#29 – RegTalks with Maya Braine, FINTRAIL
What’s the secret to building a close-knit community of compliance professionals? Why are banks and Fintechs still struggling with meeting regulatory requirements? Is greater standardisation across company registries on the horizon at all? In the latest episode of RegTalks, we explore these questions and more with Maya Braine, Managing Director of FINTRAIL, who shares her insights gleaned from years of experience in the sector.
Listen and subscribe also on:
Join Know Your Customer’s CEO Claus Christensen for an insightful discussion with FINTRAIL’s Maya Braine, where we discuss:
- Some of the most pressing pain points and knowledge gaps that compliance professionals are currently struggling with
- The current state of standardisation in company registry access and availability of UBO information
- How can diverse voices contribute to creating more effective solutions in fighting financial crime
Maya Braine is the Managing Director and the Head of Insights and Research at FINTRAIL, a global financial crime consultancy with an active presence in the FinTech space. Maya’s background is in enhanced due diligence and investigations, with a focus on the Middle East.
RegTalks is a podcast produced by Margherita Maspero for Know Your Customer.
Get notified directly in your inbox when a new episode of RegTalks is available.
We will use the information you provide on this form to keep in touch with you about company news, industry events and marketing via email. Detailed information on the processing of personal data can be found in our Privacy Statement.
Claus – 0:0:8 Welcome to RegTalks, a podcast dedicated to the latest trends in the world of RegTech, FinTech and financial regulations. My name is Claus Christensen and I’m the CEO and co-founder of award-winning RegTech provider Know Your Customer. Today it’s my great pleasure to welcome Maya Braine as my guest. Maya is the Managing Director and the Head of Insights and Research at FINTRAIL, a global financial crime consultancy with an active presence in the FinTech space. Maya’s background is in enhanced due diligence and investigations with a focus on the Middle East. Maya, thanks so much for being here today.
Maya – 0:0:48 Thank you, Claus. It’s a pleasure to be here.
Claus – 0:0:50 Can you please tell us a bit more about FINTRAIL? When did you launch it and what is its mission?
Maya – 0:0:56 So, as you say, FINTRAIL is an anti-financial crime consultancy and it was founded in 2016 by the two co-founders who’d previously worked in various roles in government and then in big banking. They wanted to move away from the traditional dated approaches to financial crime fighting and move beyond tick-box compliance and try and find ways to introduce more innovation and effectiveness. And they identified that the Fintech sector was ideal for that. At that time, there were a large number of new Fintechs on the scene and existing firms were scaling, becoming more complex. So the founders could see a real need for anti-financial crime support specifically for that sector because a lot of the advice and consultancy services on offer were the same basically as for major banks. It was this very traditional dated view and it also wasn’t drawing on the strengths of the Fintech businesses.
Maya – 0:1:52 Fintechs are obviously digital native, they’re tech-first, data-rich and still young enough that there’s scope to design something that would work right from the beginning. FINTRAIL initially was founded as a Fintech-focused financial crime consultancy, but over time as we’ve grown that has really changed and we now work with a much larger range of firms, including more traditional institutions and larger banks partly because we found we can apply the same approach and same learnings to them that we have gleaned from FinTech clients. We also work quite a lot with the RegTech sector as well. Again, consulting and advisory services and research, aligning their product to market needs and what financial firms are actually looking for. And also training for their in-house teams, so that they really understand what the financial institutions are dealing with what the regulatory requirements are and making sure that their teams are fully aware of that and use all of that.
Claus – 0:2:46 We certainly could have used some of your advice early on in our development. At FINTRAIL you have built a solid community of financial crime and compliance professionals across multiple regions. Can you tell us how did you do that? Because I thought that is interesting and it’s something we missed in the beginning as well.
