Fincrime Fighters Expert Interviews: Seth Sattler

Fincrime Fighters Expert Interviews: Seth Sattler

In this series, we interview compliance officers and other financial crime experts to find out the latest career tips, industry insights, and interesting trends you need to know. Sign up for our newsletter so you don’t miss out on upcoming interviews!

In this installment of our Fincrime Fighters Expert Interviews, we had the privilege of speaking with Seth Sattler, Chief Compliance Officer at DigitalMint. You can find Seth on LinkedIn.

Who are you and what do you do at DigitalMint?

I’m the Chief Compliance Officer at DigitalMint. I started as DigitalMint’s first full-time compliance employee and have been with the company for over 5 years, building out our compliance program and team. My job is now maintaining an effective compliance program, including fraud and sanctions, and managing the regulatory landscape in the US and Canada. Also, as we introduce new products and encounter new risks, I’m responsible for building that into our portfolio and making sure we stay within our risk tolerance. It’s a role of many hats.

What was your route to becoming Chief Compliance Officer?

I started at Huntington Bank as an AML analyst, then I got the unique opportunity to be on their model optimization team building out scenarios, designing investigative processes, and acting as a liaison between the teams responsible for model, OFAC, and customer risk. This gave me a lot of experience with all the different aspects of AML and Financial Intelligence Units.

After some time, I wanted to see if I could build my own program. I looked at where the most challenging space would be to do so, so I chose crypto. At DigitalMint, I was initially hired as a normal compliance analyst while roles were still being worked out. But once I got there, I started building out the compliance program and, because I was so integral to designing the program, had the opportunity to defend the program in an audit about a year and a half into my role. The rest is history as I became the logical choice to lead our compliance program.

What is your favorite thing about being Chief Compliance Officer?

Getting to be creative and build my own program. While I was in banking, I saw a lot of things in compliance programs that weren’t as effective or efficient as they could be.

When I could control my own program, I was able to implement solutions that were more effective than things I’d seen in the past.

Of course there are rules and regulations that everyone has to abide by, but you get to put your own spin on how best to address these requirements, which is what keeps me excited every day.

What is the hardest thing about being Chief Compliance Officer?

The fact that no one knows where regulation is going or how to apply it to certain aspects of the crypto industry. We’re an ATM business and a ransomware liquidity business, so we deal all the time with new regulations, guidance, and FinCEN advisories addressing both sectors of the industry. We have to stay inside our guardrails amid always-changing aspects of our industry.

I also think education is critical. The hardest part of my job as a Chief Compliance Officer in a niche aspect of the crypto industry is convincing people outside of our niche that we’re not the same as some of the bigger names, like Coinbase, Gemini, or Paxos, and we have a separate business model. I help people understand that how we apply regulation to our business model may not be how Coinbase or others do it in their context. This is a conversation I’ve probably had a thousand times in the past five years.

If you had to choose the number one most important skill to do your job, what would it be and why?

Being able to adapt. I always tell my team that when you’re building an AML compliance program in crypto, you’re fooling yourself if you think it’ll be a static program for more than a year. The program has to be able to adapt to new products, regulations, requests from law enforcement, and requests from your own bank partners. You have to be able to take things you learned in the past, like AML scenarios from traditional financial institutions, credit card companies, or money transmitters, and adapt them to crypto.

This is the most important skill because a crypto compliance program is the most dynamic and fluid AML program you can work in – it can feel like a roller-coaster sometimes.

What might surprise most people about financial crime compliance for crypto companies versus traditional financial institutions?

Aside from ransomware, there really is no such thing as crypto-enabled financial crime. Every financial crime that already existed in the past has adapted to crypto.

Crypto is not the reason for romance scams or investment fraud or drug marketplaces – criminals have just adapted to the dark web, Web3, and crypto.

I’d say around 90% of our AML scenarios on the fiat currency side mimic those that can be used in any other financial institution, but we then get to add the blockchain side of those scenarios. So we actually have more detection capabilities and insights than traditional finance even when we’re going after the same typologies that traditional finance is looking for.

The crypto compliance landscape is constantly shifting. What are the biggest financial crime risks or challenges that crypto companies face today?

