What are smart policies?
Smart policies determine how profiles are onboarded to products.
Every product on your account has one or two smart policies - one for individuals applying for the product and/or one for companies applying for the product.
Each smart policy specifies which tasks should be added to a profile's application and when, and they determine what the next steps are (e.g. whether the application is approved automatically or requires manual review).
How do smart policies work?
Smart policies are structured as flowcharts. When an application is added to a profile, it begins at the Start of the flow, and follows the path until it reaches an outcome.

When the application reaches a task element, one or more task variants are added to the application. In the example above, the Assess PEPs, sanctions, and adverse media task is added first and the Verify address and Verify identity tasks may be added later.
When the application reaches a branch element, a Yes or No decision is made and the application follows the corresponding Yes or No policy path. For example, with the Is associate branch in the example above, the application takes the Yes path if the individual is a company associate. Otherwise, it takes the No path.
When you build your smart policy, you can add as many task, branch, and outcome elements as you like.
As an example, take a profile who is not an associate. This is what will happen if they make a low risk application to the Forexo Basic product and go through the smart policy flow pictured above:
- The application reaches the first task element and the Assess PEPs, sanctions, and adverse media task is added to the application.
- The application reaches the Is associate? branch and, because the profile is not an associate, the No path is taken.
- The application reaches the second task element and the Verify address and Verify identity tasks are added.
- The application reaches the Is low risk? branch and, because the application is low risk, the Yes path is taken.
- The application reaches the Automatically approve when all tasks complete outcome. When all three tasks have all passed, the application is approved automatically.
When is risk calculated?
If you're using the optional Risk module, the smart policy and the application risk calculation begin at the same time, so it's possible for tasks to be added, checks to be run, and the application to be approved before the risk level is determined.
However, if you have a branch for Risk level or Risk score, the application will pause at that branch until the level/score has been determined.
When is an application re-evaluated against the smart policy?
An application is re-evaluated against the smart policy any time there's a change to something that might affect the decisions in the policy.
For example, the following changes cause the application to be re-evaluated:
- Profile detail change (e.g. updates the address).
- A time-based detail changes that affect a branch (e.g. Age is a branch property and the individual's birthday is reached or Years since incorporation is a branch property and the company's incorporation date is reached).
- The risk level changes.
- A user approves an escalation.
- New results returned from ongoing monitoring (e.g. a new match is discovered for the PEPs and sanctions screening or Merchant fraud check, or a new associate is discovered with the Company data check).
- A task expires.
- A decision to cancel or reject the application is reverted.
This keeps the application up to date with your latest compliance requirements. If, for example, the latest version of the policy includes a new task, that task will be added to the application when it's re-evaluated.
The application always goes back to Start, even if it didn't complete the initial flow (e.g. it was stuck at a branch because more data was required). Applications never start in the middle of a smart policy.
Tasks are not added a second time.
For example, take the low risk application to the Forexo Basic product described in the example above. If the application is re-assessed as high risk, this is what will happen:
- The application reaches the first task element. Because it already has the Assess PEPs, sanctions, and adverse media task, no action is taken.
- The application reaches the Is associate? branch and, because the profile is not an associate, the No branch is taken.
- The application reaches the second task element. Because it already has the Verify address and Verify identity tasks, no action is taken.
- The application reaches the Is low risk? branch and, because the profile is high risk, the No branch is taken.
- The application reaches the Is medium risk? branch and, because the profile is high risk, the No branch is taken.
- The application reaches the Escalate approval to teams outcome. A member of the Forexo Basic team must now manually review the application.
How can I see my smart policies?
To see your smart policies, log into the Portal and go to Policy Builder > Smart policies. The names of all your smart policies are displayed. Click a policy name to view it.
If you'd like to make any changes to your policy, contact your Customer Success Manager or email us at support@passfort.com.