FINTRAIL

🚨 From fraud reviews to safeguarding gap analyses, Q3 was another busy quarter for the FINTRAIL team - helping firms strengthen their defences and stay compliant across a changing regulatory landscape. Here’s a quick look at some of the projects we delivered: 💳 Screening advice for a new cross-border wallet product ⚠️ Assurance review of high-risk verticals for a global payments provider 🛡️ Safeguarding gap analysis for an international payments firm 🕵️♂️ Training on investigations and SAR best practice for banking services teams 🚨 Internal fraud review for an EMI under the new Failure to Prevent Fraud offence 👇 Swipe for the full recap. If your firm is looking to strengthen its controls or needs support in any of these areas, our team would be happy to help.

📊 75% of financial services firms are already using AI in their operations. But how many of you are implementing it effectively? Artificial Intelligence is rapidly reshaping how firms detect and prevent financial crime. The Bank of England recently confirmed that 𝟳𝟱% 𝗼𝗳 𝗳𝗶𝗿𝗺𝘀 𝗻𝗼𝘄 𝘂𝘀𝗲 𝗔𝗜 𝗶𝗻 𝘀𝗼𝗺𝗲 𝗳𝗼𝗿𝗺 – and among our FinTech FinCrime Exchange (FFE) members, 𝟴𝟬% 𝗵𝗮𝘃𝗲 𝗲𝗶𝘁𝗵𝗲𝗿 𝗱𝗲𝗽𝗹𝗼𝘆𝗲𝗱 𝗔𝗜 𝗼𝗿 𝗮𝗿𝗲 𝗮𝗰𝘁𝗶𝘃𝗲𝗹𝘆 𝗰𝗼𝗻𝘀𝗶𝗱𝗲𝗿𝗶𝗻𝗴 𝗶𝘁. Through our audit and advisory work, we’ve seen both sides of this story: ✅ Effective practices — such as introducing AI first in low-risk environments, with strong oversight and human-in-the-loop review. ⚠️ Ineffective practices — such as auto-closing alert features that rely on poorly investigated analyst decisions. As adoption accelerates, firms risk enforcement action where AI is implemented without sufficient governance, explainability, or proportional controls. Drawing on our practical experience, our latest guide sets out: • 6 core standards for responsible AI implementation • The common pitfalls and “danger zones” to avoid • Steps to align innovation with regulatory expectations 🔗 𝗗𝗼𝘄𝗻𝗹𝗼𝗮𝗱 𝗶𝘁 𝗻𝗼𝘄: https://lnkd.in/eTc9dC4V

🎬 What a night! A HUGE thank you to everyone who joined us at REGCAP Nightcap - we hope you enjoyed the show as much as we did. From thought-provoking discussions to gripping stories straight from the field, our incredible speakers and special guests (Sue Mitchell, Graham Barrow, Marta Lia Requeijo, Mei Ling Young, Jim Hammerton) delivered a blockbuster line-up of insights to take away. We loved bringing this event to life and seeing the fincrime community come together for an evening of learning, conversation, and (of course) popcorn. 🍿 A special thanks to our partners at SEON for helping us make the night happen. Until the next screening... 🎟️ See you at FFECON26!

