HOST

Alexandre Berkovic

CEO at Sphinx

GUESTS

Nick Passarelli

Chief Compliance Officer At Melio

Passarelli covers deploying AI safely in production environments, addressing data infrastructure prerequisites, governance frameworks, and maintaining control while scaling compliance operations.

Episode Overview

In this episode, Nick Passarelli, Chief Compliance Officer at Melio, shares a candid look at what it actually takes to build and operate compliance programs inside fast-growing fintechs. Drawing from over two decades of experience spanning broker-dealers, crypto exchanges, and high-growth payments companies like Brex and Melio, Nick breaks down the difference between compliance as a checkbox exercise and compliance as a genuine business enabler. He explains why the best compliance cultures are built on simplicity — explaining the "why" to every team in the organization — and why flexibility in process design matters more than building the perfect control framework on day one.

The conversation dives deep into how modern compliance leaders should think about deploying AI in production. Nick argues that while AI creates real efficiencies — reducing research time from hours to minutes for high-risk case reviews — the industry is not yet at a point where AI should replace human decision-making on critical actions like customer onboarding or payment blocking. He emphasizes that strong governance, documented intended purpose, and QA processes must be established before any AI tool enters a compliance workflow. Nick also addresses the regulatory reality: regulators are still learning about AI, and companies that deploy it without explainable, well-documented frameworks risk serious enforcement consequences.

About Nick Passarelli

Nick Passarelli is the Chief Compliance Officer at Melio, the B2B payments platform recently acquired by Xero in a multi-billion dollar transaction. His career in compliance spans over 20 years, beginning unconventionally in corporate HR before transitioning to become the first dedicated CCO at Kellogg Partners in 2005. He subsequently built compliance programs from the ground up at DealerWeb, the crypto exchange LGO, and Brex during its hypergrowth phase from 200 to 1,200 employees.

Key Topics Discussed

  • Compliance as a Business Enabler — Why the best CCOs start with "yes" and work backward through regulatory frameworks to find creative paths that satisfy both regulators and product teams.
  • Building Compliance Programs from Scratch — Nick's philosophy of starting small and flexible — "build the Hyundai, not the Rolls-Royce" — so controls can scale with the business without requiring wholesale rebuilds.
  • AI in Compliance: What's Real vs. Noise — AI excels at reducing research noise and writing SAR narratives, but replacing human decision-makers entirely is premature given current regulatory expectations and governance gaps.
  • Governance Frameworks for AI Deployment — Why documented intended purpose, cross-functional sign-off, QA processes, and explainability to regulators must precede any AI integration into compliance workflows.
  • Fintech vs. Legacy Finance Compliance — In broker-dealer environments, rules are black and white; in fintech, compliance operates in gray areas that require constant regulator education and relationship-building.
  • Vendor Management and Contract Strategy — Why Nick deliberately signs short-term vendor contracts to maintain flexibility, even at higher annual cost, to avoid being locked into solutions that cannot scale.
  • The Emotional Weight of the CCO Role — Compliance is one of the few executive roles where performance is judged externally by regulators, and a single failed exam can undermine years of credibility.
  • Scaling Compliance Teams in Hypergrowth — The painful reality that many early compliance hires cannot scale with the company, and why CCOs must be willing to make difficult personnel decisions.
  • Measured Risk as a Leadership Philosophy — There is no riskless solution in compliance; experienced CCOs take calculated, well-documented risks that are explainable to regulators and partners.

Key Takeaways

  • AI in compliance should reduce noise and accelerate research — enabling analysts to handle 20 times more high-risk cases — but human judgment must remain on critical decisions like onboarding and payment blocking.
  • Before deploying AI in any compliance workflow, organizations need documented governance: intended purpose, QA cadence, cross-functional sign-off, and the ability to explain it clearly to regulators.
  • The biggest mistake fintech founders make with regulators is impatience — regulatory wheels move slowly, and pushing too hard damages the relationships you need most.
  • Build compliance controls with flexibility in mind: set bands that can be widened as the business grows rather than rigid systems that must be torn down and rebuilt.
  • Short-term vendor contracts cost more annually but protect against being locked into solutions that cannot scale with hypergrowth.
  • A culture of compliance means every team — sales, product, engineering — understands the "why" behind compliance requirements, not just the compliance team itself.
  • Transaction monitoring remains one of the most underrated and effective compliance controls, despite receiving less attention than trendier solutions.
  • Always ask for permission, not forgiveness — the conservative approach protects companies from enforcement actions that can take years to recover from.