On a micro-level, it’s fraud. Now you hear lots of stories of “pig butchering” (scams in which scammers gain victims’ trust over time to manipulate them into phony investments before disappearing with the funds), though I dislike the term. Investment and romance fraud is the biggest thing we’re seeing now.

So the highest risk is protecting the consumer – the last thing you want is for consumers’ first experience in crypto to be fraud, because then there won’t be mass adoption.

On a macro scale, it’s large “rug pulls” (scams in which developers attract investors and capital to crypto projects, before walking away and disappearing with the funds) and FTX. The NFT hype has calmed down recently. But if these things keep happening, it’ll be impossible for legitimate bigger crypto businesses to thrive because they’ll always be tied to the worst story out there. People can’t differentiate between one story in crypto and a different company, and assume all crypto companies are the same.

What have you found most useful for addressing that challenge?

Education. For risks at the micro level, it’s important to educate consumers. At DigitalMint, we regularly put out articles and blog posts to educate consumers on risks out there and good and bad uses of crypto. We’re also constantly educating our own team about the newest typologies to look out for.

On the macro side, it’s important to educate regulators and banks so they understand that just because these larger scale frauds are happening, it doesn’t mean that we’re illegitimate too. Often, I get questions about how people lost their life savings at a crypto ATM, and I have to explain all our controls we have in place. Just because a different company had a control failure, it doesn’t mean that everyone is operating in the same way.

I frequently speak with agencies and law enforcement about crypto ATMs. I like having these conversations because it shows that we’re comfortable interacting with authorities, lets them know what we’re doing so they can reach out to us, and reassures them that the stories they’re hearing about our industry won’t happen with us.

You mentioned implementing more effective solutions in your own compliance program - what are the steps that have most improved effectiveness and efficiency in your program?

I’ve made a point of breaking down silos through a lot of cross-team training and cross career-pathing. Our AML team shouldn’t have to question what other teams are doing. If AML is seeing a lot of fraud, they don’t have to just send it to Fraud, but they can also build efficiencies to detect it earlier on their own side.

Also, because we’ve built our program and platforms from scratch, everything we need is on one screen providing a snapshot of exactly what our investigators need.

To get a customer profile, you don’t have to go through 9 screens or 15 different tabs – all the information you need is right there.  

Finally, being able to pick my own vendors is something I’ve enjoyed. I tested every vendor and tool when building our compliance program, and I picked the ones that best fit what I wanted, instead of being stuck with a legacy vendor.

For companies operating in the crypto space, what sets apart the control vendors that have been game changers in terms of risks mitigated or efficiencies gained?

The vendors that we really like and that are doing the best job are the ones that take industry feedback to heart. With legacy vendors in traditional banks, you can tell them about emerging trends or issues and ask them to address it, but they often won’t be responsive at all.

With our best vendors, we can tell them about a risk or gap in coverage we found, say we’d like to be able to address it using your tool, and they’ll show tangible progress toward addressing that risk.

Additionally, understanding business models is really important. The best vendors are able to say we have a product for traditional financial institutions, money transmitters, crypto, and fintechs, because we recognize they don’t all want the same features. Having a wide variety of features that businesses can tailor to their business model is always great.

Finally, cost is obviously important, because fintechs don’t have the same war chest as others.

I subscribe to sources summarizing crypto news, like TRM, Flashpoint, and Chainanalysis. Typically, in the morning, I consolidate and send the latest news to my team to communicate what we need to be thinking about. This could be anything from updates to regulations to instances of widespread fraud or major criminal cases.

We then establish how we’ll deal with new regulations and if any changes to our program are called for, or if we need to prepare for potential proposed regulations that may pass. If there is fraud or AML-related news, we think about things like whether our controls in place properly address it or whether we need to do training.

A lot of manual work still exists in the financial crime compliance space. If you could magic away a piece of that work, what would you do and why?

Pure implementation time for controls. There’s a lot of time between identifying a risk or a gap, building the model to address it, testing your controls, then actually going live. I’d be so happy if I could just drag controls and implement them, and skip the manual process of building controls on the engineering side, testing it all, then going live. Even in the banking world, there was always a really long lag time to implement controls – after building the model, controls sometimes wouldn’t go live for another six months.

Powered by Ghost