Voice-over: Welcome to Compliance Adviseert. We talk with experts, advisors, and business leaders about navigating risk and compliance challenges within the financial sector. Because the straight and narrow path doesn’t come with GPS. We’d like to thank our partners Hyarchis, Deloitte , de Volksbank and Osborne Clarke. Your host is Jeroen Broekema.
Jeroen: Welcome, listeners, to a new episode of the Compliance Podcast. I’m delighted to have with me Bart de Haan, the MLRO of Revolut in the Netherlands. Welcome, Bart.
Bart: Thank you, thank you Jeroen for having me.
Jeroen: Great you’re here, and I’m very much looking forward to this podcast, where we will discuss AML in FinTech. But obviously, we will talk about you, we will talk about Revolut, and many other things that will probably come into this conversation. And first of all, a little bit about you — I will ask you more in a moment. But first of all, you have 20 years of experience in the first and second line risk functions in the financial services industry. Both in the Netherlands as well as internationally. You have worked as a group compliance and compliance officer, and you joined Revolut to basically set up the branch here, right? And maybe that’s a great segue into this conversation. Because how did you end up setting up the branch for Revolut here in the Netherlands?
Bart: Yeah, it’s an interesting question to start with. Well, mainly because they asked me to join. But overall, I knew the financial app and the company already based on travel experience. So I think probably like you, living in the UK. And I learned about the fact that they were planning to start a branch. Which sounded attractive because I’ve had similar experience setting up a branch in Dubai in the past. And especially considering the fact that I spent most of my time in the more traditional banking environment in the Netherlands, it felt like… I don’t want to sound like I’m already too old, but it sounded like the right moment to make that move, if it was possible. Because if you wait too long, who knows where you will still be considered or where you’re already potentially speaking another language than the youth that we see in our organization. And I think that was one of the main reasons for me to consider it. When was this exactly? It was around two and a half years ago. And then the interesting part is that I was asked. But it turns out that’s maybe just the selection process in Revolut. That tries to find people with, let’s say, suitable CVs. And then uses the process of selection to make sure that they end up with the right candidate. But I learned along the way that being asked is just one step. And you still need to go through all the process steps. So for a period, I was working at ING at the time, thinking, who knows, this might be an interesting option to consider. Because I knew the company a bit. And while I went through the process, I learned that it’s quite an extensive process, with testing, with everything that comes with it. But it did make me sort of evaluate my own considerations and ultimately take the decision to go for that option.
Jeroen: Because why did they ask someone like you with your background? Because you would say maybe first a country manager or a more commercially driven person. But they asked more someone, as you, currently called the MLRO, right?
Bart: Yeah, I think the main setup is very lean. When Revolut starts branches — and we’re starting branches in the majority of EU countries — it’s very lean. And then it requires being very agile once you start. So we start with ideally a country manager. But at the time, we were setting up branches across Europe. So we had country managers doing several countries at once. And then when you set up branches like we do, I don’t want to sound like my role is the most important, but Fincrime is the main importance when it comes to expectations from a regulator locally. So yeah, if you don’t have an MLRO, it’s very difficult to start. If you have it, then the branch manager can, for the first period, be fulfilled from other entities. Or at least it doesn’t need to be as dedicated as the MLRO function at the time. So that’s why I think one of the first things that is focused on is getting the right people in. And I had experience in the ING context. And I think that was useful, at least in the beginning.
Jeroen: I’d love to ask you a lot more questions on Revolut. But first about you: In preparation for this conversation, we spoke as well as we emailed, and you said, I’m from an ING family, literally speaking, right?
Bart: Yeah, that’s correct. The interesting part is that I wanted to become a professional tennis player, which turned out not to be doable. My father worked for a bank, and that didn’t seem attractive to me at all, to be honest. It sounded boring. But after a while, when many alternative options dropped off, I figured, why not go for something more generic? You can always take a different direction when you’re in banking because there’s a variety of roles. So, that’s how I ultimately ended up at ING. But my father used to work for NMB, which was the predecessor of ING, and my brother worked for ING as well. His wife is still working for ING.
Jeroen: True family.