Who Should Listen

  • Chief Compliance Officers and compliance leaders at fintechs evaluating how to integrate AI into their workflows responsibly
  • Fintech founders navigating their first regulatory exams or building compliance programs from scratch
  • Product and engineering leaders who need to understand how compliance requirements shape what can be built and how quickly
  • Risk management professionals balancing speed-to-market with regulatory safety in payments, lending, or money transmission
  • Anyone interested in the practical realities of AI governance frameworks in regulated financial services

Episode Transcript

All right, Nick. Pleasure having you here. >> Thank you for having me. This is great. No, this is great.

Beautiful studio. I'm happy to talk to you. Thank you. Um so yeah, listen, you've been in compliance for over two decades um before fintech was cool. Yes.

So, before CEOs even had a seat at the table and before AI in compliance was a buzzword. You've built programs that regulated broker-dealers and early crypto exchanges, Brex during hypergrowth, and most recently Melio through a multi-billion dollar acquisition by Xero. Um today I want to talk less about checklists and more about judgment taste and how those are formed over time. >> Right. So, yeah, listen, you've started in compliance early in the 2000s, long before most people even actively chose that path.

Um what originally pulled you into compliance? So, I started my career in corporate human resources. Uh did it for 7 years. Um I was George Clooney up in the air firing people uh at two big corporations that are unnamed on my LinkedIn and I will leave it as that. Great.

But that being said, I went to Kellogg in 2003 as their director of HR. It was a small company that spun off from Speer Leads Kellogg's. So, Kirk Kellogg um CEO uh hired me to be their head of HR. At the time, my CFO was doing compliance. >> Yeah.

We had New York Stock Exchange and American Stock Exchange uh and he needed help. So, he said, "Hey, HR guy, come on and help me." Uh so, I got into it. I helped them with exams. I helped them with various, you know, inquiries. And then I got good at it.

It spun into an opportunity working for Kevin Butler, who was the head of our institutional sales, Kellogg Partners. I became their first dedicated CCO in 2005. I got my Series 7, my Series 14, my Series 24. And off I went. So, that was how it all began.

It's quite unconventional. Like, usually it's people that were in law or audit. And you're in HR. How do you think that influenced the way you've been doing compliance for the last 20 years? >> Uh so, I'm one of those people that like leads with empathy, right?

And I'm always trying to look for the good in people and also there are a lot of similarities in terms of issue management and, you know, performance-based metrics and other things that tie into HR. So, for me, I thought it was kind of like a common and and a very like natural transition. Uh I kind of viewed compliance as what HR was in the early '90s, right? In the early '90s, you had a lot of office managers and admin assistants doing HR, then it became a full-time function. Yeah.

I think compliance kind of like went the same path. You had CFOs and office managers that were doing it. Now it's become its own dedicated function. So, a lot of comparisons between the HR path and how it started versus where compliance is now. >> No, that makes sense.

And so, as it became an actual function that is, you know, more common in every financial institution today, how do you see the difference between good compliance before and good compliance now? What has changed? Uh so, good compliance then was just getting the work done and making sure that you were good until the next audit. Now it is a year-long ongoing process. You have regulators, partners who are constantly evaluating what you're doing.

Where back in the day, it was just getting ready for those exams. So, now it it it is a a full-time function. It's something that everyone's a part of, not just the compliance team. It is something that we have a culture of compliance where I am and where I've been previously. So, that being said, it used to be, "Okay, we just have to get ready for the audits and we're good." And now it's, "Okay, we actually have a function built out and it's integrated into everything." What does a culture of compliance mean?

You know, I mean, we work with a lot of financially regulated entities and often times people see it as, you know, something that's going to drag you and that's going to slow you. Um how do you see it yourself? And like do you see it more as a growth enabler? What does a compliance culture mean? >> So, for me, it's having people understand why you're there, what it is you're doing, and I think, you know, taking a page of an old manager, Frederick Reynolds, who was my boss at Brex.

