FRAUDFORWARD
#102Accelerate what, exactly? The fraud side of fintech innovation with Nyla Cortes
61 min
What’s up, fraud fighters, and welcome back to Fraud Forward!
This conversation is one I think a lot of us need right now.
Financial services are moving fast. Fintech innovations, AI in financial services, real-time payments, embedded finance, digital assets, and payment systems modernization are all changing how institutions serve members and customers.
And let me just assure you, fraud fighters are not anti-innovation.
We are not the department of no. We are the people who know what happens when fintech innovation moves faster than controls, when fintech compliance is treated like a checklist, and when fraud risk management gets discussed only after something has already gone wrong.
In this episode, I sit down with Nyla Cortes to talk through what fintech innovations really mean for credit unions, community banks, fraud teams, BSA officers, compliance leaders, and frontline staff trying to protect people in real time.
Because behind every fraud case is a customer. A member. A family. Someone whose trust, dignity, and financial stability may be permanently affected.
That is why this conversation matters.
What you’ll hear in this episode:
- A practical look at how fintech innovations are changing fraud risk inside financial institutions
- Why modernization creates opportunity, but also expands the attack surface
- What AI governance in financial services needs to look like before something goes wrong
- How AI in financial services can support fraud prevention strategies when governance is built in
- Why real-time payments require real-time fraud operations
- How fintech partnerships and third-party risk management can introduce hidden exposure
- Why fintech risk management has to include fraud, compliance, BSA, AML, operations, and frontline teams
- What community bank fintech adoption looks like when resources are already stretched
- Why operational readiness matters before losses show up on a report
- How we can support fintech fraud prevention without forgetting the people impacted by crime
This is not a political conversation. It is not a vendor pitch. It is a practical, honest conversation about what it takes to modernize responsibly.
Who should listen:
This episode is for the fraud fighters doing the work every day.
- Fraud directors and fraud analysts
- BSA and AML officers
- Risk and compliance leaders
- Community bank and credit union teams
- Frontline tellers and member service representatives
- Vendor risk and fintech partnership teams
- Cybersecurity and payments professionals
- Regulators and policy advisors
- Anyone trying to balance fintech innovation, fraud prevention strategies, consumer protection, and operational reality
If you are sitting inside a smaller institution thinking, “Holy moly, we are being asked to move faster, but we do not have the same resources as the big banks,” I want you to hear me.
You are not behind because you are doing something wrong. You are operating in an environment where fintech innovations are accelerating faster than the resources available to manage the risk.
And that means we have to get very intentional.
Episode notes:
Fintech innovation is moving fast, but fraud risk is moving with it
Every new access point is a new place for criminals to test. Every faster payment rail shrinks the window to interrupt fraud. Every embedded fintech relationship introduces another layer of vendor risk, data access, operational responsibility, and fintech regulation questions.
So yes, let’s innovate.
Let’s bring fraud, compliance, BSA, AML, operations, and frontline teams into the conversation before the product goes live.
AI can help, but governance has to come with it
AI in financial services is already part of fraud and compliance work. It can help with pattern detection, false positive reduction, case summaries, transaction monitoring review, anomaly detection, and analyst capacity.
That is real.
AI cannot be treated like a magic button. If an AI model is part of a decision chain, institutions need to know how that model was validated, who reviewed it, how human oversight works, and how the institution is monitoring for drift, bias, and false positives.
AI can scale good decisions.
It can also scale bad ones.
That is why AI governance in financial services is not a nice-to-have. It is part of responsible fintech compliance and stronger fraud risk management.
Faster payments require faster fraud operations
Real-time payments have changed the math.
In a lot of cases, there is no meaningful recovery window anymore. By the time the alert is reviewed, the escalation email is opened, or the member realizes what happened, the money may already be gone.
That means fraud prevention has to shift earlier.
We need better authentication, better behavioral signals, better scam typology awareness, and the right friction at the right moment.
Not friction everywhere.
The right pause, at the right time, for the right reason.
That is fraud prevention as customer service.
Third-party risk management cannot stop at document collection
Fintech partnerships can create meaningful opportunities for financial institutions, especially when community bank fintech adoption is happening without the budget or staffing of a top-tier bank.
But y’all, collecting a SOC 2 report is not the same thing as understanding the risk.
Institutions need to know which fintech partnerships touch member data, which ones touch movement of funds, where fourth-party exposure lives, and how those partners handle fraud controls, incident response, AML expectations, and ongoing monitoring.
That is fintech risk management.
That is third-party risk management.
And if you cannot draw the map, you cannot manage the risk on it.
Fraud and compliance are one conversation now
Fraud does not live in silos.
A scam can be a fraud case, a SAR consideration, a consumer protection concern, a Reg E issue, and a member experience crisis all at the same time.
If fraud and compliance are still operating in separate lanes, gaps are going to show up. Gaps in ownership. Gaps in reporting. Gaps in escalation. Gaps in member support.
Nyla and I talk about what good collaboration actually looks like:
- Shared visibility
- Shared language
- Defined escalation paths
- Joint ownership of typology changes
- Quarterly reviews between fraud and compliance
- Clear leadership support
And no, this does not mean more meetings just for the sake of meetings.
It means building shared infrastructure so the right people can act faster when it matters.
Key takeaways:
- Fintech innovations create opportunity, but they also expand fraud risk.
- Fraud fighters are not anti-innovation. We are pro-responsible innovation.
- Fintech innovation must include fintech compliance, fintech regulation, and fraud risk management from the beginning.
- AI in financial services can support fraud detection, but it needs governance, validation, human oversight, and documentation.
- AI governance in financial services matters before the examiner asks for it.
- Real-time payments require fraud teams to operate inside the recovery window, not after it.
- Third-party risk management has to include active oversight of fintech partnerships, not just document collection.
- Fraud prevention strategies should protect members, not just reduce losses.
- Community bank fintech adoption has to account for staffing, governance, documentation, and operational readiness.
- Fintech fraud prevention works best when fraud and compliance share visibility, language, and escalation paths.
- Smaller institutions do not need to fix everything at once. They need to understand their current state, identify the top gaps, and start there.
This episode is about fintech innovations, yes. But really, it is about readiness.
It is about making sure fraud fighters, compliance teams, BSA officers, frontline staff, and risk leaders are not brought in after the fact and asked to clean up what should have been designed with them in the room.
Innovation and reduced risk are not the same thing.
They can coexist, but they do not automatically come together.
We have to build governance before we accelerate. We have to understand our current state before we move faster. And we have to stop treating fraud and compliance like two separate conversations, because they are one now.
Fraud fighters, your work matters. Members may not always know your name, but they feel it when you do this work well.
Stay vigilant, stay informed, and keep moving fraud forward.
Episode transcript
Hailey Windham00:02
What’s up, fraud fighters? So we recently celebrated 100 episodes of Fraud Forward, which honestly still feels surreal to say out loud, you know? And the timing of this conversation for today actually feels kind of perfect because the industry is moving fast right now.
