EXCLUSIVE: “Scaling Safely – Without Debanking” – Imam Saygili, Flagright in ‘The Fintech Magazine’

Another hefty fine for a UK neobank highlights the need for better compliance controls in fast-growing fintechs. Flagright‘s Imam Saygili says its AI-driven system offers a nuanced solution that keeps genuine customers and regulators happy

The debanking of high-profile UK politician Nigel Farage by Coutts Bank made headlines back in 2023. The lasting shift was a push for clearer reasons, longer notice, and audit-ready decisions before banks closed any personal or business account. Customers, regulators, and ombudsmen now expect decisions that can be explained.

That requires controls that are specific to the customer in front of you, transparent and logical, with individualised thresholds and evidence you can show later. According to Flagright – an AI-native, no-code platform for transaction monitoring and AML compliance – the answer isn’t ‘debank faster’; it’s ‘decide better’ and document why. Flagright has a ‘glass box’ model approach. Each alert and decision carries its own rationale: rule logic, key contributing signals, and a human-readable narrative.

Rules are version-controlled with who/what/ when/why, so every change is auditable. Furthermore, Flagright’s AI monitors customers individually, applying rules based on knowledge of their precise circumstances, rather than slapping a broad-brush on everyone.

“We’ve got a pet peeve about organisations applying a blanket approach across their entire customer base,” says Flagright’s Founding Solutions Consultant, Imam Saygili. “A customer who has been with you for three years, has been loyal and has never had any kind of suspicious activity report or other risk signals, should not be treated the same as someone who has been with you for three weeks.

“Compliance analysts often talk about false positive rates. But the reason they’re getting those false positives is because they’re applying a blanket approach to all customers.

“So, get rid of the ability to apply a rule across your entire customer base, and think instead about who that rule is most relevant to, and whether a threshold needs to be increased or decreased for individual customers.”

A subject access request to Coutts by Farage revealed its decision to debank him was influenced by his political views, which, according to the bank, put him in a high-risk category. A subsequent investigation by the UK’s House of Commons’ Treasury Committee revealed that 140,000 business accounts (2.7 per cent of accounts held by small businesses across eight providers) had also been closed by those providers during the previous 12 months. UK Finance said in its defence of the finance industry that providers take the issue of access to banking seriously, and the main reasons for account closure are financial crime concerns, a failure to complete customer due diligence, or an account being left dormant.

But if banks don’t have the ability to closely scrutinise customer account activity, there is a temptation for them to turn down a higher proportion of account applications or debank existing customers to reduce the risk of a regulatory breach – especially if the issues of KYC and anti-money laundering are running hot with the regulator, which they are in the UK. The £21million fine imposed by the UK’s Financial Conduct Authority on fintech bank Monzo in July 2025 and the £29million penalty on Starling Bank in November 2024 are stark examples of the consequences of running a weak compliance infrastructure.

“If someone is trying to access their banking services to buy food, or make a life-changing payment such as purchasing a property, then you can’t debank them just because an AI bot has told you to do so”

Monzo’s customer base grew from 600,000 in 2018 to 5.8 million in 2022. By 2020, the FCA had identified the bank’s onboarding, customer due diligence, and transaction monitoring were not up to the job and banned it from opening accounts for high-risk customers – but high-risk customers continued to be welcomed.

It was the bank’s lack of customer address verification that grabbed the headlines, with accounts opened under addresses including Buckingham Palace.

Starling Bank’s customer base had also grown rapidly – from 43,000 customers in 2017 to 3.6 million in 2023. The FCA identified serious concerns with the anti-money laundering and sanctions framework in place at Starling in 2021 during a broader review of challenger banks. Starling and Monzo were not alone. The FCA had observed that many challengers had poor customer risk assessment frameworks, some had none at all, and the collection of KYC information was limited, with even basics missed, such as not establishing a customer’s income or occupation.

