Registration of companies in the EU, financial licenses. Legal services in the EU

Blog

28.11.2025

AML in the EU how to comply with the requirements

For companies operating in the EU, this is not only a legal obligation but also a key factor of trust from partners, banks and investors. The practice of COREDO confirms: the absence of transparent Customer Due Diligence (CDD) procedures and an ineffective risk-based approach lead to account freezes, denial of service and even criminal liability.

Key concepts of AML, KYC, Compliance

AML (Anti-Money Laundering) – a set of measures to prevent the laundering of criminal proceeds.

At the core: KYC procedures (Know Your Customer), including identification, verification and ongoing monitoring of clients. Compliance in Europe: it is not only about meeting formal requirements, but also about creating an internal culture where risk management is integrated into every business operation.

Objectives of countering money laundering in the EU

The main objective: to prevent the use of the financial system for financing terrorism, tax evasion and corruption.

To this end, the EU implements unified standards, guided by FATF recommendations and strengthens control over cross-border transactions, crypto-assets and new digital services.

EU Regulatory Requirements on AML 2025–2027

Illustration for the section 'EU regulatory requirements on AML 2025–2027' in the article 'AML in the EU — how to comply with requirements'

regulatory requirements of the EU on AML continue to change significantly: in the period 2025–2027 businesses face large-scale innovations affecting not only the financial sector but also cryptocurrencies, real estate and other areas.

At the center of these changes are tighter controls and the harmonization of processes based on updated legislative acts, such as 6AMLD and the new AML Regulation.

Key legislative acts: 6AMLD and the AML Regulation

From 2025, key changes come into force: 6AMLD (Sixth Anti-Money Laundering Directive) and the new AMLR (EU Single Rulebook). These documents unify rules for all EU countries, introduce clear criteria for identifying beneficiaries, expand the list of obliged entities and strengthen requirements for the compliance regulatory framework.

Role of the European Anti-Money Laundering Agency and launch timelines

From 2026, control over compliance will transfer to the European Anti-Money Laundering Agency (AMLA), which will become the centralized supervisory authority. The solution developed by COREDO for clients already takes into account new procedures for interacting with AMLA, including preparation for centralized inspections and unified reporting.

Expansion of persons and sectors under AML supervision

Now under AML control are not only banks and payment organizations, but also crypto platforms, marketplaces, digital wallet providers, as well as services working with digital identification. In a recent COREDO project for a fintech company from the Czech Republic we integrated cross-border compliance taking into account the new requirements for providers of virtual assets.

Impact of MiCA on AML in crypto-assets

With the adoption of the MiCA Regulation (Markets in Crypto-Assets), crypto companies are required to implement full KYC/KYT procedures, transaction monitoring and automated risk analysis. Our experience at COREDO has shown: adapting internal policies to MiCA and AMLR not only helps avoid fines but also increases trust from European banks.

KYC procedures 2025: how to meet the requirements

Illustration for the section «KYC procedures 2025: how to meet the requirements» in the article «AML in the EU - how to meet requirements»

In 2025 KYC procedures and standards move to a new level: requirements for client identification, monitoring and transparency are tightening under the influence of AML reforms and the introduction of digital onboarding, automation and eKYC.

It becomes critically important for businesses to comply with the new KYC requirements in order to preserve reputation, avoid fines and operate successfully in the market amid increasing international regulation.

Overview of KYC procedures in AML compliance

KYC procedures: the fundamental element of AML compliance for businesses. They include collecting and verifying client data, analyzing sources of funds, monitoring transactions and detecting suspicious activity. Without clear KYC processes it is impossible to ensure compliance with the new EU standards.

New KYC standards 2025: eKYC and onboarding

From 2025 the focus shifts to eKYC and digital onboarding: digital identification, remote verification of clients and integration with state registers (eIDAS). Solutions implemented by the COREDO team for clients in Estonia and Slovakia allow reducing verification time from several days to hours, cutting costs and increasing conversion.

Enhanced due diligence: risk-based approach

For clients from high-risk jurisdictions or when working with large transactions Enhanced Due Diligence (EDD) is applied. This is an in-depth check of sources of funds, ownership structure and links to politically exposed persons. In one of COREDO’s case studies for a British investment platform we implemented a risk-based approach with automatic reassessment of the risk level whenever the client’s profile changed.

KYC automation and analytics integration

Modern KYC procedures are impossible without automation.

Integration of analytics platforms such as Chainalysis and Elliptic allows detecting complex money laundering schemes through crypto-assets, using Graph Neural Networks (GNN) and confidential machine learning technologies.

At COREDO we assess the ROI from implementing such solutions by reducing manual errors and accelerating compliance processes.

Transaction monitoring and AML: practical aspects

Illustration for the section «Transaction monitoring and AML: practical aspects» in the article «AML in the EU – how to comply with the requirements»
Transaction monitoring and fulfilling AML reporting obligations are key elements of the system to combat financial abuse in modern business. Practical aspects of this work include continuous risk assessment, monitoring of transactions, and preparing reports in accordance with regulators’ requirements. Below we review the main requirements for transaction monitoring and identifying suspicious activity.

