Risk Monitoring Policy

Last updated: 06 May 2026

This Risk Monitoring Policy describes how PT UNIT GLOBAL SYSTEM monitors transaction flows for fraud, money-laundering, terrorism-financing, sanctions exposure, and policy violations. It supports our obligations under PBI 23/6/2021 (Penyedia Jasa Sistem Pembayaran), Law 8/2010 (UU TPPU) and PPATK regulations, and our internal risk-management framework.

1. Scope

UnitPay applies risk monitoring to every transaction processed through our payment services, end to end: at authorisation, at capture, during settlement, and during withdrawal to merchant bank accounts. Monitoring extends to merchants throughout their relationship with us, not only at onboarding.

The policy applies to all payment rails we support, including cards, virtual accounts, e-wallets, BI-FAST, QRIS, and USDT payouts. It applies equally to test (sandbox) and production environments, although sandbox monitoring is limited to fraud-pattern detection (no sanctions screening of synthetic data).

Monitoring also applies to merchant-cabinet activity (login patterns, configuration changes, withdrawal instructions) so that account-takeover indicators are detected alongside transactional risk. Out-of-scope activity includes purely informational interactions with our public website that do not involve a transaction or a logged-in session.

2. Velocity rules

We apply velocity controls at multiple grain levels to detect abuse, structuring, and burst-fraud patterns. Velocity is measured both in transaction count and in transaction value, with thresholds proportionate to the merchant's risk tier and historical volume profile.

  • Per-card velocity: maximum count and value of attempts per BIN-card-pan in rolling windows of one minute, one hour, and 24 hours.
  • Per-merchant velocity: maximum transactions per merchant in rolling windows; thresholds calibrated to risk tier and historical baseline.
  • Per-customer velocity: maximum transactions per customer email or device fingerprint across merchants.
  • Per-IP velocity: maximum attempts per source IP, with separate ceilings for residential, commercial, and anonymising-proxy IPs.

Threshold breaches trigger one of: soft-block (additional verification required), hard-block (transaction declined and flagged), or velocity-trigger review queue. Merchants do not see velocity-block detail to avoid tipping off attackers; aggregated velocity statistics are visible in the merchant cabinet.

Velocity thresholds are calibrated using a combination of merchant-historical baseline, peer-cohort benchmark, and global tactic-of-the-month adjustments. Recalibration runs at least monthly and additionally on observed pattern shifts; the AML Compliance Officer signs off threshold changes.

3. Sanctions and politically exposed person screening

Every transaction is screened in real time against sanctions and PEP lists through Didit. Lists covered include UN Consolidated, EU Consolidated, OFAC SDN, OFSI, and PPATK domestic list, plus PEP and adverse-media datasets.

Screening latency is targeted at single-digit milliseconds at the authorisation hot path so that compliance does not degrade legitimate customer experience. List updates published by the relevant authority are propagated to the screening service within 24 hours of publication.

A positive sanctions match blocks the transaction and creates a compliance review case. The compliance officer reviews the match for true-positive vs false-positive.

True positives result in transaction permanent block, customer onboarding rejection, and SAR filing where appropriate. False positives are documented with rationale and the customer is allow-listed for the specific list entry that produced the false hit; allow-list entries are reviewed quarterly to ensure they remain valid.

4. Adverse media and ongoing monitoring

Beyond transaction-time screening, Didit provides ongoing monitoring of merchants and high-volume customers. Newly indexed adverse media items, sanctions-list updates, and PEP-status changes are pushed to our compliance review queue daily. The compliance team reviews matches within five working days and escalates true positives to the AML Compliance Officer at compliance@unitpay.net.

Ongoing monitoring scope is risk-tiered: high-risk merchants are monitored continuously; medium-risk monitored monthly; low-risk monitored at six-month review cadence with event-driven re-screen on any material change.

Adverse media findings carry weight in inverse proportion to source quality: tier-1 financial-press reporting (with named author and date) is given more weight than uncorroborated single-source content. Findings that cannot be reasonably corroborated are recorded as informational and do not by themselves drive enforcement action.

Material changes (acquisition, change of director, change of declared business model, listing or delisting, sanction, public regulator action) trigger immediate re-screening regardless of the merchant's standard cadence. Merchants are required by the Service Agreement to notify UnitPay of such changes within 30 days of occurrence.

