8. Customer Risk Matrix¶

The customer risk matrix segments files according to their level of Money Laundering and Terrorism Financing risk, in compliance with FATF recommendations and local regulations.

A well-defined risk matrix facilitates control of the riskiest files without the operational cost of applying intensified monitoring processes to the entire profile database.

Trak.e allows the management of the customer risk matrix within the application. The client risk matrix is implemented through a configurable rule per client.

Adding any number of risk matrix rules is allowed, but at most one can be active.

8.1 Implementation¶

The rule is implemented using the programming language Python. At a general level, the rule takes a profile as a parameter and decides its risk level: low (low), medium (medium), or high (high).

8.1.1 Parameters¶

The available variables are:

• profile: When evaluating a rule, the profile variable is put into the execution context. This variable contains the digital profile that is currently being processesed. All the attributes detailed in the section Digital Profiles are available in this object.
• alerts: When evaluating a rule, the alerts variable is put into the execution context. This variable contains both open and closed alerts of the profile that is currently being processed. The variable is an array where each element is an object representing an alert. All the attributes detailed in the section Alerts are available in this object.
• documents: When evaluating a rule, the documents variable is put into the execution context. This variable contains all the documents currently associated with the profile. The variable is an array where each element is an object representing a document. All the properties detailed in the section Documentation ara available in this object.
• hist_trxs: You can access the history of transactions of the digital profile under this name. The variable is put into the execution context as a pandas.DataFrame. Each row of the DataFrame represents a transactions and the columns of the dataframe are the properties of the transactions (using an underscore as a separator in case of nested properties). You may have an empty history of transactions (no rows and no columns) - if the digital profile does not record transactions

8.1.2 Rule Result¶

The rule must define a variable named RISK_LEVEL whose possible values are 'high', 'medium' or 'low', representing the assessed risk value for the profile.

8.2 Simple example of customer risk matrix¶

Next, the implementation of a simple rule for the calculation of the risk of a profile is defined.

if "pep" in profile.declaration and profile.declaration.pep:
    RISK_LEVEL = "high"
else:
    RISK_LEVEL = "low"

The previous rule, simply, decides the level of risk of a profile based on its declaration of Political Exposed Person (PEP). In other words, the rule will decide that the profile is high risk if the person has been declared a PEP, or low risk otherwise.

8.3 Creating more complicated rules¶

The example rule above used a single factor to determine the risk of a file. A more realistic option is to use various factors to assess the risk of a profile, generating a weighting or scoring which in turn is discretized into a risk level. It may be convenient to modularize each risk factor as a Python function, for example, if one of the risk factors in our matrix is the type of natural/legal person we can write:

def _score_person_type_(p):
    if p.person_type == "natural_person":
        return 50
    if p.person_type == "legal_person":
        return 100
    # Assume worst case in case of missing or corrupted data
    return 100

The we can call this function as one would normally do in python.

score_person_type = _score_person_type_(profile)

Thus, we can define the different risk factors as separate functions and then compute a weighted average:

score_total = (
    score_person_type * 0.1
    + score_activity * 0.2
    + score_seniority * 0.2
    + score_channel * 0.1
    + score_nacionality * 0.1
    + score_pep * 0.1
    + score_product * 0.1
    + score_state * 0.1
)

if score_total <= 30:
    RISK_LEVEL = "low"
elif score_total <= 60:
    RISK_LEVEL = "medium"
else:
    RISK_LEVEL = "high"

8.4 Using lookup tables¶

Suppose that to assign the weighting of the risk factor according to the economic activity we define a mapping between the economic activities of some regulator with an associated risk score. While this can be done simply in Python, it may be convenient to use a lookup table. A lookup table is a comma-separated CSV file, encoded utf-8, representing a key-value dictionary. For example, a valid CSV with some example business activities would be

activity_code,scoring
7,0
12,5
13,10

The CSV file name (without extension) will be used as the lookup table name. If a lookup table with the same name already exists, the previous table will be replaced. Once the lookup table is loaded it can be accessed in any rule as a dictionary. For example, if we upload the example CSV with the name "activity" as a lookup table, then we can implement the 'activity' risk factor as:

def _activity(p):
    # get first activity for the profile
    code = p.activities[0].code
    return activity.get(code, 100) # return 100 if activity not found

8.5 Rule testing¶

Trak.e allows you to test the rule before saving it with any database profile or with an as-needed profile to test edge cases and make sure the rule is correct both syntactically and semantically.

8.6 Name and description¶

The rule is saved with a name, which must be unique. The rule also allows to attach a description in rich text format with which you can save the documentation of the behavior of the risk matrix together with the code that implements it.

8.7 API¶

For technical information on the API to set-up risk scoring, the API documentation is available.