Maya – 0:3:7 Yeah, I think the community aspect is one of the really exciting things about working at FINTRAIL. The most concrete way that we’ve done that is the FinTech Fin Crime Exchange or the FFE. So that was founded in January 2017so the early days of the company and it’s a network of compliance professionals working for fintechs. It began as a way for those FinTech professionals to share typologies and information on common trends and risks. We were working with one client, they were talking about a recent typology that they’d seen and then we had exactly the same conversation with a different client a few days later and we realised it was probably the same criminal gang using exactly the same approach with these two different UK FinTech firms and thought wouldn’t it be amazing if there was a way for them to share this information? It’s not client data, it’s not sensitive, it’s the typology.
Maya – 0:3:55 And so it began with six firms and there are now over 250 member firms globally. We hold monthly meetups to share typologies and operational discussions. We have an annual conference the next one’s coming up in London in May. We run a podcast series with FFE members. We organise working groups that produce thought leadership pieces or coordinate responses to things like government consultations because the fintechs are obviously much smaller than the banks and they lack some of the established ways of interacting with government bodies or industry bodies. They’re too small to have the leverage and the voice individually, but they can act as an industry group through the FFE through things like joint responses to government consultations. And we also organise socials for all the members to get together and get to know each other and build solid relationships in an informal setting.
Claus – 0:4:47 The communities around KYC and AML are something that we only recently discovered and engaged more with. I have personally learned so much in these past seven years, building our products and engaging with high-tiered clients. It’s natural to give something back and do some teaching, speaking, engaging on social media. I’m impressed you did that from the get-go. So what have you learned? From your point of view, what are some of the most pressing pain points and knowledge gaps that compliance professionals are currently struggling with?
Maya – 0:5:19 It’s not original, but the one thing that comes up in conversations, again and again, is normally about resourcing. That’s the constant pain point that everyone experiences to some degree or another. So not having the time or the staff to do everything that firms want to do in terms of both business-as-usual operations and change management and trying to find ways to make improvements. In terms of a current theme or a current hot topicI think the one thing that stood out in recent conversations in recent meetups is probably around online fraud and identity fraud. That’s a big issue at present. Firms are reporting increasingly sophisticated synthetic identities and counterfeit documents and fraudsters obviously getting better and better at evading controls. So firms are trying to find ways to introduce better controls but then the fraudsters evolve as well. So it’s an arms race, essentially, and it is really hard.
Claus – 0:6:9 Very interesting. We certainly experienced challenges with change management. And I love your other point about that arms race that is probably going on. It’s a bit of an unsettling thought but I sometimes think: “Is there a Black Mirror version of our own firm that does money laundering more than anti-money laundering?”
Maya – 0:6:30 Yeah, I think that quite probably could be.
Claus – 0:6:33 Yeah, you wonder if they have their own conferences…
While tighter AML regulations have been around for a good number of years, the rate of fines and regulatory actions against financial institutions has not slowed down. If we think about Coinbase in the US, Westpac in Hong Kong, Barclays in the UK, it’s not hard to find very recent examples of new investigations and failures. Why do you think banks and fintechs are still struggling with meeting the regulatory requirements?
Maya – 0:7:7 It is a very good question. I suppose one thing that it would be fair to note is that there is a lag. So the fines mostly relate to historic issues, particularly the ones for the larger banks. So they’re not necessarily commenting on the state of play at these banks right now. You know it’s KYC failures from 2010 to 2015for instance. But, having said that, I definitely don’t think it’s the case that the financial institutions now do have their houses in order. For the larger firms with complex operations, I think it’s a case of constant firefighting and again this question of resources and bandwidth. You resolved the most pressing problem the longest backlog the thing the regulator highlighted last time but you don’t have the resources or the time to dig into why that thing went wrong and how to resolve it more holistically. So something else will pop up somewhere in the future. You can fix one part of your KYC onboarding process, for instance, but do you have the resources to conduct a full change program across the whole thing and spot what else could go wrong? Or, if you do, by the time you’ve done that because it’s such a lengthy process, something else has broken down somewhere else. It’s just like whack-a-mole. Just the ability to address all of the problems across operations that are that complex, it’s just so hard.
