Antonio Polo: "Balancing Innovation and Regulation Is the Financial Industry's Greatest Challenge"
On this page
Table of contents
Antonio Polo serves as the Head of Compliance at MyInvestor, a digital bank backed by Andbank Group, El Corte Inglés, AXA, and several private investors. With an established career in the financial sector and previous experience at institutions within the Santander Group, Antonio oversees regulatory compliance for an entity managing hundreds of thousands of users, helping implement automated processes to categorize clients and prevent fraudulent activities.
"Balance is our greatest daily challenge: supporting business projects to move forward while meeting regulatory requirements, without losing sight of our own obligations as a compliance function," he states, while emphasizing that "a multidisciplinary profile will be essential not only to survive in this profession but to provide real value in an increasingly complex regulatory environment."
Question: Could you tell us about your professional journey before joining MyInvestor?
Answer: My path began as a law graduate. Although I started at a law firm, I quickly realized my calling was elsewhere and entered the banking sector through outsourced legal advisory services. One of the main attractions was the possibility that these entities would hire you directly, which fortunately happened to me right before the financial crisis hit.
I joined the Santander Group when they were beginning to form multidisciplinary teams to digitize processes, especially client onboarding. They were looking for professionals with legal expertise who could internalize new regulations and explain them to the team. Initially, I worked at the Spain level, but as regulatory requirements increased and regulations with global impact emerged, I was incorporated into a global team to implement these regulations in the more than 25 countries where the bank operated.
I was initially assigned to Latin America, but gradually took on more regions, which allowed me to collaborate with Big Four consulting firms and evolve from a purely legal profile to a more comprehensive one. I no longer just interpreted regulations but implemented procedures, controls, policies, and training for different departments.
After several projects, I joined a unit that had just received authorization to become a custodian bank. My work there involved ensuring that asset managers and investment funds complied with various regulations as well as the bank's own obligations. We faced major challenges such as the implementation of MiFID II and the General Data Protection Regulation (GDPR), while building the entire governance structure and supervising units in Latin America.
I was there for approximately four years until 2020, when after a corporate operation with Crédit Agricole, the Spanish unit became majority French-owned. Although the reception was excellent, after 10 years in the group, I felt the need for a change.
In the midst of the pandemic, when it seemed all processes would stop, I was contacted by a Fintech that had just received authorization from the SEC equivalent in Spain to operate as a broker. The project sought to democratize access to investment, eliminating barriers such as lack of knowledge and high costs. They offered me the position of compliance officer, legal advisor, and data protection officer.
It was an intense experience that forced me to open my mind, working with different profiles and facing all kinds of challenges, including funding rounds. We managed to grow and form teams, but the rapid rise in interest rates severely impacted the company as a startup dependent on external financing. After three years, I decided it was time to seek new horizons.
That's when MyInvestor contacted me. Driven by the Andbank Group, traditionally specialized in private banking, they had launched MyInvestor, a digital bank specializing in investments for retail clients. They had just completed a business spin-off and needed a compliance officer to address all the regulatory obligations that come with being a bank. This April, I'll complete two years in this position.
Q: With so many users at MyInvestor (500,000), how do you manage risk profiles during onboarding to maintain an efficient workflow?
A: Although I'm not directly responsible for anti-money laundering at MyInvestor, I'm familiar with the process from my previous experience. With the volume of clients we handle and our high growth rate, automation is absolutely essential. Without it, we would be completely overwhelmed.
Our structure is based on an AML manual that establishes criteria according to applicable regulations. The onboarding and risk categorization process is designed to automatically classify clients into different risk categories. For most profiles, this process is completely automated, while only those with special requirements undergo a more manual and detailed review.
To give you a sense of scale: we not only manage nearly half a million clients, but we also receive thousands of new registrations weekly. With these numbers, any manual process that isn't strictly necessary must be eliminated or minimized as much as possible.
Q: How many people make up the team dedicated to these verifications?
A: The team is constantly growing. The important thing to understand is that it's not just about verifying the client's identity at entry, but about continuous monitoring. Regulations require not only checking that the person can become a client but also monitoring that they don't conduct suspicious or fraudulent transactions afterward.
This monitoring activity is very intensive and requires constant analysis of documentation to detect possible fraudulent activities. In fact, along with proper initial identification, one of our biggest challenges is fraud prevention. As a digital bank, we must establish robust mechanisms that continuously evolve to stay ahead of new techniques used by fraudsters.
Q: With the rise of AI and deepfakes, have you noticed an increase in fraud attempts using these technologies?
A: I couldn't confirm a significant quantitative increase, but we definitely observe greater sophistication in the methods. We see more capability and creativity in fraud attempts: ID impersonation, emails posing as clients, and even impersonation of employees with authority to request internal actions.
This makes daily operations extraordinarily complicated. Imagine normal email management in departments that are already overloaded with work, and add the need to constantly verify the authenticity of each communication. It's a problem that goes well beyond the obvious.
And that's just looking from the human perspective. On the technical side, cybersecurity attacks represent another challenge for banking that we need to be prepared for with specialized teams and by complying with multiple emerging regulations.
