Coredo

Since 2016 I’ve been leading COREDO through dozens of licensing processes, hundreds of registrations and thousands of pages of contracts. The greatest value for clients is not the mere fact of obtaining a license, but a stable contractual framework that lays out the rules of the game: it is the payment system’s public offer that determines user trust, the reliability of settlements and the protection of funds. Europe is now moving to a new regulatory architecture: PSD3 and PSR, and the public offer is becoming a critical document that affects the business model no less than code and processing.

Update of the public offer for PSD3/PSR

PSD3 and the PSR (Payment Services Regulation) reallocate requirements between the directive and the regulation: some rules will become directly applicable, others will be harmonised through national competent authorities. This concerns client funds protection (safeguarding), strong customer authentication (SCA), open APIs for TPPs and operational resilience. The PSR public offer becomes the visible bearer of these requirements, and regulators view it not as a formality but as a reflection of risk management.

Public offer for PSP, EMI, e-money

I start the project by mapping risks and business processes. The solution developed at COREDO links each product feature to specific sections of the contract and internal policies. For EMI and e-money the offer must explicitly describe the funds protection regime, wallet types, limits and withdrawal operations, and the “e-money public offer and PSD3” must align with safeguarding accounts and insurance coverage.

Key blocks of the offer:

• user consent and acceptance mechanics (click-wrap, eIDAS electronic signature where high legal enforceability is needed);
• tariff transparency and the fee pricing model, including transaction margin and surcharges for cross-border payments;
• SLA metrics: authorization time, settlement time, service availability, incident priority;
• provisions on refunds and chargebacks, allocation of responsibility between PSP and merchant;
• public offer and protection of client funds: segregation, insurance, annual safeguarding audits;
• public offer and KYC/AML requirements: client’s obligations to provide data, blocking triggers, RBA;
• privacy: processing of personal data and GDPR, cross-border data transfers and localization requirements.

PSD3 Offer: PSR Requirements

• user rights and user protection in the PSD3 offer: clear information on risks, fees, limits, reimbursement rights;
• SCA and exemptions: biometrics, trusted beneficiaries, low-risk transactions;
• operational resilience and incident reporting: timeframes for notifying customers and the regulator, communication channels;
• third-party outsourcing: SLAs and supplier liability, right to audit, critical dependencies;
• independent audits, reviews and internal control: frequency, scope, remediation;
• capital requirements for PSPs and requirements for electronic money issuers (EMIs): methodology, stress tests, buffer maintenance.

PSR requirements also strengthen disclosures on payment routing, multilateral correspondent models and access-to-account obligations under open banking. This should be reflected formally and operationally.

PISP/AISP/marketplace/white-label PSP

For PISP and AISP the “public offer for PISP and AISP” must disclose third-party API access (TPP), the procedure for delegated consent, as well as the public offer in open banking conditions – who, when and how stores tokens, event logs and how to ensure users’ consent during API delegation. Our experience at COREDO has shown that unnecessary ambiguity here leads to complaints and loss of passporting.

For a payments marketplace, it is important to choose a model: custodian vs escrow. The public offer for a payments marketplace should explain segregation of sub-merchants’ funds, the settlement schedule and the terms for termination of service/transition of clients without the risk of funds “getting stuck”. In a white-label PSP we record the allocation of responsibilities between the licensed back-end provider and the brand, including Due Diligence when partnering with a PSP and the right to modernize the API without degrading the SLA.

AML/KYC and the risk-based approach in the offer

I set out risk-based approach (RBA): risk segments, CDD levels, triggers for enhanced due diligence, sanctions control and screening technologies. For transaction monitoring and SAR reporting, the offer establishes the right to suspend an operation, request documents, notify the FIU and national regulators.

Security and technical requirements for the text

Public offer and API security: mandatory section. I recommend formalizing requirements for OAuth2, JWT, key management and HSM, as well as the minimum compliance requirements in the public offer for PCI-DSS (network perimeter, PAN data encryption, card tokenization). At the protocol level it is worth mentioning the migration to ISO 20022 and its impact on consent schemes and the format of payment details.

Incidents should be described clearly: priorities, RTO/RPO, business continuity and disaster recovery in the offer, escalation procedures. For instant payments (TIPS, RTP, FastPay) we define specific SLAs and the risks of irrevocability, as well as mechanisms for post-authorization review and anti-fraud filters. The solution developed by COREDO combines these technical standards with legal obligations without conflicts.

