NeftalyApp Courses Partner Invest Corporate Charity Divisions

Neftaly Staff

Neftaly Email: sayprobiz@gmail.com Call/WhatsApp: + 27 84 313 7407

Neftaly Human Capital Scam Management Policy, Procedures, Processes, Templates, Documents and Forms NeftalyP437

Document Code: NeftalyP437
Approved By: Neftaly Malatjie, Chief Executive Officer
Last Reviewed: 21 November 2025
Next Review Date: 21 May 2026
Policy Owner: Neftaly Chief Human Capital Officer (NeftalyCHCR)

NeftalyP437-1: CEO Address on the Launch of the Neftaly Human Capital Scam Management Policy

To the Neftaly Chairperson, Neftaly Board, Neftaly Royal Chiefs, and the entire Neftaly Human Capital Community,

I am honoured to launch the Neftaly Human Capital Scam Management Policy (NeftalyP437).

This policy establishes a framework to protect Neftaly staff, stakeholders, and systems from fraudulent, deceptive, and scam activities. It provides guidance on prevention, detection, reporting, and response to scams affecting our Human Capital operations.

By implementing this policy, Neftaly enhances organisational integrity, security, and trust, ensuring that all staff are equipped to recognise and mitigate scams effectively.

My message shall end here.

Signed:
Neftaly Malatjie
Chief Executive Officer
Neftaly

NeftalyP437-2: Scope

This policy applies to:

  • All Neftaly Human Capital staff, volunteers, interns, contractors, and stakeholders.
  • Identification, prevention, reporting, and response to scams targeting Neftaly or its staff.
  • All digital, financial, operational, and communication channels susceptible to scams.
  • Compliance with organisational, legal, and regulatory anti-fraud standards.

NeftalyP437-3: Definitions

Scam: Any deceptive, fraudulent, or malicious attempt to mislead, steal, or exploit Neftaly staff or resources.
Phishing: Fraudulent attempts to acquire sensitive information via emails, messages, or websites.
Internal Fraud: Any fraudulent activity occurring within the organisation.
External Fraud: Fraudulent activity originating from outside the organisation.
Incident Reporting Officer: Staff member responsible for receiving, investigating, and escalating scam reports.
Mitigation: Actions taken to prevent, limit, or eliminate the impact of scams.

NeftalyP437-4: Objectives

  • To protect Neftaly staff, resources, and data from scams and fraudulent activities.
  • To ensure early detection, reporting, and effective response to scams.
  • To standardise procedures for investigation, mitigation, and resolution.
  • To promote awareness, training, and a culture of vigilance against scams.
  • To ensure compliance with legal, ethical, and organisational anti-fraud requirements.

NeftalyP437-5: Roles and Responsibilities

5.1 Chief Executive Officer (CEO)

  • Approves strategic anti-scam policies and major response plans.
  • Receives reports on significant scam incidents and resolutions.

5.2 Chief Human Capital Officer (NeftalyCHCR)

  • Oversees implementation of the Scam Management Policy.
  • Ensures compliance, monitoring, and staff training on scam prevention.

5.3 Incident Reporting Officers / Human Capital Security Team

  • Receive, investigate, and escalate scam reports.
  • Implement mitigation measures and corrective actions.
  • Maintain records of all scam incidents and responses.

5.4 Line Managers / Supervisors

  • Support staff in recognising and reporting scams.
  • Ensure compliance with reporting and mitigation procedures.

5.5 Employees / Staff Members

  • Follow organisational guidelines for scam prevention and reporting.
  • Participate in scam awareness and prevention training.
  • Report suspected scams immediately.

NeftalyP437-6: Procedures

6.1 Scam Prevention

  • Conduct awareness campaigns using T437-01: Scam Awareness Checklist.
  • Train staff on common scams, phishing attacks, and fraudulent schemes.
  • Implement IT security measures, verification processes, and secure communication protocols.

6.2 Scam Detection

  • Encourage staff vigilance and monitoring of unusual activities.
  • Report suspicious communications, transactions, or requests.
  • Use T437-02: Scam Detection Reporting Form to capture initial details.

6.3 Incident Reporting and Investigation

  • Submit all scam incidents to Incident Reporting Officer using T437-03: Scam Incident Report Form.
  • Conduct investigation using T437-04: Scam Investigation Checklist.
  • Determine the scope, impact, and responsible parties.

6.4 Response and Mitigation

  • Isolate affected systems or processes.
  • Notify relevant internal and external stakeholders.
  • Apply corrective actions to prevent recurrence.
  • Document lessons learned in T437-05: Scam Mitigation Report.

6.5 Monitoring and Review

  • Maintain a T437-06: Scam Incident Log for all reports and investigations.
  • Review trends, emerging threats, and policy effectiveness quarterly.
  • Update prevention strategies, training, and processes annually.

NeftalyP437-7: Processes

Scam Management Cycle

  1. Awareness and prevention
  2. Detection of suspicious activity
  3. Reporting and documentation
  4. Investigation and analysis
  5. Response and mitigation
  6. Monitoring and continuous improvement

Support Processes

  • IT security monitoring
  • Staff training and awareness
  • Compliance with legal and regulatory anti-fraud requirements
  • Reporting to leadership and stakeholders

NeftalyP437-8: Templates, Documents, and Forms

T437-01: Scam Awareness Checklist
T437-02: Scam Detection Reporting Form
T437-03: Scam Incident Report Form
T437-04: Scam Investigation Checklist
T437-05: Scam Mitigation Report
T437-06: Scam Incident Log
T437-07: Staff Scam Awareness Training Record
T437-08: Scam Risk Assessment Form
T437-09: External Fraud Communication Template
T437-10: Annual Scam Management Review Report

Extended Templates

  • Phishing Email Examples and Alerts
  • Staff Guidance Notes on Fraudulent Schemes
  • Digital Security Guidelines
  • Internal Fraud Investigation Templates
  • Scam Awareness Campaign Materials

NeftalyP437-9: Compliance

All staff must comply with:

  • Neftaly Code of Conduct
  • IT and Data Protection Policies
  • Organisational anti-fraud procedures
  • Legal and regulatory requirements

Non-compliance may result in:

  • Counselling or retraining
  • Corrective action or suspension
  • Escalation to CHCR or CEO
  • Disciplinary or legal action

NeftalyP437-10: Frequently Asked Questions (FAQs)

  1. What constitutes a scam at Neftaly?
  2. Who is responsible for scam management?
  3. How do I report a suspected scam?
  4. What forms and templates should be used?
  5. How are scam investigations conducted?
  6. How can staff prevent scams?
  7. How are incidents documented and reviewed?
  8. Who is notified during significant scam incidents?
  9. How often are scam policies and procedures reviewed?
  10. What training is mandatory for scam awareness?