Compliance has traditionally focused on preventive controls. From your investigative experience across multiple jurisdictions, why has effective detection become the critical factor in today’s financial crime landscape?
Preventive controls are important; they lay the foundation of any compliance programme. But they’re designed for yesterday’s threats. In practice, the most significant financial crimes rarely arise from missing policies; they come from the grey areas like blind spots, exceptions, and the nuances of human behaviour.
When we’re called in to investigate, it’s seldom about a policy gap. It’s almost always about missed signals or delays in acting on early warnings. Financial crime is evolving more rapidly than traditional control frameworks can keep pace. Detection is the capability that allows us to respond in real-time, adapting as criminal behaviours shift.
The reality is that financial crime is evolving at a pace that traditional control frameworks simply can’t match. That’s where detection becomes our most critical capability. It’s the only part of our arsenal that operates in real-time, adapting as criminal behaviours change. Shifting focus from a check-the-box mindset to real-time detection changes the game. It forces us to ask the question: “What is really happening in our systems and among our people?” That perspective shortens the lifecycle of fraud, limits losses, and safeguards both reputation and regulatory trust.
Financial crime is now fast, digital, and more transnational than ever. How are compliance and investigations teams evolving their methodologies to keep pace with threats that move across borders, entities, and data sources almost instantaneously?
What we’re seeing is a paradigm change in the way compliance and investigations function. The traditional static, tick-the-box audit is no longer adequate, because risk is not static, it’s ongoing and it’s not something you look at when the audit cycle comes around again.
Today, teams are integrating structured and unstructured data, Open Source Intelligence (OSINT), and local intelligence to create an inclusive, human-focused risk profile. International investigations are now complex investigations mapping, tracing beneficial ownership, and analysing patterns of jurisdictions.
It requires an interdisciplinary effort among the teams for compliance, forensics, cyber, legal, and intelligence. Then, too, speed is paramount because intelligence is, in effect, stale when it is late.
Historically, compliance and investigations operated in silos. How important is the convergence between these two functions, and what does an efficient intelligence-led compliance model look like in practice?
Silos between compliance and investigations are silent risk multipliers. They create delays, duplicate effort, and breed mistrust. When functions operate in isolation, the instinct is often to second-guess or test each other’s findings rather than to collaborate, stifling progress, and leaving organisations exposed.
The most effective models I’ve seen are built on a foundation of open, transparent, and continuous communication. This means joint hypothesis forming, shared access to data, and aligned protocols for escalation and decision-making. In this model, compliance isn’t just about auditing investigations, and investigations aren’t about treating compliance alerts as foregone conclusions.
An intelligence-led model lets both functions operate in concert, driving faster, evidence-backed resolutions. The ultimate goal is to obtain speed with integrity, resolving matters quickly while upholding fairness, credibility, and trust.
Many of the most damaging cases for organisations involve insider threats, conflicts of interest, or governance failures. How can compliance teams better identify and manage these often more subtle threats and risks?
Issues related to insider threats and conflict of interest cannot be addressed by a simple check-box policy or a first-level review. While personal compliance can serve as a starting point, it is not a component you should have alone in your control framework, especially where you have an executive with a high degree of discretion and revenue-generating authority. This is where the risk is.
A generic code of conflict of interest is not sufficient. Enterprises must have a multi-tiered risk-based model that is more suited to the complexity inherent in the types and amounts of decision-making authority and potential exposure. This is necessary for everything from contract choice and billing approval, right through to price judgments and internal exposure to highly confidential information about clients. We have to examine third-party risk in the context and complexity of internal risk exposure.
High-volume payment sources and influential third-party risk vendors are equally likely to become black holes or hard-to-detect exposures. A more sophisticated risk governance framework, involving behaviour, relationships, transaction activity, and level and type of system access, must go far beyond the more straightforward disclosure requirements.
Monitoring, not intermittent examination, is the future path for new risk governance. A greater emphasis and focus on layered and sophisticated risk monitoring, and not as an expense but as an ROI – measured instead in the potential number of conflicts avoided and potential fraud schemes not perpetrated.
With investigations increasingly spanning multiple legal systems and regulatory regimes, how should organisations rethink compliance to account for jurisdictional risk, enforcement cooperation, and extraterritorial exposure? What are firms still underestimating?
Cross-border financial crime drives home a critical truth: compliance and investigations can no longer afford to operate in separate silos. While ‘what‘ is the nature of the risks, through the prism of compliance, the function of investigation provides insight into the crucial ‘how,’ ways and means through which risks move, often outside their defined contours through informal, shared channels.
