For many companies, compliance is a checkbox. A thing to bolt on, not build in. But when you're moving money across borders, serving customers in multiple markets, and building software at scale – compliance becomes something else entirely: mission-critical infrastructure.
Claire Hughes Johnson has seen this firsthand. After scaling multiple business lines at Google and later Stripe’s COO from 2014 to 2021, she helped scale the company from 200 to over 6,000 people, expanding into 50+ countries and onboarding millions of businesses in one of the most complex regulatory environments in the world.
We sat down with Claire to talk about what it takes to scale teams and technology in regulated spaces, and why getting business identity right – really right – is harder than most realize.
You're probably getting compliance wrong, and you don't even know it
When Stripe expanded internationally, Claire ran up against a now-familiar challenge: fraud, regulation, and business identity don’t behave the same way from one country to the next. What worked in one region often broke in another. “We weren’t just entering new countries,” she said. “We were landing on a different planet.”
The identity infrastructure had to become a core function: something designed in, not tacked on. “If you’re moving money and you don’t know who you’re dealing with,” Claire said, “you’re probably getting it wrong – and you don’t even know it.”
And the numbers back it up. Global money laundering is estimated to account for up to 5% of global GDP. Financial institutions spend over $100 billion annually on anti-money laundering (AML) compliance. Some of the world’s largest banks allocate 6-10% of their revenues just to stay on the right side of regulation. Yet despite these efforts, less than 1% of laundered money is ultimately seized or recovered.
Compliance isn't anyone’s favorite job — but it’s essential
“Ask any Google engineer,” Claire added, “they’re not signing up to build payments infrastructure.” The same held true at Stripe. Teams working on onboarding and compliance didn’t always get the spotlight – but they were the ones stopping fraud, unlocking market entry, and making complex infrastructure actually work.
That’s what makes compliance hard to prioritize. “You don’t want to add friction to customer acquisition,” Claire noted. “So it gets deferred. And that’s when it becomes clunky and expensive.”
Stripe invested heavily in building systems that could adapt to evolving compliance requirements across jurisdictions. But that kind of foresight is rare. “You need an architecture that lets you flex,” she said. “Changing rules, shifting sanctions, new licensing requirements: it all has to be absorbable. Otherwise, you’re stuck rebuilding every time.”
Watch the full conversation below.