Hailey Windham00:18
On May 19th, the White House released a presidential action titled Integrating Financial Technology Innovation Into Regulatory Frameworks. That’s a tongue twister.
Hailey Windham00:31
If you haven’t read it yet, the high-level focus is really around accelerating financial innovation in the United States. The order talks about modernizing regulatory frameworks, reducing friction, supporting fintech innovation, expanding access to digital financial infrastructure, encouraging AI development, and helping financial institutions adopt newer technologies faster.
Hailey Windham00:58
There’s also discussion around payment systems modernization, digital assets, and reevaluating how regulators approach emerging financial technology overall.
Hailey Windham01:09
Now that I’ve had a little more time to digest this, my first reaction was probably the same that a lot of fraud fighters had. Like, I understand the innovation conversation, but what happens operationally?
Hailey Windham01:24
Because anytime we start talking about faster adoption, reduced friction, real-time movement, AI acceleration, embedded finance, digital infrastructure modernization, fraud teams immediately start asking a very different set of questions.
Hailey Windham01:41
Questions like, what about authentication? What about synthetic identities? What about scam prevention? How about governance? What about examination expectations and operational readiness? What about consumer protection?
Hailey Windham01:57
Because innovation and fraud pressure tend to scale together. That’s just the reality.
Hailey Windham02:03
Which is why this conversation feels especially important right now, because we’re watching multiple things evolve simultaneously. You know, financial systems are modernizing rapidly, payment ecosystems are accelerating, AI capabilities are expanding literally daily, digital assets continue maturing.
Hailey Windham02:25
And at that same time, global scam infrastructure is becoming more organized, more industrialized, and frankly, more sophisticated than most people fully realize.
Hailey Windham02:15
Meanwhile, fraud teams are over here trying to stabilize reporting, staffing, governance, investigations, and operational maturity while the pavement underneath them keeps speeding up.
Hailey Windham02:28
And I want to be clear. Fraud fighters do not hate innovation. We just know that with every new convenience layer, that creates a new attack surface, too.
Hailey Windham02:39
And sometimes I think those operational realities get left out, you know, of the bigger innovation conversation.
Hailey Windham02:47
So today I wanted to bring one of my favorite people in the world to reality check these conversations with me. And that’s Nyla Cortes, the Director of Risk and Compliance for Earth Mover Credit Union. So Nyla, welcome back to Fraud Forward.
Nyla Cortes02:56
Hi, Hailey. Thank you so much for having me back. I always look forward to these conversations because they’re never really the easy version.
Nyla Cortes03:06
I think that we tend to really deep dive. And this topic is exactly the kind that I think needs the really messy, honest treatment.
Nyla Cortes03:16
I’ll also say up front that I’m coming into this kind of cautiously optimistic. I think there are real opportunities in what the administration is trying to do, and I think there are some real operational questions that the policy hasn’t fully quite answered yet.
Nyla Cortes03:32
So I’m happy to sit in both of those kinds of places today.
Hailey Windham03:40
I always love having you in these conversations because you don’t let me stay at surface level. You know, you pull it down into the operational reality really fast. And I think that’s exactly what this topic needs.
Hailey Windham03:55
And I do want to say before we get into the weeds, I want listeners to know that this is not a political conversation. We’re not here to debate the executive action itself or whether it should or shouldn’t exist.
Hailey Windham04:10
What we’re here to do is talk about what it means for the people actually running fraud and compliance operations inside financial institutions right now.
Hailey Windham04:20
So let’s get into it. Okay, I want to start with gut reactions because I think first reactions are actually really telling, especially for people who spend every day thinking about risk.
Hailey Windham04:32
You know, when you first read through this executive action, or at least the highlights, which I did see that they posted that too, which was really cool.
Nyla Cortes04:34
This is really cool.
Hailey Windham04:34
What stood out to you immediately? Like what made you lean in and think, okay, this is something we’ve needed? And then what made you pause and think, wait, we need to talk about this?
Nyla Cortes04:44
Yeah, I definitely had a split reaction. I would say what excited me was the acknowledgement that a lot of our regulatory framework was built for a brick-and-mortar environment. Right?
Nyla Cortes04:58
That’s a fair observation. We’ve been operating under guidance that predates real-time payments being mainstream. So the idea of modernizing those frameworks to reflect the environment we’re actually in, that’s a good thing in theory.
Nyla Cortes05:15
I also noticed that the order specifically calls out third-party risk management. That’s a conversation that’s been overdue for a refresh because the way we evaluate fintech partnerships now wasn’t really built for the velocity of relationships institutions are really entering into.
Nyla Cortes05:37
So where I really paused was with how the language around streamlining and reducing barriers to entry can mean a few different things depending on who is actually interpreting it.
Nyla Cortes05:52
It can mean cleaner pathways and clearer expectations, which I’m all for and I think a lot of people are for, or it can mean fewer guardrails at the point of access, which is a completely different conversation.
Nyla Cortes06:07
And right now, we just don’t know which version we’re actually going to get because the regulators haven’t responded yet.
Nyla Cortes06:15
The dates I’m really watching for are the 90-day review window and the 180-day innovation deadline. So by mid-August, we should start seeing what each regulator’s assessment actually looks like. And that’s when this will get real for operations teams.
Hailey Windham06:26
I think my reaction had that same split in it. You know, there were things in here that genuinely excited me. The idea of modernizing regulatory frameworks. I mean, fraud teams have been navigating guidance that was written before real-time payments were a mainstream reality.
Hailey Windham06:47
So in theory, updated frameworks that reflect the actual environment we’re operating in, that’s a good thing.
Hailey Windham06:55
But then there’s that other side because I see the language too, like what you were saying, that reducing friction and accelerating adoption. My fraud brain automatically translates that to reducing friction means reducing controls or guardrails.
Hailey Windham07:12
And some of those guardrails exist for a reason.
Hailey Windham07:16
So when you’re reading through policy language like that, you know, I’ve picked on you before just because I can, that you’re the compliance nerd who actually likes to read these things.
Nyla Cortes07:16
Yes.
Hailey Windham07:16
But when you’re reading through policy language like that from that compliance perspective, how do you parse what’s intentional versus what’s just not fully thought out yet operationally?
Nyla Cortes07:29
I think that you read it through the lens of who has to operationalize it, right?
Nyla Cortes07:37
So policy at the federal level is written to set direction. It’s not written to be a procedure, and that’s normal.
Nyla Cortes07:46
The gap between direction and procedure is where compliance teams live every single day.
Nyla Cortes07:53
So when I read language like reduce unnecessary barriers to entry, my job isn’t to assume the worst or assume the best. My job is to flag the operational questions that haven’t really been answered yet, so we’re not the institution that unfortunately finds out the hard way. Right?
Nyla Cortes08:15
And to your earlier point about fraud fighters not being anti-innovation, I want to underline that. We are not the department of no.
Nyla Cortes08:25
But we have seen what happens when convenience scales faster than control. Every new access point is a new attack surface. That’s not pessimism. That’s purely pattern recognition.
Nyla Cortes08:41
So when I lean into a policy like this, I’m leaning into it with operational questions, not political ones.
