What are smart policies?
Smart policies determine how profiles are onboarded to products.
Every product on your account has one or two smart policies - one for individuals applying for the product and/or one for companies applying for the product.
Each smart policy specifies which tasks should be added to a profile's product application and when, and they determine what the next steps are, for example, whether the product application is approved automatically or requires manual review.
How smart policies work
Smart policies are structured as flowcharts. When a product application is added to a profile, it begins at the start of the flow, and follows the path until it reaches an outcome.
When the product application reaches a task element, one or more task variants are added to it. In the example here, the Assess PEPs, sanctions, and adverse media task is added first and the Verify address and Verify identity tasks may be added later.
When the product application reaches a branch element, a Yes or No decision is made and it follows the corresponding Yes or No policy path. For example, with the Is associate branch in the example here, the product application takes the Yes path if the individual is a company associate. Otherwise, it takes the No path.
When you build your smart policy, you can add as many task, branch, and outcome elements as you like.
As an example, take a profile who is not an associate. This is what happens if they make a low risk product application to the Forexo Basic product and go through the smart policy flow pictured previously:
The product application reaches the first task element and the Assess PEPs, sanctions, and adverse media task is added to it.
The product application reaches the Is associate? branch and, because the profile is not an associate, the No path is taken.
The product application reaches the second task element and the Verify address and Verify identity tasks are added.
The product application reaches the Is low risk? branch and, because the product application is low risk, the Yes path is taken.
The product application reaches the Automatically approve when all tasks complete outcome. When all three tasks have passed, the product application is approved automatically.
Although your policy can have multiple outcomes when you're using branches, a product application will only ever reach one outcome each time it goes through the policy flow.
If the product application reaches a branch element and it doesn't have enough information to make a Yes or No decision, it waits there until the required information is added to the profile.
Calculating risk
If you're using the optional Risk module, the smart policy and the product application risk calculation begin at the same time, so it's possible for tasks to be added, checks to be run, and the product application to be approved before the risk level is determined.
However, if you have a branch for Risk level or Risk score, the product application will pause at that branch until the level/score has been determined.
A product application is re-evaluated against the smart policy any time there's a change to something that might affect the decisions in the policy.
To ensure that all product applications must have a risk level or risk score before they can be approved, include a branch for Risk level or Risk score.
Re-evaluating against the smart policy
A product application is re-evaluated against the smart policy any time there's a change to something that might affect the decisions in the policy.
For example, the following changes cause the product application to be re-evaluated:
Profile detail change, for example, an update to the address.
A time-based detail changes that affect a branch. For example, Age is a branch property and the individual's birthday is reached, or Years since incorporation is a branch property and the company's incorporation date is reached.
The risk level changes.
A user approves an escalation.
New results are returned from ongoing monitoring. For example, a new match is discovered for the PEPs and sanctions screening or Merchant fraud check, or a new associate is discovered with the Company data check.
A task expires.
A decision to cancel or reject the product application is reverted.
This keeps the product application up to date with your latest compliance requirements. If, for example, the latest version of the smart policy includes a new task, that task will be added to the product application when it's re-evaluated.
The product application always goes back to Start, even if it didn't complete the initial flow, for example, it was stuck at a branch because more data was required. Product applications never start in the middle of a smart policy.
Tasks are not added a second time.
For example, take the low-risk product application to the Forexo Basic product described in the example in this topic. If the product application is re-assessed as high-risk, this is what will happen:
The product application reaches the first task element. Because it already has the Assess PEPs, sanctions, and adverse media task, no action is taken.
The product application reaches the Is associate? branch and, because the profile is not an associate, the No branch is taken.
The product application reaches the second task element. Because it already has the Verify address and Verify identity tasks, no action is taken.
The product application reaches the Is low risk? branch and, because the profile is high risk, the No branch is taken.
The product application reaches the Is medium risk? branch and, because the profile is high risk, the No branch is taken.
The product application reaches the Escalate approval to teams outcome. A member of the Forexo Basic team must now manually review the product application.
The product application is not re-evaluated when changes are made to the smart policy itself or when changes are made to the task, check, or data provider configurations.
The product application is not re-evaluated when changes are made to the profile or product application that will not affect the smart policy decisions, for example, a task is uncompleted manually or a new comment is added to the profile's Conversations.
Note
Time-based detail changes (age and years since incorporation) took effect for new product applications on 11 January 2021.
Product applications created before this date will not be re-evaluated until the applicant's next birthday or date of incorporation is reached after 28 January 2021. For example, if an individual's birthday is 27 January, and their product application was created prior to 11 January 2021, the next time it will be re-evaluated for age is 27 January 2022. If their birthday is 1 February, the next time their product application will be re-evaluated is 1 February 2021.
Note that their product applications may be re-evaluated before this time for different reasons, for example, if the risk level changes.
If the latest version of the smart policy has had a task removed, the task will be removed from the product application when the profile is re-evaluated against the smart policy. However, the task will still be displayed on the profile if you view All tasks.
Viewing my smart policies
To see your smart policies, log into the Portal and go to Policy Builder > Smart policies. The names of all your smart policies are displayed. Click a smart policy name to view it.
If you'd like to make any changes to your smart policy, contact your Customer Success Manager or email us at support@passfort.com.
You can only see the Policy Builder if you have Read-only access for the Smart policies permission. If you think you should have this permission but you don't, contact the administrator of your account.
If any changes are made to your smart policy, they'll only be applied to existing product applications that restart the flow and new product applications.