Bart: Yeah, it is a true family. The interesting part is that my father worked for ING his whole life. I joined ING at Legal Financial Markets. I worked there for one year, but I didn’t really like it because it was legal, and I was more interested in risk than legal. So I left and went to a Turkish bank, at the time. My father was very supportive of that. But it wasn’t like a long tradition of spending your entire career in one bank. I think it’s probably more about the generation, right? Nowadays, it’s not very common to spend your entire career in one organization. But at the time, ING was a solid employer, so it made sense.
Jeroen: You mentioned you wanted to become a tennis professional. Does that mean that you’re a competitive person?
Bart: Yeah, that’s one of the interesting parts. I wasn’t competitive enough or dedicated enough at the time. But I do think that’s something I recognize in myself. I also remember times at ING, where we had people in our teams with the same dedication. You could always link it to people being fanatical about sports, and I think there’s a connection that is useful—being disciplined and focused.
Jeroen: What made you interested in the risk and compliance side of the financial industry?
Bart: The interesting part is that for a long time, I thought content was what mattered—fighting crime or something along those lines. But for me, it’s more about relationship management and building connections with a variety of stakeholders. You’re somehow in between regulatory expectations, commercial expectations, and shareholder expectations. It’s not a day-to-day job. You’re dealing with all of them. But within that environment, you need to persuade people internally that something is necessary or convince a regulator that what you’re doing is heading in the right direction, or with the right intentions. I think that comes naturally to me. More than the content itself, I have to admit. I need to know the content in my role, but my greatest strength isn’t the content—it’s relationship management. It’s empowering and persuading people, motivating them to realize that something might be more in my interest than in the interest of people in the larger organization. I’m more closely connected to the Netherlands branch than some people at Group. But in my role, I need to persuade people that there’s a priority to fix or implement something that’s necessary from an NL perspective. That’s what I enjoy and what I think I’m good at.
Jeroen: Great answer about empowering and persuasion. It’s an interesting combination. So, tell me more about Revolut Netherlands and globally. Do you have any numbers you can share to give us a picture of where Revolut currently stands?
Bart: Yeah, of course. On the branch level, I started by myself, and now, if I look at the number of dedicated staff members, I think we’re close to 10. We have the ambition to reach, or come very close to, the 1 million customer goal by the end of the year. We’re likely to hit that mark.
Jeroen: These are all paying customers, or also those who have registered?
Bart: It’s a combination. It’s a good question and a useful clarification. We offer a free product, which lowers the barrier to entry. The main goal of the branch is to ensure that people start using it more often, more as a primary bank. That’s why the branch has the ability to offer NL-based products. We now have products focused on savings, money market products, and savings accounts, and those are doing well. The Dutch market and traditional banks here are still not always on top when it comes to savings products, especially in terms of interest. That’s something we’ve looked at and started offering. As for Revolut globally, we’ve hit over 50 million customers. A large portion of those are in Europe. We also have over 10,000 employees globally, which is a serious number now. We had a pre-discussion about the company definition. We don’t really consider ourselves a traditional bank; we’re a super app, as we call it. The term fintech connects us to startups, but I don’t think that’s an accurate reflection of what Revolut is. However, a lot of internal operations still feel like a fintech, and that’s why I feel comfortable referring to it as such.
Jeroen: I think the three words that come to mind for me are tech, bank—because ultimately, you are a bank from a regulatory perspective—and scaling, because that’s what you’re trying to do, right? You want to scale up very quickly. I was wondering, to what extent is this business going to scale to a size that will actually, let’s focus on the Dutch market, be a significant competitor to the three or four major banks here?
Bart: That really depends on how you define it. In terms of customers, because of the free product, we’re already doing quite well in the top ten lists. When it comes to the number of downloads per month, for financial apps, we’re often number one. But, of course, there’s this challenge—getting our customers to use the product more often and consider us as their primary bank, where they put their salary and set up their direct debits.
Jeroen: Yeah, this is what you mentioned earlier, right? Converting clients who are in but not paying much, into primary users. That’s more difficult than just getting them in.
