UNFAIR, DECEPTIVE, OR ABUSIVE ACTS OR PRACTICES (UDAAP) POLICY.

The Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act), provides that all service providers are legally required to refrain from committing unfair, deceptive, or abusive acts or practices (collectively, UDAAPs) in violation of the Act..

This policy statement describes certain acts or practices that constitute UDAAPs prohibited by the Dodd- Frank Act. The examples described in this policy statement/framework are not exhaustive of all potential UDAAPs.

This policy statement establishes the procedures that Graph (hereinafter referred to as “Graph, We,Us, or Our”) will follow to prevent and detect unfair, deceptive, or abusive acts or practices (UDAAPs) against its clients, partners, and stakeholders.

An Unfair, Deceptive, or Abusive Acts or Practices (hereinafter referred to as UDAAP) is any act or practice by a financial institution that is unfair, deceptive, or abusive to a client. UDAAPs can cause significant financial injury to consumers, erode consumer confidence, and undermine fair competition in the financial marketplace.

The Dodd-Frank Act prohibits conduct that constitutes an
1. An Unfair Act Or Practice: An act or practice is unfair when: (1) It causes or is likely to cause substantial injury to consumers; (2) The injury is not reasonably avoidable by consumers; and (3) The injury is not outweighed by countervailing benefits to consumers or to competition.
2. Deceptive Acts or Practices: An act or practice is deceptive when: (1) The act or practice misleads or is likely to mislead the consumer; (2) The 1 consumer’s interpretation is reasonable under the circumstances; and (3) The misleading act or practice is material.
3. Abusive Acts or Practices: An act or practice is abusive when it: (1) Materially interferes with the ability of a consumer to understand a term or condition of a consumer financial product or service; or (2) Takes unreasonable advantage of a consumer’s lack of understanding of the material risks, costs, or conditions of the product or service, a consumer’s inability to protect his or her interests in selecting or using a consumer financial product or service; or a consumer’s reasonable reliance on a covered person to act in his or her interests.

• Charging excessive fees or interest rates
• Misrepresenting the terms of a product or service
• Engaging in predatory lending practices
• Failing to provide proper disclosures
• Using unfair or deceptive collection practices
• Failing to post payments timely or properly or to credit a consumer's account with payments that the consumer submitted on time and then charging late fees to that consumer.
• Taking possession of property without the legal right to do so.
• Revealing the consumer's debt, without the consumer's consent, to the consumer's employer and/or co-workers.
• Falsely representing the character, amount, or legal status of the debt.
• Misrepresenting whether information about a payment or nonpayment would be furnished to a credit reporting agency.

The responsibility of ensuring compliance with UDAAP laws lies within the corporate compliance department or similar risk management area. However, good governance requires that they report up the organization to a higher level.

The regulatory compliance function is to be capable of credibly challenging the lines of business. They would create clearly enumerated technical rules that require that the risk management function be able to convincingly articulate why a practice is potentially an unfair, deceptive, or abusive one. The lines are often blurry and issues are seldom black and white.

This policy statement establishes the procedures that Graph (hereinafter referred to as “Graph, We,Us, or Our”) will follow to prevent and detect unfair, deceptive, or abusive acts or practices (UDAAPs) against its clients, partners, and stakeholders.

1. UDAAP training is key not only to transferring awareness of UDAAP concepts to all employees at every level but also to influencing a culture of fairness within the organization. All employees at leadership levels and all with customer impact would receive more specific UDAAP training no less often than annually.
2. For new employees, such training shall be an integral part of the onboarding process and completed within the first week of their employment. For existing employees, retraining sessions shall be conducted no less often than annually to reinforce compliance awareness and ensure a consistent understanding of UDAAP principles within the organization.

