Compliance should be addressed during the product discovery phase, before writing production code. The regulatory requirements for the target market shape BaaS partner viability, KYC flow structure, data residency constraints, and licensing obligations. These are foundational architecture decisions. When teams address them after building the MVP, they typically rearchitect the system, which delays go-live and increases total cost.