Inside Financial Crimes Compliance With Finfare’s Josh Douglas

Financial crime doesn’t wait for anyone. Whether it’s fraud, money laundering, or suspicious transactions slipping through the cracks, the threats are constant, and they’re getting smarter.

And for companies in banking, fintech, and payments, staying compliant isn’t just about checking boxes anymore. It’s about building systems, teams, and cultures that can keep up with the pace of change.

Josh Douglas, Financial Crimes Manager at Finfare, has spent over 12 years navigating this industry. In this interview, he shares what it takes to build resilient compliance programs, why AI is both a tool and a test, and how fintechs can avoid falling behind.

This interview is part of G2’s Industry Insights series. For more content like this, subscribe to G2 Tea, a weekly newsletter with SaaS-y news and entertainment.

Inside the industry with Josh Douglas

What drew you to the field of financial crimes compliance, and how have you seen the field evolve over the last 12 years?

It was a total accident. I had been in banking for a few years and was working my way up. I ended up getting a phone call from our BSA officer one day regarding the transactions of a very good customer of ours. And at that point in my career, I was being prepped for branch management. That's where I thought the path was going. Come to find out, this good customer of ours was doing some activity that should not have been taking place. I didn't know about it, and really no one knew because we didn’t monitor from a 30-day perspective. We worked on a transaction-by-transaction basis.

I worked with our BSA department to resolve this and facilitate questions and comments for our customers the whole time. I didn't really know what the BSA department did, so I found that pretty interesting early on. I found an opening within the team and ended up transferring to the operations side of BSA. 

It put my career on a different path. It was not customer-facing. This was a very back-office type of work, which was unusual for me. But I knew that what we were doing was upholding the US Patriot Act. We were keeping our bank in a safe spot. We were making sure that no crimes of any sort were taking place through that bank. 

So I tell people it all happened by accident one day back in 2012/2013. It's been a path that I'm glad I took.

What does financial crimes compliance entail, and why is it such a critical function in banking, fintech, and payments?

Financial crimes and compliance are pretty broad. There are many different areas of it. So, from a high level, you have a triage team within the Bank Secrecy Act Department and an Anti Money Laundering Department that will review alerts generated based on rules or actions that the customer triggers on a transactional basis. It could be based on volume or on the number of transactions. We are looking to monitor and make sure that they're not doing anything that would violate our policies. 

So if, all of a sudden, someone is doing a lot of cash activity, whether it's cash deposits or withdrawals, that would generate an out-of-pattern rule for someone to review. Why the sudden change? Are they compromised? Are they trying to pay someone off? What happened now? Naturally, there are cash-intensive businesses, such as convenience stores, which is normal for these folks. Some of this activity could be cyclical or seasonal. You could have spikes around Thanksgiving and Christmas. That's what these teams are typically monitoring for. So banks and fintechs monitor financial crimes from that perspective. 

Payments are monitored from a perspective of mitigating loss because payment companies can lose money in a number of ways. Their most common way is through chargebacks. So we're monitoring from a payments perspective to ensure that the merchants that we have underwritten are operating within their parameters and not violating anything that would put the processor in violation with MasterCard or Visa. 

There are a couple of different avenues there. I've been blessed and fortunate to see all of those avenues, and I've been able to take key points from each one of those industries — banking, fintech, and payments — merge them into what is now my experience in this space.

How does financial crimes compliance differ between traditional banks and fintech companies? Are there unique challenges fintechs face that banks don’t?

I've been fortunate to work in both for a number of years. And I can tell you right off the bat that the first thing anyone in these industries would notice is that by nature, and this is not across the board, but by nature, banks tend to move a little slower when implementing changes and trying to keep up with the latest technology.

Banks tend to serve on the more conservative side of who they are willing to do business with. Fintech companies understand that we need to adopt new ways of doing different things. Fintechs may be a little quicker to process or a little more user-friendly than a bank would be.

Banks have to ensure that their customer portfolio is conservative enough with the right mixture of risk that can still earn them some money. But fintechs are looking to serve a purpose that banks really can't fill. For example, with a fintech tool, we can sign up from our phones or from a laptop. 

As time evolves, and as technology as a whole evolves, we're transitioning more and more from brick and mortar to tablet-based or phone-based. Banks need to go palm-to-palm with their customers to have that extra layer of comfort.

