Bayarcash

Staff Training & Awareness Policy

Version 1.0
Effective Date 01 August 2025
Approved By Compliance & Risk Committee
Next Review Date 01 August 2026

1. Purpose

The purpose of this policy is to ensure that all Bayarcash employees are adequately trained and aware of their responsibilities in relation to Anti-Money Laundering (AML), Counter Financing of Terrorism (CFT), PCI DSS compliance, and cybersecurity practices. This strengthens the organization’s security posture, regulatory compliance, and operational efficiency.

2. Scope

This policy applies to:

  • All Bayarcash employees, contractors, and third-party staff with access to company systems or sensitive data.
  • All training initiatives related to AML/CFT, data security, payment card compliance, and general cybersecurity awareness.

3. Training Principles

  • Mandatory Training: Employees must complete required training programs relevant to their role.
  • Role-Based Training: Specialized training is provided depending on the employee’s responsibilities (e.g., finance team, IT, customer support).
  • Continuous Learning: Refresher and update training are provided regularly to reflect regulatory changes, emerging threats, and system updates.
  • Evaluation: Training effectiveness is assessed through quizzes, practical tests, or compliance audits.

4. Key Training Areas

4.1 AML/CFT Awareness

  • Understanding of AML/CFT regulations and Bayarcash policies.
  • Identification and reporting of suspicious transactions.
  • Customer Due Diligence (CDD) and Know Your Customer (KYC) procedures.
  • Recordkeeping and reporting obligations to regulatory authorities.

4.2 PCI DSS Compliance

  • Handling cardholder data securely according to PCI DSS standards.
  • Understanding encryption, tokenization, and secure transmission practices.
  • Recognizing and reporting data breaches or vulnerabilities.

4.3 Cybersecurity Awareness

  • Recognizing phishing, malware, and social engineering attacks.
  • Strong password management, multi-factor authentication, and secure remote access.
  • Safe use of IT assets, including laptops, mobile devices, and cloud applications.
  • Reporting incidents and potential security breaches immediately.

4.4 Data Protection & Privacy

  • Understanding Bayarcash Privacy Policy, Personal Data Protection Act 2010 (Act 709) and GDPR/local data protection regulations.
  • Proper handling of sensitive personal and financial information.

5. Training Methods

  • Online e-learning modules
  • In-person or virtual workshops and seminars
  • Periodic refresher courses and scenario-based exercises
  • Newsletters, alerts, and updates on regulatory changes or emerging threats

6. Roles & Responsibilities

6.1 HR / Training Team

  • Develop and deliver training programs.
  • Track training completion and maintain records.
  • Update content in line with regulatory and security requirements.

6.2 Managers

  • Ensure team members complete mandatory training.
  • Monitor employee understanding and application of knowledge.

6.3 Employees

  • Complete all assigned training within specified deadlines.
  • Apply knowledge in day-to-day operations.
  • Report any suspicious activities or incidents.

6.4 Compliance & IT Teams

  • Provide subject matter expertise for AML/CFT, PCI DSS, and cybersecurity topics.
  • Conduct audits to assess training effectiveness and compliance.

7. Monitoring & Reporting

  • Training completion and assessment results are tracked and reported to management regularly.
  • Non-compliance with training requirements may result in restricted system access or disciplinary action.

8. Review & Updates

  • This policy and associated training programs are reviewed at least annually or whenever there are significant regulatory or operational changes.