Emerging technologies like AI, blockchain, and deepfakes are reshaping the fraud landscape. From your vantage point at a digital-first bank like Monzo, how have these tools changed the nature, scale, or speed of financial crime in recent years? 

These tools have forever changed the fincrime landscape and the nature of fraud in the complexities of their manifestations. Before, we were used to the traditional typologies such as check fraud, investment fraud, advance fee fraud, romance scam, grandparent scam, identity theft, and impersonation fraud among others. However, with the massive adoption of technologies into the financial ecosystem we now have a range of such forms as phishing, vishing, account takeover (ATO), synthetic identity fraud, business email compromise, deepfake fraud, cryptocurrency scam, and many more. 

Now the points of departure from here are in the speed, complexity, scale, and the mimicking abilities which is made possible by the various vulnerabilities in the technologies where-in fraudsters could tap into and compromise the system – making victims of the unsuspecting users. Today, we have in place robust staff training programmes that constantly upscale our skill to keep tabs and even be ahead of fraudsters as they continue to change their tactics using the same innovations. We have tools and mechanisms for multifactor authentication, identity verification, robust machine learning tools that study and decode trends, and other various means of KYC and due diligence to ensure customers and their assets are secure.

How has the shift toward a more decentralised financial ecosystem – marked by the rise of crypto assets, decentralised finance (DeFi) platforms, and tokenised services – challenged traditional notions of jurisdictional regulatory oversight? And where do you see the biggest compliance blind spots? 

The global financial system has experienced a dramatic change in the last decade or so courtesy of the rise in digital currencies. This decentralised financial ecosystem driven by crypto assets, DeFi platforms, and tokenised services has brought about several structural changes and challenges to the traditional banking and money system – stretching the jurisdictional regulatory oversight. The attendant developments challenge core assumptions of financial regulations, which traditionally rely on identifiable entities operating within specific legal jurisdictions. 

For instance, as the name goes,  ‘decentralised’ means there is no central authority in control of these activities. This in my opinion constitutes the major challenge here, hence creating regulatory gaps and ambiguities. 

The anonymity which goes with the digital currency system makes it difficult for regulatory authorities to have a handle on who does what, especially the facilitator and the ultimate beneficiaries. We know that the traditional systems have embedded KYC/CDD/EDD mechanisms that are clearly graduated according to customers’ risk ratings, but this is not the case with the digital world. 

Even though some DeFi protocols may be governed by decentralised autonomous organisations (DAOs) with anonymous or pseudonymous developers and token holders distributed globally, they are limited in content and application hence adding to the challenges. 

More such features of digital assets – such as their velocity and volatility, peer-to-peer payments, immutability and cryptographic security, which means transforming the values with mathematical algorithms into coded texts that can only be accessed with specific private keys – lead to the fragmentation in control and difficulty in enforcing traditional compliance standards, hence the widening regulatory gaps. We also experience more challenges in lack of governance accountability and cross-border enforcement where such platforms could have cross border activities without necessarily having a presence, hence they are difficult to track and regulate. 

It may not be easy to tell which one particular blind spot is the biggest, but decentralisation, which is the core strength of the digital financial ecosystem, remains its core Achilles’ heel and as a consequence can be said to be a major challenge to regulatory compliance. 

As regulators push for real-time monitoring and enhanced reporting, how is the role of compliance professionals evolving – especially in tech-led institutions where innovation drives the business model? 

For compliance professionals to remain relevant and effective, we must constantly upgrade. Because there is an unending pace between innovation and regulation, and in fact in most cases if not all, innovation seems to be winning the race. The reason is simple, you can’t effectively regulate what has not come into existence or is still little known about. 

In order to keep pace with this evolution, the compliance function has adopted some measures to ensure real-time monitoring and reporting of business activities, which include: 