Q: What are your thoughts on using AI as a tool to improve compliance processes?
A: I believe it will be an extremely valuable tool. The volume of information we handle continues to grow, and we have more and more data to analyze, filter, refine, and report, both internally and to regulators. AI can help us condense and process all this information to establish more precise conclusions.
However, this also presents new regulatory challenges. The recent AI Regulation in the European Union requires us to establish specific mechanisms for using these tools. Additionally, we must always keep data protection in mind. We need to be extremely careful about what information we incorporate into these systems and how we protect privacy.
I'm in favor of using these technologies, but with caution and awareness of the potential risks. Since these are such recent innovations, we may not yet have fully internalized all the risks or be able to visualize all the long-term consequences.
Q: From your experience, how have you seen client knowledge and anti-money laundering regulations evolve, and what impact have they had on the industry?
A: There has been a clear before and after since the approval of the 2010 law. Although banks have always performed client identification with different levels of due diligence, there wasn't such a specific regulatory foundation as we have now.
With the new regulations for obligated entities, we entered a completely different universe where due diligence must be performed with maximum detail for both individuals and legal entities. With legal entities, the complexity increases exponentially, especially in multinational environments where each jurisdiction has its particularities, even within the European Union.
What we've seen is a partial transfer of responsibility from regulators to financial institutions, which are now key players in ensuring that money flows and individual identification are adequately controlled. Without financial institutions, it would be practically impossible to adequately supervise the system given its size and complexity.
However, there is still a way to go, as not all players are at the same level of implementation and compliance.
Q: Would you say the Fintech sector, both in the U.S. and globally, is sufficiently aware of all these regulations?
A: Progress has been made, but there's still work to do. Personally, I support the new companies that have emerged because they have revolutionized banking in many ways, offering more accessible services with lower costs. We ourselves, although we are a bank, share many characteristics with Fintechs.
The level of awareness depends greatly on the founders and leaders of each entity. It's essential that they understand that, although they are recently created companies, from day one they are regulated entities with all the obligations that entails.
We're moving in the right direction, but it's a matter of time before everything settles properly. Companies must understand that offering innovative products is just as important as complying with regulations, because any regulatory issue can completely halt business operations.
I know that some Fintechs and neobanks have already experienced problems due to regulatory non-compliance. And it's not always due to a deliberate decision not to comply, but often because they weren't fully aware of all the implications of their activity. The obligations are so numerous that when you're creating a new business, it's easy to miss something, especially if you don't have team members with that specific experience.
Q: What are the biggest challenges in staying updated with the constant regulatory evolution?
A: Even for specialists dedicated exclusively to regulatory advisory, it's extraordinarily difficult to keep up with the volume of new developments: regulations, requirements, guidelines, and circulars that constantly appear. The regulatory pressure in recent years has been overwhelming.
Although there are now signals that some requirements might be reduced due to the geopolitical context, the current situation remains one of extreme regulatory pressure. Any professional in control functions at a financial institution will confirm the same.
The challenge intensifies because we not only have to interpret and advise on these regulations, but we're also an integral part of the day-to-day business. This significantly reduces the time available to analyze, interpret, and implement the new regulations that emerge.
Q: On a practical level, what do you consider to be the greatest daily challenge in your position?
A: The key word is balance. We must provide daily support so that business projects move forward correctly while complying with all regulatory requirements, but simultaneously we cannot lose sight of our own obligations as a compliance function. Furthermore, we are an increasingly relevant figure because we must interact with and understand all departments, know their needs, and advise on key aspects.
We have a constant regulatory calendar: reporting in January, reports to senior management in February, and so on. You can't neglect these obligations, but you also can't stop supporting business areas, new projects, and new ideas.
Additionally, we must anticipate upcoming regulations to alert about requirements that will need to be implemented in future projects. This balance is particularly difficult in our case due to the rapid growth we are experiencing, which intensifies the pressure on all processes.
Q: What trends do you think will mark compliance management in the financial sector in the coming years?
A: A few years ago, the compliance officer was "almost invisible," someone who was occasionally consulted to make decisions, report problems, or interact with regulators.
The evolution has been radical in a short time. Due to regulatory proliferation, we have had to become multidisciplinary professionals. It is no longer viable to be limited to specialized knowledge in very specific areas; a broad vision of the entire regulatory spectrum is needed.
Regulations continue to expand into new territories. Ten years ago, no one expected a regulation like DORA. Eight years ago, there was a data protection law that barely received attention, and suddenly a European regulation appeared that completely transformed data protection.
This pattern repeats in multiple areas: consumer protection, investor protection, various types of reporting to regulators, client identification, cybersecurity, artificial intelligence, sustainability... Each with its own information requirements, reporting obligations, and implications within entities. It's rare to find a regulation that doesn't impact companies across multiple departments.
The compliance professional of the future will need increasingly broad knowledge. The multidisciplinary profile will be essential not only to survive in this profession but to provide real value to the organization in an increasingly complex and expansive regulatory environment.
Didit News