Coredo

Since 2016 I have been developing COREDO as a partner that takes on complex legal and financial challenges of international business. During this time the COREDO team has executed dozens of company registration projects in the EU, the UK, Singapore and Dubai, obtained licenses for clients in the payments, forex, crypto services and electronic money segments, and also built reliable AML/CFT programs. Today I want to systematically analyze a topic that regularly comes up in strategic sessions with founders and CFOs: how to obtain a Major Payment Institution license in Singapore and turn it into sustainable competitiveness in the Asian and European markets.

Why Singapore: the MPI license

The MPI license in Singapore (often called MPI license Singapore) opens access to key activities: cross-border and domestic money transfer, merchant acquisition, issuance of electronic money (e‑money), as well as integration with local schemes PayNow and FAST through a sponsor bank or an approved operator. In practice this creates a base for remittance lines, aggregator models, wallet products and B2B payments with fast settlement and predictable liquidity.

Our experience at COREDO has shown that a Major Payment Institution license in Singapore is an effective anchor not only for Asian markets but also for international expansion through MPI into Asia and Europe. Payment businesses gain simpler transaction routing and improved access to acquiring banks, especially with properly configured AML/CFT and monitoring technologies.

The boundary between Major PI and Standard PI
The PSA distinguishes two classes of universal payment licenses: Standard Payment Institution (SPI) and Major Payment Institution (MPI). The choice of class is not a formality but a strategic factor for unit economics and scalability.

SPI is suitable for companies with limited volumes. Threshold values for average monthly volumes are set by MAS for each service and for aggregate services, and for electronic money there is a limit on float. As volumes grow, a company will inevitably face the need to upgrade the license.

Requirements for obtaining MPI
MAS uses a risk-based approach and assesses readiness across several areas. Below are the key ones that we cover in client applications.

• Ownership structure and beneficial ownership. MAS expects a transparent structure, documentary evidence of ultimate ownership and the absence of sanctions or legal risks. The compliance document package for an MPI applicant should include the ownership chain, proof of source of funds and declarations of beneficiaries.
• Directors and local presence. Director and local representative requirements for MPI include having at least one director who is a Singapore resident under the Companies Act, as well as competent executive-level personnel able to manage risks. For compliance, local roles are critical: a compliance officer and an AML officer available to MAS for interaction.
• MAS Fit and Proper test. The regulator applies Fit and Proper to directors, key managers and beneficiaries. They assess business reputation, experience, integrity, financial soundness and track record. The COREDO team prepares dossiers according to the MAS Guidelines on Fit and Proper Criteria and organizes a pre‑submission with the regulator to clear questions in advance.
• Capital requirements for MPI and financial resources. For Major PI there is a minimum paid-up capital at a level commensurate with the risk profile of the services, usually not less than SGD 250,000. Additionally MAS may request a security deposit in a range that depends on the class of services and volumes. We model liquidity stress scenarios and capital adequacy in advance.
• AML/CFT requirements for MPI and KYC processes. The applicant must demonstrate a full AML/CFT program: policies, CDD/EDD, sanctions screening, transaction monitoring, SAR, staff training. KYC requirements when obtaining MPI include risk-based approach, procedures for B2B and B2C, a PEPs policy and independent verification.
• Technological and operational readiness. MAS assesses information security, compliance with TRM Guidelines, the presence of an ISO 27001/PCI DSS roadmap, BCP/DRP plans and incident response. We link this to operational SLA, latency, throughput and resilience.

How to obtain a license MPI in Singapore
The action plan used by the COREDO team is based on MAS regulatory practice and the real lifecycle of a payments startup.

1. company registration in Singapore (ACRA) and basic substance. We form the board of directors, appoint a local director, determine the office and key roles. From the very start we plan economic substance: functions, staff, and on-site decision-making.
2. Pre-submission session with MAS (pre‑submission). I initiate meetings with the regulator to align the business model of the MPI payment operator, the scope of services under the PSA, target markets, KYC/KYB processes and the team’s knowledge. This reduces the risk of fundamental pivots at late stages.
3. Preparation of a business plan and financial model for MPI. At COREDO we work out unit economics (MDR, interchange, FX margin), TCO, NPV and payback for the MPI license. The model covers scenarios of volume growth, take‑rate, churn, CAPEX on technology, OPEX on compliance and the staffing structure.
4. Compliance design. We create an AML/CFT program, CDD/EDD procedures, a sanctions screening policy, risk assessment (RBA), a governance matrix and an independent ininternal audit. For crypto‑services we take into account VASP/DPT requirements and legal risks when working with tokenized assets.
5. Technology stack. We design the API gateway and microservices architecture, define latency and throughput targets, plan horizontal scaling and sharding, implement a PCI DSS/ISO 27001 roadmap, and build in fraud detection and transaction monitoring.
6. Application process to MAS for an MPI license. We prepare the full form, attachments on directors and beneficiaries, technological and compliance descriptions, contractual models with outsourcing providers and cloud hosting, and policies on data residency and GDPR.
7. Responses to MAS queries, interviews and fit‑and‑proper checks. We separately work on third‑party risk management, outsourcing compliance and cloud risks. It is important to document control and access to data, and to conduct Due Diligence of suppliers.
8. Setting up banking relationships and integrations. We build relationships with acquiring banks and correspondents, define settlement cycles, liquidity management and schemes for PayNow and FAST (through a sponsor bank or an approved operator), and finalize SLAs.
9. Post‑licensing readiness. We update BCP/DRP, the incident response plan, prepare for an on‑site MAS inspection, launch continuous monitoring and internal audit. We implement KPI dashboards for compliance and operations.

