Since 2016 I have been developing COREDO as a solutions platform for entrepreneurs who build international financial services, crypto projects, payment companies and holding structures. During this time the COREDO team has implemented dozens of projects in the EU, Singapore, Dubai, the United Kingdom, Estonia, Cyprus, the Czech Republic, Slovakia and Canada, as well as in a number of countries in Asia and the CIS. I have seen how the same mistakes slow down launches, and how a properly assembled roadmap saves months and hundreds of thousands. In this article I will collect the working practices and methodologies that we regularly apply, and answer key questions: company registration abroad, choosing a jurisdiction for fintech, licenses (including MSB for cryptocurrencies and payments), substance requirements, opening a business account in the EU, compliance and AML.
Jurisdiction and Structure Selection Matrix
A strong structure starts with the right jurisdiction. I always begin with a jurisdiction selection matrix in which we rank countries across six blocks: regulatory regime, cost and timelines, substance requirements, banking ecosystem, tax predictability, sanctions and reputational risks.
- Regulatory compliance in the EU: clear rules, possibility of passporting for EMIs/PSPs within the EEA, but high expectations for governance and AML.
- Asia (Singapore): strict but transparent MAS policy; suitable for forex/crypto with mature processes; strong ACRA requirements for disclosure of beneficial owners.
- Middle East (UAE): free zone company setup is suitable for growth and tax optimization through free zones; sandbox regulatory regimes help quickly test fintech models.
- United Kingdom and Estonia: a digital ecosystem, fast launch, developed e-residency and digital banking in Estonia; banks meanwhile closely verify proof of address and substance.
I always recommend not skimping on designing the holding structure for asset protection. A holding structure for asset protection may include a European holding company, operating companies in the EU/UAE, and a separate trust for IP. Hybrid structures: Dubai + Poland often provide a balance of tax burden, access to talent and payment infrastructure (in Poland we take into account Poland’s PKD codes for activity classification and NPI/SPI payment schemes).
Registering a company abroad
Preparing corporate documents for the license and the registration itself: not just collecting certificates. Our experience at COREDO has shown: a clear description of the model, NACE codes for the EU, SIC codes for the UK and PKD codes — are part of the risk assessment for the bank and the regulator. An incorrectly chosen code makes the case «high-risk» in the eyes of compliance. I insist on early alignment: business model → activity codes → licenses → banking profile.
Substance requirements for companies have become the standard. To prove substance, banks and regulators expect:
- office (lease/contract, photos, floor plan),
- employees on the payroll with relevant functions,
- local director (if required by law),
- existing contracts with clients/suppliers,
- local accountant and audit (if applicable),
- a substance plan for 12–24 months.
Account opening and due diligence
Opening a business account in the EU is not about “filling out a form”. Banks expect a full due diligence checklist: constitutional documents, UBO structure, a business plan for licensing/operational model, evidence of substance, AML/KYC policies, proof of address, contracts with key counterparties. I prepare the client in advance for typical bank requests and for preparing responses: startup costs, sources of funds, turnover forecasts, payment geography, sanctions risks.
- weak KYC/CDD policy,
- risk appetite incompatible with client geography,
- inconsistent UBO and CRS/FATCA documents,
- insufficient substance and an unconvincing legal opinion for bank due diligence.
Licensing of money services businesses, virtual asset service providers, payment institutions and foreign exchange providers
Authorization to operate: the central element of your strategy. A solution developed at COREDO for fintech‑companies covers roadmaps and preliminary assessments.
When and how MSB outside the EU and FINTRAC
MSB outside the EU is a practical option for crypto exchanges, payment operators and remitters. How to obtain an MSB in Canada? The Canadian model is FINTRAC MSB registration in Canada, not the classic “license”. MSB FINTRAC requirements include:
- definition of service types: money transferring, dealing in virtual currency (MSB for cryptocurrencies),
- appointment of a compliance officer/MLRO,
- KYC/CDD and enhanced due diligence (EDD) for high‑risk clients,
- AML/CTF policy, risk assessment, training, independent review,
- SAR and threshold reports of suspicious transactions (threshold reporting),
- customer due diligence records retention policy.
Canadian MSB procedural compliance usually takes 3–4 months (MSB registration timeline 3-4 months) with ready policies and IT‑controls. Timing and cost of obtaining an MSB depend on product complexity and geography. I recommend conducting an MSB licensing ROI assessment before launch: a cost‑benefit analysis of licensing and an economic model help understand payback (MSB license ROI: payback calculation) taking into account banking fees, IT integrations and team requirements.
