Risk, Fraud & AML Analyst — HitPay

About HitPay

Payments infrastructure for businesses scaling in APAC

Tech description:

Our tech stack is PHP Laravel, MySQL, Redis

Job description:

================================================================

WHY THIS ROLE EXISTS

================================================================

HitPay's risk surface spans card chargebacks across multiple acquirers, non-card rails (PayNow, FPX, QRPH, GCash, TouchnGo, etc.), partner onboarding fraud, the post-transaction tail that pre-tx vendors don't catch, and the full AML lifecycle — typology detection, transaction monitoring, STR/SAR filings, and regulator-facing obligations across SG/MY/PH/HK/AU/US.

We've built an automated detection stack that does the sweeping. What we need is a human in the loop who can investigate every exception, decide what's real, file what needs filing, and extend the toolset when a new typology shows up.

This is not a queue-clearing role. The automation produces the queue. You bring the judgment, the partner conversations, the regulatory filings, and the next piece of automation.

================================================================

WHAT YOU'LL OWN

================================================================

Daily investigation of every exception surfaced by the automated stack:

\- Post-tx fraud signals across all acquirers and rails

\- Bust-out, mule-ring, scam-proceeds, payout-redirect, and ATO patterns

\- ATV outliers, chargeback spikes, reserve adequacy, partner abandonment

\- Onboarding red flags surfaced before payments are enabled

AML lifecycle ownership:

\- Transaction monitoring across all rails — review alerts, escalate, close with reasoning

\- STR/SAR drafting and filing across SG (STRO), PH (AMLC), MY (BNM), and any other jurisdiction we operate in

\- Ongoing CDD reviews — periodic refresh, EDD for higher-risk partners, source-of-funds and source-of-wealth investigations

\- Sanctions and PEP screening — adjudicate matches, document false positives, action true hits

\- Typology calibration — when a new laundering pattern shows up, you're the one who recognises it and writes it up

Decision and action on every flag:

\- Payment/payout status decisions (suspend, hold, offboard, retain with monitoring)

\- Reserve adjustments

\- Partner outreach for SoF, SoW, business model clarification

\- Coordination with regulators, scheme risk teams, and partner banks

\- Closing every exception with a documented rationale

Tooling (this is the multiplier):

\- When you see a typology the current stack misses, extend it or build a new detector for it

\- Backtest every rule change against labeled good/bad cohorts before it goes live

\- Every piece of automation you write is one fewer human-hour the team burns per week — that's the job

================================================================

WHO YOU ARE

================================================================

Compliance, AML, and risk background, non-negotiable:

\- 4+ years in payments/fintech risk + AML, scheme-side fraud ops, or regulated FI transaction monitoring

\- You've personally drafted and filed STRs/SARs — not just reviewed them

\- Working knowledge of at least two of: MAS PSA, BSP MAL, BNM Merchant Acquirer, AUSTRAC, FinCEN MSB, FATF recommendations

\- You can read a chargeback dispute, an unusual transaction pattern, or a partner's website and tell us in 60 seconds whether the partner is a target, a launderer, or a real business having an outlier month

\- CAMS, ICA, or equivalent certification is a plus, not a requirement — we care more about the calls you've made

Technical, non-negotiable. You must be technical enough to:

\- Query the data warehouse directly — write your own SQL against Snowflake, no analyst middleman. You'll be doing this every day.

\- Think in rules and thresholds — translate a typology you've spotted into a concrete, testable detection rule (signals, thresholds, edge cases, expected false-positive rate).

\- Backtest before shipping — every rule change runs against labeled good and bad cohorts before it goes live. No exceptions. If you don't know how to set up a backtest, you're not ready for this role.

\- Run and extend the existing automation stack — our detection skills are built on Claude Code. You inherit them on day one and use them daily.

\- Build new skills — when you spot a gap, you write the next detector yourself. Python literate enough to read and modify a 200-line script and a YAML rule file without help. We don't need a software engineer; we need an investigator who codes.

Judgment we can't teach:

\- You push back when a detector flags a real partner that's just having a good month

\- You don't suspend without evidence; you don't sit on evidence either

\- You can tell the difference between stolen-card cash-out and laundering via a real-looking storefront, and you know which signals separate them

\- You file the STR before the deadline and write the post-mortem when something slips through — the rule update lands the same week

================================================================

HOW WE WORK

================================================================

\- Read-only data warehouse access plus write-gated production access where the role requires it

\- Every detector is open to the team — when you build one, the rest of compliance and the CEO can run it

\- No ticket queues — the automation produces the queue; you work it and improve the automation

\- Direct line to the CEO on policy calls and high-severity escalations

\- All exception and AML investigation trails are documented and audit-ready

================================================================

LOCATION & COMP

================================================================

Singapore or Kuala Lumpur. Comp competitive with regional bank/fintech risk + AML roles; equity for the right hire.