COREDO – EU Legal & Compliance Services Expert legal consulting, financial licensing (EMI, PSP, CASP under MiCA), and AML/CFT compliance across the European Union. Headquartered in Prague, we provide seamless regulatory solutions in Germany, Poland, Lithuania, and all 27 EU member states.
Alena Sharykava
20.03.2026 | 6 min read
Updated: 20.03.2026
I often start strategic sessions with one question: what exactly does your bank, payment provider, or crypto‑licensable company consider normal for your account? The answer is the “expected activity” — a recorded, verifiable and auditable picture of what types of transactions are typical for you. Since 2016 the team COREDO has been supporting the registration of legal entities in the EU, the UK, Singapore and Dubai, helping to obtain financial licenses and building AML‑programs so that “expected activity” is not a formality but a practical tool for reducing risk and speeding up compliance.
Our experience at COREDO has shown: a properly described and managed expected activity shortens onboarding time, reduces false positives in monitoring, lowers operational costs and strengthens relationships with banks and regulators. Below is my practical map: what expected activity in AML is, how to form it, digitize it and use it for international business in Europe, Asia and the CIS countries.
What is the expected activity and where is it needed?
Expected activity is a formalized expectation of the volume, frequency, geography and purpose of a client’s payments. In AML this term works as a linking element between KYC, KYT, source of funds assessment and transaction monitoring. In simple terms it is an expected activity statement that the client signs at onboarding: ranges of monthly turnover, average and maximum transaction amounts, main counterparties and countries, currencies, typical scenarios (for example, 30% prepayment, balance on delivery).
Expected transactional activity is not limited to numbers. It reflects client behavior models, takes into account seasonality, transaction speed (velocity monitoring), multi-currency operations and the product delivery cycle. At COREDO I insist that the expected activity for legal entities be based on the business model and supporting documents: contracts, invoices, price lists, logistics, ERP/CRM.
For small businesses, expected activity helps set realistic limits and explain to the bank why, for example, ten small incoming payments per day is normal, while one hundred in one hour is a red flag. For e‑commerce and marketplaces the profile is even more detailed: returns, chargebacks, platform fees, spikes during peak periods. For payment providers expected activity is built on merchant micro-profiles and industry benchmarks.
AMLD and FATF: regulatory context
Expected activity in the context of AMLD and FATF is not a wish but part of the risk‑based approach. The expected activity policy is part of the AML program, complements KYC/EDD, KYT, PEP and sanctions screening, and should align with onboarding and offboarding procedures. Regulators expect a provider to be able to explain the logic behind thresholds, document deviations and file SAR/STR in a timely manner.
Expected activity and KYC go hand in hand: you cannot assess a client’s risk without understanding the source of funds and the expected turnover. UBO checks and their impact on activity limits are critical for corporate structures with ownership chains. When dealing with PEPs and high‑risk UBOs I impose restrictive limits, enhanced monitoring and shortened review intervals.
In account banking services and company registration in the EU, banks often require an expected activity statement already at the pre‑approval stage. A mismatch between actual activity and the declared parameters is one of the reasons for rejecting the expected activity and, ultimately, for service loss: non‑compliance leads to account closures. COREDO’s practice confirms: timely profile updates and documenting the rationale ease pressure during regulatory inspections.
SLA parameters in AML — verification time, time‑to‑onboard, case closure — directly depend on the quality of your expected activity policy. If the policy clearly describes threshold activity values and their configuration, you close cases faster and escalate cases to the second level less often.
How the expected activity is formed
I recommend starting with a methodology for calculating the client’s baseline activity. Baseline is not a ceiling, but the median of behavior, validated by the context of the business model. The COREDO team uses:
- Analysis of contracts, historical data, and industry benchmarks.
- Linear and nonlinear transaction forecasting models for seasonality and trends.
- Clustering and profiling by client types (SME, marketplace, B2B distribution).
- Anomaly detection to identify rare and atypical patterns.
The Expected activity statement template for the client should be clear and verifiable. Include ranges of monthly turnover, average and maximum payment, number of transactions, currencies, geography of counterparties, share of cash/crypto (if relevant), description of the supply chain. Examples of expected activity descriptions in service agreements are better tied to KYT processes: ‘Supplier X in country Y, monthly 50–80 transactions of 3 000–7 000 in currencies EUR, USD; returns up to 3%’.
