Alan Poyatos: “Regulation is a consumer value—when it’s proportionate and workable”

Alan Poyatos is Chief Compliance Officer at BitBase and one of the most distinctive profiles in Spain’s crypto ecosystem: a lawyer by training, a Bitcoin holder since 2012, and a firm believer that well-crafted regulation builds trust and drives business growth. At BitBase he leads a hybrid model—physical stores and ATMs plus an online channel—that brings crypto to people who prefer human support, with automated KYC and a manual review of every onboarding. “Regulation is a consumer value—when it’s proportionate and applicable,” he says, referring to MiCA, proof-of-reserves, and orderly wind-down plans.

Drawing on his expansion experience in Latin America (Panama, Paraguay, Argentina, Bolivia, and Costa Rica), he underscores a reality: “There, crypto is a necessity; here, it’s an investment.” He’s concerned about deepfakes and social engineering and advocates for tools that allow court-backed freezing of stolen funds. A declared optimist, he doesn’t doubt the destination: “We’ll see mass adoption; paying for bread with crypto will be normal.”

Q: What motivated you to jump into crypto and take on the compliance role at BitBase?

A: I’m a lawyer and was already trading stocks when I discovered cryptocurrencies. Their disruptive nature versus the traditional financial system drew me in. I’ve always defended civil liberties and consumer rights—I litigated against financial institutions over banking fraud—and I saw in Bitcoin and blockchain an alternative that gives people control over their money, versus a system that abandoned the gold standard and lets states manipulate exchange rates and currency value. I bought my first bitcoin in 2012 and I’ve been a committed holder ever since. Blockchain technology empowers people, especially in countries with hyperinflation or manipulated currencies. It’s true that large holders today are institutions and retail investors lost part of that historic opportunity, but the chance was there and I’m glad I bet on it.

Q: You combine physical and digital. How do you manage compliance in that hybrid environment?

A: Our business is crypto with a very traditional layer. We serve people who don’t want to buy online: there’s a tech gap, distrust, or they simply prefer human interaction. That’s why physical stores and ATMs are key: they offer real assistance and fast resolution (including phone support at ATMs). From a regulatory standpoint, the hybrid model is more complex because we handle cash. Crypto already implies risk due to pseudo-anonymity; add cash and the cocktail gets stronger. We mitigate with intensive training (fraud and AML/CFT), automated identification, and a manual review of every signup: human eyes verify video, liveness, and consistency. We include signals like whether the person pronounces numbers correctly during the video. That significantly reduces impersonation.

Q: Do you verify users at ATMs? How does it work?

A: Yes. If you’re new, after entering your phone number you receive a link and complete onboarding from your mobile with video verification. All BitBase customers are identified.

Q: One sector challenge is balancing transparency, UX, and accessibility. How do you navigate that tension?

A: Early on, many users sought extreme privacy. Regulation, in favor of consumer safety, has reduced that anonymity. Some of those users moved to more opaque environments, while others understood that identification provides guarantees. With the Travel Rule, verification, and traceability, fraud drops: nobody wants to scam “in their own name.”

Q: What are the critical compliance pain points for a hybrid company like yours?

A:

• Banking relationships: Opening accounts remains difficult. Even with strong compliance, crypto + cash exceeds many banks’ risk appetite.
• User education and taxes: Explaining why identification is necessary and how taxes work. During income-tax season we get many questions—neither users nor some accountants fully grasp it. Sending clear annual summaries for the tax authority helps; once customers understand their taxes, friction drops.

• Sector reputation: The “crypto = illegal” narrative did damage. The technology isn’t bad; it depends on how it’s used. Crypto enables global transfers, lower costs, and irrevocable payments (for better and worse), which changes the rules of the game. For example, you don’t wait 48 banking hours and the payment can’t be reversed. You can pay someone in Japan almost instantly in a common “currency.”

  As tax understanding and the regulatory framework mature, the sector will evolve toward new products: more staking, lending, and tokenization of real-world assets.

Q: With MiCA and more regulation, do consumers feel safer?

A: We’re not at mass adoption yet. The general public will probably enter via traditional financial products, giving up some potential upside. But regulation creates trust frameworks: MiCA authorization, complaint mechanisms, support in your local language, proof-of-reserves, and orderly wind-down plans to avoid FTX-type situations. This isn’t pay-per-compliance: these are real plans with roles and firewalls, audits, and verification that custodied cryptoassets truly exist, including incident response to cyberattacks (who does what, how communication happens, and which operational firewalls are activated).

Q: Some see regulation as a brake on innovation. Do you see it as added value or a barrier?

A: It’s added value and consumer protection if implemented with order, reasonable timelines, and industry input. But there’s currently a strong entry barrier: although the principle of proportionality exists, it’s very hard for a small entrepreneur to launch an exchange due to fixed compliance costs. That slows innovation but reduces “boiler rooms” and irresponsible listings: the era of “two friends in a garage with ChatGPT writing a whitepaper” is over. Before listing, you have to scrutinize the project for real.

Watch out for impersonation: fake Telegram channels and groups pretend to be BitBase; we always recommend verifying official channels.

Q: Do you have expansion plans?

A: Yes. We have a presence in Latin America—Panama, Paraguay, Argentina, Bolivia, and Costa Rica—and we’ll keep growing. With MiCA authorization we’ll open new markets in Europe.

Q: How do you see regulatory and cultural differences between Europe and LatAm?

A: Pleasantly surprised: in LatAm there’s extensive AML/CFT regulation and crypto-specific rules, with free training from supervisors for compliance officers. Culturally, in Europe investment prevails; in LatAm, crypto is used as a payment method and store of value. Many people save in stablecoins (USDT) or bitcoin because their local currency is weak and access to dollars is limited. There, crypto is a necessity, not an option.

Q: Looking at the short/medium term, which emerging risks worry you?

A: Two big ones:

• AI-driven impersonation (voice, image, video): video identification will have to toughen to distinguish humans from deepfakes.

• Increasingly sophisticated social engineering: scammers get people of any age to “normalize” crypto payments to fraudsters.

  I’d also like to see technologies that can freeze or seize funds identified as stolen—not just tag them on-chain—and return them to the rightful owner once there’s a final court ruling.

Q: What advice would you give to someone who wants to work in crypto compliance?

A: Go for it. It’s exciting to combine law, compliance, and crypto. Nobody knows everything: we learn in real time. You need motivation, curiosity, and the ability to accept that the framework constantly changes with new guidance and interpretations.

Q: How do you imagine your role in 10 years, when crypto is part of everyday life?

A: I hope to remain a (more senior) head of compliance and to see mass adoption: buying bread with crypto as a matter of course. I have no doubt it will come.