In fast-paced industries like crypto, fintech, and aviation, speed is king. But when speed sacrifices safety, regulators come knocking. In this episode of the TEQ Shift Podcast, Erwin Veldhuis shares war stories from the crypto trenches and reminds us why compliance shouldn’t be an afterthought—it should be the engine that powers innovation, trust, and scale.
We’ve all seen it. A new product feature ships fast to keep up with competitors, only to trigger a compliance firestorm weeks later. Engineers scramble to reconstruct audit trails. Product teams spend days translating technical decisions to regulatory language. The legal team? On edge.
This is what happens when compliance is treated as a bolt-on. In regulated industries, delayed compliance doesn’t just delay products. It risks fines, licence withdrawals, or worse: user trust. According to Erwin,
“Every transaction needs to be recorded. Every system change as well—even a one-liner.”
Because when money or public safety is on the line, ambiguity is not an option.
Once your platform is online, be aware of possible attacks. That means your infrastructure isn’t just built for performance—it should be built for resilience. And your development team? They’re not just pushing features. They’re building financial infrastructure.
Erwin puts it bluntly: “Downtime is a no-go. A bug can cost real money. A misstep can cause a hack.” In the episode, he explains how his teams trained engineers to think like attackers, like auditors, like regulators—all at once. This isn’t DevSecOps for show. This is building software that assumes you're always under scrutiny—and under threat.
If you want to scale across Europe—or across any jurisdiction with real regulatory teeth—you can’t rely on reactive compliance. It has to be embedded. From day one.
At Lightbit, Erwin built this mindset into the company’s DNA. “We trained everyone. Developers, PMs, even support staff. Everyone knew what was expected from a compliance perspective,” he says. They didn’t just have a legal team checking boxes. They had a culture where every engineer wrote code as if a regulator would read it.
Even with the best tools, compliance can fall apart without the right habits and processes. Tools scan and log, but it’s your people who build the trust.
Erwin's team embedded these practices deep into their workflows:
No code goes to production without being reviewed by a second pair of eyes. It’s not about bureaucracy—it’s about shared accountability. Every commit could impact money flow or security. Someone else must validate it.
Compliance means proving what happened and when. That’s why every transaction, system change—even a one-liner fix—was logged. "Auditors don’t want assumptions. They want proof," Erwin explains.
Forget “move fast and break things.” In crypto, moving fast means breaking nothing. Erwin’s teams paused at key steps, ensuring manual checks before deployment. Continuous delivery didn’t mean continuous risk.
When these practices become second nature, your developers start thinking like regulators—and that’s when compliance becomes an advantage, not a chore.
Every country loves its own rulebook. Even within the EU, pre-MiCAR (Markets in Crypto-Assets Regulation), Erwin’s team had to navigate different demands from French and Austrian regulators. 80–90% of the requirements overlapped—but it’s the remaining 10% that can kill momentum if you’re not prepared.
The answer? Build modular flows. Use standard tools where possible, but customise logic per jurisdiction. Compliance scalability is just as critical as code scalability. And that takes planning, not patchwork.
Here’s the ultimate mindset shift: compliance isn’t the last step before go-live. It’s your go-live enabler. Erwin wishes he’d invested even more in compliance early on—not because he regrets how they did it, but because it made everything else easier: licensing, trust-building, and scaling.
This is especially true in industries where customers (and regulators) are rightly paranoid. If you’re handling money, identities, or critical infrastructure, your ability to prove compliance is the difference between being a promising startup and a trusted player.
So if you're thinking compliance is a bottleneck—maybe it's time to ask: what if it's actually your competitive advantage?
Check out our full episode for more insights.