Anti-Fraud Governance Policy

Phishing

Any attempt to obtain sensitive information, credentials, or access rights by impersonating the company or another trusted entity through fraudulent communications or interfaces.

Spoofing

The creation or use of false identities, websites, communications, or technical identifiers intended to mislead users or systems.

Market Manipulation

Any action intended to artificially influence the price, volume, or perceived demand of a digital asset in order to gain an unfair advantage.

Insider Trading

The use of confidential, non-public, or price-sensitive information obtained through privileged access for personal or third-party benefit.

Westbridge recognizes the following key fraud risk categories, including but not limited to:

Unauthorized Account Access

Access to client or internal systems through compromised credentials, phishing, malware, or other social engineering methods.

Market and Price Manipulation

Attempts to distort fair market conditions or influence asset pricing through deceptive or prohibited practices.

Misuse of Confidential Information

Improper use of internal, operational, or client-related information for personal gain or unauthorized advantage.

Deceptive Communications

Fraudulent representations, impersonation, or spoofing attempts designed to mislead clients, partners, or internal systems.

To mitigate fraud risks, Westbridge has implemented a layered control framework, including:

Strong Authentication Controls

Implementation and promotion of multi-factor authentication (MFA), including two-factor authentication (2FA), to secure access to systems and client accounts.

Security Reviews and Controls

Regular internal reviews and external assessments to identify vulnerabilities and enhance system resilience.

Transaction Monitoring

Automated and manual monitoring of transactions and client activity to detect unusual behavior, high-risk patterns, or potential fraud indicators.

Employee Training and Awareness

Ongoing training programs covering fraud prevention, cybersecurity, AML/CTF obligations, and ethical conduct standards.

Confidential Reporting Channels

Employees, clients, and partners may report suspected fraud through secure and confidential channels, including anonymous reporting where permitted.

Investigation Procedures

All reports are reviewed and investigated by designated compliance or risk management functions in accordance with internal procedures.

Client Communication

Where appropriate, affected clients may be informed of relevant incidents and remediation measures taken by the company.

Regulatory Reporting

Where required under applicable Swiss law or SRO obligations, incidents may be reported to competent authorities and subject to further legal action.

This Policy is reviewed periodically to ensure alignment with evolving fraud risks, technological developments, and applicable Swiss SRO regulatory requirements. Updates are approved by management and implemented as part of ongoing governance improvements.