COREDO – EU Legal & Compliance Services Expert legal consulting, financial licensing (EMI, PSP, CASP under MiCA), and AML/CFT compliance across the European Union. Headquartered in Prague, we provide seamless regulatory solutions in Germany, Poland, Lithuania, and all 27 EU member states.
Pavel Kos
21.03.2026 | 6 min read
Updated: 21.03.2026
Since 2016 I have been building COREDO as a partnership business for entrepreneurs who need reliable, predictable, and scalable solutions in an international environment. My focus is to make legal and financial infrastructure understandable and operational, whether in the EU, the Czech Republic, Slovakia, Cyprus, Estonia, the United Kingdom, Singapore, or Dubai. During this time the COREDO team has completed dozens of projects for company registration, obtaining financial licenses, and setting up AML/sanctions processes in Europe and Asia, and I see how the quality of sanctions screening affects everything: from onboarding speed to the cost of operational risks.
In this article I have gathered practices that have proven effective in real client cases: payment organizations, forex brokers, crypto platforms, corporate holdings, and fintech startups. We’ll discuss sanctions compliance as a living system: how to choose an architecture, how to calibrate thresholds, how to manage alert triggers, where it makes sense to apply explainable AI, and how to maintain the balance between security and customer experience.
Sanctions and AML: unified rules
Sanctions and AML do not exist separately. In mature organizations sanctions screening is integrated into KYC, PEP and adverse media checks, and is also linked to transaction monitoring. Such an integrated approach helps eliminate gaps in processes and establishes unified sanctions compliance rules across all points of contact with the client and counterparties.
When I say ‘sanctions screening’, I mean checks against OFAC, EU and UN (UN Consolidated List) lists, as well as relevant regional lists and local aggregators. COREDO’s practice confirms: multijurisdictional sanctions control is critical for group structures and cross-border operations, especially when operating in the EU and Asia, where cross-border compliance challenges and the risk of jurisdictional conflict arise.
Our experience at COREDO has shown that a risk-based approach to sanctions is the best framework for decision-making. We rank contexts by factors: the client’s role (UBO, director, agent), geography, product type, transaction volume and nature. This context-based filtering (role, transaction, geography) sets a fair depth of screening and helps restrain customer friction where risks are minimal.
Sanctions screening architecture
Effective screening starts with data. In COREDO projects we pay special attention to client data quality (data quality): normalization of names, addresses and corporate names, deduplication and historical data normalization. Without this, even the best algorithms will “noise”, and the FPR and precision metrics in sanctions screening will fall into the ineffective zone.
We consolidate sources (watchlist consolidation): we integrate APIs of sanctions providers and updates, connect providers of sanctions list data and aggregators, as well as adverse media and registers of legal entities. The solution developed at COREDO provides channel redundancy and fault tolerance, because stopping list updates is a direct operational risk.
Speed is no less important than quality. In onboarding we treat latency and response time as key metrics, especially for fintech and payment institutions. Scaling of the sanctions monitoring system is done horizontally to support peak loads, and access is regulated via role-based access control. We also take data privacy into account during screening (GDPR), conduct a privacy impact assessment and comply with data retention and e-discovery requirements.
Fuzzy matching and multi-factor matching
Most sanctions false positives are the result of inaccuracies in names and translations. We use fuzzy matching for sanctions and name-matching algorithms, combining Levenshtein distance and Jaro-Winkler for string similarity, as well as Soundex and Metaphone to account for phonetics and transliteration. In projects with a high share of Asian names, probabilistic record linkage and careful alias management that accounts for aliases and hyphenated spellings help.
When sanction-identifying legal entities, corporate suffixes and exceptions in matching (Ltd, GmbH, s.r.o., OÜ, etc.) are important so as not to raise unnecessary alerts because of “Company” or “Holdings”. For complex structures we implement entity resolution and beneficial ownership matching at the group level, linking UBOs and affiliated legal entities. Such multi-factor matching rules (name+date+address+UBO) sharply reduce the number of false positives and protect against false negatives in sanctions screening.
The heart of optimization, threshold tuning of matching and the weighting coefficients of matches. We build a thresholds optimization workflow on historical data, apply A/B testing and ROC/AUC analysis to find the balance point between precision and recall. For management reporting, F1-score and FPR are convenient; and for operations: sanctions hit scoring and ranking alerts by risk level.
Managing alert triggers
Even the best algorithm does not eliminate the need for triage of sanctions alerts. At COREDO we build the process as a controlled funnel: automation of sanctions screening filters out low-risk hits, while human-in-the-loop verification of alerts focuses on complex cases. We set SLAs for responding to sanctions alerts so that commercial processes do not stall waiting for a decision.
