A few months ago I wrote about what happens when we stop fighting financial crime — the pardons, the enforcement pauses, and the rolling back of regulatory oversight that has characterised the past year in the United States. That article was about why I believe weakening enforcement is a mistake that will have serious long-term consequences.
This article is about what comes next. Not in the sense of policy predictions or political analysis, but in a much more practical sense: what can we actually do when the institutions we relied on to hold companies accountable are no longer doing so with the same vigour?
The answer, I have come to believe, is more than most people think.
Enforcement is not the only mechanism of accountability
One of the occupational hazards of working in financial crime is the tendency to view the world through the lens of regulators and prosecutors. When you spend years building cases, filing suspicious activity reports, and briefing enforcement agencies, you start to think of accountability as something that flows from the state — from DOJ indictments, state regulatory enforcement orders, FinCEN penalties, and OFAC designations. When those mechanisms weaken, it is natural to feel that accountability itself has weakened.
But that view is incomplete. Government enforcement has always been just one pillar of a much larger accountability architecture. And when it contracts, the other pillars do not disappear. In many respects, they become more important.
Consider the full landscape of mechanisms available to hold a company accountable for conduct that harms its customers, its counterparties, or the public:
Criminal enforcement — DOJ, state attorneys general, international prosecutors. This is what has been weakened. It is important, but it is not everything.
Sectoral regulators — Not all regulation is federal criminal enforcement. Sectoral regulators — state financial licensing authorities, banking supervisors, securities regulators, data protection authorities, consumer protection agencies — operate on their own mandates, with their own enforcement powers. A state financial regulator does not need DOJ permission to examine a licensed company. European supervisory authorities do not defer to the SEC when overseeing institutions in their jurisdiction. GDPR enforcement authorities operate independently of any U.S. policy direction. These regulators are often smaller and less visible than DOJ or the SEC, but they have real powers: the ability to examine records, impose fines, revoke licences, and require remediation.
Civil litigation — Companies that harm their customers can be sued. This is obvious but underappreciated in the financial crime context, where the conversation tends to focus on criminal prosecution. Civil courts do not require a prosecutor to act. They require a plaintiff with standing, a lawyer willing to take the case, and evidence sufficient to meet a civil burden of proof — which is substantially lower than the criminal standard.
Class actions and mass torts — When a company’s misconduct follows a pattern — the same harm, inflicted the same way, on hundreds or thousands of customers — the class action mechanism allows those customers to aggregate their claims and pursue redress collectively. Class actions have forced more meaningful corporate behaviour change than most criminal prosecutions, because the financial exposure scales with the number of victims. A pattern of misleading investors about risk, or systematically overcharging customers, or failing to safeguard client assets — affecting thousands of people in the same way — is exactly the kind of harm that class action law was designed to address.
Regulatory complaints as a catalyst — Even when a regulator is not actively investigating, a well-documented complaint can force them to act. Regulators have statutory obligations. When a complaint arrives with evidence of systematic violations — not a single unhappy customer, but a documented pattern supported by data, public records, and multiple independent testimonies — the regulator’s options narrow. Ignoring a credible, well-supported complaint creates its own liability. This is especially true for state-level regulators whose examination schedules are driven in part by complaint volume and severity.
Public scrutiny and market accountability — This is the mechanism that I want to talk about at length, because I believe it is the most underutilised and potentially the most powerful.
The market only works when people have information
The foundational premise of capitalism — the idea that people vote with their money — depends on an assumption that is rarely stated explicitly: that people have access to accurate information about the companies they are choosing to do business with.
When a consumer decides to open an account with a particular exchange, invest through a particular platform, or entrust money to a particular financial intermediary, they are making a choice. If that choice is informed — if the consumer knows that the company has a pattern of mistreating customer funds, misleading investors, or failing to meet its contractual obligations — they can make a different choice. The company either fixes the problem or loses business. That is how market discipline is supposed to work.
The problem is that most consumers do not have access to this information. The evidence exists — in regulatory filings, court records, complaint databases, forum posts, and the firsthand accounts of affected customers — but it is scattered, unorganised, and difficult for a non-specialist to evaluate. A customer considering whether to use a financial service provider is unlikely to spend days sifting through BBB complaints, Trustpilot reviews, regulatory examination reports, and court dockets to determine whether the company has a systemic problem.
This is the information gap that I believe independent investigations can fill.
What an independent investigation looks like
I want to be specific about what I mean by “investigation” in this context, because the word carries connotations — of law enforcement, of subpoena power, of authority — that do not apply here.
An independent investigation, as I use the term, is a systematic effort to gather, organise, and analyse publicly available and voluntarily provided information to determine whether a company’s conduct follows a pattern that warrants attention from regulators, courts, or the public.