Bart: Yes, and it’s really a long-term strategy. I think the setup of the branch was well thought through. But because we’re such an ambitious company, expectations are that the number of primary customers will increase quickly. We realize, though, when we see operations across Europe, that this is truly long-term. It doesn’t increase massively because it’s all about trust. We’re building that trust. The brand and reputation are continuously improving. Recently, we got the banking license in the UK, which helps. The Lithuanian regulator is more mature because of all the fintech activity there, and because Revolut is based there. People see that. But of course, Revolut had a long period where it tried to get the banking license in the UK and wasn’t successful. Now that that’s changed, there are still preconditions, but overall, we…
Jeroen: Yeah, because ultimately, you operate from Vilnius, Lithuania for the European Union market, and under the UK license, you manage the UK. Then for the other countries you operate in, do you run them from there, or do you have different licenses? How does that work?
Bart: Yeah, the main banking license in Europe is in Lithuania. There was a lot of dependency on other operations across Australia and the US to get the UK banking license as well. I think it’s a mature regulator, which now really sets everything in place. I believe the amount of time required to start operating under a full license in Australia and the US might either increase or decrease. But we also have a license in Mexico. It’s interesting because many organizations, financial institutions in the Netherlands and across Europe, refer to themselves as global institutions. Even though we’re not yet as big or as large as some of those institutions, we are truly global. We’re in all those different regions, establishing branches or similar forms of presence, and we’re really becoming a global player. I think that’s fascinating. It’s also fascinating to see how we will successfully transition to being more of a primary bank.
Jeroen: Do you have a perspective on how your role differs at a player like Revolut versus, say, ING or another large incumbent bank?
Bart: That was your word – incumbent.
Jeroen: For ING, I would say more traditional players, like ABN AMRO, Volkswagen, or whatever.
Bart: Yeah, I think… well, the main difference is the period we’re in right now. When you establish a branch, I focus on financial crime processes and local integrations. But I also do testing of new products, for example, which isn’t normally part of my normal scope. For a long time, I was the only employee. So, if you want to test something with a Dutch person, there’s only one! So, that’s not so much the MLRO role, but it’s more about being an employee of the branch, I would say. And then, as an MLRO, I think there are a few real differences in culture. The culture at Revolut, for instance, has several core values, but the ones that resonate most with me are Never Settle and Get It Done. Every organization has catchy slogans, right? But these best describe this organization for me. There’s also Think Deeper, which is very relevant. But for me, Never Settle means we are always in a state of change or improvement. Always. So, when you compare the risks we face with traditional banks, there’s the risk of old legacy systems or issues dragging on. In traditional organizations, there’s often an old issue that everyone knows about, but no one knows how to solve it, and then next year, it’s still there. I don’t see that risk here. Everything here is about change. We constantly pick up all the tiles, and anything underneath, we fix it. What’s tricky is being extremely ambitious. With that comes a lot of additional work, which means prioritization and dependencies on key people and teams. When you set up a branch, there are many things you need to do upfront, but there’s always more BAU work afterwards. And you require the same set of people. Scaling up at the same speed as the ambition to grow is very difficult. So, if you talk about my role, one of the biggest risks is avoiding overpromising and underdelivering.
Jeroen: To the business, the regulator, or other stakeholders?
Bart: That’s a good point. For me, the most important part is being able to demonstrate to the regulator that I’ve promised something, and we are delivering. The whole organization is so ambitious that we always try to shoot for the moon. And if we don’t reach it right away, that’s fine, because we’ve still come a long way. But towards the regulator, that mentality needs to be more balanced. You can be ambitious, but don’t promise something you can’t deliver. That’s one of the challenges. I think that’s recognizable for all organizations, but I recognize it even more here.
Jeroen: Makes sense to me. I can relate to that from my previous job. But how’s your relationship with the Dutch Central Bank?
Bart: Yeah, good. One of the things that is really different across Europe is… I’m struggling to find the word. The Dutch word is volwassenheid. Yes, maturity. The Dutch regulator is very mature and risk-based. Even in the latest consultation, they expect you to demonstrate things, but they won’t tell you exactly how to do them. That can sometimes be challenging for an organization like Revolut, because you might get a question like, “Where does it say in the law that we need to do this?” And it doesn’t. It just says you need to do it. Sometimes, based on your personal experience, you know that things need to be done in a certain way. I think the overall relationship with the regulator is good because they are mature and know what they require and focus on.