Cost, TCO and ROI
financial transparency begins with a detailed TCO. In our calculations we include government fees (application and annual fees for each type of service), security deposit, capitalization, expenses for the technology stack, PCI DSS/ISO 27001 compliance, salaries of key roles, external audit and internal control.

MPI business model: products and liquidity
An MPI license for a remittance operator opens a solid foundation for cross‑border transfers, wallet top‑ups, payouts to local banks and merchant acquiring. The ability to issue e‑money under MPI adds flexibility in B2C onboarding and building savings products.

In the technology roadmap there is room for merchant onboarding and KYC processes for sellers, transaction risk‑scoring, anti‑fraud and chargeback analytics. COREDO practice confirms that an API‑first approach and clear SLOs for latency reduce operational disruptions and improve merchant conversion.

AML/CFT, KYC/EDD and sanctions screening
MAS expects a comprehensive AML/CFT program for payment providers. I always start with an enterprise‑level risk assessment (RBA), covering geographies, products, channels, abuse typologies and customer profiles, including PEPs and high‑risk.

Next we form CDD processes for B2C and KYB for corporate clients, including beneficial ownership and transparency. Best practices for KYC/EDD in the B2B and B2C segments under MPI include eKYC with biometrics, automated sanctions screening against OFAC/UN/EU, adverse media and monitoring of changes in customer status in near real‑time.

PCI DSS technologies and BCP/DRP

Information security requirements for MPI, ISO 27001 as a management system, PCI DSS for card processing, and, where appropriate, SOC 2 for partner trust. Preparing the technology stack and APIs for PCI/PSA compatibility increases the chances of quick approval.

The incident response and business process recovery plan for MPI is formalized as a BCP/DRP with testing. I specifically insist on regular chaos tests, RTO/RPO metrics and an inventory of critical dependencies. This ensures real, not declarative resilience.

Local economic substance of outsourcing
How to ensure economic substance for MPI in Singapore: a real question for MAS. The solution lies in a combination of an office, management functions, local compliance and operations that take place on the territory of the country. The COREDO team helps determine the set of functions that truly create value and embed them in the organizational structure.

Outsourcing and risk management of third parties for MPI require contractual KPIs, audit rights, exit‑strategies and data governance. We align cloud hosting with MAS outsourcing and TRM requirements, considering data residency, cross‑border access and GDPR for EU customer personal data.

Reporting and internal audit requirements for MPI imply an independent assessment of the effectiveness of AML/CFT, information security and operational controls. For mature teams I recommend an annual independent review, which MAS views positively.

MAS: from sandbox to on‑site inspections
Regulatory interaction is better built proactively. Pre‑submission meetings with MAS help clarify PSA interpretations and the scope of services, and the MAS regulatory sandbox is a useful track for innovations if a product requires a testing period.

The procedure for changing license conditions and expanding activities requires separate approvals. The solution developed at COREDO includes a governance process for change management so that any new product is brought into the scope of regulatory analysis in advance.

European regulation and expansion

The impact of PSD2 and European regulation on MPI models for expansion is expressed in requirements for open APIs, SCA and third‑party management. The COREDO team aligns security and compliance standards to avoid duplication of costs and speed up time‑to‑market.

Managing currency risks and FX‑hedging for multicurrency settlements is important when launching cross‑border produktov. We use a combination of NDF/forwards and internal exposure limits to maintain margin and the SLA for execution.COREDO Case Studies: How It Works

Another project was a payments aggregator for marketplaces, where the business model required merchant acquiring and issuing e‑money balances for sellers. The solution developed at COREDO combined a PCI DSS‑compliant architecture, KYB onboarding with eKYC and sanctions screening, as well as a roadmap for ISO 27001. MAS approved the model on the condition of an independent internal audit after 12 months, for which we prepared the client.

KPIs for Scaling

The term and renewal conditions of an MPI license depend on compliance with reporting and inspection outcomes. Post‑licensing MAS reviews focus on incidents, outsourcing and changes to the business model. COREDO’s practice confirms that regular training and a compliance culture reduce operational risks and speed up the approval of new initiatives.

