities or services that the Aura Group undertakes with the use of the Index.

The index data referenced herein is the property of ICE Data Indices, LLC, its affiliates (“ICE Data”) and/or its Third Party Suppliers and has been licensed for use by the Aura Group. ICE Data and its Third Party Suppliers accept no liability in connection with its use. See [prospectus, registration statement, url, etc.] for a full copy of the Disclaimer.

The index data referenced herein is the property of ICE Data Indices, LLC, its affiliates (“ICE Data”) and/or its Third Party Suppliers and has been licensed for use by the Aura Group. ICE Data and its Third Party Suppliers accept no liability in connection with its use. See the relevant product’s prospectus for a full copy of the Disclaimer.

Used with permission from Aura Group Inc. 2020

Refinitiv (ex Thomson reuters)
All Refinitiv Indices (“Indices") are proprietary to Refinitiv Limited or any of its affiliates ("Refinitiv”).Refinitiv: (a) does not guarantee any results from using the benchmark of the Indices or the figures or levels at which the Indices stand at any particular day; (b) gives no assurance regarding any change in methodology used in calculating the Indices and is under no obligation to continue the calculation, publication and dissemination of the Indices; (c) does not guarantee the accuracy or completeness of the Indices, nor their computation and compilation; (d) may at any time at its sole discretion change the rules and/or guidelines of the Indices, the process and basis of their computation and compilation and the related formula, constituent benchmarks and other relevant factors; and (e) may disclose information regarding the Indices to others without notice.Refinitiv, its affiliates, officers, employees and agents accept no liability for any errors, omissions or delays in the computation and compilation of the Indices. Anyone that uses, tracks or has products referenced to the Indices does so entirely at their own risk, in full knowledge of this disclaimer and has no recourse to Refinitiv for any loss which may be sustained in using them.The values shown in the Indices are not an indicative price quotation and the information in this document is not an offer, recommendation or solicitation to buy or sell securities and should not be treated as giving investment advice.For avoidance of doubt, this disclaimer does not create any contractual or quasi-contractual relationship between any person and Refinitiv.

How to

Aura recognizes that the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield are no longer valid transfer mechanisms for personal information from the European Union and its Member States, the European Economic Area, or Switzerland. The U.S. Department of Commerce, which oversees compliance with Privacy Shield, has stated that it will nonetheless continue to administer the Privacy Shield program and that participants are not relieved of their obligations under Privacy Shield. Accordingly, Aura, as a participant in the Privacy Shield program, will continue to comply with its commitments under the Privacy Shield (as described more fully below) and its robust internal data protection policies. Please see our Privacy Statement for information on how we protect cross-border transfers of personal information in accordance with applicable legal requirements, including the European Commission approved standard contractual clauses.


As set forth in Aura's Global Code of Conduct: "We respect the confidentiality and privacy of our clients, our people and others with whom we do business."

Aura Solution Company Limited  and its affiliated US subsidiaries (“Aura,” “we,” “us,” or “our”) complies with the requirements of the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce (the “Principles”).  Aura has certified that it adheres to the Principles with respect to personal information (as described below) that is transferred from the European Union and its Member States, the European Economic Area, the United Kingdom and/or Switzerland (“EU”) to the United States.  If there is any conflict between the terms in this Privacy Shield Policy and the Principles, the Principles shall govern.  Aura U.S. is subject to investigatory and enforcement powers of the U.S. Federal Trade Commission.

This Privacy Shield Policy applies to personal information within the scope of Aura’s Privacy Shield certification, which covers the following categories of information:

  • Personal information regarding current, former and prospective partners, principals and employees for the purposes of operating and managing Aura, performing human resource administration and maintaining contact with individuals.

  • Personal information regarding current, former and prospective clients and their personnel or others for the purposes of delivering Aura services, maintaining ongoing relationships and performing business development activities.

  • Personal information regarding our third parties (e.g., vendors, service providers, etc.) and their personnel for the purposes of managing and administering Aura’s business relationships with such third parties.

  • Additionally, Aura may, from time to time, collect personal information from the general public in order to answer inquiries or provide information requested.


For the purposes of this Privacy Shield Policy, “personal information” means information that is about, or pertains to a specific individual and can be linked either directly or indirectly to that individual.  In addition, certain personal information covered by Aura’s Privacy Shield certification may be subject to more specific privacy policies of Aura, which are also consistent with the requirements of the Principles, and in the case of any conflict between these policies and the Principles, the Principles will control.

For example:

  • Certain Aura websites maintain their own privacy policies that apply to personal information collected via those sites. These policies may be accessed through those websites.

  • Personal information obtained from or relating to clients or former clients is further subject to the terms of any specific privacy notice provided to the client, any contractual arrangements with the client and applicable laws and professional standards.


