Webinar Replay: Compliance Officer in CASP — Who Really Needs One?

🎙️ Hosted by AMLBot | June 18, 2025 | 👨‍⚖️ Speaker: Niko Demchuk

Crypto Compliance Isn’t Optional Anymore.

Thinking of launching a CASP (Crypto Asset Service Provider)? Whether you're already working in compliance or just exploring the role, this session is your go-to crash course on what a Compliance Officer (CO) really does in the crypto world and why regulators are watching more closely than ever.

🔍 What’s Inside:

• What Does a Compliance Officer Actually Do in a CASP?
• Why Having One Is Not Just a “Regulatory Checkbox” Anymore
• The Top 5 Red Flags That Get Crypto Startups in Trouble
• Who Can Legally Become a CO — and What Qualifications Matter
• Real-Life Insights From Audits and Regulator Reviews
• Typical Mistakes Founders Make When Hiring (or Skipping) a CO

💬 Hosted by Niko Demchuk, Lawyer at AMLBot with 10 years of experience across Big Four audits, fintech legal, and AML advisory.

💡 Key Quote from the Session:

"Regulators don’t just want a name in the compliance section. They want a human who actually understands what’s going on and can prove it." – Niko Demchuk

🎥 Watch the Replay

Intro

Niko:
Okay, I think we can start, so let's kick off. My name is Niko Demchuk. I'm a lawyer at AMLBot, and I have around 10 years of experience working as a lawyer in a law firm. For around 4 years, then I moved to be in-house. Senior Auditor for Big Four, doing AML audit of banks, investment funds, insurance companies, and now I am a lawyer and compliance specialist in the fintech startup AMLBot — a regtech startup.

So, today's topic — we will talk about the Compliance Officer in Crypto Asset Service Providers (CASPs). It’s rather focused on those who want to learn: What Does a Compliance Officer Do? What Are Their Rights and Obligations? What Does Their Everyday Look Like?

So this session is more for people who are exploring this role or AML in general, who want to discover new professional opportunities, etc. Rather than those who are already experienced and have a huge background. If you have questions during the presentation, you can type them in the chat. I’ll check it from time to time and try to answer right away. If not, we’ll have a special Q&A time after the talk.

Okay, let's start.

Who is a Compliance Officer, or what is a Compliance Officer?

Usually, when a company sets up its CASP structure, one of the key roles — and one that you cannot avoid — is the Compliance Officer.

This is not a “nice to have.” In many jurisdictions, it’s a legal requirement. You need to have a dedicated, named person, and in some countries, this person must be registered or even approved by the regulator. This person is responsible for internal control and ensuring that the company follows anti-money laundering and counter-terrorism financing obligations — the so-called AML/CTF requirements. The Compliance Officer should not just be a signature in documents — they need to understand what they are signing and what it means for the business.

What Are the Main Responsibilities?

First: Risk assessment. The Compliance Officer must build and regularly update a risk-based approach. This means knowing:

• Who Are Your Customers?
• What Services Do You Provide?
• Which Jurisdictions Are Involved?
• Which Assets Are You Using?
• And Based on That, Adjusting Your Internal Policies and Controls.

Second: Customer onboarding and verification.
You need to establish procedures for identifying and verifying clients — individuals and businesses. This includes understanding beneficial ownership, source of funds, and using KYC tools or data providers.

Third: Monitoring.
You have to monitor transactions, detect suspicious activity, and report it when needed. This is where AML tools like KYT systems come into play.

Fourth: Reporting obligations.
In most countries, the CO is the one who submits SARs (Suspicious Activity Reports) to the Financial Intelligence Unit or other authorities.

Fifth: Training.
You need to train the team, regularly. AML is not only about having policies on paper. Your people must understand what they are doing and why.

Sixth: Internal controls and audit. The CO must ensure continuous compliance. You’re not only reactive. You also need to test the system, review alerts, update documentation, and even handle regulators' audits. Now, the important question.

Who can be a Compliance Officer?

There are different requirements in each country. But usually:

•You Must Have a Clean Criminal Record (Obviously)
•Relevant Education (Law, Economics, Finance)
•Ideally, Practical Experience in Compliance, Banking, or Legal

Some jurisdictions even require certification. And in many cases, this person must speak the language of the regulator — for example, Latvian in Latvia. Let me know in the chat if you want to hear more about requirements in your specific jurisdiction. I’ll try to touch on them in Q&A.