From a banking perspective, the thought within the branch world is that if you can get a customer to hold three accounts with you, they're never going to leave. This is why a lot of banks push you to open a checking and a savings account. Now you're 2/3 of the way there. It's going to be very difficult for that customer to leave, and the likelihood that they do leave is very low.

As fintechs, we compete against everyone else. We fill the space that traditional banks can't. This is not to say that we don't abide by banking rules and bylaws. We have sponsor banks out there that oversee our program as a whole, and we need to meet requirements. We're building products that can literally land in the palm of a customer's hand, but we also make sure that they are in regulation and in compliance with our sponsor bank. 

How do you ensure financial crimes prevention is part of the company culture and not just dependent on compliance teams?

Yeah, that's a very good question. 

I think that comes from leadership at the top. Leadership within financial crimes needs to be open, and the right leader needs to put themselves in meetings with sales, marketing, engineering, and other groups to just share what we're doing.

 A lot of times, people look at compliance as the department of “no”: when you go ask that group something, chances are you're going to be told no. So a lot of people just say, “Do the transaction, make the decision, and we'll apologize for it later on.” 

Well, I like to take a different approach and meet with sales and marketing. I like to partner with these groups and explain what we're seeing and why we can't approve certain things.

I found it best to partner with them so they understand where they need to focus their efforts. That's how you build a culture of compliance. It happens from being consistent, following through with what you say you're going to do, and being visible.

What role should AI play in financial crimes prevention, and how can companies balance automation with human oversight?

Here's what I'll do to explain. I will compare this to the world of crypto. 

When I started in financial crimes, Bitcoin and the cryptocurrency environment as a whole were seen as voodoo. It wasn’t real. It was a place where the people who used it were only using it to commit crimes, right? This was 12 years ago. Fast forward to today, and there is hardly an institution or bank out there that does not have some sort of information about cryptocurrency exchanges in their policy because they understand their customers are going to want to transact with them. 

So, from that aspect, you transition into AI, where you're bringing in a tool that everyone thinks is going to take their job. But it's not to take someone's job; it's to make it more efficient. It’s to review data in a very, very quick manner. When you upload a spreadsheet to an AI tool that can spit out the information and the results of what it's seeing within seconds, that is very helpful.

Transform your AI marketing strategy.

Join industry leaders at G2's free AI in Action Roadshow for actionable insights and proven strategies to reimagine your funnel. Register now

On the flip side, AI is so new that you truly can't plug it in and leave it. You're not going to set it and forget it, and let AI do its job and never review it. You have to teach the machine what it should read so it doesn't remove the human aspect immediately. What it does is it helps you digest and comprehend the data. That machine still needs to be taught what to do. It needs to be taught what pieces of information are helpful. 

Institutions will have the same rules when it comes to AI. Not only do financial crimes professionals need to be very risk aware and up-to-date on financial crimes, patterns, and typologies, but there needs to be a touch of engineering experience as well. 

I think a lot of people see AI as a shiny new toy. But my advice would be to bring someone from the engineering side with you to the table. You're going to partner with them to ensure that this tool is implemented right, the integration goes smoothly, and it's operating as it should. This is not a one-person show. This is a company effort to ensure that that tool works right. Because, at the end of the day, AI could pick up on anomalies and patterns that a human could miss. But you're not taking the humans out of it. You're just repurposing them to ensure that the tool works right.

How do you expect financial crimes regulations to evolve, and what should companies do to prepare?

AI is not going away; it's only going to become more prevalent. So, I would urge companies to document everything. Examiners will want to come in and see your documentation and validation of these tools. 

I would advise companies to be flexible and nimble. If you cannot pivot and adapt to the new way of doing business, you will get left behind. 

We were giving banks a hard time about being slow to implement new tools. Maybe they've just got the right tools in place for a heavy check-writing environment. But who's to say that in the next 10 years, check companies will just go out of business, and nobody will order checks anymore? Then, that institution would need to change how it monitors activity. 

I would just urge companies to document everything and make sure that we've got the checks and balances and validations in place. You've got to adapt to new times to continue to mitigate loss.

Subscribe to G2 Tea, our SaaS-y newsletter with tech insights and tidbits from industry professionals like Josh!

Follow Josh Douglas on LinkedIn to learn more about his extensive knowledge in the industry.

Edited by Supanna Das