Compliance may not be the first specialty that comes to mind when you think of super exciting, in-demand ops specialities... but today's podcast may change your mind. 👀
We're talking about what exactly compliance is with someone who's built her career in one of the most regulated industries out there—finance! And then, because that wasn't hard enough, she ventured into the world of digital currencies and never looked back.
So why are great compliance folks so in demand? What exactly do they do all day? And why is it a career specialization you may want to consider?
We're digging into all these questions and more!
About Our Guest
Our guest is Nikki Gonçalves, Director of Compliance at Fold.
Nikki started her career in PR and customer support before she discovered compliance and realized she could make a career out of her expert-level internet sleuthing skills. 🔎
As a first-generation immigrant to the US, Nikki was drawn to FinTech companies that made credit and banking more accessible. And now that same passion has led her to the world of crypto—where she spends her days helping startups stay compliant with ever-changing regulations for digital currencies... and her nights fending off a barrage of LinkedIn job opportunities. 🌶️
About this Episode
In this episode, we chat about:
- What compliance is—and why it's especially important for FinTech startups and those working with digital currencies
- How she initially got into Bitcoin and why she's passionate about making financial tools more accessible
- Why "let's get creative" is her least favorite phrase
- How early career roles in compliance are kind of like being a private investigator 🕵️♀️
- The certifications that Nikki got to make herself more marketable—and whether or not she thinks they're worth it
... and so much more!
You can listen to Opsy on your favorite podcast platform, including:
Runner connects outstanding operations talent with inclusive startups who need their skills on a fractional or temp-to-perm basis. No more cheap gigs, horrible bosses, or miserable schedules.
Visit hirerunner.co to apply today.
Stay in Touch
Welcome to Opsy, a podcast for people doing opsy work in tech. I'm your host, Caro Griffin. Every month I dig into what Opsy work really is by talking to an operations pro who has something really cool to teach us—in a traditional part of ops like HR or finance, or a newer specialty like no-code ops or marketing ops. Thanks for listening!
This episode is sponsored by Runner, a platform that connects outstanding operational talent with inclusive companies.
Today, we're talking to Nikki Goncalves, the Director of Compliance at Fold, a debit card that allows you to earn Bitcoin with every purchase.
Nikki and I met through a mutual friend here in Mexico City, and she's one of those people who are super low key about what they do for work. I don't think I even really knew for months what she did. And then, when she started talking about it, I was like…I think you are like a legit badass.
Overtime, that's only been proven true. Because the more I learned about Nikki and her work, I realized, yeah, she is 100% a legit badass!
So what is compliance exactly? Well, compliance folks are the operations people who make sure a company and its employees follow all the laws, regulations and standards that apply for your location, industry, and so on.
Some companies have limited compliance needs because they operate in a space that's not heavily regulated, whereas others like finance for example have lots of compliance needs.
Obviously, this is a tricky job no matter where you work. But, being in charge of compliance at a company that's operating in a field like Bitcoin where all the rules are still being figured out, now that's a whole other challenge. So let's dig in and learn more about how Nikki tackles it.
Well, thanks so much for joining me today, Nikki. I'm really excited to have you and to talk about what I'm sure everyone knows is a super sexy topic, compliance.
Yes, very sexy. I don't know if the startup CEO will consider it a sexy topic, but yeah.
Well, I've obviously known you a little while now and have heard in your own words how you got into this. Not every little girl grows up and knows that they want to be head of compliance. So let's start at the beginning. Tell us a little bit about your career path and how you got here today.
My career in compliance, I happened to stumble upon it.
In college, I studied PR. I did not know anything about compliance when I was in college. No professor, nobody ever talks about compliance in general. After college, I was working in PR marketing for Hyundai, enjoyed the job, unfortunately did not work out.
I had a friend who was living in San Francisco who basically convinced me to move to San Francisco and basically have a start over career-wise and life-wise, also.
I moved to San Francisco and I was working as a customer service for one of the startups over there. That job lasted for nine months, as most startups. Some make it, some don't. [That] startup just happened to be one of them that did not make it. After nine months, they had to shut down and I was left to find a new job in a new city that I'd been in and I stumbled upon this company called LendingClub.
At the time, LendingClub was known as the grandfather of basically anything related to peer-to-peer lending, which is a completely new concept of how to borrow money not going to your regular standard brick and mortar bank, to make an application and wait and see if they approve it or not.
LendingClub was just a company that was like, we want to cater for the ones who were usually denied by the bank. It's like a new concept and it was just super popular. They took me in as a customer service agent and that was basically the start of my career in compliance because I was working out for this FinTech company and then I started hearing the words out there like, oh, you have to send it to the compliance team, the OFAC team. And I was like, what is OFAC?
What is OFAC? I don't even know that acronym. Please define that for us.