User Consent and Notices

User consent: the foundation. In the offer I describe the mechanics of notification and obtaining users’ consent, including logs, IP addresses, timestamps, and, where necessary: eIDAS and electronic signatures in user agreements. For TPP processes I separately define how to secure users’ consent during API delegation, token validity periods and revocation.

A notice of changes to the offer terms must include the channels (e-mail, in-app), minimum timeframes, the client’s right to terminate the agreement without penalties before the changes take effect, and the rules for handling “silent consent” where permitted. Such a design prevents disputes and increases resilience to audits.

SLA and operational metrics in the offer

SLA is the language of trust for the merchant. We establish:

• authorization and confirmation times, the share of operations requiring re-authentication;
• settlement time (D+0/D+1), cut-off, deduplication;
• service availability (for example, 99.9%), maintenance window and the order of function degradation;
• dispute management and customer support in case of chargeback: TAT, channels, escalations.

For instant-pay services it is useful to include separate SLAs: the share of payments <10 seconds, average finalization time, and fallback routes in case individual schemes are unavailable. Agreements with merchants and settlement SLAs are reasonable to place in an appendix so that metrics can be updated promptly without changing the base text.

Safeguarding and capital in the offer

The public offer, safeguarding and segregation of client funds (safeguarding) are areas of close attention. Models for safeguarding: bank accounts vs insurance, their combinations and reconciliation timelines. I specify the frequency of reconciliation, the client’s right to information about custodial banks and independent auditor confirmations.

Cross-border operations, passporting, banks

In the offer we specify the geography of services, service currencies, country restrictions and the use of partner PSPs. Integration with correspondent banks and fees must be transparent: where correspondent banking fees may arise and who covers them.

The public offer for cross-border payments should take tax aspects into account: the public offer and taxation of payment services – who withholds taxes, how fees are treated for B2B and B2C. When operating in the EU, it is beneficial to reflect passporting and conditions for servicing non-residents; in Asia, the linkage to licenses by MAS, HKMA or DIFC/FSRA.

Disputes, refunds and chargebacks

Refund procedures and chargeback mechanics – not just links to a card scheme. I break it down step by step: timelines, required evidence, merchant’s role, allocation of PSP responsibility for infrastructure and routing errors. For A2A payments we set out separate error-resolution mechanisms, refunds at the initiative of the PISP and intervention by the account-holding bank.

Dispute resolution and an arbitration clause help avoid jurisdictional traps. Legal stipulations: applicable law and jurisdiction are chosen taking into account the license and domicile of safeguarded accounts. In the offer it is advisable to describe liability limits and indemnities: reasonable caps, exclusions for gross negligence and intent, and disclaimer in the public offer to the extent permitted by law.

Securing control in outsourcing

The public offer and the terms of subcontracting/outsourcing must specify that critical functions are transferred only to approved providers, with audit rights and security requirements. We specify third-party outsourcing: SLAs and provider liability, business continuity plans, compatible RTO/RPO. Clients must know that outsourcing does not diminish their rights, and the provider retains control.

For white-label and agency schemes and partnership models, we describe the separation between the storefront and the licensed entity, brand/license disclosure, passporting and the right to migrate to the ‘base’ provider upon termination.

Risks, TCO/ROI and compliance under PSD3

TCO and ROI assessment when adapting the offer for PSD3 is a mandatory management task. We calculate CAPEX/OPEX for API updates, legal reviews, resilience tests and independent audits. Potential fines and regulatory risks are correlated with incident probabilities and the impact on GMV and transaction margin.

Which offer terms increase merchants’ trust? Transparent SLAs, a clear responsibility matrix, flexible payment routing and clear chargeback rules. Which metrics should be tracked after updating the offer? CAC, LTV, GMV, share of successful authorizations, settlement speed, incident rate, merchants’ NPS, size of reserves and refunds.

PSD3 Roadmap: stages and timelines

1. Gap analysis: differences from the current offer affecting PSR requirements, EBA recommendations.
2. Structure redesign: PSP public offer template, linkage to SCA, AML/KYC, BCP/DR policies.
3. Tech and risk review: API security, PCI-DSS, OAuth2/JWT/HSM, ISO 20022, instant payments.
4. Legal components: applicable law, jurisdiction, limits and indemnities, outsourcing, safeguarding.
5. Communication testing: consent mechanics, notice of changes to the offer terms, UX screenshots.
6. Internal training: operational runbooks and KRIs, compliance project KPIs and execution control.
7. Pilot and release: independent audits, establishing SLAs, metric monitoring, adjustments.