Jeroen: I can imagine. When it’s relatively open, as you described, it leaves a lot open to interpretation. Whether you have to do something or not isn’t always clear. In some cases, it’s crystal clear; in others, it’s not. It’s also a discussion for you internally, right? You might think, “We need to do this based on my experience,” while someone in the legal department in London or somewhere else might say, “I’m not sure, it doesn’t say that. Do we really have to do this?” And you have a finite number of resources available to do things. So, I can imagine there’s some tension there too.
Bart: Yeah, and that’s exactly what I meant. One of the things I’ve tried to argue… or put forward… is how we did it at previous employers, like ING or RBS or other organizations. I know they apply this process, and I would explain that so we could have a direction to further discuss. But the interesting part is, the organization isn’t really interested in how other banks do it. Sometimes, that’s very inspiring. We often try to think of our own solutions, but if we can’t find one, maybe others have already thought it through. They have a reason for doing so, and I think that’s what I tried to leverage from my previous experience. Sometimes it works, sometimes it doesn’t.
Jeroen: From a criminal perspective… is Revolut an interesting place to target… given there are no branches, and everything is done online? In other words, do you experience a lot of criminal activity trying to exploit your systems?
Bart: It’s a tricky question. There are definitely characteristics of our products, like the speed of transactions and the smooth onboarding flow, that could make us attractive. If you look at our main fraud detection and transaction monitoring systems, these are very well developed. I can now compare them with more traditional environments, and I think they are likely better in terms of setup and self-learning. The majority of people in the company are tech-oriented, so they know how these systems work, how to make them better, and how to make them more self-learning. So overall, I think we’re in a good position to detect activities we don’t want to be part of. The characteristics of our product may make it more interesting from a fraud perspective, but I have to say, when you compare it to traditional banks, I don’t think there’s much of a difference. The main positive is that, when setting up the branch, there was the option to use accounts in Revolut’s Lithuania entity, which made it harder for law enforcement to access. Now, with the branch established, we have NLI bands and a more streamlined process for collecting customer information. That really helps, and we integrate with local controls. For example, we have close contact with fraud detection at the police, connecting with their systems. We still have some way to go because we feel there’s more to be done to cooperate and potentially join existing collaborations in the market. But we already reach out to local financial institutions.
Jeroen: Do you send many suspicious activity reports to the FIU?
Bart: A lot is, of course, relative. We have a process that is fine-tuned to Dutch requirements, and we submit our share of reports to the FIU. But overall, we’ve had extensive communication with the FIU to ensure we report all relevant cases. Especially in the fraud domain, there’s a lot of debate about what to report and what not to. We’ve agreed upfront that there’s no threshold for reporting. You can’t say, “If it’s this type of fraud, we’ll skip it because it’s not useful,” or “If it’s a small amount, we won’t report it.” We don’t apply any of those thresholds, which could potentially increase the numbers, but it’s purely based on regulatory requirements.
Jeroen: What I find very interesting is that you already have a large number of customers. We spoke about it—maybe not all of them are using you as their primary bank, but they are still customers. Even some who don’t pay anything are still customers. There are potential fraudsters or money launderers among them. Given your large customer base, I’d like to connect that to the fact that, as you know, there are over 15,000 people in the Netherlands working on AML in Dutch banks. So, you must rely a lot more on tech, given you don’t have as many people.
Bart: Well, that’s a dangerous conclusion to make too quickly. If you look at the number of people dedicated to the branch, it’s still relatively low. But we’ve had to provide detailed numbers for many different parties requesting them, including people involved in alert handling. I recall calculations showing over 100 people involved in alert handling for the Netherlands branch. It depends on the model you use, of course, but we do have a dedicated group handling alerts for several entities within the group, including the Netherlands. When we crunch the numbers, we see we are doing a lot with the resources we have.
Jeroen: So, you don’t necessarily use more tech compared to the major banks?
Bart: Ultimately, we probably do, but not by an exaggerated amount. One good example of using tech is our ability to predict potential fraudulent transactions. It’s a system-driven process, with in-app warning systems for customers who are asked to go through a set of questions when certain characteristics of a transaction appear suspicious. This allows us to do more prevention before the transaction occurs. I think it’s a very interesting product because, traditionally, screening is done upfront, and transaction monitoring afterward. This is somewhere in between, because we can analyze the characteristics of a transaction, the beneficiary, and the payment method before the transaction happens. We predict if something could be fraud, and while it’s not always correct, the success rate is pretty good. We also have a full warning system, so the customer could be forced to talk to an agent before proceeding with their transaction. These are examples of systems we use to prevent fraud.
