
In the financial world, I’ve heard the phrase “Compliance is a cost” almost as often as Defying Gravity clips and Cynthia Erivo and Ariana Grande’s viral “holding space” meme have dominated over the internet. On the flip side, compliance champions often counter with, “The cost of non-compliance is greater than the cost of compliance.”
In my opinion, both perspectives miss the mark. A cost is only a liability when it lacks strategy or clear understanding of its value. Too often, compliance is perceived as a blocker, innovation stifler, or at best, a mere support function. In reality, this archaic view is what truly blocks businesses from achieving their full growth potential. As an entrepreneur and practitioner, I see compliance as an opportunity to innovate, protect assets, and gain a competitive edge. It’s about careful, smart planning to develop and execute sustainable, revenue-generating business plans.
Take fintechs and startups, for example - many overestimated their capabilities during the pandemic’s windfall, rushing into expansion and user growth without the necessary planning. This led to mass layoffs, closures, and worse, growing skepticism about the sector. As a strong advocate for innovation, it's frustrating to see the untapped potential. With better planning; investing in risk, compliance, and operational resilience - these companies could have pushed the boundaries of the financial sector and built a stronger foundation for long-term success.
Turning compliance from a cost into a competitive advantage is actually pretty straightforward. It starts with a concept akin to the 'holding space' meme: CEOs, business functions, and the Compliance team must "hold space" together. CEOs and business leaders need to embrace Compliance as a strategic partner, while the Compliance team, maintaining its independence, should be innovative in offering solutions that protect the company’s assets and support the achievement of business objectives.
The Evolution of Compliance Function

Early in my career as an Anti-Money Laundering and Counter Financing of Terrorism (AML/CFT) Executive at one of Southeast Asia’s largest banks, I viewed compliance as merely a support function - limited to tasks like submitting Suspicious Transaction Reports (STRs). My narrow scope of my responsibilities, and the “agreed” consensus within professionals in my industry shaped these limiting beliefs.
It wasn’t until I led the Risk and Compliance Departments for several fintech companies across various financial sectors that my understanding of compliance fundamentally shifted. When entrusted with providing feedback and consultation to regulators and government organisations, including the Central Bank of Malaysia (BNM), the Consumer Credit Oversight Board (CCOB) Task Force, the National Scam Response Center (NSRC), and the Cyber Security Agency (NACSA), among others, I realised the significant influence the compliance function can have. It became clear how valuable, evidence-backed, practical recommendations could shape the fintech regulatory framework. For instance, by supplementing data and evidence with proposals for existing controls, we were able to engage in constructive discussions on regulatory timelines and, in some cases, advocate for adjustments to proposals that could have had unintended consequences for the industry.
When I transitioned to the digital asset landscape in Malaysia, I founded the Digital Asset Business Operators’ Compliance Officers Networking Group (DCONG) to lead the compliance initiatives of compliance officers and CEOs of regulated virtual asset providers. At the time of DCONG’s inception, the regulated digital asset industry in Malaysia was only four years old. However, through our compliance initiatives, we were able to push the envelope and strengthen trust between the public and the banking sector. Beyond local achievements, we had the opportunity to present critical compliance challenges to prominent international organisations such as International Organization of Securities Commissions (IOSCO), Financial Action Task Force (FATF), and Organisation for Economic Co-operation and Development (OECD), as well as regulators worldwide - particularly concerning the risks of over-regulating the digital asset space and barriers to financial inclusion.
These milestones would not have been possible if compliance functions were seen merely as a support role. Instead, they were achieved because compliance was positioned as a strategic business partner, enabling Fintechs to not only gain visibility but also earn trust and influence in the regulatory landscape.
Challenging the Myths That Hold Us Back