Transaction monitoring and detection of suspicious activity

Transaction monitoring: the key to timely detection of suspicious transactions. In 2025 the requirements for automated analysis are rising: systems must not only flag anomalies but also explain the logic behind their decisions (explainable AI). In COREDO’s work for a platform in Dubai we deployed a module that uses graph neural networks to uncover complex chains of transactions among related parties.

AML obligations: deadlines, forms, liability

Companies must file reports on suspicious activities (Suspicious Activity Reporting) to national FIUs (Financial Intelligence Units) within 24–48 hours of detection.

Fines and restrictions on operations are imposed for late or incorrect fulfillment of AML reporting obligations.

COREDO’s solution includes automation of report generation and integration with government portals.

Use of graph neural networks and confidential machine learning

The implementation of confidential machine learning (FHE) and continual learning enables analysis of large volumes of data without exposing personal data, which is critical for GDPR compliance. For example: for an international payment provider, the COREDO team implemented a collaborative risk analysis with partners from different countries without transferring raw data, using homomorphic encryption technologies.

Interaction with FIUs and sanctions control

Effective sanctions screening requires integration with international lists (FATF grey/black lists, AML Blacklist EU) and continuous data updates.

At COREDO we set up automatic checks of customers and transactions for matches against sanctions lists, minimizing the risk of inadvertent violations.

Fines for AML non-compliance: how to avoid them

Illustration for the section “Fines for AML non-compliance: how to avoid them” in the article “AML in the EU — how to meet the requirements”
Failure to comply with AML requirements entails serious fines and risks for businesses — from financial sanctions to a complete suspension of activity. To avoid sanctions, it is important to understand what types of liability are provided by law and how they are applied in practice.

Main fines for AML violations in the EU

Since 2025 the minimum fine for violating AML in the EU is €1 million or 10% of the company’s annual turnover, depending on which amount is higher. For repeat violations, executives may face criminal liability.

In one COREDO case for a Slovak fintech company, we prevented account freezes by timely identifying and remedying shortcomings in compliance risk management.

Examples of global investigations and cases

In 2024 the European AML Authority (AMLA) opened an investigation against a large payment platform for insufficient transaction monitoring and incomplete verification of beneficiaries. The outcome — a €15 million fine and a temporary restriction on operations.

COREDO’s practice shows: regular compliance regulatory audits and stress-testing of internal procedures make it possible to identify vulnerabilities before regulators take interest.

The impact of 6AMLD on stricter liability

6AMLD expands the list of predicate offences, introduces the concept of “aiding and abetting,” and tightens the standards for proving guilt. Liability now extends not only to the company but also to specific employees involved in violations. At COREDO we adapt clients’ internal regulations to the new standards, reducing the risk of personal liability for executives.

Managing compliance risks in business

Effective compliance risk management requires not only the implementation of technology but also regular staff training, procedure reviews, and independent audits. COREDO’s solution includes checklists for assessing the maturity of the compliance system and tools for rapid incident response.

Implementing AML compliance in a company: recommendations

Illustration for the section “Implementing AML compliance in a company: recommendations” in the article “AML in the EU — how to meet the requirements”
Implementing AML compliance in a company requires a systematic approach and a clear understanding of current regulatory requirements. Practical recommendations will help adapt internal regulations to the new EU rules and the 6AMLD, ensuring effective anti-money laundering and legal compliance.

Adapting regulations to EU requirements and the 6AMLD

The first step is reviewing and adapting internal policies in accordance with the 6AMLD and AMLR. The COREDO team develops tailored compliance programs, taking into account industry specifics, business structure and the geography of operations.

It’s important not just to rewrite documents, but to integrate new requirements into daily processes.

Scaling and automation of compliance processes

Scalability is a key challenge for fast-growing companies. Automation of KYC, transaction monitoring and reporting reduces costs and increases the speed of response to incidents. In one of COREDO’s projects for an international marketplace we implemented a compliance workflow integration module, which made it possible to process three times more clients without increasing headcount.

Training staff in a culture of compliance

Effective compliance training: not a one-off event, but an ongoing process. At COREDO we pay special attention to developing a compliance culture: regular training sessions, incident simulations, and experience sharing between departments. This reduces the risk of human error and fosters a responsible approach to risk management.

ROI of implementing AML systems: cost savings and risk reduction

Implementing modern AML systems is an investment with measurable ROI. In COREDO’s case for a payment provider from Cyprus, the automation of KYC and monitoring reduced operating costs by 40% and cut client processing time from 2 days to 30 minutes. But most importantly, the minimization of the risk of fines and account blocks, which ensures business resilience in the long term.