Yes, the OFAC team is the Office of Foreign Assets Control.
Oh, wow, I wouldn’t have gotten there.
But that was basically the start of [it]. We'll handle calls, and somebody will be like, oh, the OFAC team is handling that, so you have to escalate to them, or the compliance team is handling that so you have to escalate to them. It was just like, "Who are these people and what do they do?"
Being that the company was also super big at that point, so multiple offices in San Francisco, you'd have to go to this street, go to the other office, go to the other office. I started talking with different people in different departments from the credit risk department and they were like, "Yeah, I have a friend who works in the compliance team. You should meet them."
I ended up meeting a person who was the supervisor of the compliance team at the time and they mentioned that they were having a backlog of things that they had to work on due to a recent audit that happened. They discovered there were gaps and they have a backlog that his own team alone cannot fix it. They need to borrow more people from within the company to come and jump in and basically help so they can finish it on time.
I was like, "I don't know anything about this. But if you guys are willing to tell me like, ‘Do this, do this, do this,’ I am definitely here to help. You just need to talk to my supervisor. Please do talk to my supervisor because I'd be really willing to be helping. I want the company to make the deadline." Because this was a deadline that was given to us at the time by the DOJ office. The company LendingClub was being audited.
So like a real deadline, not like a startup deadline. Okay.
Yeah, this is like a legit deadline that you had to comply. Iyou did not comply, that would result in some fines and some other disciplinary action that they had to do. If they don't, we're going to be in trouble. So me volunteering myself and the guy went to talk to my supervisor, my supervisor approves for me to go ahead and help them for the six months that they needed.
Me, being a person who loves to be in everybody's business I was just like, "Yes, I'm investigating everybody to figure out what they're doing, going on people's Facebook? Yes."
I love that that's how you draw that line like, “I'm investigating, I need to be in everyone's business.” That's why I have a podcast. I get to ask a bunch of nosy questions and be like, "Nikki, tell me all about your job."
But again, I love that you found that opening in a time where the company was really motivated to get some extra hands-on-deck and use that to get them to train you. So, you did that project and then how did you stick around in compliance from there?
Yeah, so the project lasted for six months and we made sure we completed the deadline. Of course, as a result of that sale, the company still did end up getting fined. That whole event, it happened because of something that the CEO did at the time. In the company, it’s known as Mother's Day. We now think of Mother's Day differently because that's when it happened. But the pressure was done.
Then the supervisor of the team basically was just like, "I was really impressed with how quickly you were able to pick up on things to use our tools and system. [You] not only understood the assignment, but when I say I want to deep dive on this individual, you gathered everything and your analysis of the writing report, it was very detail oriented. It seemed like you were working in this space already for a while. So I do have an opening for only one position, but I have five different people who also mentioned they had interest. But I wanted to let you know that you should apply." Because he had talked to everybody who he thought would be a good match.
It was me and five other people within the company that was also interested in getting into compliance. I applied. I was the one that was chosen.
You were The One, capital T O, The One. That's great. And I love that.
Also, I just feel like only I have to put a plug in here because I just feel like that's so much the support and sponsorship that I want to see more of. Like,"Hey, these other people have already thrown their hat in the ring. You should be throwing yours in too. Let's do this." Because yeah, that's great. Because then you did it and you got it and now you have this great career! Love it.
Yeah, I have him to thank, Paul Wong. I'm like, "Thank you, Paul." Because if he did not tell me… Because I am one of those people, especially at that early stage, I enjoyed it for the six months I was doing it. But at the same time, it's like that fear is like, "Well, I don't think I'm qualified. This was nice, but I think I'll just go back to doing the job that I was doing."
So, it was nice for him to recognize that and to be like, "Hey, you should do this. You should apply for it."
And that's the theme I see all the time. When I talk to great ops people here, just these people that I think of as the experts, and they're like, "Well, I wasn't really sure." And it's like, yes, you do need that outside voice being like, "No, you got this. I see this potential. You're totally capable. Go for it." Because clearly you were and you are.
So you got the job at LendingClub and you've stuck around in, I guess, FinTech as we call startups in the financial services industry. You talked about how you ended up there, but what drew you to stay in that space versus other areas?
I think what drew me to stay, I think the… I will say LendingClub was like my end. The job before that, it was like, yes, a tech but not really in the financial services. I think what I tell myself now is like in college, I hated anything to do with finance, but secretly I think I really loved finance from my childhood and it just ran away from me.
But, once I was into that space, and specifically in compliance and in regulatory requirements, money laundering… I was also very into cop shows and Breaking Bad is my favorite show. Now trying to watch those shows and see what they're doing to launder money and me actually working in it in real life, I was like, "This is really interesting. I want to stick around."