To truly redefine compliance for today’s landscape, we need to challenge and break down the myths that have distorted its true value.
Myth #1: Compliance is a Cost
The notion that compliance is merely a cost often confuses me, as everything in business involves cost. As mentioned in the introduction, a cost becomes a liability only when it lacks strategy or a clear understanding of its value. This applies even to direct revenue-generating strategies. For example, if you're running a tech company targeting consumers in Asia-Pacific, spending on marketing to consumers in South America is likely a sunk cost, as they’re not your target market. Similarly, in the context of compliance, it only becomes a sunk cost if you fail to fully understand the application of a risk-based approach and how to develop smarter, more targeted compliance strategies.
The case of Starling Bank illustrates how neglecting compliance while prioritising customer growth can hinder long-term success. The UK’s Financial Conduct Authority (FCA) raised concerns about Starling’s anti-money laundering framework, leading to restrictions on high-risk accounts. Despite this, the bank opened over 54,000 accounts for high-risk customers. In 2023, Starling discovered flaws in its screening system, leading to multiple breaches and a £29 million fine in 2024. Had Starling applied a proper AML/CFT risk-based approach and invested in compliance resources such as hiring a qualified Senior Compliance Officer (£80K - £100K per year) or outsourcing screening and e-KYC services, which would have cost approximately less than a third of the fine - they could have mitigated risks, avoided fines, and built a sustainable compliance foundation, ultimately leading to better long-term revenue growth. This shows that compliance is only seen as a "cost" when misunderstood and poorly managed.
Another phrase I’m not particularly fond of is, “If compliance is expensive, try non-compliance.” Not because it isn’t true, but because that mindset shouldn’t exist in the first place. Commitment to integrity must be non-negotiable.
Myth #2: Compliance is Just Following Rules
If you view compliance as simply following rules, it's worth reconsidering the evolving nature of compliance. The financial sector has moved beyond rule-based regulations, as seen with Basel’s shift since the the early 2000s. Today’s regulatory framework emphasises a principles-based, risk-based, and outcomes-driven approach. This requires developing compliance controls tailored to your organisation’s unique risk profile, which calls for a deeper understanding of compliance risk management and a more strategic, forward-thinking mindset.
For example, the UK’s Financial Services Authority (FSA) mandates fair treatment of customers. While some may think it’s sufficient to have terms and conditions outlining general consumer rights and obligations, a true practitioner goes beyond that. They assess the organisation’s risk profiles, considering its nature, scale, and complexity to develop controls that ensure fair consumer protection outcomes. Take Barclays, for instance: the bank was fined for failing to properly understand its customers' profiles and provide adequate guidance on loan repayment. Here, Barclays’s agents failed to have appropriate conversations with customers to help understand the reason for the arrears or the customer’s long- or short-term financial situation. Barclays also missed indicators of financial difficulty or vulnerability in a significant number of cases. The FSA deemed this a failure to comply with regulatory expectations.
Compliance isn’t just about following the rules—it’s about identifying innovative ways to protect your organisation from compliance risks, specifically tailored to your organisation’s unique risk profile.
Myth #3: Compliance is Reactive

Viewing compliance as merely reactive is a surefire way to invite administrative issues and set your business up for failure. While aiming for ‘full compliance’ or adopting a ‘completionist’ approach is unrealistic, adopting a proactive, risk-based approach is essential. Compliance is inherently risk-driven, so risk assessment data should be the foundation upon which internal controls are developed.
A real-world example is Klarna, a Swedish fintech company, which was fined USD50 million for failing to properly assess anti-money laundering (AML) and counter-financing of terrorism (CFT) risks, not for money laundering or terrorist financing abuse itself. This highlights how reactive compliance can cost businesses in the long run. Klarna’s failure wasn’t about the occurrence of financial crime but about their lack of proactive measures to prevent it. They neglected to apply AML/CFT principles effectively, which led to their fine. This reinforces the point that compliance must be proactive - anticipating risks, addressing root causes, and continuously enhancing internal controls. Being proactive allows businesses to stay ahead of potential threats and ensure a more resilient, secure operation.
Ergo, compliance should never be reactive. It’s about identifying potential risks early, addressing them at their source, and creating an environment where prevention is a constant focus. Reactive compliance doesn’t just attract fines, it jeopardizes the long-term success and sustainability of your business.
The True Meaning of Compliance and the Untapped Potentials
Now that we've dispelled the myths surrounding "compliance," let's redefine what compliance truly means:
An investment: Compliance safeguards both the company’s and its customers’ assets, while also fostering long-term trust with the public.
A catalyst for innovation: It enables smarter, more targeted approaches to developing cost-effective compliance controls.
A proactive strategy: Compliance is about identifying, assessing, and monitoring risks to create controls that manage both current and potential challenges.
Having explored the true meaning of compliance, let’s now turn our attention to its untapped potential and the regulatory dividends it can bring.
First: Negotiating Power

