In 2024 payment processors rejected more than 40% of merchant onboarding applications due to weak AML compliance, resulting in losses of billions of euros for fintechs in Europe and Asia. Imagine: your payment service is ready to launch, but a major PSP blocks transactions because of a lack of a risk‑based approach or incomplete sanctions screening — familiar pain? AML compliance determines access to Visa, Mastercard, SEPA and banking corridors, where without KYC/EDD, transaction monitoring and a documented PSP policy, PSPs and banks refuse onboarding. Read this article to the end — I will walk through a step‑by‑step checklist, technologies and a roadmap so you can pass the review in 3–6 months and scale your business without blockages.
AML compliance and connection to payment systems
Payment systems consider AML compliance the number one barrier: without it there is no access to the ecosystem. The COREDO team has repeatedly observed how clients from the EU and Singapore accelerated onboarding by implementing FATF standards in advance.
Requirements for Visa, Mastercard, SEPA, and PSP
COREDO’s experience confirms: without these elements rejection is inevitable, as in the case of a European aggregator blocked for weak screening.
Role of FATF, EU AMLD and local laws
FATF recommendations dictate the Travel Rule for payments and transfers, mandatory for PSPs in the EU and Asia, with AML systems required to be compatible with PSD2 and the EU AMLD. Local laws in Singapore (MAS) and Estonia strengthen PEP screening and watchlist checks. A solution developed by COREDO for a Cypriot PSP harmonized policy with these standards, securing access to several networks.
Trends 2024–2025: real-time screening and the Travel Rule
Elements of an AML program for obtaining approval
PSPs expect a full AML program with evidence. Here is a basic checklist tested by the COREDO team on clients from the Czech Republic and Dubai.
AML policy and governance in the company
Document AML governance; it’s a must-have for audits.
Customer verification and onboarding: KYC, CDD, EDD
KYC for payment providers includes CDD with OCR/biometrics, EDD for PEPs and high-risk, plus an annual refresh.
Checklist: UBO passport, business profile, source of funds.
Transaction monitoring and KYT: rules, red flags
Escalation to case management, with a 24-hour SLA.
Sanctions screening: dynamic OFAC/EU/UN lists
Sanctions screening for merchants against OFAC/UN/EU with dynamic list updates and PEP checks. Respond to matches with real-time blocking.
Reporting and interaction with the FIU: SAR/STR, regulatory reporting
SAR/STR filing within 24–72 hours with regulatory reporting and evidence retention for the FIU. Readiness for e-discovery is key to an audit.
AML architecture for payment systems
An effective architecture combines RegTech with APIs. COREDO integrated such stacks for Singaporean PSPs.
MVP AML stack for rapid onboarding
API integration for real-time screening with KYC document verification technologies (OCR, biometrics) and cloud-native AML platforms. Time to launch: 4 weeks.
Advanced architecture for streaming analytics, XAI and blockchain
Integration of PSPs and banks for instant payments
SLA: <100ms latency for real-time AML for instant payments. API-first providers ensure compatibility.
Scalability and KPIs: alert volume per FTE, MTTR, SAR
Scalability of AML systems via microservices. Optimize false positives according to KPIs: MTTR <2 days, alerts per FTE <500, SAR conversion 5%.
How to organize KYC/EDD and monitoring
Organize processes to match the AML onboarding checklist for merchants. COREDO practice: automation speeds things up by 60%.
Merchant onboarding: step-by-step checklist
- Document collection (passports, articles of association).
- UBO/PEP screening.
- Source of funds.
- Risk scoring.
- EDD if high-risk.
SLA: 48 hours.
TPRM and third-party management
Third-party onboarding risk via vendor Due Diligence and AML outsourcing. CaaS maintains control.
Working with high-risk clients: EDD, SLA, documentation
Policy and playbook for payment sanctions
Sanctions response playbook: match → freeze → SAR → report. Lists updated hourly.
Legal risks of non-compliance: what to watch out for
Non-compliance hits revenues. COREDO minimized such risks for Asian clients.
Connection refusals and blocks
Without AML acceptance criteria, access to payment gateways is denied.
Cost of compliance vs onboarding revenue: compliance pays off in 6 months.
Fines and reputational risks
Fines up to 10% of turnover under the EU AMLD. Regulatory risks for international payments include reputational losses.
GDPR PDPA Schrems II: KYC restrictions
Data privacy & cross-border data transfer under GDPR/Schrems II. Localize data for Asia.
ROI and economic model: how much it costs and how to calculate the benefit
ROI calculation: CAPEX 50–200k EUR is recouped by a 30% increase in the approval rate.
CAPEX and OPEX models for AML: software, personnel
In-house: 150k CAPEX + 50k OPEX/year. CaaS: 80k + 20k.
Assessment of benefits: approval rate, blocks, risk of fines
In-house vs CaaS vs hybrid: table
| Model | Time-to-market | CAPEX (k EUR) | OPEX/year (k EUR) | Risk control | Scalability |
|---|---|---|---|---|---|
| In-house | 6 months | 200 | 60 | High | Medium |
| CaaS | 2 months | 50 | 30 | Medium | High |
| Hybrid | 3 months | 100 | 40 | High | High |
Implementation roadmap: MVP → scaling → audit-ready
Roadmap from COREDO: from MVP to full compliance in 12–18 months.
-3 months: eKYC, sanctions API, merchants
Documents + MVP AML stack. Test on 100 merchants.
Deployment of transaction monitoring and EDD in 9 months
Transaction monitoring + workflow automation. Sign SLAs.
18 months: explainability, advanced analytics, blockchain, audit
Explainable AI + blockchain analytics. Audit readiness.
Common objections and answers for owners
What AML requirements are there for connecting to Visa/Mastercard/SEPA? KYC/UBO, TM, sanctions screening per FATF.
Can AML outsourcing (CaaS) be used to speed up connection to payment gateways and retain control? Yes, with TPRM and audit rights: speeds it up 2x.
How to implement real-time sanctions screening for instant-payments without lags? API with <50ms latency and streaming.
Case studies and practical examples
A European PSP obtained approval within three months.
The European PSP implemented API integration and biometrics: approval rate rose by 40%.
Fintech with a crypto product: integration of blockchain analytics and MiCA/VASP
Singapore fintech integrated blockchain analytics, passing a MAS audit.
Downloadable templates
- AML onboarding checklist for merchants (Excel template).
- EDD triggers matrix.
- Sanctions response playbook.
- KPI/ROI model (Excel-ready with CAPEX/OPEX).
Key takeaways and action checklist
- Develop an AML compliance policy.
- Appoint a CAMLO.
- Implement eKYC + CDD.
- Set up sanctions screening.
- Launch transaction monitoring.
- Define EDD triggers.
- SOP for SAR/STR.
- Integrate API for SLA.
- Test on an MVP.
- Prepare audit trails.
How to choose suppliers and partners
Recommendations for selecting suppliers and partners are especially important when the stability of key business processes and compliance with regulatory requirements depend on an external vendor. Below are practical criteria for evaluating suppliers and partners that will help compare proposals according to uniform parameters and choose solutions with an optimal API-first approach, transparency, and reliable support.