AML audit: preparing the company in 30 days

Nikita Veremeev

09.01.2026 | 6 min read

Updated: 09.01.2026

As the CEO and founder of COREDO, I see every day how entrepreneurs from Europe, Asia and the CIS face the challenges of international expansion: from registering companies in new jurisdictions to obtaining financial licenses and ensuring AML compliance. Our experience at COREDO since 2016 covers the EU (including the Czech Republic, Slovakia, Cyprus, Estonia), the United Kingdom, Singapore and Dubai, where the team has carried out hundreds of projects on structuring, licensing crypto and payment services, as well as AML audits. In this article I will explain how to turn these difficulties into strategic advantages, drawing on practical cases and proven approaches.

In COREDO practice we regularly encounter a substitution of concepts: companies consider themselves “ready for an AML audit” having a set of policies and a formally appointed AML officer. For banks and regulators this is not readiness, but a starting point.

Real readiness is the ability to explain every key decision: why a client was accepted, on what factors a risk profile was assigned, how the company responds to anomalies and who is responsible for the final decision.

The absence of this logic most often leads to negative audit findings, even when the documents are correct.

Choosing a jurisdiction for registration and bank onboarding

Illustration for the section «Choosing a jurisdiction for registration and banking onboarding» in the article «AML audit: preparing a company in 30 days»
Registration of a legal entity abroad is not just a formality but a foundation for scaling. In 2025, attractive options remain Cyprus, the UAE (especially Free Zones), Singapore and Estonia: here low bureaucracy, remote registration and access to EU/Asian markets combine. For example, in Cyprus the COREDO team recently registered a holding for a CIS client in 5 days, with a full document package including address verification and beneficiary data. This allowed the client to obtain residency through business investment and open an account in an EU bank without delays.

How banks assess a jurisdiction during an AML audit

Illustration for the section «How banks assess a jurisdiction during an AML audit» in the article «AML audit: preparing a company in 30 days»

During an AML audit, banks and regulators evaluate a jurisdiction not by registration speed but by the regulatory context and predictability of law enforcement.

Cyprus, Estonia and Singapore are perceived as “transparent” jurisdictions with clear AML/CFT rules. At the same time, structures in UAE Free Zones without substance automatically fall into the high-risk segment, regardless of business volume.

At COREDO we always build this logic from the start so that AML audit does not turn into a process of excuses.

COREDO’s practice confirms: Singapore with its MAS Digital Onboarding framework is ideal for FinTech and crypto businesses. We support clients at all stages, from choosing the form (Pte Ltd) to integrating eIDAS for digital identification in the EU. A risk-based approach helps avoid typical pitfalls: in UAE Free Zones registration takes 3 days, but without local substance (office, staff) banks block onboarding. Our experience has shown how actual presence reduces account refusals by 70%.

Why a lack of substance is a key trigger for a negative AML audit

Lack of real presence is one of the most frequent reasons for negative AML audit conclusions. Banks view such structures as a tool to circumvent controls, even if the business is legal.

In COREDO projects we recorded cases where a company with turnover over €10m was rejected solely due to lack of local decision-making. Adding substance (a director, an operational function, an office) changed the bank’s position within 2–3 weeks.

Checklist for registration in the EU and Asia (based on COREDO projects):

Define the purposes: holding, trading or a license (crypto/payments).
Collect documents: passport, proof of address, UBO data (source of funds, PEP declaration).
Check substance: office, local director (for the EU: mandatory since 2024).
Prepare for KYC compliance: banks require a full ownership chain.

Time savings are real — the solution developed at COREDO reduces the process to 2 weeks for Cyprus or Dubai.

Obtaining financial licenses: crypto and payments

Illustration for the section «Obtaining financial licenses: crypto and payments» in the article «AML audit: preparing a company in 30 days»
Licensing: the next step after registration. In the EU (Estonia, Cyprus) crypto licenses are issued under MiCA, in Singapore: MAS, in Dubai: VARA. The COREDO team conducted an AML audit for a client before applying for a payment license in Lithuania: we identified vulnerabilities in transaction monitoring and fixed them within 30 days, which sped up approval by 3 months. Preparation for an AML audit includes an AML risk map and a self-assessment according to FATF standards – this is the standard for bank onboarding.

Why an AML audit is a mandatory step before licensing

Before applying for a crypto, payment or banking license an AML audit becomes not a recommendation, but a necessity. Regulators expect that the company has already tested its AML processes and eliminated basic vulnerabilities.

At COREDO we use a preliminary AML audit as a tool to accelerate licensing: the regulator sees that the company understands the risks and controls them, rather than reacting after the fact.

