Govt Abstract. Baran Ozkan explains how AI-native methods, false-positive discount, and workflow readability are redefining how establishments scale regulated operations with out shedding audit defensibility.
Monetary crime compliance is shifting from rule-heavy oversight to operational infrastructure. As fintech and banking methods scale in complexity, establishments are being compelled to rethink how monitoring, investigations, and audit readiness operate in actual time.
Baran Ozkan, co-founder and CEO of Flagright, works on the intersection of transaction monitoring structure, AI-native compliance tooling, and operational workflow design. His perspective comes from constructing inside high-growth monetary methods the place alert quantity, investigation pace, and regulatory defensibility collide.
This dialog focuses on operational readability, false-positive discount, AI-native compliance methods, and what it takes to scale regulated infrastructure with out shedding audit self-discipline.
AITJ: Baran, what was the tipping level that impressed you to construct Flagright and the way did your previous roles at TransferGo and Forto form that imaginative and prescient?
The tipping level was a protracted, irritating seek for a real-time, risk-based transaction monitoring answer after I was main product at TransferGo. I used to be near the truth of how compliance groups function, particularly when a enterprise is scaling quick throughout corridors and buyer segments. What I noticed was an enormous hole between what legacy distributors promised and what really labored in manufacturing. Integrations have been gradual, tooling was inflexible, alert high quality was poor, and when groups wanted to vary one thing rapidly, they typically couldn’t with out prolonged vendor cycles. That’s when it clicked for me that compliance tooling was holding fintechs again, not as a result of groups didn’t care, however as a result of the infrastructure was not designed for contemporary monetary merchandise.
TransferGo formed my view of the issue from a fintech operator perspective. In case you are shifting cash for actual clients, you can not afford brittle methods that create large queues of low high quality alerts. You want controls that may adapt as your product modifications whereas nonetheless staying defensible for regulators and companions. That pressure between development and management is everlasting, and I needed to construct a platform that lets firms scale with out feeling like compliance is a continuing drag on the enterprise.
Forto formed my view from a methods perspective. In logistics, you be taught rapidly that actual world operations are messy and information isn’t excellent. You’re constructing actual time methods which have to remain dependable underneath stress, and also you want observability, clear information fashions, and clear workflows if you’d like selections to be repeatable. That have bolstered a core perception I carried into Flagright: the reply is just not extra guidelines or extra alerts. The reply is operational readability and an structure that makes good selections potential at scale.
The 180 web page Monetary Crime Compliance Handbook you launched is bold. What’s one perception in that handbook you imagine might basically shift how compliance groups function at the moment?
One perception I hold coming again to is that almost all compliance applications don’t fail as a result of groups have no idea the principles. They fail as a result of the working system behind this system is weak. Groups might have insurance policies, coaching, and a set of controls, however they lack the sensible workflows, proof trails, and suggestions loops that make this system resilient day after day.
Within the handbook we tried to translate regulation into operations. Meaning being express about what a very good investigation appears to be like like, what info needs to be captured, how selections are documented, how high quality assurance is run, and the way reporting is ready in a repeatable approach. When groups deal with compliance as an working system relatively than a guidelines, two issues occur. First, they scale back noise, as a result of controls grow to be measurable and tunable. Second, they grow to be audit prepared by design, as a result of proof is produced naturally by the workflow relatively than retroactively assembled when an audit is looming.
If I needed to summarize it in a single sentence, it’s this: compliance maturity is much less about figuring out extra rules and extra about constructing a system that produces constant selections and defensible proof at actual world pace.
You typically talk about operational readability over regulatory overload. How do you outline operational readability and why is it lacking in most fincrime methods?
Operational readability means a compliance staff can reply just a few easy questions at any cut-off date with out guesswork.
- What dangers are we really seeing in our enterprise proper now
- Which controls are firing and why
- What’s the high quality of these alerts
- How lengthy does it take to analyze and resolve them
- The place are the bottlenecks
- What modified this week and what affect did it have
When a staff has operational readability, they don’t seem to be reacting emotionally to quantity. They’ll see sign and development. They’ll defend why they made selections. They’ll tune controls based mostly on proof, not instinct.
It’s lacking as a result of the business has traditionally optimised for regulatory protection, not operational efficiency. Many stacks are fragmented, with one software for monitoring, one other for investigations, one other for reporting, and quite a lot of handbook glue in between. Knowledge will get siloed. Guidelines get modified with out good testing. Fashions get deployed with out clear reasoning. The result’s a program which will look fantastic on paper, however feels chaotic in follow.
My view is that the very best compliance groups function like excessive performing product and engineering groups. They measure, they iterate, they take a look at on actual information, and so they constantly enhance. Operational readability is what permits that mindset to work in compliance.
Are you able to stroll us by the journey of serving to a shopper scale back their false optimistic price and what made that transformation potential?
Let me floor this in a public instance. In a single shopper deployment, false positives dropped from 99.1 p.c to fifteen.3 p.c, which is an 83.8 p.c discount, and investigation time fell by greater than half. What made that transformation potential was not a single magic mannequin. It was a mix of knowledge, workflow, and management design working collectively.
First, we targeted on controllability. The shopper wanted to have the ability to change detection logic with out ready weeks for vendor intervention. They have been working throughout a number of jurisdictions, and when fraud patterns shift, time issues. We gave them the flexibility to create and modify customized guidelines independently, and to check configurations on stay manufacturing information with out impacting actual alerts. That skill to experiment safely is a giant a part of how groups scale back noise with out rising danger.
Second, we targeted on transparency. If an alert fires, an analyst wants to know the explanation rapidly. On this case, the shopper had expertise with proprietary methods that behaved like a black field, which made it exhausting to justify selections. By making triggers and context clearer, analysts can work quicker and high quality improves as a result of selections are simpler to validate.
