COREDO > Compliance Services

Compliance Services

Comprehensive Compliance Services for Regulated Business in the EU

Regulatory compliance is a core requirement for operating a financial business in the EU. Failures in compliance can lead to fines, licensing restrictions, and reputational risks.

COREDO provides end-to-end compliance services — from initial assessment and policy development to implementation, staff training, and ongoing audit. We work with payment institutions (EMI, PSP), CASPs, funds, and other financial market participants.

Get a Consultation

Our Compliance Services

COREDO offers six directions of compliance services, each of which can be implemented as a standalone project or as part of comprehensive support.

AML Audit

An independent review of the company’s internal AML policies and procedures. During the audit, we compare the client’s existing regulations with AMLD requirements, national legislation, and FATF recommendations. The audit results are presented in a report with specific recommendations: which policies need updating, which procedures need implementation, and which risks need priority remediation.

The audit includes assessment of customer due diligence processes, transaction monitoring, internal reporting systems, and the mechanism for detecting suspicious activities (SAR). The report contains not only a list of non-conformities but also a prioritized remediation plan with timelines and responsible parties. AML audit pricing starts from EUR 3,000/year (average cost—EUR 10,000/year depending on complexity), with a turnaround of 30–40 days from the moment all documents are received.

AML Training

Employee training is a mandatory requirement of AMLD for all regulated organizations. COREDO develops training programs tailored to the client’s specific business: sanctions screening, transaction monitoring, customer due diligence, identification of PEPs (politically exposed persons), and recognition of suspicious activities.

Training formats range from one-time workshops to periodic programs with testing and certificate issuance. Programs are developed with consideration of the national legislation of the jurisdiction in which the client operates. We adapt materials for different levels: basic training for front-office staff and advanced training for compliance teams and management.

AML Support & Outsourcing

Complete outsourcing of AML functions for companies requiring a functioning compliance infrastructure without hiring an in-house team. We take on the full cycle: client verification during onboarding, risk profiling, transaction monitoring setup and execution, periodic reviews, and report preparation.

This service is suitable for startups at the licensing stage, companies with low client volume, and businesses scaling operations needing external support during the transition period. AML function outsourcing allows the company to focus on core business while delegating compliance processes to a team with proven expertise. COREDO offers tiered AML outsourcing rates: 5 hours — EUR 550; 10 hours — EUR 1,000; 20 hours — EUR 1,800; 40 hours — EUR 3,200; 80 hours — EUR 5,600.

Customer Due Diligence (KYC/KYB)

Client verification services (Know Your Customer) and counterparty verification (Know Your Business). We conduct a complete spectrum of checks: beneficial owner identification, screening against sanctions lists (EU, OFAC, UN), PEP status verification, and client risk assessment.

CDD is one of the key FATF requirements (Recommendation 10) and is mandatory for all regulated organizations when establishing business relationships, conducting transactions above established thresholds, and when money laundering is suspected. COREDO provides both standard (Standard CDD) and enhanced verification (Enhanced Due Diligence, EDD) for higher-risk clients—PEPs, clients from high-risk jurisdictions, companies with non-transparent ownership structures. We also configure ongoing monitoring processes for periodic updates of existing client information.

Outsourced MLRO

Money Laundering Reporting Officer (MLRO) is a designated person responsible for AML compliance. MLRO appointment is mandatory for most financial institutions in the EU. COREDO provides MLRO outsourcing services for companies requiring a qualified specialist but lacking the capacity or need to hire a full-time employee.

Our MLRO assumes functions including: oversight of AML procedures, receipt and review of internal suspicious activity reports, submission of SARs (Suspicious Activity Reports) to the competent authority, coordination with the regulator, and monitoring of compliance plan execution. COREDO offers AML outsourcing at rates from EUR 80 to EUR 130/hour depending on volume: up to 5 hours—EUR 130/hour, from 20 hours—EUR 100/hour, from 80 hours—EUR 80/hour. MLRO outsourcing in the Czech Republic costs EUR 2,400 + VAT/month (includes a Standard subscription for 20 hours and MLRO specialist remuneration). For other jurisdictions, pricing is determined individually.