Daily Routine of a Compliance Officer

Now, let’s talk about the typical daily routine of a Compliance Officer. Morning starts with checking the dashboard of your KYT system. You review high-risk alerts from transactions that happened overnight. You might need to investigate certain wallets, check if they’re related to sanctioned addresses, or if they’re linked to mixers or known fraud schemes. Then, you might need to review documents submitted by new clients. Maybe you have a new corporate applicant and you need to verify their structure, ask for additional documents, or escalate them for enhanced due diligence.

In many cases, a Compliance Officer is also the one who prepares policies and procedures. That includes the AML policy, risk assessment methodology, reporting procedures, training schedule, internal audit templates — everything.

You’re also the person who communicates with regulators. If your company is getting licensed or already licensed, regulators may ask questions. They may require updates. They may come for audits. And if you’re not ready — they will see it immediately. Now, one of the biggest mistakes I’ve seen in my career is when crypto companies treat the Compliance Officer as just a figurehead.

The Biggest Mistakes. Real Case

They put a name in the documents, but that person doesn’t even understand what’s going on in the company. And the regulators — they’re not stupid. They ask real questions. They check whether the CO can answer them. They check whether the CO is involved in real decision-making. Let me give an example:
I worked with a client who was applying for a license. During the interview, the regulator asked the Compliance Officer how the company conducts transaction monitoring. The CO said, “I think our tech team does it automatically.”

That was the end of the process.
Rejected.

So — if you are going to be a Compliance Officer, you must understand the business, the tech, and the regulations.
And if you’re a founder, you can’t just assign someone randomly and hope for the best. Let’s now talk about outsourcing.

Can a Company Outsource the Compliance Officer Function?

In some countries — yes. You can hire an external expert or consulting firm to serve as your CO. But it depends on local regulation. Also — even if you outsource, someone internally must still be responsible. Regulators want to see ownership. So you can outsource execution, but not accountability. In our work at AMLBot, we’ve seen many founders approach us at the last minute — right before they apply for a license. They realize they don’t have policies, don’t have monitoring, and their CO doesn’t even know what SAR means.

Don’t be that company.
Prepare in advance.

If you want to become a CO yourself — great. It’s a very in-demand role, and there’s a huge lack of trained professionals. Especially in crypto. But you must invest in your learning.

• Know the Regulations.
• Learn the Tools.
• Understand Blockchain Analytics.
• And Practice How To Write Reports and Handle Cases.

We offer a course at AMLBot specifically for this — it’s called AML Fundamentals for Crypto Business. There’s also a separate advanced course in Blockchain Investigations, if you want to go deeper into tracing, mixers, and criminal typologies.

FAQ

Let’s look at the first question:

Q: Can I Be a Compliance Officer if I Don’t Have Legal Education?

Good question. The answer is — yes, in many cases. You don’t need to be a lawyer. You can come from banking, finance, even cybersecurity.

What Matters Is That You:
• Understand AML Principles
• Know Your Jurisdiction’s Regulations
• Can Implement Policies and Supervise Controls

But keep in mind: if your country requires the CO to be registered or approved by the regulator, they may have minimum education or experience criteria. So it’s always good to check your local Financial Intelligence Unit or licensing body.

Q: How Much Should a Startup Pay a CO?

That Really Depends On:
• The Complexity of Your Business
• Whether It’s Full-Time or Part-Time
• The Country and the Licensing Scope

But in general, it’s a well-paid role because of the liability. You are responsible for compliance breaches. So, if you want a competent person, expect to invest.

Q: Can a Founder Be the CO?

In theory — yes, especially in early-stage companies. But it’s not recommended long-term. There’s a conflict of interest — the founder wants growth, the CO wants control. Also, regulators are starting to push back when they see founders acting as COs, because they assume compliance won’t be taken seriously.

Q: What’s the Best Way To Learn How To Monitor Wallets?

Use real tools. For example, try KYT platforms like our AMLBot KYT Monitoring, or advanced analytics like our Tracer. Start with basic address checks — then learn how to:

• Cluster Wallets
• Visualize Flows
• Identify High-Risk Patterns

There are great case studies online. We also provide training materials as part of our courses.

Q: What if We Are Just Offering Crypto Consulting, Not Holding Client Funds — Do We Still Need a CO?

Depends on your business model and jurisdiction. If you’re only advising and not executing or storing assets, you might be outside the scope of AML laws.
But if you: provide wallet services, broker trades, manage access to private keys
Then you're likely considered a CASP, and you will need a CO. When in doubt — consult a local legal expert.

Don’t Want to Miss our Next Webinars ? Follow us:
🔹Web
🔹Our Verified Telegram (News, Updates)
🔹LinkedIn 
🔹 Our Verified Telegram Bot (AML Checks)