Now he's at FIA Now he's at Marqeta, sorry. Frederick always said, "Explain the why, right? Explain what it is you're doing, how compliance fits in, and explain it in terms that are simple to people, right?" And if you can explain the why and have everyone outside of compliance understand what it is you're doing, and if they buy into it, which they should, cuz they want to do the right thing, right? Then, you know, you get your sales people, your product teams, your engineering teams, all across the board getting an understanding of why you're there, how you're there to help enable the business, and that you always want to be in a state where whatever it is you're doing, you have checked all the boxes and made sure you're doing things the right way. So, for me, culture is having it embedded, but also having people understand in the simplest terms what it is you're trying to do.

So, what is compliance in the simplest terms? In the simplest terms, it's, again, you want to adhere to the, you know, applicable rules and regulations, but also doing the right thing, right? And and a lot of times, it's easy to say, "Okay, well, we'll just check the box and, you know, so on and so forth." But you want people to be mindful and thoughtful about how they build in, you know, different processes and policies and procedures and whatnot. And you want to give people flexibility to grow. One of the things that I talk about with my team is you want to build things that get from A to B and that are not too, you know, stringent.

So, I always say, "Don't build the Rolls the Rolls-Royce when the Hyundai will get you there, right?" And what that means in so many words, Alex, is that you want people to make sure that you have the controls in place, but at the same time you have flexibility so that business grows and business changes, you're not ripping it out and starting it over again. You can widen the bands, you can, you know, figure out the different metrics that go into it without having to do wholesale changes. That makes sense. And I feel like there's, to some extent, you know, one of the similarities maybe between compliance and HR is that, well, sometimes when you're doing HR, you're handling humans and you don't have perfect data on them, but you still have to make a decision. And it's a little bit the same with compliance.

Um the decisions rarely come with perfect data. Right. >> So, how do you learn to trust your judgment, especially when the stakes were real and visible? Well, it's funny you say perfect data because everything that we've been doing now and in my previous role is heavy metrics, right? Because think about it.

You can't ask for different, you know, programs, software, so on and so forth to help build your compliance program without some sort of data behind the why, right? So, for for example, if I say, "Hey, I'm building a trans Excuse me, transaction monitoring system. And we need this software." Why do you need this software? Okay, well, here are our payment types and here are the types of customers that we have and so on and so forth. I need data data to back that up to say, "Okay, this is why we need this type of a software.

And this is why, you know, it needs to look for these types of payments and these are the bands that we need to set." Everything we do is metric driven now and from a regulatory perspective, this is, you know, an expectation going forward. So, for us, everything that we do, you know, in terms of hiring people, you know, building processes, bringing in external vendors, is all metric driven because this is where we are now. And look, we have the data to do it. It's just bringing it together and making it make sense and then making sure that the data is valid so that it justifies and, you know, it validates what you do. 100%.

So, it seems you're often companies' first compliance trailblazer. I really like that question, by the I like that. Good. Absolutely. So, you were the first dedicated CCO at DealerWeb.

Mhm. Um spent nearly a decade building out its regulatory program. Mhm. Then you jumped to create a compliance framework from scratch at the crypto exchange LGO. >> Mhm.

Now Melio has brought you on as their first permanent Second. I was second. So, so this is So, there was a CCO before me. This is what my comms person said. Like, you were the second.

I said, "That's fair. Fine." Okay. Second chief compliance officer. Um what draws you to these ground zero compliance challenges? For me, it's an opportunity to build something from the ground up, right?

And really explaining, again, the why, right? Why you need a strong compliance program and why I can be the person to help build it for you. And also, building it in a way that provides the business flexibility. And I think it's something that I've gravitated towards throughout my career because when you can start and you can build something, it's easy to say, "Okay, cool. Like, we put some of the foundation in place.

Can we build off that or do we need to rip it out and now put something bigger in place?" I think when you go into an existing structure, especially if someone who's been there for a long time, they may have put in systems or processes or policies or whatever that can be hard to take apart because they're very rigid. And especially if they've signed long-term contracts with vendors that simply cannot, you know, scale with you, that presents its own challenges. I tend to take a very flexible approach when it comes to building my compliance program. With my vendors, I sign short-term contracts. Um I know it's easy to sign a five-six-year contract from, you know, uh from a monetary perspective, but if your business hyper grows in two years and then you're stuck and they can't do what they need to do for you, you are screwed.