For forex and banking services in the Czech Republic or Slovakia the key: a risk-based AML approach. COREDO’s practice confirms: the integration of GNN (graph neural networks) and FHE (fully homomorphic encryption) into an AML/CFT program increases audit ROI up to 300% through monitoring automation. A client from Asia received a crypto license in Estonia after our external AML audit, where we implemented digital onboarding via eIDAS and the MAS framework, reducing verification time to 3 weeks.

When AML technologies actually work

Using AI in AML makes sense only with correctly built process logic. Automation does not fix mistakes, it scales them.

At COREDO we first build a risk-based model manually, identifying critical control points, and only then implement GNN or other tools. This approach allows banks and regulators to see a manageable system, not a «black box».

ROI from an AML audit for international companies: reduction of fines (up to €5 million under 5MLD), faster onboarding (from 8 to 3 weeks), increased trust from banks. We calculate it as: (savings on fines + reduced compliance costs) / cost of the audit. For scaling in the EU and Asia investments pay off within 6 months.

AML compliance for a sustainable business

Illustration for the section ‘AML compliance for a sustainable business’ in the article ‘AML audit: preparing a company in 30 days’
Company AML audit – not an option, but a necessity before bank onboarding. Banks check source of funds, PEP status and sanctions lists. Our experience at COREDO has shown: ignoring GNN in AML leads to rejections in 40% of cases, while implementation automates detection of vulnerabilities.

Typical reasons for a negative AML audit

In COREDO’s experience, negative AML audit findings are most often related to the following factors:

absence of a documented decision trail;
formal approach to EDD;
mismatch between risk scoring and the client’s real profile;
weak integration of AML and IT systems.

These problems are rarely noticeable inside the company, but are immediately revealed during an external audit.

For crypto businesses in Europe and Asia we conduct an EU–Asia AML audit with legal Due Diligence, including a PEP declaration and a BO questionnaire (subjects of monetary or valuable assets).

How to conduct an AML audit in 30 days? Steps from COREDO’s practice:

Self-assessment of risks: create an AML risk map, monitor FATF lists.
External AML audit: check transactions, whistleblowing procedures and GDPR integration with AML.
Corrective action plan: automate reporting, implement transaction monitoring in the AML/CFT program.
legal opinion on compliance: confirms readiness for licensing.

Realistic timeline for a 30-day AML audit

In reality, a 30-day AML audit is possible only with a clear work structure:

days 1–5: data collection and interviews with key personnel;
days 6–15: transaction analysis, KYC, sanctions and PEP;
days 16–25: development of a remediation plan;
days 26–30: report preparation and legal opinion.

At COREDO we use precisely this format, which allows companies to approach banks and regulators with a ready position.

A client from Singapore underwent an AML audit before onboarding; we collected source of funds documents, eliminated risks under the 5MLD directives and reduced bank rejections to 5%. Does PEP status affect timelines? Yes — in 2025 it increases scrutiny, but with our PEP declaration the process accelerates.

For FinTechs from the CIS: integrate eIDAS onboarding for the EU and MAS Digital Onboarding for Asia.

Support: from audit to scaling

Illustration for the section «Support: from audit to scaling» in the article «AML audit: preparing a company in 30 days»
COREDO provides a full cycle: registration, licenses, KYC compliance, annual AML audit. We hire local lawyers and accountants, and prepare CARF reporting (automatic data exchange).

Case: a company from Dubai obtained a banking license after our external compliance audit: onboarding time reduced to 3 weeks, and no fines related to BSA-type compliance.

The link between AML audit and scaling a business

A mature AML system directly affects a company’s ability to scale. Banks, investors and partners view results of an AML audit as an indicator of how well the business is governed.

In COREDO projects, it was precisely a successful AML audit that allowed clients to enter new markets without repeat checks and delays.

Long-term risks of weak AML compliance? Account freezes, loss of partners. Is an annual audit worth it? Absolutely – success metrics: onboarding time <3 weeks, fines=0, ROI>200%. Training staff in a risk-based AML approach increases efficiency by 50%.

Checklist for a company’s readiness for an AML audit

Before starting an AML audit, the company must ensure that:

the ownership structure is transparent;
sources of funds are verified;
the AML officer is involved in operational processes;
IT and AML are integrated;
employees are trained in the risk-based approach.

If at least one item is not met, the audit will reveal systemic problems.

Strategic ideas for you: start with an AML audit 30 days before registration in Cyprus or Singapore. Scale without increasing costs through AML/CFT automation. The COREDO team is ready to run a checklist for an AML audit of your business in the EU and Asia: contact us, and we will turn your plans into reality.

AML audit preparing a company in 30 days