To reduce false positives we apply whitelisting under the control of a clear policy and logging. Management of whitelists (whitelisting) is performed only after a documented review, and the policy for storing evidence in cases of sanctions hits records all steps: sources, screenshots, contextual assessment and the final decision. Such an audit trail ensures auditability and reporting of sanctions screening and helps with explainable triage rules for compliance managers.
Legal risks of false positives are a separate area of focus. We conduct a legal assessment of the risk of blocking a transaction, prepare explanations for regulators, and in disputed cases we arrange delisting and appeals regarding sanctions. Legal protection against false positives and erroneous blocking of counterparties is possible only with a transparent process and properly collected electronic evidence.
Control in the application of explainable AI
ML: not a panacea, but a powerful tool for optimization. In COREDO projects we implement a customer risk scoring model for triage that takes into account a set of signals: name similarity, connection to the UBO, country risk, negative mentions in the media and the transaction context. Managing the scoring of suspicious matches allows redistributing the workload and reducing the costs of manual verification.
Assessment and validation of machine learning models for compliance include synthetic data and test suites, testing and benchmarking of screeners, regular stress tests and reference scenarios. We track model drift of machine learning models and monitor screener performance in real time, maintaining a feedback loop to improve rules and models. Model governance and compliance model validation ensure explainability and interpretability of ML models and explainable AI for regulators and auditors.
I insist on transparency. Explainable AI for sanctions compliance is mandatory: each model must explain its contribution — why an alert was raised, which factors influenced it, and where the threshold lies. Without this, trust cannot be ensured within the organization or before external examiners.
COREDO Cases: EU, Asia, CIS
Case 1. A payment organization in the EU with fast onboarding. The COREDO team integrated a sanctions screener with KYC and PEP, added checks against OFAC, EU and UN lists, as well as negative mentions (negative/adverse media screening). After data normalization and tuning fuzzy logic we reduced FPR by 42%, cutting the cost of manual review and increasing onboarding conversion thanks to lower customer friction.
Case 2. A crypto platform in Singapore in the process of licensing as a VASP. We implemented multi-factor matching accounting for transliteration of Asian names and alias management, linked sanctions screening with transaction monitoring and beneficial ownership matching. Threshold optimization on historical data and A/B testing increased precision without a notable loss in recall, and explainable scoring enabled passing the regulator’s audit with clear reports and an audit trail.
Case 3. A forex broker in Dubai with multi-jurisdictional risk. The solution developed at COREDO included watchlist consolidation, context-based filtering (role, transaction, geography), entity resolution for corporate groups, and an SLA for triage. We implemented a centralized compliance center while preserving local nuances for individual business units. The result: reduced operational risks during screening and significant savings on manual verification.
Case 4. A fintech in the UK with a focus on GDPR and latency. We conducted a privacy impact assessment, implemented RBAC, and optimized onboarding latency to 300–400 ms per request by caching immutable lists and using a fault-tolerant architecture. We achieved scaling without downtime, and integration of sanctions providers’ APIs and updates ensured data remained up to date without extra load.
Case 5. A holding structure with companies in Cyprus, Estonia and Slovakia. The COREDO team implemented entity resolution accounting for UBO, normalization of names and corporate suffixes, as well as a delisting procedure and sanctions escalation for disputed hits. Reporting was built on metrics like F1-score, ROC/AUC and operational SLAs, which helped the Board of Directors see clear business metrics of the ROI of compliance automation.
Protection Policies and Standards
No technology can substitute for clear policies. We set the allocation of responsibilities according to the 1st/2nd/3rd line of defence model: the business maintains basic data discipline, compliance sets the methodology and monitors it, internal audit conducts an independent review. This framework makes compliance predictable and manageable.
Methodologically, we rely on FATF standards and sanctions recommendations, OFAC guidance and best compliance practices, as well as the EU sanctions framework and local requirements. We keep the focus on GDPR: data minimization, transparency, PIA, access control and reasonable retention periods (data retention). During audits, readiness to engage in dialogue is important: interaction with regulators and preparing explanations relies on a complete audit trail and explainable decisions.
Legal issues are not a formality. I insist on having a legal protection procedure for erroneous blocking of counterparties and an appeal mechanism, especially in high-speed products. When a company can document the process and retain evidence, it not only protects customers fairly but also reduces its own reputational risks and costs.
Outsourcing vs. in-house: how to choose?
In some cases it is more efficient to outsource triage and rule configuration; in others: to develop in-house sanctions screening. The decision depends on the volume of alerts, the complexity of jurisdictions and response time requirements. We often build a combined model: the center of competencies and methodology in-house, while part of the operations is handled by an external team under clear SLAs and transparent reporting.
Centralization of the compliance function vs decentralization: this is about balancing speed and control. Across multiple countries we sometimes centralize sanctions control, leaving local teams the ability to add specific rules. This approach preserves a multi-jurisdictional perspective and avoids duplication of work, and a cost-benefit analysis of compliance automation helps justify investments.