Exit scenarios from the MPI business and portfolio transfer require pre‑defined options: portfolio sale, merger, license surrender. We work through legal and operational steps to protect clients and partners for any strategic decision.

Pre‑submission Checklist
Before clicking “submit” to MAS, I go through an internal checklist. This approach saves weeks of back-and‑forth and prevents critical failures.

• Business model: PSA services are clearly described, target markets and FX risks are justified, the financial model confirms sustainability.
• Ownership and Fit and Proper: the structure is transparent, sources of funds are verified, directors’ and beneficiaries’ dossiers are complete.
• AML/CFT: the RBA is complete, CDD/EDD procedures are ready, sanctions screening is configured, SAR processes are tested.
• Technology: architecture is documented, PCI DSS/ISO 27001 roadmap in progress, TRM controls mapped, BCP/DRP tested.
• Outsourcing: contracts include audit rights, SLAs and exit clauses, supplier due diligence completed.
• Banking relationships: draft agreements with acquirers/correspondents are agreed, settlement and liquidity calculated.
• Documents for MAS: forms, attachments, policies and reports are up to date, answers to expected queries are ready.

How COREDO Strengthens the Project
I structure support so that the client sees a clear trajectory. First, the strategic choice between Standard PI and MPI, assessment of the time horizon, costs and risks. Then, creating substance and organizational design, preparing the business plan and financial model, the compliance program and the technology project.

The COREDO team integrates regulatory experience, product analytics and security engineering practices. We engage vetted CaaS providers, regtech platforms, auditors and payment infrastructure. At the final stage we support the dialogue with MAS, prepare for on‑site inspections and help launch operational reporting.

MPI in Singapore: a Strategic Asset

The COREDO team has guided clients through the full cycle: from ACRA registration and pre‑submission with MAS to integration with PayNow/FAST and on‑site inspections. We see how a Payment Services Act (PSA) Singapore license turns into sustainable volume growth, predictable margins and partner trust across Asia and Europe. If you are considering the MPI path, embed risk management, economics and technology from day one, and licensing will become a catalyst for scaling rather than a brake.

I’m ready to discuss your business model, align it with MAS requirements and assemble a roadmap — from application to first transactions. At COREDO we value entrepreneurs’ time and focus, so every decision is tied to metrics and every document serves a real purpose: to accelerate the product’s route to market and maintain quality at international standards.

I have been leading COREDO since 2016 and often see strong products stall in Latin America because of two factors: choosing the wrong acquiring model and underestimating local regulatory and technical nuances. The COREDO team has implemented dozens of projects in the EU, the UK, Singapore and Dubai, and in recent years: in Brazil and Mexico. This has allowed us to develop tools that shorten time-to-market, lower MDR and increase authorization rate without compromises on compliance.

In this article I have compiled operational best practices for e‑commerce, marketplaces, fintech companies and subscription services. The text is both strategic and applied: from choosing a model (local vs international acquiring) to specific KPIs, fraud rules, onboarding checklists and our migration practice from foreign PSPs to local acquirers.

Local acquiring in Latin America

Latin America: one of the fastest-growing online payments markets, and acquiring in Latin America requires local thinking. Card acquiring in Brazil and card acquiring in Mexico work differently than in Europe or Asia: a strong role of local schemes (ELO, Hipercard), alternative methods (Pix, Boleto, Oxxo Pay) and the specifics of address scoring.

International acquiring Brazil/Mexico is attractive for its ease of getting started, but often loses conversion: issuing banks in LATAM are more likely to decline cross-border transactions. In e-commerce this hits the authorization rate and raises the decline rate without objective reasons. COREDO’s practice confirms: local routing and local payment methods deliver a conversion increase of 10–25% compared with pure cross-border.

Acquiring: local vs international

The choice between local and international acquiring directly affects conversion, MDR level and the risk of encountering hidden fees. Let’s look at the advantages local acquiring provides in Brazil and how that is reflected in the final price and decline rates.

Acquiring in Brazil: advantages

Local acquiring in Brazil provides direct access to ELO and Hipercard, support for installments (parcelado) and precise risk scoring taking into account ZIP codes and device fingerprinting. A solution developed at COREDO for a fashion retailer showed an approval rate increase from 67% to 86% after switching to local processors Cielo and Rede, taking into account EMV 3‑D Secure 2 (3DS2) and tokenization.

Advantages of local acquiring in Mexico

In Mexico, local acquiring increases card approvals by taking into account Banxico rules and local behavioral analytics. Integration with PSPs in Mexico allows adding Oxxo Pay and SPEI/CoDi, which provides a noticeable uplift in conversion for marketplaces and digital services.

MDR and hidden fees: where percentages are lost

MDR fees in Brazil and MDR fees in Mexico depend on MCC, average ticket, chargeback profile and local payment methods. In Brazil, parcelado increases the total cost of ownership of acquiring due to financing of installments. In Mexico, cash via Oxxo Pay adds fixed fees.

