16 June 2014 - In the Risk Department we often get asked what are the criteria to accept a certain online merchant? What are the items you base your decision on?
Therefore I guess it’s time to share some of the secret ingredients of the risk kitchen.
In essence there are 3 main categories to which each application is screened.
- Laws, rules & regulations
- The client’s business model & financial risk
- Company policies / reputational risk
Laws, rules & regulations
As with any business, also payment service providers are bound to laws and rules. This is particularly true in GlobalCollect's area of focus - cross-border eCommerce. Country specific laws can reduce the freedom of movement in certain cases, online gambling laws are a good example of this. Further we have to adhere to the specific limitations of our partners. Acquirers have their own policies on what they deem to be acceptable and which business models they don’t have any interest in. Organizations, like the card schemes, also have strict policies on for example boarding requirements, merchant location, merchant setup etc.
Business model & financial risk
As part of the risk assessment, GlobalCollect calculates the financial risk exposure on the client. We look at the financial and business health of the client and we work to ensure that there is sufficient coverage against potential financial losses. The type of business plays an important role in this. An airliner for example has a completely different risk profile compared to a retailer.
In many cases the risk exposure is completely or partially covered by a security measure. Most common security measures are: A bank guarantee, a fixed cash deposit or a so called rolling reserve. With a rolling reserve the cash deposit fluctuates depending on the volumes processed by the client. Which exposure is considered acceptable depends on the risk appetite of GlobalCollect. The margin that is made on a client obviously plays a role in the calculation as well. Sales and Risk in these cases work together to look for the optimal and acceptable balance between risk & reward.
Company specific policies & reputational risk
Even when a prospect complies to all regulations and has solid financials it might still be declined. Service providers have their own internal policies on what they consider to be acceptable. The contents of these policies depend on the strategy followed by the company and has the interest of all stakeholders in mind. GlobalCollect as an USA owned company for example doesn’t conduct any business with entities from Syria. The same goes for processing adult entertainment related websites, although legitimate, this is a business vertical that by company policy isn’t serviced.
A company's risk appetite is not set in stone. The risk appetite evolves over time. As the payment landscape changes new opportunities and threats arise. Changes are made within the company, strategic changes can put the focus on a different or a new business vertical, changes with our partners can open up new opportunities or restrict us in our movements, changes with our clients… All this affects the risks we run and the amount of risk we are comfortable with.
Assessing a risk and accepting it is just one part of the job, once accepted it’s crucial that the risk is also monitored.
Danny van Duivenbooden is Risk Manager for GlobalCollect