The pattern is so common it's almost a meme: a fintech MVP ships fast, gains traction, raises a round, and then spends the next six months being rebuilt because the architecture can't satisfy KYC, AML, or audit requirements that were always going to apply.
Compliance isn't a feature you bolt on. It's a set of constraints that shape your data model, your access control, and your logging from the first commit. The good news is that designing for it early is almost always cheaper and faster than retrofitting it later — and it rarely slows down an MVP if you understand which rules actually apply at your stage.
The three things to get right from day one: an audit trail you can query (every meaningful state change, who did it, when), row-level data isolation so one tenant can never see another's data, and a clear separation between regulated flows and everything else. None of these are heavy. They're just easier to build than to retrofit.
The mistake isn't ignoring compliance — it's assuming you can defer the decision. Talk to someone who understands the regulatory surface early, even if just for an hour. It will change your architecture, and it will save you a rebuild.