It is not a criminal investigation. I have no subpoena power, no search warrant authority, and no ability to compel testimony. What I do have is experience — decades of it — in knowing where to look, what patterns to look for, how to verify information across independent sources, and how to present findings in a format that regulators and lawyers can act on.
The raw materials of an independent investigation are the same ones that any member of the public can access: regulatory filings and licence records, court documents and dockets, corporate financial statements, complaint databases (BBB, CFPB, state regulators), consumer review platforms (Trustpilot, SiteJabber, and others), forum discussions (Reddit, NamePros, industry-specific communities), social media posts, terms of service and their revision history, WHOIS records and corporate registry filings, GDPR and subject access request responses, and — critically — the firsthand accounts of affected individuals who choose to share their experiences.
What transforms these raw materials from scattered data into an actionable investigation is methodology. In my career, I have led investigations that involved hundreds of thousands of transactions, dozens of jurisdictions, and years of activity. The techniques are the same whether the subject is a multinational bank or a mid-sized financial services company: identify the pattern, corroborate it across independent sources, quantify the scale, rule out innocent explanations, and present the findings with sufficient rigour that they can withstand scrutiny.
The output of an independent investigation is a report — or sometimes a series of articles — that documents the pattern, presents the evidence, and identifies the regulatory and legal frameworks that the conduct may violate. That report can then be shared with regulators as a formal complaint, with lawyers evaluating potential civil claims, with journalists covering the industry, and with the public.
Why this matters more now than it did five years ago
I have been thinking about doing this kind of work for a long time. I registered this domain over fifteen years ago. I started writing about financial crime when it was my day job at PwC and Accenture. I let it lapse when my career moved in other directions.
What has brought me back is the convergence of two developments.
The first is the enforcement retreat I described in my previous article. When DOJ is pardoning convicted money launderers, pausing FCPA enforcement, and rolling back crypto oversight, the space for corporate misconduct expands. Companies that might have been deterred by the threat of prosecution will calculate — rationally — that the risk has diminished. Some of them will test the boundaries. Their customers will bear the cost.
The second is that the tools available for independent investigation have never been better. Blockchain analytics can trace the movement of cryptocurrency with a precision that was unimaginable a decade ago. Corporate registries in most developed countries are searchable online. GDPR and its equivalents give EU citizens the right to demand copies of their personal data from any company that processes it — including internal records, system logs, and communications. Court filing systems are increasingly digitised and searchable. And the internet, for all its problems, is an extraordinarily effective mechanism for connecting people who have had similar experiences with the same company but would never have found each other in a pre-digital world.
The combination of weakened enforcement and improved investigative tools creates both the need and the opportunity for independent accountability work. Not as a replacement for government enforcement — nothing truly replaces the state’s power to prosecute — but as a complement, a forcing function, and in some cases, a substitute.
What I plan to do
I am restarting FinancialCrime.org with a specific focus on independent investigations into companies and institutions whose conduct appears to follow a pattern of harming their customers, counterparties, or the public through financial misconduct.
The scope is broad and spans both traditional finance and crypto. It includes but is not limited to: corporate fraud and investor deception, misuse or mismanagement of client funds, systemic AML, KYC, or sanctions compliance failures that expose customers or the public to harm, patterns of misleading conduct by licensed financial service providers, corporate bribery and corruption that distorts markets and undermines governance, and crypto platforms or protocols whose operations cause systematic harm to users.
The approach will be forensic, evidence-driven, and fair. Every investigation will follow the same methodology I would apply in a professional engagement: establish the pattern from multiple independent sources, quantify the scale, seek the company’s response before publishing, present findings factually without rhetorical inflation, and identify the specific regulatory or legal frameworks that the conduct may violate.
I am not interested in writing hit pieces. I am not interested in amplifying individual grievances that may reflect a one-off customer service failure rather than a systemic problem. And I am not interested in making allegations I cannot support with evidence. The value of this work depends entirely on its credibility, and credibility requires rigour.
What I am interested in is the kind of investigation where the evidence is strong enough that a regulator should act, a court could find liability, or a potential customer should think twice.
I am not doing this alone
One person, no matter how experienced, cannot investigate complex financial misconduct effectively in isolation. The cases that matter — the ones involving multiple jurisdictions, sophisticated corporate structures, and years of accumulated harm — require diverse expertise. They need people who understand banking operations, payments infrastructure, regulatory frameworks, corporate law, blockchain analytics, data analysis, and investigative journalism.