So, for me, coming in ground up, hiring the people that you need to hire, having metrics base and, you know, validate everything that you're doing, and then from there like starting small and building and building and building. That's the approach I've always taken because anyone who comes in and is asking to build the $10 million mansion, you got to be really careful with that because if you build too much, then it's going to be hard to take it apart if you need to pivot. And so you've been, you know, at crypto and fast-growing fintechs which often goes into regulatory scrutiny. I mean, we've seen that like Revolut today doesn't even have a banking license with the UK. Right.

So, it's really tough to get there. How do you think about earning credibility with regulators, executives, and what not when you're coming in as a first compliance trailblazer in companies like those? It it's really again, how can I be a business enabler, right? Instead of saying I want to build the perfect compliance program and I want to do this and I want to do that. How can I build a compliance program that is satisfactory to my regulators, but gives my business the ability to do what they're doing without spending all this time on compliance, right?

And I think it's a very delicate balance, Alex, that you you go through over the course of your career, right? What are the things we need? How do we get them in place? Where can we start? And then from there, how can we build off that, but again, giving our business flexibility to do what it is they need to do to be innovative, to be creative, and at the same time establishing and maintaining relationships with our regulators and our partners because that's important, too.

In saying we comply with all of the rules and regs that we need to comply to, here are, you know, some examples of our policies, here are our processes, and it's a constant back and forth in terms of like, okay, we started here, the regulator comes back and says, okay, we need you to do a little bit more here. You explain it to the business, they understand, and it's a constant communication of where I am communicating regulatory and partner expectations with our business people, and making sure that there's harmony between everybody. Do you you've always gone into fast-growing businesses. Um how does your role change when a company moves from building fast to being audited and examined? Well, it it's it's interesting, right?

So, we just went through our first state exam at Melio, right? And I I thought the results were were very positive. Uh but there's a lot just like in any company that I've been in, right? You have to get people on board with what it means to be regulated. And regulators have a job to do.

They are looking at your processes, they're looking at your data, they're looking at everything that these people have built. And what I've always told my partners is take pride in what you do, you do good work. Let me help you explain what this means to the regulator, right? Because you are a great engineer, you're a great product person, you're a great operations person. It's my job to help explain your good work to the regulator and make sure that they believe that it is, you know, on par with their expectations.

So, that's my job is to you know, help the people who do the great work shine and then have the regulators understand that this is what we do and this is why we believe it is in compliance with your rules and regs. Uh and so far I think the balance has been good. And for me, I'm there to hold the hands of people because I never send a person in cold that doesn't understand and I never would because it's my job to be there as support. Cool. So, as I said, you've led compliance in broker-dealers, crypto, fintechs, uh payments.

What's fundamentally different about compliance in fintech versus legacy finance? Uh there's a lot of gray, right? So, in the broker-dealer world, RIA, the rules are very black and white. You know what you can do and you know what you can't do, right? But in the fintech world, you're innovative, you're trying to do things differently.

Instead of the traditional straight line of A to B, it's going to look like a squiggly or zigzag. And you have to help explain to the regulators what it is you're doing, why it still meets their rules, and at the same time how you're trying to shape innovation within the industry. And I think that's a very delicate balance, right? Having to talk to a regulator about what they're used to seeing and saying, "We do it differently, but we still comply." There's a lot of conversations, there's a lot of questions, there's a lot of "Okay, we can get comfortable with this, but it's a very long and slow process." Yeah, 100%. And there's something you said once that I thought was very interesting.

You said you've spoken about the death of corporate loyalty. >> Ah. Yes. Okay, I'm going to clarify this, but go ahead. Right.

You said loyalty used to earn you a pension, but now it earns you a pink slip. Um so I think that's a striking perspective. Um was there a personal turning point in your career that taught you this the hard way? Like perhaps after spending so long at one firm, um so how did you realize that, yeah, loyalty is equal to liability? >> It it it's a great question, and let me give the context behind why I said that.

I was on a podcast with my friend Maureen Cluff, who is it gets late early. She talks about ageism in tech, and I was a guest on her show. Now, where I was coming from with it is this. I think at larger companies, people tend to stay too long. They get comfortable, they do the right thing, and, you know, they make a lot of money.