Whistleblowing Act Compliance

Setup of internal reporting channels for violations in accordance with the EU Whistleblower Directive (2019/1937). The Directive requires organizations with 50 or more employees (as well as all public sector companies and municipalities with populations above 10,000) to establish protected channels for reporting violations.

COREDO develops and implements a complete package: internal procedures for handling reports, technical reporting channels (written, oral, online platform), feedback mechanisms to the reporter within established timelines, and protection of the reporter from retaliation. For companies with 50–249 employees, the deadline for implementing internal channels expired in December 2023, and the absence of such a system may result in sanctions. In the Czech Republic, the corresponding requirements are enshrined in Act No. 171/2023 Coll. (Whistleblower Protection Act), which applies to employers with 50 or more employees.

Compliance Services Comparison Table

Service	For Whom	Key Outcome	Format
AML/CFT System	EMI, PSP, CASP, banks	Ready-made policies, CDD procedures, monitoring	Project + ongoing
AML Audit	All regulated companies	Report with recommendations, remediation plan	One-time / annual
Outsourced MLRO	Startups, small companies	MLRO function execution, regulatory reporting	Continuous outsourcing
KYC/KYB Screening	Financial companies, M&A	Client and counterparty verification, UBO	On request
Regulatory Support	All licensed companies	Preparation for inspections, policy updates	Ongoing
Whistleblowing	Companies with 50+ employees	Protected channels, procedures, compliance	Project

Jurisdictions

COREDO provides compliance support across several EU jurisdictions, working directly with national regulators:

Czech Republic — ČNB (Česká národní banka). AML legislation: Act No. 253/2008 Coll. (AML Act).

Lithuania — Lietuvos Bankas. One of the most active fintech licensing hubs in the EU.

Poland — KNF (Komisja Nadzoru Finansowego). Including SPI and full payment licences.

Germany — BaFin (Bundesanstalt für Finanzdienstleistungsaufsicht). Strict compliance infrastructure requirements.

Estonia — Finantsinspektsioon. Crypto licensing and payment services.

When necessary, COREDO engages local experts to work with national legislation of other EU jurisdictions.

Our Experts

COREDO’s compliance practice is led by specialists with years of experience working with EU AML legislation.

Grigorii Lutcenko

Head of Compliance. Leads compliance projects and develops AML systems for EMI, PSP, and crypto companies.

Egor Pykalev

Senior Compliance Specialist. Practical experience in CDD, transaction monitoring, and preparing companies for regulatory inspections.

Nikita Veremeev

Founder & NED. Strategic direction of the compliance practice, coordination of major projects.

Case Studies

Case 01CASP Authorisation under MiCA in the Czech Republic.

A Prague-based cryptocurrency company needed a full revision of its AML policies before submitting a CASP authorisation application to ČNB. Existing procedures did not meet MiCA requirements. COREDO performed a gap analysis, updated AML/CFT documentation, implemented automated screening against EU/OFAC/UN sanctions lists, and rebuilt CDD procedures. Result: preparation completed in 2 months; ČNB accepted the application with no compliance findings.

Case 02AML Function Outsourcing for a PSP in Poland.

A small payment institution licensed by KNF had no internal compliance team and needed external support to meet regulatory requirements. COREDO delivered the full cycle: new client onboarding verification, risk profiling, ongoing transaction monitoring, and SAR report preparation. Result: a fully operational AML function was implemented by the external team within 6 weeks, replacing the need to hire three full-time specialists.

Case 03KYC/KYB Systematisation for an EMI in Lithuania.

An EMI licensed by Lietuvos Bankas served corporate clients from 12 EU jurisdictions but lacked a unified counterparty verification standard. COREDO developed a centralised KYC/KYB screening process aligned with the national requirements of each jurisdiction, configured EDD procedures for higher-risk clients, and trained an internal team of eight. Result: application processing speed increased by 60%, achieving full AMLD6 compliance.

Discuss Your Acquisition

COREDO Advantages

COREDO is a team of specialists with practical experience in financial compliance across multiple European Union jurisdictions. We work not with abstract recommendations but with concrete requirements of regulators in the countries where our clients operate.

Specialization in Regulated Companies.