It is important to embed a scalable training process. The COREDO team conducts workshops on explainability, tuning match weighting coefficients, thresholds calibration and managing whitelists. An embedded feedback loop from operations back into the methodology yields a sustainable effect and reduces drift in practices.
Roadmap for Screening Optimization
To turn sanctions compliance into a competitive advantage, I propose a pragmatic compliance roadmap:
- Diagnostics and testing: benchmarking the current screener, sandbox testing of new rules, synthetic data and test sets for validation.
- Data and normalization: quality control, normalization of names/addresses, historical deduplication, alias management and corporate suffixes.
- Algorithms and thresholds: fuzzy logic, Levenshtein/Jaro-Winkler, Soundex/Metaphone, probabilistic record linkage; thresholds optimization workflow, weight tuning.
- Integration and architecture: watchlist consolidation, integration of API providers, fault tolerance, scaling, latency optimization.
- Triage and processes: sanctions hit scoring, automated triage, human-in-the-loop, whitelisting policies, evidence retention policy.
- Models and XAI: customer risk scoring model, explainability and interpretability, model governance, drift monitoring and reporting for auditors.
- Legal and compliance: FATF/OFAC/EU/UN, GDPR and PIA, data retention and e-discovery, legal assessment of blocks, delisting and sanction appeals.
- Metrics and ROI: FPR, precision/recall/F1-score, ROC/AUC, SLA, customer friction and onboarding conversion, cost of manual review and savings.
This sequence works both in banks and in non-bank financial services and corporate holdings. When the steps are transparent and the metrics are clear, investments in sanctions screening can be easily linked to business outcomes and risks.
Sanctions compliance for businesses in the EU and Asia
The maturity of compliance is expressed in concrete advantages. First, reduced operational risks during screening and fewer false positives directly cut costs and free teams for development tasks. Second, the efficiency of automated triage supports SLAs and increases onboarding conversion by reducing customer friction.
Third, legal certainty and audit readiness provide stability in relations with regulators and investors. Multijurisdictional sanctions control creates a manageable platform for regional scaling, without constant overloads of the compliance function and with predictable product time-to-market.
Finally, the business sees a return on investment. When you keep FPR, precision and the cost of manual review under control, the cost-benefit analysis of compliance automation shows how technology and sound methodology turn into measurable ROI.
What to look for when choosing a provider
Over the years I have developed a short checklist for managers:
- Sources and updates: consolidation of lists (OFAC, EU, UN, regional), update frequency, API stability.
- Data and normalization: support for transliteration and name variations, entity resolution, UBO verification, handling of corporate suffixes.
- Algorithms: fuzzy matching, Levenshtein/Jaro-Winkler, Soundex/Metaphone, probabilistic record linkage, configurable weights and thresholds.
- Performance: latency and scaling, fault tolerance and redundancy, real-time monitoring.
- Processes: sanctions hit scoring, triage automation, human-in-the-loop, whitelisting policies, a full audit trail.
- Legal and privacy: GDPR, PIA, data retention, e-discovery, readiness for regulator requests.
- Models and control: explainable AI, model governance, drift monitoring, sandbox and stress tests, reporting for auditors.
This list helps you ask the right questions and see the solution’s real readiness for your requirements, not its marketing shell.
How COREDO addresses sanctions and AML challenges
Many challenges lie «between the lines». We regularly encounter indicators of sanctions evasion: complex corporate groups, shell companies, changes of beneficiaries, transit transactions through «friendly» jurisdictions. In such cases COREDO’s practice confirms the value of linking sanctions screening with transaction monitoring and adverse media, as well as applying multi-factor matching with UBO.
At the strategic level we help determine centralization versus decentralization, build lines of defense and KPIs, eliminate bottlenecks in landing forms (a source of data quality problems) and align SLAs with actual risks. As a result, sanctions compliance becomes part of product strategy: it doesn’t slow growth, but provides predictability.
A Reliable Process: The Foundation of Trust and Growth
Over ten years in international consulting I’ve learned that mature sanctions compliance isn’t about “checking a box” but about sustainable growth. It requires data discipline, sound architecture, clear metrics, managed triage, and explainable models. The COREDO team has turned this into a reproducible approach that works in the EU, Asia, and the CIS countries and scales with the client’s business.
If you see high false positives, unstable SLAs, rising manual verification costs, or difficulties with screening against OFAC/EU/UN lists: that’s a reason to run a diagnosis and build a roadmap. I’m open to a substantive conversation: we’ll analyze your alert funnel, assess the risk-based approach, look at thresholds and algorithms, and then agree on steps that will quickly reduce noise and strengthen trust in your processes.
Sanctions screening must be accurate, fast, and explainable. When it is, it protects the business from legal, economic, and reputational risks, preserves the customer experience, and supports a strategy of scaling in European and Asian markets. This is the kind of support I strive to provide to every project COREDO undertakes.