Regulatory arbitrage where is the line between optimization and risk

Nikita Veremeev

16.01.2026 | 6 min read

Updated: 16.01.2026

For the tenth year now I have been observing the same picture: when companies enter new jurisdictions they calculate taxes in detail but hardly consider regulatory risk and compliance risk. As a result some lose months negotiating with the regulator, others lose licenses and reputation. And a third come to us already in crisis mode: accounts are blocked, the license is under threat, the business model needs urgent restructuring.

In this article I will explain how I myself view regulatory arbitrage in international structures, how it differs from healthy regulatory optimisation, which strategies are permissible for transnational business and where the line is beyond which the risks of non-compliance with regulator requirements and enhanced supervision begin.

I rely on the practice of COREDO: registration of legal entities in Europe, Asia and the CIS, licensing of financial services, AML consulting and legal support for business in the EU, the United Kingdom, Singapore, Dubai, Cyprus, Estonia, the Czech Republic, Slovakia and other jurisdictions.

Regulatory arbitrage in simple terms

Illustration for the section 'Regulatory arbitrage in simple terms' in the article 'Regulatory arbitrage – where is the line between optimisation and risk'

Regulatory arbitrage is the use of differences in regulation and supervision between jurisdictions to reduce regulatory burden, capital or compliance requirements while maintaining or growing the business.

Simply put: when a group of companies chooses a country not only for taxes but also for where:

it’s easier to obtain a license;
capital requirements are more lenient;
less stringent AML/KYC procedures;
consumer protection or disclosure requirements are lower.

Essentially, it is a type of jurisdictional arbitrage and complements international tax planning. If tax arbitrage answers the question “where is it cheaper to pay taxes”, then regulatory arbitrage answers: “where is it cheaper and easier to live under supervision”.

In the financial sector — banks, fintech, payment services, crypto projects — regulatory arbitrage in financial markets is especially sensitive: regulators, rating agencies, correspondent banks, and sometimes even clients notice it quickly.

The line between optimisation and arbitrage

Illustration for the section 'The line between optimisation and arbitrage' in the article 'Regulatory arbitrage – where is the line between optimisation and risk'

In practice I always divide clients’ approaches into three zones.

Lawful regulatory optimisation

Here the company:

structures corporate organisation taking regulation into account but does not hide the actual business from supervision;
chooses a jurisdiction where rules are clearer, procedures more transparent, and timelines more predictable;
uses passporting regimes in the EU for cross-border financial services, but honestly complies with the requirements of the license’s home country;
builds corporate compliance and AML compliance not at the minimum level but taking the group as a whole into account.

This is the zone where the COREDO team helps the client build regulatory optimisation without attempts to hide from supervision.

The grey zone of regulatory arbitrage

Examples from practice:

a payment startup is licensed in a jurisdiction with light supervision but conducts its main activities effectively in a stricter country without obtaining a local license there;
a group splits the business into affiliated MFIs (microfinance companies) to remain “below the thresholds” of prudential requirements;
a crypto project formally places the parent company in one country and key operations and clients in another, hoping that “no one will notice”.

Here regulatory risk management comes into play: the regulator may consider the model an evasion of regulation even if formally no rule has been violated.

Aggressive high-risk regulatory arbitrage

This is when a company deliberately:

masks the actual country of business and the centre of management;
uses “thin” schemes with affiliated companies to circumvent capital and supervision requirements;
moves high-risk operations to jurisdictions with minimal regulation, leaving only a front in the “white” part.

Here, as consultants, we usually tell owners directly: the risk of losing licenses, statuses and benefits, intensified supervision and sanctions is too high and poorly correlates with the potential ROI.

Regulatory supervision in the financial sector

Illustration for the section 'Regulatory supervision in the financial sector' in the article 'Regulatory arbitrage – where is the line between optimisation and risk'

The most common models I encounter:

regulatory arbitrage in payment services: an e-money or payment institution license in a jurisdiction with laxer requirements and an actual focus on clients from stricter countries;
regulatory arbitrage in cryptocurrencies: placing a crypto exchange or broker in countries with a more flexible virtual assets regulatory regime while serving a global audience;
regulatory arbitrage in fintech: using the status ‘sandbox’ or experimental regimes for full commercial activity that goes beyond pilots;
arbitrage between licenses bank vs MFI: moving high-risk retail lending to an MFI with more lenient capital and consumer protection requirements, while the brand and ecosystem are associated with a large player.

