Risk Monitoring Framework & Policy

This framework defines how Lobscare (DBA ABHCC) identifies, monitors, manages, and mitigates operational, financial, fraud, technology, and compliance risks across its consulting services and digital platform.

Legal Company Name: Lobscare | DBA: ABHCC (America Best Health Care Consulting) | Website: https://ABHCC.org
Location: Dallas, Texas, United States | Document Owner: Compliance & Operations Department
Effective Date: March 1, 2026 | Version: 1.0 | Review Cycle: Quarterly (Operational Review) | Annual (Full Policy Review)

1. Purpose

This Risk Monitoring Framework defines how Lobscare (operating under the DBA ABHCC) identifies, monitors, manages, and mitigates operational, financial, fraud, technology, and compliance risks across its consulting services and digital platform.

The purpose of this framework is to ensure:

  • Secure and compliant payment processing
  • Prevention of fraud and unauthorized activity
  • Protection of customer, transaction, and system data
  • Operational continuity and service reliability
  • Compliance with payment gateway and banking requirements

2. Scope

This policy applies to all ABHCC systems and operations, including:

  • Website and digital platform (ABHCC.org)
  • Client accounts and administrative users
  • Booking and consultation systems
  • Payment processing systems (Stripe, Paystack, Flutterwave)
  • Refund and wallet management systems
  • Service agreements and digital contracts
  • Customer support and administrative workflows

Out of Scope:

ABHCC does not operate as a Payment Facilitator and does not onboard sub-merchants.

3. Governance & Responsibilities

Role Responsibility
Management / Director Approves framework and reviews risk reports
Operations Team Daily monitoring of transactions and service activity
IT / Technical Team System security, logs, backups, incident response
Compliance Officer KYC verification and regulatory compliance
Customer Support Dispute handling and user verification

Escalation Flow: Support → Operations → Management → Legal / Payment Processor (if required)

4. Risk Categories

4.1 Operational Risk

Risks affecting service delivery or system performance.

Monitored:

  • Failed bookings or service orders
  • Payment confirmation delays
  • System downtime or errors
  • Service fulfillment delays

Controls:

  • Real-time admin dashboard monitoring
  • Automated payment notifications
  • System validation for all bookings
  • Manual review for failed transactions

4.2 Financial & Payment Risk

Risks related to transactions, refunds, and payment anomalies.

Monitored:

  • Duplicate payments
  • Incorrect transaction amounts
  • Refund requests
  • Chargebacks and disputes
  • Manual payment entries

Controls:

  • Secure payment gateway processing (no card storage on ABHCC systems)
  • Transaction verification using unique payment IDs
  • Duplicate payment detection logic
  • Admin approval required for manual payments
  • Controlled refund authorization process

Key Risk Indicators (KRI):

Indicator Threshold Action
Duplicate payments ≥ 1 occurrence/day Manual review
Payment mismatch Any occurrence Investigation
Refund rate > 5% monthly Management review
Failed payments > 10% daily Gateway review

4.3 Fraud & Abuse Risk

Risks from fake accounts, misuse, or unauthorized activity.

Monitored:

  • Suspicious account creation patterns
  • Multiple logins from same IP/device
  • Unauthorized admin access attempts
  • Fraudulent payment or booking behavior

Controls:

  • Secure authentication system (email/password login)
  • Role-based access control (RBAC)
  • Password security enforcement
  • CSRF protection on forms
  • Login session tracking and logging
  • Manual review of high-risk actions

4.4 Technology & Security Risk

Risks related to system security, availability, and data integrity.

Monitored:

  • API misuse or unauthorized requests
  • Failed login attempts
  • Webhook validation failures
  • System error logs

Controls:

  • SSL/TLS encryption for all traffic
  • Secure server infrastructure
  • Database-backed session management
  • Encrypted sensitive data storage
  • Verified payment gateway webhooks
  • Restricted administrative access
  • Regular system backups
  • Full audit logging of system activity

Incident Response Process:

  1. Contain incident (block access or feature)
  2. Investigate logs and transactions
  3. Notify management
  4. Notify users or regulators if legally required

4.5 Compliance & KYC Risk

Risks related to identity verification and regulatory compliance.

Monitored:

  • Client identity verification
  • Business registration details
  • Licensing documentation
  • Compliance submissions

Controls:

  • KYC verification for high-risk transactions
  • Admin review of submitted documents
  • Published legal policies (Privacy, Terms, Refund Policy)
  • Verified contact and business information
  • Merchant onboarding verification procedures

5. Monitoring System

5.1 Automated Monitoring (System-Based)

All records are maintained within the ABHCC internal system and database, including:

  • Payment transactions with unique transaction IDs
  • Booking and service records
  • Refund and wallet activity
  • System error and event logs
  • Audit logs of user and admin actions

5.2 Manual Monitoring (Administrative Dashboard)

Authorized personnel perform daily monitoring through the admin dashboard:

  • Review new orders and bookings
  • Validate manual payments before activation
  • Review refund requests
  • Monitor failed transactions
  • Investigate flagged activities

All administrative actions are automatically logged within the system.

5.3 Periodic Monitoring

  • Monthly risk performance review
  • Quarterly compliance audit review
  • Payment gateway performance assessment
  • Access control and security review

6. Risk Register (Illustrative Sample)

Risk ID Risk Description Likelihood Impact Control Measures Owner Status
R-01 Duplicate payment processing Medium High Transaction validation system Operations Mitigated
R-02 Unauthorized manual payment approval Low High Admin approval workflow Admin Controlled
R-03 Fake account creation Medium Medium Login verification & monitoring Compliance Monitored
R-04 Payment gateway failure Medium High Multi-gateway redundancy IT Controlled
R-05 System security breach Low Critical Encryption & access control IT Mitigated

7. Escalation Matrix

Severity Example Response Time Escalation
Critical Fraud or data breach Immediate Management + IT
High Payment mismatch Same day Operations
Medium Refund dispute 24–48 hours Support Lead
Low Minor system issue Weekly review IT Team

8. Reporting Structure

Report Frequency Recipient Content
Payment Summary Daily Operations Transaction activity
Refund Log Weekly Administration Refund approvals
Risk Report Monthly Management Risk trends
Compliance Review Quarterly Director Full framework review

9. Compliance Evidence

ABHCC maintains internal system-based compliance and audit documentation to support this framework. These records are securely stored and may be provided to acquiring banks, payment processors, or regulatory authorities upon request.

This includes:

  • Transaction and payment records
  • Admin dashboard logs
  • System audit trails
  • Refund and manual payment approvals
  • Legal policies (Terms, Privacy, Refund Policy)
  • Payment gateway configuration summary

All records are stored securely within the internal system database and are accessible only to authorized personnel.

10. Review & Updates

This framework is reviewed:

  • Quarterly for operational effectiveness
  • Annually for full policy updates
  • Immediately after major incidents or system changes

11. Declaration

Lobscare (DBA ABHCC) confirms that:

  • A structured risk monitoring system is implemented
  • Payment and fraud controls are actively enforced
  • System-based audit logging is maintained
  • Compliance and reporting processes are operational

Lobscare (DBA: ABHCC — America Best Health Care Consulting)

Website: https://ABHCC.org

Email: info@abhcc.org

Location: Dallas, Texas, USA