AML compliance in the EU: key steps

In the context of tightening regulatory requirements, AML compliance in the EU is becoming a key issue for businesses. New directives, the digitalization of procedures and greater transaction transparency require not only formal fulfillment of obligations but also real implementation of advanced compliance standards. Below are the key findings and practical steps that will help entrepreneurs and executives prepare for changes and ensure the sustainable development of the company.

Recommendations for entrepreneurs and managers

Conduct an audit of current procedures and identify gaps in compliance with 6AMLD and AMLR.
Implement digital KYC and automated transaction monitoring.
Organize regular staff training and stress-testing of the compliance system.
Use modern analytics platforms to detect complex money laundering schemes.

Heading analysis

Optimized

Preparing for new AML requirements

Assess the maturity of the compliance system using the COREDO checklist.
Update internal regulations and implement eKYC, digital onboarding.
Integrate automated monitoring and reporting tools.
Set up cooperation with FIUs and sanctions lists.
Regularly review procedures taking into account changes in EU legislation.

How to choose a partner for legal support and compliance?

When choosing a partner, pay attention to experience with international projects, availability of case studies on AML system implementation, expertise in adapting to different jurisdictions and the ability to integrate technologies (Chainalysis, Elliptic, GNN). COREDO’s practice is not only consulting, but also comprehensive end-to-end implementation of compliance processes.

Useful resources and AMLA contacts

Official AMLA portal: current requirements, reporting forms, recommendations for businesses.
EU Beneficial Owners Register: for checking ownership structures.
Platforms for monitoring sanctions and risks: Chainalysis, Elliptic, international FIUs.

Table of changes to AML requirements under the directives

Aspect	Previous directives	New EU AML Regulation and 6AMLD	Practical implications for businesses
Supervision	National	Centralized through AMLA	Unified standards, enhanced oversight
Obliged entities	Banks, insurers	Expanded list (crypto, platforms, etc.)	More obligations for new sectors
KYC procedures	Standard	eKYC, digital onboarding, EDD	Adoption of digital technologies and automation
Liability and penalties	Less strict	Tightening under 6AMLD	Risks of large fines and criminal liability
Monitoring and reporting	Fragmented	Unified, with expanded monitoring	More frequent and detailed reports

Implementing effective AML compliance is not only a matter of complying with the law, but also a strategic advantage.

The solutions that the COREDO team implements for clients in Europe, Asia and the CIS not only enable compliance with the new requirements, but also create a resilient, transparent and scalable business ready for future challenges.

27.11.2025

PSP license who needs it and how to get one

In a world where more than 1.3 billion electronic payments are made every day just in Europe, and the fintech market grows by 20% annually (according to Statista), a payment license becomes not just a formality but a strategic asset for any business working with digital money and cross-border transactions. A PSP (Payment Service Provider) license is a permit issued by the regulator that gives the right to legally provide payment services: to carry out money transfers, manage e-wallets, ensure the operation of payment instruments and gateways, and integrate services with banks and other financial institutions.

In COREDO’s practice, a PSP license is a key tool for companies aiming to enter international markets, ensure transparency of operations and compliance with AML (Anti-Money Laundering) and KYC (Know Your Customer) requirements. Obtaining a payment services license allows a business not only to legalize its activities but also to build trust with customers and partners, opening access to banking partnerships and new markets.

Who needs a PSP license?

Over the past years the COREDO team has implemented dozens of projects for fintech companies, startups, payment aggregators, e-money providers and international payment services. PSP license for business is necessary for those who:

Develop fintech products, payment platforms and aggregators.
Provide e-wallets, payment gateways and services for digital transfers.
Are focused on international operations and working with individuals and legal entities worldwide.
Implement solutions for integration with banks and banking partnerships.
Conduct transactions involving e-money, cryptocurrencies and digital services.

COREDO’s experience has shown that even small startups entering the EU or UAE markets face the need to register as a PSP and obtain a payment service license to avoid the risk of account blocking and ensure sustainable development.

Benefits of a PSP license

The solution developed by COREDO for international clients demonstrates that a PSP license in the EU provides unique advantages:

Legality: compliance with strict regulatory requirements.
Passporting: the ability to operate in all EU/EEA countries without obtaining separate licenses.
Access to banking partnerships: integration with leading banks and financial institutions.
Expansion of the customer base: serving individuals and legal entities, scaling the business.
Reduction of operational costs: process optimization, no need for multiple licenses.

COREDO’s practice confirms: properly obtaining a license for PSP banking partnerships and bank integration is the foundation of business resilience and growth in a globally competitive environment.

Main requirements for obtaining a PSP license

$Illustration for the section “Main requirements for obtaining a PSP license” in the article \$

A financial foundation is one of the key components when obtaining a PSP license, as regulators require proof of a company’s financial stability and solvency. The minimum amount of authorized capital varies depending on the type of payment services and the jurisdiction where you plan to operate. Understanding these financial requirements is critical for successfully passing the licensing process and commencing lawful activity in the payment services market.

