All categories ​ > ​ ​Configuration ​ > ​ ​Smart policies ​ > ​   What are smart policies?

What are smart policies?

Updated 10 months ago by Ainsley

Smart policies determine how profiles are onboarded to products.

Every product on your account has one or two smart policies - one for individuals applying for the product and/or one for companies applying for the product.

Each smart policy specifies which tasks should be added to a profile's application and when, and they determine what the next steps are (e.g. whether the application is approved automatically or requires manual review).

How do smart policies work?

Smart policies are structured as flowcharts. When an application is added to a profile, it begins at the Start of the flow, and follows the path until it reaches an outcome.

When the application reaches a task element, one or more task variants are added to the application. In the example above, the Assess PEPs, sanctions, and adverse media task is added first and the Verify address and Verify identity tasks may be added later.

When the application reaches a branch element, a Yes or No decision is made and the application follows the corresponding Yes or No policy path. For example, with the Is associate branch in the example above, the application takes the Yes path if the individual is a company associate. Otherwise, it takes the No path.

When you build your smart policy, you can add as many task, branch, and outcome elements as you like.

As an example, take a profile who is not an associate. This is what will happen if they make a low risk application to the Forexo Basic product and go through the smart policy flow pictured above:

  1. The application reaches the first task element and the Assess PEPs, sanctions, and adverse media task is added to the application.
  2. The application reaches the Is associate? branch and, because the profile is not an associate, the No path is taken.
  3. The application reaches the second task element and the Verify address and Verify identity tasks are added.
  4. The application reaches the Is low risk? branch and, because the application is low risk, the Yes path is taken.
  5. The application reaches the Automatically approve when all tasks complete outcome. When all three tasks have all passed, the application is approved automatically.
Although your policy can have multiple outcomes when you're using branches, an application will only ever reach one outcome each time it goes through the policy flow.
If the application reaches a branch element and it doesn't have enough information to make a Yes or No decision, it will wait there until the required information is added to the profile.

When is risk calculated?

If you're using the optional Risk module, the smart policy and the application risk calculation begin at the same time, so it's possible for tasks to be added, checks to be run, and the application to be approved before the risk level is determined.

However, if you have a branch for Risk level or Risk score, the application will pause at that branch until the level/score has been determined.

To ensure that all applications must have a risk level or risk score before they can be approved, include a branch for Risk level or Risk score.

When is an application re-evaluated against the smart policy?

An application is re-evaluated against the smart policy any time there's a change to something that might affect the decisions in the policy.

For example, the following changes cause the application to be re-evaluated:

  1. Profile detail change (e.g. updates the address).
  2. A time-based detail changes that affect a branch (e.g. Age is a branch property and the individual's birthday is reached or Years since incorporation is a branch property and the company's incorporation date is reached).
  3. The risk level changes.
  4. A user approves an escalation.
  5. New results returned from ongoing monitoring (e.g. a new match is discovered for the PEPs and sanctions screening or Merchant fraud check, or a new associate is discovered with the Company data check).
  6. A task expires.
  7. A decision to cancel or reject the application is reverted.

This keeps the application up to date with your latest compliance requirements. If, for example, the latest version of the policy includes a new task, that task will be added to the application when it's re-evaluated.

The application always goes back to Start, even if it didn't complete the initial flow (e.g. it was stuck at a branch because more data was required). Applications never start in the middle of a smart policy.

Tasks are not added a second time.

For example, take the low risk application to the Forexo Basic product described in the example above. If the application is re-assessed as high risk, this is what will happen:

  1. The application reaches the first task element. Because it already has the Assess PEPs, sanctions, and adverse media task, no action is taken.
  2. The application reaches the Is associate? branch and, because the profile is not an associate, the No branch is taken.
  3. The application reaches the second task element. Because it already has the Verify address and Verify identity tasks, no action is taken.
  4. The application reaches the Is low risk? branch and, because the profile is high risk, the No branch is taken.
  5. The application reaches the Is medium risk? branch and, because the profile is high risk, the No branch is taken.
  6. The application reaches the Escalate approval to teams outcome. A member of the Forexo Basic team must now manually review the application.
The application is not re-evaluated when changes are made to the policy itself or when changes are made to the task, check, or data provider configurations.
The application is not re-evaluated when changes are made to the profile or application that will not affect the policy decisions (e.g. a task is uncompleted manually or a new comment is added to the profile's Conversations).
Time-based detail changes (age and years since incorporation) took effect for new applications on 11 January 2021.

Applications created before this date will not be re-evaluated until the applicant's next birthday or date of incorporation is reached after 28 January 2021. For example, if an individual's birthday is 27 January (and their application was created prior to 11 January 2021), the next time the application will be re-evaluated for age is 27 January 2022. If their birthday is 1 February, the next time their application will be re-evaluated is 1 February 2021.

Note that their applications may be re-evaluated before this time for different reasons (e.g. risk level changes).
If the latest version of the smart policy has had a task removed, the task will be removed from the application when the profile is re-evaluated against the policy. However, the task will still be displayed on the profile if you view All tasks.

How can I see my smart policies?

To see your smart policies, log into the Portal and go to Policy Builder > Smart policies. The names of all your smart policies are displayed. Click a policy name to view it.

If you'd like to make any changes to your policy, contact your Customer Success Manager or email us at support@passfort.com.

You can only see the Policy Builder if you have Read-only access for the Smart policies permission. If you think you should have this permission but you don't, contact the administrator of your account.
If any changes are made to your smart policy, they'll only be applied to existing applications that restart the flow and new applications.

How did we do?

Powered by HelpDocs (opens in a new tab)