Abstract

Fraud risk refers to the potential for malicious actors to scam, steal, or issue unauthorized transactions. Given the irreversible nature of onchain transactions, thorough verification processes (e.g., Know Your Customer [KYC]) for withdrawals are imperative to ensure transaction authenticity and mitigate potential risks. This policy also focuses on ensuring accurate reporting of tax-deductible activities and the compliant use of our products by users. Effective management of fraud risk is essential to maintain financial integrity, regulatory compliance, and the trust of our stakeholders and donors.

Policy Statement

Endaoment is committed to providing secure accounts accessible only to properly KYC’d users and administrators. We strive to guard against tax deductibility-related fraud and misuse of Donor-Advised Funds (DAF). We manage these risks through robust KYC processes during both account creation and significant off-platform transactions (e.g., disbursements, rollovers). Compliance with this policy is mandatory for all employees, contractors, board members, and representatives acting on behalf of Endaoment.

Risk Management Strategy

Risk Assessment

  1. Fraud Risk Inventory and Classification
    • Maintain a comprehensive inventory of all potential fraud risks, categorizing them based on their likelihood and potential impact.
  2. Threat Analysis
    • Identify and evaluate potential threats to financial integrity, including cyber threats, internal fraud, and external malicious activities.

Risk Mitigation

  1. KYC Processes
    • Implement robust KYC procedures during account creation and before any significant financial transactions (e.g., disbursements, rollovers) to verify the identity of users and administrators.
  2. Access Control Measures
    • Enforce strict access controls to financial systems, ensuring that only authorized personnel can perform sensitive financial operations.
  3. Transaction Verification
    • Utilize multi-factor authentication and additional verification steps for high-risk transactions to prevent unauthorized activities.

Monitoring and Reporting

  1. Continuous Transaction Monitoring
    • Employ continuous monitoring systems to oversee financial transactions and detect irregularities or unauthorized activities.
  2. Incident Reporting Mechanism
    • Provide a secure and anonymous system for reporting suspected fraud or unauthorized transactions.

Operational Controls

Policies and Procedures

  • Documentation
    • All fraud risk management policies and procedures are thoroughly documented, with both internal and external-facing components where relevant.
  • Annual Review
    • Conduct an annual review of policies, updating them as necessary to reflect current best practices and regulatory changes.

Specific Fraud Prevention Measures

  1. 3Rs Review Process
    • Ensure monthly financials are confirmed through segregation of duties involving one third party, one staff member, and one board member.
  2. Yearly Third-Party Financial Audit
    • Conduct comprehensive financial audits annually by a third-party entity (e.g., Singer Lewak) and the Chief Operating Officer (COO). Updated audit documents must be publicly available on the Endaoment Docs page.
  3. KYC Processing
    • Implement documented policies and procedures for customer identification (including name, date of birth, address, and identification number), customer due diligence, and enhanced due diligence when necessary.
  4. Multisignature Wallet Use
    • Regularly confirm the integrity and operational security of all multisignature wallets used by staff on a monthly basis.
  5. Transaction Monitoring
    • Regularly audit incoming transactions to identify any suspicious patterns or activities that may indicate fraudulent behavior.
  6. Transaction Review Process
    • Establish documented policies and procedures for reviewing and approving transactions, ensuring both internal and external compliance requirements are met.
  7. Access Removal Procedures
    • Implement documented policies and procedures for promptly removing access rights of employees or contractors who no longer require access to financial systems.

Vendor Management

  • Compliance Standards
    • Implement stringent controls and regular reviews of vendor relationships to ensure compliance with Endaoment’s fraud prevention and financial integrity standards.

Segregation of Roles

  • Segregation of Duties
    • Ensure that critical financial procedures and systems have segregated duties to prevent any single individual from having full control over any process without oversight.
  • Approval Processes
    • Maintain segregated claim diligence and approval processes to uphold checks and balances.