In August 2022, Carolina Ceballos was hired as the first full-time chief compliance officer at Paxos, a blockchain infrastructure platform that provides services to companies including PayPal, Mastercard, and Interactive Brokers.
Ceballos previously served as deputy CCO for Meta’s Facebook Payments platform.
Compliance Week spoke with Ceballos about what Paxos does, its culture, and how it uses compliance as a competitive advantage. The conversation has been edited for clarity and length.
Q. Paxos offers a ‘suite of regulated blockchain products.’ What are its products, and how are they regulated?
A. Paxos is building a platform that makes it seamless for enterprises to tokenize, custody, trade, and settle digital assets. Our core product offerings include three main solutions at this time.
The first service is the Paxos crypto brokerage, which is an off-the-shelf API (application programming interface) that makes it quick and easy for enterprises to enable crypto trading, custody, sending, receiving, and KYC/AML (know your customer/anti-money laundering) verifications to their end users.
The second service we provide is tokenized assets. We offer regulated white-label stablecoin tokens and our flagship regulated digital dollar called USDP. We also offer Pax Gold, which is tokenized institutional-grade gold.
The third area of services we provide is settlement solutions. We offer enterprises and institutional traders access to our commodity settlement network that increases efficiency and reduces risk in back-office settlement processes for precious metals.
Paxos is regulated by the New York State Department of Financial Services. We’re also a registered money services business and regulated by the Treasury Department’s Financial Crimes Enforcement Network. We hold money transmitter licenses in three states: Connecticut, Texas, and Tennessee.
Separately, we’re regulated as a major payments institution by the Monetary Authority of Singapore. Paxos is the first international company focused in the blockchain space to secure this licensing.
Q. An area of concern regarding blockchain platforms within the financial industry has been lax AML protocols. What AML protocols do Paxos employ?
A. There may be this perception of the blockchain and crypto industry of lax controls. For Paxos, we’re a regulated entity, so we’re subject to the same level of regulatory scrutiny as traditional financial institutions.
It really starts at onboarding. We want to know who our customers are, and we must verify their identities. This is true whether we are dealing with a financial institution or for our customers more generally.
We make sure we have all the right screening in place. By screening them, referring to sanctions or PEPs (politically exposed persons) or adverse media, we ensure that we assign the right customer risk rating to our customers at onboarding. We make sure none of our customers are able to conduct transactions until they’ve cleared all our onboarding checks.
Then, we have transaction monitoring controls. We’re watching what people are doing with our services, and we do this in real time. We also conduct monitoring post-transaction for fiat and blockchain transactions. Our approach is tailored to our current risk typologies and to Paxos’s risk appetites.
If we find anything unusual or suspicious, we file a report with the applicable regulatory agency, as required.
We have high standards of training processes not only for our compliance team but also for the company more broadly. This means that we’ve examined our quality assurance program and testing capabilities. We undergo an annual independent review of our program, like any other traditional financial institution.
Further, we’re constantly re-evaluating our program, assessing and considering new innovations, while trying to make sure we’re staying ahead of any new trends or emerging risks.
Our team regularly engages with the industry through public or private partnerships. We’ve joined a number of blockchain industry forums, including the Tokenized Commodities Council, to communicate Paxos’s commitment to compliance and to dispel, to your point, the stereotype about lax controls in the digital assets industry.
Q. You have described Paxos as a compliance-first organization. How does that work in practice?
A. It means that we apply traditional BSA (Bank Secrecy Act), AML, and sanctions requirements to our company, and we operate with the same expectations as any other financial institution. We track all the regulatory guidance and industry news closely.
This also means compliance is embedded into our business practices. We have strong relationships with our business and growth partners. We have a ‘three lines of defense’ model where compliance is situated to appropriately advise on risk. We have governance frameworks in place to make sure we can advise, recommend, and provide input on business initiatives and ensure businesses are equipped with our guidance to support their growth plans.
Q. Can you give an example of how Paxos would embed compliance in a new product or offering?
A. For any new product offering, our entire suite of compliance controls would apply. We support product launches from the beginning, ensuring all our controls are in place. For every new product, we evaluate the type and scope of risks for that particular product and confirm we have all the right controls in place.
Some of the risks we evaluate and look at mitigating, if necessary, would be the geographic location or jurisdiction where we’re contemplating an extension of product offering, new service, or new partner. We look at the customers being serviced. We also look at the specific features of the product itself, whether a white-label stablecoin or a transfer product, for example.
The compliance team would be a partner to those conversations to understand all details, features, and ideas. We partner closely with the subject matter experts we are lucky to have at Paxos to make sure we have a comprehensive understanding of the product’s features, the potential risks, and how to mitigate those risks.
Q. How does Paxos use compliance as a competitive advantage?
A. Paxos has always had a nonnegotiable commitment to trustworthiness via a regulatory-first mindset. Each of our partners have sophisticated compliance programs, and they seek partners with similar risk appetites. They value our commitment to compliance and the proven effectiveness of our program. We are consistently demonstrating the value our compliance program brings to the business and to our product partners.
The compliance-first principle and mindset also helps us to attract and retain the top talent in blockchain. When I’m talking to members of the team, they tell me those values are something that appeals to them. It helps us, with this amazing team we have assembled, to continue to raise the compliance bar here at Paxos.