VASP in Estonia: crypto‑AML
VASP in Estonia: this is registration/Licensing of virtual asset service providers with enhanced requirements after the reforms. VASP registration process and requirements include:
- local office and board, real substance,
- minimum authorized capital (depending on the model: exchange/custody),
- appointment of MLRO and compliance officer, approved KYC and KYT (Know Your Transaction) policies,
- AML monitoring for crypto-to-fiat flows and transaction monitoring systems (transaction monitoring),
- independent compliance audit and regular reporting.
Payment licenses in the EU and the UK
Obtaining a payment license in Lithuania (Lithuania payment institution regime and requirements): a popular route for PI/EMI: clear capital requirements for payment institutions, a regulator open to innovation and the possibility of passporting across the EEA (passporting vs local licence: when it is advantageous). In Cyprus CySEC oversees forex/CFD (CySEC forex), while the Central Bank of Cyprus decides on PI/EMI; the combination is useful if you are building a brokerage and payments stack.
The UK is traditionally strong in PSP, but banks are stricter about cross‑border payments. I include proof of address and a substance plan in the roadmap, as well as cross‑border payments flows and AML requirements for correspondent banking relationships and their limitation.
Singapore MAS license for forex and crypto
Singapore is a compliance benchmark. The MAS license for forex and crypto requires well‑thought governance, IT‑controls and risk management. Singapore MAS licensing timeline and requirements depend on the license class: for DPT (crypto) and e‑money — a longer fit‑and‑proper check; for capital markets services — a focus on operational risks. ACRA requirements for beneficiary disclosure and a strict reporting culture set a high bar, but allow building a business for Asia with a strong reputation.
Banking licenses: capital adequacy
If your goal is a bank or a large EMI, I discuss Basel III and the calculation of capital adequacy. Capital adequacy under Basel III for banks: the foundation that determines risk‑weights of assets and capital buffers. The timeline for submitting to the CNB for a banking license (Czech National Bank) is usually 12–18+ months. For EMIs and PSPs: separate requirements for capital and internal controls, including liquidity stress tests, the ICAAP/ILAAP procedure and an independent internal audit.
How to build a working AML/CTF program
Compliance and AML for MSBs, PSPs and VASPs are not a set of documents but an operating system. I build the program around FATF recommendations, EU directives and local rules.
- KYC/CDD policies compliant with FATF: risk-based approach, customer segmentation, triggers for EDD.
- Transaction monitoring for payment services: scenarios, thresholds, behavioral patterns; AML risk scoring model for PSPs.
- SAR/STR, transaction limits, CTR and threshold reporting: alignment with local laws (for example, 10,000 as an operational threshold in some jurisdictions).
- Whistleblowing compliance and internal procedures: protected channels, investigations, lessons learned.
- The role of the MLRO and compliance control functions: independence, access to the board of directors, regular reports.
- Compliance program maturity model for ranking: from «ad‑hoc» to «optimized», with KPIs and an improvement roadmap.
- Customer due diligence records retention policy: retention periods and reliability of registers.
- Integration of AML monitoring with payment rails: core events of the payment platform, sanctions APIs, geolocation and device fingerprinting.
The COREDO team implemented AML SaaS solutions and RegTech integrations for companies with intensive P2P and merchant payment flows. As a result, the false-positive rate decreased, alert handling sped up, and regulatory inspections became predictable.
Sanctions, tax and corporate requirements
Assessment of sanctions risks during registration, a mandatory section. I use a jurisdictional risk assessment matrix to choose a jurisdiction and a sanctions risk matrix when working with clients: we cross-check OFAC, EU, UN lists, as well as media risks. Managing sanctions restrictions in international operations includes regular updates of lists, backtesting of transaction samples, and training.
CRS information exchange between tax jurisdictions and FATCA reporting requirements – a standard for banks and EMIs. I verify compliance with the UBO structure: transparency of the beneficial owner and the beneficiaries register, ACRA/EU disclosure, EU Directive 2017/1132 requirements for articles of association (objectives, capital, governing bodies).
COREDO Case Studies
- Canada, MSB for cryptocurrencies. The client planned OTC exchange and payments. We prepared an AML/CTF program, implemented KYT and transaction monitoring, appointed an MLRO, and completed FINTRAC registration of the MSB in Canada. Registration took 3.5 months, the bank approved the account after a legal opinion and a demonstration of case management for SAR. The project reached a positive ROI after 8 months.
