Invest in
 | JOIN OUR FUNDING CAMPAIGN >

Fraud Policy

1. Overview

Jawudi, Inc. (or Company) is a financial services technology company that uses cutting edge products to deliver money transmission services to, from and within select African countries and the United States. The Company has a zero-tolerance approach regarding fraud and corruption and expects all members of staff to share this commitment. The objective of this policy is to promote a culture which deters fraudulent activity, facilitate the prevention and detection of fraud and develop procedures which will aid in the investigation and appropriate actions to be taken. 

The Company is committed to achieving and maintaining full compliance with laws, regulations, and policies governing the conduct of the business in which we engage. 

The Identity Theft and Fraud Red Flags Policy (“Red Flags Policy”) sets forth the framework, respective roles and responsibilities of business units and Jawudi in managing identity theft and fraud red flags appropriately.  This Policy institutes a firm-wide approach to identify and define the various identify (“ID theft”) and fraud red flags, establish processes to manage and investigate if appropriate and oversee those risks across the entire organization in accordance with the Policy.

The Board of Directors of Jawudi are committed to conducting business in conformity with the highest standard in adherence to all applicable laws and regulations and joining with the government agencies to identify and mitigate fraud related to risk and illegal activity.  This Policy outlines the framework for the Red Flags Program and applies to all of Jawudi including all employees, agents, contractors and other third-parties acting on Jawudi’s behalf, legal entities business units as well as all third-party personnel/contractors/agents, as applicable that act on behalf of Jawudi unless specifically exempted by the Director (or Manager) of Compliance or her/his designee.

  1.  Background and Impacts of Fraud

Fraud, including ID theft which is a type of fraud, is a global issue which costs companies including financial institutions millions of dollars and carries the risk of harming the reputation of a company.  Fraud is typically perceived as a crime that yields an isolated impact, but in reality, it has a cascading effect on a financial technology company and the industry as a whole.  Although companies maintain vigilant practices in their efforts to reduce risk, the scale and frequency of fraud attacks are growing particularly during the current pandemic.

ID theft and fraud red flags (“red flags”) point to potential occurrence of fraudulent activity and are defined as a set of circumstances (actions committed/created) that are unusual in nature or vary from expected activity.  Red flags can be a single event/action or a combination of actions that could indicate unusual or potentially suspicious activity.  Red flags signal that something is out of the ordinary, unusual in nature and therefore, may need to be investigated further.

  1.  Fraud Definition, Categories and Types

The following terminology and key concepts are relevant to this Policy:

Overall, Jawudi defines fraud as any acts performed by a party with the intention to defraud, misappropriate property or circumvent the law against Jawudi and/or its clients.  These acts, which can include the intentional omission of information, are designed to deceive others, resulting in Jawudi suffering a loss and/or the perpetrator achieving a gain.

For purposes of this Policy, Jawudi organized fraud into two main categories, internal fraud and external fraud.  These two categories of fraud are further defined as:

Internal fraud – occurs when a Company employee commits fraud against Jawudi clients, vendors, third-parties, and other trusted business relationships.  Internal fraud typically occurs in the following categories:

Bribery/gratuity

Defalcation

Falsifying bank records

Inappropriate conduct

Incentive fraud

Information theft

Inquiry investigation

Kiting

Loan fraud

Mysterious disappearance 

Property theft

Self-dealing

External fraud – is defined as a financial loss incurred due to acts performed by an external party with the intention to defraud, steal or misappropriate property from Jawudi clients or from Jawudi.  Generally, the Company categorizes external fraud into two categories, either fraud that occurs in a product or fraud that occurs by actions taken by an external party:

Fraud related to a product:

Online/digital payments fraud

Lending fraud

Fraud related to an action taken:

Account takeover

ID theft fraud

Identity or profile manipulation

Synthetic fraud

Theft of intellectual property

The following provides additional context and clarity for nuances associated with external fraud to assist in Jawudi’s ability to identify red flags and address mitigation strategies. These external fraud types can be further distinguished as perpetrator (1st party) fraud, family (2nd party) fraud and victim (3rd party) fraud. 

1st party fraud occurs when an individual (e.g., perpetrator) misrepresents aspects of his/her identity – other than their own core personally identifying information (“PII”) – or gives false information that is relied upon when applying for a product with a promise of future repayment, but without willful intent to repay.

2nd party fraud occurs when an individual knowingly gives their identity or personal information to another individual to commit fraud or fraud is perpetrated on their behalf and there is some knowledge of the person who obtained this information (i.e., someone other than the consumer applies for a lending product, however, the consumer knows the perpetrator: a spouse, a friend, a family member, a work colleague, etc.).

3rd party fraud occurs without the knowledge of a person whose identity is used to commit the fraud. Traditional ID theft, a form of 3rd party fraud, occurs when an individual(s), uses another person’s (victim) identity or personal details to open (True Name-ID Theft) or takeover an account (Account TakeOver (“ATO”)) without the consent or knowledge of the person whose identity is being used (i.e., a lending product is applied for or used to someone without the knowledge of the person whose identity is used).