Conversion: local/international

The comparison of local and international acquiring by conversion is almost always in favor of local. Authorization rate in Brazil and Mexico increases due to:

• local routing to Cielo, Rede, Getnet, PagSeguro;
• support for local schemes (ELO/Hipercard);
• 3DS2 according to issuers’ regional rules and soft declines retry logic.

Regulation and Licensing

An analysis of the regulatory framework and licensing requirements shows which legal and operational standards govern the work of financial institutions across different jurisdictions. The section sequentially examines practical examples and regulatory reporting, in particular the approach of the Banco Central do Brasil and the specifics of Brazilian supervision.

Central Bank of Brazil Reporting

Acquiring regulator: Banco Central do Brasil. For payment service providers and acquirers a licensing and reporting regime applies, including capital requirements, risk management and information security. A separate layer is LGPD as the basis for data privacy and data localization.

Banxico and CNBV in Mexico

In Mexico supervision is carried out by Banco de México (Banxico) and CNBV (Comisión Nacional Bancaria y de Valores). Regulatory requirements for acquiring in Mexico cover operational risks, PLD/FT (AML/CFT) and transaction reporting rules. For marketplaces it is important to understand the status of split settlements and the procedure for disclosing fees in statements.

Local Registrations and Taxation

To enter the Brazilian market, a foreign seller often needs to open a CNPJ and a local legal entity, especially when using local acquiring and working with Pix/Boleto. Taxation of payments in Brazil for non-residents affects service taxes and possible withholding tax, and this needs to be modeled in advance.

Impact of payment methods on strategy

Payment methods shape a company’s commercial and operational decisions, defining the customer experience, risks and monetization channels. Understanding their impact on strategy is especially important when assessing local innovations, for example how Pix is changing card acquiring in Brazil.

How Pix affects acquiring in Brazil

Pix: Brazil’s instant payments that changed basket composition. In low AOV categories Pix pulls share from cards, lowering the MDR, but changing decline and return behavior. In high‑ticket segments cards and parcelado still dominate, and card acquiring in Brazil remains critical.

Why connect Boleto, Oxxo and CoDi/SPEI?

In Mexico the role of CoDi (Cobro Digital) and SPEI is in instant transfers, and Oxxo Pay covers cash scenarios. Connecting local payment methods (Boleto, Oxxo Pay, Pix) expands the audience, but increases the complexity of reconciliation and risk rules. The solution developed by COREDO for a marketplace in Mexico combined CoDi/SPEI and cards into a single settlement calendar and reduced operational errors in reconciliation statements by 40%.

Processors and local schemes

Support for ELO, Mastercard, Visa, Hipercard in Brazil is mandatory. Among local processors we most often see Cielo, Rede, Getnet and PagSeguro; their behavior in terms of authorization rate differs from MCC to MCC. Correct routing between acquirer processor via ISO 8583 and, where available, ISO 20022, yields an increase in approvals and resilience.

Connection models: Merchant/PayFac/BIN

The choice of connection model — classic merchant, PayFac or BIN sponsorship — is determined by a combination of requirements for control, speed to market and operational responsibility. This determines how quickly and legally a European business can connect acquiring in Brazil, which legal and technical requirements will need to be met, and what costs will arise.

How to connect acquiring in Brazil

For a European merchant, the question “how to connect acquiring in Brazil for a European business” starts with choosing a model: a local company with a CNPJ and a local merchant account, or an international PSP with local routing. The first option takes more time but delivers the best conversion and control over MDR.

Acquisitions in Mexico by a foreign company

In Mexico, “how to connect acquiring in Mexico for a foreign company” depends on having an RFC and a local bank account for settlements in MXN. Without local presence, a hybrid approach is reasonable: an international provider with a local partner and integration with Oxxo/SPEI.

How long does it take to open a merchant account in Mexico? On average 2–5 weeks for standard categories and up to 7–9 weeks for marketplaces with split settlements, when deeper Due Diligence of sub-merchants is required.

PayFac and BIN sponsorship in Latin America

The PayFac model vs a classic merchant account in LatAm is a question of scale and control. PayFac/aggregator simplifies onboarding of sub-merchants, speeds up go-live and provides ready white-label acquiring. A classic merchant account increases margin and flexibility of risk policies, but requires its own license/registration and processes.

Underwriting: reserves and holdbacks

Underwriting and merchant due diligence in LatAm are based on MCC, AOV, CBR and chargeback history. Rolling reserves and acquiring reserves in LatAm are applied more often in high-risk and subscription models. The clearer the KYC package and refund policy, the lower the collateral and the faster the holdbacks are released.