At the same time, I have talked with a few people who are working in that same space but are more in the traditional banking [space], like an actual bank—Fifth Third, US Bank. Every time we have a conversation, they just looked very miserable. It sounded so miserable that I was like, "Okay, I don't think I want to go back to a bank."
Originally, I thought in order for me to be able to grow within the compliance space, I had to work for a bank. Because I was just like, well, the banks are more regulated. So, in order for me to learn more, I have to go to a bank in order for me to be a qualified compliance person.
But I was also very into the innovation that comes within the FinTech space. They are building things to assist the people who are usually denied by regular banking. Me, as an immigrant, I constantly see those things. We don't fit into like a regular thing. My parents are like trying to understand, talking to a regular bank, we got denied for so many things just because either we didn't understand it and the people weren't friendly enough to tell us, or the lack of having proper documentation, or not having built enough credit because nobody told you in America that your credit is everything. So your parents are living there like, “I don't want to owe anybody anything, I don’t want to get a credit card.” But that also is preventing them from getting to that credit level. So, when they need a loan, they will get denied because they didn't build [credit].
Having a company like LendingClub saying that we are servicing the people who are usually less serviced from the regular bank because of their credit score and those things, I liked that concept.
From LendingClub then came… The crypto world, it just boomed at that time. It's [was] 2017, everybody's talking about Bitcoin. I had a colleague that was sitting next to me. Besides doing his job, he was also day trading in Bitcoin. He had three monitors. One of them was dedicated to his Bitcoin trading.
Of course, he had three monitors. Of course, he did.
I was just sitting next to this person, I'm like, "You were an investigator, but you also look like you're working for some investment bank because your screen is constantly all these [charts] and stuff." And he's like, "This is the new way of money. You have to get in that." He was convincing enough that he convinced me to buy two Bitcoins at the time that they were $2,500. I thank him for that.
Once I bought it, I had interest in it because now my money is in it so I had to learn. I started really reading, teaching myself, attending a lot of webinars like what is Bitcoin, how is it working, what is the future of it and it's started getting more and more exciting it's like, this is another thing that immigrants can use and I can see that being that light to like teaching my friends. I have a lot of friends who are immigrants, my parents. Then Metal Pay, Metallicus at the time, just slid into my DM on LinkedIn and was like, "Hey, you seem interested. Do you want to come and work for us?" And I'm like, sure, I'm just getting into crypto. This is like for me to learn, I have to be in the space so I jumped into it.
You want to pay me to learn? Great.
Yeah, so I got into that. I thought I knew a lot about Bitcoin from my own personal time of learning and then working in it but I felt so lost the first day because everybody [had already been] working in this space. In the company, specifically, they were all already crypto hardcore since 2008-2009. They would be talking and I feel like they're speaking a different language.
Yeah. But I often feel like so much that the experts aren't the ones you want to learn from anyway. You want to learn from the person who's one step in front of you.
When I taught at a bootcamp, there were so many times where a student would ask me like a basic question about HTML and CSS. I had learned that, but it was 10 years ago that I learned that. It was so hard for me to explain something I took for granted, but other students could explain it so well. And, so, I imagine that it's similar, right? You're two months ahead of them, three months ahead of them. That just goes back to that accessibility you were talking about, how cool.
Exactly. So it's just like, okay, now I'm learning these things and I'm like, now how do I apply to what I was hired to do? Because I was hired to be a compliance analyst and I was the only employee. Typical startups, they hire one person and then you have one boss and that's it.
I basically learned how to teach myself [about] how crypto was being regulated in the space where most of the regulation is built only around hard cash, cash, cash, cash, cash. This is like a whole [form of] money that is nonexistent but it's also there. But also, anybody can control it without telling us who they are and all of that.
Compliance is like… you have to know who you're dealing with. Who are you dealing with? Where are they getting the money from? Then comes this thing that is like, we don't know who we're dealing with, we don't know where the money came from, how they were able to obtain this much fortune… we do not know any of that.
That was probably the hardest part and unnecessary questioning, I'm like, "I don't think I'm meant for this. This is just too confusing."
My typical investigator skills don't work here. I can't Facebook them.
I cannot because they all want to be anonymous. They don't have social media. They're not just displaying their things out there. Whereas, in the world of like they're trying to apply for a loan, they're like, okay, you go through the social media, you see everything. People just tell you everything on their Facebook. You'll be able to tell, okay, they're working in this position. Typically, somebody within this position is earning this much. So you're able to estimate, okay, the money that they're going to be getting for the monthly payment is coming from this salary.
But now you're having this person [who] is trying to buy this many things, but you also don't know where the actual money is coming from or who they are because they refuse to have any tie to social media because this was like the best thing for them. “I want to be anonymous and I can control my money, move around without the banks, without anybody knowing who I am.”
Yeah. So it sounds like you definitely had a moment where you were like… I don't know about this. What changed your mind? What got you excited about it?