Hailey Windham08:47
I think that’s the tension that fraud and compliance teams are going to be sitting with for a while as this gets interpreted and implemented.
Hailey Windham08:57
And I’m going to repeat something that I said earlier in this intro, and I said it last week, and you just said it again, but I feel like it’s one of those things that it’s okay to repeat it, and I might even get it tattooed on my forehead.
Hailey Windham09:13
Fraud fighters do not hate innovation. You even said it. We’re not the department of no.
Hailey Windham09:21
But we do know from experience that every new convenience layer creates that new attack surface.
Hailey Windham09:29
Every time you speed something up, you shrink the window to catch something before it’s gone. Every time you add a new access point, you create a new place for bad actors to probe.
Hailey Windham09:40
And again, you’re right. That is the pattern recognition, and that’s why these conversations matter.
Hailey Windham09:49
So I think one of the things that you and I do really well, kind of magically, is bringing that operational reality to the conversation. It’s one thing that Fraud Forward was built on, which was bringing those practical insights into the industry.
Hailey Windham10:07
So I want to talk about what this actually looks like on the ground, because the federal level conversation has a particular cadence to it, right? It sounds like modernize, accelerate, adopt, innovate.
Hailey Windham10:22
But then you hand that to the financial institution and especially a community bank or credit union, and they’re looking at their actual operational reality, and the questions they’re asking are completely different.
Hailey Windham10:36
You know, it’s who monitors it? Who owns it? Who examines it? Who reimburses it when something goes wrong? Who explains it to the board? And who gets blamed when it fails?
Nyla Cortes10:29
Right.
Hailey Windham10:51
You know, those are those real questions.
Hailey Windham10:36
So, Nyla, from where you sit in risk and compliance, when you look at what it would actually take to operationalize faster fintech adoption, what does that look like realistically for a midsize or smaller institution right now?
Nyla Cortes10:46
Yeah, that’s a good question. So this is the part of the conversation that can get glossed over the most.
Nyla Cortes10:54
When you’re at a community bank or a credit union, modernization isn’t really seen as a strategy slide. It’s a series of trade-offs.
Nyla Cortes11:06
So every new capability has a cost stack behind it. The technology cost is actually the smallest piece of it. The bigger costs are the governance lift, the policy updates, procedure rewrites, the training, monitoring, reporting, and the staffing to support it ongoing. Right?
Nyla Cortes11:29
And we’re absorbing all of that into existing teams that already are running lean.
Nyla Cortes11:36
So when the federal conversation says to accelerate adoption, what that actually means at my level is one person doing the vendor risk assessment, another updating the BSA risk assessment, someone else updating the fraud monitoring rules, the BSA officer evaluating AML implications, and then the compliance team checking consumer protection, and then, you know, a board memo to wrap it all up in a pretty little bow that explains the residual risk.
Nyla Cortes12:10
That’s just for one product launch.
Nyla Cortes12:13
So the resource reality of that is it’s hard. And it’s not a complaint. It’s honestly just the math of it. And it means smaller institutions have to be really intentional about pacing because we can’t absorb five new initiatives at once without something breaking.
Hailey Windham12:20
So true. I think the resource reality for smaller institutions is just so much fundamentally different than that of the larger FIs.
Hailey Windham12:31
You know, a top-tier bank has entire departments dedicated to that AI governance, the fintech partnerships, the compliance infrastructure, right?
Nyla Cortes12:29
Mm-hmm.
Nyla Cortes12:43
Yeah, they do.
Hailey Windham12:42
And they have budget, the headcount, the legal teams, where a community bank or credit union is potentially asking, like you said, the one person to figure all of that out.
Hailey Windham12:58
And which again, it’s not even a criticism on this part. It’s just the reality that the resource environment they’re operating in is just so different.
Hailey Windham13:11
So when we talk about modernization, the implementation gap between a large FI and a smaller one is truly significant.
Hailey Windham13:20
So for you, and I’d like to ask, what does that gap look like from your experience? And where do smaller institutions tend to struggle the most when they’re trying to keep pace?
Nyla Cortes13:21
Yeah, no, the gap is real, and we should name it.
Nyla Cortes13:28
A top-tier bank has entire teams dedicated just to AI governance, to fintech partnerships, model risk management, third-party oversight, right? They have legal, data science, dedicated examination liaisons. Their compliance function alone is probably bigger than the entire risk department at most community institutions.
Hailey Windham13:26
Ha ha ha.
Nyla Cortes13:50
So at a smaller FI, the same person is often wearing five different hats. If you know me, I’m always talking about us multi-hat wearers, right?
Nyla Cortes14:04
So the BSA officer is also doing OFAC, also reviewing wires, also responding to subpoenas, writing board memos. The fraud manager is also the person that’s handling all the card disputes, ACH, Zelle, account takeover cases, check fraud, and somehow also building scam typologies for member education.
Nyla Cortes14:31
So where I see smaller institutions struggle the most is in about, I would say, three different places.
Nyla Cortes14:41
So first would be visibility. This looks like fragmented tools, which mean fragmented data. We see card fraud in one system, ACH in another, Zelle in another, account takeover signals somewhere else.
Nyla Cortes14:57
So stitching that into a clear picture of fraud exposure takes time. And most teams don’t really have the bandwidth to do it as often as they should.
Nyla Cortes15:09
Second would be vendor and fintech oversight. So when you have a small vendor management function, you end up relying on what the vendor just tells you about their own controls. And that’s not the same as independent assurance.
Nyla Cortes15:25
And then third would probably be governance documentation. A lot of smaller institutions are doing the right work but haven’t really memorialized it in a way that holds up under examination.
Nyla Cortes15:42
So the activity is happening. The documentation isn’t.
Hailey Windham15:31
That even tracks with what I’m seeing in the benchmarking conversations that I’m having right now. It’s those visibility gaps, the staffing models, the fragmented tools environments that you mentioned. It is consistent.
Hailey Windham15:48
And so there is a call-out that I have, you know, directly to anyone who is at a smaller institution that’s feeling that pressure right now.
Hailey Windham15:57
You’re not behind because you’re doing something wrong. You’re behind because the environment is accelerating faster than the resources available to you to manage it.
Hailey Windham16:10
And that matters because the answer isn’t just move faster, right? The answer is understand your current state first, because you cannot modernize safely if you don’t know where you actually are, which is something we are going to come back to in this conversation.
Nyla Cortes16:16
Mm-hmm.
Hailey Windham16:30
But I also want to talk about the piece of this that I think is generating the most conversation right now, which is AI.
Hailey Windham16:39
Uh-huh. In case you didn’t know that we were going to talk about AI on this episode. Really?
Nyla Cortes16:31
Yeah.
Nyla Cortes16:33
Shocker.
Hailey Windham16:48
So the executive action references innovation in AI repeatedly, right? Which makes sense because, you know, AI is not a theoretical or future conversation in fraud anymore. It’s a right now conversation.
Hailey Windham17:02
We have institutions that are using AI for fraud detection. We have fraud being perpetrated using AI. We have AI being embedded in customer-facing products that affect fraud exposure.