Financial requirements and minimum capital

In different jurisdictions the minimum capital for a PSP license varies significantly. Below is a table reflecting the current requirements:

Jurisdiction	Service type	Minimum capital
Belize	Money transfers	€20,000
Belize	Transactions with confirmations	€50,000
Belize	Full range of payment services	€125,000
UAE (Dubai)	Money transfers (Category 4)	$140,000
UAE (Dubai)	Payment accounts and instruments (3D)	$200,000
UAE (Dubai)	Wallet services (Category 3C)	$500,000
Liechtenstein	Payment services	Individually

The COREDO team always recommends documenting the availability of capital — bank statements, audited reports — which significantly speeds up the application review process and reduces the risk of refusal.

Corporate requirements and governance

To register a PSP in most countries, the following are required:

At least two directors (often one must be a resident of the country).
A clear corporate governance system.
Distribution of responsibilities among governing bodies.
Implementation of procedures to oversee operational risks.
An official procedure for handling customer complaints.
An IT monitoring system.

COREDO’s practice shows that a transparent corporate structure and robust internal procedures are the foundation for successfully passing compliance checks.

Staff and insurance requirements

Regulators require:

Hiring qualified staff with experience in financial services.
Mandatory professional insurance.
Checks of competence and business reputation of executives.

At COREDO we pay special attention to staff selection and arranging insurance programs, which allows clients to meet PSP license requirements even in the most challenging jurisdictions.

Reporting and audit requirements

To obtain a license for payment services the following are required:

Timely financial reporting.
Audit by a licensed auditor.
Regular audits and compliance with international standards (IFRS, GAAP).

COREDO’s experience confirms: only transparent reporting and regular audits make it possible to avoid additional requests from the regulator and speed up the licensing process.

Documents and Business Plan for a PSP License

Illustration for the section “Documents and Business Plan for a PSP License” in the article “PSP License — who needs it and how to obtain it”

Documents and the business plan for obtaining a PSP license: this is the foundation of the licensing process and the first step to launching a payment business. To complete the procedure successfully, you will need to collect a wide range of legal documents and prepare a detailed business plan that reflects the specifics of payment services, the company structure, and financial forecasts. In the following subsections we will review the key legal requirements and stages of document preparation.

Legal Documents

Clients of COREDO receive a detailed checklist that includes:

Memorandum of Association (MOA), Articles of Association (AOA).
Certificate of company registration.
Identity documents of shareholders and directors.
Information on beneficial owners.
Professional and personal references for executives.

These documents form the legal basis for registering a PSP and obtaining a payment service license.

Financial Documents

In each COREDO case, emphasis is placed on:

Audited financial statements.
Proof of sufficient capital (bank statements).
Demonstration of net asset value.
Transparency of financial operations.

Only a comprehensive approach to preparing financial documents ensures compliance with PSP license requirements.

3-Year Business Plan

The PSP business plan, a strategic document reflecting:

Description of payment services.
Methods of service delivery.
Target markets and customer base.
Financial forecasts and expected transaction volumes.
Revenue and cost structure.
Growth scenarios and risk management.

The COREDO team develops business plans that take into account the specifics of the jurisdiction and regulator requirements, which significantly increases the chances of license approval.

Program Document and Description of Activities

In each project COREDO prepares a program of activities that includes:

Methods of service delivery.
Description of internal procedures and policies.
Security policy and incident response mechanisms.

This document demonstrates the maturity of business processes and readiness to manage risks.

AML and KYC Documents

To successfully obtain a PSP license the following are required:

Detailed AML procedures and CFT.
Evidence of meeting compliance requirements.
Risk management plans.

COREDO implements the best AML practices/KYC in line with FATF international standards, which ensures regulatory approval.

Technological Documents

Special attention is paid to:

Description of software and technological infrastructure.
Ensuring the security of payment gateways.
Data protection and reliability of payment processing.

The COREDO team integrates solutions that comply with the PCI DSS standard, which is especially important for a PSP license for payment gateways and e-wallets.

Obtaining a PSP license by jurisdiction: step-by-step

Illustration for the section «Obtaining a PSP license by jurisdiction: step-by-step» in the article «PSP License — who needs it and how to obtain it»

The step-by-step process for obtaining a PSP license by jurisdiction outlines the sequential stages and key requirements that companies need to consider to successfully obtain payment service provider status in different countries. Each region has its own regulatory specifics and its own licensing procedure, so a structured breakdown by the main jurisdictions is presented below.

Obtaining a PSP license in the EU

A PSP license in the EU is an opportunity to operate in all EU/EEA countries thanks to the passporting principle. A unified regulatory framework reduces operating costs and simplifies scaling. In COREDO’s practice the most in-demand jurisdictions for registering PSPs and obtaining a license for cross-border operations are Liechtenstein, Malta and Cyprus.