Regulators in the EU and Asia increasingly respond to this through:

risk-oriented supervision and consolidated group-level review;
the principle “same business – same risks – same rules” for banks, fintech and ecosystems;
tightening rules for retail investors and users of high-risk instruments (CFDs, binary options, margin trading).

Why regulatory shopping is dangerous

Illustration for the section 'Why regulatory shopping is dangerous' in the article 'Regulatory arbitrage – where is the line between optimisation and risk'

In tax planning, companies are used to

and work with long-term rules of the game. In regulating finance and technology, the situation is different:

regulatory risk often materializes abruptly: today a business model is legal, tomorrow a circular or guideline is issued, and part of the operations end up in the ‘red zone’;
regulatory arbitrage and reputational risks are directly linked: investors and banks increasingly evaluate whether growth is being built on exploiting ‘grey zones’;
risks of non-compliance with regulatory requirements manifest not only in fines, but also in restrictions on working with non-residents, limits on transactions, and account freezes.

The COREDO team has repeatedly seen how the group’s cost of capital increased due to questions about the regulatory model: banks requested additional guarantees, investors increased the valuation discount precisely because of the perception of aggressive arbitrage as a structural risk.

Choosing a jurisdiction: taxes and the banking system

Illustration for the section 'Choosing a jurisdiction: taxes and the banking system' in the article 'Regulatory arbitrage — where is the boundary between optimization and risk'

When someone comes to me asking ‘need a company in the EU / Asia with minimal requirements’, I first ask different questions:

What cross-border financial services do you plan to provide?
Do you need a financial license – payment, investment, crypto, forex?
Where will the clients and the key team actually be located?
What are your compliance risks (sanctions, AML, industry-specific restrictions)?

Then a systemic jurisdictional analysis kicks in. Our experience at COREDO has shown that sustainable models are born not from the ‘easiest’ jurisdiction, but from a combination of:

predictable regulation of business in the EU or in Asia;
adequate regulatory burden;
the presence of clear licensing and supervision procedures;
availability of bank accounts and payment infrastructure.

Regulatory arbitrage: COREDO cases

I’ll change the details but keep the essence of the models.

# Case 1. A payments startup between the EU and Asia

Task: launch a payment service for e-commerce with clients in the EU and Asia, minimize time to market and regulatory risks.

What the market proposed: find a ‘soft’ jurisdiction in the EU, obtain a payment license there and serve all of Europe and part of the Asian clients through it via passporting.

What the COREDO team did:

conducted an assessment of regulatory risks for the business taking into account scaling plans and the client segment;
set up a separate licensed company in the EU and another in Asia, where payment services regulation was more flexible but with clear AML requirements;
developed a compliance strategy for the transnational business: unified KYC/CDD standards across the group, regardless of the minimum requirements of individual countries;
planned in advance for scenarios of regulatory tightening and potential restrictions on passporting in the EU.

Result: the company avoided suspicions of aggressive cross-border regulatory arbitrage, maintained access to banks and payment partners, and gained the ability to adapt the model without radical restructuring when regulations change.

# Case 2. A crypto project and a light license

Task: obtain a crypto license in a jurisdiction with minimal time and capital costs in order to serve clients globally.

Actual model: the majority of clients were from EU countries and the UK, marketing and key executives were also there, but the license was planned in a third jurisdiction with lighter supervision of crypto-service providers.

Risks we pointed out:

a high likelihood that European regulators and banks will perceive the model as regulatory arbitrage in cryptocurrencies;
the potential risk of losing the license if the actual center of management is found to be in another country;
difficulty opening accounts and accessing fiat infrastructure due to the perception of the license as a ‘flag’ rather than a real center of activity.

The solution ultimately chosen by the client with COREDO’s support:

obtain a license in a stricter but recognized EU jurisdiction;
structure the group so that key risks and management genuinely reside where the license is;
build in a higher cost of compliance in advance, but gain model resilience and the trust of banks and partners.

Short-term ROI turned out to be lower than in the ‘light’ license option. However, the project attracted an institutional investor, and its valuation clearly benefited compared to competitors relying on aggressive arbitrage.

