This document outlines the Fraud policy and Procedure related to First Finance International Bank Inc (FFIBI) accounts. “We”, “our”, and “us” refer to First Finance International Bank (“FFIBI”). “You”, “your”, and “customers” refer to the account holder. First Finance International Bank Inc. is authorized by the Commissioner of Financial Institutions and is headquartered in San Juan, Puerto Rico (License number EFI 041).
This policy details how the FFIBI will approach identifying the fraud risks that it faces, when delivering its payment service, and implementing the necessary controls to mitigate them.
This policy will be reviewed regularly, at least once a year, and amended as considered necessary by the FFIBI’s Management Body in the event of changing circumstances or regulations.
All Fraud risks will be identified using a fraud risk assessment, which has been appended to this document.
The risk assessment will provide details of the following:
Details of Internal and External Fraud risks FFIBI faces.
The controls in place to mitigate those risks.
The policies that have been developed to implement the controls.
Details of how the policies are monitored.
FFIBI has identified the following risks relating to fraud:
Internal Fraud
Employees acting in a fraudulent manner, resulting in either:
• Financial loss, from either the company or a customer
• Identity fraud, resulting in a customer’s data being compromised
External Fraud
External threats have been identified in the following areas:
• Clients acting fraudulently
• Fraudsters posing as potential clients
• Email fraud; emails from 3rd parties purporting to be clients/staff
• Cheque fraud
FFIBI has implemented the following controls, which will mitigate the risks identified above:
Controls for Internal Fraud
FFIBI has implemented the following controls:
• Identity checks as part of the employment process, which will include a DBS check
• Data visibility restriction by department, which is governed by an Access Rights Policy
• Access to internal systems and trading platforms governed by an Access Rights Policy
• FFIBI also uses pro-active anti-cyber fraud mailers to our client base to promote awareness and vigilance
Specific Policies to implement the controls
The following policies have been implemented by the FFIBI, which will enable these controls to be implemented:
• Access Right Policy
Controls for External Fraud
FFIBI has implemented the following controls in relation to the external fraud risks
• KYC checks during onboarding
• As part of this policy, FFIBI has made the decision not to accept cheques
• Staff training to be aware of fraud trends
• Operational process to confirm all new beneficiary details with clients to avoid client email fraud/interception – see appendix 2
Specific Policies to implement the controls
The following additional policies and checks have been implemented by the FFIBI, which will enable these controls to be implemented:
• AML Policies and Procedures
• Daily checks to prevent cheques from being paid into our client accounts
The controls outlined in this policy have been designed to prevent a fraud related issue from occurring. Where an issue does occur, details of how it will be monitored and resolved are outlined in the Operational and Security Incident Reporting Process.
This policy will be monitored through the compliance monitoring plan.
Any breaches of the Fraud policy will be recorded on FFIBI’s breach log in conjunction with its Regulatory Breach policy.
Updated October 24, 2022.
Copyrighted work of FIRST FINANCE INTERNATIONAL BANK© 2022 all rights reserved.