Job DescriptionReporting to the Global Head of Sanctions and Cross-Border Risk, the Vice President will build, lead, and operate the global 2LOD financial crimes oversight framework for third-party payment processors and business activities.
This role has global 2LOD portfolio-level accountability for financial crime oversight of all third-party relationships, including but not limited to ATM networks, joint ventures, marketplaces, wallets, bill pay providers, embedded finance partners, acquiring models, program managers, payment facilitators, and other network-based payment structures across U.S. and international legal entities. This will ensure that potential regulatory exposure across AXP's global network is identified, understood, and addressed in a consistent manner across all markets and lines of business.
This role carries explicit 2LOD authority to help establish enforceable standards, escalate areas for remediation, escalate material risks, drive the 1LOD to adhere to partner consequence management standards, and recommend to 1LOD that contractual compliance expectations are consistently applied globally. This will require extensive collaboration across markets, lines of business, lines of defense, and the regional heads of GFCC.
This is a hybrid role requiring presence in an American Express office at least three days per week.
ResponsibilitiesKey ResponsibilitiesGlobal Oversight, Risk Governance, & New Product Approval- Design, implement, and operate a comprehensive global 2LOD oversight framework for all third-party partners aligned with enterprise financial crime risk management standards.
- Lead 1LOD in use of the New Product Approval (NPA; inclusive of M&A and Corp. Dev. Initiatives, where applicable) for all new third-party partnerships and payment models, ensuring business partners understand the financial crime risks which have been identified, have been assessed, mitigated, and controls have been formally approved prior to launch.
- Ensure 1LOD monitors all third-party partner activity operate within established financial crime risk appetite; escalate material deviations to 1LOD business partners and GFCC leadership, drive effective challenge and consequence management where necessary, and formally document risk acceptance decisions where required.
- Ensure the First Line of Defense (1LOD) independently risk-ranks all third-party relationships based on inherent and residual risk.
- Partner with the GFCC Risk Assessment team to conduct independent 2LOD financial crime risk assessments for all material third-party relationships and validate the appropriateness of 1LOD risk rankings.
- Ensure, where applicable, 1LOD partner risk ratings are independently validated and used to drive differentiated oversight, including on-going monitoring intensity, periodic and trigger-based review frequency, escalation thresholds, control testing depth, and enhanced monitoring.
- Participate in relevant 1LOD monitoring councils and committees across all business lines to ensure consistent monitoring expectations, rule calibration standards, investigative trend analysis, and escalation protocols.
- Coordinate closely among the three Regional GFCC leaders, Line of Business Compliance Officers (LOBCOs), 1LOD, and relevant business lines to ensure globally consistent oversight while addressing jurisdiction-specific regulatory requirements and market nuances.
- Oversee and, as appropriate, drive across all regions various GFCC project milestones, deliverables, and implementation tasks as they relate to third-party oversight.
- Attend and present material risks, emerging trends, and escalations to senior leadership and formal risk committees and boards across U.S. and international legal entities.
- Ensure enforcement actions and escalation standards are consistently applied across regions and business lines, while maintaining jurisdictional flexibility due to local regulations and market particularities.
Cross-Functional Enterprise Integration- Establish and lead a formal cross-functional governance framework to assist the three regional teams to drive a consistent and coordinated approach.
- Ensure 1LOD embeds financial crime requirements into:
- RFP and partner selection processes
- Commercial structuring and partnership design
- Contract negotiation and drafting
- API and system architecture design
- Data connectivity standards
- Ongoing operational oversight frameworks.
- Work directly with 1LOD and Legal to define, negotiate, and enforce contractual financial crime provisions, including:
- Data sharing obligations
- Transaction monitoring rule coverage expectations
- Sanctions screening standards
- Control attestation requirements
- Independent validation rights
- Audit access rights
- Defined remediation SLAs
- Escalation pathways
- Termination triggers for material control failures.
- Provide early-stage financial crime advisory input, with the 1LOD, into new payment models and strategic partnerships, ensuring the business incorporates compliance design requirements and compliance cost implications into commercial decision-making.
- Coordinate, with 1LOD, BOP updates and off-cycle regulatory announcements impacting third-party relationships and ensure appropriate communication and implementation across jurisdictions.
- Ensure 1LOD works with Technology, and Data Governance to operationalize third-party partner data ingestion, validation, and integration into American Express monitoring and sanctions systems.
- Coordinate with 1LOD, Privacy, and jurisdictional legal teams to address cross-border data transfer and data localization constraints while maintaining regulatory compliance.
Monitoring, Investigations & Holistic Partner Outreach- Evaluate 1LOD partner diligence to ensure partner programs and controls sufficiently mitigate transaction monitoring, anti-bribery and corruption, and sanctions screening risks.
- Lead, as needed, 2LOD investigations into material partner control failures.
- Independently review and challenge 1LOD with partner supplied documentation relating to:
- Transaction monitoring outputs
- Sanctions matches and screening findings
- Investigative case trends
- SAR filing patterns and typologies.
- Monitor that 1LOD investigative and screening findings are clearly understood, documented, and appropriately shared with business leadership.