When expanding into new verticals, how can you be sure your anti-financial crime controls are strong enough to keep pace with the risks? In this edition of 𝗔𝗱𝘃𝗶𝘀𝗼𝗿𝘆 𝗶𝗻 𝗔𝗰𝘁𝗶𝗼𝗻, we look at how a global payments firm navigated that question while diversifying into high-risk sectors, and the steps it took to protect its business and reputation. 𝗖𝗵𝗮𝗹𝗹𝗲𝗻𝗴𝗲 𝟮: 𝗘𝗻𝘀𝘂𝗿𝗶𝗻𝗴 𝗬𝗼𝘂𝗿 𝗙𝗿𝗮𝗺𝗲𝘄𝗼𝗿𝗸 𝗖𝗮𝗻 𝗪𝗶𝘁𝗵𝘀𝘁𝗮𝗻𝗱 𝗛𝗶𝗴𝗵-𝗥𝗶𝘀𝗸 𝗚𝗿𝗼𝘄𝘁𝗵 ⚖️ A global payments provider offering embedded cross-border payments was planning to expand into several higher-risk verticals, including gambling and gaming, crypto, content creators, and adult services. The firm needed to understand whether its existing risk appetite and AFC control framework were strong enough to support this expansion while keeping financial crime exposure low. 𝗢𝘂𝗿 𝗮𝗽𝗽𝗿𝗼𝗮𝗰𝗵 Working alongside the client’s compliance and risk teams, the firm’s: • 𝗥𝗶𝘀𝗸 𝗮𝗽𝗽𝗲𝘁𝗶𝘁𝗲 was reviewed to test its adequacy for new verticals • 𝗗𝘂𝗲 𝗱𝗶𝗹𝗶𝗴𝗲𝗻𝗰𝗲 𝗮𝗻𝗱 𝗼𝗻𝗯𝗼𝗮𝗿𝗱𝗶𝗻𝗴 𝗰𝗼𝗻𝘁𝗿𝗼𝗹𝘀 were assessed against financial crime risks specific to each sector • 𝗧𝗵𝗿𝗲𝗮𝘁𝘀 were mapped across money laundering, terrorist financing, fraud, and sanctions The outcome was a refined, more nuanced risk appetite that allowed expansion into new sectors with clarity on where to draw the line; for example, by restricting gaming to closed-loop fund flows, limiting crypto exposure to lower-risk assets, and defining control expectations for content platforms. 𝗧𝗵𝗲 𝗶𝗺𝗽𝗮𝗰𝘁 • A clear view of financial crime risks across each vertical, allowing informed decisions on where and how to expand • A more precise risk appetite statement balancing commercial opportunity with regulatory confidence • Stronger governance around which customer types and flows to onboard • Confidence to engage new markets without compromising compliance integrity In short: 𝗰𝗼𝗻𝘁𝗿𝗼𝗹𝗹𝗲𝗱 𝗴𝗿𝗼𝘄𝘁𝗵, 𝗰𝗹𝗲𝗮𝗿𝗲𝗿 𝗯𝗼𝘂𝗻𝗱𝗮𝗿𝗶𝗲𝘀, and 𝘀𝗺𝗮𝗿𝘁𝗲𝗿 𝗱𝗲𝗰𝗶𝘀𝗶𝗼𝗻-𝗺𝗮𝗸𝗶𝗻𝗴. ------------------------ If your firm is exploring new products or markets, get in touch to find out how we can support you 📩 

During our 𝗦𝗮𝗳𝗲𝗴𝘂𝗮𝗿𝗱𝗶𝗻𝗴 𝗪𝗼𝗿𝗸𝘀𝗵𝗼𝗽 this week, we explored what evolving expectations under CASS 15 and the Supplementary Regime mean in practice; from reconciliations and resolution packs to wind-down planning and safeguarding audits. 𝗞𝗲𝘆 𝘁𝗮𝗸𝗲𝗮𝘄𝗮𝘆𝘀 🔹 Safeguarding remains fundamental to authorisation, regulatory confidence, and customer trust, and therefore to sustainable growth. 🔹 While safeguarding methods aren’t changing, firms must now demonstrate and evidence the effectiveness and accuracy of safeguarding measures through monthly reporting, independent audits, and clear governance. 🔹 Early preparation is essential, particularly for areas such as resolution packs, reconciliations, and wind-down planning ahead of the May 2026 go-live. 📊 Across the live polls, most attendees shared that they’re still in early analysis stages, but recognise that now is the time to act. FINTRAIL is here to support firms to:  ✅ Analyse the new rules and identify control gaps  ✅ Refresh safeguarding frameworks and assurance coverage  ✅ Prepare for audits and regulatory reporting If you’d like to discuss how we can help your firm get safeguarding right, please get in touch 📩 Colin Darby