Our clients are payment institutions (EMI, PSP), crypto companies (CASP), investment funds, and brokers. We understand the specifics of each licence type and associated compliance obligations.

Compliance Team.

COREDO’s compliance practice is led by Grigorii Lutcenko (Head of Compliance), with Senior Compliance Specialist Egor Pykalev on the team. The team works with AML legislation of the Czech Republic, Lithuania, Poland, and other EU jurisdictions.

Full Cycle of Services.

From initial compliance maturity assessment to procedure implementation and continuous support. Each project concludes with concrete results: updated policies, configured processes, and documentation ready for regulator audit.

Individual Approach.

Compliance solutions are never universal—requirements vary depending on licence type, jurisdiction, scale of operations, and client base. We formulate the scope of work based on the client’s specific situation. Implementation timelines depend on scope: for example, AIF registration under ZISIF §15 in the Czech Republic takes 1.5–2.5 months, while EMI application preparation takes 3 to 6 months.

Work at the Intersection of Legal and Compliance Services.

COREDO combines expertise in law and compliance, enabling us to offer clients not only regulatory procedures but also legal support—for example, when interacting with regulators, preparing for inspections, or appealing enforcement decisions. Legal and compliance teams work jointly, which accelerates resolution of issues at the intersection of both disciplines.

Experience with Various Regulator Types.

We work with national regulators of multiple EU jurisdictions—ČNB (Czech Republic), Lietuvos Bankas (Lithuania), KNF (Poland)—and understand the differences in approaches, timelines, and requirements of each.

Contact us

Compliance Services Beyond the EU

While COREDO’s primary focus is EU financial regulation, we also support international expansion and cross-border compliance. Our team provides specialist guidance on key non-EU jurisdictions where European companies increasingly operate.

United Kingdom & FCA Compliance

The FCA regulates financial services in the UK outside the EU framework.

Key requirements:

SM&CR — individual accountability of senior management.
FCA reporting (REP, CRIM, RegData) — ongoing regulatory reporting.
Post-Brexit regulation — independent UK AML/financial framework.

COREDO supports FCA reporting, SM&CR implementation, and AML/CFT compliance under POCA 2002 and MLR 2017.

Canada & FINTRAC Compliance

FINTRAC oversees AML/CFT in Canada.

Key requirements:

PCMLTFA — CDD, transaction monitoring, STR reporting.
MSB registration — mandatory for payment and money service providers.
STR reporting — reporting suspicious transactions.
Compliance officer — mandatory AML officer appointment.

COREDO supports PCMLTFA compliance, MSB registration, and STR workflows.

Singapore & MAS Compliance

MAS regulates AML/CFT in Singapore.

Key requirements:

MAS Notices 626/824 — CDD, monitoring, reporting.
Payment Services Act — regulation of payment providers.
TRM Guidelines — technology and cybersecurity risk management.

COREDO implements MAS-aligned AML policies, CDD procedures, and transaction monitoring.

Dubai & UAE Virtual Asset Compliance

Virtual assets are regulated by VARA, DFSA, and CBUAE.

Key requirements:

VARA & ADGM rules — licensing of crypto service providers.
DFSA framework — regulation within DIFC.
CBUAE AML Law (Decree-Law No. 20/2018) — core AML framework.
EDD — enhanced due diligence for clients and UBOs.

COREDO supports licensing, AML/CFT compliance, and EDD procedures in the UAE.

How We Work

Collaboration with COREDO on compliance projects follows four stages.

Initial Assessment

We analyze the current state of the client’s compliance system: which policies exist, how CDD, transaction monitoring, and internal reporting processes are organized, whether an MLRO is appointed, and whether employee training is conducted. At this stage, we determine the scope of necessary improvements and formulate a preliminary project plan.

01

Gap Analysis

We compare the current state with requirements: national AML legislation, AMLD, FATF recommendations, and regulator-specific requirements for the licence type (for example, ČNB requirements for EMI in the Czech Republic or Lietuvos Bankas requirements for crypto companies in Lithuania). The result is a detailed report listing non-conformities, risk assessment, and remediation priorities.

02

Development and Implementation

We update or develop from scratch: AML/CFT policies, CDD procedures, transaction monitoring rules, sanctions screening scripts, SAR templates, and employee training programs. We implement processes and conduct team training.