The impact of multi-currency activity on the expected activity profile is underestimated. Separate limits by currency, account for exchange rate volatility, correlation of currency pairs and different cut‑off times. Expected activity for multi-currency transfers often requires separate velocity thresholds: rapid chains of correspondent payments can look like ‘spikes’, although this is bundling of dispersed operations.
Straw‑man scenarios are useful for calibration: suspicious patterns and expected activity test the boundaries. For example, a sudden change in the country of incoming funds without a change in invoice logic, or multiple transfers to accounts with common directors. Such scenarios help set up mitigating measures: enhanced Due Diligence when expectations are exceeded, temporary limit reductions, request for documents.
Threshold values / dynamic rules
threshold setup expected activity: this is not a one-off operation. I build the logic of dynamic thresholds and adaptive rules (dynamic thresholds) taking into account seasonality and business growth. For payment providers, adaptive limits are useful; they increase as the merchant is verified and the stability of behavior is confirmed.
Expected activity and transaction monitoring are linked through velocity rules, amount and count limits, and geographic filters. Using expected activity to reduce false positives works when rules rely on a baseline and real business events. At COREDO we run scenario testing and stress tests of the expected activity model on synthetic and real data to see where the system raises alerts without cause.
Performance metrics are mandatory: FPR, FNR, precision, recall, time to alert and time to case closure. Model errors and drift in activity monitoring always occur, the client portfolio changes, and new products appear. Reviewing expected activity as part of the AML plan at least quarterly keeps metrics within target ranges.
Data quality and integrations
I put data quality control for expected activity at the forefront. Empty fields, duplicate counterparties, and currency desynchronization lead to false alerts. Integration of data providers and enrichment (corporate registries, sanctions lists, beneficiaries) strengthens the profile. Integration with ERP/CRM systems to confirm business operations allows quick validation of spikes: the shipment went out – turnover increased, the logic is clear.
Smart tracking, using events (event-driven) to record expected activity, saves time: a price change, launching a new country for sales, onboarding a large client automatically trigger limit updates. Visualization tools for activity patterns make anomalies evident to compliance officers and auditors.
Auditability and action logs when changing expected activity protect the business in disputes: who, when and on what grounds changed the threshold, which documents were attached, who approved it. This is an important element of reporting to the regulator and demonstrating the rationale for expected activity.
Operational processes: cases, remediation
Case management and workflow for exceptions should be simple and fast. When a deviation from expected activity is detected, the system creates a case, pulls in context (KYC, contracts, history), suggests mitigating measures and document checklists. AML automation and remediation tools shorten approval cycles and minimize manual errors.
Preparing SAR/STR when expected activity is not met requires a clear structure: description of the deviation, comparative analysis against the baseline, client documents, assessment of source of funds, findings and escalation. Account risk management based on expected activity includes temporary blocks for specific scenarios, prioritized EDD and, if needed, controlled offboarding.
Rules lifecycle management (rules lifecycle management): an important element of a mature function: launch, test, prod, monitoring, tuning, decommissioning. At the same time I set SLA parameters for compliance: verification time from the alert, target time-to-onboard, case closure deadlines at each level.
Machine Learning and Explainable AI in AML
Machine learning enhances expected activity: anomaly detection, clustering, segment-based customer profiling adjust baselines and dynamic thresholds. Linear and nonlinear transaction forecasting models improve seasonal profiles and reduce surprises during peak periods.
Explainable AI for anomaly models is especially important during regulatory reviews: the officer and the inspector must understand why the alert was triggered. I use interpretability features: feature contributions, contrastive explanations, Shapley values: to show how specific factors caused a transaction to deviate from expected activity.
Detection of synthetic identities and deviations from expected activity relies on KYT connectivity: graph links, unusual fund flows, correlations across devices and IP. In the crypto and fintech segments such linkages reduce “blind spots” and lower FNR.
PEP/UBO, multi‑currency, SME, marketplaces
Expected activity when working with PEPs and UBOs requires additional conservatism. I limit velocities (velocity) for a new counterparty, strengthen geo‑filters and introduce shortened review cycles. UBO checks and the impact on activity limits are especially noticeable in holding structures: limits come from the operating business rather than from the holding as such.