5. Anomaly and behavioural detection

Statistical models flag deviations from each merchant's baseline transaction profile. Detected anomaly categories include:

  • Sudden volume spikes (more than three standard deviations above 30-day mean).
  • Shifts in geographic concentration of customers or transactions.
  • Abnormal payment-method mix relative to the declared business profile.
  • Atypical refund or chargeback rates relative to peer cohort.
  • Patterns consistent with card testing, transaction laundering, or settlement-account swap fraud.

Flagged anomalies generate an internal alert visible to the merchant in their cabinet, alongside a recommended action. Severe anomalies (high-confidence fraud or laundering signals) place a temporary hold on settlement pending review, typically up to 72 hours.

Model performance is monitored for false-positive and false-negative rates with sample audits performed monthly. Where a merchant is genuinely growing fast, our models adjust to the new baseline within a documented adaptation window so that legitimate growth is not perpetually flagged as anomalous.

6. Escalation paths

Risk monitoring outcomes follow a defined escalation ladder, applied proportionately to the assessed severity of the underlying signal:

  • Hold pending review: 24 hours typical, up to 72 hours for complex cases. Merchant notified by email and in-cabinet alert.
  • Suspicious Activity Report (SAR): filed with PPATK in line with UU TPPU Article 23 where the AML Compliance Officer determines reasonable suspicion. Merchants are not notified of SAR filings (anti-tipping-off provision).
  • Account suspension: invoked under our Account Suspension and Blocking Rules for sustained or severe risk events.
  • Regulator coordination: cooperation with Bank Indonesia, OJK, and PPATK directives, including production of records under valid legal process.

Escalation decisions are documented with the supporting evidence and the rationale, both for internal accountability and so that, where appropriate, they can be reconstructed for regulator inspection. Where action is taken on the basis of a sanctions list match, the underlying list reference is captured in the case record.

7. Merchant collaboration and visibility

The merchant cabinet provides a Risk Dashboard showing each merchant's chargeback ratio, fraud rate, AML flag count, velocity utilisation, and trend lines. Merchants can self-serve access to weekly summary emails. Merchants are encouraged to report anything anomalous (account takeover indicators, social-engineering attempts) at compliance@unitpay.net.

For audit purposes, merchants can export their transaction-level risk indicators (rule-fired, action-taken) for the most recent 24 months. Older records are available on request through compliance.

UnitPay also publishes typology summaries and merchant-protection guidance at irregular intervals so that merchants can recognise emerging fraud patterns and update their own controls accordingly. Merchants may subscribe to these advisories through the merchant cabinet preferences screen.

Where a merchant believes an automated risk action has been taken in error, the merchant should raise the matter through compliance@unitpay.net with the affected transaction reference. The compliance team reviews the action and the underlying signals, and where the action is found to be in error, restores the affected transaction or settlement and records the correction in the case log.

8. Personal data and lawful basis

Risk monitoring processes personal data on the lawful basis of legal obligation (PBI 23/6/2021, UU TPPU, PPATK directives) and legitimate interest (fraud prevention). The categories of data processed, retention periods, and data subject rights are described in our UU PDP Personal Data Notice.

Categories of personal data processed for risk monitoring include:

  • Transactional metadata (amount, currency, timestamp, merchant identifier, payment instrument hash).
  • Identification data of the transacting customer where supplied by the merchant or the issuing institution.
  • Technical identifiers (IP address, device fingerprint, browser-agent string, session identifier).
  • Screening outputs (sanctions match, PEP match, adverse media match, with the underlying list reference).
  • Adjudication notes and final disposition recorded by the compliance analyst.

Monitoring outputs (rule-fired logs, alert details, SAR working papers) are retained for seven years to support regulatory audit. Access is restricted to compliance and security teams with named-individual approval and is logged and reviewed quarterly.

The right to object to processing under UU PDP Article 12 is qualified by our legal obligations under UU TPPU and PBI 23/6/2021; risk monitoring is a regulatory floor and may not be opted out of for the duration of the merchant relationship.

9. Policy review and governance

This policy is owned by the AML Compliance Officer and reviewed at least annually, or sooner if material regulatory change or risk-event analysis requires. Changes are approved by the board's risk committee and communicated to merchants through this page and through the merchant cabinet.

Independent assurance of the risk-monitoring framework is performed annually by external counsel or qualified third-party assessors. Findings drive a remediation plan tracked to closure by the compliance team.

Performance metrics for the risk-monitoring program (alert volume, true-positive rate, time-to-resolution, escalation outcomes) are reviewed at the quarterly risk-committee meeting alongside trend analysis and peer-benchmark commentary. The metrics inform recalibration of rules and model thresholds for the next quarter.

Effective date: 06 May 2026