Again and again, we recognise that the presence of one tenuous link, whether it is jurisdiction, third-party, or subsidiary, can mean parallel investigations for multiple regulators simultaneously. Jurisdiction risk is more than the presence of certain laws on the books. Rather, it is the strength of enforcement, cooperation between jurisdictions, and the sharing of information, which are important factors.
Organisations often underestimate the extent to which evidence standards, information restrictions, or privacy laws may differ. There has to be a move from country-by-country thinking in terms of compliance to a group-wide intelligence approach, and this has to be based on investigative insights.
The most effective organisations are those that integrate the design of their compliance functions to be investigation-ready, and this is done by creating protocols and evidence preservation strategies. The role of these functions is to provide intelligence in its first line, and investigations are involved in its validation and responses, as they are most effective when done simultaneously.
Advanced analytics and technology are transforming detection, but investigations ultimately rely on professional judgment. How should organisations balance the two when assessing potential financial crime?
Technology is a necessary tool in the fight against financial crime, yet it is never going to be a replacement for human judgment. Algorithms are powerful for finding patterns at scale, but they don’t understand intent, context, or motive.
That’s where experienced investigators enter. Every tool we use is designed by humans, usually trained on historical data, and influenced by underlying assumptions. If not carefully overseen, these tools can just as well amplify our blind spots as reduce them.
Discipline is where the real strength lies in collaboration among continuous technology advancement and human expertise. Technology can help us narrow the universe of risk, but ultimately, it’s people who have to decide the outcome. What organisations need is investment, not only in the latest technology, but also skilled professionals who know how, when, and why to use it. At the end of the day, accountability always rests with humans, not machines.
Do you see compliance evolving from a defensive control function into more of a strategic intelligence capability? What mindset shifts are required at the board and leadership level to make that transition effective in combating financial crime?
Indeed, the trend of compliance evolving from a defensive box-ticking function to a strategic intelligence capability is not just a fad; this is necessary. At its best, a modern compliance function is continuously sensing risk, interpreting weak signals, and providing leadership with the insights they need to make informed decisions before issues escalate into crises.
Operationally, that means alerting to the early signs of misconduct, data misuse, or control breakdowns. In terms of governance, this is about uncovering systemic vulnerabilities that demand structural fixes, not temporary patches. Strategically, it’s to help leadership anticipate regulatory shifts, emerging crime typologies, cross-border exposure, and reputational threats.
This transition does demand a fundamental mindset shift at the board and leadership levels. Compliance can no longer be perceived as a cost centre or some sort of post-facto assurance exercise. It requires leaders who will act on early warnings and not wait for confirmed breaches. Boards need to ask sharper, more forward-looking questions about risk trajectories and be prepared to invest in continuous monitoring and intelligence capabilities. When compliance is truly embedded into the strategic fabric of an organisation, you move from a reactive posture to a proactive one, and you stop just responding to financial crime and start actively preventing it.
Sagarika Chakraborty is the CEO for India and the Gulf, and the Global Head of Investigations at IIRIS Consulting, a global risk, security and intelligence advisory firm operating across more than 10 countries with investigative reach in over 150 jurisdictions. She leads the firm’s strategic growth in India and the Middle East, while also heading its multi-jurisdictional investigations practice that supports legal teams, corporates, and financial institutions with evidence-driven clarity in complex matters.
With over 17 years of experience backed by a strong foundation in law and business, Sagarika specialises in cross-border investigations, asset tracing, forensic audits, counter-threat assessments, governance diagnostics and high-stakes due diligence. She has worked with international investigators, regulatory specialists and enforcement partners across India, the UAE, the United Kingdom and the United States, guiding sensitive matters involving financial crime, corporate fraud, conflict-of-interest breaches, regulatory exposure and insider threats. At IIRIS, Sagarika has designed and executed investigative models for national organisations, major banks and investment groups. A recognised industry leader, Sagarika is the recipient of Times 40 Under 40, Asia’s Top 100 Women Leaders, Security Today Top 20 Influencers, and the OSPAS Outstanding Investigator Award for her contributions to fraud detection, governance enhancement, and strategic risk advisory in India and the Gulf. She is also a member of the Royal Society of Arts (FRSA, UK).
Sagarika holds a B.A. LL.B. (Hons.) from National Law University, Jodhpur, and an MBA from the Indian School of Business (ISB). Beyond her corporate mandate, Sagarika is an award-winning author, policy contributor and speaker at global platforms including UNESCO and the What India Thinks Today Summit. She also acts as a visiting faculty with CAFRAL (RBI), National Judicial Academy and Indian School of Business (Hyderabad). She continues to advocate for stronger governance cultures, ethical leadership, youth empowerment and women’s leadership in the risk and security ecosystem.