API, PCI, EMV 3-D Secure: security

A reliable technical and security foundation is not a set of abstract requirements but a practical toolkit: APIs, PCI compliance, implementation of EMV 3‑D Secure and tokenization provide security and trust during transactions. When integrating for marketplaces and mobile applications, the correct combination of these components ensures both regulatory compliance and convenience for users.

Marketplace and application integration

Technical integration of acquiring APIs for marketplaces requires support for marketplace payments and split settlements at the acquirer/PSP level. Online for Brazil: online acquiring for marketplaces with support for parcelado, Pix and local schemes; for Mexico: compatibility with Oxxo and SPEI is required.

PCI DSS, EMV and tokenization

PCI DSS and local compatibility for acquiring: the foundation. We determine the SAQ type, deploy P2PE on terminals and encrypt PAN on entry. EMV and contact/contactless payments in Latin America create a liability shift: in the absence of EMV, fraud liability falls on the party without EMV support.

Fraud management: reducing declines

Fraud management and transaction profiling are built on a combination of rules and machine learning for fraud detection. We use fraud indicators: BIN analysis, velocity rules, device fingerprinting and geo-patterns. The balance between protection and conversion is expressed in the false positive rate: reducing it directly increases revenue.

Operational processes: settlements and FX

In operational processes, settlements, FX management, timely reporting and regular reconciliation play a key role – the accuracy and transparency of financial flows depend on them. Particular attention is required for settlement cycles and settlement timelines, since their configuration determines how quickly and correctly positions will be closed and reports generated.

Settlement cycles: settlement timelines

Settlement cycles and settlement timelines in Brazil and Mexico vary by payment methods and providers. Cards are more often T+1/T+2, Pix and SPEI: closer to T+0/T+1, while Boleto and Oxxo have confirmation delays. Settlement lag is critical for cash‑flow: the financial model must account for schedules and possible holds.

Hedging currency settlements

FX and currency conversion in international payouts (BRL, MXN, USD) are a zone of hidden losses. Settlement currency and FX spread affect the final MDR when converted to the base currency. We set control rates, use hedging and verify chains of international transfers and correspondent banks so as not to lose margin in transit.

Reporting, MCC and AML monitoring

Reporting requirements to Banco Central do Brasil and Banxico include operational and statistical data, as well as specific forms on payment flows. MCC and risk categorization affect limits, escalation thresholds and chargeback thresholds. A merchant registry and AML monitoring must be regularly updated: this helps pass independent audits without emergencies.

Chargebacks and disputes: rules and metrics

Managing chargebacks and disputes requires clear rules and precise metrics to effectively reduce losses. Below we will examine key procedures, including representment stages, and practical steps to decrease the number of disputed transactions.

Representment procedures

Chargebacks and disputes in Latin America are subject to card scheme rules, but local issuers add nuances. Chargeback and representment rules require careful documentation: proof of delivery, authorization logs, 3DS results and the history of communication with the customer.

Reducing chargebacks and declines

How to reduce the chargeback rate in Latin America? Combine a clear returns policy, local customer support, correct descriptors and 3DS2 with adaptive friction. For subscriptions: proactive notifications and token updates reduce disputed charges.

Subscriptions and recurring payments

acquiring services for subscriptions and recurring payments in Mexico and Brazil require stable tokenization and card update models. AOV, LTV and CAC are metrics that directly depend on the unit economics of the transaction and the cost of approval. Smart routing and local tokens reduce churn caused by declines.

COREDO case studies: what worked

COREDO case studies show what worked in practice across different markets and challenges. Below: real examples, including cost reductions and ROI growth in Brazil, with an analysis of the approaches used and results achieved.

Cost reduction and ROI growth in Brazil

One of COREDO’s projects, a digital service with international acquiring in Brazil, had a high decline rate and MDR. After migrating to a local acquirer and adding Pix the overall cost per approval fell by 18%, ROI on implementing local acquiring paid back in 4.5 months, and the approval rate increased by 17 percentage points. The ROI estimate when switching to local acquiring was based on real AOV, MDR, chargebacks and settlement lag data.

Checklist for migrating from a foreign PSP

Migration from a foreign PSP to a local acquirer – a checklist that the COREDO team uses regularly:

• audit of MDR and all markups, including FX and early settlement;
• comparison of authorization rates by BIN and MCC;
• verification of 3DS2 flow and tokenization;
• setting up split settlements and marketplace payouts;
• tests of re-processing and retry logic on soft declines;
• legal section: contracts, KYC, rolling reserve, SLA for disputes.

Choosing a partner by region

M&A and due diligence when choosing an acquiring partner include checking licenses, reserves, SLAs and the 3DS/EMV roadmap. White‑label and SaaS acquiring solutions are suitable for fintech companies and marketplaces seeking to control UX without their own acquiring license.

Step-by-step roadmap

Step-by-step recommendations and action plans will help structure entry into the Brazilian market and avoid common mistakes when setting up acquiring. Below is a checklist for European businesses with specific steps on legal requirements, provider selection, and integrating payment solutions in Brazil.