Timelines depend on scope, but on average we typically complete within 8–16 weeks if backend policies are ready and security is confirmed.

Implementation case studies in Europe and Asia

In the EU the COREDO team adapted the public offer for PSPs in Central Europe with the move to instant payments and the launch of marketplace scenarios. We defined an SLA for TIPS, set escrow reserves, and delineated responsibilities between the platform and sub-merchants. After the release, GMV grew due to the trust of large merchants, and the incident rate dropped by one third thanks to clear procedures.

Public Offer Template for PSP

Example of a public offer for PSP as a “skeleton” of sections:

• Terms and roles: PSP, merchant, user, TPP, PISP/AISP, marketplace and sub-merchants.
• Scope of services and geography: channel/schemes, instant payments, limited jurisdictions.
• Fees and commission model: transparent consumer information and disclosure, taxes.
• User consent and eIDAS: acceptance mechanism, delegation via API.
• SCA and risk management (PSD3): factors, exceptions, anti-fraud, KRI.
• Safeguarding: bank accounts vs insurance, reconciliation, audits.
• SLA for payment execution and settlement: metrics, service windows, degradation.
• Refunds and chargebacks: timelines, evidence, allocation of PSP liability.
• AML/KYC/CDD and sanctions: RBA, SAR, interaction with FIU.
• Privacy and GDPR: cross-border data transfer and localization requirements.
• Outsourcing and subcontracting: right to audit, security, reserves.
• Operational resilience: incident reporting, business continuity and disaster recovery.
• Payment routing and correspondents: fees, fallback channels.
• Restrictions and limits: transactions, currencies, merchant categories.
• Liability limits and indemnities, disclaimers in the public offer (within the law).
• Termination and transition: key termination and client transition points, data export.
• Applicable law, jurisdiction, dispute resolution and arbitration clause.
• Mechanism for notifying changes to the terms of the offer.

PSD3 Offer Verification Checklist

Checklist for PSD3 offer compliance:

• All roles, channels and schemes are specified, including PISP/AISP and open banking.
• SCA and exemptions are aligned with policies and UX flows.
• Safeguarding is transparent: banks/insurance, reconciliations, independent audits.
• SLAs are defined, KPIs are measurable, incidents are described.
• Refunds/chargebacks are detailed by scheme.
• AML/KYC/CDD RBA is clearly articulated, SAR and sanctions controls are reflected.
• GDPR and cross-border data transfers are validated by the DPO.
• Outsourcing: right to audit, API security, PCI-DSS.
• Legal provisions: limits, applicable law, spoliation-safe logging of consents.
• Notification and consent mechanisms are tested and logged.
• Integration of ISO 20022/instant-pay is reflected in terms and SLAs.
• National NCA requirements are considered, passporting is correctly described.

Assess ROI and reduce sanctions risks

Impact of PSD3: tokenization of crypto services

The impact of PSD3 on crypto services and tokenization is reflected in requirements for KYC/AML, SCA, storage and transfer of value through the payment infrastructure. A public offer and PCI-DSS requirements are important for card tokenization and on/off-ramp scenarios. For card tokenization and payment data security, we establish the merchant’s PCI obligations and the role of the tokenization provider, as well as cybersecurity obligations for APIs, OAuth2, JWT, and HSM.

API access for third parties and the terms of the offer must eliminate ambiguities regarding data rights and revocation of access. Open banking affects contractual relationships, and the offer must be aligned with the agreement with merchants and the SLA for settlements.

Regulatory practice and sandboxes

A regulatory sandbox for payment services in individual countries helps test a public offer for payment infrastructure with a limited set of customers. In our projects we often pilot the dispute resolution process, SLAs and safeguarding specifically in the sandbox to speed up subsequent certification.

The role of national competent authorities in supervising PSPs is strengthening, and the PSR public offer is the first point of contact for supervision with your «tone of compliance». The more precise the document, the easier it is to pass off-site and on-site inspections.

Practical wording: what merchants value

Which offer terms increase merchants’ trust? I clearly define responsibility for delays in settlements, a transparent discount matrix as turnover grows, and describe fallback routing of payments. Agreements with merchants often include KPIs for authorization, refund timeframes and support quality, as well as the right to early exit in case of SLA degradation. Such a balance of interests stabilizes GMV and reduces churn.

