Interview with Mohan Paranthaman and Karthik Iyengar

Managing the complexity of compliance in today’s fintech realm is not just a question of applying the appropriate technology. You also need to have a solid grip on the business challenges and be quick on the draw. That can be where the smaller tech partner scores over its bigger rivals.

Your career spans global institutions like Citi, BNP Paribas, and Klarna before moving into entrepreneurship. Which moments from those earlier roles most shaped how you now think about building technology for heavily regulated financial environments?

Mohan: The most formative experience was at Citibank, where I led a team of over 25 people supporting CitiKYC and eCadd applications across the APAC, EMEA, and LATAM regions.

What struck me was how financial institutions became passengers in their own compliance operations. Managing compliance technology at that scale showed me how disconnected vendor solutions were from actual operational needs. We had sophisticated systems, but making simple rule changes required months of vendor professional services and astronomical costs.

What struck me was how financial institutions became passengers in their own compliance operations.

The technology existed, but the architecture made institutions dependent on vendors for every meaningful change. This experience, combined with years working with startups, taught me that there had to be a better way, one where financial institutions control their own methodology while leveraging enterprise-grade technology.

Karthik: Working at companies like Shopify was particularly formative. Shopify doesn’t try to hide complexity – it owns it at the platform layer, so merchants don’t have to. That mindset fundamentally shaped how I think about regulated products today. My takeaway from those years is that regulation should not automatically translate into complexity for users or operators. With the right systems architecture, you can absorb regulatory complexity into the platform itself. That is the approach we now take at We Build Products.

Moving from large, complex organisations to founding your own venture requires a shift in mindset. What advantages did you see in building a smaller, more focused company, and where do you think incumbents still struggle to adapt? 

Karthik: The biggest advantage of building a smaller, focused company is leverage. Lean teams made up of senior practitioners can move faster, make better decisions, and execute without the friction that naturally accumulates in multi-layered organisations.

What has changed dramatically in recent years, especially with the rise of LLMs, is that raw technical complexity is no longer the primary moat. In regulated industries, the real challenge is not how hard the technology is, but how well you understand the business problems, compliance constraints, human workflows, and the pace at which organisations can realistically absorb change.

Teams that have operated in complex, regulated environments before have a clear advantage here. We consistently see that small teams of experienced builders generate disproportionate impact compared to much larger organisations. The leverage per person is simply higher.

Operational efficiency has become the real battleground. The organisations that succeed are the ones that can translate AI from hype into concrete operational advantage. That requires a culture of experimentation: prototyping quickly, testing ideas early, and being willing to discard what does not work.

Financial institutions often talk about modernising legacy systems, yet many transformations stall or overrun. From your experience, where do banks and financial services providers most commonly get stuck when attempting large-scale change?

Mohan: We call it the “Taj Mahal” approach internally. It’s the big-bang mentality, where financial institutions try to build something magnificent and comprehensive from day one. They get stuck because they underestimate how interconnected everything is. What seems like a simple AML upgrade suddenly requires changes to customer onboarding, transaction monitoring, reporting systems, and audit trails.

What we’ve learned is to start broad and take inputs from different sources in order to understand the full landscape; but when it comes to go-to-market, solve one customer pain point end-to-end. Basically, an MVP with human-in-the-middle workflows. This helps us build close to the actual need and iterate quickly until you see five-star reviews.

The solution is breaking large-scale changes down smartly. Start with high-impact, contained use cases where you can demonstrate clear value quickly. Our approach lets financial institutions begin with something specific, like reducing AML false positives by 60 per cent. It shows immediate ROI, then expands organically. This reduces risk while building internal confidence.

RegTech is frequently positioned as a defensive necessity rather than a strategic asset. How can strong RegTech capabilities move beyond compliance and become a genuine source of competitive advantage for banks and fintechs?

Karthik: RegTech has become essential to any financial services institution’s operations. How well an organisation handles regulatory technology directly determines how stable and resilient the business is.

A weak regulatory stack does not just increase compliance risk; it creates operational drag across the entire organisation. When regulation lags behind business ambition, companies expose themselves to fines, repeated rework, organisational churn, and audit failures. This is not a theoretical concern. Under the EU’s new AML package, the Anti-Money Laundering Authority will have the power to impose fines of up to 10 per cent of annual turnover or 10 million euros, whichever is higher, and will begin directly supervising up to 40 of Europe’s highest-risk financial institutions from 2028.

Operational excellence in compliance allows organisations to move faster with confidence.

Strong RegTech capabilities, on the other hand, can become a meaningful competitive advantage. Operational excellence in compliance allows organisations to move faster with confidence, whether it be launching new products, entering new markets, or adapting to regulatory change without constant firefighting.

The real leverage comes from how regulatory data is architected. When compliance data lives in silos, spreadsheets, or disconnected systems, organisations leave enormous value on the table. But when that data is treated as a first-class asset, it becomes part of the company’s proprietary intelligence. In an era where foundational technology is increasingly commoditised, how well you organise and operationalise your regulatory data can become one of the few durable differentiators.

Data centralisation is a recurring challenge across financial services. What role does a well-designed RegTech or compliance architecture play in helping organisations turn fragmented regulatory data into actionable business insight?