I am fortunate to have spent decades working alongside exactly these people. My career at firms like PwC, KPMG, IBM, and Accenture — and in senior roles at banks, hedge funds, and fintech companies — has given me a network of colleagues who share both the expertise and the values that this work requires. I am reaching out to former colleagues who have spent their careers in financial crime compliance, forensic accounting, regulatory enforcement, and investigative journalism. Several have already expressed interest in contributing — some as named collaborators, others in advisory roles.
The goal is not to build an organisation. It is to build a network of professionals who can be called upon when an investigation requires expertise beyond my own — a forensic accountant who can analyse corporate financial statements for signs of manipulation, a blockchain investigator who can trace on-chain fund flows, a regulatory lawyer who can assess whether conduct violates a specific licensing requirement, a former compliance officer who can evaluate whether a firm’s AML programme was designed to work or designed to fail.
If you have relevant expertise and this kind of work interests you, I would be glad to hear from you. Reach out at [email protected].
How you can help: tips, testimony, and documentation
The most important input to any investigation is information from the people who have been directly affected. Regulatory filings, financial statements, and public records can establish context and quantify scale, but the pattern itself — the lived experience of how a company operates — comes from its customers.
If you have experienced something that looks like a systemic problem — the same type of delay, the same misleading communication, the same unexplained failure, repeated across multiple interactions or affecting multiple people you know — that experience is potentially valuable evidence.
I have set up a tips page that explains what I am looking for and what I am not able to help with. A few key points bear repeating here.
I am looking for patterns, not isolated incidents. Every company has unhappy customers. What distinguishes a systemic problem from a one-off failure is repetition — the same harm, inflicted the same way, on different customers, over a sustained period. If you are the only person who experienced a particular problem, it may be a genuine anomaly. If you are one of dozens or hundreds, it is something else entirely.
I am not able to help individual victims recover lost funds. I am not a lawyer, a debt collector, or an asset recovery specialist. If you have been scammed and need to recover money, your starting point is a police report and your national consumer protection authority. What I can sometimes do — when the evidence supports it — is document a pattern in a way that helps regulators, lawyers, and the public understand what is happening and, ideally, force a change.
I treat all tips with discretion. I will never publish a source’s identity without explicit written consent. If your experience becomes part of a published investigation, your identifying details will be redacted unless you specifically choose otherwise. I understand that many people who reach out are in ongoing disputes with the company in question and that premature disclosure could affect their position.
Documentation matters enormously. If you have transaction records, email correspondence, screenshots of platform dashboards or account status pages, bank or brokerage statements, contracts or terms of service, or any other contemporaneous documentation of your experience, that material is far more valuable than a narrative account alone. Documents can be verified. Memories, however honestly recalled, cannot.
You can reach me at [email protected].
The principle at stake
I want to close with a statement of principle, because I think it matters.
The premise of a market economy is that consumers make choices, and those choices discipline the behaviour of the companies that serve them. A company that treats its customers well earns their business. A company that treats them badly loses it. Over time, the market rewards good conduct and punishes bad conduct, producing outcomes that are, on average, better for everyone.
That premise depends on information. When consumers know how a company actually operates — not how it advertises, not how it presents itself on its website, but how it actually treats the people who entrust it with their money — the market mechanism works. When that information is hidden, fragmented, or inaccessible, the mechanism fails. Bad companies survive not because they are good at what they do, but because their customers did not know any better.
Government enforcement is one way to produce that information. When DOJ prosecutes a company, the facts become public. When a regulator publishes an enforcement action, potential customers can read it. When a company pleads guilty, the plea documents become part of the public record. These proceedings force disclosure that would never happen voluntarily.
When enforcement weakens, that forced disclosure diminishes. Companies with systemic problems can operate longer without their conduct being surfaced, examined, and made available to the people who need to know about it.
Independent investigations exist to fill that gap. Not with the authority of the state — that authority is irreplaceable — but with the tools that are available: careful research, cross-referenced evidence, expert analysis, and public disclosure. The goal is not to punish. It is to inform. To take the scattered, fragmented experiences of individual customers and assemble them into a picture that is clear enough, rigorous enough, and well-documented enough that the people and institutions with the power to act — regulators, courts, lawyers, journalists, and the public — can make informed decisions.
I have spent time in this field. Even if today my main job is different. I have the qualifications, the experience, and, I hope, the judgment to do this work well. I am choosing to do it now because I believe the need has never been greater and because the alternative — watching the accountability gap widen and doing nothing — is not something I am willing to accept.
If you have information that might help, get in touch. If you have expertise that might contribute, reach out. And if you know someone who has been affected by the kind of systemic misconduct I have described, share this page with them.
The strongest enforcement mechanisms may be weakening. That does not mean accountability has to weaken with them.