Risk Profiling

When you should carry out ongoing Due Diligence and how to remediate gaps

The FINTRAIL and Jumio teams have been discussing why regulated businesses are expected to perform ongoing Due Diligence on clients, why it is important to remediate gaps identified, and the approach businesses should consider when performing this remediation.

In this report you will find examples of the different scenarios when you should consider refreshing your Due Diligence. It also highlights why it is important to remediate gaps and how you should seek to operationalise this process.

If you are interested in speaking to the FINTRAIL team about this or any other financial crime topic please get in touch with the team at: contact@fintrail.co.uk

FinTech Approaches to Sanction Regimes

Announcing Expert Working Groups and Topic 1: Sanctions compliance

The FFE have kicked off a series of topical roundtable discussions among industry leaders, with the aim of connecting senior decision makers to discuss their own internal approaches to common challenges. These Expert Working Groups are under Chatham House Rule, with FINTRAIL acting as secretariat to facilitate discussion amongst experts. Thanks to RDC and RUSI, too, for providing expert insights alongside our FinTech experts.

Our first Expert Working Group focused on FinTech approaches to sanctions regimes, and gathered 18 sanctions experts from 8 different FinTech industries. After just two in-depth sessions, we were able to glean insight on best practices that we hope you find useful when benchmarking your own approach. 

As a sneak peek into some of those insights:

  • Around 30% of the FinTechs we spoke with have a sanctions-specific risk assessment to support their risk-based approach, with several more working to create one.

  • Unanimously, Expert Working Group participants are typically using conservative (or even very conservative) fuzzy matching thresholds ranging from 70%-85%, especially compared to industry averages closer to 85%-92%.  

  • C-Suite and board members are increasingly expected to have sight of the Sanctions program and/or Sanctions-specific policies, vs. just the broader Compliance or Anti-Money Laundering program.

Check out the full report for more, and reach out to us at ffe_admin@fintrail.co.uk to share any insights of your own. And be sure to stay tuned for further Expert Working Group insights!

How to conduct Customer Risk Profiling in the Gaming Industry

Regulations and Guidance

As part of the regulated sector within the UK, those in the gambling sector classified as remote or non-remote operators, are required to meet their obligations within the Money Laundering Regulations 2017. One of these requirements is to assess the level of risk a client may represent to the business and apply appropriate due diligence to match that risk. 

The Gambling Commission, in its industry guidance for the prevention of money laundering and combating the financing of terrorism under section 6.2, also highlights the need for operators to perform risk profiling against its customers.  

Paragraph 6.2 from the Gambling Commission’s industry guidance for the prevention of money laundering and combating the financing of terrorism.

What does this mean practically?

Having a clear understanding of the inherent financial crime risk within the business is important. This is likely to be already done through a risk assessment process but when thinking about financial crime in the gambling sector the most prevalent risks are probably fraud or traditional money laundering. 

An example could look like:

A table of financial crime inherent risk ratings with levels for the gambling industry

Once the inherent financial crime risk is understood, it allows for better context of what risks the operator may be exposed to and subsequently what needs to be considered when assessing the risk of the customer. 

Consideration can then be made on the data points used which would initially be obtained through the registration process and any due diligence information collected. Whilst data points like country are still important, given that the key financial crime risk may be fraud, operators may wish to consider additional data points such as the email address, phone number or device to be included.

Now the data points have been established, in line with the inherent financial crime risks, an operator can consider how the scoring itself will work. Whilst you may think a complex risk profiling model is best, that may not be the case as it needs to be scalable, easily modifiable and explainable to the regulators.

Finally once the scoring is complete, ensuring you map the output to your due diligence process is the final step. This will enable an operator to offer a lower friction process for lower risk customers whilst still being able to identify higher risk customers allowing the application of enhanced due diligence. 

Dynamic Model

The profiling of an operator’s customers shouldn’t stop at onboarding though. In order to operate an effective customer risk profiling model which meets the regulatory requirements, mitigates the risk of financial crime and protects customers from harm from a responsible gambling perspective, operators should ensure it is dynamic. This means that rather than just using the data collected at onboarding to assess the customers risk, operators should use data collected from how the customer interacts with the product and also any additional due diligence obtained.  

Responsible Gambling

It is no surprise that some of the more recent fines coming from the Gambling Commission relate to operators failure to protect its customers from a responsible gambling perspective alongside failures to have appropriate controls to guard against money laundering.

In May the Gambling Commission published tighter measures to be implemented by operators, as part of their COVID-19 response, to protect their customers during lockdown. These measures include various points on assessing their clients:

  • Review thresholds and triggers for new customers to reflect the operator’s lack of knowledge of that individual’s play and spend patterns

  • Conduct affordability assessments for individuals picked up by existing or new thresholds and triggers which indicate consumers experiencing harm - limiting or blocking further play until those checks have been concluded and supporting evidence obtained, and;

  • Implement processes that ensure the continual monitoring of their customer base – identifying patterns of play, spend or behaviours have changed in recent weeks.

Responsible gambling has strong links to financial crime with various cases documented being linked to those who were using stolen funds to spend. This means that responsible gambling is an important risk factor to be included within any operator's customer risk profiling model alongside the traditional financial crime risks mentioned above. Data points for consideration could be methods of payment, deposits and behavioural patterns.

If operator’s continue to ineffectively implement custom risk assessment models, and choose to not include a responsible gambling aspect, we can only expect more fines to be issued in the near future for both responsible gambling and money laundering failures.


How to approach creating a new customer risk assessment model

Here are FINTRAIL and TruNarrative’s key takeaways when considering a customer risk profiling model:

  • Understand the inherent risk your customers represent to the business

  • Ensure you select the correct data points unique to your clients and product offering

  • Make sure the risk profiling is dynamic and doesn’t just stop once the customer is onboarded

  • Consider the inclusion of responsible gambling within your customer risk profiling 

  • Marry your due diligence process to your customer risk profiling

  • Take into consideration how you would implement your model using technology providers like TruNarrative to ensure if a players risk or behaviour changes, you get an instant alert and action

If you are interested in speaking to the FINTRAIL team about this or any other financial crime topic please get in touch with the team at: contact@fintrail.co.uk

This article is also available via TruNarrative’s website.