Thistle Initiatives, a finance compliance consultancy firm, has been riding a wave of momentum through several new key hires to its team and increasing its revenue over the past two years. 
These positive factors have positioned the company to now spearhead its regulatory compliance efforts for payment/financial companies who are staring at multiple new rules and regulations in the coming years. 
Speaking to Thistle Initiatives CEO Sophie Long, Payment Services Partner Lorraine Mouat, and Financial Crime Partner Jessica Cath, they outline why financial institutions need to get their house in order before and after these regulatory changes. 

Firstly Sophie, what does Thistle Initiatives’ recent boardroom hires and promotions say about the company’s growth over the past several years? 

Sophie Long: Our recent boardroom appointments and promotions reflect our strategic focus on driving sustained growth and building a strong foundation for the future. 

Over the past two years we have achieved significant milestones, driving a 40% increase in revenue and 58% growth in headcount. We have also expanded our service offerings and attained continued industry recognition – such as being named UK Compliance Consultancy Firm of the Year for the fourth consecutive time. 

This progress is down to our endless commitment to deliver exceptional results for our clients. The recent leadership changes position us to continue our upward trajectory by providing great client service to a wider range of businesses, ensuring we remain agile and responsive to market opportunities as we grow. 

Sophie Long, CEO of Thistle Initiatives

How will the new hires allow Thistle Initiatives to expand its reach across multiple sectors?

Sophie Long: We offer regulatory, compliance, risk and financial crime services across many sectors, including Capital Markets, Funds, Wealth Management, Consumer Credit, Insurance, Payment Services, Digital Assets and Fintech. 

Our Wealth Management practice has seen rapid growth recently, so the appointment of Tom Dudley as a Partner in this division will help to strengthen and broaden our service offerings across the wealth management and platform sector.

The addition of Sue Knight as Chief Operations and People Officer, and promotion of Harry Cotton to Chief Commercial Officer, will support with nurturing our expanding client base, strengthening our internal operations and driving excellent customer outcomes. 

In tandem, we’re confident that our newly appointed Partners will continue to drive growth in their specialist sectors, helping clients navigate complex regulatory, risk and financial crime challenges effectively across varied industries. Their expertise and experience will be pivotal in executing our ambitious growth strategy.

Lorraine, what are some of the areas of concern from fintech/payments companies regarding the upcoming Payments Systems Directive 3 (PSD3) rules that are set to come into effect soon?

Lorraine Mouat, Payment Services Partner at Thistle Initiatives

Lorraine Mouat: While PSD3 specifics are still in flux, the industry expects significant changes in the regulatory landscape for payment services. Increased focus on security measures, expanded scope, and refined customer authentication processes are all on the horizon.

Firms should stay agile, closely monitoring regulatory updates and positioning themselves for compliance with the anticipated changes. Most importantly, payments firms can start preparing for PSD3 by making sure that they’re fully compliant with PSD2. By doing this, they won’t have as far to go when the details of the upcoming regulation are announced. 

It’s generally assumed that all relevant firms are compliant already, but in my experience, this isn’t the case. The most common issues I see are not having appropriate terms and conditions in place with customers; flawed data protection controls; and a lack of high-performing security and infrastructure. 

These are all components that will be further highlighted by PSD3 – I’d strongly advise firms to get their house in order now. 

Jessica, with fraud – coming in all shapes and sizes – still ever-present, what are companies highlighting as their main fraud method concern, whether that be APP fraud or AI-related fraud?

Jessica Cath, Financial Crime Partner at Thistle Initiatives

Jessica Cath: Naturally there has been a lot of noise recently around APP fraud across the financial services sector, with the new reimbursement rules coming into effect in early October. 

The new regulation forces payment firms to reimburse victims of APP fraud and encourages firms to ensure their fraud prevention controls are sharp. Firms only have a couple of seconds to block a transaction they suspect of being APP fraud, so that’s what they need to focus on. 

Fast evolving technology has also unfortunately enabled criminals to create new ways to carry our fraudulent activity. From AI-powered image generators, to data-scraping tools, it’s almost too easy. All these methods have contributed to the fact that fraud now accounts for 40% of all crime in England and Wales.

It’s not enough to just be concerned with preventing a single type of fraud – firms need to ensure they have robust fraud prevention across all areas from the very beginning. 

Fraudsters go out of their way to target new payment firms. Bad actors understand where the vulnerabilities are in payment companies, and they exploit them. This is why it’s so important to source specialist compliance support ahead of launch, to avoid struggles with fraud prevention at go-live.

Sophie, as a consultancy firm, could you give a brief overview of what it takes to obtain audit/compliance services for such regulations like PSD3, PCI DSS, ISO27001, etc.?

Sophie Long: Obtaining a licence with a regulatory body in the UK or overseas is challenging, requiring investment for tailored governance and compliance frameworks. More importantly, it requires firms to take compliance and regulation seriously, and to keep this at the forefront of growth plans. 

It’s also critical to note that obtaining a licence isn’t the end of the journey. Once authorised, maintaining compliance, risk and governance processes is paramount to meeting ongoing requirements as a regulated firm. For many firms this is challenging, time consuming and expensive to do in-house. 

That’s why so many choose to out-source to firms like Thistle Initiatives. We can be pragmatic, flexible and tailor projects to each firm, leaning on the experience and knowledge of our specialist consultants to deliver fantastic results.

Lastly Sophie, and thank you for your time, with revenue growing year-on-year, and the new hires, what does the next several years look like for Thistle Initiatives and what are some of your goals?

Sophie Long: Looking to the future, we plan to continue our growth journey by offering a wider range of services to our dedicated client base. We also intend to continue providing the best experiences to our clients and team, keeping people at the core of our business. 

It’s this focus that will help us to really drive change across the management consultancy landscape.