What changed my mind was my boss at the time. Although I had him only for one month, one thing he said encouraged me.
Made a short impact!
Yes. Right away when I was explaining to him, I was like, "I know you guys hired me because you think I had all this experience, but I'm finding my experience here very hard for me to confab. Not really confab, but like-
Like transition? I know what you mean, yeah. Like, how does it apply here?
Yes, to apply it here. Because over there, I was like, it was very specific. It's like, this is what I'm handling. I'm dealing with cash. I'm dealing with USD.
Here, there’s 1,000 different coins and I don't know how all of them are being created. How do I apply the regulation? Because, at the time, there were regulatory requirements that financial services had to follow. But at the same time, when your financial service is not really hard cash, it's not them or you're not sending US dollars back and forth, this is like digital currency which was never written in any of the requirements for any company. So, technically, crypto was not regulated at the time, but also a regulated kind of thing. So it was very confusing for me to understand that.
I explained it to him. I was like, "Maybe I might move into a different department. You should probably think about hiring someone else." He's like, "No, I think you are the person I needed. I asked you when I saw your resume. Your LinkedIn is like any person that can learn multiple languages is able to translate things."
Oh, yeah, I love that he saw that.
Yes. He also knew multiple languages so he's like, "Yes, our brain thinks differently." And I'm like, "Yeah, that's language. That's not hard."
Yeah, it does. As someone who's trying to learn a second language, I'm like… I think you're a wizard, Nikki. Because I've seen you speak three different languages and I'm just like anyone who could do that, you can’t change my mind, you legit wizard.
Yeah. But he's been in the space at that time for like 15 years. He came from American Express, Chase, as being the Director of Risk and Compliance. And he's like, "I have a community of people. We usually meet up in the city once a week if you want to come. I want you to start getting more involved so you're thinking of things this way and not looking at it the way you're looking at it.”
He invited me to his group and I started attending the group meeting. From there, I learned about this amazing organization of ACAMS, I don't know if you know them, they're amazing. But there's an organization called ACAMS which is the Advanced Certified Anti-Money Laundering community. It's an international level organization that basically does a lot of the translating the laws that come up in different countries and building it into more understandable webinars and articles that you can read to get more into it.
They also have their own exam. You have a four-hour test you take and [then] you are certified anti-money laundering specialist, which now I am.
Oh, wow, that sounds very cool. I feel like if you told baby Nikki who was obsessed with procedural dramas, "Grown up Nikki is a certified anti-money laundering specialist." How cool is that?
Certified Anti-Money Laundering Specialist is a four-hour exam that I had to take. You get tested on regulatory laws on an international level so not only in the US, let alone the 50 different states in the US, but you have Asia, South America, Europe, and they're all like… Okay, this is what you need to do.
Technically, because I'm now certified [at the] international level, I can work in compliance anywhere because I am familiar with the rules and requirements for each of them.
I love that you threw that out like, NBD, certified anywhere.
Yeah, NBD, yeah. As long as it's in financial services or banks or something.
Certifications come up a lot in ops space and sometimes I feel like they're useful and sometimes they're not. I would love to hear, was this something that you felt would help you do your job better? And/or helped you be more marketable in a job search?
Definitely more marketable! I'll tell you, once I passed that test… literally these days my LinkedIn is everything. But nowadays also, I don't use that organization as much as I did.
At the beginning, I felt like a fraud myself because I was like… I'm claiming I'm doing this, but at the same time it's like I don't really have the experience a lot of my colleagues had.
I had a lot of friends who were working in the space for 10 plus years and they had the same position I did as a senior analyst, which is this position I was now in with Metal Pay and I'm like, but I only have like four years' experience!
I was feeling like a fraud and I felt like I still didn’t understand everything that I needed to in order for me to be a good compliance analyst. So having this organization and as a person that whenever something's new, I just dug into it. It definitely made me understand more of the impact of what compliance and money laundry had on the ecosystem of the world, economic-wise, and understanding the different laws. That for sure was very useful at the beginning. But as of today, now if you ask me…
Yeah, maybe not as much.
I mean that really resonates with me because I think that's very similar to when I took my… I have a certified Senior HR Professional certification. The knowledge was helpful in the way that now I have that little piece of my brain that's like, "Oh, wait, this is relevant to something. You should double check this or you should Google." It did teach me things, but it was more about that confidence, right? And yes, marketability, but I felt like a fraud because I worked in a startup.
When you're the only person, like you said, when you're a team of one, you don't have a whole lot to compare it to, especially when you're looking at these people at banks with 10 years of experience. Startups look different. Leveling work is different. And so, if that's what helps you feel more secure then, in so many ways, it is worth it. You also get to say that you're a certified money laundering specialist!
Yes, certified anti-money laundering specialist.
Much cooler than the Senior HR Professional. Let's just put that on the table right now.