PSP license in Liechtenstein: Guide

Regulator – FMA (Financial Market Authority). The process consists of:

Preparation of documentation: operating program, three-year business plan, confirmation of authorized capital, organizational chart, security policy.
Submission of the application: gathering the full document package and submitting it to the FMA.
Checks and analysis: document assessment, compliance review, analysis of the business reputation of executives.
Receiving the decision: issuance of a decision to grant the license.
Registration: inclusion in the FMA’s official register.

COREDO’s experience shows that thorough document preparation and a transparent governance structure are the keys to successful licensing.

Obtaining a PSP license in Belize

Regulator: IFSC. The process includes:

Company registration with a memorandum of association (MOA) reflecting the activities.
Preparation and submission of documents: legal documents, financial statements, business plan, proof of address, references for executives, AML and CFT procedures.
Structural requirements: at least two directors (one local), qualified personnel, insurance, a physical office.
Financial requirements: €20,000–€125,000 depending on the type of services.
Review and approval: IFSC document review, obtaining the license.

COREDO’s practice shows that Belize is an optimal choice for startups with a limited budget.

Obtaining a PSP license in Dubai

Regulator: Central Bank of the UAE. License categories differ by capital and type of services.

Assessment of operational activity: compliance with local laws.
Compliance criteria: company registration, infrastructure, capital.
Preparation of documents: business plan, confirmation of AML/KYC, incorporation documents, personal data of shareholders and directors.
Application submission: sending to the Central Bank.
Review and approval: application analysis, obtaining the PSP license.
Compliance with requirements: regular audits, reporting, compliance.

COREDO supports clients at all stages, ensuring compliance with standards and the successful obtaining of a PSP license to operate payment services.

PSP license in Mauritius

Regulator: Financial regulator of Mauritius.

Preliminary preparation: business model analysis, compliance with requirements, strategic plan.
Document collection: business plan, financial statements, information on beneficial owners and directors.
Compliance and financial checks: proof of financial stability, capital, risk management, audit.
Description of internal procedures: AML/CFT policies, technological infrastructure.
Application submission: sending documents, review, obtaining the license.

The COREDO team helps adapt the business model to Mauritius’ requirements, ensuring transparency and sustainability.

PSP Licensing by Jurisdiction

Illustration for the section «PSP Licensing by Jurisdiction» in the article «PSP License — who needs it and how to obtain it»

A comparative analysis of PSP licensing by jurisdiction provides entrepreneurs with key guidelines for choosing the optimal market and market-entry strategy. Below is a comparison table of key parameters that allows you to quickly assess the features, timelines and requirements for obtaining a PSP license in different countries, as well as identify the advantages of each jurisdiction for your business model.

Comparison Table of Jurisdiction Parameters

Parameter	Liechtenstein (EU)	Belize	UAE (Dubai)	Mauritius
Regulator	FMA	IFSC	Central Bank of the UAE	Financial regulator
Minimum capital	Individually	€20,000–€125,000	$140,000–$500,000	Individually
Director requirements	Not specified	2+ (1 local)	Not specified	Not specified
Physical office	Required	Required	Required	Required
Passporting	Yes (EU/EEA)	No	No	No
Licensing timeline	3–6 months	2–4 months	2–6 months	3–6 months
Process complexity	High	Medium	Medium	Medium
Cost	€5,000–€15,000	$3,000–$8,000	$5,000–$15,000	$3,000–$10,000

Advantages and Disadvantages of Jurisdictions

Liechtenstein (EU)
- Passporting to the EU/EEA, high level of regulation, access to European banks.
- Significant resources and a complex licensing process are required.
Belize
- Low capital requirements, fast process, low costs.
- No passporting, less international trust, a physical office is required.
UAE (Dubai)
- Strategic location, developed infrastructure, high level of regulation.
- High capital requirements, office maintenance costs, lack of passporting.
Mauritius
- Strategic position, developed system, low costs.
- Limited access to European banks, no passporting.

Choosing a Jurisdiction for Business

For operating in Europe — Liechtenstein or EU countries.
For Asia and the Middle East — UAE (Dubai).
For Africa — Mauritius.
For startups with limited budgets — Belize.
For international operations: a combined approach.

At COREDO we always analyze the client’s objectives and propose the optimal PSP licensing strategy for cross-border operations and digital services.

Special requirements for payment services

Illustration for the section «Special requirements for payment services» in the article «PSP license — who needs it and how to get it»

Special requirements for different types of payment services are determined by the set of operations the company intends to perform and by regulatory standards in individual jurisdictions. The type of payment services provided directly determines the license requirements, statutory capital, internal processes and staff qualifications.

PSP license for money transfers

Minimum capital requirements, simplified AML/KYC procedures, high transaction processing speed: key parameters that the COREDO team takes into account when preparing documents for a PSP license for electronic transfers.

PSP license for e-wallets

Requirements for safeguarding client funds, data security and fund insurance are important. COREDO’s solutions include implementing PCI DSS standards and developing security policies, which are critical for a PSP license for wallets and working with e-money.

