Q&A with Malcolm Millo: a financial crime compliance expert

At Revolut, compliance isn’t just about ticking boxes — it’s about leveraging innovation to build a safer financial ecosystem. Malcom Millo, Group Financial Crime Compliance Lead, joined Revolut after years in traditional consulting. 

In this conversation, he offers insights into life at Revolut and how we’re redefining compliance. Malcolm shares why our Risk and Compliance team is the perfect place for top-tier professionals looking to accelerate their growth and maximise their skill set, in ways they wouldn’t be able to in a more traditional compliance role. 

Why did you choose to move from a traditional firm to an innovative fintech like Revolut?

Prior to joining Revolut, I spent 7 years at a consultancy firm, working in Malta and the UK. I focused on regulatory reviews (such as S166s), control framework assessments, and risk evaluations for global financial institutions. Although I enjoyed every minute of my time there, I wanted to find a new challenge in a fast-paced, meritocratic environment where I could directly influence processes, controls, and products — and see the impact of this in terms of fighting financial crime. 

Revolut maintains a high talent bar across teams. Some professionals thrive in this setting and the challenges it provides, while others may prefer a more traditional compliance function. Our dynamic approach requires adaptability, strategic thinking, and a passion for innovation.

Outside of work, I’m a big musical theatre fan, which is one of the reasons I took the opportunity to move to London. I try to catch a show in the West End at least twice a month.

What’s it like working in the compliance department at Revolut?

I find working in the Compliance department at Revolut both exciting and rewarding. What initially attracted me was the company’s flat organisational structure compared to traditional banks. Here, people are encouraged to take ownership and drive initiatives forward without being slowed down by unnecessary bureaucracy.

We’re constantly looking for smarter, more efficient ways to meet regulatory expectations and mitigate risks, rather than just following long-standing industry norms. The goal is not to become another traditional bank, but to set a new standard for compliance in fintech — which is enabled by constant innovation.

How does Revolut approach risk?

Revolut takes an active, data-driven approach to risk, leveraging advanced analytics to identify and mitigate threats in real time. We take risk management as a continuous cycle of assessment, monitoring, and adaptation — ensuring compliance is embedded into the core of our operations. We foster proactive risk management across all departments.

What controls and technologies does Revolut use to manage financial crime risks effectively?

We employ a combination of:

• Advanced machine-learning models
• Rule-based scenarios
• Manual investigations

While we aim to build most solutions in-house, we also collaborate with third-party providers for specialised tools.

What's Revolut’s relationship with regulators and how do you collaborate to combat financial crime?

We maintain proactive and transparent relationships with regulators worldwide, fostering open communication and ensuring timely responses to enquiries. As we continue to grow, we prioritise bringing regulators along on our journey — especially as we enhance our financial crime controls through AI, machine learning, and large language models (LLMs).

We ensure swift reporting of suspicious activities. We have collaborative efforts extending to law enforcement, where data and expertise are shared to strengthen investigations. We also actively participate in industry-wide forums to strengthen our collective defences.

What financial crime risks are digital banks facing, and how does Revolut address them?

• Fraud: we use customer education campaigns, machine-learning models, and dedicated fraud reporting processes to tackle rising scams, such as investment and romance fraud.
• Deepfakes: we deploy in-house and third-party solutions to detect deepfake fraud attempts, training our models to keep pace with evolving threats.
• Sanctions: with increasing global scrutiny on sanctions circumvention, we utilise blockchain monitoring, transaction screening, and due diligence to prevent illicit activities.

What are some of your main financial crime priorities at Revolut right now?

Revolut holds multiple licences and authorisations globally, allowing us to offer financial services, such as e-money accounts, stock trading, virtual currencies, and insurance. For example, our banking licences in Lithuania, the UK, and Mexico enable us to expand our offerings while maintaining strong regulatory oversight. With this growth in mind, we prioritise:

• expanding and scaling our compliance teams in line with company growth
• embedding more data-driven capabilities across our second line of defence (2LOD) teams
• supporting our first line of defence (1LOD) in implementing LLMs to streamline alert investigations and allow human agents to focus on higher-risk areas

What have been some of the biggest compliance challenges you’ve faced in the past few years?

Revolut’s rapid expansion, particularly in Europe, has led to increased coordination across multiple teams at local, regional, and global levels to meet regulatory expectations. This has been both a challenge and a valuable learning experience. With all these challenges, our team needs to be adaptable, innovative, and ready to collaborate across departments and geographies.

We’re scaling fast, tackling complex challenges, and redefining what’s possible in financial crime compliance. 

Ready to make an impact?