Hailey Windham17:17
So I want to talk about both sides of this because I think there’s a tendency in the industry right now to either be fully in the AI hype cycle, you know, like AI is going to solve everything, or to be completely dismissive of it entirely.
Nyla Cortes17:16
Right.
Hailey Windham17:36
And neither one of those is useful.
Hailey Windham17:23
So Nyla, starting with the opportunity side of this, where do you see AI genuinely helping fraud and compliance operations when it’s implemented well?
Nyla Cortes17:36
I would say I’m cautiously optimistic on AI and fraud and compliance, and I want to really be specific about where the wins actually show up because the hype cycle can kind of blur this.
Hailey Windham17:36
Mm-hmm.
Nyla Cortes17:52
So the clearest win, I would say, is reducing analyst burden on high-volume, low-complexity work. Things like dispute intake triage, initial transaction monitoring review, false positive reduction, summarizing case notes, drafting the first pass of narratives.
Nyla Cortes18:15
That can be actually real-time savings, and it lets your investigators spend more time on the super complex cases that actually need human judgment.
Nyla Cortes18:29
The other win is pattern detection at scale. So behavioral analytics, right? Anomaly detection across larger data sets, link analysis between accounts. Humans can’t process that kind of volume, but AI can.
Nyla Cortes18:50
So when you pair AI pattern detection with human judgment on the back end, that’s where it can get powerful.
Nyla Cortes18:58
But I want to be honest about the line that I see. AI augments. It doesn’t replace the human decision in fraud and compliance work.
Nyla Cortes19:12
The institutions that treat AI as a labor replacement strategy instead of a capacity expansion strategy are the ones that I would be most curious where they are in a couple of years.
Hailey Windham19:23
Getting a bumper sticker that says, AI augments. It doesn’t replace the human decision in fraud and compliance. I love it.
Nyla Cortes19:28
Ha ha ha.
Hailey Windham19:35
I think that, first of all, you hit the nail on the head, I think, in all of those scenarios that you offered. That operational efficiency piece is real. Reducing that manual review burden, faster investigations, better anomaly detection at scale.
Hailey Windham19:53
You know, yeah, we might can do it for the one-off case where we just so happen to have all the right platforms up and reports out, and we just so happen to catch it. But at scale, we need that assistance.
Hailey Windham20:08
And those are the legit wins, you know, when AI is implemented thoughtfully.
Hailey Windham20:15
But the governance side of AI and financial services is still very much being figured out in real time. And I have a lot of questions that I think fraud and compliance teams need to be asking right now that not everyone is asking yet.
Hailey Windham20:34
And it’s questions like, can you explain the decision? If an AI model flags a transaction or declines an account, can you articulate to an examiner why that happened in plain language?
Hailey Windham20:48
And then what happens when the model is wrong? Because AI scales decisions, which means if the model is making good decisions, you scale good outcomes. But if the model has a flaw, a bias, a blind spot, a gap in training data, you scale that too.
Hailey Windham21:08
You know, who approved the AI? Is there a governance framework in place? Who signed off on it? Who reviews it? Who updates it when the environment changes?
Hailey Windham21:20
You know, Nyla, from a compliance standpoint, what do you think examiners are actually going to expect when AI is part of the decision chain, and how ready do you think most institutions are for that scrutiny right now?
Nyla Cortes21:16
Hmm, I would say most institutions are not as ready as they think they are. And before you come for me, I will explain what I mean, okay?
Nyla Cortes21:31
Examiners are going to want answers to, I would say, four different questions, right?
Nyla Cortes21:38
So can you explain the decision in plain language? Can you show how the model was validated before it went into production? Can you demonstrate human oversight in that decision chain? And can you show how you’re monitoring for drift, bias, and false positives over time? Right?
Nyla Cortes22:04
So a lot of institutions have adopted AI tools but haven’t built the governance framework around them. They have the tool. They don’t have the documentation. They have the detection. They don’t have a model risk management policy. And they have the output, but they don’t have a process for periodic revalidation.
Nyla Cortes22:31
And here’s what I think makes AI different from other compliance areas, right? It scales decisions like we’ve been talking about. If the model is making good decisions, you scale good outcomes. If it has a flaw, a bias, a blind spot, you also scale that.
Nyla Cortes22:52
So governance isn’t a nice-to-have. It’s what really will determine whether AI helps you or creates new exposure.
Nyla Cortes23:03
So my honest take here is that institutions are going to need an AI governance policy, a defined model risk management process, documented human-in-the-loop controls, and a periodic validation cadence.
Nyla Cortes23:20
If you have AI tools in production and you don’t already have those four things, that is where I would start.
Hailey Windham23:14
I think that you made a really important point. A lot of the institutions right now are in this window where they’ve adopted quickly, but like you said, that governance documentation just hasn’t caught up yet. And that’s going to matter when regulators come in.
Hailey Windham23:34
And so the line I keep going back to is this. AI can absolutely scale good decisions, but it can also scale bad ones. I think we both said that.
Hailey Windham23:47
So the institutions that are going to navigate this well aren’t the ones who move fastest on the AI adoption. They’re the ones who build the governance infrastructure to support it before something goes wrong, because cleaning that up after the fact is a much harder conversation.
Hailey Windham24:08
And I will call out, I know that I’ve shared this with others in the industry, but Sardine did do an AI governance framework report that they wrote up. So I will put that into the show notes as well.
Nyla Cortes24:07
You sure did.
Hailey Windham24:11
Because it’s one that I know that I’ve had several friends reach out and go, hey, this really helped me write my policy.
Nyla Cortes24:18
Yep, it’s amazing.
Hailey Windham24:20
So okay, we’re going to shift now to payments and fintech participation specifically, because this is where the attack surface conversation gets really concrete for fraud teams.
Hailey Windham24:31
Real-time payments are not new at this point, but the volume, the velocity, and the customer expectation around the instant money movement has significantly shifted.
Hailey Windham24:43
Faster payments means faster fraud. I don’t care who you are, I believe that fully.
Nyla Cortes24:48
Yes, I am.
Hailey Windham24:48
Narrower recovery windows, which why would I say that for myself? Because I’m literally creating my own tongue twister. Narrower recovery window. Narrower recovery windows. Less time to interrupt. And in some cases, no time at all. Right?
Nyla Cortes24:56
Narrower.
Hailey Windham25:06
Scammers know this. They are actively engineering fraud schemes around payment speed.
Hailey Windham25:15
So from a risk perspective, how are you thinking about the intersection of real-time payment expansion and fraud exposure right now?
Nyla Cortes25:22
Yeah, so real-time payments have changed the math on fraud response, right?
Nyla Cortes25:29
So we used to have a recovery window. Now, in a lot of cases, the funds are gone before the member even realizes something happened.
Nyla Cortes25:39
What that means operationally is that fraud prevention has to shift to the left, right? We always like that song, to the left, to the left.
Hailey Windham25:45
I didn’t think I don’t.