Work on COREDO projects

When a client prepares «public offer for a white-label PSP», we check the partner’s due diligence, its backup capacity, routing, as well as subcontracting terms. As a result the offer reflects the real risk landscape and withstands reviews by both EBA-guidelines and local NCAs.

The offer as a strategic asset

COREDO prepares «PSD3 payment provider offer» quickly and consistently, relying on audit practices and case studies across different jurisdictions. If your product needs «public offer for a PSP in the EU», «public offer when implementing instant payments» or «public offer template for PSP» for white-label and marketplace, the COREDO team will align the document with EBA requirements, the EU PSD3/PSR regulation draft and merchants’ expectations. I believe in a simple formula: a strong offer – fewer incidents, higher conversion, more sustainable growth.

Since 2016 I have been leading COREDO through dozens of projects to register fund structures in the EU, Asia and the CIS, and during this time Ireland has consistently remained at the top for the combination of regulatory predictability, tax benefits for funds and high-quality provider infrastructure. When I receive a request for an international fund registration with subsequent licensing and comprehensive AML support, I first assess the applicability of the ICAV (Irish Collective Asset-management Vehicle) regime. This form was created specifically for investment funds and hedge funds and provides precise answers to founders’ pain points: speed of launch, the tax neutrality of ICAV for investment funds, flexibility of structuring and effective cross-border distribution.

How an ICAV differs from a Ltd company and a PLC

ICAV: it is a separate legal regime for collective asset management in Ireland, designed for investment purposes and compliant with AIFMD and UCITS. Unlike Ltd and PLC, it is not a corporate “universal” form, but a specialised fund vehicle operating as an investment undertaking with specific tax consequences and reporting. This positioning allows ICAV to obtain exemption from corporate tax at the fund level provided the legal requirements are met.

ICAV tax architecture

My main guideline is to minimize the fund’s tax burden through an ICAV without resorting to aggressive structures. Ireland allows a fund to be exempt from corporate tax when it has investment undertaking status and is correctly registered, and it also provides mechanisms for exemption from Irish withholding tax on payments to non‑residents from the “white list” of jurisdictions when supporting documentation is available. Taxation of gains from the sale of assets in an ICAV generally does not arise at the fund level; capitalization of gains is passed through to the investor taking into account their domestic tax regime and DTT.

An ICAV should take into account the impact of BEPS and ATAD: interest limitation rules, CFC rules at the investor level, anti‑hybrid rules and substance over form — this is the baseline. Anti‑hybrid rules are important for debt strategies and structures with SPVs across multiple countries: mismatches in the tax characterization of instruments in different jurisdictions can lead to denial of deductions or double inclusion of income. We apply transfer pricing for groups of fund‑servicing entities and prepare transfer pricing documentation requirements for fund groups to demonstrate the arm’s‑length nature of fees charged by the ManCo, the administrator and advisors.

The introduced Pillar Two (global minimum tax) is formally aimed at large groups. Nevertheless, funds with controlled holdings and service hubs must check the per‑jurisdiction effective tax rate and exemptions. The solution developed at COREDO models ETR by jurisdiction and carve‑out scenarios; this is especially relevant when using portfolio SPVs for transactions in Europe, Asia and Africa. Additionally, we assess GAAR, general anti‑avoidance rules — in Ireland and in investors’ countries — to confirm business purpose and real economic substance.

What Revenue and the regulator see

The tax residency test for a fund in Ireland is built around the place of effective management and management and control (management and control). Economic substance for an ICAV: it’s not just an office and a nameplate on the door, but a set of corporate governance practices: directors’ meetings in Ireland, independent non‑executive directors with relevant expertise, a local secretary, a record of resolutions, contracts with Irish counterparties and risk controls at the depositary and ManCo level. I always emphasize: it is demonstrable management and control at the ICAV that addresses CFC issues and confirms tax neutrality.

• A calendar of board meetings held with an Irish quorum and minutes.
• Real‑time access for directors to portfolio information and risk reports.
• Local agreements with the ManCo, the administrator, the depositary, and auditors.
• Policies and procedures: asset valuation, conflicts of interest, valuation challenge.
• A dossier on the place of effective management: business trips, minutes, working correspondence.

