/ Stories

How Revolut took a different approach to Compliance

Whenever I speak with other people in financial services, I am constantly asked how Revolut has been able to scale so quickly within such a regulated environment. And well, the short answer is that we build machines that are self-learning and self-improving, and compliance is no exception.

Things have changed a lot in the three years since we started. Generally speaking, people assume that to build a new function within an organisation is a matter of hiring a mature professional with at least ten years experience under their belt. I am the first person to accept that we at Revolut experienced growing pains with hiring talent in senior roles.

However, I do not think we’re the only startup in this space to have experienced this. If you ask any founder, what is one of the the most difficult aspects of recruiting senior appointments, you’ll find that the answer is always finding that right mix of experience and attitude. Rather than persist with an approach that was clearly not working for us, in such a critical business function such as Compliance, we decided to approach the problem differently.

Thanks to emerging technology, the financial sector is moving at lightning speed and that leaves little room for old-school processes and unchallenged thinking. I strongly believe that many banks are still lagging behind because they do not encourage creative and alternative thinking.

Take Airbnb’s rise to dominance, this tech company is the world’s largest provider of accommodation but they have not built a single hotel or apartment block to get to this position. Instead, through innovative thinking they figured out how to build better machines that would allow them to automate and scale, and therefore improve their customer’s lives and remove traditional pain points experienced by many travelers.

In fact, had I listened to the so-called “payments experts” when we started on our journey three years ago, Revolut would probably not exist today. I was constantly told that our way of doing things would not be possible to scale. Three years later and no one is saying this now. Instead of listening to consultants and following the processes that all the banks were doing, we applied logic, technical skills and spent a lot of time trying to develop something that would change the game entirely. And because Compliance is something that you cannot get wrong, it is incredibly important that we constantly evaluate our process and innovate where possible.

We thought innovatively, not traditionally

It was at this point that I realised we had a problem. How could I expect innovation if we were applying the same logic and following the same processes that the big banks were doing. Our compliance team could not reasonably be expected to think outside the box or try innovative approaches because they were trained in the old ways of banking. And then I thought about companies like Airbnb, who did not acquire traditional hotels or build apartment blocks to grow and scale their business. This was the turning point for me.

Building machines to work alongside people

Instead of applying a “one-size fits all” approach, we separated our Compliance team into two special forces, the first team was Compliance Technology. This department consists of several full-stack technical teams who are focused on solving compliance and fraud related issues through new and exciting technology.

Compliance Technology = the machine

Compliance Technology is a group of teams, each consisting of data scientists and data engineers obsessed with building models and tools to radically overhaul the following six areas:

  • AML Risk Profiling and Transactions Monitoring: assessing the individual risk profile of each of our customers in real-time to protect our community and make all our customers safer.
  • Regulatory Reporting Obligations: ensuring our teams have the tools available to satisfy our reporting obligations - a critical function that must be built to scale as we look to expand into new markets and engage with new regulators.
  • Know Your Customer: redefining the process of how we identify and verify our customers.
  • Screening: engaging with industry leaders and coupling the best databases with our technology for PEP / Sanctions and adverse media screening.
  • Chargebacks and Recovery: digging deep into how we as a company address and closeout chargeback claims and recover our losses from negative balances.
  • Fraud Risk Profiling and Transactions Monitoring: building models to auto-detect fraud happening on your card (while avoid blocking your card when you are abroad like other banks do!
  • Core: full stack team responsible that all parts above work smoothly together and feed into many products that we build

Compliance Services = the people

Process-driven machines are critical for scale, but we can’t achieve our goals without the right talent. So, we retained our traditional compliance team, but changed their name to Compliance Services. We repositioned their primary responsibility as “expert advisors” to the Compliance Technology team. The Compliance Services team handle all the exceptions that algorithms cannot manage and directly escalate items to the Board which cannot be solved by Compliance Technology. We empowered our Compliance Services by providing them with new knowledge and the opportunity to participate in sponsored courses. We spoke with startups in the RegTech space and openly engaged in productive discussions about how we could work together to develop new tools for shared learning, such as how best to tackle the challenge of horizon scanning in an ever-changing regulatory landscape. We invited our Compliance Services team to participate in public events sponsored by regulators that we work with on a daily basis. We actively promoted our Compliance Services team to potential investors, regulators and supported their participation in conferences. We acknowledged that the machines we were building were only as good as the supervisors watching them operate.

Our Compliance Services teams consists of the following teams:

  • Analysts: handling exceptions on KYC/KYB, screening, transactional monitoring.
  • Quality Assurance: the eagle eyed attention to detail people that make sure our Analysts stay on course and most importantly, we as a company learn from our mistakes and improve the process.
  • Investigations: experienced and inquisitive this a team of people who revel in complex challenges that simply can’t be performed by algorithms.
  • Policies and Regulatory Analysis: a team constantly scanning the horizon and hungry for new regulatory developments, these guys are mapping regulations to our policies, systems and controls.

So, what does this all look like?

How do we make it all work?

Keeping in line with our flat and egalitarian values, we applied the very same principles that we have for other teams, being:

  1. Each team has a product owner with strict KPIs.
  2. These KPIs are a positive function of deliveries and a negative function of business debt (e.g. there’s a consequence if quality assurance picks up that our compliance function is not operating at a level that’s in line with our high standards).
  3. Rewarding compliance by introducing skin in the game, that is biannually awarding Stock option bonuses for individuals that are hitting his or her KPIs.

KPIs for core teams in Compliance Technology and Compliance Services are the same: number of minor and major points in independent audit report that is done on a regular basis. So traditional compliance people and technologists have the same goal. On top of it, we have KPIs for Risk Teams - they need to handle exceptions with high quality (checked by QA team) and high customer satisfaction (average response time and customer service ratings).

This is just the beginning

The purpose of me writing all this is not to suggest that the way we have structured our compliance function is perfect. I am not suggesting that we do not have areas for future improvement. I am the first to admit that we have a long way to go and with the new ways that fraudsters are looking at corrupting the system, I am confident that our compliance system will remain dynamic and evolving.

This is the beginning of an exciting journey for Revolut. We’re passionate about learning and improving as a company and Compliance is no exception. We’ve come a very long way in three years and I am excited to see where our Compliance teams will be as we look ahead.

If this excites you, I want to hear from you

If our vision of Compliance has grabbed your attention and you would like to be a part of these plans, then I am always looking to discuss our strategy with Compliance professionals who are looking for a new and exciting opportunity.