This Policy shall be deemed effective as of 06/02/2023. No part of this Policy shall have retroactive effect and shall thus apply only to matters occurring on or after this date.
This document shall be subject to periodic reviews in accordance with changes in:
The Board review and approve all changes before they are implemented. Minor changes are reflected by incrementing the version number as 1.1, 1.2, 1.3, etc.
Where significant changes to the document are made, these are reflected in a new version number as 1.0, 2.0, 3.0, etc.
SF Private Bank is operating at 83-85 Baker Street, Marylebone, London W1U 6AG.
This fraud policy sets out the responsibilities of SF Private Bank and its employees regarding observing and upholding a zero-tolerance position on internal and external fraud.
This policy is applicable to all financial service operations of SF Private Bank, and the responsibilities thereof.
Fraud is the use of deception for the intention of obtaining an advantage for the individual or for a third party or parties. This can often include avoiding an obligation, or causing loss to another party, both financial and/or material.
Regarding SF Private Bank’s obligations Fraud is not a specific offence specified by the relevant authorities. It is instead a catch-all term which includes:
Therefore, for the purposes of the policy, fraud includes, but is not limited to:
Fraud occurs where there is a lack of adequate controls applied to the internal prevention of fraud. Fraud events may also arise where there is a failure by SF Private Bank employees to observe the internal controls, act carelessly regarding the fulfilment of their responsibilities, or have inadequate permissions within their duties which puts them at risk of receiving or committing fraud.
To assist in identifying occurrences of Fraud, SF Private Bank has recognised four basic elements which are usually present when fraud occurs.
These are:
This policy is the guiding document for the prevention of fraud at SF Private Bank and will be reviewed as and when required due to the changes in the operational risk and best practices as appropriate.
This policy sets out the procedures implemented by SSF Private Bank to mitigate the threat of fraud and the ways in which SF Private Bank responds to allegations of fraud. SF Private Bank understands that the delivery of financial services comes with it, the threat of fraud. Therefore, to effectively protect its customers and employees, SF Private Bank ensures all internal and external fraud risks are identified, and that appropriate controls are implemented.
Which means, all SF Private Bank employees are required to actively prevent fraud by meeting the following standards:
All SF Private Bank employees are required to minimise the occurrence and impact of fraud events. However, SF Private Bank recognises employee responsibility and ability to mitigate the risk of fraud cannot be achieved without support from SF Private Bank’s Senior Management.
Therefore, SF Private Bank’s Senior Management recognises the following responsibilities as outlined below:
Internal fraud relates to fraud committed by individuals operating within SF Private Bank. For example, internal fraud may be employees accessing payment systems and instructing fraudulent transactions.
Internal Fraud may include, but is not limited to the following:
To mitigate such risks, all activities relating to financial operations and the movement of funds are verified by multiple authorised employees. A fraud preventative two-factor authentication is required before any payment system can be accessed and payments processed.
Additionally, all accounts are reconciled twice daily, at open and close of business. This process is to identify suspicious activity which may indicate the occurrence of fraud. Where suspicious activity is identified, an incident will be raised via the internal Suspicious Activity Reporting (SAR) procedure, the event investigated, and the relevant controls reviewed to suitability.
In relation to employees accessing and abusing sensitive customer or payment data for fraud purposes, access is granted to only those that need it in the fulfilment of their role within SF Private Bank. Access is determined based on a risk assessment and reviewed annually.
Data access and usage is reviewed constantly by SF Private Bank’s CTO to ensure that only authorized employees have accessed suitable data. Where unauthorized individuals have been found to have accessed sensitive payment data without the required authorisation, an incident will be raised, and the relevant controls reviewed.
External fraud relates to external individuals or organisations attempting to infiltrate SF Private Bank to obtain and abuse the products, services, and operational procedures available. SF Private Bank is aware such parties may also include employees of a third-party service provider partnered with SF Private Bank.
To prevent external access to information, systems and sensitive customer and payment data, all SF Private Bank access is controlled by procedures outlined by the latest SF Private Bank Information Security Policy, overseen by the ISO. Access to systems and underlying data is provided to only those to whom it is essential to their role within SF Private Bank, and even then, activity is monitored.
