While legislators and regulators continue to figure out how to handle the evolving cryptocurrency space, chief compliance officers in the industry are bravely and nimbly doing their part to internally develop regulatory compliance best practices of their own.

About Nirvana Patel


Nirvana Patel

Nirvana Patel has over 15 years of experience in financial services, encompassing payments, crypto, banking, markets, and private equity. Nirvana is chief compliance officer at Prime Trust and serves as the BSA officer reporting to the board of managers. He is responsible for leading the compliance organization focused on regulatory compliance, risk management, and control development. Prior to his role as CCO, Nirvana was head of financial crimes compliance at Prime Trust.


Prior to Prime Trust, Nirvana worked for Citigroup, where he directed end-to-end AML compliance risk management for Citi’s consumer businesses and managed cross-functional initiatives to build and enhance transaction monitoring for its credit card businesses. Before joining Citi, Nirvana oversaw strategic operations for American Express’ financial intelligence unit and managed teams of investigators. Nirvana started his AML career as an investigator with American Express.

We recently caught up with Nirvana Patel, chief compliance officer and Bank Secrecy Act (BSA) officer at Prime Trust. Having previously served as senior vice president of anti-money laundering compliance risk management at Citi and as an enterprise AML and financial intelligence unit leader at American Express, Patel brings a unique perspective to the developing crypto space and shares what he has learned along the way.

Q: First, tell us a little about Prime Trust.

A: Prime Trust was founded in 2016 as a trust company and offers financial infrastructure for fintech and digital asset innovators. We believe the future of finance is digital, so we are on a mission to build best-in-class APIs (application programming interfaces) and widgets that fuel the digital economy. Our customers include crypto exchanges, digital wallets, alternative trading systems, registered investment advisers, broker-dealers, and crowdfunding platforms. All in all, we work with more than 700 digital asset and fintech companies around the world.

Q: What are your roles and responsibilities as Prime Trust’s chief compliance officer and BSA officer?

A: I manage a compliance function responsible for fulfilling legal and regulatory obligations; identifying, measuring, and mitigating risk to protect the franchise; and providing guidance and education to enable business. Within my role, I have responsibility for designing, implementing, and monitoring compliance processes and ensuring we have appropriate people and controls in place to mitigate not just Prime Trust’s risks, but also risks posed to our customers’ businesses. I am currently focused on building a comprehensive compliance system that effectively mitigates compliance and financial crime risks at scale.

Q: How has Prime Trust built out its compliance program?

A: We are heavily staffed with individuals with regulatory, security, and financial services experience. Our team has experience at the OCC (Office of the Comptroller of the Currency); SEC (Securities and Exchange Commission); Federal Reserve; Homeland Security; U.S. Attorney’s Office; and state banking regulators, in addition to fintech, crypto, and traditional financial services companies. Prime Trust is special, because we have pulled together a diverse team with risk and compliance experience, which, quite frankly, makes my job as chief compliance officer more enjoyable and less stressful. We have not needed to push a culture of compliance from the top—it’s something we all believe in. The entire company understands the importance of compliance. We see it as core to the financial infrastructure we provide.

Q: What would you say are some of the top challenges facing the crypto space right now?

A: Staying on top of something that is as dynamic as the crypto space takes a lot of time and focus, having the right people, and being able to find the signal within the noise. Practically speaking, the challenges facing the crypto industry are similar to other industries: How do we scale while protecting our customers from fraud and other scams?

What’s nice about the crypto industry is that it’s tightknit. It’s made up of people who believe in the benefits of crypto, want the industry to succeed, and would like to see wide adoption of crypto-based products. So, we don’t operate in a silo. Prime Trust works with its partners and customers to address fraud and share information to combat financial crime. Education is key.

The industry wants crypto to be seen as a social good rather than as a tool for scammers. So, it’s not just about the crypto industry coming together, but it’s also about us working with the public sector.

Q: How important is regulatory input in this space?

A: Within the past month or so, the federal government announced a number of ransomware-related actions, including the first sanctions designation of a cryptocurrency exchange, publication of advisories on risks, and a report on ransomware patterns and trends. This feedback is critical, because it is based on suspicious activity the industry itself reported to the government. It is an invaluable feedback loop that will help the industry continue to address the challenges of protecting consumers and fighting financial crime.

Q: As a compliance officer in the crypto space, what further regulatory guidance would you like to see?

A: There has been some guidance. In the financial crime space, for example, FinCEN (the Financial Crimes Enforcement Network) published guidance in 2013, 2014, and 2019 that culminated in requirements published in the AML Act of 2020. The law states cryptocurrency exchanges and administrators of cryptocurrencies are money services businesses and are engaged in the business of money transmission. That clarity is good for the industry. It allows cryptocurrency firms to leverage an AML framework that has existed for decades and build upon that.

One key thing needed with regard to guidance is how the SEC defines a security. It’s a really loaded question, and there have been a number of enforcement actions concerning this. It is important to remember the Securities Act was intended to reduce deceit, misrepresentations, and fraud by providing investors with information about the asset they were purchasing. At the end of the day, the Act is designed to protect investors of securities, which is a term that is quite comprehensive and covers more than just stocks and bonds. The SEC may see the existing legal framework as sufficient and that registration of an offering is a way to educate users of cryptocurrencies and related products.

Guidance in this space is much needed. The crypto industry is rapidly changing, with new protocols, functionality, designs, and participants. One concern within the industry is treating everything as a security, regardless of its functionality, though a few regulators have mentioned they focus on the inherent properties and functionality of what is being offered. In advance of changes to laws or regulations, interim guidance the SEC and other agencies can provide about what is not a security versus what is a security will go a very long way. Clarity can have a positive effect on steering innovation in this area.

Q: Do you think the crypto space should be regulated? If so, which regulator would be better tasked with that responsibility?

A: It’s important to have regulations that consider functionality while addressing systemic risks. Given the many forms crypto assets can take, I don’t think it makes sense to have a single regulator oversee everything crypto, unless it is a new crypto-specific regulator. As much as is reasonable, we can leverage existing regulatory frameworks. There are state banking and securities regulators; the SEC; CFTC (Commodity Futures Trading Commission); and self-regulatory organizations, such as FINRA (the Financial Industry Regulatory Authority). Not to mention the OCC, Fed, and FDIC (Federal Deposit Insurance Corp.). Having clarity is more important than having a particular regulator oversee the crypto space. The requirements are similar in nature no matter what the regulatory body is: Are you protecting customers? Are you fighting financial crime?

Digital assets are here to stay. So, how do we make them safe and responsible for everyone involved? This is something Prime Trust is actively working on and will continue to work on with our regulators, partners, and customers.