HitPay’s rapid growth across APAC introduced new compliance challenges—especially in managing legacy AML and fraud systems, timezone differences, rule agility, and explainability. We rebuilt our operating model around analyst‐owned rules, explainable monitoring, and safe experimentation on live data. The results: False positives fell from 99.1% to 15.3%, investigations became 50%+ faster, and rule changes now ship in minutes, not weeks. We selected Flagright to enable this model across six APAC jurisdictions and a unified fraud & AML workflow.

About HitPay

• Headquartered in Singapore, regulated in 6 APAC jurisdictions

• One platform for online, point‐of‐sale, and B2B payments

• 50+ payment methods in 150+ currencies

• Serving 20,000+ merchants with a free online store builder, recurring billing, and e‐commerce integrations

The Challenge: When Growth Outruns Governance

Scaling multiplies not just transactions but obligations. As merchant counts and volumes surged, we faced three challenges:

1. Timezone support gaps. Ticket‐based assistance and account management outside Singapore business hours left us exposed.

   “When we faced urgent issues during Singapore business hours, we were left waiting for responses that could take days,” explains Paula Vitan, Senior Compliance Manager at HitPay.

2. Slow, vendor‐gated rule changes. Every rule modification required external intervention—too slow for fast‐moving fraud patterns and jurisdictional differences.

3. Opaque economics and opaque AI.

   “Basic functionality like batch data downloads and summary dashboards came with additional fees that scaled unpredictably with our growth,” Paula observed. “The proprietary AI operated as a black box. When we investigated flagged transactions, we couldn’t find clear reasoning.”

The result was rising analyst load, rising regulatory exposure, and a rising cost curve.

The Solution: A New Operating Model

We didn’t “buy a tool”; we redesigned the operating model and then chose a platform to fit it.

• Explainability as a requirement. Every alert must include the “why”—visual trigger details and reasoning analysts can defend to regulators.

• Analyst‐owned rules. Compliance authors, tests, and deploys rules—no engineering sprints or vendor tickets.

• Safe experimentation in production. “Shadow rules” run on live data without affecting active alerts, so we can tune thresholds and logic before go‐live.

• One pane of glass. Fraud screening and transaction monitoring in a unified case workflow.

• Support where we work. Real‐time coverage during Singapore business hours.

• Predictable, all‐inclusive pricing. No surprises for exports, dashboards, or core reporting. We evaluated multiple vendors; Flagright best fit these non‐negotiables.

“Flagright’s fraud suite met our operational needs by enabling us to track fraudulent transactions more effectively and respond proactively to potential chargebacks and financial losses,” Paula adds.

Putting the Framework into Action

• Test on live data, without risk. We used Shadow rules to compare outcomes across thresholds and logic until false positives dropped to acceptable levels.

• Ship from the desk, not the backlog. The compliance team creates and modifies custom rules independently—no vendor support or development resources.

• Unify investigations. A single dashboard for transaction monitoring and fraud screening streamlines casework; analysts pivot across alert types with full context.

• Make the reasoning visible. AI monitoring now provides transparent, visual explanations for each alert, so decisions are auditable by design.

“Beyond the reduction in false positives, we’re able to evaluate cases from both a fraud and transaction monitoring standpoint. We can also review historical alerts and transaction data in a much more structured and accessible format, making case management workflows straightforward,” says April Tabucan, Compliance Associate at HitPay.

The Results

• False positives: 99.1% → 15.3%, freeing analysts to focus on genuine risk.

• Investigation time: >50% reduction, driven by clearer evidence, structured histories, and a unified case view.

• Time‐to‐rule: New detection rules now go live in minutes instead of weeks.

  “Our compliance team can now implement new detection rules in minutes instead of weeks. That speed is critical when you’re processing payments across six different regulatory jurisdictions and need to respond to emerging fraud patterns immediately,” says Aditya Haripurkar, CEO and Co‐Founder of HitPay.

• Proactive risk controls: “We can now proactively manage merchant accounts—such as changing their status or pausing payouts based on alerts,” the team notes.

• Operational friction removed: Real‐time local support and all‐inclusive pricing eliminated unexpected costs and response delays.

Built to Scale (and Re-scale)

Several months after establishing our compliance processes on Flagright and as the business continued to grow, Li Shili joined as Head of Compliance to scale operations further. She self‐onboarded and reconfigured the entire compliance system—setting up new custom rules with zero development effort, testing them using Shadow rules on live production data, then deploying them, all within two weeks.

“I think the current infrastructure that allows us to deploy new rules or amend existing ones so quickly is a game changer for us! When our business is fast moving, we need our compliance game to move just as quickly,” says Shili.