Risk - RASCI View¶
The Risk function at Simpaisa is led by the Chief Revenue Officer (CRO) in their capacity as first-line risk owner, supported by the Compliance/Regulatory Analyst team and Sanctions Screening. Risk owns the customer risk scoring and Enhanced Due Diligence (EDD) steps within the KYC/KYB process, and provides approval authority over disbursement compliance screening. The CRO also holds Accountable designation on the escalation step for sanctions hits, reflecting Risk's role as the final internal decision-maker before regulatory escalation.
Risk is distinct from Compliance: Compliance owns the regulatory submissions and day-to-day screening execution; Risk owns the decisions on whether to proceed with a customer or transaction.
Primary Processes¶
7.8 KYC / KYB - Risk Scoring and EDD¶
Risk (CRO) is Accountable for the risk scoring decision and all Enhanced Due Diligence outcomes. The Compliance Analyst executes the analysis; CRO approves it.
Process Flow
Decision Model (DMN) - Risk Scoring Matrix
| Input | Low Risk | Medium Risk | High Risk |
|---|---|---|---|
| Country risk | Low-risk jurisdiction | Medium-risk jurisdiction | High-risk or sanctioned jurisdiction |
| PEP status | Not a PEP | Related to PEP | PEP |
| Transaction volume | Below USD 50K/month | USD 50K-500K/month | Above USD 500K/month |
| Business type | Regulated entity | Standard commercial | Cash-intensive or high-risk sector |
| Output | Standard CDD | Enhanced monitoring | Enhanced Due Diligence (EDD) required |
Role Key
| Abbreviation | Full Role |
|---|---|
| COO | Chief Operating Officer |
| CFO | Chief Financial Officer |
| CRO | Chief Revenue Officer |
| CISO | Chief Information Security Officer |
| GH-RA | Global Head Regulatory Affairs |
| CH-PK | Country Head Pakistan |
| CH-BDNP | Country Head Bangladesh/Nepal |
| H-Legal | Head of Legal |
| Comp.An | Compliance/Regulatory Analyst |
| San.Scr | Sanctions Screening |
| PM | Product Manager |
| Process Step | COO | CFO | CRO | CISO | GH-RA | CH-PK | CH-BDNP | H-Legal | Comp.An | San.Scr | PM |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 1. Application received | I | - | I | - | I | I | I | - | A | R | I |
| 2. Document collection | - | - | I | - | I | S | S | - | A | R | - |
| 3. Identity verification | - | - | I | C | I | - | - | - | A | R | - |
| 4. Sanctions screening | - | - | C | C | C | - | - | - | S | A | - |
| 5. Risk scoring | - | - | A | - | C | C | C | - | R | S | - |
| 6. EDD (if required) | C | - | A | - | C | C | C | S | R | R | - |
| 7. Approval / rejection | I | I | A | - | C | C | C | C | R | S | I |
| 8. Ongoing monitoring | I | - | A | C | C | S | S | - | R | R | - |
7.9 Sanctions Screening - Escalation Step¶
CRO is Accountable for the escalation-to-compliance step when a sanctions hit is confirmed. This is the point at which a business risk decision is required: proceed with reporting or escalate further.
Process Flow
Role Key
| Abbreviation | Full Role |
|---|---|
| COO | Chief Operating Officer |
| CRO | Chief Revenue Officer |
| CISO | Chief Information Security Officer |
| GH-RA | Global Head Regulatory Affairs |
| H-Legal | Head of Legal |
| H-DevOps | Head of DevOps |
| Comp.An | Compliance/Regulatory Analyst |
| San.Scr | Sanctions Screening |
| DevOps.L | DevOps Lead |
| PM | Product Manager |
| Process Step | COO | CRO | CISO | GH-RA | H-Legal | H-DevOps | Comp.An | San.Scr | DevOps.L | PM |
|---|---|---|---|---|---|---|---|---|---|---|
| 1. Screening trigger (transaction / entity) | I | I | I | - | - | I | I | R | A | I |
| 2. Automated screening (Eastnets) | - | I | C | - | - | S | S | R | A | - |
| 3. Hit / no-hit determination | - | I | - | - | - | - | S | A | S | - |
| 4. False positive review | - | C | - | C | - | - | R | A | - | - |
| 5. Escalation to Compliance | I | A | I | C | C | - | R | R | - | - |
| 6. SAR / STR filing (if required) | I | C | - | A | R | - | R | S | - | - |
| 7. Record keeping | I | C | C | C | A | S | R | R | S | - |
7.4 Pay-Out Disbursements - Compliance Screening¶
CRO is Accountable for the compliance screening gate on all disbursement requests - the point where Risk decides whether a payout can proceed.
Process Flow
| Process Step | CTO | COO | CFO | CISO | CRO | H-Sett | H-Treas | Int.Lead | DevOps.L | H-DevOps | San.Scr | Comp.An | PCP | PM |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2. Compliance screening | - | I | - | - | A | - | - | - | - | S | R | R | - | - |
Supporting Role Summary¶
Risk is Consulted or Informed across all major business processes:
| Process | Domain Owner | Risk Role |
|---|---|---|
| 7.2 Merchant Onboarding | Payments | CRO: I on lead qualification; C on commercial terms and go-live |
| 7.3 Pay-In Processing | Technology / Operations | CRO: C on transaction processing, reconciliation, settlement |
| 7.5 Remittance Corridor Activation | Payments | CRO: C throughout demand assessment, partner identification, and go-live |
| 7.6 Crypto Off-Ramp | Technology | CRO: C on AML screening, FX conversion, reconciliation |
| 7.10 Settlement and Reconciliation | Finance | CRO: C on exception investigation and settlement calculation |
| 7.12 New Market Entry | CEO / Regulatory | CRO: C on market assessment, compliance setup, and go-live |
| 7.13 Product Development | Product | CRO: C on PRD authoring, UAT, and post-launch monitoring |
| 7.14 Financial Reporting | Finance | CRO: C on management accounts; R on board reporting |
| 7.15 Vendor Onboarding | Procurement | CRO: A on due diligence; C on vendor identification, legal agreement, go-live |