How to set up acquiring in Brazil

• Legal structure: assessing the need to open a CNPJ and a local account.
• Licensing/partnership: choosing a local acquirer/PSP (Cielo, Rede, Getnet, PagSeguro) and setting up a merchant account and merchant ID.
• Payment methods: cards (including ELO/Hipercard), Pix, Boleto; EMV 3DS2.
• Security: PCI DSS (SAQ scope determination), P2PE, tokenization, EMV liability shift control.
• Technology: API/SDK, ISO 8583 compatibility, fallback routing, retry logic.
• Risk: fraud rules, ML model, BIN analysis, velocity rules.
• Operations: settlement cycles (T+1/T+2), rolling reserve, reconciliation and reporting in regulator format.
• Taxes: VAT/IVA impact, withholdings, FX strategy for BRL/USD and hedging.

How to set up acquiring in Mexico

• Registration: assessing the need for an MX RFC and a local bank account.
• Partnership: choosing an acquirer/PSP that supports Oxxo Pay, SPEI/CoDi and 3DS2.
• Model: PayFac/aggregator vs classic merchant with white-label capabilities.
• Technology: marketplace payments, split settlements, webhooks, idempotency.
• Security: PCI DSS, SAQ, EMV contact/contactless, tokenization.
• Risk: chargeback and representment rules, chargeback thresholds, monitoring.
• Operations: settlement currency (MXN/USD), FX conversion, correspondent banks.
• Reporting: Banxico/CNBV requirements, merchant registry, AML monitoring and local suspicious activity notifications.

Acquiring as a growth driver, not a cost

Acquiring for e‑commerce in Latin America: it’s about strategy, architecture and execution discipline. In Brazil and Mexico the advantage comes from local acquiring with support for alternative methods, correct routing, a strong fraud stack and a transparent operating model with control of FX and settlement cycles. When all elements converge, authorization rate grows, MDR decreases relative to revenue, and chargeback risk remains manageable.

I have been leading COREDO since 2016, and during that time the team has guided clients through the entire process, from choosing a jurisdiction and forming a legal entity to obtaining financial licenses, setting up AML/compliance and bringing products to markets in Europe and Asia. In this article I have collected the practices and methodology by which COREDO supports projects on the way to an MNB EMI license in Hungary (Magyar Nemzeti Bank), and I also honestly describe the costs, timelines, risks and requirements. My goal is to give entrepreneurs, CFOs and product managers a clear roadmap that saves time and reduces regulatory uncertainty.

Why Hungary for EMI in 2025–2026

Hungary offers a clear regulatory environment, access to the EU market and a mechanism for passporting an EMI license to EU and EEA countries. The MNB (Magyar Nemzeti Bank) is known for attentive but constructive supervision: the regulator provides direct feedback, values mature models and takes a pragmatic approach to outsourcing and cloud infrastructure with appropriate controls. In practice COREDO confirms: a properly prepared dossier and a well‑calibrated business plan speed up the procedure and reduce the number of clarification requests.

PSD2 and the E-money Directive: MNB supervision

EMIs in Hungary are regulated at the EU level by Directive 2009/110/EC (E‑money Directive) and by PSD2 (Payment Services Directive), transposed into national legislation. These frameworks define the range of services, requirements for safeguarding clients’ funds, capital and organisational structure. COREDO’s practice shows that strict adherence to European terminology and methodologies in documents for the MNB reduces communication “noise” and speeds up approvals.

How EMI differs from a payment license

A comparison between an EMI license and a payment license in the EU should be made first. A payment license (PI) allows providing payment services, but not issuing electronic money. EMI, unlike PI, grants the right to issue e‑money and expands product capabilities (wallets, prepaid cards, stored value). Our experience at COREDO has shown that for models with client balances and multi-currency wallets EMI is the natural choice, whereas pure acquiring or PIS/AIS can be more effective in the PI format.

Requirements for an EMI license in Hungary

Fit and proper test for directors and key personnel requires an impeccable business reputation, relevant experience and genuinely engaged management in Hungary. In most cases hiring a local director for an EMI in Hungary is required; the cost depends on the candidate’s profile and starts at senior-level market rates. Internal control, an independent compliance function and an MLRO (officer for AML/CFT) are the core of the operating model, and COREDO’s practice confirms: a clear allocation of roles and regular reporting to the MNB resolves questions at the review stage.

Documents for an EMI license in Hungary

Preparation of the dossier for the MNB EMI license – a project where completeness, logic and interconnections matter. The basic package usually includes:

• Business model plan (business plan) for an EMI license in Hungary, including financial forecasts, stress scenarios, KPIs and unit economics. The document should speak the language of numbers, not slogans.
• Policies and procedures: AML/CFT program and risk assessment (MLRO), KYC/KYB, transaction monitoring and trigger rules, sanctions checks and screening of lists, procedure for confirming source of funds (source of funds).
• Requirements for internal control and the compliance function, conflict of interest management and corporate governance; provisions on independence and escalation.
• Requirements for safeguarding e-money funds in Hungary: models of fund retention (segregated accounts vs trust accounts), custody agreements with partner banks and external confirmation of safeguarding.
• IT security, ISO 27001 and, for card issuing/acquiring, PCI DSS; architecture, BCP/DR (business recovery and continuity plan), incident management, outsourcing of regulatory-significant functions (cloud, processing).
• GDPR and data protection, including the role of the DPO, DPIA and the access model for personal data.
• Registers of beneficial owners (UBO) and EU requirements, ownership structure and confirmation of transparency.

How to obtain an EMI license in Hungary

The practical instructions begin with establishing a legal entity in Hungary for an EMI. The choice of legal form for financial services depends on ownership structure and board requirements, and at this stage we prepare executive candidates and a competency matrix in advance. It is important to align the office, substance and employment contracts of key personnel, otherwise the timeline will “freeze” on formalities.

The timeframes for obtaining an EMI license in Hungary consist of several phases. The preliminary assessment (pre‑application) may take 1–2 months; the full application review takes 6 to 12 months, and in some cases longer. Processing times for EMI license applications in Hungary in 2025 will depend on MNB’s workload and the completeness of the dossier; factors affecting the processing time include the maturity level of IT and AML, evidence of banking relationships and the quality of the business‑plan. If an EMI license is refused: the reasons and remedies usually relate to an unproven model resilience, insufficient outsourcing controls, or incomplete safeguarding policies; COREDO helps structure corrective measures and a reapplication.

Cost of an EMI license in Hungary

Cost of an EMI license in Hungary: it is not a single figure but a comprehensive budget for launching an EMI company. Components of the EMI license cost (legal, IT, compliance) include:

• Legal block: dossier preparation, corporate formation, policies and procedures, interaction with the MNB; this also includes the MNB fee for reviewing an EMI application (Hungary), the amounts of which the MNB periodically updates in its tariffs.
• IT infrastructure and costs for an EMI in Hungary: architecture, licensing, security, integration with payment gateways and the API stack, testing and audit.
• AML/KYC costs for an EMI in Hungary: verification providers, screening platforms, case management and data storage.
• Hiring a local director for an EMI in Hungary, the cost of a compliance officer and MLRO, and the payroll fund for the operations team.
• Audit and external safeguarding confirmation, annual audit costs and regulatory fees, and annual expenses of an EMI in Hungary.

Safeguarding in banking relationships

Correspondent banking relationships for EMIs require starting negotiations early. Interaction with banking partners when opening accounts is best conducted in parallel with licensing: having a letter‑of‑intent (or a draft agreement) strengthens the dossier. The COREDO team implemented a scheme with virtual IBANs and a split of roles between the custodian bank and the processing partner, which increased the model’s resilience and simplified BCP/DR.

IT infrastructure security

IT security, ISO 27001 and PCI DSS for EMIs are not a formality but an operational necessity. Integration of payment gateways and the API‑stack for scaling must account for rate limiting, anti‑fraud, real‑time monitoring and event logging. When performing card issuing, acquiring and interacting with payment schemes, it is important to plan certifications and release schedules already in the business plan.

Operational model of an e-money business

Profitability forecasts and the unit economics of e‑money businesses include fees for wallet issuance/maintenance, interchange income from card issuing, transaction margin and FX markup. Aligning tariffs and fees to ensure profitability must balance competitiveness and regulatory transparency. Financial resilience and stress tests of the business model help justify to the MNB that even in adverse scenarios capital and reserves cover operational needs.

AML/CFT and compliance in operations

Preparing an AML policy and internal controls for an EMI is a process, not a ‘file in a folder’. KYC / KYB procedures and verification of beneficiaries rely on a risk assessment of jurisdictions and products, while PEP screening and rules for handling politically exposed persons establish enhanced checks and the frequency of reassessment. The process of confirming the source of funds (source of funds), transaction monitoring, and trigger rules must be digitized and testable.

GDPR compliance when processing customers’ personal data inevitably overlaps with AML logging and data storage, so access architecture and pseudonymization are important from day one. Reporting to the MNB and regulatory reports, as well as support for MNB audits and inspections, we plan in advance, including templates, registers, and responsible parties. Administrative fines and the risk of license revocation: a reality, but competent AML risk management, operational and IT risk management keep them at bay.

Passporting to European and Asian markets

The conditions for passporting an EMI license to EU and EEA countries from Hungary involve a notification procedure through the MNB and the host regulators. Timelines are usually predictable if the services, distribution channels and local AML specifics are described. A comparison of the timeframes for obtaining an EMI license in Hungary and in other EU jurisdictions shows similar ranges, but Hungary often has the edge in interaction logic and the quality of feedback.

