What Does It Take to Build a Real Compliance Program in Crypto?
.png)
As the crypto ecosystem matures, building a robust compliance program has become a must, not just for obtaining licenses, but for protecting users, managing risk, and scaling responsibly.
At Paris Blockchain Week, ComPilot hosted a panel with compliance leaders who operate at the front lines of regulation in Web3. The conversation covered what a true compliance program entails, why it’s so complex, and how crypto companies are handling the growing operational load.
This session featured:
- Delphine Forma, Head of Policy Europe at Solidus Labs
- Cécile Henry, Head of Compliance & Legal at Meria and Deskoin, and Co-Founder of Seqlense
- André Dibé, CEO & Co-Founder of Kamea Labs
- Moderated by Vanessa Moreno, Head of Marketing at ComPilot
What Is a Crypto Compliance Program, Really?
To kick off the conversation, Vanessa asked what it actually means to “implement a compliance program” in crypto.
Delphine answered:
“That’s a broad topic. A compliance program involves a lot of layers, and it always starts with regulatory compliance. You have to understand the regulation in the country where you’re located and where your clients are.”
She outlined the main components:
Regulatory Compliance
Understanding local and international regulation, developing a licensing strategy, and ensuring compliance across jurisdictions.
Market Conduct
This includes everything from:
- Disclosures and marketing rules
- Customer targeting restrictions
- Suitability and appropriateness tests (especially in the EU)
“It’s not just about what you say, but how you say it, and who you say it to.”
Risk Assessment
Every compliance program must be rooted in a risk-based approach. Companies need to evaluate:
- What their customers are doing
- How that behavior changes their risk profile
- How that should adjust the compliance process
Financial Crime Prevention and Onboarding
Delphine emphasized that financial crime prevention is one of the biggest operational challenges (and cost centers) in crypto compliance:
“It starts with onboarding: identity verification, fraud prevention systems, sanction screening, blockchain analytics, and the Travel Rule. And it doesn’t stop there.”
She outlined the full lifecycle of compliance:
- Ongoing transaction monitoring
- Trade surveillance
- Dynamic risk scoring as customer behavior changes
- Alerts investigation, done by real people, not just tools
- Reporting officers in every jurisdiction
- Law enforcement requests, which can come unexpectedly and require urgent action
Cécile added that compliance teams are also dealing with emerging requirements like DAC8 and FIDA, which will add new tax and reporting obligations across Europe.
“Sometimes it’s not even regulators. It’s notaries, lawyers, enforcement officers… They show up with mandates, and everything stops. You drop what you’re doing and handle it.”
Data Protection, Breaches, and Real-World Pressure
The conversation shifted to data protection and breach management. Delphine shared:
“Sometimes, it’s a Saturday night, and you're not sure if there’s been a hack. But you still need to figure out what happened, fast, and decide who to notify and how.”
As most crypto companies operate across borders, coordinating a response becomes even more complicated.
Compliance Is a Shared Burden, Even for Compliance Teams
Cécile made a point often forgotten:
“People complain about having to fill in a KYC form. But compliance officers do the same. We go through KYC with counterparties, providers, even banks. We know how painful it is, we live it too.”
Crypto Compliance Teams Are Lean But Surprisingly Advanced
One surprising takeaway? Crypto compliance teams are small, but often more advanced than their TradFi counterparts.
“We’ve got better tools, better automation, and more transparency. In some ways, it’s crazy that we’re still seen as the riskiest players,” said Cécile.
“You’d be insane to try to launder money through blockchain,” she added. “You might not get caught today, but tomorrow, we’ll find it. That’s the reality.”
Why “Compliance by Design” Is the Only Way to Scale
André closed the session by highlighting the startup founder’s perspective:
“You can’t bolt on compliance after you’ve launched. If you build first and try to ‘regulate’ it later, it’ll cost you more in time, energy, and money.”
His team at Kamea Labs implemented compliance by design from day one, treating compliance like product infrastructure.
“It’s just like tech. You need someone to build the system from the start. If we didn’t have automation tools, it would be impossible to manage everything with such small teams.”
The Future of Crypto Compliance Is Transparent, Automated and Built In
Despite the complexity, the panelists agreed: crypto is pushing compliance forward, not backward. With transparent systems, real-time analytics, and automation, the crypto industry is building smarter, leaner, and more accountable compliance operations than many traditional institutions.
At ComPilot, we’re proud to help enable that shift, powering the tools and workflows that let teams scale compliance alongside their product. You want to learn more about how we can simplify all your compliance workflows with just one tool? Book a demo with our team.
Watch the full workshop on YouTube.
.png)