No, not at all. Because I was just so jumped in and started learning so much, now I'm like, I'm starting like, "Okay, this is what it's saying. Now, how can we apply to this?" I started making more of a connection.
And that's what you want for sure.
Yeah. My boss was let go within a month and a half of me joining the team and, [there was] me thinking, "Okay, they're going to hire someone so I'll have that person to look up to again." Then, [the CEO] basically put me in a room and he's like, "We've been so impressed on how things have been working with you. We see that you are actually doing more than what we needed. He was the chief compliance officer but we don't necessarily think we need to hire another person. We're okay with just working with you for now and see how it goes."
Basically, I had also found a solution to something they were struggling with for a while and making sense of everything. I was literally subscribed to everything related to compliance. [If it was about] compliance and FinTech, I subscribed to it.
At the time, this whole bank sponsorship thing… Most FinTech companies can't obtain licenses easily because it's such a rigorous process, it takes time, and it's also super expensive. So startups are now trying to figure out, how do I provide these financial services to my users? There is the whole concept of bank sponsorship, where basically a bank will sponsor you, where they will hold the funds and do everything.
I guess it was something that the chief compliance person was not familiar with at the time. So I came in and was reading all these things and I'm like, "I was just reading this. I think we can do this. We just need to get a law firm to write us a legal memo, a legal opinion saying that we don't do this and this and this, but we have a bank who will be able to hold this thing and then boom, you launch without having to go to the process of applying for application for MTL license which is the money transmission license that you will need to hold if you are transmitting any funds of related assets."
That sounds like a huge deal! I see why they were like, "Okay, we think that you can do this for sure."
But I also regretted it. I regretted it because right away, I was like, "Oh, we're just reading too much. We're not ready for this." Basically, I was left to build a whole compliance program.
It was a “be careful what you wish for.”
So you did build a compliance program on your own, you stayed in the field. What company was that? That was Metal, you said?
Yeah, that was Metal Pay. This was more peer-to-peer payments. So, imagine Venmo but, instead of paying each other in cash, you're paying each other in whatever, crypto. We go out to dinner. You pay for the bill, it was $100. Now you can request the $100 from me either in Bitcoin, Ethereum, Litecoin, anything. We had like 29 different coins that you can use.
I bet that didn't add complexity at all.
Yeah, exactly. Like I said, I was regretting my decision right away, but at the same time when I was like… You get the exam and then it hits you like, "Oh my god, we're not ready for this."
Yeah. So how did you get ready? Because I imagine you did it, even though it was scary.
Yeah, I did it. But at the same time, there's only so much compliance can do.
Many startups like to think of us as also legal, operations and compliance. You are one. But it's really hard when it's just actually one person and you want them to be all this person. I can only do so much, especially on the legal side, without me being like, "Actually, I'm not a lawyer. I can't do this."
The company had to hire a general counsel, an internal one. So I didn't have to constantly be paying to have opinions from other people outside. This woman was just a godsend, she had been working with the Federal Reserve Bank for 14+ years so she had tons experience in the regulatory space coming in. Specifically, she knew about the regulation, but her job always remained within just a lawyer, general counsel had knowing that.
But having her have that experience and myself, I think we're just like a perfect match that we were able to work things correctly. When it came to certain things that I was like, "Okay, maybe I might need a lawyer for this," I'll go to her and we'll just be able to talk it out and she's like, "Okay, this is what we need to do."
She helped me balance it out and so my fear, it became less and less because now I was making a decision not only on myself, I was making decisions that was being backed by our general counsel who had tons of experience working in the space.
Yeah, you had a sounding board. You were like, we're not a team of one anymore, right? That's such a game changer.
This actually leads to two questions that I definitely wanted to ask, which was so, obviously, you worked with this general counsel, what other teams do you work really closely with in your role?
Operations. I'm still in compliance operations. That's why I consider myself as still part of the arm of the operations. I mean, especially now as I'm now the Director of Compliance, I literally work with every department.
To keep them all in line, all compliant.
Yes. Originally, even more nowso. My company, unfortunately, like with most startups in the FinTech space in the past few months, I'm sure you've seen on LinkedIn, there's been a lot of layoffs. My company had a few layoffs and my boss who was the general counsel again is leaving. So, I am now basically again back to playing legal. That means I have to do a lot of approving and working. I am now like operation, compliance, and legal.
I work with every person in our company from our marketing team, HR, finance, design, engineering, literally everybody because everybody's doing something or building something or writing something that would need a second opinion from the compliance aspect to make sure that everything we're putting out there, it's confirming to what we're actually saying.
When you think about consumer protection laws, I have to be aware of all of that to make sure there's not deceiving information that is being presented. As far as marketing goes and operations, I'm handling like how is the company operating? Do we have all insurances in place, do we have the correct teams or bodies that we need to manage this team? Customer service and like, is it time, should we outsource because it doesn't look like we have enough bandwidth for a general team to handle on their own?
