Compliance has become one of the most urgent conversations in global finance, driven by a wave of high-profile scandals, a tightening regulatory environment and the rapid emergence of new asset classes in the digital sphere.
de Risk Partners, a global Compliance-as-a-Service firm headquartered in Lucerne, Switzerland, and Connecticut, USA, recently opened Sri Lanka’s first crypto asset compliance centre of excellence. Echelon spoke to Ravi de Silva, Founder and Chief Executive at de Risk Partners, about the regulatory landscape and where the country fits within it.
Where does the global regulatory environment for compliance stand today, and what should Sri Lankan businesses pay attention to?
Globally, regulation is moving fast towards digital assets and artificial intelligence. Switzerland became the crypto valley of Europe precisely because it got its regulations right early, and that is shaping which countries become standard-setters globally.
The United States passed the GENIUS Act last year, giving stablecoins a clear federal framework, and the broader CLARITY Act for digital assets has cleared the House and is now advancing through the Senate. Sri Lanka does not yet have an equivalent, though I know the government is working on it, and I would welcome the chance for firms like ours to support that process.
Can you tell us about the Compliance-Led Crypto & FinTech Centre of Excellence you’ve opened in Sri Lanka?
We service clients in the United States and the European Union (EU) from Sri Lanka, having trained local talent that already had strong backgrounds in financial crime work. Combined with the foreign exchange (FX) arbitrage, that gives us enterprise-grade, big-four-level compliance capability at a price point that works for mid-sized firms and startups.
This signals real opportunity, but it must be matched with urgency. Sri Lanka already has by industry estimates around half a million crypto investors trading through international exchanges, with no domestic framework governing it, and we have seen fraud cases where assets were moved offshore beyond our jurisdiction.
The lesson is in how you build the rails. Lithuania built proportionate, risk-based regulation and became a genuine digital asset hub. Estonia opened the door too loosely in 2017 and ended up with a string of money laundering scandals. Sri Lanka needs to follow the Lithuanian model, not the early Estonian one.
What is your message to banks navigating digital banking and trust ahead of the upcoming Asia Pacific Group (APG) evaluation?
Banks should be moving aggressively into digital banking and payment processing, though not yet into digital assets, since the regulation is not in place.
The key in all of this is the trust layer, and that trust layer is compliance. I have spent years inside compliance functions at major banks, including through one of the longest consent orders Citigroup has faced, and I have seen what happens when financial crime controls are inadequate. It sets growth back for years and costs billions to remediate.
The Asia Pacific Group on-site evaluation, running from 26 October to 6 November, is no longer just about whether policies exist on paper, but whether they are implemented and working. If an institution has gaps, the right response is a clear remediation plan, and there is still time to build one.
How can smaller players, such as payment processors and e-commerce platforms, turn compliance into a competitive advantage?
Every operational process, whether it is a farmer receiving payment through an app or a marketplace connecting buyers and sellers, has compliance touchpoints built into it.
We treat this as a transformation: taking a client’s existing process, re-engineering it here in Sri Lanka with fraud and anti-money laundering controls built in from the start, then automating it through technology designed in Switzerland to preserve that quality and trust layer.
What should the government focus on regarding regulation, talent, and Sri Lanka’s position as a digital asset hub?
Getting the regulatory framework right, and getting it done quickly, is the priority everything else depends on.
Sri Lanka is well placed geographically, with strong sustainable energy resources that could support a future as a regional data centre hub, and the talent base to become a genuine digital asset centre, provided we follow the Lithuanian model rather than the Estonian one.
Delay carries real risk. We are already seeing scam operations and unregulated exchanges setting up here, and without a regulatory framework, that is effectively money laundering by another name. We do not want Sri Lanka to become the next Cambodia, which has earned international notoriety for exactly this kind of scam-compound activity.
On talent, technology and AI education need to become a priority now. Digital asset literacy is not just for the next generation either; it needs to reach the wider public, because there is a real opportunity for people to build wealth properly and legally, provided the education is there to support it.
What does the future of compliance look like?
Over the next 5-10 years, I expect artificial intelligence to take over around three-quarters of the routine work compliance teams do today, with people moving up into oversight and judgement roles.
Mid-sized banks, fintechs and crypto exchanges will eventually run with a leaner core, little more than a chief compliance officer and an operations lead overseeing AI agents, while keeping a human in the loop for key decisions.
We have rebuilt our own firm three times in the past two years to stay ahead of this shift, and our offering today is built entirely around compliance transformation.
Whether the industry is ready for it or not, this change is coming. Compliance will not be a cost centre going forward, it will be the critical component for success across financial services, healthcare, and pharmaceuticals alike.