Jeroen: I’ll give you just one example, only one out of the billions of transactions you process globally. When I received a fairly large amount on my Revolut account, it was immediately blocked, and I got questions. You were super alert. Of course, this is only one case, but it was interesting how it worked. It immediately popped up in my app for transparency, as a client, and I was asked to provide documents to confirm that the money was legitimate, which it was. But it was blocked immediately, and I had to submit the documents. It was cleared quite quickly after that. So, it worked really well, but again, it’s just one example. I was also curious whether it’s more challenging for you to handle so many international payments, given that many Revolut users are travelers. In the beginning, I remember many users like myself, with international jobs, using it all the time for currency exchange. That was one of your USPs. Does this make it harder from an AML perspective, with so many international payments?
Bart: Yes, partly it does. When you look at the traditional way of classifying customers, you could argue that the overall profile of a customer doesn’t automatically imply higher risk, because most of our customers are travelers. We have staff members from major airlines in the Netherlands and abroad who use Revolut. A lot of my previous colleagues also use it for travel. It’s not necessarily harder, but you do need to adapt because of differences in expected transactions. If you have a more traditional customer base, the expected transaction profile is also more traditional. If you adapt your controls to what you expect from customers and know your customer profile well, you can better predict what to expect and detect deviations.
Jeroen: That’s very interesting. One other thing I wanted to ask you about is the regulator. Since this is ultimately a compliance podcast, the regulator is a very important part of your work. Do you feel— and I’m aware that I shouldn’t ask you this, but I’ll try— do you feel they look at you differently than they do the more incumbent banks from an AML perspective?
Bart: No, I don’t think they look at us differently. They might look at us differently within their internal teams, for example. I think they have more dedicated teams focused on less traditional or more fintech-type organizations. But in general, the requirements are the same. So, I don’t really see a difference. Of course, when you visit organizations like Revolut, which are slightly different, you need to take into account that the business model is different. There is no option for customers to visit the office. So yeah, overall, I don’t really see a difference in approach or attitude. But I agree, that’s mainly a question for them. In our relationship, we do notice a lot of interest in our development.
Jeroen: I’m curious to learn whether there are things you do differently. Maybe others can learn from it as well, from a risk perspective, because they may be worried about certain things, but also from a learning perspective.
Bart: Yes, exactly. And what I see is that because of the maturity of the regulator, they’re already quite aware of the technology we use and the latest developments. So it’s not a complete surprise for them to see how we’re organized or set up.
Jeroen: I’m not sure if this is my next question, but I’ll try. If you look at the current banking landscape, you have challengers or fintechs, scale tech apps, super apps as you call them, and then you have big tech. These three categories—banks, big tech, and you guys with your competitors. Do you ultimately think this landscape is going to change? Do you think big tech will become much bigger, or do you think fintechs like yours will become much bigger compared to incumbent banks?
Bart: Well, I think for the traditional banks, it starts with making sure that you maintain relevance. People need to be able to understand that they actually need you. If you look at our target market, I don’t want to say we focus on young people, but we do see a preference with younger people. For organizations like Revolut, I think it’s very important to have a variety of product features, all tailored in your app. You are in control of what you want to do financially, and it covers everything. There you see the traditional banks, although in the Netherlands, the banks are pretty digital. I wouldn’t say they’re behind, like we see in other countries, but there’s definitely the question of maintaining relevance. And when you look at big tech, of course, we’ve seen… I find it’s a very comprehensive question. But if you look at Google Pay, Apple Pay, and all those initiatives…
Jeroen: Because these guys don’t work together with them, right? Or do you work with Apple, for example?
Bart: You can use Google Pay, but it depends a bit on the field. If you look at my field, financial crime, there’s still some room for improvement when it comes to cooperation. There are some initiatives with Meta in the UK now, but there’s probably more we could do to cooperate. I think Meta also needs to do more to prevent fraud. But overall, there are already quite a few integrations with global players. I remember from my previous employers—if you look at the customer base of Apple, it’s still very difficult to predict how much influence that will have on the financial system. But their foundation is there, and the numbers are there. I think it’s a very interesting time to be in. For Revolut, if you didn’t have that variety of products, you’d run the risk of not being relevant after a while.
