Regulators expectations for a risk based approach in AML

Nikita Veremeev

20.01.2026 | 6 min read

Updated: 20.01.2026

When entrepreneurs from Europe, Asia and the CIS countries come to me for a consultation, almost always the same combination appears in their questions: where to register the company, how to obtain the required financial license and how to design AML so that regulators trust it and compliance doesn’t strangle the business.

Over the years that I have been leading COREDO, our team has gone with clients through the full cycle, from the idea of entering the EU or Singapore to a licensed and sustainable financial institution with a functioning risk-based AML model. In this article I want not just to list COREDO’s services, but to show how I think about the strategy of an international business structure and why the integration of registration, licensing and AML gives an entrepreneur a strategic advantage.

Logic of an international business structure

I always start the conversation not with jurisdictions, but with three questions:

1. What is your target market and product (fintech, forex, crypto, payments, B2B services)?
2. Which regulators and banks should trust you in 1–3 years?
3. How ready are you for formalization and transparency – from KYC to regular reporting?

The answers determine:

• where to register the head company (ES, UK, Czechia, Cyprus, Estonia, Singapore, Dubai, etc.);
• where to obtain financial licenses (payment, EMI, forex, investment, crypto licenses);
• how deeply to build the AML function and risk-based approach from the outset.

Registration of legal entities

The COREDO team has for many years been registering legal entities in the EU, Asia and the CIS: both individual companies and entire holding structures. It may seem like a basic service, but it is here that the architecture of the future model is laid down:

• tax consequences;
• substance requirements (office, employees, directors);
• potential regulatory requirements when licensing;
• the banks’ attitude toward your jurisdiction and ownership structure.

Which areas I cover

• Legal form
  For fintech and payment solutions, forms such as private limited / s.r.o. / OÜ and their equivalents are most often chosen, with a clear division of liability and a transparent capital structure.
• Role of particular jurisdictions
  Czechia and Slovakia are convenient for operational centres and local activities in the EU.
  Cyprus, Estonia, Latvia, Lithuania, Poland are often used for financial services, IT, payment solutions and licensed activities.
  United Kingdom: a good platform for international B2B‑services and financial infrastructure, especially in combination with licensing.
  Singapore and Dubai: key points for entering the markets of Asia and the Middle East.
• Practical setup of the process
  The COREDO team takes on the preparation of corporate documents, interaction with registration authorities, support for opening bank and EMI accounts, obtaining information about beneficiaries and their proper disclosure.

Financial licenses: how to build a strategy

obtaining a financial license, one of the most challenging stages. This concerns:

• payment and electronic money (PI/EMI, payment institutions);
• forex and investment services;
• crypto and VASP licenses;
• specialized authorizations for asset management.

COREDO focuses on licenses in EU jurisdictions (Czechia, Cyprus, Lithuania, Latvia, Poland, Germany, France, Switzerland, etc.), as well as in the United Kingdom, Singapore and a number of other countries.

Why Licensing without AML does not work

• risk-based AML model;
• real governance (directors, MLRO, internal controllers);
• the KYC/KYB system, transaction monitoring;
• the quality of internal policies and procedures.

AML and the risk-based approach in practice

In AML regulation, the risk-based approach (an approach based on risk assessment) has long been key. EU regulators, the UK, Singapore and other jurisdictions expect that:

• you understand your own risk profile (countries, products, clients, distribution channels);
• you have a formalized methodology for assessing risks;
• the compliance function’s resources are proportionate to actual risks;
• policies and procedures not only exist, but are applied.

How COREDO builds the AML framework

AML consulting at COREDO: not about “writing a policy just for the sake of a checkbox”. A typical project includes:

• Enterprise-wide risk assessment (EWRA) – a comprehensive risk assessment of the company taking into account countries, client types, products and channels.
• Development of AML/CFT policies and procedures tied to the requirements of the specific regulator (for example, in the EU: taking into account AMLD directives, local laws and supervisory guidelines).
• Establishing processes:
  • client identification and verification (KYC/KYB);
  • classification by risk levels;
  • transaction monitoring and detection of suspicious activity;
  • internal investigations and filing reports with the financial intelligence unit.
• Employee training and setting up regular knowledge updates.
• Support in dialogue with regulators and banks.

Legal and operational support after launch

COREDO was originally created as a company for long-term business support, not just for a “launch”. Today we cover the entire cycle:

• Legal services and protection: from the contractual framework to corporate changes and disputes with counterparties.
• Legal outsourcing – when it is uneconomical for a company to keep an in‑house legal department, but regular support is required in several jurisdictions.
• Legal support for financial institutions and resolution of disputes with banks and payment service providers.
• Registration and protection of trademarks in the EU, the UK and other countries, often in connection with market entry and licensing.
• Accounting outsourcing and financial reporting in accordance with the requirements of the jurisdiction of registration.

Comprehensive project at COREDO: from idea to business

To make it clearer how I organize the work, I will present a typical scenario of a comprehensive project.

Diagnostics and strategy

• Analysis of the business model, geography, and target audience.
• Determining target jurisdictions for registration and licenses (EU, UK, Singapore, Dubai, selected CIS countries).
• Map of regulatory requirements, expectations regarding AML and banking compliance practices.

Registration of legal entities

• Choosing company forms and names, preparing articles of association and corporate agreements.
• Registration in the chosen countries (for example, a parent structure in the EU, an operational fintech center in one of the jurisdictions with a developed regulatory framework).
• Support for account openings (banks, EMIs, payment systems).

Stage 3. Business licensing

• Preparation of a business plan and financial model in accordance with regulator requirements.
• Development of internal policies (including AML/CFT, risk management, IT security if necessary).
• Formation of the key persons team (directors, MLRO, compliance officers), preparation of their profiles and job descriptions.
• Communication with the regulator at all stages.

Building the AML function and operations

• Implementation of KYC/KYB procedures and risk-scoring.
• Setting up transaction monitoring, sometimes using third-party AML platforms, sometimes through the client’s internal solutions.
• Incident management procedures, case management for suspicious transactions.
• Staff training and testing procedures using real scenarios.

Long-term support of the site

• Updating policies and procedures taking into account regulatory changes.
• Support during regulator inspections and audits.
• Legal support for corporate changes and transactions.
• Registration of new trademarks, entry into additional markets, adaptation of the structure.

What to consider when choosing a partner

Entrepreneurs often ask me how to evaluate a consultant when everyone’s website says roughly the same thing. I recommend looking not at slogans but at four things:

1. Depth of expertise in target jurisdictions
   At COREDO the team works every day with company registration and licensing in the EU, Asia and the CIS, not just occasionally.
2. Real experience in the financial sector and AML
   If a consultant has no projects involving payment, crypto-, forex- and other licenses, it will be difficult for them to build a proper risk-based AML model. COREDO’s portfolio is built precisely around such tasks.
3. Integration of the legal, financial and AML units
   When different consultants are responsible for registration, licensing and AML, the client often becomes a hostage to inconsistency. The COREDO team aligns everything within a single logic, from group structure to reporting to regulators.
4. Ability to speak honestly about risks
   I always openly discuss limitations, risks and alternatives. It isn’t always pleasant in the moment, but this approach builds long-term trust.

How to use the article in practice

• registering a company abroad;
• obtaining one or more financial licenses;
• restructuring the AML‑function to align with current regulatory expectations;
• finding a long-term partner for legal and financial support.

• Clearly list your current and target client geographies and products.
• Determine which of the jurisdictions and license types described in the article are relevant to you.
• Assess how formalized your AML system is today and whether it aligns with a risk-based approach.
• Formulate 5–7 key questions you want answers to from a consultant.