Risk, Fraud & AML Analyst — HitPay

================================================================

WHY THIS ROLE EXISTS

================================================================

HitPay's risk surface spans card chargebacks across multiple acquirers, non-card rails (PayNow, FPX, QRPH, GCash, TouchnGo, etc.), partner onboarding fraud, the post-transaction tail that pre-tx vendors don't catch, and the full AML lifecycle — typology detection, transaction monitoring, STR/SAR filings, and regulator-facing obligations across SG/MY/PH/HK/AU/US.

We've built an automated detection stack that does the sweeping. What we need is a human in the loop who can investigate every exception, decide what's real, file what needs filing, and extend the toolset when a new typology shows up.

This is not a queue-clearing role. The automation produces the queue. You bring the judgment, the partner conversations, the regulatory filings, and the next piece of automation.

================================================================

WHAT YOU'LL OWN

================================================================

Daily investigation of every exception surfaced by the automated stack:

- Post-tx fraud signals across all acquirers and rails

- Bust-out, mule-ring, scam-proceeds, payout-redirect, and ATO patterns

- ATV outliers, chargeback spikes, reserve adequacy, partner abandonment

- Onboarding red flags surfaced before payments are enabled

AML lifecycle ownership:

- Transaction monitoring across all rails — review alerts, escalate, close with reasoning

- STR/SAR drafting and filing across SG (STRO), PH (AMLC), MY (BNM), and any other jurisdiction we operate in

- Ongoing CDD reviews — periodic refresh, EDD for higher-risk partners, source-of-funds and source-of-wealth investigations

- Sanctions and PEP screening — adjudicate matches, document false positives, action true hits

- Typology calibration — when a new laundering pattern shows up, you're the one who recognises it and writes it up

Decision and action on every flag:

- Payment/payout status decisions (suspend, hold, offboard, retain with monitoring)

- Reserve adjustments

- Partner outreach for SoF, SoW, business model clarification

- Coordination with regulators, scheme risk teams, and partner banks

- Closing every exception with a documented rationale

Tooling (this is the multiplier):

- When you see a typology the current stack misses, extend it or build a new detector for it

- Backtest every rule change against labeled good/bad cohorts before it goes live

- Every piece of automation you write is one fewer human-hour the team burns per week — that's the job

================================================================

WHO YOU ARE

================================================================

Compliance, AML, and risk background, non-negotiable:

- 4+ years in payments/fintech risk + AML, scheme-side fraud ops, or regulated FI transaction monitoring

- You've personally drafted and filed STRs/SARs — not just reviewed them

- Working knowledge of at least two of: MAS PSA, BSP MAL, BNM Merchant Acquirer, AUSTRAC, FinCEN MSB, FATF recommendations

- You can read a chargeback dispute, an unusual transaction pattern, or a partner's website and tell us in 60 seconds whether the partner is a target, a launderer, or a real business having an outlier month

- CAMS, ICA, or equivalent certification is a plus, not a requirement — we care more about the calls you've made

Technical, non-negotiable. You must be technical enough to:

- Query the data warehouse directly — write your own SQL against Snowflake, no analyst middleman. You'll be doing this every day.

- Think in rules and thresholds — translate a typology you've spotted into a concrete, testable detection rule (signals, thresholds, edge cases, expected false-positive rate).

- Backtest before shipping — every rule change runs against labeled good and bad cohorts before it goes live. No exceptions. If you don't know how to set up a backtest, you're not ready for this role.

- Run and extend the existing automation stack — our detection skills are built on Claude Code. You inherit them on day one and use them daily.

- Build new skills — when you spot a gap, you write the next detector yourself. Python literate enough to read and modify a 200-line script and a YAML rule file without help. We don't need a software engineer; we need an investigator who codes.

Judgment we can't teach:

- You push back when a detector flags a real partner that's just having a good month

- You don't suspend without evidence; you don't sit on evidence either

- You can tell the difference between stolen-card cash-out and laundering via a real-looking storefront, and you know which signals separate them

- You file the STR before the deadline and write the post-mortem when something slips through — the rule update lands the same week

================================================================

HOW WE WORK

================================================================

- Read-only data warehouse access plus write-gated production access where the role requires it

- Every detector is open to the team — when you build one, the rest of compliance and the CEO can run it

- No ticket queues — the automation produces the queue; you work it and improve the automation

- Direct line to the CEO on policy calls and high-severity escalations

- All exception and AML investigation trails are documented and audit-ready

================================================================

LOCATION & COMP

================================================================

Singapore or Kuala Lumpur. Comp competitive with regional bank/fintech risk + AML roles; equity for the right hire.