• Charging excessive fees or interest rates
• Misrepresenting the terms of a product or service
• Engaging in predatory lending practices
• Failing to provide proper disclosures
• Using unfair or deceptive collection practices
• Failing to post payments timely or properly or to credit a consumer's account with payments that the consumer submitted on time and then charging late fees to that consumer.
• Taking possession of property without the legal right to do so.
• Revealing the consumer's debt, without the consumer's consent, to the consumer's employer and/or co-workers.
• Falsely representing the character, amount, or legal status of the debt.
• Misrepresenting whether information about a payment or nonpayment would be furnished to a credit reporting agency.

We will take the following steps to prevent UDAAPs:
• Design products and services that are fair and in the best interests of clients.
• Develop and implement clear and concise policies and procedures that comply with all applicable laws and regulations.
• Train employees on UDAAP laws and regulations, as well as the company's UDAAP policies and procedures.
• Clearly disclose all fees and exchange rates associated with cross-border payments.
• Provide clients with accurate and timely information about the status of their cross-border payments.
• Take steps to prevent fraud and other unauthorized activity on virtual cards and virtual accounts.
• Monitor customer complaints and feedback to identify potential UDAAP issues.
• Monitor employee behavior for compliance with UDAAP policies and procedures.
• Conduct regular audits of UDAAP compliance.

• Charging excessive fees or interest rates
• Misrepresenting the terms of a product or service
• Engaging in predatory lending practices
• Failing to provide proper disclosures
• Using unfair or deceptive collection practices
• Failing to post payments timely or properly or to credit a consumer's account with payments that the consumer submitted on time and then charging late fees to that consumer.
• Taking possession of property without the legal right to do so.
• Revealing the consumer's debt, without the consumer's consent, to the consumer's employer and/or co-workers.
• Falsely representing the character, amount, or legal status of the debt.
• Misrepresenting whether information about a payment or nonpayment would be furnished to a credit reporting agency.

1. Customer Complaints: Customer complaints are a valuable source of information about UDAAPs. When customers complain, it is important to take their complaints seriously and to investigate them thoroughly. We will use a variety of methods to collect customer complaints, such as:
   • Online complaint form: We have an online complaint form on its website where customers can submit complaints about UDAAPs. Complaints can also be sent by email to info@graph.finance

   Once we have received a customer complaint about a UDAAP, we would investigate the complaint thoroughly. We can also interview the customer to get more information about the complaint and gather any supporting documentation. We would also review its own policies and procedures to determine if there is anything that can be done to prevent the complaint from happening again.

2. Employee Complaints: Employee complaints are also a valuable source of information about UDAAPs. Employees are often the first to see UDAAPs happening, and they may be able to provide valuable insights into the causes of UDAAPs and how to prevent them. We encourage employees to report UDAAPs by creating a safe and confidential reporting system. We can also collect employee complaints about UDAAPs through the following methods:
   • Employee surveys: We will conduct regular employee surveys to ask employees about their experiences with UDAAPs.
   • Employee focus groups: We will conduct employee focus groups to discuss UDAAPs and to get feedback from employees on how to prevent them.
   • Anonymous reporting system: We have an anonymous reporting system where employees can report UDAAPs without fear of retaliation.

Once Graph has received an employee complaint about a UDAAP, we will investigate the complaint thoroughly. We could also interview the employee to get more information about the complaint and to gather any supporting documentation. We also review our own policies and procedures to determine if there is anything that can be done to prevent the complaint from happening again.

3. Regulatory Reviews. Regulatory reviews are another important way to monitor for UDAAPs. Regulatory agencies, such as the Consumer Financial Protection Bureau (CFPB), conduct regular reviews of financial institutions to ensure that they are complying with all applicable laws and regulations. We cooperate with regulatory agencies during these reviews and take the necessary steps to address any UDAAPs that are identified.
4. Internal Audits. We also conduct internal audits to monitor for UDAAPs. Internal audits are independent reviews of our policies, procedures, and operations. Internal auditors help to identify UDAAPs and recommend corrective actions.
5. Analyzing Customer Data. We analyses customer data to identify patterns that may indicate UDAAPs. For example, we will analyse data on customer complaints, account closures, and product usage to identify trends that may indicate UDAAPs
6. Using Data Analytics Tools. We will use data analytics tools to identify UDAAPs.
7. Conducting Mystery Shopping. We can conduct mystery shopping to test its employees' compliance with its policies and procedures. For example, we could have mystery shoppers visit its branches or call its customer service center to see if employees are following the correct procedures.