And what I always tell my colleagues is this, if you're in a place where you've outgrown the role, and if you can see that it's shifting away from your skills and experiences, you either one have to do something else, or two, find something that is more in line within the company. So, for me I was coming from a perspective of people tend to stay in jobs too long for the wrong reasons. And what ends up happening is that if you stay too long and you're making too much money and people don't deem you as useful or valuable anymore, it's easy to cut. So, I always say stay ahead of the curve, make sure that you are added value and at the same time keep your skills current. And I think we're going to see this a lot now with AI in particular where people are going to say, "Oh, AI AI AI." Your company is either going to embrace it or not.

I think companies are starting to embrace it as a way to help their employees as a way to instead of cutting them. Now, some companies may take a different tact, but again, that's the context that I was coming from is don't get too complacent in your role because this can happen. And do you think that could apply as well to vendor relationships? Absolutely. 100%.

So, I am very deliberate with my vendors, right? I tend to sign short-term contracts because my view and my experience is this. If you sign too long of a contract and your company scales to a point that no one expected, more times than not, that vendor is of no use. And if you've got 2 years left on a 3-year contract and they can't do what you need them to do, then you're screwed. So, I've been in that situation before and even if it means paying a little bit more money on an annual basis, but just to make sure that they're still the right vendor, it allows you the flexibility to move on and get someone else if you scale or if they can't provide the level of service that you're used to having from them.

Yeah, 100% agree. And where do you think Fintech founders most consistently underestimate regulatory complexity? I think the biggest challenge they have is the speed, right? I always say the wheels of regulation move. They move slowly, but they move.

And when founders are so used to doing things fast, dealing with a regulator who has process, in a lot of cases bureaucracy, and in a lot of cases multiple hands in the cookie jar, it gets very frustrating for them. So, it's my job to understand, look, we're being persistent, we're being polite, but we're being persistent. And there's a line, you have to wait on the line. You can ask and you can make a case to, you know, get expedited, but you're waiting with everybody else. So, a lot of the state regulators now or in fact all state regulators are not just dealing with traditional money transmission, they're dealing with crypto as well.

So, more companies, more people, more, you know, more time to wait. We just have to, you know, be patient with it. Yeah, but when speed and safety generally conflicts, um, you know, sometimes you you need to open that new region. You need to scale into that new ICP. You need to to do it.

And like exactly to the point I was going over earlier, Revolut did it. They're announcing 30 more countries opening up, uh, this year. And yet the Bank of England still don't want to give them a banking license. >> Right. Right.

But theoretically, they're winning in terms of like what a fintech has to do to win. So, how do you decide which wins? Safety, speeds? Where's the Where's the line? Safety, because you always want to be in a place where you ask for permission and not for forgiveness, right?

And if you take the safe approach and you're not asking for forgiveness, it is the more conservative way. Now, you can still incorporate speed into it, but it's the job of compliance and legal to make sure that can we do this? What are the applicable rules? How do we fit into this framework? And then start having applicable conversations in terms of, hey, do we need boots on the ground?

What does it look like for licensing? And how do we prioritize from a business perspective which countries we want to attack first? So, there's a lot of due diligence behind the scenes, but you can't just sit there and say, okay, I'm going to plant my flag in this country and get going." Because if you do that and there are laws in place that no one had researched, you can get in very big trouble. So. >> And I'm curious to have your point.

So, for instance, us, so we're building a compliance analysts. And um we've helped companies scale to new regions faster because our AI agents know laws, regulations of certain countries, and fintechs don't have to hire a compliance team in those specific regions. Mhm. How do you think AI is going to level the playing field? And you know, where do you think might be the downsides and the upsides of it?

So, AI, I think you have to be very careful, right? I think AI in general, right, is very good at creating efficiencies, helping your analyst make more informed decisions by reducing noise, but I don't think we're in a place right now where AI is going to make a major decision in place of a human, right? So, for me, it's something that regulators are still very, very much learning about, and it's still a very new concept for them. And I think industry is going to shape what AI looks like with the regulators and saying, "Hey, we have a use case here where we can use AI to write SAR narratives. We can use AI to help streamline our KYC process.

We can use help AI to help streamline other processes that would require a a lot of manual work." So, again, it's being very deliberate in terms of how you use it, but I know that there are vendors out there and I won't mention names that would be like, "Replace your humans with AI completely." From a regulatory perspective, we're not there just yet. I think it might be a while to do it, and I think the safe approach that my company's using and other companies are using is, "Yeah, we embrace AI, but we're using it as a way to help our people." You're in the driver's seat. So, you know, everyone's talking about AI and compliance, it's super hot topic. >> Yep. What's real and what's noise?