  • Transition from Reactive to Proactive Monitoring: Compliance used to be backward-looking, with an emphasis on after-the-fact reporting and recurring evaluations. However, professionals now have to meet real-time regulatory standards by putting in place ongoing monitoring mechanisms, creating automatic alert systems to flag possible anomalies or breaches, and adopting predictive analytics. 
  • Introducing Tech Fluency in the Compliance Function: To create and execute strong compliance technology solutions, compliance teams are increasingly collaborating with IT and data science departments. To maintain regulatory compliance without limiting innovation, professionals must be knowledgeable about cutting-edge technologies like artificial intelligence (AI), blockchain, and cloud computing. 
  • Embedded Compliance via ‘Compliance by Design’: Rather than being a gatekeeper at the end of a process, compliance is increasingly embedded from the early R&D stage of product development to ensure new features or platforms meet legal obligations from the outset. Leveraging RegTech solutions to build controls directly into the architecture from the beginning helps to ensure real-time monitoring and prompt reporting. 
  • Emphasis on Ethical and Responsible Innovation: The compliance role has evolved into ensuring ethical standards and responsible practices are maintained as tech companies push the envelope in areas like AI, data privacy, and financial innovation. This promotes sustainable growth by assisting in striking a balance between innovation and legal requirements while keeping tabs on real-time activities. 
  • Cross-Functional Collaborator and Strategic Risk Advisor: Since an organisation’s board of directors and senior management set the tone for its ethical climate and general attitude towards compliance, it must be given top priority at the table where these tones are formed in order to guarantee that the organisation’s culture is based on pertinent, prevailing innovations and guiding regulations. They must advocate for ethical innovation, ensuring they align with tech trends, data localisation laws, and digital asset compliance in a manner to ensure adequate risk management. 

The list is endless, but compliance is evolving into a hybrid role that merges law, technology, ethics, and strategy in the effective monitoring of real-time transactions, prompt rendering reports, and acting as both watchdogs and users of responsible innovation. 

Do current AML and KYC frameworks adequately address the complexity of today’s tech-enabled fraud schemes – or are we seeing a growing gap between regulatory design and real-world risk? How should policy makers evolve their approach? 

The current frameworks have made significant strides in establishing fundamental safeguards against traditional financial crime. However, as technology advances rapidly – especially with the proliferation of digital and fintech platforms – these frameworks often struggle to keep pace with the evolving complexity and sophistication of tech-enabled fraud schemes. Some of the reasons for this include the static and paper-based approach, limited use of advanced analytics, poor adoption of digital and non-traditional platforms, regulatory gaps and variabilities, and having a reactive rather than proactive approach. 

In response to these, policy makers have constantly been working to modify existing or develop new measures to cover these gaps. They include:  

  • Shift from Compliance to Intelligence-Driven Risk Management: This involves moving beyond rule-based KYC to dynamic, behaviour-based risk scoring using AI and machine learning and mandating real-time transaction monitoring that adapts to emerging fraud patterns. 
  • Enhanced Cross-Border and Public-Private Data Sharing: Building global interoperable AML/KYC utilities, especially for crypto, fintech, and correspondent banking sectors and developing secure, privacy-preserving protocols for real-time information exchange between regulators, banks, and fintechs.
  • Incentivised Innovation in Compliance: Encouraging regulatory sandboxes and innovation hubs to test and deploy RegTech solutions. Also upgrading some compliance accountability from form-checking to outcome-based measures (e.g. reduction in fraud incidents). 
  • Modernised Legal Definitions and Enforcement Tools: Updating definitions of beneficial ownership, identity, and financial institution to reflect the realities of DAOs, DeFi platforms, and cross-border neobanking. 
  • Technological Empowerment of Regulators: Equipping regulators with technological forensics capabilities, including blockchain analytics and AI-powered anomaly detection. 
  • Adoption of a Tiered, Risk-Based Approach to KYC: Not all customers or transactions pose equal risk – allowing for graduated levels of scrutiny, especially to prevent derisking of marginalised populations. 

While current AML and KYC frameworks provide a foundational baseline, they are not entirely sufficient to fully address the evolving landscape of tech-enabled financial crimes. Policy makers must evolve their strategies by embracing technological innovation, fostering international cooperation, and adopting flexible, risk-based approaches that can adapt swiftly to new threats. Doing so will help bridge the gap between regulatory design and the complex realities of modern financial fraud. 

Fraud methods are increasingly borderless, while regulation is still largely jurisdiction based. In your experience, what are the practical consequences of this mismatch – and how can international regulatory collaboration be improved to better address tech-driven financial crime? 

The growing borderless nature of fraud methods which contrasts with predominantly jurisdiction-specific regulation creates significant practical challenges in combating financial crime. From my experience, these consequences include: 

  • Evasion and Fragmentation: Criminals exploit differences in legal frameworks across countries, shifting operations to jurisdictions with weaker or less enforced regulations. This fragmentation hampers coordinated enforcement efforts and allows fraud schemes to persist or evolve rapidly. 
  • Regulatory Arbitrage: Fraudsters take advantage of gaps between regulatory regimes, employing tactics like transferring funds through countries with lax AML standards or exploiting jurisdictions with limited oversight on emerging financial technologies such as cryptocurrencies and virtual assets. 
  • Delayed Response and Enforcement Gaps: Divergent regulatory timelines and priorities can slow down international cooperation, enabling fraudsters to operate with relative impunity during critical windows of investigation and response. 
  • Increased Complexity and Cost: Financial institutions and regulators face higher compliance costs and operational complexity as they try to monitor, report, and investigate cross-border fraud, often dealing with inconsistent standards and information sharing barriers. 