PSP license for payment aggregators and gateways

Requirements for integration with banks, real-time payment processing and security: all of this is reflected in the technical documentation that COREDO prepares for a PSP license for payment gateways and working with payment systems.

PSP license for cryptocurrencies

Additional regulatory requirements, enhanced AML/KYC procedures, restrictions in some jurisdictions. At COREDO we develop tailored solutions for a PSP license to work with cryptocurrencies and digital services, taking into account the specifics of each country.

PSP license for individuals and legal entities

Different requirements for reporting, compliance and data security. COREDO’s practice shows that adapting procedures to the client type is the key to successful PSP licensing for working with individuals and legal entities.

Timelines, costs, and mistakes of PSP licensing

Obtaining a PSP license is usually accompanied by questions about timelines, costs and possible mistakes that can lead to delays or additional expenses. Understanding the specifics of the process in different jurisdictions will help not only to assess risks in advance but also to better prepare for each stage of the licensing process.

Timelines for obtaining a PSP license by country

Liechtenstein: 3–6 months.
Belize: 2–4 months.
UAE: 2–6 months.
Mauritius: 3–6 months.

Timelines depend on the completeness of documents and the complexity of checks. The COREDO team helps minimize delays through thorough preparation.

Cost of a PSP license and its maintenance

Government fees: €3,000–€15,000.
Consulting services: individually.
Office maintenance, insurance, audit – from $3,000 to $10,000 per year.

The total cost of ownership (TCO) is calculated individually, taking into account the specifics of the business and the jurisdiction.

Common mistakes when applying for a PSP license

Incomplete document preparation.
Insufficient capital.
Weak business model.
Inaccurate description of activities.
Absence of AML/KYC procedures.
Choosing the wrong jurisdiction.
Underestimating regulator requirements.

COREDO’s experience confirms: most refusals are due to insufficient development of the business plan and compliance procedures.

How to avoid a license refusal

Thorough preparation of documents.
Consultation with COREDO experts.
Choosing the optimal jurisdiction.
Demonstrating financial stability.
Developing a reliable business model.
Compliance with all regulator requirements.

The COREDO team supports clients at all stages, ensuring results and long-term business sustainability.

PSP license or EMI license: which to choose?

Choosing between a PSP license and an EMI license is one of the key steps for a fintech company entering the payment services market. Understanding the differences and capabilities of each license directly impacts the business model, time-to-market, and the ability to scale services. Below we examine the main differences between PSP and EMI licenses.

PSP and EMI: what’s the difference?

PSP (Payment Service Provider) — a payment services provider not required to hold clients’ funds. EMI (Electronic Money Institution) — an electronic money institution that can issue and hold electronic money, subject to higher capital and security requirements.

PSP and EMI comparison table

Parameter	PSP	EMI
Main function	Payment processing	Issuing electronic money
Holding funds	Not required	Required
Minimum capital	Lower	Higher
Security requirements	Medium	High
Funds insurance	Not required	Required
Passporting	Yes (EU/EEA)	Yes (EU/EEA)
Licensing complexity	Lower	Higher

In COREDO’s practice, the choice between PSP and EMI depends on the business model, target markets and planned services. For fintechs focused on payment processing, a PSP license is often optimal. Companies planning to issue electronic money need an EMI license.

If you are deciding on a jurisdiction, license type, or facing compliance questions, the COREDO team is ready to share its experience and propose strategic solutions that will secure sustainable growth and international recognition for your business.

27.11.2025

Compliance audit when is it mandatory

When COREDO advises international companies on the registration of legal entities and financial licensing, one of the first priorities is building an effective compliance system. By compliance I mean not only formal adherence to the law, but also a set of internal procedures that ensure a business’s transparency, ethical conduct, and sustainability. A compliance audit is a structured review of a company’s internal activities to ensure they comply with external regulatory requirements and internal regulations.

COREDO’s experience confirms: a compliance audit is becoming an integral part of companies’ legal support, especially amid tightening international standards and requirements for financial transparency.

Such an audit helps identify weaknesses in the control system, minimize the risk of legal violations, and increase trust from partners, investors, and regulators.

Mandatory compliance audit for businesses

In the context of globalization and the digitalization of business, a mandatory compliance audit is not just a formality but a tool to protect against financial losses and reputational risks.

According to recent research by the European Commission, up to 68% of large companies have faced sanctions due to non-compliance with compliance requirements, and the average fine in the EU financial sector in 2024 exceeded €1.2 million.

The COREDO team has executed projects where a competent compliance audit helped prevent litigation and avoid account freezes when working with foreign banks. Compliance violations can lead to fines, criminal liability for management, loss of licenses, and the inability to enter new markets. That is why regular compliance audits become a strategically important element of managing corporate risks and ensuring financial transparency and reporting.

When is a compliance audit mandatory?

