FRAUD POLICY

This document outlines the Fraud policy and Procedure related to First Finance International Bank Inc (FFIBI) accounts. “We”, “our”, and “us” refer to First Finance International Bank (“FFIBI”). “You”, “your”, and “customers” refer to the account holder. First Finance International Bank Inc. is authorized by the Commissioner of Financial Institutions and is headquartered in San Juan, Puerto Rico (License number EFI 041).

Purpose of this Document

This policy details how the FFIBI will approach identifying the fraud risks that it faces, when delivering its payment service, and implementing the necessary controls to mitigate them.

Review of Policy

This policy will be reviewed regularly, at least once a year, and amended as considered necessary by the FFIBI’s Management Body in the event of changing circumstances or regulations.

Risk Assessment

All Fraud risks will be identified using a fraud risk assessment, which has been appended to this document.

The risk assessment will provide details of the following:
Details of Internal and External Fraud risks FFIBI faces.
The controls in place to mitigate those risks.
The policies that have been developed to implement the controls.
Details of how the policies are monitored.

Fraud Risks

FFIBI has identified the following risks relating to fraud:

Internal Fraud
Employees acting in a fraudulent manner, resulting in either:
• Financial loss, from either the company or a customer
• Identity fraud, resulting in a customer’s data being compromised

External Fraud
External threats have been identified in the following areas:
• Clients acting fraudulently
• Fraudsters posing as potential clients
• Email fraud; emails from 3rd parties purporting to be clients/staff
• Cheque fraud

Controls to mitigate the risks

FFIBI has implemented the following controls, which will mitigate the risks identified above:

Controls for Internal Fraud
FFIBI has implemented the following controls:
• Identity checks as part of the employment process, which will include a DBS check
• Data visibility restriction by department, which is governed by an Access Rights Policy
• Access to internal systems and trading platforms governed by an Access Rights Policy
• FFIBI also uses pro-active anti-cyber fraud mailers to our client base to promote awareness and vigilance

Specific Policies to implement the controls
The following policies have been implemented by the FFIBI, which will enable these controls to be implemented:
• Access Right Policy

Controls for External Fraud
FFIBI has implemented the following controls in relation to the external fraud risks
• KYC checks during onboarding
• As part of this policy, FFIBI has made the decision not to accept cheques
• Staff training to be aware of fraud trends
• Operational process to confirm all new beneficiary details with clients to avoid client email fraud/interception – see appendix 2

Specific Policies to implement the controls
The following additional policies and checks have been implemented by the FFIBI, which will enable these controls to be implemented:
• AML Policies and Procedures
• Daily checks to prevent cheques from being paid into our client accounts

Issue Monitoring and Resolution

The controls outlined in this policy have been designed to prevent a fraud related issue from occurring. Where an issue does occur, details of how it will be monitored and resolved are outlined in the Operational and Security Incident Reporting Process.

Compliance Monitoring

This policy will be monitored through the compliance monitoring plan.

Breaches of Fraud Policy

Any breaches of the Fraud policy will be recorded on FFIBI’s breach log in conjunction with its Regulatory Breach policy.


Updated March 10, 2021.

Copyrighted work of FIRST FINANCE INTERNATIONAL BANK© 2021 all rights reserved.