Protect Your Portfolio: The 4 Must-Haves of Risk Monitoring
June 9, 2022
Written by: Darryl Cumming, Director of Product
Portfolio risk monitoring is a necessity for every payment processor, especially now given the recent spike in merchant fraud. In the ever-evolving digital payments landscape, your portfolio’s risk profile is constantly changing. As new threats emerge, regulations tighten in response, leaving payment processors playing catch-up with their compliance.
Effective risk management reduces exposure to these kinds of threats, catching them before payment processors get hit with huge fines, legal action, and/or severe reputational damage. Rigorous risk assessment is even more important than ever as incidents of fraud are on the rise and US authorities step up compliance enforcement in response.
While payment processors should create their own risk management strategies, informed by their specific business needs and appetite for risk, there are some core non-negotiables that should be built into every risk management framework for enhanced fraud protection.
The below safeguards protect your business, your portfolio, your reputation, and your customers. Ignore them at your peril.
The 4 Non-Negotiables of Risk Monitoring
AML compliance, OFAC, & Sanctions Monitoring
The US Office of Foreign Assets Control (OFAC) keeps continually updated sanctions lists of individuals and companies that are prohibited from doing business due to terrorism, money-laundering, and other crimes.
If someone from those lists finds their way into your portfolio, you’ll be liable for hefty fines – not to mention significant damage to your brand. Last year, payment platform Payoneer handed over $1.38 million to OFAC after processing more than 2,000 sanctioned payments. The OFAC determined that Payoneer had “failed to exercise a minimal degree of caution or care for its sanctions compliance obligations.”
This cautionary tale, one of many, should be a reminder to others in the industry that the federal government takes a zero tolerance approach to violations and expects payfacs to meet high standards of risk management and regulatory compliance.
A robust risk management framework therefore has to include regular checks of OFAC sanctions lists to screen all the businesses and beneficial owners in your portfolio. This should be done at least once a month, but ideally more often as the lists can be updated daily.
Mastercard MATCH Monitoring
The Mastercard MATCH list is another vital screening tool that should be on a payment processor’s risk radar.
Compiled by the credit card company, this is a terminated merchant alert system created by the industry, for the industry. Merchants end up on this list if they’ve been terminated from another payment platform or financial institution, so payment acquirers can get a heads up that this merchant has been deemed too risky for others to add to their portfolio.
It’s a good idea to run your entire portfolio against the MATCH list monthly or quarterly to fully protect your business from merchant fraud.
Know Your Customer (KYC) and Know Your Business (KYB) requirements aren’t just a matter of verifying merchants at the onboarding stage.Every time a merchant in your portfolio updates their information, you need to recheck those credentials – with the same level of detail you employed the first time around. Continuous KYC helps weed out merchants likely to commit fraud, particularly Bust Out fraud where a merchant passes the initial onboarding checks, then uses their legitimately-obtained account to process fraudulent transactions and disappears with their ill-gotten gains.
Keeping an eye on what your merchants are up to in the marketplace is essential for fraud prevention and risk reduction. Of course, you can’t see everything they’re doing at any given time but you can scan the media for mentions of lawsuits, negative customer reviews, fraud claims, or other red flags such as the Pandora Papers.For low-risk merchants, these checks can be done at a lower frequency. Higher-risk merchants likely need closer scrutiny with media monitoring at least once a month.
MonitorX – the automated risk management solution
If staying on top of threats to your business feels a bit like plugging a leaky boat, don’t panic. Automated software solutions can help you secure your defenses, quietly patrolling your portfolio in the background as you concentrate on building your business and serving your merchants.
Agreement Express’ monitoring system, MonitorX, allows users to automate time-consuming routine screenings while freeing up their underwriters to deal with items that require closer scrutiny.
Using MonitorX, payment service providers can schedule screenings such as the OFAC sanctions list or Mastercard MATCH list on a frequency that fits your needs and portfolio risk levels. They can also update their merchants’ risk models in real-time, ensuring the highest protection in regards to KYC and KYB compliance.
The innovative risk management software can also perform web crawls to hunt out negative news and provides end-to-end merchant monitoring so you can track patterns across your portfolio and stop fraud before it starts.
This kind of agile approach to risk monitoring helps payment service providers manage their exposure, providing the flexibility necessary to adapt to evolving trends across their portfolio and the industry.
Contact Agreement Express today to see how we can help you protect your assets and keep your portfolio safe from both current and emerging threats.