Claus – 0:8:22 Very true. Just to change tag here, as you know, at Know Your Customer we very much specialise in the digitisation of corporate KYC or the KYB process. One of our key focuses is the automation of company registry access on a global scale. Through this process, we have become increasingly aware of the differences that exist across various jurisdictions when it comes to the availability and reliability of information in the local registry.
Given your background in client intelligence and corporate investigation for major banksI mentioned you’re extremely familiar with these challenges. What are your predictions in this area? Do you think greater standardisation is on the horizon at all?
Maya – 0:9:8 I do love this area. This is where I get very geekily excited. In terms of predictions I do think that, yes, greater standardisation and greater automation is obviously very well underway. There have been really significant changes in a relatively short period of time in this area and that will increase. But it’s probably going to remain quite patchwork. The idea that in X number of years, all countries will have corporate registries which are available online, is a pipe dream. And that doesn’t factor in other things like okay, it may be online, but does it have an API? Can you properly automate it through a global registry? Is the information reliable? Does it cover all the different types of corporate entities? Et cetera, et cetera… There are so many different variables and reasons why this is harder than it looks. But yeah, when I first started, which was a while ago, the whole process was really highly manual.
Maya – 0:10:2 Very dispersed records you had to look up the individual registries. So the world of corporate record aggregators and the associated solutions is really great and it makes it so much easier and having all of the records in one place through tools like Know Your Customer is so useful. Companies don’t want lots of tools. They want one that can pull all that information together for them and automate it to the extent possible. Where you have a complex corporate structure, you’re not having to look up each individual one and jump around to different country registries where a subsidiary is in one country, the parent company somewhere else. The digitisation of KYC for retail customers has probably moved faster and that’s now accepted to standard and there’s been a lot of development in terms of the tools and the tech solutions available to that. But I think there’s still a lot more that can happen in the KYB and the corporate space. Really interesting to see how that does develop.
Claus – 0:10:55 There’s certainly a lot of work still to be done. On the other hand, we can look back and see how much we moved already. Even island states like the Caymans or BVI are now working on their UBO registers and working on making things more public. So there’s hope for the future, certainly.
You have a lot of experience in more interesting regions. So let’s talk for a second about the challenges of conducting KYC and KYB investigations in less digitally advanced jurisdictions. In your experience, do we see changes there as well?
Maya – 0:11:34 I think we do and I’m glad you asked that question because whenever we talk about corporate transparency and the availability of records, the conversation is always heavily slanted towards major markets and developed economies. This probably makes sense given the audience, but it obviously does vary hugely around the world. And it’s also important to note how relevant this is to a really wide range of firms. I think most firms may at some point need to deal with corporate records from other jurisdictions including more challenging jurisdictions. Even if you’re servicing, for instance, UK-based corporate clients, if the directors or shareholders of your clients have corporate interests elsewhere, you might need to know that, that might be part of your due diligence or of an investigation you’re running. So if you then find that they have corporate interests in Russia, do you know what you can find out about them?
Maya – 0:12:26 It’s kind of hard to generalise because it really is a mixed picture. So some countries do not have a registry. There isn’t a requirement for firms to file records. In other places there are registries but they’re not public. In others records are public but they’re not online. It really is a big variety and that’s true for the Middle East in particular. So in the region I’m most familiar with, the Gulf for instance, there have been huge changes recently. The records have mostly always been publicly available but they were not online. When I was working in Dubai on this kind of investigations, you would have to send someone to the government office in whichever country to manually retrieve a paper copy of the file. But lots of countries in the Gulf have seen huge changes in that they do now have online searchable registries and the situation is very different.
