Q&A: Paxful CCO on ramping up compliance after BSA failures

In June, Bekeris was named CCO at Paxful, which is seeking to “change the way the world moves money.” The company’s ex-COO Artur Schaback pled guilty last month to violating the BSA by failing to create an adequate anti-money laundering (AML) program.

Paxful, which temporarily shut down in 2023, is under new ownership/management and has committed to “improve compliance processes and procedures, including know your customer (KYC), monitoring, reporting, and sanctions screening, to meet and exceed industry standards and regulatory expectations,” the company said in statement following Schaback’s guilty plea.

Bekeris has 14 years of compliance experience, beginning his career at Western Union and spending the majority of his first decade in traditional financial services before moving into consulting. Since 2020, he has concentrated on the crypto space, leading global compliance operations and systems at Crypto.com, while working with other crypto companies, such as OKX and BVNK. Now at Paxful, Bekeris faces the unique challenge of continuing to build a compliance program from the ground up, aiming to integrate compliance as a key value proposition for the company and its customers.

Q. Paxful is a crypto peer-to-peer network that currently offers services in blockchain, not in traditional finance like banks. How does that model make establishing a compliance program easier, or harder?

A. Establishing a compliance program for a crypto peer-to-peer network like Paxful presents both unique challenges and opportunities. On the one hand, operating outside the traditional and historically “slow moving” banking system allows us to innovate and adapt more quickly to emerging regulatory requirements specific to the crypto space. However, the absence of established frameworks that traditional finance follows means we often need to develop many of our solutions from the ground up, all while ensuring they are robust, scalable, and aligned with U.S. (and global) regulatory standards. Further, the blockchain offers a layer of transparency that is unmatched by traditional finance–adding many opportunities for tracing and monitoring.

Q. How has the previous regulatory action against Paxful’s former co-founder informed the company’s compliance commitment? How is Paxful changing its policies and procedures to reflect this new commitment?

A. For someone who has just joined Paxful, the recent regulatory action served as a critical learning experience on what happened and why, yet it also helped reinforce Paxful’s commitment to compliance. While effective compliance always remains a work in progress, the company has undertaken a comprehensive review of its policies and procedures, implementing more stringent controls and governance mechanisms throughout the customer lifecycle. This includes improvements to KYC, screening, transaction monitoring, and regulatory reporting. Beyond that, we are working on building a program that is regularly vetted internally and externally as well as establishing a proactive approach to regulatory engagement. Our new compliance framework is being designed to prevent any recurrence of past issues and to build trust with our users and regulators alike.

Q. What are some of your goals in the next 12 months to improve compliance at Paxful?

A. Over the next 12 months, some of our goals at Paxful include:

• Enhancing KYC: Global KYC requirements were implemented upon the relaunch of the company. However, we look to enhance both the compliance elements of onboarding and due diligence, adding more solutions, all while making improvements to customer experience by completing these steps.
• Enhancing monitoring: Customer and transaction monitoring are elements that require constant adjustments and calibrations, but we also look to make use of some emerging technologies as well as developing some internal tools to help us be more effective in our risk identification and reporting.
• Regulatory alignment: Ensuring our compliance practices meet or exceed the requirements of regulators in all jurisdictions where we operate. We intend to validate this through external audits and ongoing compliance testing.
• Employee Training: Implementing a comprehensive training program to keep our staff updated on the latest compliance requirements and best practices through interactive and engaging materials.

Q. What are some of the challenges that Paxful has faced in implementing enhanced KYC, customer due diligence, and sanctions screening processes?

A. Implementing KYC, customer due diligence, and sanctions screening processes was uniquely challenging for Paxful. One of the significant hurdles was reinstating our large, existing global customer base after the shut down, but with all users being required to verify their identity to continue transacting, it posed several challenges:

• Customer resistance: While KYC requirements are relatively commonplace in the Western world, customers from other jurisdictions often view these requirements as a major friction point. This led to some customers feeling frustrated and potentially leaving the platform.
• Retrofitting compliance: Unlike launching a new regulated product where you have the luxury of designing compliance approaches from the ground up, Paxful had to retrofit strict KYC requirements and technology into an existing system. This required a careful balance between selecting the right vendors, maintaining customer trust and ensuring operational resources.
• Global diversity: Our customer base spans numerous jurisdictions, each with its own regulatory environments and cultural perceptions of privacy and security. Implementing a uniform approach was challenging and adapting our processes to cater to diverse regulatory landscapes added complexity.
• Operational strain: The sudden need to verify a large number of existing users placed a strain on our operational capabilities. Paxful had to rapidly scale operational teams and technological infrastructure to manage the increased verification workload without compromising on speed and accuracy.
• Customer education: Educating our users on the importance and necessity of these enhanced compliance measures is a crucial ongoing process. This involves extensive communication efforts to explain why compliance measures are being implemented and how they ultimately benefit users by creating a safer and more secure platform.

Q. How is Paxful ramping up its compliance headcount? What is the company looking for in terms of skills in new compliance employees?

A. Paxful faced a unique challenge of needing to scale its compliance functions rapidly, almost overnight, following the company’s relaunch. When compliance issues became apparent, the new leadership had to make quick strategic decisions to address these challenges. Here’s how Paxful approached this:

• Strategic use of managed services: Initially, to handle the immediate need for robust compliance processes, we utilized globally recognized managed services to manage day-to-day operations. This allowed us to maintain compliance while we worked on enhancing our internal systems.
• Transition to in-house teams: Since taking on my role, I’ve been focused on transitioning various responsibilities from managed service teams to full time in-house staff. This shift is crucial for building a more integrated and cohesive compliance function within Paxful.
• Active global recruitment: We are actively recruiting compliance professionals from around the world, specifically seeking individuals with experience in both compliance and the crypto industry. This ensures that our team is well-versed in the unique regulatory and operational challenges that come with the crypto space.
• Balancing volatility and efficiency: The crypto industry is known for its volatility, and this extends to staffing as well. To manage this, we are not only focused on recruiting the right talent but also on improving our processes and technology to maximize efficiency. This dual approach helps us be more resilient and adaptive to changes in the industry.

Editor’s note: All opinions expressed here are Bekeris’s personal ideas and should not be considered as views of any entity he was, is now, or will be affiliated with in the future.