“In financial services, every decision you make has to stand up to regulators, auditors, compliance teams, and determined fraudsters.” – Laura Spiekerman, Alloy
Financial services is a tough proving ground for agentic AI due to a high regulatory bar and zero tolerance for unexplained decisions. But Alloy co-founder and president Laura Spiekerman thinks agentic AI is how to make identity risk infrastructure almost invisible for banks and fintechs.
Over a decade after she first started working on financial inclusion, she’s still fixated on the same problem: how to open the door to more good customers without letting fraud run wild.
Spiekerman will talk about this and more on the “Building global financial infrastructure from the ground up” panel at the HumanX AI conference taking place April 6-9.
Spiekerman didn’t set out to build a compliance tech company: she set out to solve access problems. In college she wrote her senior thesis on microfinance, then went to work in East Africa in 2011 helping a startup move microfinance disbursements onto M-PESA, the mobile money system often described as “Venmo for East Africa.”
That experience convinced her that phones were solving the last-mile distribution problem; the real blocker was identity.
Unblocking access to the financial ecosystem
Even in the U.S., something as mundane as renewing a driver’s license is “a pain,” she said, and that friction is far worse if you’re young, new to the country, or aren’t present in the credit ecosystem.
When she met her co-founders at a payments startup, they realized they were solving how money moved, but not who it was moving for. Customers were sending half of new applicants into manual review because an address didn’t match or a record was out of date.
“It was this very human problem literally blocking people’s access to the financial infrastructure and ecosystem,” Spiekerman said.
That insight became the thesis for Alloy: a single identity risk layer that sits underneath onboarding and, increasingly, everything else a customer does with a financial institution.
Alloy today is an end-to-end identity and fraud prevention platform used by more than 800 banks, credit unions and fintechs around the world. The company unifies identity verification, fraud prevention, compliance automation and credit decisioning so risk teams can make consistent decisions across onboarding, logins, account changes and transactions instead of stitching together point solutions and manual reviews.
At its core, Alloy orchestrates data from over 200 sources in real time through a single API, giving financial institutions an up-to-date, holistic view of customer risk. That means less fraud and fewer false positives, but also higher conversion: one SMB-focused customer doubled new account approvals after adopting Alloy, while a credit union now saves about five dollars in fraud and operations costs for every dollar spent on the platform.
Under the hood, those outcomes are increasingly driven by AI but not the “mysterious black box model” kind that regulators hate, Speikerman said. Alloy’s bet is on agentic AI that can follow explicit policies, document every step and still move far faster than a human risk analyst.
From onboarding to “do anything”
Alloy started as an onboarding API to help clients “onboard better,” with higher conversion, less fraud and less friction. The fundamental value proposition today hasn’t changed, it’s just extended across the entire customer lifecycle, Spiekerman said.
“Instead of just onboard, it’s ‘do anything,’” she said. “Transact, log in, change your personal information, do all the things that you need to do in your daily life.”
However, every one of those touchpoints is a potential fraud moment, but also a potential source of friction. Alloy’s identity risk platform aims to keep the experience low-friction and high-conversion while quietly enforcing the right checks in the background, she said.
Global expansion only sharpens that challenge. Moving into new markets means grappling with different regulations, fragmented data coverage and idiosyncratic requirements, with Spiekerman giving the example of Germany’s video-identification rules that require verification of identity documents for financial and AML-regulation transactions.
Alloy invests heavily in local data integrations and compliance expertise so its customers don’t have to, then abstracts those complexities into configurable policies, she said.
The side benefit: Alloy can bring back learnings from more advanced fraud regimes, like push-payment scam regulations in the U.K., to help U.S. institutions prepare for where policy is likely headed.
Why financial services is the hardest AI proving ground
Spiekerman likes financial services as a testbed because the bar is so high.
“If we can make it here, we can make it anywhere,” she said. “In financial services, every decision you make has to stand up to regulators, auditors, compliance teams, and determined fraudsters.”
That means no improvisation, no opaque models, no shortcuts on policy adherence, she said. Even before the recent wave of generative AI, Alloy built machine learning models that had to remain fully explainable.
Some incumbent solutions were technically strong but unusable because they were black boxes, according to Spiekerman. AI has to behave like a very fast, very consistent analyst whose reasoning can be inspected at any time, she said.
It also has to do more than throw off a score or alert. For years, Spiekerman watched the industry hype “silver bullet” fraud models that generated ever-better scores but still left humans doing all the work afterward.
“Building something that’s not a black box is really hard and really important,” Spiekerman said. “Now we feel like we are doing it, and we can deploy agents that truly follow the rules and do things in an explainable, auditable way.”
Alloy’s agentic AI assistant is designed to actually take actions, for example, summarizing complex cases, proposing next steps like step-up verification, and routing users through the right flows, all while keeping a human in the loop where needed.
In one example Spiekerman shared, adverse media reviews that used to take analysts 20 minutes of “glorified Googling” now take seconds because the agent pulls together relevant articles, applies policy rules and presents a clear recommendation. The human’s job shifts from hunting down information to exercising judgment.
Designing AI you can audit
In fraud and compliance, auditability is non-negotiable, Spiekerman said. Alloy approaches that by starting with each customer’s existing standard operating procedures: how they review alerts, when they escalate and what triggers step-up authentication.
The team translates those SOPs into structured logic that an agent can follow and a regulator can understand, often refining them based on Alloy’s broader risk and compliance experience.
Spiekerman emphasized that adoption doesn’t happen with a big-bang cutover. Instead, Alloy runs test cases side-by-side with human decisions, showing institutions where AI agents caught fraud that teams missed or proposed more consistent outcomes.
Over time, as risk teams see the logic and results, trust builds and they’re comfortable letting the AI agent handle more of the workload with humans approving recommendations, she said.
“It’s a lot of building trust via tests and then keeping the human in the loop where appropriate,” Spiekerman said. “I thought we would be years away from banks adopting this, and it turns out we were so wrong about that. These financial institutions are ready for these solutions because they feel like they have auditable, documented logic, plus all of the kinds of rationale for making these decisions. It makes them feel much more comfortable.”
The payoff is not just fewer losses — it’s more growth. Spiekerman sees banks doubling their conversions after implementing Alloy. There is also a credit union customer that saves $5 in fraud and operations costs for every dollar that they spend on Alloy’s platform, she said.
Meanwhile, traditional fraud control often looks like making the “door” into your product as small as possible, blocking good customers along with bad, she said.
Alloy’s view is that if you can precisely manage identity risk throughout the lifecycle, you can widen that door, admit more good users and still keep bad actors out, she said.
“Financial services is in this place where there’s a lot of paperwork and a lot of Googling that we can disrupt,” Spiekerman said. “It may not be the sexiest thing in the entire world, but it’s pretty darn impactful.”