Illustration for the section «When is a compliance audit mandatory?» in the article «Compliance audit — when is it mandatory»

A compliance audit is not just a recommendation but a mandatory requirement for organizations operating in strictly regulated sectors and subject to various regulatory grounds. Understanding exactly when a company must carry out such an inspection depends not only on the type of activity but also on geographic location and the applicable legislation. Let’s examine which practical grounds and standards in different regions require a mandatory compliance audit.

Legislative requirements in Europe, Asia and the CIS

In different jurisdictions the concept of a mandatory compliance audit is enshrined at the legislative level. In the EU the key standards are ISO 27001 (information security), GDPR (personal data), AML (Anti-Money Laundering) directives, as well as national laws and GOST standards. In the Czech Republic, Slovakia and Estonia special attention is paid to data protection and financial monitoring, while the United Kingdom has its own sanctions and AML control system.

In Asia, for example, when registering a company in Singapore, the obligation to maintain a register of controllers and to file annual reporting is established at the level of ACRA (Accounting and Corporate Regulatory Authority). In 2025 new requirements for corporate service providers were introduced, and violations of compliance obligations are subject to fines of up to 50 000 SGD and criminal liability. For companies providing financial services or working with government contracts, AML audit is mandatory, and sanctions compliance becomes critically important amid tightening international restrictions.

In the CIS countries the emphasis is on integration with state controls, the application of GOST R 57580.1-2017 and GOST R 57580.2-2018 standards to ensure information security and compliance with AML requirements.

Mandatory compliance audit: situations and industries

From COREDO’s experience, a mandatory compliance audit is required in the following cases:

international companies, operating in multiple jurisdictions, especially when registering legal entities in the EU, Singapore or Dubai.
Organizations working with government contracts or financial institutions, where oversight of regulatory compliance is mandatory.
Sectors with increased compliance risks: finance, the crypto industry, IT, platform economy, export-import operations.
Companies obtaining licenses for banking, forex, payment or crypto services, where AML services and sanctions-list audits become mandatory components.

Stages of a compliance audit: from preparation to remediation

Illustration for the section “Stages of a compliance audit: from preparation to remediation” in the article “Compliance audit - when it is mandatory”

The stages of conducting a compliance audit — from preparation to remediation — structure the process of ensuring the company’s adherence to key requirements and standards. At each stage, from the preparatory phase to remediation, conditions for an effective review are created, risk areas are identified, and solutions are developed to ensure the resilience of business processes and the transparency of internal control.

Preparatory stage

An effective compliance audit begins with a clear definition of objectives, scope and resources for the review. The solution developed at COREDO includes a preliminary risk analysis, the collection of the regulatory framework (international standards, local laws, internal regulations and company policies), as well as forming a working group involving the compliance manager, lawyers and IT specialists.

It is important to systematize internal documentation: AML and KYC policies, anti-corruption procedures, data protection instructions, internal acts and procedures for monitoring compliance with regulatory requirements.

Review and analysis

At this stage compliance control and checks are carried out: documents are analyzed, employees are interviewed, technical diagnostics of IT systems are conducted, monitoring procedures are tested and objects of information security control are categorized.

COREDO’s practice shows that special attention is paid to verifying compliance with internal regulations, conformity to corporate ethics, and analyzing the effectiveness of compliance process automation. In international companies, an audit for AML requirements and counterparty due diligence for sanctions risks become mandatory.

How to prepare a report and recommendations

A detailed report is produced describing the identified non-conformities, pointing out gaps in procedures and risks of non-compliance with standards. At COREDO, it is customary to develop specific recommendations for eliminating compliance deficiencies, as well as a roadmap of corrective measures with timelines and responsible persons.

The next step is to monitor the implementation of recommendations, organize a follow-up audit and monitor the effectiveness of changes. This approach allows not only the elimination of current violations but also increases the maturity of the compliance system.

Compliance audit for risk management and business efficiency

Illustration for the section 'Compliance audit for risk management and business efficiency' in the article 'Compliance audit — when it is mandatory'

A compliance audit is a key tool through which a business can not only timely identify and minimize legal and financial risks, but also optimize internal processes, increasing its resilience and efficiency. In the current environment, a competent compliance check becomes an integral part of strategic management and the company’s long-term growth.

Risk management through compliance

A compliance audit is a key tool for assessing and managing compliance risks, minimizing fines and litigation. In one of COREDO’s cases for a European fintech startup, the audit revealed vulnerabilities in the KYC procedure, which prevented account freezes and ensured successful passage of the regulator’s inspection.

Checking the financial stability and reliability of counterparties, as well as monitoring the fulfillment of anti-corruption clauses in contracts, reduces the likelihood of ending up on sanctions lists and helps avoid reputational losses.

Metrics and KPIs for assessing the compliance system

Assessing the effectiveness of a compliance system requires the implementation of clear KPIs: number of identified non-compliances, speed of their remediation, level of process automation, ROI from compliance implementation. COREDO uses internal audit and monitoring tools that allow tracking dynamics and responding promptly to new risks.