Third, we targeted on workflow effectivity. When groups have to leap between methods to know one case, investigation occasions inflate and high quality suffers. Unifying monitoring and case administration helps analysts transfer by instances with much less friction and extra context, which instantly improves throughput and consistency.
What this says about legacy methods is that many are constructed round vendor management and static assumptions. They typically make change costly and gradual, and so they produce alert quantity that appears like protection however doesn’t translate into actual danger discount. When groups reclaim management, measure outcomes, and iterate on stay information, efficiency improves quick.
Flagright positions itself as an AI native answer for compliance. How do you differentiate AI native from AI enabled and what benefits does that ship?
To me, AI enabled typically means AI has been bolted onto an current product. You may need a chatbot interface, a mannequin that runs as an elective characteristic, or a workflow that also depends upon handbook work for many outcomes. The inspiration stays the identical, and AI is a layer on prime.
AI native means AI is designed into the system from the start. It impacts how information is structured, how selections are made, how workflows are automated, and the way outputs are ruled. It additionally means the system is constructed to be taught from investigations, as a result of the suggestions loop is the place the worth compounds.
The actual world benefit is just not theoretical. When AI is native, it could actually scale back low worth handbook work in investigations, floor context that analysts would in any other case spend time assembling, and assist groups produce constant narratives and proof trails. It additionally permits groups to scale with out merely hiring extra individuals to clear alerts. In compliance, scale with out shedding defensibility is the entire recreation.
With the handbook masking regional breakdowns throughout the EU, US, APAC, Center East, and Africa, what was essentially the most shocking nuance you encountered?
Essentially the most shocking nuance was how a lot of the true complexity comes from variations in operational expectations, not from the headline rules. Many areas share the identical broad targets, and international requirements affect them, however the way in which groups are anticipated to operationalize these targets varies.
For instance, reporting regimes can differ in what’s required, how info is structured, and the interior proof groups must retain to defend the choice. Knowledge privateness expectations additionally create very sensible design constraints, particularly if you end up working throughout areas and must stability info sharing with buyer protections.
What that taught me is that the successful method is to not construct a separate compliance program for each area from scratch. It’s to construct a core working mannequin that’s constant, after which make the regional variations express in workflows, documentation, and management configuration. That’s what makes scaling potential with out turning compliance right into a patchwork.
Out of your perspective as each a builder and an investor, what indicators do you search for in startups fixing advanced regulated issues?
The primary sign is respect for the area. In regulated industries, the product isn’t just a characteristic set, it’s a promise of reliability and accountability. Founders want to know the operational actuality of the groups they serve, not simply the regulation in summary.
The second sign is proof orientation. I search for groups that may clarify how their answer can be measured in manufacturing, what outcomes they may enhance, and what tradeoffs they’re making. In compliance, there isn’t a room for obscure claims. It’s important to present the way you scale back noise, enhance detection, and strengthen audit readiness.
The third sign is belief maturity. Safety posture, governance, and accountable deployment should not good to have. They’re the product. If a staff treats these as an afterthought, they may battle to win critical clients.
Lastly, I like founders who’re affected person about distribution. In regulated markets, belief and adoption compound over time, and the very best founders construct for the long run relatively than chasing brief time period hype.
Flagright emphasizes a no code, API first platform. What have been the hardest challenges in sustaining simplicity with out sacrificing depth?
The toughest problem is that simplicity and depth typically pull in reverse instructions. Compliance groups want expressive energy as a result of actual danger is nuanced. On the similar time, if the system seems like a fancy engineering software, you lose the individuals who must function it day-after-day.
Technically, constructing a no code state of affairs builder that’s highly effective and secure is difficult. You want guardrails so groups don’t unintentionally create controls that explode alert quantity or create gaps. You want robust testing functionality so modifications will be validated earlier than they go stay. You want efficiency so the system can rating exercise rapidly, and also you want observability so groups can perceive how modifications have an effect on outcomes.
Philosophically, you must be prepared to say no to complexity that doesn’t create actual worth. A variety of enterprise software program provides options that create choices, not outcomes. We attempt to hold the psychological mannequin clear. An excellent management needs to be comprehensible, testable, measurable, and defensible.
In case you needed to future proof compliance for the following 10 years, what three improvements would you guess on?
First, steady controls with simulation and measurement. Groups will more and more take a look at modifications on actual information earlier than deploying them, measure affect on false positives and true danger detection, and deal with compliance as a dwelling system.
Second, privateness preserving collaboration throughout establishments. Monetary crime is networked, and protection must grow to be extra networked. Higher methods to share typologies, indicators, and patterns with out exposing delicate information will increase the baseline for the entire ecosystem.
Third, AI assisted operations with robust governance. AI will assist investigations, triage, documentation, and high quality assurance, however provided that establishments can clarify selections, monitor efficiency, and hold accountability with people. The winners will mix AI functionality with audit readiness by design.
What private philosophies or management rules do you come to when dealing with ambiguity or resistance?
I come again to 3 rules.
Be unreasonably buyer obsessed. If I’m uncertain what to do, I am going discuss to the individuals dwelling the issue. Actuality is the very best technique doc.
Take accountability for safety, accuracy, and outcomes. In compliance, belief is fragile. If we ship one thing, we personal it, together with the exhausting edge instances.
Transfer with urgency, however don’t confuse pace with recklessness. I imagine in iteration and motion, but in addition in constructing the proof and governance that make quick methods secure.
After I face resistance, I attempt to separate sign from noise. If a number of shoppers and practitioners say the identical factor, that’s sign. If the pushback relies on concern of change relatively than information, we acknowledge it however we don’t let it drive the roadmap.