- Estonia, VASP and a holding structure. The regulator required enhanced substance: office, board of directors, audit. The COREDO team developed a substance plan, completed e‑residency and digital banking in Estonia as an auxiliary tool, and connected a Swiss account for the holding. The regulatory audit was passed without adjustments.
- Hybrid structures: Dubai + Poland. We linked an operating company in a free zone with a Polish PSP under an NPI/SPI scheme. We set up tax optimization through free zones, provided AML consulting for international business and preparation for bank due diligence in the EU. We opened an account at Emirates NBD for opex and at a European bank for EU clients.
- Cyprus and Lithuania: forex and payments. For a broker we obtained a CySEC forex (CIF) and simultaneously initiated licensing in Lithuania under the payment institution regime. We segmented risks by separating investment services and payments. The combination provided flexibility for EU passporting and local sales.
Licensing timelines and roadmap
I do not start a project without a roadmap for obtaining a financial license. It outlines the stages:
- Diagnosis and business model: NACE/SIC/PKD, license assessment, jurisdictional risk assessment.
- Structure and substance: office, staff, hiring plan, local director.
- AML/CTF: KYC/CDD/EDD, SAR/CTR, sanctions screening, training.
- IT and integrations: AML SaaS, transaction monitoring, case management, reporting.
- Documents: compliance policy, business plan, financial model, contracts, proof of address.
- Submission and communication with the regulator, responses to requests.
- Banking setup, legal opinion, account opening.
- Post-licensing monitoring and periodic audits.
- MSB in Canada: 3–4 months with a ready program (MSB timelines and costs depend on complexity).
- Lithuania, PI/EMI: 6–12+ months, with constructive dialogue with the regulator.
- Singapore, MAS: from 9 months to 18+, especially for DPT/crypto.
- Cyprus, CySEC (forex): 8–12+ months; payment institutions: via the Central Bank of Cyprus.
- Czech Republic, CNB banking license: 12–18+ months.
COREDO applies practical COREDO checklists to launch within 2–3 months where permissible (for example, preparation of documents and compliance before formal submission), to accelerate the initial stages.
Banking and regulatory due diligence
Preparation for banking due diligence: it’s about logic and sequence. I coordinate:
- legal and tax due diligence before registration,
- assessment of CRS/FATCA statuses for all UBOs,
- plan for account openings (EU/Switzerland/UAE),
- exit strategies and restructuring after a refusal (if the risk is high).
The solution developed at COREDO includes templates for responses to banks, risk narratives, a request matrix and a set of evidence of substance. For correspondent banks, we predefine permitted geographies and MCC codes, set transaction limits and specify the process for stopping suspicious transactions.
Post-licensing support
A license is a start, not a finish. Ongoing compliance advisory and fixed-fee support keep the program up to date. Post-licensing monitoring and periodic audits include:
- internal audit, regulatory audit and preparation for inspections,
- updating KYC/CDD and EDD procedures,
- integration of whistleblowing and internal investigative practice,
- refresh of sanctions lists and AML program KPIs,
- updating capital requirements for payment institutions and reporting.
Brief checklists and best practices
- Before registration:
- Compare the business model against NACE/SIC/PKD.
- Create a jurisdictional risk assessment matrix and a sanctions matrix.
- Prepare a business plan, financial model, proof of address, and substance plan.
- For licensing:
- Collect KYC/CDD/EDD policies, AML/CTF per FATF, SAR/CTR, and retention records.
- Appoint an MLRO and a compliance officer with relevant experience.
- Set up transaction monitoring, KYT, sanctions screening, and case management.
- For banks:
- Obtain a legal opinion; verify the UBO structure for CRS/FATCA.
- Prepare responses to standard queries and sources of funds.
- Choose a bank according to geography and risk appetite, and provide for a backup account.
- For crypto/fintech:
- Check VASP requirements and the MTF framework (if there is an asset market).
- Ensure crypto AML controls and an independent audit.
- Calculate the ROI of an MSB license and compare it with alternatives in the EU/Asia.
What Really Works
If you are building an MSB for cryptocurrencies, planning a VASP in Estonia, aiming to obtain a payment license in the EU or a MAS license in Singapore: you are already on the right track when you look at requirements holistically: from NACE/SIC/PKD to AML SaaS and Basel III. The COREDO team prepares not a “folder of documents”, but an operating system of compliance and banking relationships that withstands growth.
Conclusions
If you need a practical plan – from a jurisdiction-selection matrix to a regulatory audit and account openings, give us the context of your model. I will involve COREDO experts on licensing, AML and banking due diligence, and we will assemble a roadmap that will lead to a license and a sustainable operating model.