For a long time, leadership roles in financial crime, whether in the first line or second line, have largely been about managing teams, knowing the rules, understanding the risks, and making sound judgements about individual cases or types of cases. You needed to know how regulation should be applied, how customer processes worked, and where the key decisions were being made. That was the heart of the job. In many organisations, it still is.
The challenge today is that the environment around you is changing. Financial crime controls now sit inside faster, more automated and more complex systems. Decisions that were once made by people, are now increasingly influenced by workflow design, screening logic, monitoring rules, system configuration and AI.
That’s why an engineering mindset is becoming essential.
I don’t mean you need to become an engineer in any literal sense. I mean being more inclined to ask how things actually work as opposed to simply did it give the right result: what fed into the decision; who validated how the information was interpreted; where the approach might come under strain, and whether the control environment has really been designed to cope with the demands being placed on it.
My own background has probably shaped how I look at this. I studied engineering before moving into Financial Crime, and that has stayed with me. I naturally find myself asking how something works in practice, where the weak points are, and what happens when volume, speed or complexity start to rise. Over time, I’ve found that way of thinking more and more useful, and more aligned to the systematic controls being introduced.
-3.png)
None of this is to say the traditional financial crime skillset has somehow stopped being valuable. It hasn’t. You still need to understand regulation, know the risks, recognise what good judgement looks like and make sensible decisions based on your experience as a financial crime leader. You still need a working knowledge of customer journeys, operational processes and the points where risk is supposed to be identified and managed.
And to be fair, a lot of strong financial crime leaders already think hard about how controls really operate, where processes break down and what needs to change. So I’m not saying everybody now needs to reinvent themselves.
It’s more that the balance is changing. More of the real control work now happens through systems, data, workflow and automated decision-making. In some places, AI is starting to shape very different environments. So it’s no longer enough just to understand the risk and explain what should happen. You also need to understand how that judgement gets turned into something that happens reliably, consistently and at scale.
A simple way to think about the change is this. The more traditional financial crime mindset is a bit like that of a lawyer, investigator or experienced case reviewer. You have years of experience in doing this. You look at the facts, apply the rules, use judgement and instinctively come to a view.
But the environment now asks something else of you as well. It asks you to think about the design of the system. Where exactly is the decision being made? What data is feeding it? What triggers action? What is automated, what is manual, and where are the failure points? If a control depends on an experienced person spotting something at the right moment, will it still work in a high-volume, digital process? Will it still work when you’re not looking?
Take onboarding. In a more traditional model, it might be enough to have a clear policy saying which customer types, structures or behaviours need greater scrutiny, and to rely on trained staff to spot them. In a more automated environment, you also need to understand how that judgement has been built into the actual process. What information is collected? What fields are mandatory? What drives the risk rating? What triggers escalation? What happens automatically, and what still relies on a person noticing something?
Over the next few years, you’ll need more of an understanding of process design, so you can see where friction, inconsistency and rework weaken control performance. You may need a better grasp of data, so you can ask whether the information feeding a control is good enough and structured in the right way. You may need to get more comfortable with automation and control logic, because more and more of the control environment will sit there. And you’ll probably need a stronger understanding of AI and model design, including where it can help, where it can go wrong, and what proper oversight looks like.
Some readers will already be building those muscles. Some may already have them. But they’re going to become more and more important.
You’ll probably recognise the pressures I’m talking about here. But the risk is that time slips by, day-to-day demands take over, and you don’t make the deliberate changes needed to keep building your capability.
For most people, I think the answer is to be practical about this. Work out where you may be less strong, then take deliberate steps to build your skills and knowledge in those areas. Spend more time understanding how your controls really work in practice. Sit with the people designing workflows. Ask harder questions about how policy becomes rules and decisions. Get closer to the data. Learn enough about automation and AI to challenge confidently, rather than feeling you have to leave that conversation to others.
The core purpose of a financial crime leader hasn’t changed. You still need sound judgement, clear thinking and a firm grip on risk. But over the next few years, the leaders best placed to stay ahead will be the ones who keep building their capability and can connect financial crime expertise with process, data, technology and design.
.png)
