Application risk
With PassFort's Risk module, you can determine the risk that a profile's application poses to your company.
How risk is determined
When a profile starts a new product application, the risk model for that product is applied to the profile.
Every risk model includes two things:
- Risk factors: A risk factor is some detail about the profile that can influence the risk to your organisation (e.g. an individual's age, nationality, or PEPs matches). Each risk factor is assigned a score that shows how significant that factor is to the overall risk; the higher the score, the greater the risk. Any risk factor can be required or optional.
- Risk levels: A risk level indicates the overall risk the application poses to your company (e.g. Low risk, Medium risk, High risk). Each risk level has a range (e.g. 0-50), and if an application's total risk score falls within this range, the application will be assigned this risk level.
When a risk model is applied to an application, the risk factors are evaluated and a risk level is assigned.
An application's risk level can change throughout the course of onboarding and monitoring. The risk model is re-applied any time profile details used in the risk model change (e.g. the individual's birthday is reached, so the age changes).
See the risk of an application
The application's risk level is displayed:
- Next to its name in the Profiles list.
- Next to its name on the profile's Application overview page.
- Under Risk level on the profile's page for the application.

To learn more about how the risk level was determined, go to the profile's Application risk scores.
Every application that has a risk model is displayed. The risk level appears next to the application's name.
Click an application to see the breakdown of the risk level.

At the top of this breakdown, you'll see the overall risk score.

This is the cumulative score from every risk factor. It's used to determine which risk level is used for the application.
The risk level thresholds are displayed as well, so you can see exactly which threshold the overall risk score falls into and, therefore, which risk level is applied.
In the example above, the overall risk score is 50, which means the application falls into the 50-99 threshold of Medium risk.
Beneath that, you can see every risk factor in the risk model.

If the risk factor must be evaluated before the risk score can be determined, it's marked Required. Otherwise, the risk score is optional and will only be used for the overall risk score if the relevant information is in the profile.
The Value shows what information the profile has for that risk factor. If the profile does not have information, the value is displayed as --. Risk factor groups always display --.
Action enables you to edit the profile information for that risk factor. To edit the information, click the Edit button. If you cannot directly edit the information because the value for the factor is determined by the result of a check (e.g. PEPs matches), the action is displayed as --. Risk factor groups always display --.
The Score displays the risk score for that risk factor or risk factor group. This score is added to the application's overall risk score. If there is no value for the risk factor, the score is Undetermined.
Undetermined risk
If the risk level is Undetermined risk, the risk score could not be calculated because at least 1 required risk factor does not have a value.
To learn which risk factor(s) are missing, go to the profile's Application risk scores and click the application that has Undetermined risk.

For every risk factor marked Required:
- Click the Edit
button. The Edit risk factor dialog is displayed.
- Complete the information.
- Click Update risk factor.
If the risk factor does not have an Edit button, the value of the factor is determined by a check. Go to the relevant task and run the check.
Each time a value is added for a risk factor, the risk score is recalculated.