Maya – 0:13:16 It’s much more transparent, it’s much easier to work there. But elsewhere it’s still that there are copies but they’re only available offline. In some countries, Iran for instance, I think this is still true, the information is technically available online but it’s in the form of official gazettes. So the Gazette will publish an announcement when a company is formed with the directors and shareholders and then it will publish another update whenever those directors or shareholders change. But obviously, that is not consolidated anywhere. It’s not structured text, it’s really impossible to search. So the information is out there, but it’s a real challenge to piece it all together and work out who the current shareholders of any given company are. Which is also the case with some corporate registries. You get really messy files where they’ve got the original filing and then follow-up filings with changes of direct shareholders, but they don’t necessarily have a nice consolidated up-to-date record that you can easily search online. There’s a really clear case for automating that process and using dedicated technology because, with things like the official Gazette, you can have providers that can pull that together for you and can consolidate all those records and give you that up-to-date picture. The information is there. It’s just that, as an individual working on a particular KYC file or an investigation, it’s really time-consuming to figure it out. And that’s without issues like languages or transliterations and other barriers like that.
Claus – 0:14:37 Recently you wrote a piece about FinCEN’s new rules, FinCEN in the US, on the collection of beneficial ownership information and that was a bit of a bummer.
Maya – 0:14:48 Yes, indeed.
Claus – 0:14:50 We’re all a bit disappointed with the availability of that information to the public and even to financial institutions. So, in your opinion, should we just resign ourselves that UBO disclosure in the US is just not coming, or should we see this as a first step and it will happen eventually?
Maya – 0:15:8 I like to try and be optimistic but I have to say on this one I think this is a worrying sign and I’m not optimistic this is going to resolve itself positively in the near future. I was thinking that just then when I was talking about inconsistencies and data not being very transparent in developing countries vs those technologically advanced countries, and thinking in the back of my mind: “Wait a minute, this is also true for places like the US”. I was initially excited when the US announced it was going to establish this beneficial ownership reporting system. There was going to be nationally held information about who owned companies and that would’ve been a real sea change for the us. But then, yeah, FinCEN released a draft version of the form companies will have to fill in to meet that requirement. And it’s really clear the system is not, in this form, going to be what we had hoped for.
Maya – 0:15:55 There are around 18 questions on this form where companies can tick “Unknown”, including questions like: “Who is the UBO of this company?”. They can just tick “Unknown”. So what is the point of the registry? I just feel like on the surface this should be a favourable moment for greater transparency. Like we’ve seen the results in the UK of the impetus of the Russian invasion of Ukraine and the UK suddenly questioning how much dirty foreign money is in the UK and whether companies are ultimately owned by Russian UBOs that they should know about. And so that’s pushed forward the Economic Crime Bill with reforms to Companies House and other changes in the UK. There’s been a lot of reporting around foreign meddling in elections through domestically registered legal entities in the US and other countries. You just feel like there are all those factors that should be motivating greater transparency. So if FinCEN still doesn’t really want to introduce a system that’s fit for purpose now, it’s hard to imagine that changing significantly anytime soon.
Claus – 0:16:51 Most of the world is currently going through an economic downturn or some trouble, at least. The UK in particular is struggling with a severe cost of living crisis. You and your team dedicated a report to the heightened risk of fraud and financial crime that arises in times like these. Can you talk us through some of the key findings there?
Maya – 0:17:11 Yes, we published a series of guidance documents on financial crime in a recession because it is well-established that financial crime particularly fraud increases in a recession. People are pushed into more extreme or atypical behaviour including criminal behaviour and more people for various reasons are vulnerable to fraudsters and criminals. In terms of fraud, we predicted an increase in “normal” customers. People that have no previous criminal history turning to commit acts of fraud. And we outline in the report what types of fraud those are likely to be. So given those people’s knowledge and their opportunities and also their ability to rationalise it to themselves because they don’t see themselves necessarily as criminals, they feel this is something they’re being forced to do. They’re more likely to commit fraud against the banks themselves or government bodies or big companies, but not against other individuals because that more clearly feels ethically wrong.