I tried to get myself away from it. With every company I start at, I was like, "Okay, we're just compliance, nothing else." And slowly, I get into it. I think it's just now my comfort zone, also because I slowly tend to see myself being pushed into doing a lot of operations related stuff even though I believe… It becomes a lot for one person, I can tell you for sure.
Yeah, absolutely. That really dovetails to my second question, which you've already answered but I'll ask it anyway in case there's anything you want to add to it, which is I definitely consider compliance underneath the operations umbrella like reporting into like a COO in a perfect scenario because they are so closely tied. Do you consider yourself an ops person?
I've worked in this space, especially within the startup space, that where I continued to stay is just you keep on building. This is the third company now that I had where the General Counsel was also the COO, and I will always report to them. So hence why like I said it creeps in.
Yeah, it does. And that's just like… I mean that's tech. It's like when there's layoffs or downsizing or whatever, we ops people, we wear a bunch of hats and people know we're good at that and that's like our Swiss Army knife. You take off hats and you put more hats back on. It's just like the constant evolving nature, I guess.
Exactly. An ideal is like a bank situation where separation of duty is very, very highly encouraged. But because they're a bank, they run things differently, they will not have compliance under ops whatsoever. But the text is constantly, "We're doing things differently." That's the whole thing. They're like, "Oh, we're here to ramp up the world." So operations and compliance tend to be best friends. You either report to the COO or you are doing both. Within the compliance itself also, there's two sides of compliance. You have operations compliance and you have your actual regulatory compliance, which is more of what I'm supposed to be doing, but I tend to basically be doing both of them, hence why I was the ops person.
Wait, so now I have questions about that too. So there's regulatory compliance, which I think is somewhat clear by its name. It's based on the regulations and making sure you're sticking with those rules. Tell me more about operational compliance. What is that? How do you define it or think about it?
Yes, the operational compliance will be more the people who are doing the typical operation tasks related to [compliance]. So you have your investigators, the people who are building the tools for you and doing more of the operations related [tasks], which are related to customers you're facing. They will be your investigators.
When I started my job in compliance, I was more of an ops compliance and also a back-office compliance operation, handling more customer-facing investigations, the day to day stuff. But, as I grew more, my interest actually switched more to the regulatory side of compliance where my duty is basically… I'll build the team to help me handle the operational side because now my focus is on building the procedures and policies based on the constantly changing regulations.
Recently, there was a change in the whole space. Remember, I mentioned a lot of the regulation originally written was more focused bank, bank, bank, this is what we're doing. We're talking about checks and all of this. But I haven't written a check in like forever.
Yeah, I can't remember the last time I wrote a check. It had a Batman on it. I do remember that. [Laughs]
[Laughs] Yeah, exactly.
So, 2020 came. I mean, it just so happened. It was also when the world was shut down so I guess you have all of the politicians. they had nothing else to do but to sit down…
Nothing, no problems to solve.
Yeah. They all sat down like, there's this whole new money out there that was not included in any of the laws we've ever written, so how can we include it?
They revamped the whole AML regulations that are now the AML Act of 2020 that was passed in 2020. It now includes virtual currency or, as they like to call it, digital currency, crypto. They released this thing. Now, depending on the type of activity you're doing, you should be registering to obtain a specific license in every state where you are servicing, based on this new act that was passed in 2020.
I'm sure that didn't add a lot of work for you at all.
Yeah. What happens now… this Act was passed and they shared it. Now, you now have to go in there and see exactly the bullet points of what has changed and they will tell you, this is what should be happening. If you're not doing it, you have until January 2021 for you to go ahead and make this into effect. So my job… I found that more interesting, the translating.
Remember, in the beginning I was like, "I can't translate what I'm doing to this." Now, I actually enjoy that. I want to be more interested in like, how do I take what is being passed now to convert it to now? To operationalize it for the company that I'm working on? That is a lot of my duties that I enjoy doing, except I'm still in operations because I still have to manage my team, who are handling the operational compliance so it's a continuous thing to do. So I'm in the middle of doing both of them.
But if you're working for a very well-structured company, like the big company, the Google's and in banking service, their governance structure is very much more strict because of course, they have the funding, they're bigger, there will be a separation of duties. Where, if I'm regulatory compliance, I should not be doing anything related to the actual day to day of operations. I [would] basically be telling them, this is what you guys should be doing. Instead, now I'm like, this is what you should be doing and I'm also over there doing it to make sure that they're doing it properly because I'm one of those managers who just refuse to let go.