1.3. Fraud Identification and Mitigation

Employees are expected to report any suspected or known instance of fraud, inclusive of the 

Fraud types noted above.  In the event suspected or known instances of fraud are noted, employees should raise that to their manager or through the appropriate reporting method.

Mitigation of these fraud types, and the actions by which they are committed, requires very different and specific strategies.  When strategy is set, it should address nuances of the above in both proactive and reactive measures as appropriate.

As a result of the increased risk associated with fraud and ID Theft, Jawudi recognizes that it is critical to establish a Fraud Program designed to detect, prevent, and mitigate fraud and related schemes. 

2. Elements & Standards - Overview of the Jawudi Fraud Program

Tone at the Top, Culture and Awareness

Setting the proper tone at the top and the manner in which management reinforces its message regarding fraud have a significant impact on Jawudi.  Adopting a strong policy and relating procedures, ensuring strong and effective governance, enhancing the culture to reflect the risk appetite of the organization, creating mechanisms to raise the awareness of fraud issues, and educating Jawudi employees and clients on how to prevent, detect, and monitor against egregious acts are the key elements of this overall component of the Fraud Program.

Proactive Mitigation Measures

The proactive elements of the Fraud Program allow management to actively assess which fraud types Jawudi is susceptible to identify controls to prevent and detect those risks so that clients, vendors, employees, and other related parties are protected from fraudulent acts. 

Reactive Mitigation Measures

The final component of the Fraud Program is the establishment of reactive measures.  The strongest tone at the top and proactive components will not prevent all fraud.  Therefore, the reactive component is critical.  Maintaining processes to respond to matters that occur, effective reporting to raise awareness, and remediation efforts to respond to matters that occur are the cornerstones of an effective overall reactive component of the Fraud Program.

The Red Flags Program aligns closely with key elements of the Fraud Program.  And, the Red Flag Program addresses the requirements outlined in the Fair and Accurate Credit Transaction Act (“FACTA”).  FACTA requires financial institutions to implement and maintain a fraud and ID theft program to detect, prevent, and mitigate fraud and ID theft in connection with certain account types.  The Jawudi Red Flags Program outlines its approach in addressing red flags and adhering to the FACTA regulatory guidance and is discussed in detail in the policy elements section of this document. 

2.1. Reporting and Administration of the Program – Tone at the Top

Jawudi Compliance oversees the implementation of the Policy as well as the overall Red Flags Program and provides guidance to business units in the administration of this Program. 

2.1.a. Roles and Responsibilities

The Red Flags Policy establishes the respective roles and responsibilities of the business units across Jawudi that are responsible for managing red flags, escalating issues, and providing oversight and governance on the administration and reporting of the Program to the Board of Directors or a committee thereof.  In addition, the Red Flags Policy establishes procedures to manage and oversee the red flags process across Jawudi.

2.1.b. Defining Red Flags

Red flags are defined as a set of circumstances (e.g., actions committee/created) that are unusual in nature or vary from expected activity.  The red flags can be a single event/action or a combination of actions that could indicate unusual or potentially suspicious activity.  Red flags signal that something is out of the ordinary, unusual in nature, and therefore, may require further investigation.

2.1.c. Education Training Awareness

Training is required for employees of business units who have covered accounts identified as relevant to this process.  Jawudi also offers security awareness training that emphasizes the importance of protecting client information, which is instrumental in preventing fraud, including identity theft.

2.1.d. Red Flags Reporting Requirements 

Compliance provides annual reporting to the Jawudi Board and/or a committee thereof on red flags compliance.  This report includes metrics regarding red flags and summaries of material issues discussed in Compliance. This report addresses material matters related to the Program and evaluates issues such as:

  • An overall update on the status of the Program, including compliance with applicable regulatory requirements and this Policy;
  • Critical/significant incidents involving red flags and management’s response; and, 
  • Recommendations for material changes to the Program.

2.2. Identifying Covered Accounts – Proactive Measures

Jawudi’s red flags process ensures that red flags are identified, beginning with an assessment of covered accounts across Jawudi.  A covered account can be defined as:

  • A consumer account for personal, family, or household purposes that involves or allows multiple payments or transactions such as a credit card account. 
  • Any other account that Jawudi offers or maintains for which there is a reasonably foreseeable risk to clients or to the safety and soundness of Jawudi from identity theft, including financial, operational, compliance, reputation, or litigation risks.  

Once covered accounts have been identified, then red flags can be assessed relevant to covered accounts.

2.3. Assessing/Identifying/Refining Red Flags – Proactive Measures

Jawudi Compliance is responsible for maintaining and updating, on a periodic basis a red flag inventory as follows: 

  • Internal fraud related red flags.
  • External fraud related red flags, including identity red flags.
  • Areas outside of EFM that may be susceptible to identity theft are responsible for their respective external fraud related red flags.

Corporate Cyber Security is responsible for cyber risks that may be indicators of identity theft related risks.

