Fraud & AML/CFT
Fraud and AML/CFT live in the same decision surface. These essays cover layered controls, sanctions screening, chargebacks and the feedback loop that keeps them honest.
Shipped in this domain.
Merchant Onboarding + KYC/KYB Automation
Automated merchant onboarding pipeline, KYC/KYB, UBO discovery, sanctions and PEP screening, risk-tiered decisioning with full audit trail. Activation cut from weeks to hours; manual review load down 70%.
Fraud, Risk and AML/CFT Controls: Layered Decisioning at $1B+ GTV
Layered fraud, AML/CFT and sanctions decisioning built natively into the payments stack, vendor signals, device intelligence, internal velocity rules, SAR-ready audit trails. Fraud loss held <0.1% of GTV; fraud incidents down ~65%.
Daraz (Alibaba Group) Payment Operations + COD-to-Digital Conversion
Ran payment operations for South Asia's largest marketplace across 5 markets during a COVID volume surge. Designed and shipped the COD-to-digital migration as an incentives + trust program — lifted digital share ~40% and cut dispute cycles ~50%.
Production GenAI Suite at Simpaisa, 4 Deployments in Regulated Payments
Identified, value-modeled and deployed 4 production GenAI solutions across merchant integration support, incident auto-escalation, partner support automation, and a fraud/AML AI pilot with a major banking partner.
SWIFT MT/MX Implementation: ISO 20022 Migration + gpi at Simpaisa
Wired SWIFT MT and MX (ISO 20022) messaging into the Simpaisa cross-border stack with gpi tracking, CSP attestation and dual-rail parsing — sustained 99.9%+ message-acceptance rate through the ISO 20022 migration window.
3DS2 Step-Up Optimisation: From 38% Frictionless to 73% Without Lifting Fraud
Rebuilt the EMV 3DS2 step-up programme for a regional acquirer-processor — per-issuer risk-based authentication, the full 3DS2 frictionless / data-only path suite, abandon-recovery flows — lifting frictionless rate from 38% to 73% over three quarters while holding portfolio fraud below the 6 bps scheme fraud-monitoring threshold.
AML/CFT Sanctions Engine: Real-Time Screening + 60% False-Positive Cut Across Five Markets
Stood up the AML/CFT sanctions and PEP screening engine across six MENA + South Asia markets for a regulated fintech, real-time pre-send blocking + daily batch re-screen, per-corridor list tuning, cut sanctions false-positive rate by ~60% without lowering true-positive coverage.
PMO + Risk Council Operating Model: From Audit-Reactive To Forward-Looking In Two Quarters
Built the joint PMO + Risk Council operating model for a regulated fintech, unified RAID + risk register, monthly council cadence, audit-evidence pipeline, moving the function from audit-reactive to forward-looking, with two regulator commendations and zero new findings across an 18-month cycle.
Daraz (Alibaba Group): +15% Checkout Conversion, −20% False Declines
Rebuilt marketplace checkout and the COD-to-digital migration for Alibaba-group Daraz across five South Asian markets — lifted checkout conversion +15%, cut false declines −20%, and tuned category-aware fraud rules during a COVID volume surge.
Field notes for this hub.
Adyen's 3% Refund Signal: Fraud Controls Need a Lifecycle
Refund and policy abuse can come from verified customers. Payment teams need controls across account, order, fulfilment, refund, and dispute events.
GitHub Models Is Shutting Down. Your AI Stack Needs an Exit Plan
GitHub Models' shutdown is a useful warning: an AI prototype becomes an operational dependency faster than most teams build an exit path.
Forter Agents Show AI Risk Work Is Becoming Operational
Forter's agent launch and today's repo radar point to the same pattern: AI is moving from generic assistants into bounded workflows with data access, controls, and operating accountability.
Correspondent Banking and the Reality of Emerging-Market Corridors
De-risking did not reduce risk. It moved the risk to the corridors that need access most.
SWIFT, AML/CFT, and Sanctions Screening in Practice
Sanctions screening is where compliance theory meets throughput reality. The product decisions live in the list overlay, the matcher, and the review queue.
Sanctions Screening Without Killing Throughput
Sanctions screening is a latency problem and a false-positive problem dressed up as a compliance problem.