- Monitor 1LOD ongoing periodic and trigger-based monitoring of third-party partners, including:
- Annual or risk-tier-based reviews
- Event-driven and trigger-based reviews (regulatory change, adverse media, jurisdictional updates, control breakdowns)
- Enhanced monitoring for high-risk partners.
Holistic RFI & Partner Outreach Governance- Oversee 1LOD design and implementation of a global RFI framework for third-party oversight.
- Provide challenge on 1LOD defined required data elements, documentation standards, control evidence expectations, and response timelines.
- Monitor 1LOD implementation of a structured RFI follow-up process including:
- Gap analysis and deficiency tracking
- Formal remediation plans with defined SLAs
- Escalation triggers for inadequate or incomplete responses
- Senior-level engagement where necessary
- Integration of RFI findings into partner risk ratings and oversight intensity.
Global Third-Party Partner Financial Crime Center of Excellence (CoE)- Provide enterprise 2LOD FC subject matter expertise for third-party partner questions and oversight.
Data, Monitoring & Control Standards- Monitor 1LOD data, monitoring, and control standards related to:
- Set minimum required partner data elements and system attributes
- Establish API and data ingestion SLA templates and partner data dictionary requirements
- Define minimum data completeness, accuracy, and timeliness thresholds
- Implement independent data quality validation processes
- Require partner attestations and independent validation within defined SLAs
- Maintain audit and regulator-ready documentation, including onboarding evidence, monitoring coverage mapping, control attestations, and escalation documentation.
Authority, Escalation & Consequence ManagementThis role carries explicit 2LOD authority to:
- Provide oversight and challenge to block or hold of onboarding of third-party partners until required remediation is completed.
- Recommend remediation within defined SLAs and independently validate closure.
- Recommend contractual termination to GCO and Business leadership if critical gaps remain unresolved.
- Recommend 1LOD escalate material risks to formal risk committees and present for documented risk acceptance.
Third-Party Oversight Coordination- Coordinate financial crime oversight considerations between third-party (Amex-issued and controlled) and other payment models to ensure consistency in standards, monitoring expectations, escalation thresholds, and risk governance practices.
- Identify and assess areas of interdependency between third-party models where transaction flows, shared customers, network connectivity, data exchange, or operational dependencies create overlapping financial crime risk exposure.
- Ensure monitoring typologies, sanctions and anti-bribery and corruption screening expectations, rule calibration standards, investigative escalation protocols, and control validation frameworks are harmonized where appropriate across third-party ecosystems.
- Partner with 1LOD third-party oversight teams to share investigative findings, emerging typologies, regulatory expectations, enforcement trends, and thematic risk insights.
- Escalate systemic financial crime risks that span third-party environments to senior GFCC leadership and relevant governance boards, committees, and forums.
- Ensure consistent application of risk appetite, escalation standards, and consequence management across third-party models where risk exposure intersects.
Regional Operations & Oversight Teams- Establish structured coordination mechanisms with regional GFCC oversight and operations teams across the three regional teams.
- Ensure regional teams implement globally defined third-party oversight standards while appropriately adapting to jurisdiction-specific regulatory requirements and expectations.
- Drive consistent application of monitoring rule calibration standards, sanctions screening expectations, RFI governance frameworks, remediation tracking, escalation protocols, and consequence management across all regions.
- Coordinate closely with the three regional GFCC leaders and GNS LOBCOs to align oversight methodologies, risk tiering approaches, and regulatory engagement strategies.
- Align regional operations with GFCC project and program milestones, ensuring consistent implementation of new standards, processes, and control enhancements across all markets.
- Ensure enforcement actions, remediation expectations, and contractual consequence management are applied consistently across GFCC regions.
- Coordinate and drive cross-regional projects, such as Sanctions Remediation, Fraud Referrals, and the regionalization of investigative teams, other projects with cross-border applicability, with alignment and close coordination with regional GFCC leaders.
Reporting, KPIs & Program Outcomes- Drive 1LOD to own and deliver consolidated global reporting across all business lines and regions.
Provide challenge to 1LOD defined KPIs.
QualificationsMinimum Qualifications- 10+ years of experience in Financial Crime Compliance, AML/CFT, Sanctions, Third-Party Risk Management, or Payments Compliance within a global financial services firm.
- Direct, hands-on responsibility overseeing third-party payment processors, card issuers, payment facilitators, marketplaces, digital wallets, embedded finance models, acquiring models, or network-based payment ecosystems.
- Experience overseeing New Product Approval (NPA) processes from a financial crime perspective.
- Experience with transaction monitoring systems, sanctions screening frameworks, and partner data ingestion requirements.
- Strong executive communication skills and experience presenting to senior leadership and to risk committees and boards.
- Experience working in a matrixed environment and leading without direct reporting authority.
- College degree required.
Preferred Qualifications- Professional certifications such as CAMS, CRCM, or CFE strongly desired.
- Experience in global network, issuing, or acquiring models.
- Experience managing cross-border data privacy constraints within financial crime frameworks.
- Experience supervising independent third-party control assessments or external audit providers.
- Experience across non-US jurisdictions for a large global financial service firm.
- Experience working outside the United States for a large global financial services firm.
- Experience in other internal business units, with prior 2LOD and 1LOD experience.