The role of the manager (ManCo) and tax obligations is a separate topic. Licensing and registration of a ManCo for an ICAV is carried out at the Central Bank of Ireland, and the quality of the ManCo affects not only AIFMD/UCITS supervision but also the perception of substance by regulators. In several projects the COREDO team conducted ManCo vendor selection and built an advance pricing agreement (APA) as a tool for legal certainty on intra-group pricing for the service companies supporting the fund.

Registration of CRO, Central Bank, Revenue

A step-by-step guide to opening an ICAV for non-residents includes three tracks: legal (Companies Registration Office, CRO), regulatory (Central Bank of Ireland) and tax (Revenue).

• CRO: preparation of the ICAV constitution, information on directors, the company secretary and the RBO. The Companies Registration Office (CRO) registration procedure for an ICAV usually takes 5–10 business days with a complete submission.
• Central Bank of Ireland: submission of documents for ICAV approval and, where necessary, a UCITS prospectus or AIF rules. Timelines depend on the fund category: there are fast routes for QIAIF; for UCITS, 6–8 weeks with quality preparation.
• Irish Revenue Commissioners: registration of the tax status as an investment undertaking and obtaining an Irish tax clearance certificate for certain operations (for example, on distributions).

Choosing a depositary, administrator and custodian: the foundation. The depositary controls ownership of assets and compliance with investment restrictions, and depositary liability: practical cases and risk management show that proper allocation of functions between the depositary and the administrator reduces operational risks. When structuring SPVs and ICAVs for private credit and securitisation SPVs we take into account asset segregation and tax asset protection mechanisms so that cash flows and payment priorities are resilient to stress scenarios.

Compliance and reporting: AML, DAC6, AEOI

Anti-corruption KYC/AML for funds in Ireland is a set of policies, procedures and technologies. We build KYC/AML procedures when onboarding institutional investors, including sanctions screening and counterparty checks, identification of PEPs, adverse media and transaction monitoring. When suspicious transactions are detected there is an obligation to file SARs and reporting requirements for suspicious activity in accordance with Irish AML legislation.

Choosing an auditor and audit requirements is not a formality. The auditor must understand valuation of Level 3 assets, NAV error escalation rules and the specifics of side pockets, otherwise the audit will be prolonged. The solution developed at COREDO provides an RfP process and a scorecard for auditors, administrators and depositaries taking into account the fund’s strategy, asset geography and investor requirements.

Redomiciliation of a fund to Ireland

Transferring a fund to Ireland: tax and operational steps begin with tax due diligence when entering an ICAV structure, analysis of BEPS issues during the reorganisation of international funds and review of CFC rules in investor jurisdictions. For assets we model transfer of assets in kind: tax consequences, possible stamp duties and capital gains recognition. Restructuring costs: how to account for expenses during a reorganisation – we record them in the fund’s accounting policy and with providers to avoid disputes over deductions.

ROI when moving the structure to ICAV mode is calculated through a set of KPIs: net return after withholding optimisations, savings on VAT and administration fees, speed of capital raising through passporting, reduction in compliance costs compared with offshore schemes. Key KPIs for managers when assessing ROI from redomiciliation include time-to-first-close, delta TER, % of investors from the EU, and the “cost of risk” from regulator audits. In practice, relocating to Ireland increases trust from LPs in Europe and Asia and simplifies cross-border distribution: tax barriers and solutions here are standardised.

Private strategies: PE/VC, hedge funds

ICAV for investment funds and hedge funds allows fine‑tuning of subscription/exit rules, hedge structures vs fund solutions and tax differences when using derivatives. For private equity we have embedded waterfall and carried interest within PE/VC fund structuring under ICAV: best practices suggest using separate sub‑funds for individual vintages and geographies to segregate risks and reporting. Tax aspects of private equity and ICAV often come down to managing capital gains treatment for non‑residents and investor‑level exemptions.

Investor lifecycle: onboarding/holding/exit

At investor onboarding we set up KYC, the collection of self‑certifications for FATCA/CRS, tax residency checks and determine the applicability of withholding tax relief procedures and documentation. For US investors in an ICAV timely FATCA registration and the correct fund status for PFIC purposes at the investor level are critical; our experience at COREDO has shown that early engagement with their tax advisers reduces the risk of reporting surprises.

Scalability, expenses and providers

Operating expenses of establishing an ICAV: forecasts and cost items include ManCo services, the administrator, depositary/custodian, auditor, legal support, listing (if required), directors’ insurance (D&O), IT infrastructure and KYC platforms. The cost of establishing and maintaining an ICAV depends on the strategy, liquidity and number of sub-funds; for an umbrella with two sub-funds and a professional ManCo we target a reasonable mid-market budget, which is detailed at the RfP stage.