ROI can be calculated by comparing the costs of implementing compliance with prevented losses (fines, legal expenses, missed opportunities). This approach makes it possible to justify investments in developing a compliance culture to shareholders and investors.

Integration of compliance, legal support and AML

Effective risk management is possible only with close integration of compliance with companies’ legal support and AML procedures. The compliance manager becomes the connecting link between the business, the legal department and external auditors. Automation and scaling of the compliance system make it possible to maintain compliance with requirements even during rapid business growth and expansion into new markets.

Mandatory compliance audit: international activities

Illustration for the section «Mandatory compliance audit: international activities» in the article «Compliance audit — when it is mandatory»

Mandatory compliance audit for companies with international activities is not just a formal requirement of regulators, but a critically important risk management mechanism in the context of business globalization. Financial and legal regulators in the EU, Asia and other regions are synchronizing their approaches by implementing common standards and directives, so companies operating in multiple markets must take into account the local specifics of each jurisdiction when building a unified compliance system. Successful completion of a compliance audit affects not only the avoidance of fines, but also the stability of business processes, reputation and the ability to carry out international activities unhindered amid ever-tightening requirements for transparency and risk management.

Impact of compliance on business registration and legalization by region

Registration of legal entities in the EU, Singapore, the United Kingdom or Dubai is impossible without confirmation of compliance with local and international compliance standards. For example, in Singapore, from 2025 requirements for maintaining a register of controllers and annual reporting have been tightened. In the EU, company registration requires checks for compliance with AML directives and the GDPR.

COREDO’s experience shows: successful legalization of a business requires a deep understanding of local legislation, the specifics of compliance audits in Asia, as well as readiness to integrate compliance procedures with the company’s internal regulations.

Sanctions and AML risks in business

In 2025, sanctions risks are becoming particularly relevant for companies with international activities. A compliance audit allows timely identification and prevention of violations related to working with counterparties from high-risk jurisdictions.

AML audit and counterparty due diligence are mandatory elements for companies dealing with financial transactions, cryptocurrencies and export-import operations. At COREDO, methodologies for assessing compliance with AML and sanctions compliance requirements have been developed, which allows clients to minimize the risks of account blocking and fines.

Mandatory compliance audit: recommendations for conducting

Illustration for the section «Mandatory compliance audit: recommendations for conducting» in the article «Compliance audit — when it is mandatory»

Practical recommendations for preparing and conducting a mandatory compliance audit help companies not only meet regulatory requirements but also minimize risks associated with non-adherence to compliance principles. Proper preparation for the audit is the first step in identifying vulnerable processes and building a reliable system of internal control.

Preparing for the audit: checklist and steps

Systematize internal documentation: AML and KYC policies, anti-corruption procedures, internal instructions.
Appoint responsible persons: compliance manager, legal department, IT specialists.
Conduct a preliminary self-assessment of the maturity of the compliance system and categorize control objects.
Ensure staff training and the implementation of a compliance culture at all levels.

How to remediate non-compliances and minimize risks

Develop and implement corrective measures to address identified violations.
Update internal regulations and procedures, taking into account changes in legislation and international standards.
Organize regular monitoring and follow-up audits to control the effectiveness of changes.
Implement automation of compliance processes to improve transparency and reduce operational risks.

Selecting an external auditor and follow-up reviews

Assess the auditor’s experience and specialization in your industry and jurisdiction.
Check for international certifications and successful case studies in conducting compliance audits.
Set up independent monitoring of the implementation of recommendations and oversight of remediation of non-compliances.

Key takeaways and steps for entrepreneurs and executives

Mandatory compliance audit: a strategic tool for minimizing legal, financial, and reputational risks.
Regular review and updating of compliance procedures are necessary for the successful registration of legal entities in the EU, Asia, and the CIS, obtaining financial licenses, and entering new markets.
Effective integration of compliance with legal support and AML procedures ensures business resilience and transparency.
Implementation of a compliance culture, process automation and regular internal audit: the key to long-term success and trust from partners, investors, and regulators.

Comparison of regulations by region

Region	Key standards and requirements	Compliance audit specifics	Mandatory application areas
Europe (EU)	ISO 27001, GDPR, AML directives, GOSTs	High level of regulation, emphasis on data protection	Finance, IT, international trade
Asia	Local standards, AML, anti-corruption rules	Variation of requirements by country, emphasis on AML	Manufacturing, finance, export-import
CIS	GOST R 57580, AML, antitrust legislation	Integration with government controls	Public procurement, finance, IT

If you plan to scale your business, enter new markets, or obtain a financial license, I recommend not postponing a compliance audit.

COREDO’s experience shows: timely identification and elimination of nonconformities is the key to sustainable growth, financial transparency, and trust from all market participants.

See all news

Coredo

Legal services:

AML consulting:

Obtaining a crypto license:

Registration of legal entities:

Opening bank accounts:

COREDO TEAM

Our clients