So, again, going to you know, repeat my point earlier, it's creating efficiencies, right? How do we, and this is two points, right? One, help make our processes better, and how can we also integrate it into like our existing workflows? I think that's the other part that people forget, right? So, we have an existing workflow that our engineering team has built, and it goes from this to this to this to this to that.

We don't want AI to say, "Okay, we have to break that apart and do five different things." The engineers are going to turn around and say, "All right, we can do it, but it might take 4 to 6 months." Now, ultimately, if it's a better long-term play, we'll do it, but if we can incorporate AI to help move the process along quicker and more efficiently, we're going to certainly look to do it. And I think what's noise is people coming out and saying, "AI's going to replace people." >> I I think the very manual jobs, absolutely. Like, for example, I think with the accountants, the bookkeeper will go away. That is just a traditional manual intensive, you know, job, but I think accountants will leverage AI to help make their jobs more efficient because they'll be able to streamline accounts payable, accounts receivable, so on and so forth, all through technology. Yeah, no, I agree.

I mean, you know, for us, a decision we made early on is we have We're a tech company. Yeah. And we've incorporated an internal compliance team from day one. Right. To work with companies that are customers, to work with their compliance team, fine-tuning the models, make sure that escalated cases will be reviewed by our team as well, because we really believe in a human-first, well, at least human-in-the-loop workflow.

I'm really curious to understand, where does human judgment for you still matter and always will, no matter how good the tooling gets? So, decisioning on onboarding customers, decisioning on blocking or allowing payments, major decisions in terms of allowing someone on your platform versus not. And the way that I view it is we want people to make these decisions based on the information that they have in front of them. And what AI is going to do is reduce a lot of the noise that traditionally they would spend 2-3 hours researching, you know, a high-risk client. Now they get it in 5 minutes.

And what AI should be doing is instead of them spending all this time doing the research, that has been reduced to minimal and they can you know, make decisions on 20 times the amount of high-risk cases and determine, okay, we're they're going to onboard them or not. And if we onboard them or not, here's the rationale behind it. But really people have been spending too much time gathering information and not making decisions and AI is going to change that. I agree. Um but how do you you know, that there's always a question about liability?

Right. >> Like uh AI comes in, whether or not they make decisions, let's say that something was wrong, human uses it to make a decision, who's liable? Um and that's a big question. So, how would you say compliance compliance leaders should think about deploying AI responsibly without, you know, over-promising to regulators, without being unsafe, uh without being, you know, this issue of liability and risk. What are your thoughts on that?

Good governance, right? So, you want to document exactly what you're deploying AI to do, what its intended purpose is, your QA process, how often you're revisiting whether or not the control works, and that's part through through the QA. And really, it's you want to have a documented A to Z where instead of just deploying it into the process or into the work stream, it is well thought out ahead of time. You have different leaders within the organization, you know, whether it's product, engineering, risk, so on and so forth, all sign off on it, and then say, "Okay, here is the intended effect. Here is the effectiveness in terms of percentage rate." And and really it just has to be thoughtful from A to Z, but documented, and that's why governance is so important here because I think people are just so, you know, like they just want to get it into the workstream so quickly.

But if you don't document that, if you can't explain it legibly to your regulators, you're going to have big problems. And agree, but so how do you help teams get to the yes safely instead of defaulting to the no? I think like maybe fintech's less so, but like the, you know, the old, very regulated um banks, etc. will be scared of AI, will default to the no, and will maybe fall behind. How do you safely get to the yes?

So for me, the path always starts with yes, right? If it's not illegal or unethical, like we are going to look to do it. And I think what ends up happening, Alex, is there will be a lot of back and forth in terms of, "Okay, I know you want to do this, but regulation says this. Can we potentially move this in and pull this out?" And they're like, "Well, that's not really what we wanted to do, but okay." And and I think what ends up happening is you get in a lot of creative conversations with your product and engineering teams and come up with a solution that they're giving a little, you're giving a little, and I think the key, and this is something I always tell compliance leaders, is there's measured risk, right? There's never a riskless solution that is out there.

You always want to take measured risk, but it has to be well-thought-out, and it has to be explainable to your regulators and partners. And I think that has worked for me throughout my career, and and I always want to take measured risk when it helps to coming in and enabling my business because if I don't, then I'm not doing my job. Cool. No, I love it. Um so your LinkedIn headline describes you as bringing compliance with a personality.

