Fintech and crypto companies often dismiss compliance as an expensive obstacle, but those that master it early don’t just survive regulatory scrutiny — they set industry standards. Carlos Martins, head of compliance at digital finance platform Currency.com, challenges the cost-sink narrative, demonstrating how compliance investment pays dividends through reduced penalty risk, easier fundraising and competitive advantages.
Among fast-scaling fintech and crypto companies, compliance is often seen as an obstacle to innovation. It slows down launches, causes customer friction and consumes resources that could otherwise be put towards growth and expansion. According to various reports, compliance costs can swallow up to 19% of a company’s annual revenue, depending on its size.
That said, I believe that this way of looking at things is quite short-sighted. Compliance is certainly not easy, but when done right, it does not stand in the way of innovation. If anything, it actually helps push it further. The important part is to treat it as part of the foundation from the start, rather than an afterthought.
The companies that master it early on are not only more likely to find success despite regulatory scrutiny but also set the standards for the whole market on how things should be done. The main challenge is for fintech players to change their mindset, reframing compliance from a cost sink into a driver of growth and long-term sustainability.
Why compliance still feels like a blocker
The way I see it, there are two core reasons why compliance continues to be seen as a problem: structure and culture.
Structural: Fintechs and crypto firms, by design, constantly experiment with new technologies and business models, pushing the limits of what’s possible. Regulators, however, inevitably lag behind this process. They are forced to play catch-up, trying to adapt old frameworks to fit new realities, which takes a lot of time and doesn’t always yield neat results. As such, startups often end up in regulatory gray zones, with products that don’t neatly align with established categories. This problem is then made worse when a business tries to scale internationally, since companies must figure out how to juggle rules that often shift considerably between jurisdictions.
Cultural: Many startups are fueled by a “move fast and break things” mentality. Quickly expanding user bases, transaction volumes and market shares often take priority over things like building resilient governance. Compliance is left for later — until regulators come knocking, and by then, it’s usually already too late. Fines, license suspensions and reputational damage are much harder to recover from than if you had simply avoided them to begin with.
Common misconceptions and fears
Over the years, I’ve come across several recurring misconceptions that deserve to be properly untangled and addressed.
Regulation is “one-size-fits-all”
Regulatory frameworks vary significantly across countries, which often causes friction for fast-scaling fintechs. Generally speaking, this is the result of three main factors: different jurisdictional approaches, sector-specific regulations and the distinction between rules-based and principles-based approaches.
That said, many systems today are hybrids, combining elements of various practices. For example, the European Union combines prescriptive requirements in areas like AML with principles-based rules in things like consumer protection.
For businesses, this means that there isn’t a universal template they can adopt to fit with everything. If you can’t consistently adapt your compliance frameworks to the changing requirements, it’s a guaranteed way to miss something and create costly legal holes.
Compliance is too expensive and slows us down
Costs and delays necessary to implement proper compliance practices are inevitable — that much is true. But they are also manageable if you see them as a strategic layer that adds value and stability to your business instead of as an obstacle.
One thing that is often overlooked is how all that investment can pay off in the end. Strong compliance reduces the risk of crippling penalties or reputational damage, both of which can wipe out years of growth in a single blow. It also creates operational resilience: when your systems are built on secure, transparent and regulator-friendly foundations, people notice.
On the one hand, regulators are less likely to press a company when it openly and proactively demonstrates that it’s compliant. On the other hand, having a proven track record here signals lower risks for partners and investors, which can lead to easier fundraising and better valuations. In other words, compliance becomes an accelerant, reducing friction across the board and shielding your business from shocks.
Compliance is just about preventing crime
Preventing things like fraud and money laundering is certainly a core part of compliance, yes, but it’s also about more than just that. It’s about establishing trust and building a reputation. Customers want to know that their money is safe, while regulators want assurance that they are dealing with a responsible company.
Businesses that turn compliance into simple box-ticking miss the broader picture. They may satisfy minimum regulatory requirements, but they won’t build resilience. In industries where consumer confidence is fragile and competition is intense, trust can be the deciding factor between growth and failure. A strong compliance stance signals that you’re a mature, responsible business ready for long-term commitment — and that’s something that both customers and investors value highly.
