Charities and nonprofit organizations have discovered the power of online fundraising; pairing a compelling ask with frictionless payment methods via social media has fueled the growth of this approach. Unfortunately, while legitimate nonprofits have used social media platforms with great success, so have bad actors' intent on siphoning money from well-intended donors.
Our customer is a global social media company that needed to strengthen its ability to guard against these efforts by augmenting its compliance function. The company - operating with a money services business (MSB) license – knew from an internal audit that it needed to address several issues with its in-house payments compliance team to bolster its enhanced due diligence (EDD) process, including its ability to apply a risk rating to charities.
Without a reliable and effective metric to evaluate risk, the social media company was unable to appropriately assess risk when onboarding charitable organizations or conduct the ongoing monitoring required to comply with regulations.
The organization had to take immediate action to meet a resolution target date. Leadership turned to Point B as a trusted partner to develop a new Risk Rating Model (RRM) and remediate audit findings.
We had the opportunity to solve short- and long-term concerns for our customer. The first and most urgent task was to use the audit findings to bring the platform into compliance. This included retroactively calculating risk ratings for 70K+ existing charities.
Our next goal was to establish a scalable EDD process and risk rating framework moving forward. We partnered with the company’s Governance Risk Management team to look at the process holistically and the Data Insights team to enhance automation and maximize efficiency without sacrificing reliability.
We first created a cross-functional team with the necessary skills and decision-making responsibilities, including the Deputy BSA (Bank Secrecy Act) Officer as executive sponsor, Head of Anti-Money Laundering (AML) as business process owner, data scientist and data analyst, change management lead, and compliance subject matter experts. Then, we worked with that team to define work products, timing, and goals to ensure they aligned with regulations and business outcomes.
From there, we quickly created a new Risk Rating Model. As part of this process, we:
Defined the Risk Rating Model’s risk factors and risk scoring rules, then confirmed data sources, calculation methodologies, and data thresholds.
Calculated and assigned risk ratings to existing charities on the platform, confirming data definitions and coordinating analysis of historic donation transactions for re-screening.
Facilitated process design workshops, designed new processes, and tested the new charity onboarding process and ongoing monitoring procedures.
Created a front-end data entry form for compliance analysts to capture non-transactional data inputs and automated the process for collecting transactional data inputs.
Documented all desktop procedures and defined quality-control errors and categories.
Educated managers who then trained compliance analysts on the new processes and tools for risk assessment.
A project of this scope and scale usually requires a timeline of about 8 months. Our team successfully rolled out this new Risk Rating Model and brought the company into compliance in less than a quarter of that time. Without hiring additional analysts, the team prioritized clearing the backlog and shifting their attention to high- and medium-risk nonprofit charities.
Other key highlights
Reduction in EDD case backlog
turnaround to complete risk rating model implementation
Retroactive risk rating calculations