Red flags are determined by each of the above based on unique operations and associated risks.  Red flags are identified from internal and external sources.  The red flags inventory is updated based on identification of red flags from these sources.  These sources could include emerging trends identified from activity occurring within Jawudi, external insights of emerging trends happening in the industry, and insights from third-party suppliers involved in aspects involving the covered accounts.  Finally, insights gathered from government and regulatory agencies can provide valuable perspectives on red flags.

2.4. Detection of Identified Red Flags- Proactive Measures

Jawudi business units are responsible for ensuring that mechanisms are in place to detect the red flags that have been identified.  Mechanisms for the detection of red flags identified are designed to identify undesirable events and attempts in the earliest stages of occurrences.

2.5. Prevention and Mitigation of Red Flags – Reactive Measures

When detecting red flags, it is essential for Jawudi to put mechanisms in place to prevent and/or mitigate the red flag from continuing and/or fraud being realized.

In the event that a red flag becomes realized (i.e., attempted or successful fraud or identity theft), Jawudi immediately follows established fraud procedures to respond to such events/incidents, and in effect, mitigates the potential impact of said events/incidents.

2.6. Continuous Monitoring of Red Flags – Reactive Measures

Jawudi proactively and continuously monitors detected red flags in a manner that contributes to future insights aimed at preventing future fraudulent acts.

3. Exceptions & Reporting

Any deviation from the standards set forth in this Policy requires the approval of Compliance, who will report such approvals as appropriate and in accordance with Jawudi governance standards.  Requests for deviations or exceptions to this Policy should not be made unless the appropriate level of management has approved the request. 

4. Roles & Responsibilities

This section identifies those applicable roles and responsibilities as they pertain to this Policy.

Board of Director or committee thereof

The Jawudi Board of Directors or a committee thereof are ultimately responsible for providing approval of the Red Flags Program and to ensure Jawudi management is responsible for the oversight of the Red Flags Program.

Business Unit 

Business units, as the first line of defense, are responsible for establishing and maintaining procedures and processes to ensure adherence to this Policy and the Red Flags Program.  Business units are shared with understanding their roles and responsibilities under this Policy, and executing their responsibilities accordingly.  In addition, each business unit is responsible for ensuring that they are aware of fraud and identity theft concerns, and escalate appropriately business units are required to escalate any Policy deviations to Compliance and to appropriate business unit management, who will further escalate, as appropriate.

Compliance

Charged with oversight of the Policy, and as applicable and appropriate will receive updates regarding this Policy.  Compliance authorizes working groups to assist with the management of this Policy. Compliance establishes fraud capabilities, and develops an anti-fraud strategy to develop and maintain detection and investigation procedures to mitigate against external fraud impacting Jawudi and its clients. Compliance performs analysis of root cause trends and performs threat analysis for fraud that could impact Jawudi clients. Compliance conducts investigations relating to allegations of insider abuse (e.g., employees, contract employee/vendor, etc.), fraud events with elevated loss or exposure amounts, vulnerable adult exploitations, and data loss events stemming from employee actions.

Corporate Cyber Security (“CC”)

Part of the Information Technology Business Group, CC is responsible for designing, implementing, monitoring, and overseeing the Information Security Program to ensure the security, confidentiality, integrity, and availability of Jawudi financial information throughout the company.

Jawudi Employees

Responsible for understanding and remaining in compliance with the requirements of this Policy.  Employees must understand and accept responsibility for adherence to this Policy and the Red Flags Program.  Each employee is obligated to escalate any potential violation, or what the employee believes to be potentially suspicious activity, to her/his manager or through the appropriate reporting method as defined below.

Jawudi employees shall not knowingly provide advice or other assistance to individuals who attempt to violate or avoid fraud alerts or sanctions laws or those processes or procedures implemented to comply with this Policy or the Red Flags Program.

5. Point(s) of Contact

For questions about this Policy, contact the CCO or the senior most IT personnel.

6. Glossary 

Covered Account 

Defined by the Red Flags Rule, presences of covered accounts are what determines whether Jawudi is required to have a written ID theft and Red Flags Program.  

External Fraud

A financial loss incurred due to acts performed by an external party with the intention to defraud, steal or misappropriate property from Jawudi clients or Jawudi.  Typically, external fraud is categorized into two categories, either fraud that occurs in a product or fraud that occurs by actions taken by an external party.  

Fraud

Any actions performed by a party with the intention to defraud, misappropriate property or circumvent the law against Jawudi and/or its clients.  

Identity Theft and Fraud Red Flags (“Red Flags”)

A set of circumstances (e.g., actions committee/created) that are unusual in nature or vary from expected activity.  The red flags can be a single event/action or a combination of actions that could indicate unusual or potentially suspicious activity.  Red flags signal that something is out of the ordinary, unusual in nature, and, therefore, may need further investigation.  

Internal Fraud

Occurs when an employee commits fraud against Jawudi, clients, Jawudi vendors, third-parties, and other trusted business relationships.