👇 𝗛𝗼𝘁 𝗼𝗳𝗳 𝘁𝗵𝗲 𝗽𝗿𝗲𝘀𝘀: 𝘁𝗵𝗲 𝗤𝟯 𝗥𝗘𝗚𝗖𝗔𝗣 𝗶𝘀 𝗵𝗲𝗿𝗲 — your quarterly briefing on the most significant financial crime regulatory developments. This edition covers: 🌍 Global – The Wolfsberg Group’s latest statements on the risk-based approach and effective suspicious activity monitoring, and FATF’s updated terrorist financing guidance 🇬🇧 UK – The 2025 National Risk Assessment and new System Priorities, OFSI’s crypto threat assessment, and updates on the Money Laundering Regulations 🇪🇺 Europe – EBA reports on ML/TF risks, SupTech adoption, and AI’s role in AML and fraud detection 💣 Sanctions & Typologies – The return of UN sanctions on Iran, Russia’s ‘shadow fleet’, and FinCEN alerts on sextortion and Chinese money laundering networks ⚖️ Enforcement – From Singapore and France to the Netherlands and the US, a clear message: regulators are sharpening expectations It’s been a quarter defined by sharper risk prioritisation, rising regulatory ambition, and a renewed focus on effectiveness over volume. 📄 𝗗𝗼𝘄𝗻𝗹𝗼𝗮𝗱 the full Q3 REGCAP below and find previous editions on our website. 🗓️ 🎙️ 𝗝𝗼𝗶𝗻 𝘂𝘀 𝗼𝗻 𝟮𝟮 𝗢𝗰𝘁𝗼𝗯𝗲𝗿 𝗮𝘁 𝟮𝗽𝗺 𝗕𝗦𝗧 for our live REGCAP Debrief, where FINTRAIL’s experts will unpack the key developments and what they mean for your firm’s financial crime programme.  🔗 Register via the link in the comments!

We’re launching 𝗔𝗱𝘃𝗶𝘀𝗼𝗿𝘆 𝗶𝗻 𝗔𝗰𝘁𝗶𝗼𝗻 - a new series sharing real examples of how firms are tackling financial crime challenges, and the steps they’re taking to strengthen their frameworks. 𝗖𝗵𝗮𝗹𝗹𝗲𝗻𝗴𝗲 𝟭: 𝗕𝗮𝗹𝗮𝗻𝗰𝗶𝗻𝗴 𝗰𝗼𝗺𝗽𝗹𝗶𝗮𝗻𝗰𝗲 𝗺𝗮𝘁𝘂𝗿𝗶𝘁𝘆 𝘄𝗶𝘁𝗵 𝗴𝗿𝗼𝘄𝘁𝗵 📈 A scaling global payments and open banking firm was seeking to reinforce its anti-financial crime (AFC) framework to meet growing regulatory expectations. With our support, it focused on embedding stronger controls and regulatory confidence into four key areas: customer due diligence, pre-audit assurance, financial crime risk assessments, and fraud controls. 𝗧𝗵𝗲 𝗮𝗽𝗽𝗿𝗼𝗮𝗰𝗵 FINTRAIL provided targeted advisory across multiple workstreams, delivering: • Clear regulatory opinions on customer due diligence obligations • Pre-audit assurance to test and validate AFC controls • Updated financial crime risk assessments to capture evolving threats and exposures • Stronger fraud controls tailored to their business model and risks 𝗧𝗵𝗲 𝗶𝗺𝗽𝗮𝗰𝘁 1. A cohesive, future-ready AFC framework that supports growth 2. Greater confidence ahead of audit and partner reviews 3. Faster identification and mitigation of emerging risks 4. The ability to scale responsibly while maintaining trust with partners and customers In short: 𝘀𝘁𝗿𝗼𝗻𝗴𝗲𝗿 𝗱𝗲𝗳𝗲𝗻𝗰𝗲𝘀, 𝗴𝗿𝗲𝗮𝘁𝗲𝗿 𝗰𝗼𝗻𝗳𝗶𝗱𝗲𝗻𝗰𝗲, and 𝘀𝗺𝗼𝗼𝘁𝗵𝗲𝗿 𝗴𝗿𝗼𝘄𝘁𝗵. ------------------------ Looking to strengthen your own AFC and compliance framework? Get in touch to find out how we can support you 📩 