Jeroen: Yeah, that makes sense to me. So, you know the Dutch AML and KYC ecosystem really well. What would you say is the number one thing that others can learn from Revolut? And what’s something you can learn from the other players in the field?
Bart: That’s a good question. I still think there’s a lot we can learn from traditional banks when it comes to cooperation. There are a lot of things that aren’t always completely formalized, but there are ways of standardizing communication around fraud between banks. There are all these working groups, and some are more formal. How to integrate those types of cooperation initiatives into your day-to-day operations is something we have knowledge of in the UK. But at a local level, I was part of some of those cooperations when I worked for ING. It’s still a topic up for further discussion. Our group and our company are very interested in joining those initiatives, but I also recognize the challenges. As long as it’s on top of all the other activities you do in the same domain, it doesn’t reduce the need for capacity. There’s also a need for intrinsic motivation to start that cooperation to prevent financial crime—not because it will make you money, and not because you’ll reduce capacity needs, for example. I think there’s something to learn from the organizations there.
Jeroen: And the other way around, what’s the main thing that others in the ecosystem, whether it be banks or other players in the AML ecosystem, can learn from you?
Bart: Well, I think creativity is in our DNA. The way we approach challenges and issues requires an environment that continuously stimulates creative thinking. And not just thinking, but also implementing effective solutions, while being open to any suggestions. That’s not always the case in organizations, and I’ve realized more and more now that I work here, I can always propose something, and it’s always taken seriously. That doesn’t mean it’s always a good idea, of course. But that’s part of creativity. If you’re in an environment where you feel comfortable sharing your ideas, you’re able to implement substantial change based on that creativity.
Jeroen: That’s great. It must be a good feeling. We always ask every guest on the Compliance Podcast for tips, either for compliance officers or for people starting their careers. Do you have any?
Bart: Yes. For me, the foundation is always having the right knowledge about the topic itself. You need to have a certain level of knowledge about types of money laundering. But what I like, and what I continuously apply, is what I mentioned earlier — relationship management. I try to maintain and develop it continuously. You build a network both within and outside your organization, based on trust and the willingness to support or help. I think stakeholder relationship management in compliance is sometimes underestimated. It’s like being right but not being considered right. It’s much easier to express in Dutch. But yeah, if you can persuade people that something is necessary or important — not just for you, but for the organization as a whole — that can be more powerful than just telling someone where the requirement is written, how it’s written, or how it should be interpreted. So, I think it’s about persuasion.
Jeroen: Yeah, that makes sense to me as well, because the ecosystem is set up in a way that nobody truly owns it. It’s not just the regulator, not just the banks, not just the other players who have to submit suspicious activity reports to the FIU, not just the public prosecutor, or the tax office, or the FIU. There isn’t one overarching boss of this ecosystem. So, everyone has to play their role, and you have to work together. It makes total sense to me that you’re emphasizing stakeholder management and persuasion, both at the start of this conversation and now again. This has been a really interesting discussion. I’d like to ask you one last question: Is there anything, Bart, that we didn’t touch on but should have, in your view? Because I’ve had the chance to ask a lot of questions, and you’ve given me very clear answers, but maybe there’s something you wanted to mention that we haven’t covered yet.
Bart: I’m quite happy with what we’ve covered. Great.
Jeroen: Many thanks for your time and valuable insights. I hope to see you again, either on the podcast or at one of the other events we have, like our AML event. Thank you, Bart, for taking the time. I’m pointing to it now, even though the listeners can’t see it, but I have a small gift for you to show my appreciation. Thank you.
Voice-over: You’ve been listening to Compliance Adviseert, made possible with the help of Hyarchis, Deloitte , de Volksbank and Osborne Clarke Would you like to know more or leave us a comment? You can do this on our LinkedIn page. Follow us there, and we’ll keep you updated with new episodes. We’d be grateful if you could leave a review and tell others about this podcast. Also, don’t forget to check out the other podcasts on our channel. There’s bound to be something for you.