Nyla Cortes25:51
You can’t catch it at the back end anymore. You have to interrupt it at authorization, at authentication, or before the member even initiates the transfer. And that all is going to require behavioral signals, scam typology awareness, and the right friction at the right moment.
Nyla Cortes26:14
And honestly, the scam landscape has to change too. Most of the Zelle account takeover cases that we see now don’t look like the fraud at the moment of authorization.
Hailey Windham26:26
True.
Nyla Cortes26:29
The member authenticated. The device was recognized. The member initiated the transfer because they were manipulated into doing it, right? So traditional rule-based monitoring isn’t built for that.
Nyla Cortes26:45
So our control environment does have to evolve towards intercepting authorized fraud, not just unauthorized fraud.
Nyla Cortes26:48
And that’s a fundamentally different problem, and it’s one I think the industry is truly the least prepared for right now.
Hailey Windham26:55
I will say that I did have another section for us whenever I was working on our outline where we were going to go into the unauthorized and authorized, you know, portion of it. And I was like, you know what? That’s a whole nother episode.
Nyla Cortes27:08
Literally it’s.
Nyla Cortes27:19
And I could talk on that for hours.
Hailey Windham27:11
I am not even going to, if we’re not going to touch that one. But I appreciate what you’ve called out because it needed to be said. But at the same time, that’s a whole nother episode.
Hailey Windham27:22
Truly, truly.
Hailey Windham27:25
So instead of diving deeper into the unauthorized, authorized conversation and who is responsible, you know, for that financial loss, let’s instead talk about the fintech partnerships on top of all of that that you just mentioned, right?
Nyla Cortes27:33
Yeah. Yeah.
Hailey Windham27:43
A lot of institutions are expanding their products through the embedded finance relationships. Fintechs plugging into their infrastructure. You’ve got sponsor bank relationships, third-party access. And every one of those relationships is a potential new entry point for fraud.
Hailey Windham28:02
So the third-party risk management conversation has to evolve alongside the fintech participation conversation. They can’t be separate.
Hailey Windham28:13
So where do you see institutions struggling most when it comes to third party and vendor oversight in this environment?
Nyla Cortes28:17
This is one of the parts of the executive order I’m watching most carefully because the order specifically flags that current third-party risk management requirements may favor incumbents.
Nyla Cortes28:31
So whatever comes out of that review is going to reshape how we evaluate fintech partnerships.
Nyla Cortes28:40
So where I see institutions struggling right now is first in the inventory itself. A lot of FIs don’t have a clean current inventory of every fintech relationship that touches their environment, especially the indirect ones or the API integrations or the subprocessors. Because you can’t really manage what you can’t see.
Nyla Cortes29:06
Second, I would say, is the depth of due diligence. So there’s a difference between collecting a SOC 2 report and actually understanding the fintech’s fraud controls or their incident response process or their AML program. A lot of due diligence stops at the document collection stage. That’s not the same as evaluation.
Nyla Cortes29:32
And third is ongoing monitoring. So the contract gets signed, the assessment gets filed, and then nobody is looking at it again for two years. That’s really not monitoring. That’s just a binder on a shelf where you completed your checklist. Right?
Nyla Cortes29:55
And I think the honest reality is that a lot of institutions signed fintech and embedded financial agreements before their third-party risk frameworks were really mature enough to fully account for the fraud exposure that those relationships could introduce.
Nyla Cortes30:15
So now we’re retrofitting risk management onto already-live partnerships. And that’s a much harder conversation than building it in from the beginning.
Hailey Windham30:22
And that’s something that institutions need to be actively auditing right now. We don’t need to wait for an examiner to surface that.
Nyla Cortes30:26
Yes.
Hailey Windham30:33
So, okay, I want to talk now about something that I think is becoming increasingly impossible to ignore. And that’s the fact that fraud and compliance are colliding in ways that they never used to.
Hailey Windham30:47
These departments used to be able to operate pretty independently, you know, different functions, different reporting lines, different regulatory touch points. And that world is changing fast because the fraud we’re seeing now doesn’t respect those departmental boundaries.
Hailey Windham31:07
Scam typologies are crossing compliance thresholds. AML and fraud are converging. Consumer protection expectations are landing in both lanes simultaneously.
Hailey Windham31:20
And the institutions that are still operating with those hard silos between fraud and compliance are going to find themselves with gaps. You know, gaps in ownership, gaps in coverage, gaps in reporting, which creates real exposure.
Hailey Windham31:38
Nyla, you sit in that intersection in a really direct way. How are you thinking about the convergence of fraud and compliance right now? And where do you think institutions are most behind in recognizing that these functions have to work together?
Nyla Cortes31:46
Hmm. Hmm. This is a conversation I’ve been having internally for a while. And I think a lot of institutions should be having this conversation.
Nyla Cortes32:00
And so I’m glad that we’re having it out loud right now.
Nyla Cortes32:07
Fraud and compliance used to be able to operate in parallel lanes, right? Like fraud would handle the disputes side of things. Compliance handled BSA, OFAC, consumer protection. The lanes were clear. The data flowed differently. The reporting structures were separate. And that worked, right?
Nyla Cortes32:36
When fraud was mostly transactional and compliance was mostly pragmatic. That world doesn’t exist anymore.
Nyla Cortes32:47
Scam typologies have really just fully collapsed that boundary. A romance scam that ends in a wire transfer is a fraud case, a SAR-eligible event, a consumer protection issue, and even potentially a Reg E dispute all at the same time.
Nyla Cortes33:08
Elder financial exploitation is the same. Pig butchering with a crypto off-ramp is the same. Authorized push payment fraud is the same. Every one of these touches fraud, BSA, and consumer protection simultaneously.
Nyla Cortes33:27
So where institutions are most behind is in ownership. When fraud looks like a compliance issue and compliance looks like a fraud issue, who owns it? Who decides if a SAR gets filed? Who manages the member communication? Who decides if we’re liable for reimbursement? Who tracks the typology so we can prevent the next one?
Nyla Cortes33:56
I can say that in the last year, a real focus at my institution has been moving away from the ownership conversation and directly towards collaboration between areas.
Nyla Cortes34:09
When we hit a roadblock and everyone on the team is throwing up their hands and saying, I don’t own this, we stop. We evaluate how we got here, and we figure out how to fix it efficiently so the member gets the best experience.
Nyla Cortes34:29
Because truly, at the end of the day, the member doesn’t care which department owns it, right? They care that we solved it. So always member experience at the forefront has really helped us in navigating and realigning to collaboration.
Hailey Windham34:34
I want to ask on a personal level. I feel like you and I kind of have an advantage that others didn’t have. And I’ll say that because we worked together several years ago. You were compliance, BSA. I was fraud. And we instantly loved each other, and we’re best of friends, right?
Nyla Cortes34:42
Mm.
Hailey Windham34:55
What’s not to love?
Nyla Cortes34:57
Well, I mean, what’s not to love?
Hailey Windham35:03
And so it made it easier, in my opinion, like for us to go, hey, why can’t we work together? Why can’t fraud and compliance actually, you know, try to solve these problems together?
