I. Firm Policy

Alpha Wealth Funds, LP (“ALPHA WEALTH FUNDS” or the “Firm”)’s policy is to protect investors and
their accounts from identity theft and to comply with the Securities and Exchange Commission’s (the
“SEC”) Red Flags Rule. We will do this by developing and implementing this written Identity Theft
Prevention Program (“ITPP”), which is appropriate to our size and complexity, as well as the nature and
scope of our activities. This ITPP addresses 1) identifying relevant identity theft Red Flags for our firm, 2)
detecting those Red Flags, 3) responding appropriately to any that are detected to prevent and mitigate
identity theft, and 4) updating our ITPP periodically to reflect changes in risks.

Our identity theft policies, procedures and internal controls will be reviewed and updated periodically to
ensure they account for changes both in regulations and in our business.

 

II. ITPP Approval and Administration

The Firm’s Managing Member, Harvey Sax, approved this ITPP. Harvey Sax is the designated identity
theft officer and is responsible for the oversight, development, implementation and administration
(including staff training and oversight of third party service providers of ITTP services) of this ITPP.
Harvey Sax will ensure that this ITPP is provided to and reviewed by all staff of the Firm who have access
to nonpublic personal information of investors.

 

III. Relationship to Other Firm Programs

We have reviewed other policies, procedures and plans required by regulations regarding the protection of
our investor information, including our policies and procedures under Regulation S-P and our Privacy
Policy in the formulation of this ITPP, and modified either them or this ITPP to minimize inconsistencies
and duplicative efforts.

 

IV. Identifying Relevant Red Flags

To identify relevant identity theft Red Flags, the Firm will monitor the following risk areas:

  1. The types of investments offered;
  2. The methods used to open the accounts by investors and third parties; and
  3. The methods used to access the accounts by investors and third parties.

The Firm will also consider the sources of Red Flags, including identity theft incidents it has experienced
and changing identity theft techniques the Firm thinks likely. In addition, we considered Red Flags from
the following categories:

  1. Suspicious Documents
    1. Documents provided for identification appear to have been altered or forged.
    2. Other information on the identification is not consistent with information provided by the
      person opening a new covered account or person presenting the identification or
      information on file with the Firm.
    3. A request for withdrawal of funds appears to have been forged or altered.
  2. Suspicious Personal Identifying Information
    1. Personal identifying information provided is inconsistent when compared against external
      information sources used by the Firm. For example, the Social Security Number (“SSN”)
      has not been issued, or is listed on the Social Security Administration’s Death Master
      File.
    2. Personal identifying information provided by the investor is not consistent with other
      personal identifying information provided by the investor.
    3. Personal identifying information provided is associated with known fraudulent activity as
      indicated by internal or third-party sources used by the Firm.
    4. Personal identifying information provided is of a type commonly associated with
      fraudulent activity as indicated by internal or third-party sources used by the Firm. For
      example, the address provided for delivery of withdrawal proceeds is fictitious, a mail
      drop, or a prison.
    5. The SSN provided is the same as that submitted by other clients.
    6. The address provided is the same as or similar to the address submitted by an unusually
      large number of other prospective clients.
    7. The client fails to provide all required personal identifying information on the withdrawal
      request form or in response to notification that the withdrawal request form is incomplete.
    8. Personal identifying information provided is not consistent with personal identifying
      information that is on file with the Firm.
  3. Suspicious Account Activity
    1. An account is used in a manner that is not consistent with established patterns of activity
      on the account. For example, a material change in frequency or amount of withdrawals
      from an investor’s account or a withdrawal request seeks to have the proceeds paid to a
      different account or address than the one from which the investment was made.
    2. The Firm is notified of unauthorized activity in connection with an investor’s account.
  4. Notices from Law Enforcement Agencies or Other Sources

Some of these categories and examples may be relevant only when combined or considered with other
indicators of identity theft.

 

Detecting Red Flags

The Firm’s detection of Red Flags is based on our methods of getting information about investors and
prospective investors and verifying it, authenticating persons who access the accounts, and monitoring
transactions and change of address requests. Upon opening an account, the Firm will gather identifying
information about and verify the identity of the person opening the account through subscription
documents. For existing accounts, it can include authenticating investors, monitoring redemptions, and
verifying the validity of changes of address.

 

VI. Preventing and Mitigating Identity Theft

Upon review of the Firm’s accounts, how they are opened and accessed, and the Firm’s previous
experience with identity theft, the Firm has developed our procedures below to respond to detected identity
theft Red Flags.

