
•
4 min read time
View Transcript
Overview
Stablecoin payments promise faster settlement, but they also remove many of the familiar checkpoints compliance teams rely on in traditional finance. Once payments move across wallets, chains, counterparties, vendors, and jurisdictions, institutions need to decide what gets checked before execution, what can be automated, and where human review still belongs.
That is why Utila brought together compliance, security, and operations leaders for Episode 08 of the Stablecoin Builder Series. Josh Weiss of Utila is joined in the recorded discussion by Pelle Brændgaard of Notabene, Gabi Urrutia of Halborn, and Michelle Latzer of Corsa to discuss how stablecoin compliance works in production, where legacy workflows break, and what institutions need to build before stablecoin volume scales.
Key Takeaways
Compliance needs to be built into the payment flow
The panel argued that stablecoin compliance cannot sit outside the transaction as a manual review or post-settlement check. Transaction monitoring, wallet screening, Travel Rule messaging, sanctions checks, approval policies, and escalation rules need to work inside the payment workflow. As stablecoin volumes grow, compliance becomes a product and operations requirement, not a separate legal function that reviews activity after the fact.
Wallet screening alone does not identify payment counterparties
Blockchain analytics and wallet screening remain important, but they do not fully answer who is sending or receiving funds. Pelle Brændgaard explained that Travel Rule messaging adds off-chain counterparty information to digital asset payments, similar to how traditional payment networks already carry originator and beneficiary data. For stablecoin payment companies, this information helps support sanctions screening, counterparty risk management, and trusted institution-to-institution transfers.
Alert rules need to match the business model
Michelle Latzer warned that companies can quickly become overwhelmed by alerts if monitoring rules are not tuned to their actual risk profile. A retail wallet, a PSP, an institutional treasury platform, and a cross-border payments company will each face different risks across users, geographies, products, transaction sizes, and rails. Alert management needs business-specific rules, user-level context, historical behavior, and automation that helps analysts triage issues consistently.
Incident response has to start before funds move
Gabi Urrutia emphasized that on-chain incident response cannot rely on the same timing assumptions as traditional finance. Once funds move through a bridge, mixer, or compromised contract, recovery options narrow quickly. Institutions need pre-incident controls: transaction simulation, policy rules, emergency procedures, kill switches where appropriate, pre-agreed escalation channels with exchanges and infrastructure providers, and clear authority over who can pause or block activity.
Stablecoin security depends on operational governance
The panel pushed back on treating security as only a smart contract audit problem. Audits remain necessary, but stablecoin payment failures can also come from poorly managed admin keys, blind multisig approvals, weak vendor controls, misconfigured policy engines, unsafe bridge interactions, oracle issues, or unreviewed integrations. Institutions need to audit who can touch critical systems, what they can approve, and under what conditions.
Compliance and user experience should improve together
The panel rejected the idea that compliance and UX must always work against each other. Poorly designed compliance creates repeated information requests, unnecessary friction, unpredictable delays, and manual escalations. Well-designed compliance uses real-time risk assessment, policy-based automation, and targeted intervention so low-risk activity can move quickly while higher-risk activity receives the right level of review.
Institutions should not build every compliance component themselves
Several speakers noted that stablecoin compliance requires connected infrastructure: Travel Rule networks, monitoring systems, vendor orchestration, data protection, AI-assisted triage, audit trails, and regulatory reporting. Some internal logic will always be company-specific, but building core network or orchestration layers in-house can become expensive and fragile as volume, geographies, vendors, and regulatory requirements expand.
Key Speaker Insights
Pelle Brændgaard, CEO, Notabene
“The travel rule is basically a payment compliance rule. It’s a little-known rule that has been implemented by banks, PSPs, and any kind of financial institution for many years. It’s not something new.”
Explaining why Travel Rule implementation should be treated as payment messaging, not a crypto-only compliance burden.
Gabi Urrutia, SVP & Field CISO, Halborn
“In crypto, in digital assets, incident response starts before the incident, not after. When you click on the payment, the money is gone.”
Discussing why stablecoin security needs pre-transaction controls and predefined emergency procedures.
Michelle Latzer, Co-Founder & CEO, Corsa
“When scale happens fast, everything internally that connects compliance to your product breaks fast.”
Describing what happens when stablecoin products grow faster than internal compliance operations.
Subscribe
Thought leadership, product updates, and partnerships - delivered only when we have something interesting to share.
Empower your organization to securely store, transfer, and govern digital assets with enterprise-grade confidence. Built for fintechs, enterprises, and institutional operators.
See how Utila fits into your stack.
Live walkthrough, no commitment.
Companies who trust our enterprise-grade governance, security, and operational control:


