How to Implement a Risk-Based Approach in Payments

Managing risk to avoid negative consequences is a part of life. But before you can manage risks, you must first understand what they are and determine how to avoid them, starting with those that pose the most harm. This basic concept is at the heart of the risk-based approach in the financial industry.

To move forward and scale with confidence, those in the payments industry must have a firm understanding of what a risk-based approach is and how to successfully implement this strategy. Not only are there many risks out there – bad actors laundering money and running scams – regulators will want to confirm that you have a risk-based strategy in place if issues should arise.

In this blog, we’ll define what a risk-based approach looks like in the payments industry, provide an overview of the essential steps for implementing this type of strategy, and include some key questions to ask when evaluating different risk parameters.

What is a risk-based approach (RBA) in the payments industry?

A risk-based approach is the process of assessing financial crime risks present within the business and determining a set of actions to mitigate and manage those risks. This approach involves applying more enhanced controls to areas where the risks are assessed to be greater and fewer controls where the financial crime risks are considered low.

This is not a one-size-fits-all strategy because every platform, has a unique portfolio of customers within each region, line of business, or product categories. Risk appetite – the level of risk a business is consciously willing to assume to achieve its business objectives – also differs among organizations.

Not only is the RBA approach a regulatory requirement, it’s simply the most efficient method for organizations to mitigate risk.

Establishing processes and protocols that focus resources according to levels of risk allows an organization evaluate anti-money laundering (AML) and combating the financing of terrorism (CFT) compliance more effectively.

This is particularly important given the scale of merchants managed by financial organizations, as well as the potential for risks when handling cross-border transactions, diverse customer profiles, and new and changing products sold online.

5 essential steps for RBA implementation

Implementing a risk-based approach requires these five essential steps, which should be taken in order.

1. Conduct a risk assessment – Understand and identify the types of risk your organization is averse to at the time of the assessment or that they would be averse to when making a change, such as adding a new product line or moving into a new jurisdiction.
2. Gauge risk appetite – Determine your organization’s willingness to accept and manage certain financial risks as part of its business strategy. For example, this could mean your organization has made a conscious decision to take on the risks associated with doing business in a new country.
3. Design a framework – Build a framework that includes processes for mitigating identified risks.
4. Design controls – Customize specific controls within yourprograms that align with your organization’s risk appetite.
5. Ongoing monitoring – Your program should include steps for ongoing monitoring, in addition to steps for mitigating risk at the beginning of the merchant relationship (onboarding).

What to consider and when assessing risk

When implementing a risk-based approach, organizations need to determine which parameters to evaluate.

Here are 5 questions to ask for risk assessment:

1. Customer: Are they an individual, business, or merchant? What is the ownership structure of the business? What is their credit history? Who are their customers?
2. Jurisdiction: Is the entity operating out of a high-risk jurisdiction? Are there sufficient AML controls in place? Is it an area known for shell companies? Which other AML requirements are relevant to this area?
3. Product: What is the type of product? Is it a high-risk line of business? Is it a regulated line of business, possibly requiring licensing? Are there other compliance requirements specific to this product from card brands?
4. Channel: How will payment be received? Face-to-face, digital, mail order, phone? Will the product be delivered immediately, or will it be delayed? Will the product be delivered digitally or physically? Is the buyer an account holder or a guest?
5. Transactions: Are they domestic? Are they cross-border international transactions?

Implementing RBA requires a balancing act

Mitigating risk through a risk-based strategy while also enabling your business to grow and scale requires a balancing act between:

• Prioritizing growth vs. prioritizing compliance
• Customer experience vs. onboarding controls
• Financial inclusion vs. customer risk
• Automation vs. human review
• Ideation vs. realism

This is where EverC can help. Our AI-driven solutions enable organizations to scale risk management with confidence, because they can be customized to align with your risk based approach.