COREDO cases: EU, redomiciliation and taxes

Recently the COREDO team completed international fund redomiciliation cases to Ireland from offshore jurisdictions while retaining the investor base. We rolled out an umbrella ICAV with three sub-funds (public equities, private credit, Africa infrastructure), secured AIFMD passporting into key EU countries and coordinated cross-border distribution together with local counsel in Asia and Africa. Practical steps to demonstrate substance to Revenue and supporting evidence were incorporated into the corporate governance policy, and the Central Bank of Ireland approved the structure on schedule.

Audit risks and their mitigation

Substance over form: the practice of tax audits in Ireland and the EU shows that formal indicia without real management in the country of residence no longer work. We help set meeting agendas, directors’ roles and ManCo control mechanisms to demonstrate the place of effective management. GAAR and anti‑hybrid rules are checked first; therefore profit allocation scenarios, SPV debt load and payment chains are documented in a memorandum before launch.

Why Ireland and ICAV now?

Conclusions

ICAV is not just an “Irish form”, but a full-fledged operating platform: tax neutrality, the flexibility of umbrellas and sub-funds, oversight by the Central Bank of Ireland, passporting under AIFMD/UCITS, and predictable rules from the Irish Revenue Commissioners.

The COREDO team has gone through this process with clients from the EU, Singapore, the UK, Cyprus, Estonia, the Czech Republic, Slovakia and Dubai and has built an approach that saves time and reduces risks. If you are considering registering an ICAV in Ireland, relocating a fund or optimizing an existing structure, I recommend starting with a roadmap: objectives, distribution strategy, tax model, providers, timeline, KPI.

I have been leading COREDO since 2016 and every year I see how technological progress changes legal and financial constructs faster than regulators’ manuals can be updated. Tokenized funds are not hype but a practical tool if you approach design as an engineering task: from choosing the legal wrapper and license to smart contracts, custody schemes and marketing restrictions. The COREDO team has implemented a number of projects in the EU, Asia and the CIS, and in this article I have gathered the practical experience that will save you months of searching and hundreds of hours coordinating with providers.

Tokenized funds: why businesses need them

A tokenized fund is a fund on the blockchain where shares/units are represented as security tokens according to the regulator’s classification of the token as a security. This model provides a flexible subscription, redemption and secondary market mechanics for the fund’s tokens, the possibility of trading security tokens on regulated exchanges or OTC alternatives, and also simplifies cross‑border distribution with correct fund passporting.

Our experience at COREDO has shown that tokenized funds increase ROI through fund tokenization due to four factors: reduction of transactional costs, acceleration of investor subscription, expansion of distribution geography and liquidity, and fractionalization of even ‘illiquid’ assets. Benchmarking the ROI of tokenization against traditional funds varies by strategy, but with fair token economics of the fund and competent market making, efficiency gains become measurable.

Legal qualification: EU, Asia, CIS

My approach begins with a map of regulatory regimes. In the EU the basic framework is set by AIFMD and MiFID II, as well as the regulatory requirements of MiCA and tokenized funds for crypto infrastructure. AIFMD and fund tokenization are compatible: the interest is issued as a token while retaining AIF status; for retail offerings it is possible to combine UCITS/AIF and tokenization via an intermediary “wrapper”. MiFID II’s consequences for the sale of fund tokens concern client categorization, suitability/appropriateness and distribution rules through investment firms.

In Asia I more often rely on Singapore and Dubai. Registering a tokenized fund in Asia via a Singapore VCC with an ITO/STO under MAS supervision, provided the manager is licensed, gives a clear roadmap. In the UAE DFSA and VARA offer regulatory sandboxes for tokenized funds and clear guides on security token offering for a fund, including transfer restrictions on security tokens and access to licensed exchanges.

Structure of a tokenized fund

• Structuring a fund as an SPV with tokens is suitable for niche strategies and club deals. The SPV issues tokens instead of units, and the management company enters into an investment management agreement, setting out fees and carry.
• Using a corporate «wrapper» in the EU: commonly applicable fund forms in Cyprus, Estonia or Slovakia; for institutional investors — Luxembourg/Ireland via an AIF, and tokenization occurs at the level of the register of units.
• The combination of UCITS/AIF and tokenization is possible with strict marketing limits. The COREDO team implemented such a hybrid in Cyprus with a white‑label platform for fund tokenization and a partnership with a licensed depositary.