Refuses to get out of the weeds. I mean, I think you described it in a way that all of us can probably relate to what you're talking about, even if we haven't worked in compliance… because that's so much of it, focusing on the strategy and the process and that big picture to keep everything moving in the right direction and make progress in that direction while also needing to be in the leads and get stuff done sometimes, especially if you don't have the team size that you need.
Exactly. I feel like for me, also, it's because things are consistently changing within a startup. Startups move fast. The way I work, and the way I talk to my other colleagues who are in a much different space and I'm like, "How are you guys so [far] back there?"
Things [in startups] are [always] changing internally—from the product aspect of things that you're building, it's constantly changing, but you also now have all this consistent regulation that is constantly changing. Like, oh, before they wanted this, now they want this. I'm reading it and writing it, but, in order for me to teach myself, I have to also be doing it. Hence why it's hard for me to completely be hands off when it comes to the operational side of things. Because, to me also, it's a learning opportunity so it's like, I know I'm doing it and I'm completing the cycle kind of thing.
Yeah, totally, that makes so much sense. I feel like I constantly have to be the one to do the thing first so that I can do the process, figure out how to automate it, streamline it, and then I can hand it over. But yeah, it's like you can't have the best process if you don't know it inside and out. Often the best way to figure that out is by doing it, right?
Well, maybe… I was going to say last question, but I reserve the right to add more. [Laughs] But potentially our last question for the sake of time, what does your day to day look like in this role? Especially as you're jumping between being in the weeds and thinking about the big picture.
So I'm back in crypto. I had taken a little break in crypto and went to work for another startup called Zoro. It's also within FinTech, but they had nothing to do with crypto because, I'll tell you, 2019 in the beginning, it was very stressful because you constantly had one thing here and one thing there. It was just like all over the place in regards to within the crypto space, but also within the regulatory space.
A lot of companies were getting fined left and right for things because of the lack of knowledge that these startups' founders didn't know and/or just refused to [do]. I don't know if you've ever heard of a company called Binance that CEO is banned from entering the country because he just refused to comply with them?
I feel like you've dropped so much tea in this episode. I have to go Google all those things that you've mentioned and like pop some popcorn.
Yeah. I was just really overwhelmed that I was just like, I think I need a break from crypto in hopes that by the time I'm ready to come back, regulation-wise, they're going to know what they want to do with us and companies and also founders would learn that they have to start doing things. There's no creative side of like, “Can we be creative with it?” No, it's like this is the law. You either follow or you don't. You cannot be creative with it.
That's the pull quote, right there.
We've done that so many times, no jokes, “Let's find a way to be creative with it.” Like no, this is the requirement. You can't be creative with it.
It was just the stress of founders thinking they can get away with things and regulators not telling you exactly what they need you to do, but also expecting you to do certain things, even though you technically don't qualify. Well, they will find you and you'll get in trouble.
At that time, I was getting to a level where, me personally, not also taking a lot of the risk. Because in the world of compliance working, I am personally accountable for companies I work for. I will get personally fined or end up in jail. Yeah.
So I had to reanalyze my things like these founders are not listening to me, I'm not ready to risk my reputation. Regulators are not deciding what they want to do so let me just exit out of this space for a little bit and go somewhere else. So I'd taken a break in 2021.
But it's been a busy whirlwind of a year for everybody so it probably felt like longer.
The Anti-Money Laundering Act happened. They released it in January of 2021 and so I was like, okay.
Yeah, you're like, okay, at least if I'm going to be held personally responsible, I know what I'm going to be held responsible for, right? There are some clear guidelines. That makes a lot of sense. I had no idea that you would be personally responsible. I think it makes sense. It's like a fiduciary duty.
Yeah, if you head compliance for any bank or startup and there's things discovered, you will be held personally [responsible]. They can fine you a fine for you to pay personally. But also, they'll charge the company a fine. With that, [there also] comes reputational risk. So, if I get fined for something that was done wrong with this company now, who else will hire me or trust me to basically handle the compliance? So it's a very fun job, but also very risky.
Yeah, there's some pressure there for sure.
Yeah. But while I was also out of the space of crypto, a whole other thing started, NFT's and all of this and now-
Oh my God, we're going to have to do a whole other episode on NFTs, Nikki.
[Laughs] Yeah, I was reading about it from the sidelines, I was like, "Okay, this is not the same as working [in the space]." So when Fold came around, I was like, "Okay, this is my chance to get back into the crypto space again.” So, now I'm back in crypto, working with Fold now.
My day to day entails a lot. I manage a team of three people. Fold did not have any compliance program whatsoever. Most of the time, when I'm hired by a startup company at this stage, it’s just like, we don't have anything in place, they would want to build me a compliance program that my bank partner will approve of.
Right now, basically I'm starting at ground zero, even though before it's been active for three years. Imagine how much more challenging that is. Not that you don't have a product, it's like, "Oh, we don't have anything. I have this time to build this thing." No, the product is already out and it's consistently changing every week, but now I get to build a compliance program around that.
