This document outlines the Fraud policy and Procedure related to the deposit account (“Account”) available from First Finance International Bank Inc (FFIBI) on behalf of CellFundsGo, (aka Cellfunds USA LLC.), the program partner responsible for managing the CellFundsGo Account (“CellFundsGo”). “We”, “our”, and “us” refer to the Bank, our successors, affiliates, or assignees. “You”, “your”, and “member” refer to the owner of the Deposit Account. First Finance International Bank Inc. is authorized by the Commissioner of Financial Institutions and is headquartered in San Juan, Puerto Rico (License number EFI 041), (the “Bank” or “Issuer”)
1 Purpose of this Document
As a payment service provider, the Bank will face the threat of fraud (both internal and external) which will need to be addressed.
This policy details how the Bank will approach identifying the fraud risks that it faces, when delivering its payment service, and implementing the necessary controls to mitigate them.
2 Review of Policy
This policy will be reviewed regularly, at least once a year, and amended as considered necessary by the Bank’s Management Body in the event of changing circumstances or regulations.
3 Risk Assessment
All Fraud risks will be identified using a fraud risk assessment, which has been appended to this document.
The risk assessment will provide details of the following:
Details of Internal and External Fraud risks the Bank faces.
The controls in place to mitigate those risks.
The policies that have been developed to implement the controls.
Details of how the policies are monitored.
4 Fraud Risks
The Bank has identified the following risks relating to fraud:
4.1 Internal Fraud
Employees acting in a fraudulent manner, resulting in either:
- Financial loss, from either the company or a customer.
- Identity fraud, resulting in a customer’s data being compromised.
4.2 External Fraud
External threats have been identified in the following areas:
- Clients acting fraudulently.
- Fraudsters posing as potential clients.
- Email fraud; emails from 3rd parties purporting to be clients/staff.
- Cheque fraud.
5 Controls to mitigate the risks
The Bank has implemented the following controls, which will mitigate the risks identified above:
5.1 Controls for Internal Fraud
The Bank has implemented the following controls:
- Identity checks as part of the employment process, which will include a DBS check.
- Data visibility restriction by department, which is governed by an Access Rights Policy.
- Access to internal systems and trading platforms governed by an Access Rights Policy.
- The Bank also uses pro-active anti-cyber fraud mailers to our client base to promote awareness and vigilance.
5.2 Specific Policies to implement the controls
The following policies have been implemented by the Bank, which will enable these controls to be implemented:
- Access Right Policy.
5.3 Controls for External Fraud
The Bank has implemented the following controls in relation to the external fraud risks
- KYC checks during on-boarding.
- As part of this policy, the Bank has made the decision not to accept cheques.
- Staff training to be aware of fraud trends.
- Operational process to confirm all new beneficiary details with clients to avoid client email fraud/interception – see appendix 2.
5.4 Specific Policies to implement the controls
The following additional policies and checks have been implemented by the Bank, which will enable these controls to be implemented:
- AML Policies and Procedures.
- Daily checks to prevent cheques being paid into our client accounts.
6 Issue Monitoring and Resolution
The controls outlined in this policy have been designed to prevent a fraud related issue from occurring. Where an issue does occur, details of how it will be monitored and resolved are outlined in the Operational and Security Incident Reporting Process.
7 Compliance Monitoring
This policy will be monitored through the compliance monitoring plan.
8 Breaches of Fraud Policy
Any breaches of the Fraud policy will be recorded on the Bank’s breach log in conjunction with its Regulatory Breach policy.
Updated February 17, 2021
Copyrighted work of CELLFUNDS USA, LLC. © 2021 all rights reserved.