Banking relationships
It is of great utility to know with some degree of confidence what are the banking providers of non-banks. Using metrics based on end-user behavior we identify the probable set of banks (upstream or downstream) in the non-bank company' supply chain. Naturally, relationships with some banking facilities (offshore and private banking, sanctioned banks, and so on) will carry its own set of concerns. On the other hand, knowing the regulated counterparty in the relationship should help shorten the time to insight both during pre-deal investigations and forensic reviews.
Metadata
For practical purposes, it is important to have a list of the entities extracted including also data points such as Key contacts, Description, (Services) Keywords, Geographies from which the service is being accessed, among others. At the present we are not using these parameters in the Risk Level calculation, but we are only including those as a way of providing context --yet, these can be applied as part of an enhanced due diligence process to inform the risk assessment (as inputs to background checks, cyber risk exposure reviews, and so on).
Analysis
Risk Levels Case: Payment Gateway Services
To illustrate the approach we analyze a dataset of 18 payment gateway companies (that is, a target company and 17 similar companies). The figure shows the class, unique values, and, distribution plot for risk levels categories and subcategories. In this case, the higher count item corresponds to a majority of higher risk companies in the list.