Flagright says the key problem is often an organisation growing faster than its ability to develop its compliance systems – not an uncommon situation among fintechs. Its solution addresses that issue holistically, while also providing a roadmap for future expansion. It recommends a range of measures to strengthen a bank’s defences and, ultimately, avoid regulatory sanctions, including dynamic risk scoring, which replaces one-time risk assessments and instead continuously updates a customer’s risk level, based on their activity.

For example, if a previously low-risk customer starts receiving high-value transfers from abroad, a dynamic system would elevate their risk rating and trigger a review. Then there are real-time onboarding tools, which verify key customer information, such as identity documents with facial recognition or document verification APIs, and confirm addresses using reliable sources.

As fintechs innovate with new products and face evolving criminal tactics, their transaction monitoring rules must adapt, too. So, Flagright offers a version-controlled rule engine for AML transaction monitoring that tracks every change to a detection rule and the system records who made the change, why and when. This allows new rules to be deployed quickly to counteract emerging risks, and provides a clear audit trail.

Changing compliance culture

Flagright uses AI to detect potentially suspicious activity, such as behaviour changes. Every individual or organisation has their own alert parameters. Users deemed low risk have a higher anomaly threshold than higher-risk users, which, overall, Flagright claims, results in a 93 per cent reduction in false positives. It encourages firms to be audit-ready by regularly generating management data on compliance, such as the volume of suspicious transaction reports filed and the results of quality assurance checks on alerts.

Businesses should also conduct internal audits or independent reviews of financial crime controls periodically, regardless of whether a regulator demands this, it says. And all this should operate within the context of a company-wide compliance culture, rather than treating compliance as a tick-box exercise or obstacle. Saygili says: “We’re not a KYC/IDV provider. We ingest KYC outputs and orchestrate everything after – transaction monitoring, ongoing sanctions/politically exposed persons screening, rule management with full version control, investigations and reporting – so every decision is explainable and audit-ready.

“Using our platform, rather than just finding a point solution that fixes one of the challenges a client may have, means changes can be made to a compliance model, and there’s the ability to apply a risk-based approach to customers.

“Being SaaS-hosted, we take care of the expensive and often complicated stuff that compliance teams just don’t natively want to be dealing with.”

Flagright’s platform has proprietary features for transaction monitoring, case management, risk scoring and AML screening, as well as features provided by partners via an API, such as sanctions screening, ID verification and blockchain analytics. As well as using AI to help institutions address individual areas of compliance, it has a family of AI agents with superpowers that scan the whole compliance landscape and can help predict future threats (regulatory or fincrime), which can be used to inform an institution’s compliance policy.

Saygili says client interest around the use of AI is huge but careful consideration must be given to its potential to generate unintended consequences.

“We must remember the importance of what we do, and when we use AI we must make sure we’re not doing a disservice to the end-user,” he says.

“If someone is trying to access their banking services to buy food, or make a life-changing payment such as purchasing a property, then you can’t debank them just because an AI bot has told you to do so.

“We take a measured approach to how we use AI, and for us, there are two models. Firstly, there are the things that AI can holistically do for all customers. Things like writing case narratives, or suggesting rules that might perform well for them, based on a client’s customer base. The second is around building dedicated models that can detect fraudulent patterns and money laundering signals – these are built bespoke for the client.

“It’s important that we keep the analyst at the centre of decision-making but what we can do by using AI is reduce the time it takes for an analyst to service an alert.

“Analysts don’t want to be moving between three or four screens – the AI can capture the information, summarise it, and give the analyst what they need to make a decision in 30 seconds rather than five minutes.”

Launched in 2022, Flagright is currently working to boost awareness of its products after receiving $4.3million from a funding round in January.

“It’s about meeting people and explaining the approach we take, compared to some of the legacy vendors in the market,” says Saygili.

“During the next 12 months, we hope more people will hear about us and we can have more and more interesting conversations.”

This article was published in The Fintech Magazine Issue #36, Page 47-48