Hailey Windham35:15
I mean, as I was writing up this outline, all I could think to was about the time that we created the corporate account takeover process. And we literally went to each department head and we were like, all right, what are you responsible for when this happens?
Hailey Windham35:33
Like, we’ve got our red folders in branches when there’s an active robbery situation. Here’s what we do whenever there’s corporate account takeover.
Hailey Windham35:43
And so do you think that because we had that friendship first that it made that bridge better? Or do you think that this is easy to replicate in other institutions?
Nyla Cortes35:53
I think the answer is yes to both for me, to be honest.
Nyla Cortes35:59
Because I think that our relationship did make it easier, right? But I also think that it is easy, because at the end of the day, both you and I went into that collaboration with the idea that this is easy, right?
Nyla Cortes36:17
Collaboration can be easy. I think one of the biggest things that I’ve recognized from being at different institutions throughout my experience and my time is that collaboration is truly something that is top-down. It has to be pushed from the top down.
Nyla Cortes36:41
And it doesn’t have a clear boundary of lines of just being fraud and compliance. Like, I know this conversation is primarily fraud and compliance, right?
Nyla Cortes36:54
But when we’re talking about fraud, fraud touches every area of the institution. It touches accounting in a different way. It touches member services a different way. Like, it’s touching everywhere.
Nyla Cortes37:11
And so how can we as an institution increase our collaboration, and instead of placing ownership, everyone has a seat at the table?
Nyla Cortes37:28
Everyone should have a seat at the table. It’s just a matter of whose seat you’re sitting in and what you bring to the table individually.
Nyla Cortes37:39
But there is no one person that should own it. It should be everyone’s ownership. We all own it. We all own the experience that the member receives.
Nyla Cortes37:52
And so that’s my two cents about that.
Hailey Windham37:53
I love that. I love that you didn’t just call out that we all own the fraud that happens. You know, we are all responsible for if we see it, we need to make sure that we call it out, or if there’s unusual activity, we need to call it out.
Hailey Windham38:12
You know, I loved whenever we collaborated on the fraud policy, even to have that kind of language in there.
Hailey Windham38:20
But then it’s also we own the member experience, the customer experience. And I think that that’s a vital point of what, especially for community banks and credit unions, like that is literally who you are. That is why you operate.
Hailey Windham38:39
It is for that community feel.
Nyla Cortes38:41
Yeah.
Hailey Windham38:42
I deal with a local community institution that, man, I wish the online banking stuff was different. Okay. I want to be able to transfer payments very easily, and it’s just not there.
Nyla Cortes38:51
Yes.
Nyla Cortes38:54
Yes.
Hailey Windham38:55
And that’s okay because I want to be able to call and talk to an actual person that knows my name. That whenever I say, hey, I need to get this done, they know me. They can get it done. They can send an email. We, you know, dual control, whatever.
Hailey Windham39:13
But that’s something that I will deal with so that I can have that community feel.
Hailey Windham39:19
And so we can’t lose that piece of who we are in these community institutions.
Nyla Cortes39:13
Ha ha ha.
Hailey Windham39:28
So I’m not going to derail us and talk about, you know, why we love community banks and credit unions.
Hailey Windham39:16
But I think that you are a great example of showing what it could look like and how it works.
Hailey Windham39:28
So, you know, from your perspective, what does it look like when fraud and compliance are functioning well together? What does that structure look like inside an institution that’s doing it right?
Hailey Windham39:42
Because when you and I were together, right, we had a very short time frame to see the magic, right?
Nyla Cortes39:44
Yep. Yep.
Hailey Windham39:47
And then, you know, you got a different opportunity. I got a different opportunity. And so, you know, the friendship stayed, but we were no longer at the same institution.
Nyla Cortes39:53
Right.
Hailey Windham39:59
But now you’ve been able to really do it at another organization. So I just like to know, you know, what does that look like?
Nyla Cortes40:01
Yeah, no, this is one of my most favorite topics to talk about, truly. So if I go on a rant here, I’m very sorry for everyone listening.
Hailey Windham40:09
Go ahead. Go ahead.
Nyla Cortes40:13
So first thing, right? Because a lot of people tend to think that collaboration means one thing, and they think meetings. More meetings. And it’s not. I promise you. That’s not it.
Nyla Cortes40:29
Right? We already all have overbooked calendars. More meetings is not the answer. We already know that.
Nyla Cortes40:38
But what it actually looks like is shared infrastructure. So I actually have four things for us.
Hailey Windham40:43
Only four?
Nyla Cortes40:44
Only four. Only four. I know. I know. You’re so proud of me, right?
Hailey Windham40:47
I am. I am.
Nyla Cortes40:51
So first would have to be shared visibility. So fraud and BSA see the same case data.
Nyla Cortes40:57
Right? So when a Zelle account takeover comes in, the BSA officer is going to be looking up the typology, the dollar amount, and the underlying behavior at the same time that the fraud team sees it.
Nyla Cortes41:12
Same data. Same view. Shared visibility across the board. None of this handoff business, right? Same time. Same visibility.
Nyla Cortes41:24
Shared language is our second one. We have the same terminology for typologies, the same severity scales, the same case categories.
Nyla Cortes41:35
Because if fraud calls something a scam-induced transfer and BSA is calling it a consumer-initiated wire abuse, you have two reports describing the same exact event, and nobody knows what’s actually happening. Okay?
Nyla Cortes41:52
Same language.
Nyla Cortes41:55
Third, defined escalation paths. So everyone knows when a case gets escalated, who it goes to, what triggers a SAR review, what triggers member outreach, what triggers a board notification.
Nyla Cortes42:13
As you can say, I say the word trigger a lot. Know your triggers. What triggers what? And have a defined escalation path for that. Document it and practice it. Enforce the practice of it.
Nyla Cortes42:32
And then the fourth one is joint ownership of typology evolution. So when a new scam pattern emerges, fraud and compliance evaluate it together, not separately. Okay? Because the response usually involves both lanes anyway. Right?
Nyla Cortes42:54
So as you can see, collaboration is at the forefront of our four items.
Nyla Cortes43:00
So again, just to reiterate, we have shared visibility, shared language, defined escalation paths, and joint ownership of typology evolution.
Nyla Cortes43:12
So the best version of this is when fraud and compliance share a periodic review. I would say quarterly works best, where you’re looking at trend data together, agreeing on what’s getting worse, and making joint recommendations to leadership.
Nyla Cortes43:22
That’s what good looks like. And it’s even achievable at smaller institutions. It just has to be built with intention because your org chart cannot do it alone.
Hailey Windham43:31
I love that framing. And again, I think it goes back to, you know, what we saw together and in creating that one thing.
Nyla Cortes43:37
Mm-hmm.
Hailey Windham43:40
It’s, you know, creating those workflows, even partnering with continuous improvement to say, hey, can you make me a map of a flow map? Because I don’t, I mean, we need help. And so, yeah.
Nyla Cortes43:46
Right. Right.
Nyla Cortes43:50
We are compliance. We are not. Yeah, yeah. Yeah.
Hailey Windham43:54
We are not graphic designers, even though that’s not what it technically is, but it felt like it. Okay.
