
Payments, Risk, and the Future of Compliance with Cihat Fitzgerald from Ballerine
Payments, Risk, and the Future of Compliance with Cihat Fitzgerald from Ballerine
July 7, 2026
51
min
Fitzgerald examines how AI reshapes compliance infrastructure, discussing fraud detection automation, synthetic identity risks, and balancing institutional discipline with startup velocity in regulated environments.
Episode Overview
In this episode, Cihat Fitzgerald recounts a 30-year career that began with a pivotal phone call — "Yes, but we do it on the internet" — that pulled him from aerospace software into payments at the dawn of e-commerce. Cihat walks through every layer of the payments stack from the trenches: starting as an ISO on the acquiring side, moving to bank-level merchant portfolio management and fintech oversight at West America Bank, and then spending over a decade at Visa as VP of Global Ecosystem Security and Integrity, where he authored the Global Acquirer Risk Standards and the Payment Facilitator and Marketplace Risk Guide that regulators and financial institutions still reference today.
Now serving as Chief Risk Officer at Ballerine, a 15-person AI-first startup, Cihat explains how agentic AI is transforming merchant underwriting from a 30-to-40-minute manual process into an 8-minute automated workflow. He breaks down how AI-driven contextual awareness eliminates the false positive problem that plagues rule-based legacy monitoring systems — distinguishing between an actual marijuana seller and a t-shirt with a marijuana leaf printed on it — and why the human underwriter's role is shifting from data gathering to credit decision-making.
The conversation also covers why fintechs entering payments consistently underestimate their regulatory obligations, how Ballerine's AI models are specifically trained on payments risk rather than relying on general-purpose LLMs, the emerging risks posed by agentic AI commerce and AI-driven fraud at scale, and what the compliance and risk officer of 2030 will need to master.
About Cihat Fitzgerald
Cihat Fitzgerald is the Chief Risk Officer at Ballerine, an AI-first platform providing risk intelligence, merchant monitoring, and underwriting automation for financial institutions and fintechs. Born in Holland and raised in Cape Town, South Africa, Cihat is now based in San Francisco. His career spans aerospace software, fintech operations, banking, and a 10.5-year tenure at Visa where he served as VP of Global Ecosystem Security and Integrity, overseeing compliance and risk across the entire payment network. At Visa, he authored the Global Acquirer Risk Standards and the Payment Facilitator and Marketplace Risk Guide, both of which became foundational frameworks used by banks, fintechs, and government regulators worldwide.
Key Topics Discussed
- From aerospace to payments — How a single phone call about processing payments over the internet redirected Cihat's career from defense software marketing into the acquiring side of payments, and why the current AI wave feels like the same kind of inflection point.
- Working every layer of the payments stack — Lessons from managing risk at ISOs, banks, and Visa, and why having been in the trenches at each level made him more effective when overseeing the entire ecosystem from the network level.
- Authoring Visa's global risk frameworks — The story behind creating the Global Acquirer Risk Standards and the PF/Marketplace Risk Guide, why regulators and banks still reference them, and what would need rewriting for the age of AI.
- Top three risks that sink fintechs in payments — Failing to maintain a proper control environment, lacking documented policies and procedures, and letting merchants into the payment system without adequate underwriting or KYC.
- Agentic AI in merchant underwriting and monitoring — How Ballerine's AI reduces underwriting time from 30-40 minutes to 8 minutes, provides contextual awareness that eliminates false positives, and lets underwriters focus on credit decisions instead of manual research.
- Rule-based vs. AI-first compliance platforms — Why legacy keyword-based monitoring generates excessive false positives and how contextually aware AI models trained specifically on payments risk deliver more accurate results.
- Human-in-the-loop AI governance — How Ballerine maintains human oversight over AI output, retrains models based on results, and ensures domain-specific accuracy rather than relying on general-purpose LLMs.
- Agentic AI as an emerging threat vector — Why agentic commerce and AI-powered fraud at scale represent the next blind spot for risk leaders, including trust handshakes between AI agents and websites.
- Navigating the transition from corporate to startup — Adapting from Visa's high-stakes corporate environment to Ballerine's flat, fast-moving culture, and how mentorship shaped Cihat's ability to operate at both scales.
Key Takeaways
- Fintechs entering payments must understand they are entering a highly regulated industry — the most common failure is treating payments as just a technology problem and neglecting proper policies, procedures, and control environments.
- AI-first compliance platforms outperform legacy rule-based systems by understanding context. A marijuana leaf on a t-shirt is not the same as selling marijuana, and contextual AI can make that distinction where keyword rules cannot.
- The underwriter's role is not disappearing — it is shifting from manual data gathering and web research to making informed credit decisions based on AI-aggregated risk intelligence.
- Domain-specific AI models trained on payments risk, fraud control, and network rules deliver far more reliable results than general-purpose LLMs, which are prone to hallucination in specialized compliance contexts.
- Agentic AI commerce — where AI agents autonomously browse websites, make purchases, and interact with systems — will require new compliance standards for trust verification and standardized agent-to-URL handshakes.
- Proper policy documentation is still the most underrated control in risk management. When a fintech is struggling, the first diagnostic question remains: show me your policies and procedures.
- Having worked at every level of the payments stack — ISO, bank, network — gives risk leaders the credibility and understanding to engage effectively with any participant in the ecosystem.