To better address these challenges, several strategies can be adopted such as: 

  • Harmonisation of Standards: Developing and adopting common international standards, such as those promoted by organisations like FATF, can create a more unified regulatory environment. This includes aligning AML, KYC, and data-sharing protocols. 
  • Enhanced Information Sharing: Establishing secure, real-time information exchange platforms among regulators, law enforcement, and financial institutions across borders can facilitate faster detection and response to emerging threats. 
  • International Frameworks and Agreements: Strengthening multilateral treaties and agreements that facilitate cross-border investigations, asset recovery, and mutual legal assistance can reduce jurisdictional barriers. 
  • Technology and Data Analytics: Leveraging advanced technologies like AI and blockchain can enable better tracking of illicit transactions and identification of fraud patterns across borders. 
  • Capacity Building and Coordination: Investing in training and resources for international cooperation, including joint task forces and coordinated enforcement campaigns, can improve collective resilience against tech-driven financial crime. 

In summary, bridging the gap between borderless fraud methods and jurisdiction-based regulation requires a concerted interjurisdictional effort to harmonise standards, improve information sharing, and leverage technology. This collaborative approach is essential to stay ahead of the increasingly sophisticated and transnational financial crimes. 

Looking to the future, how do you see RegTech and intelligent automation transforming compliance and fraud prevention – what makes these tools truly effective and what should institutions prioritise to stay ahead? 

Looking ahead, RegTech and intelligent automation are poised to revolutionise compliance and fraud prevention by offering enhanced efficiency, accuracy, and real-time insights. These tools become truly effective through their ability to process vast datasets, identify complex patterns indicative of illicit activity, and automate repetitive tasks, freeing up human expertise for more strategic analysis and decision-making. 

For RegTech to maximise its impact, institutions should prioritise several key areas. First, investing in robust data infrastructure is crucial to ensure the quality and accessibility of information that fuels these technologies. This is another way of rethinking compliance as a competitive advantage, not just a cost centre or a tick-the-box exercise for fulfilling all righteousness. 

Second, a focus on integrating RegTech solutions seamlessly within existing systems is vital to avoid data silos and optimise workflows, not leaving behind scalability and flexibility by choosing tools that can evolve with regulatory changes and expanding business needs. 

And third, fostering a culture of continuous learning and adaptation is necessary to keep pace with the rapidly evolving technological landscape and emerging regulatory requirements. This includes upskilling compliance teams to effectively utilise these new tools and fostering collaboration between technology and compliance departments. 

Furthermore, institutions must prioritise the ethical and responsible deployment of AI-powered RegTech. This involves addressing potential biases in algorithms, ensuring data privacy and security, and maintaining transparency in how these tools operate. Regulatory bodies also have a role to play in providing clear guidance and frameworks to facilitate the adoption of these technologies while mitigating potential risks. By strategically embracing RegTech and intelligent automation with a focus on data quality, integration, continuous learning, and ethical considerations, institutions can significantly enhance their compliance and fraud prevention capabilities – and ultimately stay ahead in an increasingly complex and dynamic environment.

Kingsley (Ozor) Ngwuegbu is a Fraud and Financial Crime Investigator at Monzo Bank Ltd, where he plays a key role in safeguarding customers and the business from emerging threats in the digital banking space. With a strong background in compliance, internal control risk management, and financial integrity, he brings a results-driven approach to fighting fraud and mitigating financial crime. Before joining Monzo in the UK, Kingsley served as a Control & Compliance Manager in his home country of Nigeria, where he gained extensive experience in regulatory compliance, anti-money laundering (AML), and know-your-customer (KYC) frameworks across the banking sector. His international perspective and deep understanding of financial systems allow him to tackle fraud from both a global and local lens. He is passionate about leveraging data, technology, and regulatory insight to build safer financial ecosystems. With a commitment to continuous learning and integrity, Kingsley aims to contribute meaningfully to the evolving landscape of digital finance and compliance.