Expected activity for small business accounts takes into account higher variability. We apply adaptive thresholds with a gentle ramp‑up and thresholds by number of counterparties. For e‑commerce and marketplaces the customer’s expected activity accounts for returns and frequent small payments; dynamic rules and KYT are especially useful here so as not to “penalize” normal refunds.
For multi‑currency transfers we introduce separate limits for each currency and cross‑currency checks. The impact of multi‑currency on the expected activity profile requires taking into account bank cut‑offs, correspondent networks and fees; otherwise monitoring will see “anomalies” where there are none.
Tuning compliance: metrics and economics
Practices for tuning rules to reduce false positives: this is systemic work. I compare metrics before and after tuning: FPR, FNR, precision, recall, average time to escalation, average time to case closure. The economics of compliance is important for executives: reducing OPEX through tuning expected activity and process optimization often produces a noticeable effect already in the first quarter.
Expected activity and ROI metrics in compliance must be calculated transparently. The ROI of projects to optimize expected activity consists of reductions in labor costs for alert handling, a decrease in the number of redundant requests to the client, a reduction in losses from service leakage and penalty risks. Risk justification and cost‑benefit when changing activity thresholds help convince the board of directors and shareholders of the need to invest.
Scaling monitoring as the customer base grows means a modular architecture: a data bus, event queues, independent scoring services, horizontally scalable storage. A solution developed at COREDO for one of the European EMIs withstood a doubling of the portfolio without a proportional increase in the compliance team.
COREDO case studies in Europe, Asia and the CIS
Case 1. Payment provider in the EU. Task: reduce false positives by 40% without losing detection quality. The COREDO team implemented profiling of merchant segments, introduced adaptive thresholds and event-driven updates of expected activity when launching new promotions. We added integration with clients’ ERP systems to confirm turnover spikes. Result: FPR −47%, precision +18 pp, time-to-onboard −30%, the regulator approved the methodology and noted the transparency of the rationale.
Case 2. Marketplace in Singapore with expansion into the CIS markets. Problem: seasonal peaks and multi-currency transfers triggered a flood of alerts. COREDO’s approach proved the effectiveness of separate currency limits, velocity models and clustering merchants by behavioral characteristics. We implemented Explainable AI and visualization of activity patterns. Result: drifts were detected early, SARs/STRs were filed on a targeted basis, and cases without a reason disappeared.
Case 3. SME exporter from Central Europe, banking account servicing in the UK and Estonia. Pain point: banks doubted the client’s expected activity due to a long delivery cycle. COREDO’s solution: an expected activity statement detailing invoices, logistics and milestone payments; smart tracking based on shipment events; a 24-hour SLA for reviews. Outcome: the account was opened, thresholds were confirmed, and no service disruptions occurred.
Case 4. Crypto provider in Dubai with an exchange and custody license. Task: expected activity and monitoring taking into account PEP/sanctions and on-chain risks. We configured KYT flows, enriched sources with on-chain analytics, introduced EDD when expectations were exceeded, and rules to detect synthetic identities. Result: the regulatory review passed without remarks, and case closure accelerated by 25%.
Licensing and expected activity
When preparing for payment services licenses (EMI/PI), forex, crypto and banking licenses, the regulator assesses expected activity as part of the risk assessment. I include an expected activity policy for corporate clients in the documentation package: we describe the baseline methodology, dynamic thresholds, SLA, the SAR/STR process, change logs, reporting and governance.
When registering companies in the Czech Republic, Slovakia, Cyprus, Estonia and the United Kingdom, I recommend preparing the expected activity already at the stage of choosing a bank or EMI. This speeds up time-to-onboard and reduces the likelihood of rejection. For Singapore and Dubai it is important to emphasize KYT: Know Your Transaction in conjunction with expected activity and show how you use data enrichment and sanctions screening.
Expected activity for payment providers is often broken down by merchant types. For forex companies and custodial crypto services, regulators expect an emphasis on velocity controls, counterparty geography and deposit/withdrawal limits. For banking licenses, a detailed mapping between source of funds, customer segmentation and account limits.