Who Should Listen
- Fintech founders and product leaders entering the payments industry who need to understand their regulatory and risk obligations
- Risk managers and compliance officers evaluating AI-powered underwriting, monitoring, and KYC solutions for their organizations
- Payment facilitators, ISOs, and acquiring banks looking to modernize legacy rule-based compliance systems
- Corporate risk professionals considering a career move from large financial institutions to AI-driven startups
- Anyone working in merchant acquiring, onboarding, or transaction monitoring who wants to understand how agentic AI will reshape their workflows
Episode Transcript
Chad, thank you so much for coming on the podcast. Um, it's great to have you here. >> Thank you. >> So, yeah, you've lived across continents. You were born in Holland.
You were raised in Cape Town. Now you're based in San Francisco. You move a lot. >> And you started out in aerospace before jumping into fintech. From defense tech to the dawn of e-commerce, from writing Visa's global risk standards to leading AIdriven compliance at Ballerin.
You've seen every stage of fintech evolution. So today we'll dig into what those decades taught to you about building trust at scale, pairing AI with governance, and keeping human judgment in an increasingly automated world. So yeah, you once got a career changing call with the pitch, yes, but we do it on the internet. >> Yes. >> So what made that moment click for you?
And does this current AI wave feel the same kind of point of inflection that you saw back then? >> Yeah, good point. Okay. Yeah. So uh I worked for a software company primarily uh providing uh systems to defense and aerospace and what have you and I was there in a marketing function and uh yeah I got a call one day and uh somebody asked like hey we're looking for a marketing person.
I'm like, "Okay." They're like, "Yeah, what do you do?" Like, "Well, we do we process payments for Visa, Mascard, other networks." And I'm like, "Okay, so like who doesn't, right? What's the big deal?" And then indeed, yes. The the response was, "Yes, but we do it over the internet." And this was just when the internet was taking off and e-commerce was brand new. And I was like, you know, this this could be interesting, you know. So, I decided to join them and uh I think it was a good decision because I just talked to somebody today too who jumped into payments.
It says once you're in the payments business, I think you'll never leave, you know, and it's pretty much like that. I think a lot of people can agree with me on that. So, I ended up in payments and yeah, I I started on the marketing side, but then just kind of evolved on the operations and and the risk component and yeah, things evolved to that extent. >> I love it. And so yeah, do you think like the internet moment and the AI moment are similar different like what do you what do you feel there being in payments from the dawn of internet to the dawn of AI?
Yeah, I think it has a similar feeling for me meaning when e-commerce came around and you know just we developed a gateway that actually did the online transactions and what have you and it was very exciting and and you know things were evolving and you know you have to keep up to date with what's next and yeah once that kind of subsided it was you know you're in the groove and you're doing things and e-commerce now is pretty well standard thing you know once AI came around I it was kind of interesting and I didn't know much about it. You know, the only thing you hear about GPT and things like that, but that's like very rudimentary AI. But when I started working with Bellerin, I was really introduced into the the the depths of AI and how it can really revolutionize commerce or any kind of aspect of of business. And it has that same kind of element to it where I feel excited about it and feel that blessed to be basically on that side. So pioneering that that industry.
Yes. >> I love it. And so you began in aerospace and defense on the software side. >> On the software side. Yeah.
But I mean I imagine it's a very structured and risk averse space. Is there anything that carried over to your fintech compliance and risk? >> I would say it was a completely different world. Obviously if anything we you know interactive we did some business with large corporations or the government you know and in that sense I can kind of used to you know doing that and being I spoke at like for instance Boeing for a press conference and that was like hey this is pretty awesome right so obviously down payments yeah I I that evolved um and in the end I was working with multinationals and uh large financial institutions uh but I think that that component kind carried over. >> My role was a little different.
So, you know, previous company I was in marketing, started in marketing, but quickly evolved into operations of risk. So, that was a whole new world for me. Yeah. >> Love it. Love it.
Um, would love to dive into a little bit more of your career evolution. So, you've managed risk in the financial ind industry in a lot of places. You were at FinTech as VP of acquiring operations at West America Bank and as head of global ecosystem security at Visa. >> Yeah. How did each environment change how you think about you know control, accountability, speed?
>> Sure. Okay. So I mean just for for those who maybe don't know the you know I was on the acquiring side of of payments and generally what that means is everybody's pretty familiar with the issuing side. So the banks that issue you your you know card um and that's all one side or one side the whole industry and then the other side is actually the acceptance side. So the acquiring side sets up merchants for card acceptance and essentially acquire the the transactions the the sales and then you know clear it into uh interchange.
So that's the side I was on the the acceptance side. So a lot of people when I talked to them and you I worked for Visa they're like can you do something about my bill? >> Yeah. >> And I'm like first of all we don't issue cards and second of all no. >> Yeah.
Uh so to that extent on the acquiring side yes entered in through the fintech side commonly known in in the industry as as an ISO or independent sales organization uh payment facilitators were involved and stuff like that. So I came in through that side and uh what what happened is the those kind of businesses are really in the trenches you know they're on the forefront they work directly with the merchants you know they have to connect to the networks and the processors they have to work with the banks but you're really kind of in the trenches and specifically on the risk side because you're responsible for portfolio of merchants uh you have to do the underwriting the monitoring the risk monitoring or whatever you know and I can tell you that in my career, you know, there have been times when things didn't go perfect, you know, and things blow up or there's a fraud attack or whatever. >> To that extent, I learned a lot, you know, from being actually in the trenches doing it hands-on. So, once I ended up at the bank and actually now managed a portfolio of merchants, but also uh fintex. So, now we have the oversight responsibility for the fintex, right?
Because the bank is held accountable by the networks. So that ended that added that extra dynamic. Now I had to have oversight over these uh fintaxs but I knew the fintex because I worked in that environment. So it wasn't like brand new to me. I knew how they thought I knew how they conduct business and that really helped me and then obviously then graduating to the network itself now you oversee a portfolio of financial institutions and fintex too.