Mohan: RegTech becomes the forcing function for data modernisation, because compliance requirements create non-negotiable deadlines. Unlike optional business intelligence projects, regulatory reporting must happen regardless of data quality issues. This creates business justification for addressing fragmentation systematically across all types of financial institutions.

Our approach centers on compliance-driven data architecture and building unified data models that serve regulatory requirements while enabling broader analytics. Instead of separate data warehouses for compliance and business intelligence, we design schemas supporting both simultaneously. Customer due diligence data becomes the foundation for customer analytics. Transaction monitoring data powers both AML detection and business intelligence.

The key is standardisation. We’ve developed common data models for customers, transactions, and risk events that work across regulatory frameworks, MaRisk, CRD IV, and GDPR. Data collected for German regulatory requirements also supports European Banking Authority reporting and customer experience optimisation. The same API fed AML monitoring can support fraud detection and personalised recommendations across different institution types.

When evaluating RegTech partners or solutions, what should banking and financial services leaders prioritise to ensure they are not simply digitising old problems, but building systems that are scalable, auditable, and future-ready?

Mohan: The first question should be: “Who controls the methodology?” If you’re locked into a vendor’s interpretation of regulatory requirements, you’re just digitising dependence. Look for platforms that separate technology infrastructure from compliance logic, allowing your team to configure rules, thresholds, and workflows without vendor professional services, whether you’re a community bank or a large financial services provider.

Audit-readiness must be built into architecture from day one, not bolted on later. Every decision, rule change, and data transformation should create immutable audit trails that regulators can follow. We design systems so audit preparation becomes automatic. When regulators ask how a particular alert was generated, our clients provide complete lineage in minutes, not weeks.

Karthik: From a technical perspective, future-ready RegTech systems are built on a data-first foundation. That means designing the data model deliberately, with enough flexibility to accommodate regulatory and business change, while keeping critical domain logic tightly defined and controlled. Not every layer should be flexible; stability in the core is just as important as adaptability at the edges.

Finally, leaders should prioritise partners who work iteratively, validating assumptions through prototypes, proving concepts early, and aligning stakeholders before committing to large-scale builds. The goal is not to digitise the past, but to create systems that can evolve alongside regulation, audits, and the business itself.

AML and KYC remain pressure points for both banks and fintechs. Based on what you see in the market today, what practical best practices separate effective compliance operations from those that create friction for customers and teams? 

Karthik: The biggest failure mode I see is a growing gap between how compliance systems are supposed to operate and how they are actually used day to day. Over time, operational shortcuts emerge, workarounds become normalised, and the original intent of the system drifts. That gap usually only becomes visible during audits, when it is already too late.

Effective compliance operations focus on continuously reducing that delta. That means designing systems that reflect real operational behaviour, not idealised process diagrams, and ensuring that compliance workflows evolve alongside the business rather than lag behind it.

The most effective AML and KYC setups treat compliance as an integrated function, not an isolated one. Onboarding, transaction monitoring, revenue models, marketing strategy, and regulatory reporting need to be connected; and, critically, technology and compliance teams must work in close partnership.

Mohan: From a customer experience perspective, transparency and speed matter more than perfection. Customers understand that compliance is necessary, but expect clear communication about requirements and timelines. Successful operations provide real-time status updates, clear explanations, and multiple submission channels. When customers know what to expect and why, friction becomes collaboration.

Looking ahead, how do you expect the relationship between regulation, technology, and product design to evolve, and what will distinguish financial institutions that scale with confidence from those that continue to struggle?

Mohan: We’re moving toward “regulation as configuration”, rather than “regulation as constraint”. Winners will be financial institutions that build compliance into product architecture as a dynamic, configurable layer, rather than a separate system slowing everything down. Imagine launching a financial product where regulatory requirements automatically configure themselves based on customer location, product type, and risk profile.

The EU’s proposed AI regulations and Digital Operational Resilience Act are forcing this evolution. Financial institutions can’t bolt AI onto existing systems and hope for the best. They need explainable AI, demonstrating compliance with algorithmic decision-making requirements.

The distinguishing factor will be regulatory agility, which means a company’s ability to adapt quickly to changing requirements without massive system overhauls. Our clients build this capability by treating compliance as a data and configuration challenge rather than a technology integration problem. When new regulations emerge, they adjust parameters and workflows in hours or days, not months.

Karthik: There is also a broader dimension emerging. Europe is actively reasserting its digital sovereignty. The Franco-German Summit on European Digital Sovereignty in November 2025 set a clear direction: reducing dependency on non-European technology providers and building independent capacity in AI, cloud, and data infrastructure. For financial institutions, this is not abstract geopolitics but something that directly affects procurement decisions, data residency, and the strategic choices around which technology is deployed in tandem with trust with sensitive regulatory data.

The real opportunity lies in designing technology that makes humans significantly more effective at their jobs, rather than attempting to replace them outright. Financial institutions that scale with confidence will be those that treat regulation, product design, and technology as a single, integrated system, building tools that are compliant by design, transparent under audit, and genuinely reliable and intuitive for the people who use them every day.

Executive Profiles

Mohan Paranthaman and Karthik Iyengar are the Co-Founders of We Build Products, a Berlin-based RegTech company building composable compliance platforms for banks and fintechs. Mohan brings two decades of banking compliance experience, including hands-on BaFin audit exposure at major European institutions. Karthik has built compliant systems at scale for Shopify, Klarna, and SME lending platforms like Spotcap.