Fraud and compliance pressure are reshaping trust at Money20/20

At a glance

What this is: This is a Sumsub podcast episode on how payment, compliance, and fraud leaders are adapting trust controls as financial infrastructure and AI-driven risk evolve.

Why it matters: It matters because IAM, fraud, and compliance teams increasingly need shared governance patterns for customer identity, access trust, and control automation across fast-moving financial channels.

👉 Listen to Sumsub's podcast on fraud, AML, and trust at Money20/20

Context

Money20/20 discussions like this one sit at the intersection of identity trust, financial crime prevention, and operational scale. In practice, the harder problem is not whether controls exist, but whether they can keep pace when payment flows, compliance obligations, and fraud methods change at the same time.

For IAM and risk leaders, the relevant question is how trust decisions are made across customer onboarding, account access, transaction monitoring, and exception handling. When those decisions are fragmented across teams, organisations build silos that slow growth without actually reducing exposure.

Key questions

Q: How should financial institutions align fraud, AML, and IAM controls?

A: They should align them around the same identity and transaction evidence, then define shared escalation thresholds and ownership. When fraud, AML, and IAM teams use different data sets or different case criteria, the organisation creates control gaps at the exact points where trust decisions matter most. Shared governance reduces duplicated review and improves defensibility.

Q: Why do data silos weaken fraud and compliance programmes?

A: Data silos weaken these programmes because suspicious behaviour is usually distributed across onboarding, device, payment, and case-management systems. If teams cannot connect those signals to the same identity or transaction, they miss the pattern or investigate it too late. The result is slower response, inconsistent decisions, and weaker evidence for regulators.

Q: How can teams use AI in payments without losing control?

A: Teams should treat AI as a governed decision layer, not a shortcut around review. That means traceable inputs, documented thresholds, exception handling, and a human or policy owner for escalation. AI can increase throughput, but only if the organisation can explain how it reached a decision after the fact.

Q: What should leaders change when fraud risk and growth pressure rise together?

A: They should redesign trust controls so they scale with the business rather than sit beside it. That usually means simplifying handoffs, unifying evidence, and making risk decisions visible across teams. Growth and control do not have to conflict, but they do need the same operating model.

Technical breakdown

How payment growth creates trust-control drift

Payment platforms often scale faster than the governance processes that support them. As organisations expand across regions and products, identity proofing, transaction review, fraud triage, and AML workflows can drift apart. That creates inconsistent decisioning, duplicated controls, and blind spots where risk signals are not shared quickly enough. In financial services, the challenge is not only authentication or account security. It is the operational alignment of identity, access, and financial-crime control points across the customer lifecycle.

Practical implication: map where trust decisions are made today and remove duplicated handoffs across onboarding, payments, and compliance operations.

Data silos and the limits of fragmented fraud detection

Data silos reduce the effectiveness of fraud and compliance programmes because the same customer or transaction may look low-risk in one system and high-risk in another. Modern fraud patterns often span onboarding, device behaviour, payment authorisation, and post-transaction investigation, so single-view tooling is rarely enough. The technical issue is correlation. Without shared identifiers and consistent event timing, security teams cannot connect suspicious activity into a credible case fast enough to intervene.

Practical implication: unify identity and transaction signals so fraud, AML, and customer-risk teams can investigate the same subject with the same evidence.

AI in payments raises the bar for governance, not just detection

AI changes the trust problem because it can accelerate both legitimate operations and adversarial activity. In payments, that can mean faster risk scoring, better customer routing, but also more adaptive fraud behaviour and more pressure on manual review queues. The governance question becomes whether controls are auditable, explainable, and resilient when decisions are increasingly machine-assisted. That is a programme-design issue, not just a model-performance issue.

Practical implication: require traceable decision paths for AI-assisted fraud and compliance workflows before expanding automation.

NHI Mgmt Group analysis

Trust programmes in payments are now lifecycle programmes, not point controls. The episode points to a broader shift: onboarding, payments, AML, and fraud review can no longer be treated as separate functions with separate truth sets. That fragmentation creates inconsistent risk outcomes even when each team believes it is operating correctly. The implication is that identity governance must follow the customer and transaction lifecycle end to end.