Build first, ask permission later
This mindset remains common in fintech — and it’s dangerous. There are three main reasons why startups fall into it:
- Pressure to grow at all costs: Many firms make only token efforts to implement compliance programs at the bare minimum to show investors that “something is in place.” However, this is not enough and risks exposing them to regulatory breaches down the line. They are pretty much setting themselves up for failure.
- Lack of financial expertise: Many founders and executives come from a tech background, rather than finance. They underestimate why financial regulations exist and the very real risks they mitigate. This blind spot creates top-down underinvestment in compliance that affects the whole organization.
- Desire to cut costs: Some firms seek out loosely regulated jurisdictions or cheap compliance tools. That may work in the short term, but it’s not an effective solution in the longer perspective. As businesses scale, more serious measures become necessary, and if you don’t implement them, it becomes a major problem when regulators finally catch up.
The bottom line: What works in software doesn’t translate directly into financial services, and the costs of retroactive compliance are always higher than embedding it upfront.
Steps needed to shift the mindset
What practical steps can a business take to shift in this mindset?
Build a hybrid compliance framework
In practical terms, this means anchoring the business with a rules-based foundation in areas where certainty is critical, such as KYC, AML and sanctions screening. These functions leave little room for interpretation, and detailed controls are essential to avoid breaches and penalties. And layered on top of this should be a principles-based approach that provides flexibility where innovation is required — such as product design, customer communication or emerging risks regulators haven’t fully defined yet.
This dual model gives firms the best of both worlds: the security of hard guardrails in high-risk areas, combined with the agility to adapt as markets and regulations evolve.
Leverage RegTech for greater agility
In today’s financial markets, legal frameworks change and evolve all the time. Staying ahead of them requires a technological edge, as manual effort simply doesn’t cut it anymore. Updates can come at any point, from any jurisdiction and trying to track them all by hand is not feasible.
A proper RegTech dashboard can automatically map a regulatory update to the relevant internal policies, reducing the lag between a rule change and its practical application.
Foster a company-wide culture of compliance
Compliance must extend beyond just the legal team — it needs to be part of your company’s DNA, supported by a strong internal culture and visible in product discussions, marketing strategies and customer service. Among other things, that means product managers asking, “How do we design this feature to be compliant from the start?” When compliance is visible in such conversations, it stops being a separate function and becomes a shared responsibility.
For this to happen, leadership has to set the tone. Allocating resources early signals that compliance is a priority, not an afterthought. Measuring culture through KPIs, employee surveys and audit results would help track whether teams truly internalize compliance or are simply “checking the boxes.”
Just as importantly, compliance milestones should be celebrated in the same way as product launches or sales wins are. Recognizing these achievements reinforces the idea that compliance contributes directly to the company’s success. And it helps build a shared sense of pride across teams instead of resistance.
Engage locally and proactively
Centralized compliance oversight is essential, but it needs to be balanced with local expertise. The variability of financial regulations means that learning to work with local watchdogs is essential if you want to achieve results.
Engaging local counsel and compliance professionals who understand the legal and cultural context ensures that your compliance measures can be adapted correctly to a specific market. It creates a locally effective compliance model that reduces risks while enabling smoother, faster market entry.
Beyond that, such relationships also create opportunities to engage constructively in policy development with local regulators. This way, you can build trust and position yourself as a leader in shaping the financial landscape in your target region.
How teams and leadership must evolve
Compliance culture starts at the top, with leaders setting the tone and leading by example. Those who frame it as a strategic advantage will naturally see compliance embedded across the organization. But when it is dismissed as a necessary evil, resistance will naturally follow at every level. The real measure of success here is whether employees see compliance as an extra burden or as a normal part of their job.
To track this, companies can combine a number of metrics, both qualitative and quantitative. For example, conducting employee surveys and gathering manager feedback will reveal how deeply compliance is understood and valued in your organization, while making use of indicators like incident reports, customer complaints and audit findings will help determine how well your policies are working in practice.
The key is continuity. Culture does not change through one-off workshops or slogans; you need to pursue consistent integration of compliance into daily operations and employee education.
Carlos Martins is the head of compliance at Currency.com, the global digital finance platform, where he leads AML oversight and compliance operations in Gibraltar. He also brings over 30 years of experience to the company, having held senior positions at institutions including Credit Suisse (Gibraltar) Limited and SG Hambros Bank. He is a GFSC-licensed EIF director and the chairperson of the Gibraltar Association of Compliance Officers. 
