Strengthening Your Foundations for a New Era of Compliance

Perla Stoeckert
By Perla Stoeckert
Perla Stoeckert

Perla Stoeckert

Chief Compliance Officer

Perla joined Tipalti as Chief Compliance Officer in November 2018. She brings more than 20 years of experience in financial services, spanning foreign exchange, online payments, fund transfers, and deposit operations. Prior to Tipalti, Perla built her career in risk and compliance at OFX, FXCM, and Commonwealth Foreign Exchange (MoneyCorp). She has led compliance operations across Asia, Australia, Canada, Europe, the US, the UK, and the Middle East. Perla holds a Bachelor of Science in Chemical Engineering with a Minor in International Relations from the Georgia Institute of Technology and earned Stanford University’s Graduate School of Business LEAD Certificate in Corporate Innovation.

Follow

Updated February 4, 2026
Executive PerspectivesIndustry Trends
Asset Image

Finance trends shift fast—explore 5 key processes & tips to stay ahead.

Over the past decade, compliance has undergone a fundamental transformation. What was once viewed as a reactive legal function (focused on audits, static policy manuals, and periodic reviews) has become a strategic, real-time discipline embedded in the flow of modern finance.

Today, compliance leaders are no longer simply responding to regulatory change. We are actively designing systems that can withstand it.

This shift has been driven by the realities of how money now moves. Instant cross-border payments. Mandated e-invoicing frameworks rolling out across Europe and Latin America. Increased regulatory scrutiny of digital assets, stablecoins, and payment intermediaries under emerging federal frameworks, like the US GENIUS Act. Add to that the rise of agentic AI and advanced automation, and it’s clear: compliance is no longer a hurdle to clear. It’s a company’s license to operate and its ability to scale responsibly in an ever-changing global market.

A Decade in Review: Three Eras of Compliance

The compliance function hasn’t evolved overnight. It has moved through three distinct eras, each shaped by broader economic and technological forces.

  1. The Growth Era (2016–2019)

During this period, the mandate was straightforward: enable growth without triggering regulatory fines. Compliance teams relied heavily on manual KYC, rules-based AML checks, and retrospective reviews. The CCO acted as a gatekeeper by approving, rejecting, and documenting decisions as businesses expanded into new geographies.

This approach worked when transaction volumes were lower and regulatory expectations were clearer. But it was inherently reactive.

  1. The Crisis Era (2020–2023)

The pandemic changed everything. According to the FBI, reported losses from internet crime nearly quadrupled between 2019 and 2023, driven largely by digital payment fraud and identity manipulation. At the same time, businesses accelerated digital onboarding and remote work almost overnight.

Compliance leaders were suddenly managing new fraud vectors, onboarding vendors without in-person verification, and responding to regulators in real time, all while teams were fully remote. The role evolved into crisis management, balancing speed with risk under unprecedented pressure.

  1. The Resilience Era (2024–2026)

Today, we are in a new phase. Regulators are no longer focused solely on whether controls exist, but on whether they work continuously. Frameworks like the EU’s Digital Operational Resilience Act (DORA) are setting clear expectations around real-time monitoring, third-party risk, and operational continuity.

In this environment, the CCO becomes a risk architect—designing systems that manage AI governance, API-driven payment rails, and bank-partner oversight by default, not as an afterthought.

Moving Beyond the Compliance Shield

Across the past three eras, one aspect has consistently defined the compliance function: it has been asked to move faster and scale further, while relying on tools built for a slower financial world.

For much of the last decade, compliance operated as a shield. Its role was defensive, protecting the organization from regulatory exposure through manual reviews, periodic audits, and static documentation. The central question was straightforward: Is this legal?

That approach worked when transactions were slower, and risk could be assessed after the fact. But as digital payments accelerated and fraud became more sophisticated, the shortcomings of a reactive model became clear. By the time risk was identified, the damage (financial, operational, or reputational) had often already occurred. In a real-time payments environment, shielding the business after exposure was no longer sufficient.