Maya – 0:18:6 But committing insurance fraud for instance feels like fair game. Insurance companies rip me off all the time, they make huge profits so this doesn’t really matter. Or making false claims of fraud to banks seeking reimbursement… it’s hard to feel sorry for a bank. They don’t really seem like victims, so it feels easier to pull off that kind of fraud. We look at that, what types of fraud are most likely to increase and we also think about how the typologies can be addressed. Because these are normal customers, it won’t be at onboarding, they won’t show red flags, they won’t have a history of illegal behaviour. So it’s more about the ongoing monitoring part and also looking for indicators that customers may have become at risk. Customers that have previously been in a healthy financial situation but have now lost their jobs, they’ve lost regular forms of income coming in, et cetera.
Maya – 0:18:51 And so might be more vulnerable in this way. Also, normal customers may be more vulnerable to being drawn into other forms of illegal activity with actual criminals, established criminals. Acting as money mules, for instance, and letting criminals use their bank accounts. And again, this may affect different groups of people. So lots of firms have what they would consider a standard profile for money mules, which tends to be young people or people with low income or uncertain income or students. But that profile probably looks very different at times of a recession because more and more people are subject to extreme financial pressure. And so people you might not previously have associated with money mulling may be drawn into it. On the flip side, so not customers committing fraud, but customers are also gonna be increasingly vulnerable to falling victim to professional scammers. Because, obviously, their financial situation is precarious, they need money so they’re going to be more attracted to investment scams, get-rich-quick schemes, fake crypto investments, et cetera.
Maya – 0:19:53 And also romance scams. People’s vulnerability increases there too because their financial situation is bad. So they’re feeling vulnerable and they may be looking for comfort through a relationship or be drawn in by someone who seems sympathetic and often the two go hand in hand. Scammers will build that emotional connection with a vulnerable person going through a bad time and then either ask for help directly or offer an investment opportunity and con people that way. So, yeah, overall lots of emerging trends to look out for and it’s likely to be a bumpy time for a while, I think.
Claus – 0:20:29 Absolutely. But with the help of someone looking out for us and looking out for clients, it’ll be easier.
Maya – 0:20:35 Yeah, hopefully sharing the typologies can help.
Claus – 0:20:38 Certainly. One last question I ask all my guests. If you tomorrow woke up and somehow had become the global financial regulator, what would be the first thing you would do, and why?
Maya – 0:20:50 Your other guests all give such good answers here, but I will try and think of something equally compelling. This may sound glib, but honestly, I think the first thing you would have to do is to start by taking a step back and rather than saying: “I wanna make changes to this area or that, or improve on this thing”, just do some really big picture thinking and say: “Fundamentally none of this works”. We’re spending vast amounts of time, money and effort and not having enough of an impact given how much is going into this. So how do we rethink this whole system? I think that would have to be the starting point, the stance of not being afraid to admit that things are not working and rip things up and start again. And trying to leverage lots of different insights and voices in doing that because it’s not easy. Not just the traditional figures in non-financial crime or financial institutions, but bringing in academia, law enforcement, and civil society groups to try and collectively think about how we can reframe this whole issue.
Maya – 0:21:48 And the other thing I think I would also do on day one is I would immediately establish good relations with the global financial crime law enforcement body, which I hope has been established at the same time as me. Something with much more far-reaching powers and greater resources, more clout than anything we have at the moment. Because financial crime is global and deliberately so because national law enforcement agencies struggle so much to go after complex international actors who are deliberately exploiting the lack of coordination and the lack of data sharing and the differences in the different national systems. So I think I would look to work very closely with that global enforcement agency and make sure we had a good dialogue and were able to work together.
Claus – 0:22:28 I like that. Maya, this has been amazing. Thank you so much.
Maya – 0:22:33 No, thank you very much. That was really good fun. I really enjoyed it.
If you liked the episode please subscribe to the whole series and leave us a review. And if you’d like to connect with us, suggest a guest or a topic for an upcoming episode, please send us a message at email@example.com.
Last updated on May 2nd, 2023 at 10:59 am