Licenses and offering documents

For the EU we prepare the prospectus filing and the KIID for the tokenized fund, the prospectus approval with the regulator, the white paper and the offering memorandum for the fund. Regulatory qualification determines whether the fund’s initial token issuance (ITO/STO) falls under the prospectus regime, national exemptions, or within an AIF via private placement.

In Asia the document set is similar, but the emphasis is on the offering memorandum and risk disclosures, including law enforcement and the enforceability of smart contracts. Legal support for tokenized funds at COREDO includes regulatory advice and obtaining licenses for investment companies, approval of marketing materials and recording restrictions on the sale of tokens to residents of certain countries.

AML/KYC Compliance and Data Protection

Compliance by design for tokenized funds is not a slogan, but an architecture of processes. Мы строим AML политику и screening санкций для инвесторов, интеграцию KYC провайдеров и санкционных списков, EDD (enhanced Due Diligence) для институциональных инвесторов, а также beneficial owner disclosure для токенизированных фондов. Процессы KYC/AML автоматизации с использованием API сокращают тайм‑ту‑сабскрайб и снижают операционный риск.

Наш опыт в COREDO показал, что the implementation of AML автоматизации в подписи транзакций через политики смарт‑контрактов и адресные списки снижает нарушения трансферных ограничений. Мы также настраиваем AML/KYT‑мониторинг адресов, чтобы оперативно реагировать на риск‑сигналы.

Standards, custody, and stack security

Choosing a token standard determines future compatibility. For utility‑subscription logic ERC‑20 is used, for paper rights: token standards ERC‑1400 and ERC‑3643, which implement transfer restrictions, whitelists and compliance checks. A smart contract for investor subscriptions automates issuance, distribution and the payment of dividends via smart contracts on a schedule or upon occurrence of events.

Custodial solutions for fund tokens require discipline. For custody of private keys for funds we rely on storing private keys in hardware modules (HSM), multisignature (multi‑sig) custodial schemes, segregation of operator rights and an emergency recovery procedure. In some projects clients choose custodian vs qualified custodian for fund tokens, and I help make a balanced decision together with the partner depository.

Operational security matters no less than legal considerations. We assess tokenization technology providers (tokenization platforms) by ISO27001 and SOC 2 criteria, smart contract audits and formal verification are mandatory before ITO/STO. Oracle solutions for external NAV data and asset prices link off‑chain settlement and reconciliation with on‑chain logic, ensuring correct on‑chain NAV calculation for the fund.

Liquidity: from issuance to turnover

Primary issuance of fund tokens (ITO/STO) sets the starting liquidity, but I always design the secondary market in advance. Trading of fund‑tokens on exchanges is possible through regulated security token platforms and OTC alternatives for qualified investors. Market making and liquidity provisioning for fund tokens are arranged contractually, and buyback and burning mechanisms for fund tokens create a “soft” price corridor.

For subscription and redemption settlements I increasingly provision a stablecoin as the fund’s settlement instrument, but I also connect commercial banks and fiat‑on/off ramps for funds, including correspondent bank and fiat payments for subscription and redemption. This duplex reduces dependence on volatility and speeds up clearing.

Taxes for cross-border distribution

Taxation of tokenized funds in the EU and Asia requires early modeling. We calculate tax planning for non‑resident investors, tax withholding (withholding) on payments to investors and the applicability of double taxation treaties. For some clients I recommend corporate structures with ‘pass‑through’ taxation or umbrella funds with subfunds.

ESG‑orientation is growing, and blockchain-based funds demonstrate advantages in the transparency of metrics. Paradoxes of transparency: competitive risks of portfolio disclosure are addressed through reporting to regulators and investors in aggregated form and by using zero‑knowledge proofs for private investments at the level of attesting facts without revealing details.

Insurance and Risk Management

A comprehensive assessment of operational risks of a tokenized fund is included in the initial sprint. I analyze legal disputes and precedents related to security tokens in target jurisdictions, conduct technical due diligence of infrastructure providers, and arrange cyber risk insurance and issuer liability. Loss recovery and insurance for tokenized funds cover key scenarios, from key compromise to operational errors.

The factor of speed and gas cost on Ethereum networks for fund operations has a direct impact on investor UX. To reduce costs we use layer‑2 solutions and sidechains to scale operations while maintaining security and compatibility, and mechanisms to control token price manipulation are embedded in market-making agreements and trade monitoring.