Hailey Windham44:00
Put me in Canva. Don’t put me on a blank whatever where you want me to draw the squares and the no, I can’t. I cannot do that.
Nyla Cortes44:03
Yep. No. You will not find me there. Nope. Nope.
Hailey Windham44:14
But it works, right? Because you have to have, like, obviously you have your documented, like this is how we documented triggers. This is what we do when this happens.
Hailey Windham44:25
But also being able to see that, you know, again, it’s those practical takeaways.
Hailey Windham44:26
So I want to encourage that if you don’t have the process mapped out in a visual aid, do that. It really does help, and it helps to articulate it to the C-suite executives that don’t understand all the necessary, you know, tiny pieces that are a part of a process.
Hailey Windham44:46
But by you having it mapped out and they can see it visually, it makes more sense.
Nyla Cortes44:49
Yep, and it also helps your team too. Like the visual representation of what the decision path actually looks like, it helps your team, and it helps reinforce the behavior of which you’re trying to implement too.
Hailey Windham45:05
I love that.
Hailey Windham45:08
So we’re going to continue on making this actionable because a lot of listeners are at community banks and credit unions, and, you know, maybe they’re not the ones that are writing the policy, but they’re the ones that have to operationalize it.
Hailey Windham45:22
So what should they actually be thinking about right now?
Hailey Windham45:26
So I want to go through some questions, and I want your honest take on each one.
Hailey Windham45:32
The first is AI governance. You know, in your opinion, do most institutions, especially the smaller ones, actually have a defined AI governance framework right now, or are they using AI tools and kind of hoping for the best?
Nyla Cortes45:41
Honestly, most smaller institutions don’t have a defined AI governance framework. They’re using AI tools that mostly come embedded in their fraud or their BSA platform, and the governance didn’t come with it.
Nyla Cortes45:58
The tool got adopted. The policy, the model risk management process, the validation cadence, the human-in-the-loop documentation, those didn’t follow.
Nyla Cortes46:13
And I do want to be fair here. It’s not that teams are being careless, right? It’s that the AI got built into the tools that they were already using. So it didn’t feel like an adoption decision. It felt like a software update.
Nyla Cortes46:30
But from an examiner’s perspective, it’s not just a software update. It’s a decisioning system that needs a governance framework around it.
Nyla Cortes46:43
So my advice is to ask your core vendors and your fraud platforms exactly where AI is in the decision chain. How was it validated? And how are you going to be notified when the model changes? Because you can’t govern what you can’t see.
Hailey Windham46:57
Very true. Very true.
Hailey Windham47:02
Okay, so then the next piece is on third-party risk. Do most institutions have a clear picture of every vendor and fintech relationship that’s introducing fraud exposure into their environment, or are there blind spots?
Nyla Cortes47:14
Hmm, not as clear as they should be. The direct vendor list is usually solid, but where the blind spots live is the indirect exposure.
Nyla Cortes47:27
So your fourth-party risk, your subprocessors, your API integrations, fintech partners that plug into a partner you already onboarded. The further you get from the contract, the less visibility you have.
Nyla Cortes47:43
And that’s exactly where fraud exposure tends to hide.
Nyla Cortes47:48
And obviously, to be transparent, this is hard. This is really hard, even when you have a mature program in place.
Nyla Cortes47:59
So mapping every relationship that touches member data or movement of funds takes genuine, real effort. But if you can’t draw the map, and I know we’re not graphic designers, but if you can’t draw that map, you can’t manage the risk on it.
Hailey Windham48:09
Makes sense.
Hailey Windham48:13
Okay, real-time fraud operations. If a scam is happening right now, does the average community bank or credit union have the staffing, the tools, and the escalation path to interrupt it, or are they still operating on batch-cycle thinking?
Nyla Cortes48:27
In a lot of cases, no. And it’s not because the teams aren’t capable. It’s because the operating model is, like you said, still built on batch-cycle thinking.
Nyla Cortes48:41
Alerts get reviewed on a queue. Escalations go by email. The member service team isn’t connected to the fraud team in real time. So by the time we know, the money’s gonzos, right?
Nyla Cortes48:58
So closing that gap takes usually about three things, right?
Nyla Cortes49:06
So real-time alerting, which we’re all talking about in the industry right now, a defined interruption protocol that everyone on the front line knows, not just the fraud team, and a fraud function structured to respond inside of the recovery window, not after it.
Nyla Cortes49:24
That’s an investment. But the alternative is paying for the losses on the back end. And those numbers do add up fast, as we all know.
Hailey Windham49:24
Yeah, too fast sometimes.
Hailey Windham49:31
Okay, this last question for this section, I channeled my inner Nyla.
Nyla Cortes49:35
Ooh, love that.
Hailey Windham49:39
Yeah, yeah. So are institutions measuring operational readiness, or are they just only measuring, you know, losses after the fact?
Nyla Cortes49:48
I would say mostly the latter. And this is the metric problem, in quotations, that I want every fraud leader to actually push on.
Nyla Cortes50:02
Losses are what I like to call a lagging indicator, right? But by the time you’re reporting on losses, the damage is already done. The board is reacting. The member is upset. The regulator is asking questions.
Nyla Cortes50:21
Operational readiness metrics are leading indicators, right? So they’re time to detect, time to interrupt, recovery rate, member outreach completion rate, typology coverage in your monitoring rules, percentage of staff trained on scam scripts in the last quarter.
Nyla Cortes50:43
Those tell you whether you’re getting better before the losses show up.
Nyla Cortes50:50
And if you’re only measuring losses, you don’t really have a fraud program. You have a fraud accounting function. I say that lightly. With love. With love.
Hailey Windham50:59
Ooh. Mic drop. I’m not saying it with love. I’m saying it. Listen here.
Hailey Windham51:07
I mean, if you only know you have a problem when losses show up on a report, then you are already behind. Here’s your sign.
Hailey Windham51:16
Operational readiness means you understand your fraud posture before that incident. You know your gaps. You know your vulnerabilities. You know those escalation paths, just like you were talking about.
Nyla Cortes51:15
Yep. Yep.
Hailey Windham51:30
And I think this ties back to, again, benchmarking, because benchmarking tells you where you actually are and not where you think you are.
Nyla Cortes51:33
Yep. That’s right.
Hailey Windham51:41
So for an institution that’s listening right now and recognizing some of these gaps, where would you tell them to start? Like, what’s the first thing?
Nyla Cortes51:44
Hmm, three steps. Ready?
Nyla Cortes51:50
Step one. Inventory your current state. What fraud typologies are you actually seeing? What’s your loss trend by channel? What’s your detection-to-interruption time? What AI tools are in production, and who actually governs them? What fintech relationships touch member data or movement of funds?
Nyla Cortes52:14
You truly, truly, truly cannot modernize what you haven’t measured. Okay? That’s where I would start. Inventorying your current state.
Nyla Cortes52:26
Then, going into step two, I would identify the top two or three gaps and prioritize them. Not all of them. Like, we all know. We all know we have a lot of gaps, right? But your top two or three.