Taxes and corporate structure for IP

Tax aspects of the EMI business model in Hungary depend on the nature of the services, the locations where they are provided and the contractual arrangements with partners. We analyze the VAT position of payment services, transfer pricing and the impact of macroeconomics and currency risks on the payments business. We choose legal forms of companies in Hungary for financial services taking into account corporate governance and protection of minority shareholders.

Legal intellectual property protection of the payment platform is important for assessment by investors and banks. Trademark registration, licensing agreements and vendor code development policies address vulnerabilities. The COREDO solution links the IP strategy with a licensing roadmap to prevent software rights conflicts at the time of inspection.

How to obtain an EMI license in Hungary

1. Diagnostics of the model and selection of the service perimeter: we determine whether an EMI license for Hungary is required or a PI is sufficient, and where the boundaries of e‑money issuance lie. This saves months.
2. Financial model and ROI‑hypotheses: we build scenarios, unit economics, stress‑tests and regulatory capitalization. This is the basis of MNB’s trust.
3. Ownership structure and UBO: we simplify the chain, prepare confirmations, register the UBO. Transparency accelerates Due Diligence.
4. Formation of the legal entity in Hungary for an EMI: we register the company, approve the articles of association, substance and office. This is the basis for hiring and contracts.
5. Personnel framework: directors, MLRO, compliance, risk‑management; we prepare fit and proper‑packages. People are the key to authorization.
6. Safeguarding‑architecture: bank letters of intent, account models, daily reconciliations. This reduces MNB queries.
7. IT‑landscape: architecture, security, BCP/DR, ISO 27001/PCI DSS‑plan; integration prototype. The technical specification must be verifiable.
8. AML/CFT: risk‑assessment, policies, monitoring scenarios, screening‑providers, reporting. This is assessed separately by the regulator.
9. Correspondent relationships and virtual IBANs: preliminary agreements and test configurations. Banks need to see maturity.
10. Preparation of the dossier and submission to the MNB: a single narrative, cross‑references, version control. Consistency saves rounds of questions.
11. Communication with the regulator: prompt responses, system demonstrations, adjustments. We build the dialogue on facts.
12. Test operation and go‑live: pilots with a limited sample, reports to the MNB, expansion of services and geographies. Quality over speed.

COREDO cases: launch scenarios

In one project the COREDO team implemented an EMI for a European fintech with multi-currency wallets and card issuing. We designed safeguarding with two custodian banks, deployed ISO 27001 and prepared for a PCI DSS audit. The timeframe for obtaining an EMI license in Hungary was 9 months thanks to a pre-approved business plan and IT readiness for demonstration.

In the second case the company built an on/off-ramp for digital assets within European regulations and required a combination of VASP registration in one EU country and an EMI in Hungary. We separated product perimeters, described an AML bridge between services and implemented sanctions screening at the level of a unified customer profile. The MNB valued the separate risk accounting and transparency of processes.

Third scenario: a rapid market entry with white-label and partner solutions for a fast EMI launch. At the start we used outsourced transactional processing and a ready virtual IBAN module, while planning our own microservices in parallel. This approach reduced the company’s overall EMI launch budget and provided predictable ROI metrics.

How to reduce the risk of refusal

Factors affecting the processing time of an EMI application are the same: maturity of IT/AML, agreements with banks, and a transparent ownership structure. Our experience at COREDO has shown that a preventive “dry” inspection — rehearsing answers to typical MNB questions — reduces the volume of subsequent requests.

Licensing KPIs and support

Frequently Asked Questions

Timelines and benchmarks for the EU

Comparison of timelines for obtaining an EMI license in Hungary and other EU jurisdictions shows a similar range to countries with comparable supervision: preliminary assessment — from a few weeks, full review — most cases are completed within 9–12 months. Hungary stands out for close feedback from the MNB and the possibility of early technical demonstrations, which helps reduce residual uncertainty. The same principles are critical in any EU country: financial soundness, effective risk management, ownership transparency and technological readiness.

About figures, fees and reporting

How to prove the robustness of the MNB model

The COREDO team is preparing a supporting evidence package: scenario P&L and cash‑flow, sensitivity analysis of transaction margins to tariffs and interchange, a customer acquisition and retention plan tied to LTV/CAC, a reserves policy and regulatory capitalization. Financial stability is confirmed not only by the numbers but also by risk management – credit (for deferred settlements), operational, AML and IT. Such a package demonstrates that the company can manage uncertainty and maintain profitability.

Conclusions

COREDO: a team that speaks the language of regulators and business alike. We support projects from company registration and building compliance to entry into the markets of Europe and Asia, relying on practices and a methodology proven by dozens of licenses. If you need a concrete roadmap — from the dossier to go-live — I am ready to discuss the details and propose a project structure that will deliver results and withstand the test of time and inspections by the MNB.