Compliance isn’t a function. It’s the foundation. Most businesses find that out the hard way.
That’s the position Karolina Maciulevičiūtė, MLRO at Overchain, has held across nearly a decade of working in payments, financial institutions, and crypto, and it’s a harder sell than it should be.
Overchain operates as a settlement layer for businesses moving money across traditional currencies and stablecoins, serving financial services, real estate, and luxury purchases. When Karolina joined more than two years ago, there was no compliance function, no operational structure, no product, just ambition. What followed was a rapid education in what it actually takes to build compliance into a business from the ground up in a market where regulatory requirements shift fast and flexibility isn’t optional.
The default approach she sees across the industry is a familiar one. A small compliance team off to the side, making sure the regulatory boxes are ticked, largely disconnected from the people building and running the product. It’s a structural mistake. Compliance doesn’t just touch the edges of a business but genuinely runs through the core of it. When compliance, operations, and technology work in silos, the cracks show up in customer experience, operational inefficiency, and eventually in regulatory exposure too. Getting those teams aligned is what long-term viability looks like.
On AI and automated verification, Karolina is clear-eyed. The technology plays a significant role in digital identity and compliance today, but using an external provider doesn’t transfer responsibility, as human oversight remains essential. Automation can handle volume but won’t replace accountability. And the way you stress-test that accountability is through rigorous testing before anything goes live. When it’s done properly, testing not only exposes gaps in vendor capabilities, it also uncovers internal process weaknesses that would otherwise remain invisible until something breaks in production.
The mistake she keeps seeing is regulated businesses treating compliance as a procurement decision. Buy a tool, plug it in, assume it works. The harder and more important question is whether that tool is actually fit for purpose in the specific context of your operations and whether the people using it genuinely understand what it can and can’t do.
Watch the full interview below.
Looking to keep up with the latest in digital identity, authentication, identity verification, IAM, cyber security fraud and financial crime?
Join a community of experts for our flagship Future Identity Festival, taking place in London on November 9-10th. For our North American friends, our Future Identity Festival NA will be landing in Austin, Texas on December 8-9! For more content, follow our Digital Identity Digest newsletter.