Risk segmentation by market

1) Why geo-segmentation of risks is needed

Predictive conversion and loss management (declines, CB, WHT).
Routing: Select PSP/method and 3DS strategy by country.
Limits and KYC: dynamic deposit/withdrawal thresholds.
Financial plan: FX estimate, T + N settlements, reserve.
Compliance: control of gray areas, sanctions, high-risk verticals.

2) Risk taxonomy (layers)

1. Regulatory: iGaming resolution, local licenses, domain/application locks.
2. Sanctions/geopolitical: payment restrictions, SDN/OFAC/EU/UK lists.
3. Payment: authorization rates, 3DS/Issuer-behavior, chargeback ratio, refund latency.
4. Antifraud/AML: multiaccounting, bonus abuse, SoF inconsistencies, PEP/sanctions.
5. Payout: corridors, cut-off, returns, provider limits.
6. FX/Treasury: volatility, liquidity, available currency rails.
7. Tax: GGR duty/VAT/GST/WHT exposure and reportable risks.
8. Infrastructure: Internet filters/censorship, PSP blocking, latency, SIM farming.
9. PSP-sustainability: financial health, rolling reserve%, SLA, incident rate.

3) Geo-clustering (sample profiles)

Low-risk/Regulated: high share of domestic cards, predictable GGR mode, stable banks.
Medium-risk/Transitional: mixed basket of methods, volatile FX, episodic locks.
High-risk/Restricted: bans/gray areas, high fraud, weak KYC dock base.
Sanction-sensitive: risks of secondary sanctions, unstable payment corridors.
Cash-dominant: low card penetration, local e-wallets/agents, high risk of chargeback-surrogates (disputes of analogues).

4) Geo-scoring: how to count

4. 1. Risk index'R _ geo '(0-100)

R_geo = 0. 25RegScore + 0. 15Sanctions + 0. 20PayScore + 0. 15FraudAML
+ 0. 10Payout + 0. 10FX + 0. 05Tax

RegScore: resolution status (0 = clear, 100 = inhibit).
Sanctions: Sanctions/Escalation Index.
PayScore: authorization, 3DS-pass, CB ratio, fee-burden.
FraudAML: velocity, device-clustering, PEP/sank hits, SoF failure.
Payout: return rate, avg-ETA, provider failures.
FX: PSP volatility/spread.
Tax: WHT/VAT complexity/risk.

4. 2. Classes

A (0-25): standard limits, soft 3DS, standard tariffs.
B (26-50): enhanced KYC L2, ↓ limits, strict 3DS, preferred PSP.
C (51-75): KYC L3 + SoF, cap deposits, deferred repayments, white methods.
D (76-100): traffic block/free-to-play only/frozen payouts.

5) Risk class policies

6) Feature set

Payments: AR/DR by methods, soft-decline share, 3DS step-up, CB/Liability shift.
Fraud/AML: device-graph, geovelocity, proxy/VPN, BIN-geo mismatch, SoF/Docs pass-rate.
Payout: refusal/return, SLA providers, share same-method.
FX: spread_bps vs reference, open-position, slippage.
Tax/Legal: GGR mode, VAT/GST applicability, WHT by partner.
Sanctions/Infra: DNS/ISP blocks, payment bans, CDN blocks.
PSP health: incidents/month, reserve%, funding delays.

7) Data scheme (minimum)

ref. country_risk_factors (
iso2 PK, reg_status, sanctions_idx, ggr_mode, vat_mode, wht_mode,
psp_availability_score, payout_corridors, fx_vol_idx, notes, effective_from, effective_to
)

risk. geo_metrics_daily (
d, iso2,
auth_rate, cb_ratio, refund_rate, three_ds_pass, decline_soft_share,
payout_return_rate, payout_eta_hours,
aml_alerts, pep_hits, sof_fail_rate,
fx_spread_bps, fx_volatility_bps,
psp_incidents
)

risk. geo_score_daily (
d, iso2, reg_score, sanctions, pay_score, fraud_aml, payout, fx, tax, r_geo, class
)

policy. geo_controls (
iso2, class, max_deposit, max_withdrawal, kyc_level, sof_required,
bonus_policy, methods_whitelist, routing_psp, withdrawal_t_plus
)

8) Process (ETL/orchestration)

1. Ingest of payment and fraud events → aggregation in 'geo _ metrics _ daily'.
2. Join with'country _ risk _ factors' → 'r _ geo'calculation and class assignment.
3. Render'policy. geo_controls' → push to the gateway/Antifraud/KYC/Payment Router.
4. Alert monitoring and recalculation during events (sanctions, regulatory updates, PSP incidents).

