Baran Ozkan on Building Trust Infrastructure & Playbook for Modern AML

Baran Ozkan is the CEO and co-founder of Flagright, a platform focused on modernizing financial crime prevention and transaction monitoring for banks and fintechs. He works at the intersection of product, risk, and AI governance, building systems that help teams move faster without losing auditability and control.

Baran, what problem were you determined to solve when you started Flagright? 

A: I wasn’t obsessed with “building a compliance tool.” I was obsessed with a more fundamental question: how does trust scale when money moves instantly?

In too many organizations, compliance becomes a lagging control, batch reviews, brittle rules, endless backlogs, and a constant fear of missing something. That creates two failures at once: it increases risk and slows growth. Teams drown in false positives, while the genuinely risky patterns hide in the noise.

Flagright started from the belief that compliance should function like real-time decision infrastructure: accurate enough to stop what matters, fast enough not to block what doesn’t, and governed enough to stand up to scrutiny. That’s the bar we hold ourselves to.

How do you explain Flagright in one sentence to someone outside fintech? 

A: Flagright helps financial institutions detect, investigate, and prevent risk in real time, while keeping the decision process auditable and defensible.

If you take away the fintech jargon, our job is straightforward: when money moves, we help teams answer “Should this happen?” and “What should we do next?” with speed, clarity, and accountability.

What’s broken about legacy AML and transaction monitoring systems? 

A: Most legacy systems were designed for a world where transactions were slower and data was thinner. They rely heavily on static rules and thresholding, which creates a predictable outcome: volume overwhelms judgment.

When false positives explode, investigators get conditioned to “clear the queue.” That’s not a people problem, it’s a systems problem. Another issue is that many stacks are stitched together: one tool for monitoring, another for case management, another for reporting. That fragmentation destroys feedback loops, so models and rules don’t improve quickly.

What’s broken isn’t the intent, it’s the architecture. Modern risk needs to be continuous, data rich, and governance first.

AI is everywhere in compliance right now. What’s hype, and what’s real? 

A: The hype is the idea that AI will “automate compliance” end-to-end. In regulated environments, automation without accountability is a liability.

What’s real is narrower and more powerful: AI can drastically improve signal quality, triage, and investigation workflows, especially when paired with human decision making and strong governance. Done well, AI reduces noise, highlights patterns humans miss, and accelerates investigations with better context.

But the standard can’t be “it’s accurate in a demo.” The standard is: Can you explain it? Can you audit it? Can you operate it safely at scale? That’s where serious AI in compliance lives.

What does “real-time risk” mean in practice, and why does it matter? 

A: Real-time risk means the system can assess activity as it happens, not days later; because the harm is often immediate. For fintechs and banks, risk isn’t just “did something suspicious occur?” It’s also: Are we enabling fraud? Are we violating sanctions? Are we onboarding the wrong entity?

Practically, real-time risk requires three capabilities:

• Low-latency decisioning (fast enough to be useful)
• Context-rich scoring (good enough to be correct)
• Clear actions (flag, block, suspend, request info, escalate, log)

When you get this right, compliance stops being a drag on the business and becomes a trust accelerator.

Many CEOs worry that faster risk controls mean more regulatory exposure. How do you build trust with regulators and auditors? 

A: Speed is not the enemy. Opacity is the enemy.

We focus on what I call audit-ready decisioning: every action should have a clear rationale, traceable inputs, and documented oversight. That means strong logging, explainability where needed, model/rule governance, and disciplined change management.

Regulators are not asking for “perfect prediction.” They’re asking for reasonable controls, consistent processes, and evidence that the institution understands and manages its risk. If you can show why a decision was made and how you monitor outcomes, you’ve done most of the hard work.

What outcomes matter most to your clients? 

A: Customers care about outcomes that map to both risk and operational reality:

• Lower false positives (so teams aren’t drowning)
• Higher true-risk catch rate (so the system matters)
• Faster investigation cycles (so compliance doesn’t become a bottleneck)
• Cleaner audit trails (so teams can defend decisions)

The practical goal is to move from “compliance as throughput” to “compliance as judgment.” The best teams want a system that helps them make fewer, better decisions, not just more decisions.

What’s a contrarian belief you have about compliance and growth? 

A: A lot of leaders treat compliance as a necessary cost, something you minimize. I think that’s short-term thinking.

My contrarian view: Trust is a product. If you can’t manage risk with confidence, you can’t scale partnerships, payments volume, or new markets. Conversely, when your compliance posture is strong, it becomes a growth lever: faster approvals, smoother onboarding, fewer surprises, better relationships with partners and regulators.

In many companies, the compliance stack is the hidden constraint on growth. Fixing it unlocks capacity.

What have you learned personally as a CEO building in a regulated industry? 

A: Two things stand out.

First, in regulated markets, credibility compounds. You win by being consistently honest about tradeoffs: what’s possible today, what’s risky, what’s measurable. Overpromising is fatal.

Second, you don’t build trust with a slide deck, you build it through operational rigor. That means investing early in governance, security posture, and customer outcomes even when you’re tempted to chase speed.

The irony is: the more disciplined you are, the faster you can move.

If you had to name “the new compliance stack,” what does it include? 

A: I’d describe it as three layers:

1. Data trust: clean ingestion, enrichment, entity resolution, and consistent identity across systems
2. Decision trust: models + rules that are measurable, testable, and explainable enough for the risk context
3. Audit trust: case management, evidence trails, change logs, reporting, and governance

Most companies have pieces of this. The winners unify it so learning loops are fast: what you see in investigations improves future detection.

Where do you see financial crime prevention heading in the next 2–3 years? 

A: Two shifts.

First, financial crime will become more industrialized, more automation, more velocity, more cross-channel behavior. Detection will need to become behavioral and network-aware, not just rules-based.

Second, compliance teams will adopt more “copilot” workflows: systems that suggest next steps, assemble evidence, and reduce manual effort, while humans retain accountability.

The institutions that win will be those that combine AI capability with governance maturity. AI without governance creates risk. Governance without AI creates inefficiency. You need both.

What advice would you give to founders building in highly regulated categories? 

A: Treat regulation as a design constraint, not an obstacle.

Build with the end state in mind: auditability, defensibility, and operational reality. Talk to the practitioners early, compliance officers, investigators, risk leads. They’ll tell you where the pain really is.

And don’t confuse “shipping faster” with “learning faster.” In regulated industries, the fastest path is often the one with the most disciplined feedback loops and the clearest evidence trail.

Have you read?
Kenneth W. Rudzinski: Leadership Defined by Clarity, Integrity, and Long-Term Vision.
David Rocker on Leadership Strategy, Systems Thinking, and Sustainable Growth.
Why Dubai’s Real Estate Market Needs a New Customer Retention Strategy.
Why Operational Discipline—Not Expansion—Drives Scalable Telecom Businesses.
Corporate and Investor Immigration in 2026: A Strategic Imperative for CEOs and CHROs.