You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Andrei O.AO

Average response time: 1 hour

About Andrei

I help crypto-asset service providers, EMIs, and payment firms build compliance that holds up under real supervisory scrutiny, not templated policies that collapse on first examination.
My focus is operational substance across three areas: MiCA licensing and CASP authorisation (live applications end-to-end, including regulator Q&A rounds), DORA ICT risk and third-party/vendor governance, and AML/CFT frameworks including EBA-aligned enterprise-wide risk assessments and transaction monitoring. I've held CRO, MLRO, and DPO functions, so I work the full second-line stack: governance, controls design, assurance monitoring, and regulatory engagement.
What sets me apart is bespoke delivery. Every framework is built from scratch against the applicable regulation, which is exactly what supervisors now look for given increased scrutiny of copy-paste applications.
Typical deliverables: MiCA/PI/EMI application support, policy and procedure libraries, DORA ICT and vendor governance frameworks, EWRAs, gap analysis, and pre-examination readiness reviews.
  • English

    Native or bilingual

  • Estonian

    Native or bilingual

  • Russian

    Native or bilingual

Can work on-site
Sliema (up to 50km)

Experience

  • FintechX OÜ (Kriptomat.io)
    Risk Officer
    DIGITAL AND IT
    January 2025 - June 2026 (1 year and 5 months)
    Tallinn, Estonia
    Enterprise risk ownership at a licensed crypto-asset service provider operating under MiCAR.
    • Own and manage the enterprise-wide risk management framework — risk register, risk appetite statement, control assessments, incident response, and stress-testing methodologies
    • Own the third-party / outsourcing risk management process: risk-based vendor assessments, criticality mapping, exit planning, and ongoing control oversight of key arrangements (DORA-aligned)
    • Own the token-asset risk management process, including listing risk reviews and ongoing monitoring of crypto-asset exposure
    • Enhanced AML/CTF, sanctions, and KYC controls, including onboarding risk models, PEP/RCA procedures, source-of-funds reviews, and ongoing monitoring
    • Led regulatory readiness in the CASP environment: policy development, governance documentation, and responses to supervisory expectations
    • Designed and maintained internal policies aligned with ISO-based risk management principles and financial-services best practice
    Key achievements: deployed a new KYB risk-scoring model integrated into the back-office; built a token risk-assessment model for MiCAR/ESMA compliance; designed the RCA procedure and led RCA for a security incident; performed an Enterprise-Wide Risk Assessment (EWRA) across all business areas using an independently developed, ESMA- and Estonia-aligned methodology.
    DORA ICT risk & vendor governance Risk Management Crypto ISO 27001 ISO 9001
  • Modernityparty OÜ/xmoney
    MLRO / AML Compliance Specialist
    DIGITAL AND IT
    March 2024 - March 2025 (1 year)
    Tallinn, Estonia
    • Ownership over communication with Estonian regulatory body
    • Developed, maintained, and updated the company's risk-based approach to AML/CTF
    • Conducted daily transaction monitoring using TRM Labs, escalating and investigating alerts as required
    • Identified higher ML/TF risk situations and advised staff on enhanced due diligence, ongoing monitoring, and additional controls for high-risk customers
    • Prepared and submitted SARs to the competent supervisory authority; maintained AML registers, logs, and records in line with regulatory requirements
    • Key achievement: implemented a quarterly AML/CTF reporting framework to the Management Board covering key risk indicators, monitoring outcomes, and program effectiveness
    DORA ICT risk & vendor governance AML/CFT & enterprise-wide risk assessments GDPR Regulatory communication AML
  • Trumo Finance Oy
    Compliance Manager
    DIGITAL AND IT
    January 2023 - February 2025 (2 years and 1 month)
    Helsinki, Finland
    Compliance leadership for a fintech providing financing solutions to e-commerce merchants.
    • Built KYB onboarding framework from scratch, including merchant risk-assessment methodology
    • Owned merchant onboarding end-to-end: document collection and analysis, OSINT investigations, risk rating, and management approval for high-risk clients
    • Strengthened AML/CTF and KYC controls: customer due diligence, risk-based reviews, escalation workflows, and sanctions/PEP screening
    • Designed scalable compliance monitoring and risk-assessment practices suited for a high-growth fintech environment
    AML/CFT & enterprise-wide risk assessments DORA ICT risk & vendor governance Compliance GDPR ISO 31000

Recommendations

Be the first to recommend Andrei

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Education

  • PECB Certified DORA Lead Manager — Certification Training OÜ
    2026
    PECB Certified DORA Lead Manager — Certification Training OÜ
  • Master of Business Administration (MBA)
    Estonian Business School
    2025
    Master of Business Administration (MBA)

Skill set

Categories