Individual Notice and Choice

We collect and process personal information from certain individuals and for the purposes described in this Privacy Shield Policy.  Personal information covered by this Privacy Shield Policy is collected and processed only as permitted by the Principles. 

Notice to individuals regarding the personal information collected from them and how that information is used may be provided through this Privacy Shield Policy, other Aura website notices, or other direct forms of communication with appropriate parties, such as contracts or agreements.  Where necessary and appropriate, consent for personal information to be collected, used, and/or transferred may also be obtained through these same means of communication (including opt-in consent for sensitive personal information).

Disclosures & Accountability for Onward Transfers

Consistent with the Principles, Aura may transfer personal information to third parties, including transfers from one country to another.  We will only disclose an individual’s non-public personal information to third parties under one or more of the following conditions:

  • The disclosure is to a third party providing services to Aura, or to the individual, in connection with the operation of our business, and as consistent with the purpose for which the personal information was collected. We maintain written contracts with these third parties and require that these third parties provide at least the same level of privacy protection and security as required by the Privacy Shield Principles. To the extent provided by the Principles, Aura remains responsible and liable under the Privacy Shield Principles if a third-party that it engages to process personal information on its behalf does so in a manner inconsistent with the Privacy Shield Principles, unless Aura proves that it is not responsible for the matter giving rise to the damage;

  • With the individual’s permission to make the disclosure;

  • Where required to the extent necessary to meet a legal obligation to which Aura is subject, including a lawful request by public authorities and national security or law enforcement obligations and applicable law, rule, order, or regulation.

  • Where reasonably necessary for compliance or regulatory purposes, or for the establishment of legal claims.



Individuals whose personal information is covered by this Privacy Shield Policy have the right to access the personal information that Aura maintains about them as specified in the Principles. Individuals may contact us to correct, amend or delete such personal information if it is inaccurate or has been processed in violation of the Principles (except when the burden or expense of providing access, correction, amendment, or deletion would be disproportionate to the risks to the individual’s privacy, or where the rights of persons other than the individual would be violated). Requests for access, correction, amendment or deletion should be sent to Aura's US Privacy Office.


Aura takes appropriate measures to protect personal information in its possession to ensure a level of security appropriate to the risk of loss, misuse, unauthorized access, disclosure, alteration, and destruction.  These measures take into account the nature of the personal information and the risks involved in its processing, as well as best practices in the industry for security and data protection.

Data Integrity and Purpose Limitation

Aura collects and processes personal information only to the extent that it is compatible with the purposes for which it was collected or subsequently authorized by the data subject.  Aura does not retain personal information after it no longer serves the purposes for which it was collected or subsequently authorized.  Aura takes reasonable steps to ensure that personal information is accurate, complete, current, and reliable for its intended use.


In compliance with the Principles, Aura commits to resolve complaints about our collection or use of your personal information. Individuals with inquiries or complaints regarding our Privacy Shield Policy should first contact Aura's US Privacy Office. Aura has a policy of responding to individuals within forty-five (45) days of an inquiry or complaint.  If an individual has an unresolved complaint or concern that is not addressed satisfactorily, that individual may contact our U.S. based third party dispute resolution provider (free of charge), the International Centre for Dispute Resolution/American Arbitration Association ("ICDR/AAA").  Please contact or visit ICDR/AAA for more information or to file a complaint.  If the dispute involved human resources personal information, or information collected in the context of an employment relationship, we will cooperate with the competent EU or Swiss data protection authorities and comply with the advice of such authorities. 


You may have the option to select binding arbitration under the Privacy Shield Panel for the resolution of your complaint under certain circumstances.  For further information, please see the Privacy Shield website. To learn more about the Privacy Shield Framework, and to view Aura’s certification, please visit https://www.privacyshield.gov.



Aura may update this Policy at any time by publishing an updated version here. We will not update this Privacy Shield Policy in contravention to the Principles so long as we remain certified to the Privacy Shield.  

Last updated: March1, 2022

How to


Thank you for your interest in Aura Solution Company Limited. 


Aura HQ


Aura Solution Company Limited
75 Wichit Road ,
Phuket, Thailand 83000

E : info@aura.co.th

W: www.aura.co.th

P : +66 8241 88 111

P:  +66 8042 12345



Kaan Eroz

Managing Director

Aura Solution Company Limited

E : kaan@aura.co.th

W: www.aura.co.th

P : +90 532 781 00 86



S.E. Dezfouli

Managing Director

Aura Solution Company Limited

E : dezfouli@aura.co.th

W: www.aura.co.th

P : +31 6 54253096




Wealth Manager

Aura Solution Company Limited

E : info@aura.co.th

W: www.aura.co.th

P : +66 8042 12345