A strong compliance programme significantly enhances your negotiating power with regulators and external stakeholders. In business, it’s common to encounter situations where the dynamics are not equal. When you are in a weaker position, whether financially or in terms of authority, your strategy should focus on building trust. Trust creates a win-win dynamic, and the foundation of that trust lies in strong compliance controls and knowledge.
Leveraging compliance as a competitive advantage provides valuable opportunities in negotiations, particularly with regulators. Strong compliance knowledge enables you to effectively articulate your challenges, supported by facts, ensuring that your concerns are taken seriously. In today’s regulatory environment, many authorities actively seek feedback and input ahead of introducing new legislation and guidelines. By combining a robust compliance background with business and operational insights, you can contribute meaningful feedback that aligns with your organisation’s interests while supporting the development of fair and effective regulations.
While regulators strive to remain objective, their supervision typically follows a risk-based approach. They assess factors such as your organisation’s nature, scale, and complexity when making decisions. If your scale is significant or your compliance health is deemed insufficient, you may face more frequent audits and inspections processes that are both costly and disruptive to business operations. Additionally, increased regulatory scrutiny often results in more mandated internal controls, which could hinder organisational growth and agility.
Similarly, external stakeholders especially the regulated sectors - are bound by third-party and outsourcing compliance obligations. This means your compliance level directly impacts their risk assessment when considering you as a partner. A poor compliance rating results in higher perceived risk, reducing your bargaining power. On the other hand, being viewed as a trusted, compliant partner increases your credibility and strengthens your position in negotiations.
Second: Reputational Gains

Compliance plays a pivotal role in shaping a company’s reputation and growth potential. Take the crypto compliance industry, for example. There’s a common misconception that it’s a hub for scams, even though all sectors are vulnerable to fraud. I, too, once viewed the digital asset industry with skepticism, simply due to a lack of understanding. However, as I gained a deeper understanding of blockchain technology and the advanced transaction monitoring tools within the crypto space, my perspective evolved. In fact, according to the Malaysian National Risk Assessment on Money Laundering and Terrorism Financing 2020 (NRA 2020), the money laundering (ML) risk in the digital asset industry (under Capital Market Intermediaries) is rated as medium-high, which is lower than that of the banking sector.
Drawing from this deeper understanding the blockchain technology, and the objective assessment in the NRA 2020, I worked to challenge misconceptions as the founder of DCONG, engaging with stakeholders and speaking at conferences to highlight that Malaysia’s regulated digital asset exchange industry is highly regulated and supported by advanced technology to mitigate ML/TF/PF risks. During my time at Malaysia’s largest digital asset exchange, I contributed to efforts that built trust in the brand by creating compliance-focused content and developing strategies that enhanced stakeholder confidence. This trust-building initiative, combined with ongoing strategic customer acquisition efforts, contributed significantly to a 25% increase in the customer base from 2023 to 2024.
Third: Stronger Internal Assets

A strong compliance culture fosters trust and collaboration within an organisation, empowering employees to act ethically, align with regulatory expectations, and perform efficiently. First, a compliance culture builds trust between internal stakeholders, encouraging the exchange of information and constructive feedback. This confidence prompts business units to escalate concerns, including non-compliance, to senior management and the board for timely investigation and resolution. Second, it heightens awareness of compliance obligations, enabling employees to understand their roles and perform their tasks more efficiently. Lastly, a strong compliance culture contributes to higher job satisfaction, improving both employee productivity and retention.
The proceedings against JP Morgan Securities by the United States Securities and Exchange Commission (SEC) highlight the importance of compliance culture in driving ethical behaviour. The SEC found that JS employees, including senior officers, used platforms like WhatsApp to circumvent record-keeping laws, leading to a $200 million fine for widespread violations. This case exemplifies how weak compliance culture can result in significant penalties. A strong compliance culture not only prevents such issues but also safeguards internal assets by encouraging responsible behaviour at all levels.
Conclusion: When You Redefine Compliance, It Becomes a Strategic Advantage
As we've explored, compliance is not a cost - it's an investment. When businesses understand its true value, they use it to drive growth, protect assets, and gain a competitive edge.
At Pragmax Consulting, we empower customers with pragmatic solutions that deliver maximum impact. It's not about checking boxes. It’s about leveraging compliance as a strategic advantage to build trust, improve operations, and achieve long-term success.
Compliance, when approached the right way, is a key driver of innovation and resilience. Done right, it empowers businesses to not just survive, but thrive.
Learn More About Us
Pragmax Consulting is a compliance, risk, and governance consulting firm with a diverse clientele, including a Fortune 500 asset management firm, a global fintech leader in digital payments across international markets, statutory bodies, and various virtual asset management companies.
Comments