So my usual take in every company that I start is to build a risk assessment that will be your foundation basically to building a program that you need based on the product or risk assessment. Basically saying, this is the services we're offering and then imagining all the horrible, horrible, horrible, horrible things people could use your company, your services, to do criminal activities, imagining all of them, writing all of them down.
Then the next phase is like, what tools and systems do we have in place to help us mitigate all of these things that I just said could possibly happen? Then, from that, based on the gaps that I see of things, then this is now where my focus is going to be, building the policies and procedures. That is where more of the regulatory side of it.
At the same time, this is already a live product that's been live for three years. So you have to manage the day to day too, and trying to manage that with a team of two is very hard, and also trying to train them. Because one of my members of my team has never worked in compliance and is being like a me so I'm taking that and I'm like, "Oh my God, I want to teach you everything about compliance," but also trying to train this individual while building this thing that was live and fraud and handling all of that is happening. So I'm all over the place.
I mean, aren't we all? That definitely sounds like an op shop. The details may be different, but so many of us are in that kind of zoom in, zoom out, mentor your team, all of the different things, and that's part of the excitement and the fun.
Yeah, as far as the excitement, half of the design team is like, "This is a new design I'm building. Can you make sure everything is okay?" Engineering’s like, "We're implementing this new feature. This is what we're supposed to. I need a tool. I want a KYC system. This is a system, a vendor I chose, now I need you to help me integrate this and I want you to build me these rules."
So I'm working with every department. At least in the FinTech space, compliance and engineers now really work together. Because a lot of the tools and systems that I need to have in place to prevent attacks, fraud, and all of that, engineers have to build it for me so we constantly work together.
The issue is now trying to get them to see the urgency that you have, which is the consistent one difficult thing I face at any company I've worked for. Engineers, they speak their own language, they are working at their own time zone. You're telling them, "Hey, I need this." And they are like, "Why? I'm building on this feature that I think it'd be much more useful. Why do you want me to stop and work on this boring assignment?”
It's like eating vegetables, right? Again, I find it all connected, sorry. But ops is like no, but this is important because we have to do it versus the thing that's going to make us more revenue or bring more users and constantly juggling those priorities and goals. I don't envy that job, I already have that job in some respect. But don't we all? Trying to prioritize the engineering resources for sure.
Well, Nikki, this was fantastic. I want to be mindful of time. We might have to do a part two or a blog post in Mexico City or something because I feel like we joked at the beginning of this about how compliance isn't sexy, but you made it pretty exciting.
It is exciting, but it has its difficulty. I always tell people, if you want to get into the space, I'll say probably startup is your best bet. Then bigger banks because they are more rigorous, they are more regulated, not that we are less regulated, but because we lean most of our risk when it comes to banking to our bank partners, so they bank and try to regulate us more in fees because they have scheduled exams that they have to do. So they tend to be more rigorous on the interview and it's harder also to get to the space.
But I think for sure, just like a KYC Specialist role is like the door opening for any [compliance role]. If you're trying to get into compliance, you can be the person to basically do the KYC, another acronym I'm putting out there. I assume everybody knows every acronym.
We all get caught in that trap, absolutely. I'm sure anyone who wants to get into compliance now. So many of us listen, I think, to this podcast because it's like, yeah, what else is out there, what teams and resources? Is this a problem my team is having that I need to solve, or is this an area I want to get into?
So thanks for sharing that advice. It definitely sounds like a startup is a great place to learn a lot really fast as you did.
One thing I learned was compliance is just as important as engineers, at least if you're working in the FinTech space, because they will always need a compliance person as much as they need engineers. The outlook and the pay… it's good so I'll say go out there.
Oh, what a hot tip! I don't know if anyone's giving us this very useful advice. Because as you said, your LinkedIn is popping. So y'all, if you are looking for a new specialty and you want your LinkedIn to be as hot as Nikki's, here we go. We've given you your first couple of steps.
Well, Nikki, thanks so much for sharing all this great wisdom and your experience with us. This is awesome. I look forward to learning even more over drinks in Mexico City.
Yes, definitely. And if there's any questions you have, let me know. I feel like I went on a rambling thingy, so hopefully I-
You're totally fine. No, I think that's great. I'll include your LinkedIn and stuff in the show notes so people can reach out and connect if they want. Yeah, this was fantastic. Thanks so much. This was great. You're awesome as much as I knew you were.
Thanks for listening to Opsy. You can find resources and links from this episode in the show notes at opsy.work. While you're there, I hope you'll take a second to join our free community where we share resources and opportunities that help us all level up in our ops careers. Again, that link is opsy.work. Until next time, stay Opsy, friends!
If you are an operations pro working in tech, or just want to learn more about operations, we'd love to meet you. Join our community.