So, but because I've been in that world, you know, and I worked myself up through that entire stack essentially gave me really good capabilities and visibility and and understanding. So, when I had to talk to big banks or big fintex, they essentially knew what I was talking about because I lived in their shoes. So, that was really helpful. >> Yeah, I can imagine. And also like talking about big banks and to big fintex, you you helped author the global acquirer risk standards and the payment facilitator and marketplace risk guides.
What do you think aged best in that framework and which piece do you think you'd need to rewrite today in the in the age of AI? >> Well, um yeah, good good question. So, the when I authored the global choir standards, there was there were kind of there was kind of like a fragmented earlier iteration of it, but it was not truly global and it was not fully, you know, one cohesive framework for acquiring risk, right? So I authored that and you know it it was very well used not just by network participants like the banks and fintex and what have you but actually also by the federal government and other governments you know uh non- US governments um because it it provided a framework that that protected the the banks the acquirers but also other participants the ecosystem in itself. So that went a long way.
When when I left Visa, I know they rewrote it, so it graduated. Yes, they graduated. >> But funny enough, I have people still asking me, "Do you have an original copy?" You know? Yes. >> Did you Did you print some away or >> I I It was a public document, so obviously I have it.
Yeah. >> Uh and and and yeah, literally one of the biggest banks in in the US not too long asking me like, "Do do you have a copy of that version?" And I'm like, "Yeah, I do." you know, but yeah, I mean things always evolve and uh you know, the new version that Visa has is more applicable to you know what's what the new risks are, the new, you know, fraud uh schemes and and and attack vectors. But yeah, I think also wrote the the the PF and market pay facilitating marketplace risk guide >> that's still on Visa's website and it's still used. So I think that is really applicable today still. Um I think it really provides new fintexs with hey these are the risks.
This is what you need to know. This is how you need to mitigate them. Because a lot of these fintexs, they consider themselves to be technology companies, right? They they create a tech product or, you know, some service or platform and then, you know, they enter the payments industry and they have no idea that they're just entering a highly regulated industry that's very open to different risks they're used to. And I've seen the wheels come off many times where FinTech's like, "Yay, we're doing payments now." And then you smoldering impact crater.
So I was like, you know, I'm going to write this guide. And it really just kind of provides the fundamentals and teaches FinTech like, hey, this is a new environment you're in. You're no longer just a tech company. You have responsibilities. You're accountable.
You know, you could be exposed to risks that you've never thought about. >> And so for all the fintex watching us at home today, um, what do you say is the top three risk? What you've seen really a lot of FinTechs fail really hard on? I think one thing is indeed not not maintaining a proper control environment. So meaning that uh you know they're all about gung-ho like let's do business, let's go to market, let's process lots of payments, let everybody into the payment system, all these merchants but not really understanding who they're letting in to the payment system and then exposing themselves to fraud attacks and and other issues, regulatory complaints and what have you.
So, it's good to enter the market and be gung-ho about it, but you need to pair it up with a proper control environment to to really do it right because the bad guys go after those that have the weakest link. And and that's what I've seen. That's number one. Number two is just not possessing really good policy and procedures on how to carry out their their risk control environment and uh just kind of winging it. Um, and that was one of the biggest things when when I manage compliance for Visa and I saw a fintech or a bank just kind of faltering.
The first thing I asked like, "Show me your policies." And some of them may go, "Hey, here they are." And I'm like, "Hey, great. Okay, you got something." And some of them were like, "Uh, wait, what?" And I'm like, "Okay, there's your problem right there." Yeah. >> Great. And so after 10 years of visa, you joined Ballerin. You went from leaving a DAO 30 company to joining a 15 person AI startup.
Yeah. >> So, what tipped the balance and yeah, what is the product, the people, the timing? Why did you join? >> It's a it's a well, first of all, it's a big difference going from a from a corporate multinational to a startup. To me, I've never really worked for a startup, right?
I've always been the corporate hamster wheel, you know, and that was kind of my thing. And then, uh, you know, when I left Visa, I actually took some time off, went to back to Holland, uh, spent some time just cuz my my job there was extremely stressful, you know. um no pressure being the head of global security and integrity for the the entire payment system. So I took some time off and then I was contacted by Balerin and uh you know at first I was like okay this sounds pretty interesting but I wasn't quite sure you know what I was getting myself into but we started talking and this it really intrigued me and I was like okay yeah AI this is really you know the next future but I didn't know really what they did but I understood obviously my environment my field so when I actually saw the technology that was being developed and kind of looking at it to me I was very much like oh wow I wish I had this when I was like at the bank or you know earlier and it clicked and I was very impressed with it and um yeah it it is a different world you know in the corporate side you have a specific function you know like mine was my function and I have my group that does my function it seems like in the in the uh startup world like everybody kind of does everything you know like you don't have a specific you have a quote quote function, but in the end everybody does everything and uh so that that was pretty interesting and yeah I mean I'm sure like there was a little bit to get used to. >> Yeah.
How did you adapt cuz like you did go from visa >> Yeah. to that. And so I imagine like in terms of day-to-day responsibilities, adapting to fastm moving changes and sometimes being in a really ambiguous environment of high growth issues and back to high growth etc. >> How does that really defer? How do you adapt?