So, you've kept a relatively low public profile for someone in such high-profile roles. Yeah. You're not on the conference stage every month or flooding LinkedIn with posts like me. Mhm. Um, some might say you lead more quietly behind the scenes.

Yeah. Is that intentional? Yes. So, I have never been one to look for opportunities to do panels and speaking and so on and so forth. Most of it has been people reaching out to me, companies, you know, colleagues, so on and so forth.

I know some compliance people that are out on the circuit all the time, and that's fine, but if I'm not in the office and if I'm not with my people regularly, then what am I doing, right? Um, I want to make sure that I have a finger on the pulse, that I know what my team is up to at all times. If I am speaking at five or six of these panels every month, Yeah. it's really hard to do. Uh, so for me, I also go through a process, just like I have at every company, where you have to get it pre-approved, just like here, and making sure that they understand the agenda and, you know, what it is we want to talk about.

But again, I'm very intentional about how I spend my time, and my time is best served if I'm spending most of it, you know, devoted to my company. And if I'm constantly looking for opportunities to speak, then I don't think I am doing my job for my company. >> does compliance with a personality mean? Uh, you know, how you let your personality shine through in your leadership style. When people think compliance, they usually think dry, they think stale, boring.

Right. >> And look, I know a lot of lawyers, and look, my wife's a lawyer, and she's great. >> Yeah, yeah, exactly. Uh, don't strike that, honey. Um, it's one of those things where because of my personality and because I'm very outgoing and because I'm very extroverted, people have always gravitated towards me and they're like, "You're the compliance guy.

I can't believe it." But, it helps establish trust. I build relationships and people will come to me and say, "Hey Nick, you know, can we talk about this?" If you've built that trust and you have those relationships, it's a lot easier to get people to buy into it as opposed to you're just the dry compliance guy that waits for people to come to them and say yes or no. I've always been very active in terms of my outreach and I've always been very active working with my people. I want them to know that I'm there for them and I think it's resonated well throughout my career. I think that's interesting because, you know, we often see compliance as being like, "Ugh, we have to go through compliance." And oh my god, it's going to slow us down.

And oh, compliance is such a pain. So, you'll always have that. Um, what part of being a CCO do people under- underestimate emotionally? When things don't go well, right? And and the hard part is you can build a great process, you can have a great policy, you can have a great procedure, you can have an excellent control and something goes wrong, right?

Like, we didn't see that coming, right? I curse, so so I apologize about that. But, um, it's one of those things where the unexpected happens and a regulator notices or a partner notices and says, "What happened here?" And taking that back with you to say, "Okay, I thought we had, you know, considered every option here. This is new. We have to do better.

We have to make sure that this doesn't happen again." And it's that knowing and and you know, one of the things about compliance and I talk about this all the time. It's one of the few roles as the CCO where your performance is judged externally, right? People can love Nick. Nick is a great leader. Nick is a great guy.

We trust him. We respect him. But, if you get creamed on a regulatory exam, then you can throw all that out of the window because that's that's part of my job. My job is to protect the company, make sure that we're doing things the right way, and if the regulators come in and crush us, then I'm not doing my job. It's It's interesting cuz I'd say, you know, it's one of those jobs where there's a saying like a reputation takes uh 10 years to build and it can be killed in one day.

>> That's right. And I feel like compliance is exactly the same. Um you can do your job incredibly well for 6 7 8 8 years, I don't know, and then one regulatory exam fails and it's basically over. Um do you see it that way? Is there ways to salvage it?

Um I I wouldn't say over, but if it goes in a manner that you didn't anticipate, it's really hard to build back. So, here's an example, right? If things examiner comes in and they have significant findings like you're not doing this and you're not doing this and you're not doing that as opposed to like you could be doing this better, and it becomes a we're going to refer this to enforcement, we're going to find you, those are the things that keep compliance officers up at night, right? It is the okay, like I can live with doing better, but if they're saying our controls failed, then that becomes a major major problem. Then leadership starts to question what you're doing and why are you even here and so on and so forth.