9) SQL templates

9. 1. Geo scoring calculation

sql
INSERT INTO risk. geo_score_daily (d, iso2, reg_score, sanctions, pay_score, fraud_aml, payout, fx, tax, r_geo, class)
SELECT m. d, m. iso2,
r. reg_status    AS reg_score,
r. sanctions_idx  AS sanctions,
50(1 - m. auth_rate) + 50m. cb_ratio         AS pay_score,
40m. aml_alerts + 60m. sof_fail_rate         AS fraud_aml,
40m. payout_return_rate + 60(m. payout_eta_hours/72) AS payout,
0. 8m. fx_spread_bps + 0. 2m. fx_volatility_bps    AS fx,
CASE WHEN r. vat_mode='COMPLEX' OR r. wht_mode='HIGH' THEN 60 ELSE 20 END AS tax,
NULL, NULL
FROM risk. geo_metrics_daily m
JOIN ref. country_risk_factors r USING (iso2, / optionally date window /);

9. 2. Classification by thresholds

sql
UPDATE risk. geo_score_daily
SET r_geo = 0. 25reg_score + 0. 15sanctions + 0. 20pay_score + 0. 15fraud_aml
+ 0. 10payout + 0. 10fx + 0. 05tax,
class = CASE
WHEN r_geo <= 25 THEN 'A'
WHEN r_geo <= 50 THEN 'B'
WHEN r_geo <= 75 THEN 'C'
ELSE 'D'
END
WHERE d BETWEEN:from AND:to;

9. 3. Policy generation

sql
INSERT INTO policy. geo_controls (iso2, class, max_deposit, max_withdrawal, kyc_level, sof_required, bonus_policy, methods_whitelist, routing_psp, withdrawal_t_plus)
SELECT s. iso2, s. class,
CASE s. class WHEN 'A' THEN 1. 00 WHEN 'B' THEN 0. 75 WHEN 'C' THEN 0. 40 ELSE 0 END:base_deposit AS max_deposit,
CASE s. class WHEN 'A' THEN 1. 00 WHEN 'B' THEN 0. 70 WHEN 'C' THEN 0. 30 ELSE 0 END:base_withdrawal,
CASE s. class WHEN 'A' THEN 'L1' WHEN 'B' THEN 'L2' WHEN 'C' THEN 'L3' ELSE 'BLOCK' END,
(s. class IN ('C')) AS sof_required,
CASE s. class WHEN 'A' THEN 'FULL' WHEN 'B' THEN 'LIMITED' WHEN 'C' THEN 'OFF' ELSE 'OFF' END,
CASE s. class WHEN 'A' THEN '{all}' WHEN 'B' THEN '{white_list}' WHEN 'C' THEN '{low_risk}' ELSE '{none}' END,
CASE s. class WHEN 'A' THEN 'psp_primary' WHEN 'B' THEN 'psp_primary,psp_backup' WHEN 'C' THEN 'psp_lowrisk' ELSE '' END,
CASE s. class WHEN 'A' THEN 'T+0' WHEN 'B' THEN 'T+1' WHEN 'C' THEN 'T+3' ELSE '' END;

10) Dashboards and KPIs

Geo Risk Heatmap: 'r _ geo', class, trends 7/30/90.
Payments by Class: AR/DR, CB, take-rate, 3DS pass.
Payout Health: Returns, ETA, Sank Blocks, Corridors Uptime.
AML/Fraud: alerts/to players, SoF pass-rate, device-clusters.
FX Exposure: spread, open-position, realized/unrealized.
Regulatory Timeline: events/sanctions/blocking vs metrics.

11) Alerts and thresholds

Class jump (B→C or C→D): instant policy tightening and reroute.
CB spike: growth> X bps w/w in class/country.
Payout corridor down: provider failure> Y% or SLA breach.
Sanctions update: new list/jurisdiction - auto-frieze.
FX slippage: bps threshold exceeded by country of methods.
SoF/KYC failure: series of failures> threshold in GEO-segment.

12) Application in Payment Architecture

Smart-routing: map (GEO × BIN × method × class) → selection of PSP/3DS/modulating rules.
Limits/bonuses: dynamic thresholds and disabling bonuses in C/D.
Payout-policy: same-method, deferred payments and additional checks.
Pricing: MDR/markup surcharges in high-risk segments, IC++ and transparent FX requirement.
Treasury: pre-funding in the right currency/corridor, hedge.

13) Best practices (short)

1. Separate metrics (past) and policies (future): scoring → action.
2. Version scoring formulas and weights ('r _ geo _ v1/v2').
3. Implement PSP/method routing AB tests at GEO level.
4. Whitelisting methods and forced 3DS for C/D.
5. Keep evidence on sanctions/regulation and automatic kill-switch.
6. Do post-incident review and feedback on scoring weights.
7. Consider DST/timezones for cut-off/settlement and posting periods.

14) Implementation checklist

• Directory'country _ risk _ factors' with validity periods.
• Pipeline 'geo _ metrics _ daily' (payments, AML, payouts, FX, PSP incidents).
• Calculator'r _ geo '+ versions and A/B control.
• Generating'policy. geo_controls' and delivery to the gateway/fraud/CCL.
• Heatmap dashboards + class race alerts and key metrics.
• Emergency "freeze/reroute" procedures by country.
• Documentation: Class and Escalation Action Matrix.

Summary

Risk segmentation by market is a constant cycle: collect metrics → calculate scoring → issue policies → monitor and adjust. A clear data model, geo-scoring with versioning and automatic delivery of policies to the payment loop provide controlled conversion, reduce losses and ensure compliance with compliance and regulatory requirements.