Well, I think one one thing I've had a lot of help from the Ballerin leadership, you know, so they they really helped me just kind of understand, you know, where we're going, what we're doing, uh, you know, more as to how I can help. I think, uh, one thing that's been really interesting to me is to train our AI models because, you know, I do have that knowledge and to, you know, hone in those models so they really perform really well, you know, but it's a constant thing, you know. I think the funniest thing is if I can mention this, but so my girlfriend came from the startup world. She's very like startup startup startup and now she's in the corporate world. She works for a big, you know, multinational.
Yeah. >> She works for a big multinational headquarter in San Jose, like that kind of stuff. >> And uh and I'm the other way around. I came from the corporate world now. >> You don't look really corporate.
You feel very startupy. >> Yeah. Yeah. Hey, I've evolved. Well, I guess I felt I I was the same in the corporate side.
But it's funny like when when she gets home or I get home, she's like, "Ah, you know, this is what happened." I'm helping like, "Okay, this is how that works in the corporate world." But I'm like, "Wait, but I got this and this." And she's like, "Oh, this is how that works in the startup world." So, we really augmented each other. She's been also a really good mentor for me. Uh, but like I said, the the ballerin folks really helpful and uh, you know, I could see how they think now and and it is a different world, but it's very ambitious. Hey. Yeah, it's it's good stuff.
>> And I think it's interesting because you said merchant underwriting used to take hours and what's actually happening now when Berin's AI can do it in minutes. Where's the time saved? And what tasks disappear and what do teams do instead? >> Okay. Yeah.
Well, I used to underwrite old school and you know, I mean like yes, does it take hour? It could take 30 minutes. Could take 40 minutes. Um I mean very easy easy merchants could take quick. Like if it's a restaurant, it's been around forever, you know, you you know, hey, approved, right?
No big deal, no no disputes, doing great. But sometimes you have to do like large e-commerce companies with future delivery and you know, maybe very little processing uh background. So in that sense you really need to understand who you're dealing with what the risks are and you need to like still being done today very often is an underwriter is actually doing a lot of analyst work going online looking for the merchant what's their website sell how are they selling it uh do they have any issues with regulators with I don't know the FTC you name it or are they is there any negative media do they have bankruptcies there's all these I know facets that you need to find out. And in the old school, you just go online and you sit there and pulling it all up. You get the paperwork.
You have to kind >> Yeah. nonstop uh go to the scam boards, hope to find something, whatever. Whereas with AI, specifically aentic AI, that is all very automated now. So to the point where you can just put a URL in and the AI can go and say, "Okay, here's the merchant. Go to the site." And then it's contextually aware, meaning, "Oh, well, they're selling crypto." So, we're going to go to the SEC or we're going to go like complaint boards or these complaint boards, and we're not just looking at, okay, what's do they have a fivestar, four-star rating?
No, we go look at the one-star ratings and what are people saying? Why are they having, you know, like I my card got charged without my authorization. That's what we want to know. And it and it really does like essentially what an underwriter would take in yeah like half an hour, 40 minutes, uh like 8 minutes if if that and much more comprehensive. So the underwriter can just basically just be there to make the credit decision, look at it, you know, once all the information is aggregated and then decide, okay, what are we going to do?
Are we going to use mitigating controls to approve it? you know, are we going to do this or how can we, you know, underwrite this account as opposed to just doing all the leg work. Yeah. >> Yeah. I know.
And so, what do you see teams will do then? Is there going to be more expansion, more growth? Is there going to be consolidation? Um, how do we, you know, deal with going from hours to minutes and make teams still productive? And >> yeah, well, I think the the biggest thing is that it's number one, it's scalable now.
So fintexs, you know, that take a little bit of like they have to take a lot of time to onboard these merchants can do it faster now. Uh and they can pay better attention to the details. So I mean it's not like now they're going to sit there and do nothing. It's just that their their job is more uh optimized to really look, okay, this is all the information we have it and they can scale. So now, for instance, if they start taking in more merchants, it's not like they're going to have to start hiring and doing a whole lot more stuff like that or train people because underwriters are hard to find and experienced ones for sure.
So now you have basically AI augmenting the process by providing the information. Um, importantly, not making the actual credit decisions. That's still what the underwriter does. You know there there's certainly some fintexs that say hey you know we can score based on all this information anything with a very low risk score just auto approve right but you know that's on them still right yeah 100%. So legacy vendors they decided to like bolt AI on top of their systems but ballerine was built AI first.
>> So what would you say is a measurable difference? What yeah what measurable difference does that make? So yeah, so there's there's legacy providers that have been around for a while. Um, and provide when I talk providers, I'm talking primarily like the function of merchant monitoring. So there's a mandate from the networks that e-commerce merchants have to be periodically monitored to make sure, hey, what's being sold online?
Are there any issues? You know, uh, did they add any products that maybe shouldn't be there? Uh, and there are legacy companies that been around and and developed the technology to do that. And back then it was very relevant and uh but it was very like rulebased. So if then right that's the very rigid and in that sense you know there are drawbacks.
I mean like I said back then it was it was a solution and it made sense. These days it delivers a lot of false positives. I'll give you an idea just strictly rulebased. If you're looking for a merchants you know they're selling okay if like it's a keyword search. If marijuana on the website, then flag it, you know, as a risk.
But what if a merchants got a uh, you know, selling iPhone covers and there's a marijuana leaf on the iPhone cover and it says or t-shirt, you know, it says marijuana leaf t-shirt, it would be flagged by rule-based logic, right? Whereas AI, like I said, is contextually aware. It looks at everything and it goes, well, okay, they're selling iPhone covers, so marijuana is not going to be a thing here because there's nothing else about marijuana. So that reduces the false positives and it makes the workload so much easier for risk managers. So they don't have to like start going to all these websites say oh there's a problem here and the AI can also flag something and then also explain itself you know like hey we got a problem here because on the website it says that and here's the link to exactly where it is.
