Fraud teams say internal model governance drives more AI explainability friction than regulators. Three practitioners explain what to build first.
When a recent FraudNet practitioner roundtable asked attendees where explainability creates the most friction in their AI fraud programs, regulators came in second. Internal model governance and risk committees came first — at 50%, ahead of regulators and external auditors (25%) and senior leadership (25%).
Melanie Gagne, CEO of Brains Capital, moderated the session. Her read on the result:
"I think we have also an industry survey that was showing something like 82% of organizations are saying that explainability is a top consideration before adopting. I mean, it should be 100. In reality, everyone should be thinking about this before you deploy." — Melanie Gagne
The three practitioners on the panel — Whitney Anderson, CEO and Co-Founder of FraudNet; Martin Naor, CEO and Founder of Bankingly; and Mayra De La Garza, Global Head of Compliance at epay/Skylight — gave the same diagnosis: organizations that handle regulators well built model governance first. The regulatory answer followed from that.
Model soundness before decision explanation
Mayra runs compliance across epay/Skylight's payments operation in over 175 countries. For her, explainability starts with a prior question: Is the model itself trustworthy enough to deploy?
"[The] most important component... is [that] when you're talking about models, it becomes more about the model design, the governance around the model, the periodic performance review of [that] model. I think we have to shift that conversation to be more about how [we ensure] the model itself is sound, so that we can trust those outputs better." — Mayra De La Garza
Her organization manages explainability in two directions at once: its internal AI tools and the explanations it owes to external Skylight customers. Both go through the same review (legal, privacy, audit) before deployment. Governance assembled after the fact won't hold.
Her approach to regulatory variation:
"You're going to have a variation of what explainability means to a regulator, depending on what area of the world you're operating in. [We try to] establish [a] global standard for ourselves — at a minimum, we're going to reach this level of explainability. But in jurisdictions where we require additional steps, we will [take] those additional steps." — Mayra De La Garza
A global floor means the minimum applies everywhere. Even the most permissive jurisdiction gets governance that would hold up under stricter scrutiny.
Three trust relationships, one technical constraint
Investigators, case managers, and alert reviewers do better work when they can see why a transaction was flagged. A model surfacing 300 signals and identifying 14 anomalies needs to surface those 14 in a form a reviewer can act on. A score without a rationale slows manual review and reduces accuracy.
The same logic extends to the customer relationship. When a transaction is stopped for legitimate reasons, and a customer is asked to verify, explaining why turns the interaction into evidence that the system is working. A blocked transaction with no context feels punitive. The same block, explained, signals that the customer's account is being protected.
Friction runs highest at the regulatory layer, and the reason is technical:
"[We] actually have to run models just for the explanation layer, because [a black box output] isn't sufficient for regulators [and] isn't sufficient for internal teams." — Whitney Anderson
Deep learning models detect behavioral anomalies effectively. They explain their outputs poorly. Running a dedicated explanation model alongside the detection model is a production cost, but it is what makes the output defensible. Rules handle company policy and regulatory requirements that need explicit definition. The explanation model translates what behavioral detection identified into something a reviewer or regulator can act on.
Calibrating explainability by decision type
Not every decision needs the same level of explainability, and governance investment should scale accordingly. Martin:
"[Not] every decision… needs the same level of explainability. [Blocking a login attempt] might require less [explanation] than [evaluating] a new loan application." — Martin Naor
Risk committees and compliance teams are the ones who have to translate model outputs for the rest of the organization. If they don't understand how a model works, they can't explain it to colleagues or to themselves. Governance built before deployment gives them something to work with.
That means internal teams need to be in the room before the model goes into production. Melanie:
"The sooner you engage your internal teams, the more comfortable they'll be — [first,] you're making them feel like they're included in the process, and [second,] you're giving them time to learn about a topic that they may not be comfortable with." — Melanie Gagne
The common objection, that early compliance involvement slows deployment, inverts the actual risk. Programs that engage compliance after a model is built face harder conversations under greater time pressure, with less runway to fix governance gaps before a regulator or risk committee asks questions.
Want to learn more? Watch Webinar: Why Fraud Rules Fall Short Against AI-Generated Fraud, which includes how Mayra and Whitney have structured their governance processes and what early internal engagement actually looks like in practice.

You might be interested in…
Get Started Today
Experience how FraudNet can help you reduce fraud, stay compliant, and protect your business and bottom line
%20(640%20x%201229%20px).png)
