Purpose of the Fraud Policy:

This policy outlines the responsibilities of employees and management regarding the reporting of fraud or suspected fraud within the organisation.
Scope of the Fraud Policy This Fraud Policy applies to any irregularity, or suspected irregularity, involving Coinstradehub’s users, employees, and where applicable, consultants, vendors, contractors, external agencies doing business with the organization, or their employees, as well as any other parties having a business relationship with the organization. For the purposes of this policy, the term ‘employee’ includes individuals working within the organisation, such as external consultants, contractors, and agency personnel.

Definition of Fraud:
Fraud is broadly defined as any intentional act of deceit carried out to obtain an unjust or illegal advantage. For the purposes of this policy, fraud includes, but is not limited to:

• Fraudulent transactions conducted on the platform by our users.
• Theft or misappropriation of assets owned or managed by Coinstradehub.
• Submitting false claims for payments or reimbursements.
• Accepting or offering bribes, or receiving gifts or favors under circumstances that could suggest the intent to influence an employee’s decision-making while serving the organisation.
• Off-the-books accounting or making false or fictitious entries.
• Any dishonourable, reckless, or deliberate act that goes against the interests of theorganization.
• Knowingly creating and/or distributing false or misleading financial reports.
• Paying excessive prices or fees without documented justification.
• Wilful negligence intended to cause harm to the organization’s material interests.
• Blackmail or extortion.

Fraud Prevention:
Cryptocurrency Transactions:
All external transfers of cryptocurrency are closely monitored using Chainalysis. This tool examines the source of funds on the blockchain, as well as any negative associations in the history of the cryptocurrency or the wallets involved in the transactions.

Card Payments:
For card payments, we employ a comprehensive in-house monitoring system that combines traditional rules with a machine learning-based system to detect unusual or out-of-pattern behaviours.

Transaction Monitoring and Limits:
Transactions are monitored against a range of configurable limits to ensure security and detect potential fraud:

• Daily Transaction Limits: Restrict the number of daily transactions per user to a configurable limit.
• Weekly Transaction Limits: Restrict the number of weekly transactions per user to a
  configurable limit.
• Monthly Transaction Limits: Restrict the number of monthly transactions per user to a
  configurable limit.
• Maximum Transaction Value: Set a maximum value for a single transaction, adjustable based on user risk profiles.
• Minimum Transaction Value: Set a minimum value for a single transaction, adjustable as needed.
• Daily Transaction Value Limits: Cap the total value of daily transactions per user to a
  configurable amount.
• Weekly Transaction Value Limits: Cap the total value of weekly transactions per user to a configurable amount.
• Monthly Transaction Value Limits: Cap the total value of monthly transactions per user to a configurable amount.
• Unique Card Usage Limits: Limit the number of unique card numbers a single user can utilize, with unused cards being deactivated after three days of inactivity.
• Failed Transaction Limits: After three failed transactions in a day, the use of a unique card is restricted for the rest of the day.
• Stolen or Lost Cards: Automatically block card numbers identified as stolen or reported lost by the acquirer.

Alerts and Monitoring
We employ a variety of alerts to ensure rapid detection and response to potentially fraudulent activities:

• Platform-wide Alerts: Trigger an alert when the total daily value of all card transactions on the platform reaches a configurable threshold.
• BIN/User Country Mismatch Alerts: Alert when there is a mismatch between the BIN (Bank Identification Number) and the user’s country.
• Multiple BIN Countries Alert: Alert when a user is using cards associated with multiple BIN countries.
• Failed Transactions Alert: Trigger an alert on multiple failed transactions by the same user.
• IP Address Monitoring: Block user deposits from IP addresses in high-risk countries.
• High-Value Transaction Alert: Alert when a single transaction value exceeds a configurable percentage above the user’s previous highest deposit.

Machine Learning Monitoring
Our machine learning system is designed to identify and alert on complex patterns indicative of fraudulent behaviour:

• Stolen Card Transaction Patterns: Alert on patterns suggesting attempts to process
  transactions with stolen cards.
• Avoidance of System Rules: Alert on users who attempt to bypass system rules by using multiple cards over extended periods.
• Fraudulent Deposit Patterns: Alert on deposit patterns commonly associated with fraudulent activities, such as ‘patterning’ or ‘smurfing’.
• New or Unusual Behavior: Alert on new or out-of-pattern behaviors that could indicate potential fraud.

Suspected Fraud
Transaction limits are in place to prevent individual fraudulent transactions from being processed. Depending on the severity of an alert, the Money Laundering Reporting Officer (MLRO) may be notified to review the customer account. In cases of severe alerts, the user’s account will be locked pending further investigation. Monitoring and Reporting of Fraud All confirmed instances of fraud must be recorded in the Fraud Log on the same day the fraud is confirmed. The Fraud Log should include the following details:

• Customer Name
• Public key of the user account
• Public key of any other involved accounts (if applicable)
• Last 4 digits of the payment method used
• Amount in dispute
• Currency involved
• Date of the transaction
• Date the customer was notified
• Date of any withholding (W/H) refunds issued

Comments or additional notes:
The Fraud Log will be reviewed by the board on a weekly basis, and checks will be conducted to ensure that all confirmed fraud cases have been accurately recorded. Each fraud case will be reflected in the performance and incident reports. When specific thresholds are crossed, internal escalations will ensure that the senior management team and the governance team are informed, allowing them to investigate, provide input, and make decisions as necessary.