So saving a lot of time >> and we see the same exact thing like in compliance at Sphinx like the auditability is like probably one of the most important things that people want to see in those models and like especially like one thing is like fraudsters they evolve really fast as well. Like I've seen sometimes like the evolution of the financial crime companies that fight financial crime goes just as fast as fraudsters goes fast because they compete one another. And how do you make sure that models don't just automate old biases or miss new tricks? Um because I would imagine if you at Ballerin or us as things we make a wrong decision um and you know credit score you have to approve or us like a compliance decision you have to make the trust is really broken with the company you work with. So >> what is a feedback loop?
What is a what do you have in place to mitigate that? So number one, yeah, you're right. I mean, like on the froster side, there's this old school saying in risk is like when you build a 10-ft wall, they'll bring a 12oot ladder, right? So there's always there's always something. So it's I guess it's job security, right?
And yes, now that you know we use AI, rest assured the bad guys use AI quite a bit, you know, and soon like really leveraging aic AI. So getting doing attacks at scale and and very precise and more subdued than just brute force type stuff. Um yeah and and in that sense you know like in Bellerene like we have we maintain models that are specifically trained on the the field of payments and fraud control and and risk management as opposed to just a straight up GPT that will who knows it will you know it'll come back with something but not always that reliable and hallucinate where our models are very trained um you know and we keep an eye on what what are the latest rules where the latest trends what are the latest attack vectors and things like that that we need to know about and then we train our models and uh you know that's kind of what what people pay for is is that those very trained models and you know how do we mitigate that you know the model doesn't go sideways there is human intervention >> so it's not just here here's the model good luck here's the keys and enjoy um you know we we we train our models and we closely monitor like output and then we have a human element in it so that you know we can look at it, qualify it. Um, the main issues that we run into is that our models actually do too good of a job and bring back a lot of information. So, we may want to just, you know, >> tighten it down a little bit.
Uh, but then also then we retrain our models based on the output and evaluate it and and say, okay, you know, hey, that's great, but this is what we need and and that's really the a lot of value that we provide. >> Yeah, that makes uh a lot of sense, I think. Yeah, we have exactly the same thing um for for us as well. And I think that yeah, there's a balance to strike between like the amount of level level of information you bring, the quantity of it, not to overload people, and sometimes even harder to make it more concise and readable to someone rather than give them a huge dictionary of facts that you that you that he gave. So move fast and break things is one of like the startups's you know moto like uh every startup lives by it.
We try to move as fast as possible, break things, repair it and then move again and whatnot. Doesn't really always apply to payments and compliance and risk. Um >> so how do you keep ballerin fast but also risk-f free or you know compliant? Uh what's the internal mechanisms that prevent speed from turning into sloppiness? Yeah, I mean you're right.
It is more fast-paced, but I think it's it's done in a in a controlled fashion. Like for you know, we don't just like, oh yeah, this is a great idea, roll out to production and enjoy it, right? So there's a testing environment and you know, it goes we go through many iterations of testing. Um, and we do roll out new capabilities. Um, and that's one big thing I've noticed like on the corporate side, it's like a aircraft carrier, right?
If if clients say we need this, we're like, "Yeah, we'll get to it." And you know, one year later, you know, like, "Hey, is this what you want?" Where in in in the startup world, it is completely different. Uh, you know, we have uh PC's with clients and they're like, "Yeah, but we really like this." And then, you know, within very short order, we have something that's already been tested. And and in that sense, it takes a lot of work. I can see you know there's a lot of around the clock work that goes into this. It's not like on the corporate side.
Yeah, you know, we'll talk to our team in Bangalore and blah blah blah. You know, it's like, yeah, no, this is like we're working on we're working on it all night. We have a deadline and and it's it is kind of like that. So, to that extent, um yeah, I mean, I don't see us breaking things and like you said, it's probably not a good approach in in the payments or financial sectors, you know, but yes. >> Yeah.
And so it's interesting because as you said you've been both in the traditional corporate side of things now in the startup side of things and this space compliance risk is well obviously very riskaverse um sales cycle can be long there's a lot of skepticism and so yeah you're often selling to traditional banks quer I imagine with with ballerin um what is a way to convince a skeptical compliance head to trust your AI platform as it is it demos? Is it relationships? Like what really goes at play there? >> I think one big factor is actually demonstrating the capabilities. So I'm often at trade shows or you know engaged with like prospects and they're like well tell me what you do and I kind of tell them but it's very abstract you know yeah we we help with risk intelligence, merchant monitoring, you know all that stuff.
And they're like yeah okay that's great but so do many other companies. So it isn't the the rubber hits the road when I actually you know when they see it in action and see the product itself and I've been literally in many meetings with you know risk leadership where they're sitting around a table and you know we show the capabilities and they're literally like looking at each other like are you are you seeing this I mean what is this you know it's like I didn't know this was possible I'm like yeah it's so hard to explain so yeah I think the demos are super helpful because AI is new to everybody and you know it sounds except yeah okay use GPT at home or whatever call it right but not like there's not aic AI with that kind of power and and when you show it to them then the wheels start turning I'm like oh I get it yeah >> and but always in startup demos and even for us it's often times nicer it looks amazing and then when you have to actually go to production there's uh different uh data sources that are fragmented and are unforatted and you have to orchestrate everything in order to actually make your decisions correctly and whatnot. How does that work uh for you guys? Like how long is an implementation time and where do you see the real stickiness of the product? >> I'd say like the implementation is is depends.
