1. Purpose
Bayarcash is committed to maintain the highest standards of integrity, transparency, and accountability in all business activities and to protecting its assets, reputation, and customers from fraudulent activities. The purpose of this policy is to establish a comprehensive framework for the prevention, detection, investigation, and response to fraud within Bayarcash operations.
2. Scope
This policy applies to:
- All Bayarcash employees, managements, and directors.
- Contractors, agents, service providers, and third parties acting on behalf of Bayarcash.
- All products, services, customer accounts, and digital platforms operated by Bayarcash.
It covers both internal fraud (committed by employees or insiders) and external fraud (committed by customers, vendors, or third parties).
3. Definition of Fraud
Fraud is defined as any intentional act or omission designed to deceive others, resulting in the loss of assets, financial benefit, or unfair advantage to the perpetrator.
Examples include (but are not limited to):
- Misappropriation of assets or funds;
- Forgery, falsification, or manipulation of records or documents;
- Unauthorized access to systems or data;
- Cyber fraud (phishing, account takeover, identity theft, etc.);
- False claims or misrepresentation of information;
- Collusion with external parties for personal gain;
- Bribery, corruption, or kickbacks;
- Manipulation of transactions or financial statements.
4. Policy Statement
Bayarcash maintains zero tolerance for fraud. All suspected or confirmed incidents of fraud will be investigated thoroughly and dealt with promptly, including through disciplinary, civil, or criminal proceedings as appropriate. Fraud risk management is an integral part of Bayarcash’s overall risk governance framework and corporate ethics culture.
5. Objectives
The key objectives of this policy are to:
- Prevent and deter fraudulent behavior through strong internal controls and awareness.
- Detect and report fraud at the earliest possible stage.
- Investigate incidents promptly and effectively.
- Protect customer and company assets from misuse or theft.
- Ensure compliance with laws, regulations, and reporting obligations.
- Promote a culture of honesty, integrity, and ethical conduct.
6. Roles & Responsibilities
| Role | Responsibilities |
|---|---|
| Board of Directors / Audit Committee | Approves the fraud policy, oversees risk management, and ensures governance effectiveness. |
| Senior Management | Implements controls and allocates resources to prevent and detect fraud. |
| Fraud Risk Management Unit (FRMU) | Develops fraud prevention strategies, conducts investigations, and reports incidents. |
| Compliance / AML Department | Ensures compliance with laws and AML/CFT requirements, performs transaction monitoring. |
| Internal Audit | Independently reviews the effectiveness of fraud controls and prevention measures. |
| Employees | Must comply with this policy and immediately report any suspected fraud or unethical behavior. |
7. Fraud Risk Management Framework
Bayarcash’s Fraud Risk Management Framework consists of four core pillars:
7.1. Prevention
- Establishing a strong internal control environment.
- Conducting due diligence on employees, vendors, and partners.
- Enforcing segregation of duties and authorization limits.
- Using secure systems with role-based access control.
- Implementing fraud awareness training programs.
- Maintaining up-to-date AML/CFT and KYC procedures.
7.2. Detection
- Real-time transaction monitoring and anomaly detection systems.
- Data analytics to identify unusual patterns or high-risk activities.
- Whistleblowing channels for confidential reporting.
- Regular internal audits and control testing.
- System alerts for suspicious login attempts, velocity checks, or duplicate payments.
7.3. Investigation
- The Fraud Risk Management Unit (FRMU) is responsible for investigating reported or detected cases of suspected fraud.
- Investigations will be conducted confidentially, fairly, and in coordination with Legal, HR, and Compliance functions.
- Evidence will be collected, documented, and preserved for potential disciplinary or legal proceedings.
7.4. Response
- Appropriate disciplinary or legal action will be taken against individuals involved in fraudulent activity.
- System and process weaknesses identified during investigations will be addressed immediately.
- Confirmed cases must be reported to relevant authorities (e.g., FIU, central bank, regulators) as required by law.
- Communication and awareness updates will be shared to prevent recurrence.
8. Fraud Risk Assessment
Bayarcash will conduct periodic fraud risk assessments to:
- Identify potential areas of fraud exposure;
- Evaluate the likelihood and impact of each risk;
- Assess the adequacy of existing controls;
- Develop mitigation and monitoring strategies.
Assessments will be reviewed at least annually or whenever significant operational or regulatory changes occur.
9. Reporting Mechanisms (Whistleblowing)
Bayarcash maintains secure and confidential channels for reporting suspected fraud or misconduct, including:
- Email: compliance@bayarcash.com
- Anonymous web form or in-person reporting to the Compliance Officer
All reports will be treated confidentially and investigated promptly. Retaliation against whistleblowers is strictly prohibited and will result in disciplinary action.
10. Data Protection & Confidentiality
All information relating to fraud reports and investigations will be handled in strict confidence and in accordance with:
- The Data Protection & Privacy Policy;
- Malaysia Personal Data Protection Act 2010 (Act 709)
- Other applicable data privacy laws (e.g., GDPR).
Personal data collected during investigations will be used solely for fraud prevention and legal compliance purposes.
11. Training & Awareness
Bayarcash will provide regular fraud awareness and ethics training to all employees and contractors. Training will cover:
- Recognizing fraud indicators;
- Reporting procedures;
- Roles and responsibilities;
- Real-world case studies;
- Compliance obligations.
Specialized training will also be provided to high-risk departments (e.g., Finance, Operations, Customer Service, IT Security).
12. Integration with AML/CFT & Compliance Programs
This policy complements Bayarcash’s:
- Anti-Money Laundering & Counter-Financing of Terrorism (AML/CFT) Policy;
- Sanctions Screening Policy; and
- Code of Conduct & Ethics Policy.
Fraud risk management will be coordinated with AML/CFT transaction monitoring and suspicious activity reporting processes.
13. Monitoring, Review & Continuous Improvement
- The Fraud Risk Management Unit (FRMU) and Internal Audit will monitor the effectiveness of fraud controls.
- This policy will be reviewed at least annually or as needed to reflect regulatory changes, new threats, or organizational updates.
- Recommendations for improvement will be reported to the Board or Audit Committee for approval.
14. Disciplinary Action
Any employee found to have participated in, facilitated, or concealed fraudulent activities will be subject to:
- Disciplinary action up to and including termination of employment;
- Civil recovery of losses; and/or
- Criminal prosecution, where appropriate.