When we have been notified of a Red Flag or our detection procedures show evidence of a Red Flag, we
will take the steps outlined below, as appropriate to the type and seriousness of the threat:

Prospective investor. For Red Flags raised by a prospective client:

  1. Review the subscription documents. We will review the prospective investor’s information
    collected under the subscription documents (e.g., name, date of birth, address, bank account and an
    identification number such as a Social Security Number or Taxpayer Identification Number).
  2. Seek additional verification. We may also verify the prospective investor’s identity by requesting
    the following information on each type of prospective investor:

    1. Individuals:
      1. Copy of biography page (with photo) of the investor’s passport or copy of driver’s
        license;
      2. Proof of the investor’s current address (e.g., current utility bill dated within the
        last 2 months).
    2. Corporations:
      1. Copy of the memorandum of association or articles of incorporation, or by-laws
        (or other equivalent documentation);
      2. Copy of the certificate of incorporation/certificate of trade or the equivalent;
      3. Certificate of incumbency listing names of beneficial owners and directors of the
        investor;
      4. List of duly elected officers of the corporation and their offices, who are duly
        authorized to execute any and all documents in connection with the investment, and a copy of the passports
        or national identity cards and/or document evidencing
        proof of address (i.e., original utility bill or similar document) of at least two of
        the authorized signatories.
    3. Partnerships:
      1. Copy of the partnership agreement;
      2. Copy of the certificate of incorporation/formation;
      3. Copy of the passports or national identity cards and/or document evidencing proof
        of address (i.e., original utility bill or similar document) of all partners authorized
        to execute all necessary documents in connection with the partnership’s
        investment.
    4. Trusts:
      1. Copy of the trust agreement;
      2. List of names of all of the trustees containing the current address of such trustees
        (if not listed in the trust agreement);
      3. Copy of the passports or national identity cards and/or document evidencing proof
        of address (i.e., original utility bill or similar document) of all trustees authorized
        to execute all necessary documents in connection with the Trust’s investment;
      4. A list of the settlors / beneficial owners and the beneficiaries of the trust (if not
        listed in the trust agreement), together with copies of their passports or national
        identity cards and/or separate evidence of their address from an official source.
  3. Deny the application. If we find that the applicant is using an identity other than his or her own,
    we will deny the account.
  4. Report. If we find that the applicant is using an identity other than his or her own, we will report it
    to appropriate local and state law enforcement. We may also report it to the Utah Division of
    Securities.
  5. Notification. If we determine personally identifiable information has been accessed, we will
    prepare any specific notice to investors or other required notice under state law for the state of
    residency of the affected investors.

Access seekers. For Red Flags raised by someone seeking to access an existing investor’s account:

  1. Watch. We will monitor, limit, or temporarily suspend activity in the account until the situation is
    resolved.
  2. Check with the investor. We will contact the investor to describe what we have found and verify
    with them that there has been an attempt at identify theft.
  3. Heightened risk. We will determine if there is a particular reason that makes it easier for an
    intruder to seek access, such as an investor’s lost wallet, mail theft, a data security incident, or the
    investor having given account information to an imposter pretending to represent the firm or to a
    fraudulent web site.
  4. Collect incident information. For a serious threat of unauthorized account access we may collect
    if available:

    1. Dates and times of activity
    2. Details of any wire transfer activity
    3. Investor accounts affected by the activity, including name and account number, and
    4. Whether the investor will be reimbursed and by whom.
  5. Report. If we find unauthorized account access, we will report it to appropriate local and state law
    enforcement. We may also report it to the Utah Division of Securities.
  6. Notification. If we determine personally identifiable information has been accessed, we will
    prepare any specific notice to investors or other required notice under state law for the state of
    residency of the affected investors.
  7. Review our insurance policy. Since insurance policies may require timely notice or prior consent
    for any settlement, we will review our insurance policy (as applicable) to ensure that our response
    to a data breach does not limit or eliminate our insurance coverage.
  8. Assist the investor. We will work with investors to minimize the impact of identity theft by taking
    the following actions, as applicable:

    1. Adding extra security measures before permitting future access to the threatened account;
    2. Offering to change the way the affected investor can make withdrawals from the
      threatened account; or
    3. Providing the affected investor with information regarding the unauthorized access in
      order to facilitate investor’s ability to seek recourse against the parties that attempted the
      fraudulent access of investor’s account or personal information.

III. Relationship to Other Firm Programs

The Firm uses various services providers, such as broker-dealers and custodians, in connection with our
clients’ accounts. We have a process to confirm that our service providers that perform activities in
connection with our clients’ accounts comply with reasonable policies and procedures designed to detect,
prevent and mitigate identity theft by requiring them to have policies and procedures to detect Red Flags
and report them to us or to take appropriate steps on their own to prevent or mitigate identity theft. We will
review each service provider’s policies and procedures to ensure appropriate identity theft safeguards are in
place.

 

VIII. Updates and Annual Review

The Firm will update this plan whenever we have a material change to our operations, structure, business or
location, or when we experience either a material identity theft from a covered account, or a series of
related material identity thefts from one or more covered accounts. ALPHA WEALTH FUNDS will also
follow new ways that identities can be compromised and evaluate the risk they pose for our firm. In
addition, ALPHA WEALTH FUNDS will review this ITPP annually to modify it for any changes in our
operations, structure, business, or location or substantive changes to our relationship with our clearing firm.
Harvey Sax will be responsible to annually update this ITPP as necessary.

 

VIIII. Your Privacy Is Important To Us! Our Privacy Policy

Please read our privacy policy here.

Approval
I approve this ITPP as reasonably designed to enable our firm to detect, prevent and mitigate identity theft.

 

Harvey Sax
Managing Member
updated 12/18/24