ANTI-FRAUD & CYBERSECURITY POLICY
Issued by the Legal Department, Bani Global Industries LLP (LLPIN: ACI-6373)
Effective Date: 01/12/2025
This Anti-Fraud & Cybersecurity Policy (“Policy”) sets out the standards, controls, responsibilities, and reporting mechanisms to prevent, detect, and respond to fraud, cyber incidents, unauthorized activities, and digital security threats across all operations of Bani Global Industries LLP (“Company”, “We”, “Us”, “Our”).
This Policy applies to:
- Employees, partners, directors
- Vendors, contractors, and service providers
- Customers or users interacting with Company systems
- Any individual or entity accessing Company-owned digital assets
It covers all corporate websites, applications, email domains, digital platforms, procurement systems, and internal networks.
The Company enforces a zero-tolerance policy towards:
- Fraud
- Cybercrime
- Data theft
- Unauthorized system access
- Impersonation
- Digital manipulation
- Financial deception
- Misappropriation of Company assets
- Identity spoofing or email impersonation
Any breach may result in termination, blacklisting, civil recovery, and criminal prosecution.
3.1 Fraud
Includes any act of deception intended to secure unlawful gain, including falsification of documents, misrepresentation, unauthorized commitment, or financial manipulation.
3.2 Cybersecurity Incident
Any unauthorized access, breach attempt, phishing attack, malware deployment, data leak, or compromise of digital assets.
3.3 Impersonation / Spoofing
Any use of fake email IDs, cloned websites, fraudulent phone calls, or unauthorized communication misrepresenting the Company.
Official communication from the Company is conducted exclusively through:
Primary Email Domain:
@baniglobal.in
Legacy Email Domain (While Active):
@baniloungewear.com
Any communication received from domains outside these approved formats must be treated as suspicious.
The Company does not authorize:
- Gmail, Yahoo, or personal email IDs for corporate transactions
- WhatsApp or SMS for financial commitments unless verified
- Employees or vendors to request payments outside Company policy
The following activities are strictly prohibited:
- Unauthorized access to Company systems
- Sharing of passwords or login credentials
- Installation of unapproved software
- Modification or deletion of Company data
- Attempting to bypass security controls
- Engaging in phishing or social engineering
- Vendor fraud (false invoicing, duplicate billing)
- Misuse of confidential information
- Impersonating Company officials
- Tampering with digital records or procurement workflows
The Company enforces reasonable security practices, including:
6.1 Technical Controls
- Firewalls and intrusion detection systems
- Multi-factor authentication (MFA)
- Secure email gateways
- Encrypted communication channels
- Antivirus and malware protection
- Cloud security controls
6.2 Access Management
- Role-based access
- Periodic access audits
- Immediate revocation upon termination
- Monitoring privileged accounts
6.3 Data Protection
- Encryption of sensitive information
- Secure data storage
- Controlled sharing with authorized personnel only
- Prohibition on external device usage unless approved
6.4 System Monitoring
- Regular log audits
- Anomaly detection
- Automated threat alerts
- Continuous security monitoring
The following controls apply to vendor management and financial operations:
- Mandatory PO (Purchase Order) for all transactions
- Verification of vendor credentials
- Payments only to registered bank accounts
- Mandatory TDS deductions where applicable
- Review of invoices against delivery proofs
- Two-level approval system for financial releases
- Audit trails for all procurement activities
No employee is allowed to commit Company funds without proper authorization.
Any User, employee, or vendor must immediately report:
- Suspicious emails
- Requests for money or sensitive data
- Unauthorized login attempts
- Alteration of vendor bank details
- Fake job offers or phishing messages
- Cloned websites or fraudulent social profiles
- Data leaks or system anomalies
Report to:
All reports are kept confidential.
Upon receiving a complaint, the Company shall:
- Acknowledge receipt
- Conduct a preliminary assessment
- Isolate affected systems (if required)
- Initiate internal investigation
- Engage forensic experts where necessary
- Coordinate with law enforcement (if fraud or cybercrime is confirmed)
- Implement corrective actions
The Company reserves the right to suspend access of any individual or Vendor during investigation.
Depending on severity, violations may result in:
- Disciplinary action
- Termination of employment or vendor contract
- Legal action (civil & criminal)
- Recovery of financial losses
- Blacklisting from future engagements
- Reporting to statutory authorities
Users interacting with Company systems must:
- Protect their login credentials
- Avoid sharing sensitive data over unsecured channels
- Verify email authenticity before acting
- Refrain from accessing unauthorized content
- Comply with Company security guidelines
- Report anomalies immediately
The Company may modify or update this Policy based on:
- Emerging cybersecurity threats
- Regulatory changes
- Business expansion
- Internal review outcomes
Modifications are effective upon publication.
Bani Global Industries LLP
Email: legalteam@baniglobal.in
Secondary (Security): cybersecurity@baniglobal.in
Registered Office:
203, A/3, Kundan Mansion, Turkman Gate,
Asaf Ali Road, Central Delhi – 110002