Nobody gets into compliance entrepreneurship because it sounds exciting. There’s no TechCrunch dedicated to anti-money laundering regulations. There are no regulatory reporting hackathons. When you tell someone you’re building solutions for compliance, the most common reaction is a mix of polite interest and wanting to change the subject.
And that’s exactly what makes it so interesting.
The moat nobody wants to build
In business strategy there’s the concept of a moat: a barrier that protects your business from competition. Warren Buffett popularized it talking about Coca-Cola and American Express, but the most powerful moat I’ve seen in technology isn’t a brand or a network effect. It’s regulation.
Regulated industries are hard to enter. You need to understand the regulations, audit processes, regulators’ language, compliance cycles. It’s not something you learn in a bootcamp. It requires time, relationships, and above all, patience.
But once you’re in, the competition has to walk the same path. There’s no shortcut. You can’t “move fast and break things” when what breaks is legal compliance. That creates natural barriers you don’t need to actively defend. They defend themselves.
The real problem: too manual, too expensive
Today, most companies handle compliance the way they handled accounting in the 80s: with spreadsheets, shared documents, and lots of people dedicated to filling fields and cross-referencing data manually.
An average compliance officer at a mid-sized company spends between 40% and 60% of their time collecting evidence and completing forms. Not analyzing risks. Not interpreting regulation. Completing forms.
That’s a waste of specialized talent on tasks a machine does better, faster, and without errors.
Where AI comes in (for real, not the marketing)
When we talk about AI in compliance, we’re not talking about a chatbot that answers questions about the law. That’s a feature, not a solution.
What really moves the needle:
Automatic evidence collection. The system identifies which controls apply, what evidence is needed, and collects it from internal sources automatically. What an analyst takes 3 days to compile gets generated in minutes.
Cross-control mapping. If your company complies with ISO 27001 and also needs SOC 2, there’s a 60-70% overlap in controls. Most companies manage them as two separate projects. An intelligent system maps the equivalencies and eliminates duplicate work.
Real-time gap detection. Instead of finding out during the annual audit that a control hadn’t been met for 8 months, the system detects it when it happens. The difference between putting out a match and putting out a fire.
Regulatory report generation. Each regulator wants their information in their format. Producing those reports manually is thankless, repetitive, error-prone work. It’s a perfect candidate for automation.
The medical analogy
The relationship between compliance and AI is similar to the relationship between medical diagnosis and digital imaging. Before, a radiologist looked at an X-ray with their eyes and experience. Now, an AI system pre-analyzes the image and marks areas of attention. The radiologist still makes the decision, but arrives faster, with more information, and focuses on cases that truly need human judgment.
The compliance officer of the future won’t disappear. They’ll stop wasting time on collection and form-filling to focus on what really matters: interpreting regulation, evaluating risks, and making decisions where business context matters more than data.
Why LATAM is fertile ground
In LATAM, the regulatory environment has a particular characteristic: it changes a lot and changes fast. Each country has its own framework, and within each country regulations update frequently. That creates constant pain for multinational companies or even those operating in two or three markets.
Where there’s constant pain, there’s constant opportunity.
Additionally, adoption of digital compliance tools in the region is at an early stage. Large companies use SAP GRC or MetricStream. Mid-sized and small ones use Excel. There’s an enormous space between “Excel” and “half-million-dollar enterprise platform” that nobody is serving well.
What we’re seeing
At Redstone Labs we’ve started exploring this space because it fits what we know how to do: take processes that depend on repetitive manual work, understand the business logic behind them, and build systems that automate them without losing human control over decisions that matter.
It’s not the most glamorous sector. But it’s one where technology generates tangible, measurable ROI from day one. And where the barrier to entry for competition is naturally high.
Sometimes the best business opportunity is exactly where nobody wants to look.