03

Support and Audit

After implementation—ongoing support: periodic procedure audits, policy updates as legislation changes, preparation for regulator inspections, and consultation on non-standard situations. Compliance is not a one-time project but a continuous process requiring constant monitoring of the regulatory environment. COREDO provides this support throughout the duration of the engagement. The frequency of planned AML audits is determined by the company’s risk profile. For broker-dealers, audit is mandatory annually. Best practice for financial institutions is no less than once every 12 months; for companies with elevated risk profiles (crypto-assets, cross-border payments) every 6 months.

04

Frequently Asked Questions

What compliance obligations does my company have?

The scope of obligations depends on the type of activity, licence, and jurisdiction. In general, all financial institutions in the EU must: implement CDD procedures, ensure transaction monitoring, appoint an MLRO, conduct regular employee training, and maintain internal reporting. Specific requirements are determined by national AML legislation and licence conditions.

How often should AML audits be conducted?

Legislation in most EU jurisdictions does not establish a single schedule but implies regularity. Standard practice is conducting a full AML audit no less than once per year. For companies with elevated risk profiles (crypto-asset operations, cross-border payments, PEP clients), audit every 6 months is recommended. Additionally, audit is necessary upon significant changes in business model or legislation.

What is an MLRO and is appointment mandatory?

MLRO (Money Laundering Reporting Officer) is a designated person responsible for AML compliance in an organization. In most EU countries, MLRO appointment is mandatory for financial institutions. The MLRO is responsible for oversight of AML procedures, review of suspicious transactions, submission of reports to the competent authority, and coordination of inspections. If a company lacks resources for a full-time MLRO, the function can be outsourced.

Do all employees need AML procedure training?

According to AMLD, AML procedure training is mandatory for all employees who may encounter money laundering risks within their work functions. In practice, this means: compliance team, front-office, customer-facing staff, and management. Training frequency is determined by company internal policies but is recommended no less than once per year.

What penalties apply for non-compliance with AML requirements in the EU?

Sanctions vary by jurisdiction but include: administrative fines, suspension or revocation of licence, and public disclosure of violations. Directive (EU) 2018/1673 establishes a minimum custodial sentence of 4 years for serious offences. For natural persons, fines can reach EUR 5,000,000. Legal entities are also liable for violations committed by their employees.

Can COREDO fully take over the compliance function?

Yes. COREDO offers comprehensive compliance function outsourcing: AML procedures, CDD, transaction monitoring, MLRO, training, report preparation, and regulator interaction. Complete outsourcing is suitable for startups at the licensing stage and companies needing functioning compliance infrastructure without establishing an in-house department.

What is the difference between standard (CDD) and enhanced (EDD) verification?

Standard CDD includes client identification, identity verification, beneficial owner determination, and risk level assessment. Enhanced Due Diligence (EDD) applies to higher-risk clients: PEPs, clients from high-risk jurisdictions, non-standard business models. EDD involves additional information gathering, deeper analysis of source of funds, and enhanced monitoring.

What does whistleblowing system setup include?

In accordance with the EU Whistleblower Directive (2019/1937), organizations must establish protected channels for reporting violations. Setup includes: development of internal procedures for report handling, selection and implementation of technical channels (online platform, telephone line, mailbox), ensuring reporter confidentiality, designating a responsible person, and establishing feedback mechanisms within established timelines.

Which jurisdictions does COREDO serve for compliance?

COREDO serves regulated companies across several EU jurisdictions, including the Czech Republic, Lithuania, Poland, and Germany. Our main office is located in Prague. When necessary, we engage local experts for specific jurisdiction national legislation work.

How do I start working with COREDO on compliance?

The first step is a free consultation during which we assess your company’s current compliance status, determine the scope of necessary work, and propose an action plan. Contact us through the website form, email info@coredo.eu, or call +420 228 886 867. Our office is located in Prague.

Contact Us

Unsure whether your compliance system meets regulatory requirements? Get a free consultation from COREDO’s team. We will assess your current status, identify gaps, and propose a specific action plan.

info@coredo.eu | +420 228 886 867