Disputes over account closure
Legal aspects must not be underestimated. If the bank closed an account because of a mismatch with expected activity, the evidentiary base decides everything: a signed expected activity statement, change logs, cases with the client’s documents, a description of mitigating measures and reasons for escalation. The COREDO team prepares clients for such scenarios by building an audit trail and an appeals procedure.
Specify expected activity in service agreements: the client’s obligations to notify about material changes, SLA for reviewing changes, the provider’s rights to temporarily reduce limits during EDD. This increases predictability and reduces conflict.
Expected activity as a tool
Expected customer activity is not just control but also a service. When thresholds align with real business growth, the customer sees a partnership approach. Expected activity as a tool for customer retention works through predictability: fewer unexpected blocks, faster responses to requests, clear rules of the game.
Expected activity and operational scaling are directly connected. I plan a roadmap of thresholds as we enter new countries and channels. Justified increases in limits after confirming new patterns reduce churn and support expansion without drama in monitoring.
Regulatory reporting: inspections
Expected activity and regulatory inspections require readiness to show documents and figures. In reporting to the regulator and demonstrating the rationale for expected activity it is useful to have:
- Description of the methodology and examples of customer profiles.
- Quality metrics (FPR, FNR, precision, recall) before/after tuning.
- Examples of SAR/STR cases linked to expected activity.
- Logs of threshold changes and approval protocols.
- Results of stress tests and scenario testing.
Regulators value consistency and transparency. When you show how expected activity is integrated into KYT, KYC, sanctions, EDD and case management, the inspection proceeds constructively.
How to organize continuous improvement
I establish the cycle: onboarding, baseline – monitoring – review – tuning – reporting. Expected activity in onboarding and the quarterly review is updated by events: new products, countries, major contracts. Managing the lifecycle by rules preserves stability, even when the business grows quickly.
Automation tools for AML and remediation, visualization and event-driven architecture reduce the burden on the team and accelerate case closure. Scaling monitoring as the customer base grows happens without an avalanche-like increase in headcount, and the economics of compliance remain manageable.
How to set up expected activity
- Start with context: business model, counterparties, logistics, currencies, seasonality.
- Formalize the expected activity statement and sign it with the client.
- Split limits by currencies, countries, and channels; add a velocity threshold.
- Configure dynamic thresholds and adaptive rules for growth and seasonality.
- Enable KYT and data enrichment; integrate ERP/CRM.
- Introduce performance metrics and regular reviews; monitor drift.
- Build case management, SAR/STR processes, and EDD mitigations.
- Ensure auditability: change logs and approval protocols.
- Test straw-man scenarios and stress tests before production.
- Document the policy in the AML program and prepare a package for the regulator.
International adaptation, Europe, Asia, CIS
International cases show: regulators’ expectations are similar, but the emphasis differs. In the EU, the linkage with AMLD and process documentation is important; in Singapore and Dubai, the technological maturity of KYT and model explainability; in the Asian and CIS markets: flexibility for local payment rails and multi-currency support. The COREDO team adjusts expected activity taking into account local regulations and the banking practices of the specific country, from Cyprus and Estonia to the UK and the UAE.
Important for registration and licensing
When registering companies abroad and opening accounts, banks view expected activity as an indicator of maturity. To obtain financial licenses — crypto, forex, payment services and banking — the expected activity policy and its operational implementation demonstrate that you control risks and are ready to scale. This speeds up time‑to‑license and reduces the number of follow-up inquiries.
Conclusions
Expected activity: not a box-ticking exercise. It’s the language businesses use to speak with the bank, the payment system and the regulator. When you clearly articulate how the client will act in transactions, you reduce operational risks, speed up onboarding, decrease false positives and increase compliance ROI. COREDO’s practice confirms: a properly constructed expected client activity is a competitive advantage that works in Europe, Asia and the CIS.
If you are planning to register a company in the EU or an Asian hub, preparing an application for a financial license, or reviewing your AML program, embed expected activity into your process and data architecture. The COREDO team helps develop methodology, configure thresholds and dynamic rules, automate monitoring, prepare reporting and navigate regulatory reviews. Transparent logic, measurable metrics and a controllable operating model turn a requirement into a tool for long-term growth and trust.