Application risk
With Passfort's Risk module, you can determine the risk that a profile's product application poses to your company.
Contact us to find out how to get started with the Risk module.
How risk is determined
When a profile starts a new product application, the risk model for that product is applied to the profile.
Every risk model includes two things:
Risk factors: A risk factor is some detail about the profile that can influence the risk to your organization, for example, an individual's age, nationality, or PEPs matches. Each risk factor is assigned a score that shows how significant that factor is to the overall risk; the higher the score, the greater the risk. Any risk factor can be required or optional.
Risk levels: A risk level indicates the overall risk the application poses to your company: Low risk, Medium risk, or High risk. Each risk level has a range, for example, 0-50. If a product application's total risk score falls within this range, it is assigned this risk level.
When a risk model is applied to a product application, the risk factors are evaluated and a risk level is assigned.
A product application's risk level can change throughout the course of onboarding and monitoring. The risk model is re-applied any time profile details used in the risk model change, for example, when the individual's birthday is reached and their age changes.
Risk models are specific to the profile type, either individual or company. One product may have one risk model for individuals and another for companies. When a risk model is re-applied to a product application, all risk factors in the model are re-evaluated. Learn more About risk factors.
Risk models and product applications
A product application's risk level is displayed:
In the Risk level column on the Profiles page.
On the profile's Application overview page.
In the Risk level section on the profile's page for the product application.
If the risk score can't be calculated, the risk level is undetermined. If the risk level is displayed as Calculating risk, the risk model is still being applied. Note that it may take some time to calculate the risk score, especially in the case of company profiles that have many associates.
Every product application that has a risk model is displayed. The risk level is shown with the product application's name.
If two product applications are using the same risk model, each is still listed separately.
Click on a product application to see the breakdown of the risk level.
The breakdown includes the overall risk score:
This is the cumulative score from every risk factor. It determines which risk level is used for the product application.
The risk level thresholds are also displayed, so you can see exactly which threshold the overall risk score falls into and which risk level is applied.
In this example, the overall risk score is 50, which means the product application falls into the 50-99 threshold of Medium risk.
You can also see every risk factor in the risk model:
Risk factors can be combined into one of the following groups:
Max of factors: The highest single risk score is used.
Min of factors: The lowest single risk score is used.
Average of factors: The mean risk score is used.
Sum of factors: The sum of all risk scores is used.
Select the name of a risk factor group to see which risk factors are included. In the example shown in the screenshot, there is a risk factor group named Country risk factors, which takes the highest single score in the group.
If the risk factor must be evaluated before the risk score can be determined, it's marked Required. Otherwise, the risk score is optional and is only used for the overall risk score if the relevant information is in the profile.
The Value shows what information the profile has for that risk factor. The value is displayed as -- if the profile has no information. Risk factor groups always display --.
Action enables you to edit the profile information for that risk factor. To edit the information, select the Edit button. If the result of a check determines the value for the factor, for example, PEPs matches, you can't directly edit the information, and the action is displayed as --. Risk factor groups always display --.
The Score displays the risk score for that risk factor or risk factor group. This score is added to the product application's overall risk score. If there is no value for a risk factor, the default score is applied. If no default value is specified in the policy configuration, the score for risk factors with no value is Undetermined. Risk factors with an Undetermined score are not included when calculating the overall or group risk score.
Associate risk scores are calculated differently from product application risk scores. For associate risk factor calculations, see Associate risk score calculation.
Undetermined risk
If the risk level is Undetermined risk, the risk score cannot be calculated because at least one required risk factor does not have a value.
To learn which risk factors are missing, go to the profile's Application risk scores and select the product application with Undetermined risk.
Each time a value is added for a risk factor, the risk score is recalculated.