Luana Romero: "Strong Regulations Don't Always Equal Effectiveness: We Need Better Oversight, Training & Financial Intelligence"

Luana Romero stands as one of the most respected voices in compliance and anti-money laundering prevention, not just in Brazil, but across Latin America. With over 15 years of experience, she's worked on multiple fronts—including the landmark Operation Lava Jato—and has witnessed regulatory evolution from the inside. "Regulations have advanced significantly in recent years, but saying they're sufficiently robust would be oversimplifying," she states with the calm confidence of someone who knows the system's inner workings.

Integrity is the thread that runs through everything she discusses. "I love the crypto ecosystem, but I'm not a trader: what I do is sell integrity," she says with conviction. "Compliance officers are the soldiers in the trenches, the front line that ensures transparency." And she's not exaggerating. In a country like Brazil—Latin America's fintech leader, with over 30% of the region's total—the compliance officer role isn't just necessary: it's essential.

Question: Luana, tell us: What led you to specialize in compliance and AML, especially in the crypto and fintech ecosystem?

Answer: I've always been searching for my life's purpose. I love working, but I needed to find meaning in what I do for society, for my life, and for others' lives. My initial training was in logistics and customs development. I worked extensively in that field and became passionate about fraud-related topics: corporate fraud, foreign trade fraud, etc.

That led me to study Accounting Sciences and become a certified public accountant. However, I never practiced as an accountant, but rather as a forensic investigator of financial crimes. I started working in that area very young, investigating tax fraud. In Brazil, we differentiate between direct and indirect taxes; I specialized in indirect taxes because there's a lot of fraud in that ecosystem.

Over time, I evolved and deepened my studies. I've been working in compliance and anti-money laundering prevention for over 15 years. I started parallel to Operation Car Wash (one of Brazil's most important anti-corruption operations), participating in its last three phases with financial investigations.

This kept me always at the forefront of anti-money laundering efforts in my country. The crypto ecosystem entered my life when I started serving many compliance specialists as a consultant. I was invited to speak at the country's largest cryptocurrency exchange and, after that presentation, they offered me a position on their team. I started as a senior compliance analyst, then led the department and designed the entire anti-money laundering and compliance prevention program. That exchange became LATAM's first crypto unicorn.

That's how I entered this disruptive ecosystem. I often say that, rather than selling coins or being a trader, what I do is sell integrity. Because yes, integrity also has a place in the crypto ecosystem. We compliance officers are the "soldiers in the trenches," the front line that ensures system transparency and credibility for all users.

Q: What you say about integrity seems to clash with the crypto ecosystem's origins, which emerged from anonymity and challenging the traditional system. How do you see it?

A: I don't see it as a contradiction. Everything can work in synergy. Anonymity exists, but so do laws and tools that allow us to act with integrity. For example, Brazil's Data Protection Law—similar to Europe's GDPR—establishes in article 7, items 9 and 10, the principle of legitimate interest.

This allows us to perform KYC (know your customer), audit transactions, and work with blockchain databases. Tools like Chainalysis enable us to trace from the origin wallet to the final destination, helping us identify crimes related to the dark web.

Thanks to these technologies, we can monitor, control, and audit even in a decentralized environment. This proves that integrity does exist in the crypto ecosystem.

At an exchange, for example, compliance isn't reduced to policies. We conduct tests, monitoring, simulations. And when dealing with a fintech, technology is fundamental. That's why any compliance professional must learn about blockchain, cybersecurity, machine learning... There are financial risks, scams, pyramid schemes, money laundering, and also cyber risks like phishing.

I've worked at exchanges where they hired ethical hackers to test team security. We'd receive fake emails to evaluate whether employees fell for these tests. Everything is part of monitoring.

Q: Have regulations evolved significantly since you started?

A: Yes, they've evolved significantly. Although saying they're sufficient or robust would be oversimplifying. In countries like Spain, Brazil, or Luxembourg, there are well-structured regulatory frameworks with sectoral approaches and risk-based supervision.

In Brazil, for example, we've had important advances with FATF's mutual evaluation in 2022 and Law 14.478 that same year, which establishes the legal framework for crypto assets. There's also regulation from the Securities and Exchange Commission (CVM) to supervise transactions of crypto-linked securities.

Currently, a law is being processed that will require exchanges to implement asset segregation, which for now is just a best practice.

But strong regulation on paper doesn't always translate to practical effectiveness. We lack supervision, training, and financial intelligence.

I work with central banks in various countries to build regulation from the ground up: conducting risk mappings, identifying gaps, and designing solutions.

Latin America is the world's fifth-largest crypto market. Although many countries still don't have complete regulatory frameworks, central banks are very active in research, studies, and development.

Q: What gaps or challenges do you see in current regulations?

A: I identify three major challenges:

Regulatory and supervisory fragmentation: Many countries have scattered frameworks and little coordination between regulators, making integrated responses difficult.

Lack of regulation in non-financial sectors: Lawyers, notaries, luxury goods, real estate, and online gaming are often poorly regulated.

Inequalities in supervisory capacity: While countries like Luxembourg, Spain, or Brazil advance in technological supervision, other LATAM and African countries lack sufficient technical or human resources.

I've recently been in Africa providing training, and there's a lot of interest but also many limitations. Something curious is how the terminology varies: in Spain they talk about capital laundering; in Mexico, money laundering; in Brazil and generally in LATAM, asset laundering. I usually use the latter because it encompasses all cases.