AML/CFT: Rules vs Models, and Why You Need Both
Rules are explainable and weak. Models are powerful and unexplainable. Production AML needs both, layered.
PCI DSS and ISO 27001 as Product Programs
PCI DSS and ISO 27001 are not paperwork projects. Run as product programs, they make the platform measurably stronger.
Chargebacks Are a Product Problem
A rising chargeback line is product debt that finance is paying. The fix is upstream.
Layered Fraud Controls in the Payments Stack
No single fraud control survives a determined attacker. Layered controls do, and they do it without crushing conversion.
The Risk-Adjusted Backlog: Prioritising Payment Products When Failure Costs Real Money
A payment roadmap cannot be ranked by revenue alone. The backlog has to price the cost of failure, the cost of delay and the cost of operating complexity.
Onboarding Conversion vs. Default Rate: The Real Tradeoff
Conversion and default rate are not enemies. They are two sides of the same product surface.
Risk Tiering Merchants Is a Product Decision
Tiering is the single most leveraged product decision in a payments platform. Most teams hand it to risk and never recover.
Agentic Payments Operations: What Works, What Is Theatre
Agentic AI can help payments operations when the task is bounded, observable and reversible. It becomes theatre when teams let agents improvise inside money movement.
Regulatory UX: Why the Name on a Payment Screen Can Block a Launch
Regulators do not read your roadmap. They read your screen.
Merchant Onboarding: Where Growth, Risk and Compliance Collide
Three teams own onboarding. The merchant only sees one experience. That gap is the product.
Compelling Evidence 3.0 (Visa): What Changed, and How To Actually Win Disputes Now
Compelling Evidence 3.0 is the most consequential dispute-rule change Visa has shipped in a decade. The mechanics look like a documentation update; the operating implication is a complete rework of how acquirers capture, store and present transaction evidence.
CSPO + RICE in Practice: A Real Payments Roadmap Walkthrough
RICE is a clean ranking framework that does not know payments exists. CSPO is a clean product mindset that does not know prioritisation maths. Put together, with a risk-adjusted overlay, they become a working operating system for a payments backlog. Here is the walkthrough.
How Credit Scoring Systems Actually Work: From Feature Pipeline to Bureau Reporting
Reaching for an off-the-shelf credit-scoring vendor is easy; the trap is stopping there. The vendor's output is a number. The substance an operator has to own is the pipeline that produces it, the governance that protects it, and the bureau reporting cycle that keeps it current.
Why AI / ML Solutions Fail In Production Payments: Seven Patterns I See Every Year
Most AI/ML projects in payments fail in production for reasons that have nothing to do with model accuracy. They fail because the team optimised for a leaderboard metric, the operating environment moved, the labels were wrong, or the audit cycle the model now lives inside was not part of the design. Seven patterns I see every year.
Where ML Beats AI: Six Payment Problems an LLM Cannot Touch
There is a quiet AI-in-fintech mistake teams keep making: reaching for an LLM the moment the word 'AI' shows up on the roadmap. Sometimes the right answer is a gradient-boosted tree and a clean feature pipeline. This is the operator's argument for the boring choice.
Product Management for Payments Platforms: What's Different, and What's Not
A payments PM is a SaaS PM with three extra constituencies and one extra reflex. Get the reflex wrong and the other constituencies stop trusting you.
GenAI in Fintech: 4 Production Use Cases That Actually Ship
Most fintech AI work in 2026 is still demos. These four use cases are not, they're running in production at $1B+ TPV across five regulated markets.
Project Management for Fintech Regulatory Programmes: PCI DSS, ISO 27001, SOC 2, AML/CFT
Six weeks before the audit, every troubled regulatory programme looks identical: forgotten Confluence pages, evidence requests rotting in inboxes, a year of work crammed into six weeks of theatre. Run it as delivery with an immovable deadline and an external grader, or pay remediation many times over.
AI Fraud Detection vs Rule Engines: A Field Comparison
ML catches novel attacks; rule engines win on explainability, ops cost, and the regulator conversation. In regulated payments the answer is a hybrid, and designing where each one fires is the whole job.