I mean larger clients like you know we need to work with the tech group get API set up and all that integration done and you know and sometimes customized things where um you know in reality for fintech if they want to start using it overnight it's like here's the platform here's your password here's your environment good luck you know but so yeah for the larger players it is a little bit more work on the integration side also some of them are still very heavily dependent on legacy providers and very fragmented. So they use, you know, one solution for this, another for that, another for that. And they have all these different platforms that don't talk to each other where we have kind of like a unified platform that that looks at all the data elements, all the risk intelligence and then cross-pollinates it to say, hey, you know, this makes sense, but that doesn't make sense. Where that that is generally not the use case right now in in most of the industry from what I see. Yeah.
>> Yeah. So Bing really has to orchestrate for those legacy players that have six different systems, >> all of those sources together. >> Yeah. And obviously, you know, they're they're already integrated and they've been kind of used to it >> in some sense. Some of them even have contracts that, you know, kind of just can't cancel overnight.
So, you know, I think the biggest the good thing is that we uh you know, we show our capabilities. they see what they're actually now missing out on and then start working, you know, an actual step-by-step program to adopt our technology. Uh, you know, it's not like, oh, hey, this is great. Yeah, where do I sign? You know, it's a little bit more work than that.
Yeah. >> And so, you said that compliance with network rules is nonnegotiable. >> How do you prove that AI decisions are really compliant? Um, like even for us like we see even sometimes when we show them the results with the audit trails and what they're like I'd still rather have a human review it or do that. How do you go past that mental barrier?
So yeah, I mean it it kind of depends on what component of the network rules. I mean there's obviously certain components that are fairly straightforward when it comes to like let's say merchant underwriting and uh monitoring. If you if you get into more complex things, it's it is a little bit of a different world. But I think our side is, you know, our models are trained on the rules and constantly retrained on the rules. Uh I've seen models do our models do a really solid job, but yeah, you're right.
I mean we still have that human component to look at the output and um you know it's kind of like in the background so the client is not really in the loop but it is something that's super important like I said you know also rules change uh regulations change and yeah you have to stay up to speed and you have to see how the model handles >> that yeah >> and there's been so many companies like as you said the systems are the environments in which analysts work in are extreme extremely fragmented. They use a tool for this, a tool for that and etc. There's never really been a runaway winner in compliance in reg. I'd say uh there's really big companies of course you have the Lexus Nexus and the nice optimize and the compant etc. But there's never been a runaway winner.
Why do you think that is? And do you think that AI might actually change that? Yeah, I think each solution provider or or platform has like their own niche of what they do like Lexus Nexus, you know, and then there's like for instance there's, you know, OFAC uh compliance and and sanction screening and all that is another solution. So, everybody has kind of their their wheelhouse that they really do well. uh where AI and and and good platforms come in is that you know in our sense we have the risk intelligence we have the monitoring we have the underwriting but then we're not here to reinvent Lexus Nexus or other solutions but we could easily API into that which is what we do and make it part of the entire workflow right so it's not just uh an alone stand like a lone standing platform but now we have also the power of Lexus Nexus we could even plug in the the FIS transactions of their merchants into it and start cross-pollinating that as well.
Yeah. >> And so do you think the industry is ready for AI specific compliance standards or will existing frameworks like card network programs or OC guidance simply expand to cover it? >> No. Um I I think there at some point there will be uh some sort of compliance standards put in specifically with Agentic AI. Uh you know now you have everybody can build their own agent.
They go to websites and do who knows what um like Agentic Commerce. So now you can buy your shoes with an agent, right? But you know how do you know where agents going to? How does the website trust who the agent is? So when there's a handshake between a you know a URL and an agent maybe there has to be some sort of solution where it's standardized or you know along that line.
Um and I think you know at some point the regulators will probably catch up but the regulars they usually show up after there's already been a problem. >> They always do. >> There has to be a problem for them to come in. Sorry I didn't say that. Um, so and I just want to get back to what you said just right before.
Um, so like having AI being able to cross-pollinate different systems and like being able to for instance use the power of Lexus Nexus uh and the power of Optimize together for a broader system, but you said those companies still cobble together um tools for KYC on boarding, monitoring and whatnot. So I agree that today there's like this you know crosspollination connecting systems together um allowing them to create a layer on top of it but in 5 years do you see there being one unified platform emerging a modular ecosystem that actually plays nicely together and what we're doing right now is actually going to be the standard and just be done in a better way. How do you see it in five years? I think you know if there was such a thing I think to a large extent it would have already existed today. I mean I don't I think you know there's always going to be competition.
I don't think there's going to be one solution for everything. Uh there may be some really you know top competitors but uh yeah it's just the way of commerce. I don't think there will be one overarching solution. Obviously you have different networks you know um it is a complex ecosystem and yeah no I don't see that really happening. I do see, you know, some players that will stand out above the rest, you know, but there will always be competition.
Yeah. >> Thank God. What's the ne the next blind spot risk leaders aren't watching yet? You know, there's AI generated fraud and synthetic IDs and deep fake on boardings. What do you think is one of these big uh issues that might um really cause problems to some risk leaders?
Yeah, I mean I I like I'm have to go back if I had to bring up something. It's it is a you know the agentic component of AI uh to to automate you know agents with uh really good uh context capabilities and to do it very fast over broad scale. I think you know as opposed to like old school we had bots you know which this is like next level bots right so I think that's really where something that we haven't fully comprehended yet as to what risk that could pose yeah >> and so automation is going to scale what does the risk or compliance officer of 2030 look like is it a data literate operator managing AI pipelines or a strategist focusing on edge cases and escalation or on growth and expansion. What does that you know risk officer look like? >> I I think personally I think the role of a risk officer is to have either a deep expertise of you know risk in its field.
uh and you know maybe you can't know everything but to to you know create a a group or a team that has all the expertise needed to you know properly manage risk in that field. Um so so expertise is is really big either if it's a chief risk officer or you know the group he's he's uh put together. Um and then yeah to constantly look at key risk indicators to potentially like look at the needles and where things so to have a control environment so if if something goes sideways you immediately know about it and you can immediately mitigate or contain or whatever it is you know um so to put that visibility in place so so you have real good oversight over things and uh yeah I mean um I think to to obviously stay up to date on the on the latest, you know, fraud trends, uh, threats and what have you. Sure. >> Yeah, for sure.
All right, let's go a bit more personal here. Um, personal insights, philosophical takes. I always like to go into it. You live by the moto momento b remember to live. Um, how has that mindset shaped your career choices and leadership style?
>> Well, yeah, I mean, uh, to tell you the truth, the the whole one is here. It is, right? I thought >> so momento momento mori. So yeah, remember to live because remember you die. So, I mean it's it's it's a it's a Latin saying obviously I mean it's it's pretty like to the point right um and that philosophy of mine is you have to live life you know I mean even when I work and work and work you know you have to offset that with just you can't just you know you have to live life so to that extent you know I like to do things to offset the the the intensity of the work and what have you right specifically like in my role V.
So there was a there's a lot of responsibility. Um and in that sense, you know, you need to have a little bit of a steam valve, you know. So yeah, I I like to live life. Um you know, I have I have a lot of hobbies that I do and things that kind of make me happy. Um you know, on the other hand, uh I'll tell you this.
My girlfriend likes to have another tattoo over in this arm that says what Daddy Dirty Hero Harry used to say. He says, "A man's got to know his limitations." And I was like, "Hey, I know you like to live life, but the timeouts, you know, >> you're a bit like David Solomon from Goldman, right? Like you're really intense uh like guy, but you also DJ uh ever so often. You're DJing this weekend." >> Yeah. >> Yeah.
That's amazing. >> Yeah. No, it's a it's a good creative outlet. And uh yeah, I've been doing it for a long time, but uh it is definitely like when you're DJing or you know, working on music and sets or whatever, that's all you think about. you don't think about all the other stuff.
>> I'm curious. I've always been curious. Like I feel like if you if you if you're in a startup and you tell, "Hey, I'm a DJ as well. No one's going to be shocked." And then for being at Visa in the more corporate world, what is the reaction of people? Did they did they ever come to your studs?
Did they ever >> Yeah, I I have friends at Visa. They definitely, you know, um like my music. Uh I think some Oh, yeah. Some we've we've DJed together. Some some friends.
Um, actually at Ballerin, you know, a good colleague of mine is also a really good DJ. No way. >> And uh, so we're we're definitely like sad to play together like at an industry event or, you know, when I'm when we're together sometime. Um, but yeah, it is it is a little bit cooler on the on the startup side. You're like, hey, DJ, hey, great.
Of course. You know, whereas the corporate side, you're like, you do what? What? How did that happen? But then again, I worked with a lot of people like, send me your sets.
you know, you'd be surprised how many people like good music. So, >> I'm actually I can imagine. >> And you've also mentioned exploring Rupert Spear's work on consciousness. Um, how does that influence how you handle uncertainty or lead? Yeah, I think it's it changes your perspective a little bit.
Like, you know, you're in the world, you're doing your stuff, everything seems so, you know, reality is so, you know, finite and solid and you're doing everything and but do you ever really think about who you really are, you know, and what you do here? Uh, and it gets kind of deep, you know what I'm saying? But you kind of learn that, you know, in my my sense like you're technically not just the the meat popsicle, right? There's more to it. there's also a bigger you know spiritual side to things and when you start thinking about life that way it shifts just your your your focus and uh I think you become more capable at handling things and and not overwhelmed easily and yeah it adds a sense of zen or peace you know yeah >> yeah and you've also mentioned you had a mentor at visa who helped you navigate um a really complex system there so what's the most valuable thing you learned from Um, and how do you mentor others now that you're on the other side?
>> Yeah, I think uh, funny enough, I just had lunch with him. Really good guy. Yeah. Yeah. So yeah, I mean like jumping in from a from a bank into a down 30 component uh and working in you know very intense group I I knew risk you know I've worked with merchants I know the banking side I know that you know the fintech side but I didn't really fully like say my expectations were like oh my god you know the whole how a corporation's politics and interactions and everything works within that machine you know um and how to navigate that you know there is a it's different >> and uh it is more intense you know and it's something also along the line where >> you know I mean everybody kind of makes mistakes but in in that level it was almost like we no we don't make mistakes here right and it adds a new level of intensity uh and also you know you have to learn all the different functions within organization and he was very uh uh very helpful in helping me navigate that that whole you know that whole how everything worked uh like I said the politics the interactions how to deal with certain leadership components other functions introduced me actually you know made me visible and he wasn't like a leader who's like hey you know you tell me what to do and I'm going to like be the guy you know he's like here you do it you know and that not many people do that you know not many people have have the wherewithal to just say hey and the confidence to say hey you you know, as as as my subordinate, go ahead and, you know, present to to this, you know, committee or whatever.
And he was very comfortable with that, but he also gave me a lot of guidance, you know, like, hey, great, well done, or what the hell is that? You know, you can do better than that. So, he was a really good mentor and uh yeah, help helped me tremendously for sure. And and how that works today, I'd say, you know, mentors are hard to find like that. Um, if you find somebody like that in your organization, you know, you're very lucky.
Um, it's a it's a cutthroat business often, you know, specifically the corporate side. And not everybody's willing to to help you, you know. So, if you do find a soul like that, you know, appreciate it and also make them better, you know, do what you can to lift them up. That's very important. Yeah.
>> How heavy were the politics at Visa? >> No, it wasn't like politics. It was just how to navigate certain things. Yeah. Yeah.
I would say you know obviously a big component was the fact that you know you're like one thing is if you're in in meetings it's just that you you cannot just go sideways you know what I'm saying it's just it is a very high level of expectancy it's it's high stakes and you know if you do go sideways you will know you know they they people will point are glad to point it to you know so in that that respect also like with certain components I mean how do you approach certain people you know each like certain certain you know leaders in certain functions they they kind of respond differently to how you approach them so you kind of need to know that right you can't you can't go to one person like hey this is this and they're like great you do the same to another person like who are you what do you want and you know get out of here you know so I wouldn't say like I wouldn't say like well politics not in a bad sense but more in navigating how to interact with people and and their specific roles, lead leadership and and responsibilities. >> And how does that differ from being at a startup? Like I imagine it's one much more flat especially with the size >> easy peasy. Yeah, totally different. Uh you know, I think my colleagues are we're all in the trenches together, you know, where nobody's sitting on a pedestal.
uh you know our CEO you know just he's just your buddy you know what I'm saying and that's different so in that sense that is not an overtone it's more about getting things done and getting deliverables you know going to market is a really big thing right so in that sense it does alleviate a lot of that pressure but then again it's offset by we need everything now we need to close we need this and that and you know we need more more and more because also you know we investors, we have this and that and you know so in that sense >> you know it's it's a balance but yeah >> much better in a startup for from my experience >> different levels of stress. Yeah. >> Cool. Well I'd love to close with a few lightning questions. >> Um >> so what's the most overhyped buzz word in fintech right now?
>> AI. >> I couldn't agree more. It's crazy how much people put that word everywhere and I'm like it's just everyone like it it is part of a process now. You can't like use it at your advantage. It's not an advantage anymore.
If you don't have it, you're just done. You're cooked. >> You know, a good way to see what the what the buzzwords are >> is do you know uh like when you drive an I80 to get on the Bay Bridge and back and you see all these billboards. You know, it used to be like in the back in the day it says like what it say FPGI to to like field programmable Gatorade to uh what's it called application specific integrated circuit you know FPJ to ASIC that was everywhere you know that was the big thing and then later was like ah e-commerce so we do this and e-commerce >> and now it's all AI agents agents AI agent so you just drive down there and you know what the latest buzz word is you >> uh most underrated control that actually works >> in my world You'd be surprised just to be having this sounds basic but I've seen it overlooked so many times I'll reiterate is is just to have proper policy in place first of all okay what are your intentions what do you want to do and then attached to that policy you need to have you know obviously your procedures and and and business processes basically and then yeah and then you do have a control environment to make sure and this is probably the most to answer your question it is to the controls in place to make sure that your procedures are effective and your policy is effective and being followed. And that's kind of how that works.
Yeah. >> One visa habit you kept and one you dropped. >> Oh wow. Interesting question. Uh let's see.
One I dropped was, you know, not worrying about everything on planet earth. Well, I mean on the side, you know, there was always something. there was always crisis here, you know, explosion there, whatever. Um, but I think, yeah, one thing I kept is just that that perspective from looking at the entire ecosystem, right? Having that visibility that's very rare, not everybody has that, especially on the risk side, you know, yeah, you have folks that manage risk on on the bank level or fintech level and that's the ecosystem.
And I had the privilege of looking at it holistically, you know, from from the bottom up uh and even higher with the regulators, you know, and and the government and what have you. So to have had that visibility really helped me understand, you know, how the ecosystem works and also where to now, you know, also when I approach a bank or whatever, to me it's like, hey, easy peasy, right? So that that's probably one I kept. Yeah. And what's the hardest thing you've had to learn in a startup?
>> Sales, sales, sales, sell, sell, sell. We go to market, you know, more selling and I'm I'm not like a sales professional, right? So, but you know, I think like I said, everybody's in the trenches together doing their thing, you know? So, >> what's one risk, rule, or regulation that you'd delete tomorrow if you could? >> One rule, regulation.
Honestly, I I have to think about it. >> All of them. >> No, no, you need regulations. you need regulations. Yeah.
Of hand, I don't know. Nothing comes to mind. You know, if if anything in some sense, it could be, you know, there's certain things that could probably be regulated better in my view. Yeah. >> And last question, but if you weren't in risk, what would you be doing?
I feel like I know the answer, but go for it. >> Yeah. I I own a a club on an island in the tropics. uh you know, making food, drinks, and playing music and uh just have a lot of fun. I like scuba diving, so that helps out a lot.
So, yeah. Um there's my answer. >> Love it. And is there anyone we should bring on the podcast next? >> Uh yeah, I have I have some friends.
I have uh some friends, former like one person comes to my former secret service guy that uh really great friend of mine come in with a cap and sh >> sunglasses and stuff and a trench coat. Yeah. with a big rifle. I mean, he he's he's got some stories to tell, but I don't know if he can tell them all. But the thing is is we worked very closely together and we were just like like it was never a dull moment.
>> Yeah, I can imagine. Well, I'd love to have him there. Uh Chi, it was a pleasure having you on the podcast. Thank you so much for the time and yeah, we'll take the conversation offline. >> Okay.
Appreciate it. Thank you so much. All right. Take care.
View full transcript
Subscribe to the Podcast