Not not, you know, not to say that this has happened to me, but at the same time, this is what is, you know, driving the fear in compliance officers is if these things go really really bad and you get to a point where like there's monetary fines and, you know, enforcement actions, that is what keeps people up at night. What's the hardest compliance decision you've had to make? I don't know how much you can disclose, but I I would say in general having to fire people on your team Yeah. because especially if you've hired them, right? And a lot of times you start a business and, you you you grow really fast and then you see the person that you hired may not be scaling at the pace that you need them to scale, right?

I always talked about this with my time, you know, my previous company at Brex, right? Like, we went from 200 to 1,200 like right away, right? And And this isn't a Brex thing, this is just in general, right? Some people are really good at 1 to 50, 50 to 100, 100 to 200, but then you get to 200 plus, and the people that you hired 3 years ago may not be able to scale with their may not want to scale, right? And I've seen this throughout my career where a job gets really fast, and then all of a sudden it's like, "Okay, we need to start doing more now." And it's like, "Well, I only did these four things at my last job, and this is what you hired me to do." Well, now I need you to do to do to do 12 things.

And because of it, like, you can try and grow and build your team, but in compliance, right, you can't go and ask for triple your head count in in 6 months, not going to work. So, you have to get inventive, you have to get creative, and sometimes the people that you've hired who can't scale with you, it becomes a challenge, and if you have to move on from them, then so be it. How has your risk tolerance change as you've gotten more senior? I I think I've taken more risk, for sure. No question about it, right?

Because I understand the regulatory framework, I have relationships with enough regulators where I know what we can do and what we can't do, and then I can work with them on those gray area and explain why I believe it fits the framework, but I'm always business enabling. Like, I want our business to grow, and I want our business to succeed. I never want to be the person that puts my hand out and say, "No, we can't do that," right? I don't operate that way, and I always want to find the path to yes. Lovely.

How do you decompress from spending your career thinking about things going wrong? I love it. I am So, I am an avid uh CrossFitter and and hot yoga. So, I do CrossFit 3 days a week. Uh I just turned 52 on Saturday, so uh I I I lift heavy weights, that's my thing.

I also like doing hot yoga and being in a 98 degree studio with 30 other people sweating. Um so for me, decompression is through exercise, spending time with my family. I have two teenagers at home, one who is going to college next year. So, I have limited time with her before she goes off and obviously with my wife spending as much time as I can with her. So, for me, it's being with my family, exercising, and I think the exercise is so important because it's something that every time I exercise like I did this morning, I hit a class and I got on the train and boom, here I am, but I'm always in a better mental frame when I've exercised.

Love it. We're going to end this on a quick rapid fire. Let's hear it. Yeah, let's do 10 questions quickly and then we'll be done. One word that defines great compliance leadership.

Flexibility. What's the most overrated compliance trend right now? Oh boy. Um God, overrated. Going all in on AI.

Most underrated control that actually works. Ooh, underrated control. Good question. I think transaction monitoring. What's the biggest mistake fintech founders make with regulators?

Being impatient. The hardest thing to explain to non-compliance exec. Oh God. Why you're there. I love it.

One compliance task you'd automate tomorrow. One compliance task you'd automate tomorrow. Oh boy. Um I I think writing narratives because I've learned that people when it comes to writing in general aren't that good. If AI can write narratives and then we can refine them, I would do it all day.

>> We'll chat after this. >> Yeah, absolutely. Yeah, totally. Um a red flag you spot instantly in young fintechs. Ooh.

Um asking why they need compliance. Yeah, that's for sure. Yep. What's the skill future CCOs must develop. Ah.

I think, again, I keep saying this, flexibility. You need to be flexible. You can't continue to be in a rigid mindset because you'll never grow and you'll never get those opportunities. What's one hill you'll always die on in compliance? Defending my people.

Uh if if they do the right thing and it's been well-thought-out, if it doesn't work out, I'll always say they you know, thought about it, we talked through the process, and it didn't work, but it was the right decision. Last one, if you weren't in compliance, what would you be doing? >> god, I'd be in sales, absolutely. I would be in sales. I would absolutely be in sales, no You crush it.

Yeah. I I think I would, yeah. >> You would, 100%. Listen, Nick, it's a pleasure having you on the podcast today. Really enjoyed that and yeah, we'll catch up soon.

We need a part two. 100%. >> Cool. Thank you. Thank you.

View full transcript

Subscribe to the Podcast

Get new episodes in your inbox

Thanks for subscribing! New episodes are on the way.
Oops! Something went wrong while submitting the form.