Nyla Cortes52:42
Because most institutions, they will try to fix everything at once. But what ends up happening is not finishing anything. That’s too much.
Nyla Cortes52:54
So pick the gaps that have your highest fraud exposure and work those first. Okay?
Nyla Cortes53:02
Step three, build the fraud and compliance bridge. I feel like we are reiterating this through this entire episode, right? Building that bridge. Collaboration.
Nyla Cortes53:15
Make sure you’re doing those joint quarterly reviews. We’re sharing typology tracking, and we have agreed-upon escalation paths.
Nyla Cortes53:27
This is truly, truly a foundation that makes everything else stronger, because once fraud and compliance are aligned, every other initiative gets easier. You would be amazed. You would be amazed.
Hailey Windham53:28
Yeah.
Nyla Cortes53:45
But that’s the work, right? It’s not glamorous. It’s not the AI conversation that’s getting all the headlines, but it’s what actually is moving the needle inside institutions right now.
Hailey Windham53:50
Bridge the gap. Bridge the gap.
Nyla Cortes53:52
Bridge the cannon. Who is that? Who is that?
Hailey Windham53:57
It’s your conscience. Bridge the gap.
Nyla Cortes54:03
Wow, my conscience is so smart.
Hailey Windham54:05
I didn’t know my conscience had all that going on.
Nyla Cortes54:09
Should listen to her more often.
Hailey Windham54:12
I also want to say, though, all the things that you were just describing also goes back to another point that you and I have made before as well, which is the fraud risk assessment, right?
Hailey Windham54:25
Like if you can do that, if you have one, use that as your starting point to say, hey, here are those gaps. So we need to prioritize. Here’s what’s missing. Here are our current vendors. Here are the functions. Blah, blah, blah.
Hailey Windham54:40
And so if you haven’t done that, and you haven’t done these three steps that Nyla said, you know, this is your sign to do those things because it is such a practical starting point.
Hailey Windham54:54
It is one that is easy to do. It doesn’t require any additional, you know, monetary resources. It’s just you understanding, documenting, and making sure that you inventory again that current state.
Hailey Windham55:09
I love that you said that. And I think that’s what people need to hear, right? It’s not overhaul everything immediately. Stop it. Overhaul. Do this now.
Nyla Cortes55:13
Mm.
Hailey Windham55:22
But it’s here’s the first conversation to have. Here’s the first question to ask. You know, because modernization is not a single event. It’s not going to happen overnight. Like you said, it’s a direction.
Hailey Windham55:38
And you can move in that direction intentionally, or you can get pulled by it reactively. The institutions that are going to navigate this environment well are the ones who are moving intentionally.
Hailey Windham55:53
So I think that we are at a good point. I think we’ve kind of circled this enough. But I want to ask, you know, if you have any closing thoughts, it’s time to bring this episode home.
Nyla Cortes55:58
So.
Hailey Windham55:59
And I’ll sorry. I’ll fix this.
Nyla Cortes56:02
No, that’s okay. I was truly just going to say, I think what I really want to talk about is what really gives me hope in this environment, right?
Nyla Cortes56:13
Like, honestly, the people. Like, the fraud fighters who are showing up every day doing this work inside resource-constrained environments and still pushing their institutions to be better. It makes my fraud heart happy, truly.
Hailey Windham56:29
Gives me chills. Gives me chill bumps.
Nyla Cortes56:31
Right? It truly makes me the most hopeful.
Nyla Cortes56:37
And I’m also hopeful about the conversations like this one that are happening more openly. Five years ago, we didn’t really talk about fraud the way we talk about it now. I mean, you and I can attest to that. Five years ago, we were working together.
Nyla Cortes56:53
Like, we didn’t talk about scam victims with empathy that we do now. Not me and you, but, you know, in general.
Hailey Windham56:57
Out loud in the network, in the industry.
Nyla Cortes56:59
In the industry, nobody really talked about it, right? We didn’t have podcasts dedicated to this work, and now we do.
Nyla Cortes57:09
The fact that we’re naming the hard things and sitting in the tension out loud is in itself progress.
Nyla Cortes57:19
And I think the executive order conversation, just to kind of full circle this, right, despite my open questions about it currently, is creating space for fraud and compliance teams to be in the modernization conversation much earlier.
Nyla Cortes57:36
That’s a win if institutions take advantage of it.
Hailey Windham57:34
So true. Nyla, thank you again for agreeing to come on the podcast to dive deep into this conversation.
Hailey Windham57:43
I think our industry needs to hear more conversations like this. It’s, you know, not the version where we all agree that innovation is great and fraud is bad and everyone goes home feeling fine, right?
Hailey Windham57:56
It’s the version where we actually sit in the tension. You can cut the tension with a knife. Where we, you know, name those hard things like you mentioned and talk about what it’s really like inside the institutions that are trying to navigate this in real time.
Hailey Windham58:16
So thank you.
Nyla Cortes58:10
Yeah, of course. You know, and I’ll leave it right here for you.
Nyla Cortes58:18
None of us know exactly what the next twelve months are going to look like. The regulators haven’t responded yet. The rules haven’t been written. The fintechs are moving, right? They’re all moving at light speed. So are the scams. They’re evolving like crazy.
Hailey Windham58:27
Mm-hmm.
Nyla Cortes58:37
We don’t get to control any of that, though. But what we do get to control is whether our institution is ready.
Nyla Cortes58:46
And to all the fraud fighters listening out there, the ones working late, holding the line on cases nobody really sees, making the hard call when the answer isn’t in the policy, what you do matters.
Nyla Cortes59:02
Members don’t always know your name, but they feel it when you do this work well. So keep going. The industry truly needs you.
Hailey Windham59:00
So true. So true.
Hailey Windham59:04
And then you had your parting thoughts. I’ll have mine. It’s my podcast. So sorry, my turn.
Nyla Cortes59:07
You’re right. So sorry.
Hailey Windham59:15
The last thing I’ll say on this, at least for today, you know, I feel sure it’ll be another conversation soon. Innovation and reduced risk are not the same thing.
Hailey Windham59:25
They can coexist, but they don’t automatically come together. And the institutions that are going to get this right are the ones who refuse to treat modernization as a fraud team problem to solve after the fact.
Hailey Windham59:40
You know, bring fraud teams to the table early. I’m going to say that one more time. Bring fraud teams to the table early.
Nyla Cortes59:43
Bridge the gap. Bridge the gap.
Hailey Windham59:50
Build the gap. Bridge the gap. Build governance infrastructure before you accelerate. You know, understand your current state before you try to move faster.
Hailey Windham60:02
And stop operating like fraud and compliance are two separate conversations because they are one now.
Hailey Windham60:10
The industry is changing fast. Fraud pressure is scaling alongside every single one of those changes. And the fraud fighters who are paying attention, who are asking the hard questions, who are building the operational maturity to back up that innovation, those are the people who are going to protect their institutions and their customers through this.
Hailey Windham60:34
So fraud fighters, stay vigilant, stay informed, and keep moving fraud forward.
View full transcript