Data silos are a governance failure before they are a detection failure. If risk teams cannot reuse identity and event context across channels, they will keep rebuilding partial controls around the same subject. That pattern weakens both fraud response and regulatory defensibility because no single team can prove a complete view of the case. Practitioners should treat shared context as a control objective, not a reporting convenience.

AI-assisted financial crime workflows demand auditability at decision time. The article’s emphasis on AI in global payments reflects a practical reality: machine acceleration can help scale review, but it also makes opaque exceptions harder to defend. This is where governance has to catch up with speed. The field needs controls that preserve traceability when decisions move from human queues to assisted or automated paths.

Cross-functional trust architecture is becoming the category, not a side project. The most useful reading of this discussion is that fraud, IAM, AML, and platform operations are converging around the same trust fabric. Organisations that keep these domains separate will keep paying for duplicated checks, inconsistent outcomes, and slower remediation. The practitioner takeaway is to design for shared evidence, shared escalation, and shared accountability.

From our research:

• 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, with 46% confirmed and 26% suspected, according to The 2024 ESG Report: Managing Non-Human Identities.
• That same report found that enterprises that have experienced a compromised NHI averaged 2.7 separate incidents in the past 12 months, which is why repeated identity failures should be treated as a programme issue, not isolated events.
• For a broader lifecycle lens, the NHI Lifecycle Management Guide helps teams map provisioning, rotation, and offboarding controls to the identities that actually carry operational risk.

What this signals

The immediate signal for practitioners is convergence. Fraud, compliance, and IAM teams are being pushed toward a shared operating model where customer identity, transaction telemetry, and escalation policy sit in the same governance loop. That matters because control quality will increasingly be judged by how well organisations can correlate signals, not by how many separate tools they own.

Trust fabric drift: when onboarding, payment review, and AML decisions are governed in different systems, the organisation starts producing inconsistent answers about the same customer or transaction. Teams should expect more pressure to prove why one case was approved, delayed, or escalated while another was not.

With 72% of organisations reporting or suspecting a non-human identity breach in our research, the broader lesson is that identity programmes are now judged by operational linkage, not just policy intent. For readers building mature programmes, the priority is to make shared evidence and explainable escalation the default, not the exception.

For practitioners

• Map trust decisions across the customer lifecycle Identify where onboarding, payment authorisation, fraud review, and AML escalation each make independent decisions about the same customer or transaction. Consolidate duplicated checks and define one source of truth for high-risk cases.
• Break down identity and transaction data silos Create a shared investigation view that links identity attributes, device signals, payment events, and case outcomes. This makes it easier to correlate patterns across teams and reduce false confidence from isolated dashboards.
• Demand auditability for AI-assisted controls Require logged decision paths, clear escalation criteria, and reviewable evidence when AI contributes to fraud scoring or compliance triage. If a decision cannot be explained after the fact, it is not ready for operational reliance.
• Align fraud, AML, and IAM governance Set common escalation thresholds and ownership rules so identity, compliance, and financial-crime teams respond to the same risk signal consistently. This prevents duplicated triage and closes gaps created by function-specific tooling.

Key takeaways

• Payment trust now depends on coordinated identity, fraud, and AML governance rather than isolated controls.
• Data silos weaken both detection speed and regulatory defensibility because the same subject is viewed through multiple incomplete systems.
• AI can improve scale only if teams can still explain, audit, and govern the decisions it helps produce.

Key terms

• Trust Fabric: The trust fabric is the connected set of identity, risk, fraud, and compliance controls that determine whether a customer, transaction, or action is accepted. In practice, it is not one tool. It is the operating model that lets multiple teams make consistent decisions from shared evidence.
• Control Drift: Control drift is the gradual mismatch between how a governance process was designed and how it is actually executed at scale. In payments and compliance, drift appears when onboarding, fraud review, AML, and escalation logic evolve separately and begin producing inconsistent outcomes for the same case.
• Decision Traceability: Decision traceability is the ability to reconstruct why a trust or risk decision was made, including inputs, thresholds, exceptions, and owners. It is essential when AI or distributed teams influence outcomes, because a decision that cannot be explained is difficult to audit, defend, or improve.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by Sumsub: When Growth Meets Guardrails at Money20/20 Part 2. Read the original.