AML compliance: common company mistakes

At the group level, owners sometimes try to exploit differences in AML/CFT requirements between countries:

set looser limits and checks in jurisdictions with low regulatory burden;
build a customer-facing front office in one country and risk functions in another where regulations are looser;
apply different KYC standards/CDD procedures depending on the client’s jurisdiction of registration rather than on their actual risk.

COREDO’s practice confirms: regulators and banks increasingly look at compliance risks and non-compliance with regulatory requirements at the consolidated level. If a group declares high standards in one country but uses ‘cheap’ AML in another, it is regarded as regulatory arbitrage and a risk of license loss if violations are discovered.

In a number of projects, the COREDO team built the following model for clients:

uniform minimum AML standards across the group, higher than those in an individual ‘soft’ jurisdiction;
centralized transaction monitoring and customer profiling;
a cross-border compliance function accountable not only to the local regulator but also to the group’s board of directors.

Sanctions risks and regulatory arbitrage

For owners of international holdings, the issue of sanctions has become one of the key drivers of structural changes. Somewho are trying to use regulatory arbitrage within the structure of international holdings to:

transferring assets to jurisdictions with a softer or different sanctions regime;
structuring affiliated chains of ownership and control to reduce the likelihood of directly falling under restrictions.

It’s important to understand:

many sanctions regimes are applied extraterritorially;
banks and financial institutions often apply standards stricter than formal requirements;
regulatory arbitrage and sanctions against beneficiaries ultimately lead to access to banking services becoming significantly more expensive or altogether impossible.

In such cases the COREDO team focuses on sanctions compliance and transparent ownership structures, rather than attempts to hide behind chains of nominee companies.

Regulatory arbitrage: how to build it into strategy

Instead of asking «where can one circumvent regulation», an owner would do better to ask: how to use regulatory differences so as not to conflict with the long-term sustainability of the business and regulators’ expectations.

The approach we use when developing strategies for groups:

Map of jurisdictions and licenses

which licenses already exist;
where the actual business is conducted;
where clients, teams, and infrastructure (including data) are located.

Regulatory risk assessment by scenarios

risk of tightening regulation in key jurisdictions;
risk of retroactive application of certain rules;
risk of consolidated supervision over the group.

Classification of arbitrage decisions

decisions in «green zone» (lawful optimization);
decisions in «yellow zone» (depends on the regulator’s stance);
decisions in «red zone» (high risk of claims and loss of licenses).

Compliance strategy and risk appetite

what level of regulatory arbitrage the business is willing to tolerate;
what processes and policies are implemented for control;
what metrics are used (for example, share of transactions in jurisdictions with elevated regulatory risk, number of regulator inquiries, compliance cost as part of expenses).

Restructuring and exit plan from risky models

conditions under which the group abandons certain arbitrage decisions (regulatory shock, changes in FATF, Basel, IOSCO standards);
steps for transferring licenses, changing data routes, reallocating business functions.

When it’s more advantageous to strengthen compliance than to change jurisdiction

At some point for mature companies the question is no longer how to reduce regulatory burden, but how to ensure predictability.

Visible from COREDO projects: companies that invest in:

strong corporate compliance;
transparent ownership structures;
high-quality AML and sanctions control;

receive:

lower cost of financing;
more predictable relationships with banks and regulators;
higher valuation in M&A deals.

Aggressive regulatory arbitrage can deliver rapid growth, but it also becomes a discounting factor in valuation and a source of risk-focused supervision when a regulator begins to scrutinize the group.

What can be done now

If you already manage an international structure or plan to scale, I recommend at least:

carry out a jurisdictional analysis and a license audit from the perspective of regulatory risk (not just taxes);
check whether there is hidden cross-border regulatory arbitrage between the group’s legal entities;
assess how uniform your AML compliance standards are across the group, rather than being tailored to the «most lenient» country;
prepare for dialogue with regulators: have a legally and economically justified explanation for why functions, licenses, and operations are allocated the way they are.

The COREDO team regularly supports clients at all these stages: from registering legal entities abroad and choosing a jurisdiction for a holding structure to licensing financial services and building a resilient international compliance system.

Regulation changes faster than tax codes. Therefore, in international business those win who view regulatory arbitrage not as a way to circumvent rules, but as a tool for conscious choice: where, how, and under whose supervision it is more advantageous and safer to build long-term business.