By using a variety of methods to monitor for UDAAPs, we effectively prevent UDAAPs from happening and protect our customers from harm.

There is no doubt UDAAP will continue to challenge the industry, so it is essential for financial institutions to evaluate their risks and do what they can to diminish the impact violations may have on their organization. Proactive steps we will take are:

1. Regularly review features of consumer products and services. Evaluate product features and promotional materials and determine if any terms fall within the broad definition of UDAAP.
2. Evaluate new products for features that could be misunderstood or ones that have been omitted.
3. Review revenue streams for trends that may suggest abusive practices.
4. Evaluate written and oral methods of communicating product features to customers.
5. Review third-party service provider agreements to develop a clear understanding of their practices surrounding the service being provided.
6. Review all bank policies and procedures for practices that suggest unfair, deceptive, or abusive practices.
7. Create a consumer-friendly culture within your organization.
8. Evaluate customer complaints for signs of more serious systemic problems.

Financial institutions, like all businesses, run on metrics. UDAAP/fairness related metrics are essential to understanding the level of UDAAP compliance risks at any point in time. Developing these metrics requires a careful review of products, services, and processes to determine what are the indices of key UDAAP or fairness risks.

If we detects a UDAAP, it will take the following steps to remediate the problem:

• Take steps to correct the UDAAP and to prevent it from happening again.
• Compensate clients who have been harmed by the UDAAP.

1. Employees who suspect that a UDAAP has occurred should immediately report it to their Team/Line Managers. Team/Line Managers are responsible for investigating reports of UDAAPs and for taking appropriate action.
2. Clients who believe that they have been the victim of a UDAAP should contact our customer support department at info@graph.finance

This UDAAP Policy shall be subject to an annual review conducted by the Compliance Department to ensure its continued compliance with relevant regulatory requirements. Any necessary updates or modifications identified during the review shall be promptly implemented to maintain the policy's effectiveness and alignment with regulatory standards.

We are committed to fair and ethical business practices. We believe that all clients deserve to be treated with respect and fairness. We will work diligently to prevent and detect UDAAPs, and we will take appropriate action to remediate any UDAAPs that do occur.

We are committed to providing its customers with fair and transparent financial services.

In developing and enforcing this UDAAP (Unfair, Deceptive, or Abusive Acts or Practices) policy, We adhere to the following references, laws, and regulations:

1. Federal Trade Commission Act (15 U.S.C. § 45). This act prohibits unfair or deceptive acts or practices in or affecting commerce.
2. Consumer Financial Protection Bureau (CFPB) Regulations
3. Consumer Protection Act (Dodd-Frank Act)
4. Other Relevant Industry Regulations

We are committed to enforcing this UDAAP policy to ensure compliance and adherence to consumer protection laws. Non-compliance with this policy may result in disciplinary actions, up to and including termination of employment. Such disciplinary actions may include, but are not limited to:

1. Verbal or written warnings.
2. Suspension from duties.
3. Probationary periods for improvement.
4. Demotion to a lower position.
5. Termination of employment.

In addition to internal enforcement, employees are expected to cooperate with any external investigations, reviews, or audits related to UDAAP compliance conducted by regulatory authorities, government agencies, or third-party entities. Employees are encouraged to report any potential UDAAP violations they become aware of through the appropriate channels as outlined in this policy. We are committed to addressing and resolving any reported violations promptly and effectively.

The Board of Directors approved the revised policy on 1st August, 2023.