Technical systems are also protected and monitored for any potential hacks or compromise attempts. This is applied using appropriate third-party technology and encryption.
In instances where external individuals or organisations attempting to commit fraud by using stolen customer details, SF Private Bank provides a preventative mitigation by applying Customer Due Diligence (CDD) procedures, as outlined by the latest Anti-Money Laundering and Counter-Terrorist Financing Policy.
CDD controls are both preventative and detective in nature as they are implemented both before the start of any business relationship and procedurally throughout.
All customer accounts are monitored for fraudulent activity. Where suspicious activity is identified, the internal SAR process is followed, and an investigation undertaken. Customers are also able to report a fraudulent event by contacting SF Private Bank customer service, and employees are encouraged to take any motivation of fraud as high priority.
Employees that are informed of fraud via customer communication are to inform the MLRO immediately.
The effectiveness of security credentials for both customers and employees are assessed via the customer notifications and/or SARs raised. Investigations both into customer communications and SARs cause the relevant controls to be reviewed.
All suspected instances of fraud or irregularity must be reported to the MLRO. The MLRO is responsible for notifying Senior Management of fraud events. Where fraud events involve the MLRO then the MLROs responsibilities are delegated to a nominated Compliance Officer. Should Senior Management be implicated in fraudulent activities then the relevant law enforcement agencies shall be notified directly.
Where allegations or suspicions arise, the MLRO, with guidance from Senior Management where appropriate, determines the most appropriate and proportional course of action.
The following will be considered to determine the appropriate response to suspicions of fraud or irregularity:
Any individual(s) suspected of irregular and/or fraudulent activities should not be confronted prior to commencement of the investigation process. Records related to the activity may need to be seized before the suspected individual(s) becomes aware of any investigation.
If in the opinion of the investigating team fraud is probable, employees suspected of such irregularities and/or fraud will be suspended pending investigation. Employees suspected of irregular and/or fraudulent activities have legal rights that must be respected.
Details of the investigation must remain confidential to all but the MLRO, Senior Management and the Compliance team (were appropriate), legal counsel, and/or law enforcement agencies.
The MLRO will also review details of the operational weaknesses and ascertain why or if the fraud event was not prevented or detected promptly. The MLRO then provides recommendations for improving the controls to prevent or detect similar events.
SF Private Bank employees are encouraged to report any doubts to the MLRO or Senior Management regardless of whether the report turns out to be valid. If an employee is confused or has doubts when compiling a report, then they should contact the MLRO for guidance.
The controls outlined in this policy have been designed to prevent a fraud related issue from occurring. The MLRO submits a review of anti-fraud controls, procedures, policies, and culture within SF Private Bank.
On a monthly basis, SF Private Bank will collect the following information:
SF Private Bank will make use of reported incidents of fraud recorded in SARs to collate this data. Where there is fraud data to report, fraud data is added to a monthly Management Information pack, which is presented to the SF Private Bank Senior Management for review.
SF Private Bank is required to run due diligence checks on any prospective or existing employees. Understanding and knowing exactly who SF Private Bank is engaged with, and the nature of any business relationships (e.g., employees, suppliers, service providers etc), can help to protect SF Private Bank from taking on people who might be a risk to fraud events occurring.
SF Private Bank’s recruitment program is aimed at checking the background and references of all new and existing employees as well as ongoing criminal background, politically exposed persons (PEP), and sanction checks.
The level of due diligence will be proportionate to risks posed by the associated person and the nature of their relationship with SF Private Bank.
As part of undertaking due diligence on a potential employee SF Private Bank will Identify the potential employee and verify their identity.
When assessing the risk posed by a potential employee, SF Private Bank considers the risk factors related to the:
Fraud awareness training underpins fraud prevention and detection. SF Private Bank ensures that all employees are aware of their responsibilities for fraud control and ethical behaviour. Targeted training is provided for new employees, refresher training is given to current employees annually.
Training covers the following subject areas: