Mitch Trehan, Chief Compliance Officer, Allica Bank
At this year’s Money20/20, Thomas sat down with Mitch Trehan, Chief Compliance Officer, Allica Bank to unpack the ever-evolving landscape of fraud, regulation, and the role of innovation in the financial ecosystem. Mitch, offered sharp insights into the growing tension between fast-paced innovation and regulation’s attempt to keep up. From his vantage point in compliance, Mitch outlined three distinct relationships between the two forces: regulation as a blocker, regulation trying to catch up, and, perhaps most interestingly, regulation as a catalyst. He pointed to PSD2 and the rise of open banking as a prime example of regulation driving innovation, illustrating how well-crafted policy can spur meaningful change in the industry.
Delving into the fraud space, Mitch highlighted that while fraud-specific regulation has lagged behind areas like anti-money laundering, there have been standout shifts. The UK’s approach to authorised push payment (APP) fraud, in particular, has moved the burden of liability onto financial institutions, prompting genuine innovation in fraud prevention. This change, he argued, forced the industry to step up and led to measurable reductions in fraud, proving that responsibility can be a powerful motivator.
However, the conversation took a nuanced turn when Mitch discussed the delicate balance between preventing fraud and upholding consumer duty. He pointed out that fraud prevention measures, by design, often introduce friction, but that friction can clash with regulatory obligations to ensure smooth consumer experiences. In some cases, stopping a suspicious transaction might be morally right, but if the process causes delays or hinders legitimate users, it could still be seen as a failure under consumer duty standards. With no specific regulation addressing fraud in the way AML is governed, Mitch questioned whether the industry is increasingly leaning on ombudsmen to interpret what’s fair and lawful, a precarious position to be in.
Turning the focus to small and medium-sized enterprises (SMEs), Mitch described the fraud typologies most commonly impacting them. He identified invoice redirection, where fraudsters impersonate suppliers to divert payments and CEO fraud, now increasingly enhanced by AI-generated voice impersonations, as the top threats. He cleverly likened the ideal friction point in these journeys to a “Dora the Explorer” moment: a simple but critical “stop and think” that could prevent a business from falling victim. On the flip side, he acknowledged the frustrating experience many legitimate SMEs face when they’re subjected to onboarding friction designed to weed out fraudsters, a necessary evil that ultimately protects the wider industry.
AI, naturally, was a dominant theme. Mitch offered a candid assessment of its impact, describing how generative tools are being weaponised faster than defences are being developed. While firms tout AI as a solution, Mitch remained sceptical. He recounted his conversations on the event floor with AI vendors who struggled to articulate exactly how their technology detects mule accounts or identifies fraud typologies. For all the buzzwords and flashy claims, he said, the lack of technical specificity was telling. Until providers can explain how their tools work under the hood, what rules they’re applying, what data signals they’re tracking, Mitch isn’t convinced the industry is truly prepared for the threats it faces.
Ultimately, the conversation was a sharp reminder of the complexities facing financial services. Fraud is no longer just a technical issue, it’s deeply tied to regulatory compliance, consumer expectations, and industry-wide resilience. As AI continues to evolve, the pressure is on to ensure defences keep pace with threats. For now, Mitch believes the industry still has a lot of catching up to do.
Daniele Tonella, Chief Technology Officer at ING
Daniele, Chief Technology Officer at ING, joined for a candid discussion on how banks can stay secure while pushing the boundaries of innovation. Speaking with host Thomas, Daniele offered insights into the complex balancing act required to modernise financial institutions without compromising long-term system stability. He emphasised that while rapid innovation is important, it must be driven by clear vision and purpose. Equally essential is what he termed the “feng shui of tech” maintaining and cleaning up existing systems to create room for true innovation. At ING, the company’s agile culture fosters experimentation, but Daniele noted the necessity of an invisible framework of controls to maintain focus and cohesion across its 20,000 engineers.
Hiring the right talent is a critical piece of the puzzle. ING prioritises specialists with deep expertise in their fields rather than generalists. The challenge lies in orchestrating this complexity so that each expert contributes effectively to a wider system. This is especially crucial in the face of increasingly sophisticated cyber threats. Daniele pointed out that AI is already reshaping the fraud landscape, allowing attackers to carry out more advanced phishing schemes and to scan systems more efficiently. In response, ING has been proactive on multiple fronts, from investing in data-driven system awareness to experimenting with new technologies and enhancing protections on the client side.
One standout example is a simple but powerful feature in the bank’s mobile app that allows customers to instantly verify if an incoming call is genuinely from ING. This tool alone has halved certain types of fraud in one region, underscoring the impact of client-facing solutions that reduce risk while maintaining usability.
On the regulatory front, Daniele welcomed the introduction of DORA (Digital Operational Resilience Act), which has had a significantly positive effect. While many institutions were already practicing similar resilience measures internally, DORA has brought these activities into the spotlight and forced organisations to address third-party risks more transparently. He highlighted how banks rely on a fragmented ecosystem of suppliers, many of whom are not held to the same regulatory standards, which creates vulnerabilities. Some vendors have even attempted to use DORA to justify price increases, a trend Daniele described as problematic.
Managing risk internally versus externally presents different challenges. Internal risks can be addressed through execution and control, whereas external risks involve navigating legal and regulatory boundaries. As European authorities begin to apply greater scrutiny to critical third-party providers, banks like ING must continue carrying the responsibility in the interim.
Looking ahead, Daniele doesn’t expect a smooth ride in cybersecurity. As he put it, fraud is essentially a marketplace, and the goal must be to raise the cost of success for attackers to the point that it becomes unprofitable. The most alarming trends involve AI-powered threats, particularly deepfakes and the forging of official documents, as well as enhanced analytical tools that allow cybercriminals to profile and target banks more effectively. These advancements underscore the need for banks to reinforce both internal protections and customer-facing defenses.
The conversation closed with a mutual understanding that while the road ahead is complex, progress is possible through focused strategy, strong culture, and continuous innovation.
Katherine Yeung, Chief Risk and Compliance Officer at 10x Banking
Katherine Yeung, Chief Risk and Compliance Officer at 10x Banking, joined the podcast to share her insights on building a proactive risk culture in today’s banking landscape. Drawing on a varied career spanning consultancy, aviation, payments, and now technology, Katherine emphasized the central role of culture in risk management. She described culture not as a set of rules but as the behaviours people exhibit when no one is watching. At 10x, this begins with leadership setting the tone and continues through to company-wide awareness and continuous learning.
Katherine underscored the importance of data in transforming risk from a reactive process into a proactive one. According to her, leveraging real-time data insights is essential to anticipating threats and acting quickly. When asked whether compliance and onboarding should go beyond a checkbox exercise, Katherine was clear: compliance, done right, can fuel business growth. She introduced the “three Ds” that underpin this growth, data, decision-making, and dynamic interoperability. The key, she explained, lies in breaking down legacy silos that prevent banks from having a unified view of the customer and using that consolidated data to drive intelligent, real-time decisions.
She highlighted the challenge traditional banks face in managing legacy infrastructure. Many banks struggle to connect their systems, often failing to recognise customers across different products. At 10x Banking, the solution has been to build cloud-native infrastructure that processes up to 100,000 transactions per second. This scale enables real-time fraud detection using AI, allowing banks to halt suspicious activity while maintaining seamless onboarding for legitimate customers. Katherine noted this high-speed infrastructure empowers financial institutions to deploy tailored, AI-driven fraud checks and respond dynamically to threats.
Looking ahead, she pointed to AI-driven fraud as a key challenge in 2025. As fraudsters adopt increasingly sophisticated tools, banks must match that speed and scale with their own technology. Katherine believes banks recognise the urgency of moving to cloud-native systems but often hesitate due to the complexity of transformation. However, 10x’s tools aim to remove those barriers and unlock the true power of data. By doing so, banks can move from simply defending against threats to using their risk systems as growth engines.
She also shared forward-looking use cases for data, such as offering click-as-a-service in B2B settings and deploying hyper-personalised financial products. Imagine a bank that recognises a customer’s travel habits and nudges them toward a relevant savings product. This kind of intelligent engagement, she said, not only increases product uptake but also deepens customer retention.
In closing, Katherine made it clear that while fraud continues to evolve, so must the industry’s defences. With scalable, intelligent infrastructure and a strong cultural foundation, financial institutions can stay one step ahead.
David McHenry, Managing Director and Head of Global Treasury and Payments Advisory in the UK, HSBC Innovation Banking
HSBC Innovation Banking’s David McHenry, Managing Director and Head of Global Treasury and Payments Advisory in the UK, offered a look at the journey of the innovation arm two years post-launch. Speaking with Thomas, McHenry described the integration process into HSBC’s core technology systems as intense but transformative, evolving from a dedicated UK team effort into a global initiative. Within five to six months, the innovation banking division was fully embedded into HSBC’s tech stack, enabling a host of new capabilities and client solutions. The focus now, McHenry explained, is on scaling operations, rolling out new products, and even trialling new platforms that could be adopted more widely across HSBC’s ecosystem.
He highlighted that HSBC Innovation Banking is designed with high-growth companies in mind, businesses that often start out small with complex ownership structures and rapidly evolve into global operations. From the first business bank account to international expansion, the division supports clients across all stages, including their eventual IPOs, and also works closely with the funds backing them. This continuum of support sets the division apart in its ability to adapt to the lifecycle of innovative enterprises.
Fraud risk is, unsurprisingly, a key concern, and McHenry emphasized how younger, fast-growing companies are especially vulnerable. At early stages, these firms are focused on building products rather than governance processes, which can leave gaps for bad actors to exploit. He gave the example of a seemingly urgent email from a CEO instructing an immediate payment—an easy trap for an inexperienced finance team. To counter this, HSBC Innovation Banking is helping clients implement controls like separation of duties and robust transaction monitoring. While such measures inevitably introduce friction, McHenry stressed the importance of timing and placement, comparing it to cookie notifications on websites—so that the protective “speed bumps” are triggered only when necessary and do not undermine the user experience.
On the technology front, McHenry noted that while AI has recently become a buzzword, financial institutions like HSBC have been using machine learning and AI in transaction monitoring and compliance systems for years. These tools are fundamental to managing vast amounts of data and identifying suspicious activity in real time. Looking forward, he sees opportunities to embed AI more deeply in onboarding, ID verification, digital channels, and cash forecasting, enhancing both security and usability for clients.
Throughout the discussion, McHenry positioned HSBC Innovation Banking not just as a banking provider but as a long-term partner to the innovation economy, evolving with its clients and continually pushing for smarter, safer, and more scalable solutions.
Lee McNabb, Head of Group Strategy for Payments, Partnerships and Innovation at NatWest
Lee McNabb, Head of Group Strategy for Payments, Partnerships and Innovation at NatWest, joins the podcast to explore the complex challenges and emerging innovations shaping the future of payments in traditional banking. McNabb, speaking with the perspective of a leader at the biggest business bank in Great Britain.
With over 20 million retail customers and a million corporate clients, NatWest processes around £70 trillion in payments annually. McNabb emphasised that such scale demands a cautious and patient approach to innovation. “It’s not a case of ‘Give us X million pounds and we’ll do this in a month,’” he said. Transformations in payments ripple through every layer of the bank, from customer-facing channels like mobile apps to backend systems connected to global schemes. Modernisation efforts, he explained, must deliver not only on regulatory mandates but also improve customer experience and lay the groundwork for architectural upgrades, whether through API-first strategies or cloud migration. The essential ingredient, according to McNabb, is conviction backed by long-term patience across the entire organisation.
Fraud, especially Authorised Push Payment (APP) fraud, was another focal point. Despite recent internal declines in fraud cases, McNabb acknowledged it remains a rising and evolving threat industry-wide. He stressed that much of this fraud originates outside the bank often via online marketplaces and reaches financial institutions when it’s already too late. The solution lies in a blend of stronger customer education, collaborative community action across the industry, and intelligent use of technology. Artificial intelligence plays a critical dual role: while it has empowered criminals with more sophisticated tools, it is also central to the defences being developed by banks. However, McNabb underscored that it’s not about removing friction entirely but applying it “appropriately” for instance, adding stepped-up checks for high-value transfers without overburdening low-risk payments.
McNabb also highlighted the ethical dimension of AI adoption in banking. NatWest has developed a robust AI code of conduct, including principles of transparency and fairness, to ensure technology is only used to benefit customers. He pointed out that AI tools like NatWest’s virtual assistant Cora have been serving millions of customers for years, but the challenge now is ensuring these evolving tools remain ethically sound, closely monitored, and used under full control.
On the future of money movement, McNabb touched on the bank’s active participation in several key initiatives exploring the use of distributed ledger technology (DLT) and tokenised money, including the UK Regulated Liability Network and Project Agorá. He expressed a deep interest in the growing role of stablecoins, pointing out that while they’ve existed for a decade, they’ve recently seen explosive growth, with over $240 billion moved through them. Although these figures remain dwarfed by traditional infrastructures like the Real-Time Gross Settlement (RTGS) system, which processes £850 billion daily, McNabb suggested that the potential for convergence between traditional and decentralised systems is fast becoming a strategic priority for legacy banks.
Throughout the conversation, McNabb returned repeatedly to the idea that trust, control and customer protection must remain at the heart of any technological leap forward. Whether modernising internal stacks, combatting fraud, or embracing digital currency networks, the underlying mission remains the same: safeguarding the integrity of the UK’s financial system while continuously improving the experience of its users.