NAV: operations and infrastructure

On‑chain NAV valuation for the fund increases transparency, but it cannot be separated from accounting. We set up off‑chain settlement and reconciliation, and the oracle provides verification of prices and corporate actions. Requirements for the depositary and transfer agent are specified in agreements, including registry reconciliation processes and SLAs.

Balanced through data architecture and access rights. We use allowlists, ZK‑proofs and data segmentation to comply with GDPR and protect the fund’s strategy.

COREDO Case studies: EU, Asia, CIS

В ЕС команда COREDO реализовала AIF на Кипре с токенизацией долей по стандарту ERC‑1400, STO под режим частного размещения и листинг на регулируемой площадке security tokens. Кастодиальные ключи хранились в HSM с multi‑sig, а NAV рассчитывался on‑chain с верификацией через oracle и сверкой у администратора фонда.

В СНГ запустили фонд через AIFC с корпоративной оберткой‑SPV для инвестиций в частные debt instruments. Регистрация tokenized fund в ЕС для кросс‑продаж прошла через партнерский управляющий AIFM, а пасспортирование ограничили несколькими странами. Этот гибрид показал, как legal‑мосты и технологические белые ярлыки (white‑label платформы) ускоряют выход.

Roadmap for a tokenized fund

1. Diagnostics and design: legal choice of jurisdiction, the fund’s token economics, target audience assessment, marketing restrictions.
2. Law and licenses: registration of a tokenized fund in the EU and/or registration of a fund with tokens in Asia, regulatory consultations, obtaining licenses, approval of prospectus, KIID, offering memorandum.
3. Technology: choice of token standard (ERC‑20/1400/3643), smart contracts for distributing the fund’s income, audit and formal verification, oracle, custody with HSM and multi‑sig, ISO27001/SOC 2 compliance of platforms.
4. Operations: depositary and transfer agent, token holder registry and KYC, off‑chain settlement and reconciliation, reporting to regulators and investors.
5. Market and liquidity: ITO/STO, listing of security tokens on regulated exchanges, market making, OTC, DeFi integration and liquidity pools, buyback/burning mechanics.
6. Taxes and risk: tax planning, withholding, cyber risk insurance and issuer liability, incident response procedures and manipulation controls.

COREDO handles coordination of providers, compliance setup and building the “operational rails”. I personally oversee the architecture and key agreements with regulators and banks so that you get predictable timelines and a transparent budget.

Frequently asked client questions and practical answers

The technical part raises concerns because of gas and scaling. I design layer-2 solutions and sidechains where justified by the business, and for subscriptions and redemptions I build in stablecoins and fiat channels. The question of enforceability of smart contracts is resolved by duplicating obligations in contracts and implementing formal guarantees of smart contract execution at the code and procedural levels.

Marketing: another critical area. We set up traffic filtering, geo-restrictions, investor verification and compliance with advertising rules so as not to launch prematurely. Veto limits and the fund’s governance tokens are clearly defined before launch to avoid conflicts of interest.

Tokenization: what it delivers in practice

Tokenization of fund shares reduces barriers to entry and adds flexibility to distribution. Integration with DeFi opens additional liquidity channels, and on‑chain accounting of shares and profit distribution simplifies auditing. When I see a project with a well-founded tokenized fund structure, correct documentation and reliable infrastructure, the result is accelerated AUM growth and reduced operating costs.

The COREDO team takes into account the paradoxes of transparency, the conflict between privacy and regulatory requirements, and builds a balanced system. We also proactively plan legal dispute scenarios and precedents on security tokens so that the fund has a resilient position and a predictable response to force majeure.

Launching a tokenized fund with COREDO

A tokenized fund is a synthesis of law, technology and processes. I am responsible for the integrity of the solution, and COREDO’s experience shows that a consistent architecture works better than a patchwork of disparate contractors. We combine registration procedures in the EU, Asia and the CIS, a security token offering for the fund, custody and exchange infrastructure, AML/KYC and GDPR, as well as tax and marketing frameworks.

If you see potential in tokenized funds, want to accelerate your go-to-market and retain control over risks, let’s discuss your strategy. I will propose a roadmap with clear milestones, costs and timelines, and the COREDO team will take you from the design session to the first dividend payout via smart contracts. This is a calm, transparent and results-oriented path that we have already followed many times with clients from Europe, Asia and the CIS.