With more than two decades of experience across the UK’s financial crime landscape, Paul Munson has worked on everything from complex asset tracing at HM Revenue & Customs (HMRC) to high-profile corporate corruption cases at the Serious Fraud Office. He led compliance functions in fintech startups, contributed to FCA (Financial Conduct Authority) supervision and policy, and helped secure EMI and crypto licences across Europe and Asia-Pacific.
Today, Paul leads Wallester’s UK compliance operations as Chief Compliance Officer and MLRO – overseeing licensing, safeguarding, and anti-financial crime efforts in one of Europe’s most fast-moving fintech environments.
In this interview, he shares reflections from his career so far, insights on how financial crime is evolving, and what it really takes to build smarter compliance frameworks in 2025 and beyond.
Interviewer: You’ve worked across nearly every part of the UK’s financial crime ecosystem – from HMRC and the Serious Fraud Office to fintechs and the FCA. What drew you to compliance in the first place?
Paul: I like investigating things and have a strong investigative mindset, which working in compliance I get to use when I conduct due diligence and investigate suspicious activity in terms of fraud and money laundering. I started doing that on money laundering cases in HMRC as a financial investigator and continued that throughout my career. I see compliance as an essential part of any successful business, and it’s about working with the business to build and deliver compliant controls that allow the business to onboard customers safely and meet regulatory requirements.
Interviewer: Looking back, what’s been the most surprising case or investigation you’ve worked on – something that really stuck with you?
Paul: I worked in HMRC on several “Hawala” banking cases. This is where money is moved on trust rather than physical movements or transactions – it is used for legitimate trade to supply goods and services to more remote areas where banking and payment are less readily available. However, in the cases I worked on, criminal cash was used to fund “Hawala” transactions and effectively clean the money involved. It was a very sophisticated method and left little or no audit trail to investigate.
Interviewer: You’ve recently joined Wallester as CCO and MLRO for the UK. What excited you about the role? And why now?
Paul: I was excited to join what is already a significant and growing company in Europe with a solid business model and a strong UK management team. I joined having recently worked with a large American startup and gained an FCA EMI (Electronic Money Institution) licence for that company in the past 12 months. I like working in new and innovative business environments that allow me to use my experience but also learn new skills, and I think Wallester is the ideal environment for that to happen.
Interviewer: You’ve worked with both startups and regulators. How different are the conversations around risk and compliance inside a fintech compared to inside the FCA?
Paul: Both roles involve the effective management of risk and using a risk-based approach to manage financial crime and compliance risk effectively. Within the FCA the discussions would be about managing industry or sector risks effectively and building a supervisory strategy to test and manage risk – it would also involve specific casework and firm reviews and visits to support supervisory activity and gather evidence. In fintech the conversation is more about managing actual risks and preventing them from happening and using particular technology in smart ways to find and prevent financial crime – but also using manual processes and people to support the approach to manage risk.
Interviewer: What’s the biggest compliance blind spot you see in fast-growing fintechs today?
Paul: I think an emerging risk is that of the use of artificial intelligence and more sophisticated fraud methods where social engineering and AI is used to develop the scam. Criminals are early adopters of technology and use it well. They also collaborate effectively in the dark web and offer fraud as a service, which really maximises the problem. We need to use as much smart technology as we can to spot scams and fraud – but also really be tracking more effectively what criminals are doing and how they operate to ensure we have robust controls.
Interviewer: You’ve said your method is to always ask: “How would I launder money using this?” Can you explain how that mindset helps build stronger compliance frameworks?
Paul: I always try to look at any business I work in as part of the risk assessment process and think how I would use this product to launder money or commit fraud – as this helps in terms of looking for weaknesses in the control environment or setting transaction monitoring rules. This is always combined with an actual review of existing typologies seen in practice from the actual transaction monitoring and anti-fraud measures.
Interviewer: From your perspective, what makes a good MLRO today? Is it more about systems, people, or mindset?
Paul: A good MLRO has to be adaptable, have a good understanding of technology and the business and products in which they work. As I said earlier, the investigative mindset is essential to understand the cases that arise and prevent them – but also look for emerging trends and risks. You also need to be a good communicator to get to know everyone in a business and have their trust – so they hopefully let you know if they have any suspicions or encounter things they find unusual, because this intelligence is key to success in preventing money laundering as much as any tech or other monitoring.
Interviewer: You’ve worked on EMI and crypto licensing in the UK and across Europe. What’s your view on where UK regulation is heading in 2026?
Paul: The UK has very recently announced new rules for regulation of cryptocurrency, which is a positive sign.
It’s available here: https://www.gov.uk/government/news/new-crypto-rules-to-unlock-growth-and-protect-customers
However, given they will be regulated like other firms that offer investments and assets, this will increase the regulatory burden on firms and potentially not help more innovative and newer businesses who do not have the regulatory experience and cannot afford to bring in people that do. My hope is that the right balance between effective regulation and development of the UK crypto industry – including stablecoins – will be found and progress in 2026.
Interviewer: You’ve helped set up outsourced compliance models in several companies. How do you balance efficiency and accountability when not everything is in-house?
Paul: I see having outsourced controls as potentially an advantage – where dedicated teams can work on onboarding or transaction monitoring and, given the scale, be able to use the best people and technology. In terms of my job, it is key to maintain very good oversight on anything that is outsourced and have accurate reporting and service level agreements that are adhered to so success is guaranteed. I also like to work closely with the outsourced providers to get the best quality and service from them.
Interviewer: Tell us a bit about your creative side. We heard you’ve taken writing classes and are working on a novel about money laundering. What’s the story behind that?
Paul: Yes, I have had the idea for a fiction book plot for a while – inspired really by the series Breaking Bad, where someone can turn their skills in a different direction when life dictates. I have had snippets of an idea and also enjoy particularly reading fiction books around investigation and crime fiction – like Slow Horses and the Rebus novels. I wanted to learn more about creative writing so I did a night school course last year at City University in crime fiction.
Interviewer: What’s the most common misconception people have about financial crime – either how it works or how it’s caught?
Paul: I think they probably think financial crime is not that important and they are pretty safe from it – but particularly fraud is a huge problem for society and makes up 40% of all reported crime in the UK and is growing. It is good that firms are looking to protect their customers, but I think everyone needs to play a part in protecting themselves. Having up-to-date passwords and also the latest version of any operating system downloaded to protect security – particularly if someone takes your phone they can take over your account without mechanisms being in place. Or with your family – in terms of having a code word that only they would know so you can ensure any requests are genuine, as fraudsters often now pretend to be a family member to extort funds as part of the scam.
Interviewer: Finally, when you’re not thinking like a fraudster – how do you switch off?
Paul: I wouldn’t say I think like a fraudster – but I just put myself in their shoes sometimes. I like to relax by cooking and reading and also watching a lot of television – particularly like crime programmes, as I said before, either documentaries or series like Slow Horses, Black Doves, The Diplomat, Black Rabbit, and Ozark. Also spending time with my family and going to the theatre and music venues for gigs.