📢 New Customer Risk Assessment Guide 👇 Designing a customer risk assessment that works in practice is a nuanced task, and many teams fall into similar traps. Here are a few red flags to watch out for: ❌ 𝗢𝘃𝗲𝗿-𝗿𝗲𝗹𝗶𝗮𝗻𝗰𝗲 𝗼𝗻 𝘀𝗶𝗻𝗴𝗹𝗲 𝗿𝗶𝘀𝗸 𝗳𝗮𝗰𝘁𝗼𝗿𝘀 - such as geography or transaction volume, leading to distorted overall ratings. ❌ 𝗟𝗶𝗺𝗶𝘁𝗲𝗱 𝗱𝗼𝗰𝘂𝗺𝗲𝗻𝘁𝗮𝘁𝗶𝗼𝗻 𝗮𝗻𝗱 𝗿𝗮𝘁𝗶𝗼𝗻𝗮𝗹𝗲 - firms often can’t clearly evidence how their CRA methodology was developed or why certain factors were weighted the way they are. ❌ 𝗢𝘂𝘁𝗱𝗮𝘁𝗲𝗱 𝗼𝗿 𝘀𝘁𝗮𝘁𝗶𝗰 𝗺𝗼𝗱𝗲𝗹𝘀 - methodologies not reviewed regularly or failing to capture new risks and behaviours. If any of those sound familiar, our new guide can help. It walks through how to design a CRA that is proportionate, documented, adaptive, and ready for regulatory scrutiny. ➡️ Download it here: https://lnkd.in/eXc9t_w3

🚨 APP Fraud: what the latest PSR dashboard means for fintechs and compliance teams 👇 The PSR has released its first reimbursement dashboard, giving new insight into how firms are handling authorised push payment (APP) fraud under the mandatory reimbursement regime. 𝗞𝗲𝘆 𝘀𝗶𝗴𝗻𝗮𝗹𝘀 𝗳𝗿𝗼𝗺 𝘁𝗵𝗲 𝗱𝗮𝘁𝗮: ‣ Reimbursement volumes are rising: 88% of money lost in scope was reimbursed in the first 9 months (£112m), with a slight increase between Q1 - Q2 2025. ‣ The cost of fraud is shifting from customer to firm: under the mandatory reimbursement regime, firms are now bearing the majority of APP fraud losses. ‣ A small but rising number of claims are out of scope or rejected: while still low, Q2 2025 saw a slight increase in cases not reimbursed due to insufficient caution by the customer, underscoring that reimbursement alone does not remove the need to remain vigilant. 𝗣𝗿𝗲𝘃𝗲𝗻𝘁𝗶𝗼𝗻 𝗶𝘀 𝗯𝗲𝘁𝘁𝗲𝗿 𝘁𝗵𝗮𝗻 𝗰𝘂𝗿𝗲 While the dashboard shows high reimbursement rates, the most sustainable way for firms to manage APP fraud is to prevent it occurring in the first place. FINTRAIL’s experience shows that robust anti-financial crime controls — including customer due diligence, transaction monitoring, customer risk assessments, staff training, and assurance — all play a critical role in reducing exposure and protecting both customers and firms. 𝗪𝗵𝗮𝘁 𝗳𝗶𝗿𝗺𝘀 𝘀𝗵𝗼𝘂𝗹𝗱 𝗯𝗲 𝗮𝘀𝗸𝗶𝗻𝗴 𝘁𝗵𝗲𝗺𝘀𝗲𝗹𝘃𝗲𝘀 𝗻𝗼𝘄: ‣ Are our fraud controls and monitoring sufficient to prevent losses before reimbursement becomes necessary? ‣ Can we evidence that our frameworks, risk assessments, and programme changes are effective and defensible? ‣ Are our staff trained and our policies updated to reflect the current APP fraud landscape? At FINTRAIL, we help firms answer these questions — whether through auditing existing programmes, reviewing and updating fraud processes, or designing training to embed best practice. 👥 If you’d like to talk through what this means for your fraud strategy, get in touch.