Constructing a Modern Compliance Architecture

This reality has driven a structural shift in how compliance operates. Today, effective compliance functions are being built as architectures with integrated, data-driven systems embedded directly into the flow of money.

Rather than reviewing activity retrospectively, modern compliance architectures assess risk in real time, using live data to evaluate identity, behavior, geography, and regulatory exposure at the moment a transaction occurs. The transition begins by centralizing risk data, replacing fragmented spreadsheets with a single, always-on source of truth. Manual gatekeeper checks are then replaced with API-driven controls that verify identities, screen for sanctions, and validate bank details instantly.

From there, risk management is enforced programmatically across an organization’s products and regions, allowing controls to scale without slowing the business or increasing headcount. At the most advanced stage, predictive intelligence enables compliance teams to detect anomalies, identify synthetic identities, and surface emerging threats before they escalate—while also providing the governance that regulators increasingly expect for automated systems.

For modern businesses, the outcome is clear. This compliance shift from a shield to an architect allows companies to scale globally and adopt new technologies with reduced risk. For today’s CCOs, the mandate has evolved accordingly. Not just to protect the organization from what might go wrong, but to design systems where resilience is built in from the start.

How Organizations Can Stabilize Their Foundation

The future of compliance is already here, but only for businesses willing to evolve how they operate. The shift from reactive oversight to embedded risk management doesn’t require a complete reinvention. It requires focus, prioritization, and the willingness to build safety directly into everyday processes.

  1. Shift from Rulebooks to Rule-Based Automation

Expecting employees to remember a 50-page policy manual is no longer realistic. The most effective compliance teams translate those rules into systems that enforce them automatically. Instead of relying on manual checks, turn key thresholds (such as payment limits or approval requirements) into built-in controls that block or flag activity in real time.

The payoff: Mistakes are stopped before they happen, and your team can focus on judgment calls rather than repetitive reviews.

  1. Move from Periodic Reviews to Always-On Monitoring

Annual or quarterly vendor reviews can’t keep pace with today’s fraud tactics or regulatory change. Risk doesn’t wait for audit season. Connect vendors and payees to live data sources that monitor changes in ownership, banking details, sanctions exposure, or geographic risk as they happen.

The payoff: Issues surface in real time, not months later during a stressful audit or regulatory inquiry.

  1. Build for Resilience, Not Perfection

In today’s regulatory environment, success is less about avoiding every incident and more about how quickly and effectively you respond when something goes wrong. Identify your most critical services, like payment rails or identity verification, and ensure you can switch providers or activate backups within hours, not days.

The payoff: You demonstrate operational maturity and reliability to regulators, bank partners, and customers alike.

  1. Manage Technology Partners Like Employees

Third-party risk is no longer theoretical. Under frameworks like DORA, companies are increasingly accountable for the failures of their vendors. Treat key technology partners with the same rigor you apply internally. Maintain risk scorecards, require periodic proof of security and governance controls, and understand how their products function.

The payoff: If a vendor fails, you can immediately show regulators that you exercised appropriate oversight and due diligence.

The New Standard for Oversight and Trust

Compliance has always been about trust, but trust today is earned very differently than it was a decade ago. In a financial landscape defined by speed, automation, and global interdependence, trust is no longer demonstrated through static policies or point-in-time reviews. It is proven through continuous oversight, intelligent systems, and the ability to adapt when conditions inevitably change.

As compliance leaders, our responsibility has expanded accordingly. Appropriate oversight and due diligence now mean understanding how risk moves through our operations, technology, and partners in real time—and designing controls that scale with the business rather than trail behind it. The organizations that will succeed are those that treat compliance not as a defensive shield, but as a core capability: one that enables growth, strengthens partnerships, and sustains confidence in an increasingly complex financial ecosystem.

For CCOs, the opportunity of this next era is clear. We must move from reacting to risk to architecting trust into the very systems that power modern finance.

Recommendations

You may also like