Q: Do you think the cost of certain tools is a barrier for many companies wanting to comply with regulations?

A: I always approach this as an investment, not bureaucracy. Quality tools have a cost, yes, but also enormous value.

In my work, I always include financial education. I teach my clients what tools exist to mitigate risks and their quality-price relationship. Some are expensive, yes, but there are high-quality options at more accessible prices.

I'm very demanding about quality. I don't recommend anything I haven't used before. Brazil is very advanced in AML technologies, even more than other countries in the region. We've had an Anti-Corruption Law for 10 years, and the Central Bank has greatly promoted technology use.

So, even with limited budgets, there are ways to do things right if we prioritize security.

Q: That's exactly what we do at Didit. We offer free, modular, and flexible KYC...

A: Wonderful! I'm very critical of KYC programs. For the exchange where I worked, I designed a very comprehensive procedure based on FATF's 40 recommendations. I'm surprised that many traditional banks don't even consider them.

I always talk about this with a touch of humor. In my classes I say: "Did you read the dream book today?", referring to FATF. These are essential standards we should apply anywhere in the world.

I use various tools here in Brazil, participate in vendor meetings, and always provide feedback for improvement.

Q: Why has Brazil become a fintech benchmark?

A: Brazil is LATAM's largest country and also the biggest crypto market in number of transactions. Sometimes Argentina surpasses us in volume due to economic context, but we have more operations.

We're a country open to technology. We have many fintechs, product variety, and quite complex regulation. In Brazil, there are regulatory bodies for almost everything: insurance, health, even the National Health Agency now requires compliance in money laundering prevention.

I developed one of the largest programs in this area for the health sector in 2023.

Many foreign companies contact me to understand how to operate in Brazil. And at the same time, I bring learnings from other countries to mine. I consider myself Latin, Brazilian, and Ibero-American. My role is to always see the glass half full: apply the good from my country abroad and bring the best from abroad to Brazil.

Q: What's the synergy between fraud prevention and money laundering in Europe and Latin America?

A: Both disciplines have a common goal: protecting financial system integrity. But for a long time, they operated separately, especially at the institutional level.

Today, the global trend—in countries like Spain, Portugal, Luxembourg, or Brazil—is integration. Institutions are unifying compliance, risk, and cybersecurity areas to detect complex fraud patterns linked to laundering.

In Spain, banks already share algorithms and monitoring systems for both. In Brazil, the Central Bank promotes using machine learning models to identify internal fraud with laundering potential.

Latin America is also advancing, though it still faces institutional coordination challenges and technical limitations.

That's where I come in, collaborating with governments, central banks, and entities to design practical solutions with the tools they already have. It's about moving from paper to reality: implement, measure, adjust. Not leaving regulation in a PDF.

Q: How can institutions improve this synergy in practice?

A: First, with continuous training and understanding of emerging typologies. Then, centralizing integrated risk management and investing in technology: data analysis, artificial intelligence, machine learning...

It's also fundamental to create mixed teams: AML, anti-fraud, legal, IT, information security... All aligned, sharing information and objectives.

This synergy is key to protecting business and users. It's not just about compliance, but building a safer system.

Q: During your conferences, many company or government officials surely share their concerns with you. What are the most common ones?

A: They often ask me: "How do we advance regulation if we have serious organized crime problems?"

In those cases, I don't start by drafting laws, but by conducting a risk assessment. I identify the client's or country's main pain points and, from there, we build together.

I don't come to impose, I come to add value. I work as part of the team, from within. That's my philosophy.

Many countries don't even know where to start. In contexts where there's human trafficking, illegal mining, animal or drug trafficking, everything usually begins with a money laundering suspicion or financial scam, and then a complex network is discovered.

My experience has taught me to act with sensitivity, understand contexts, and adapt my approach. I've even worked with related crimes like slave labor or illicit economies.

That's why I say it's not just about making a law. First, you have to understand what's happening, act carefully, and design real solutions.

Q: What advice would you give someone wanting to start a career like yours?

A: I recommend three things:

Continuous education. This field changes all the time. Standards, technologies, and typologies evolve daily.

Understanding the business. A good prevention specialist must understand products, associated risks, and how the sector works.

Analytical capacity and ethics. You need critical thinking, sensitivity to geopolitical contexts, and professional ethics.

Sometimes what's ethical for me might not be for you due to our cultures. But integrity doesn't change: it's universal, unbreakable.

I was recently in a country going through a violent crisis. I was the only female speaker at a congress about organized crime. I had to adapt my speech with great respect. Success was in that: connecting through empathy.

Training is part of my life's purpose. What I didn't have when starting, today I strive to offer others. Sharing knowledge is what can change everything.

Q: Last question, Luana. Given your experience, how should the fintech industry—and everything related to anti-money laundering prevention—prepare for upcoming regulations?

A: We need to democratize knowledge. Translate technical concepts into clear language. The fintech ecosystem, especially crypto, is new to many and still generates distrust.

We, as compliance officers, have the responsibility to educate, to explain what blockchain, AI, machine learning are... but do it simply and directly.

That's the key to success: accessible, transparent communication that reaches everyone.

Regarding regulations, I expect greater international convergence, advances in data-based supervision, artificial intelligence use, and asset recovery.

I also see integration with other key topics like ESG or supply chain due diligence. In Europe, for example, certain sustainability requirements are already required to access loans. In LATAM we're starting, but we're on our way.

I firmly believe that only by sharing, educating, and simplifying will we achieve a more just and secure future for everyone.