COREDO – EU Legal & Compliance Services Expert legal consulting, financial licensing (EMI, PSP, CASP under MiCA), and AML/CFT compliance across the European Union. Headquartered in Prague, we provide seamless regulatory solutions in Germany, Poland, Lithuania, and all 27 EU member states.
Alena Sharykava
23.03.2026 | 6 min read
Updated: 23.03.2026
Since 2016 I have been developing COREDO as a legal and financial consulting platform with a focus on international markets – Europe, Asia and the CIS. During this time the COREDO team has implemented dozens of projects for company registrations, obtaining financial licenses, setting up AML procedures and launching payment solutions, including crypto acquiring for merchants and fintech providers. I often hear the same request from owners and CFOs: how to set up crypto acquiring for a business legally, transparently and without “workarounds”, in order to control risks, speed up turnover and not get stuck in compliance. Below: my systematic answer.
COREDO’s practice confirms: legal crypto acquiring without schemes – it’s not about a “magic button”, but about a well-thought-out architecture of law, processes, technologies and partnerships. I will show how to build the legal flow of crypto acquiring, which licenses and registrations are needed, how AML/KYC processes are arranged and what is important for integration with PSP, IBAN and liquidity. And most importantly: how to calculate ROI and ensure a compliance-first approach that withstands scrutiny in any jurisdiction.
Why do businesses need crypto-acquiring today?
Crypto-acquiring for exporters and marketplaces has become a tool to speed up international settlements and expand into new markets. Customers expect flexibility, especially in the cross-border segment, and are willing to pay in digital assets if the merchant offers a clear settlement in fiat or stablecoins. At COREDO we see how merchants benefit from reduced card fees and minimized chargebacks, while strengthening transaction control through blockchain analytics.
However, real value appears where AML requirements for crypto-acquiring are met, KYC and KYB for crypto-acquiring are in place, and Licensing and contractual relations are established in advance. Our experience at COREDO has shown: without compliance the crypto channel turns into a source of operational and regulatory risks, while with proper setup it becomes a competitive advantage.
Principles of legal crypto acquiring
The Compliance-first approach and basic principles form the framework for implementing legal crypto acquiring. Next we’ll examine the Legal flow of crypto acquiring, a step-by-step scenario that translates these principles into practice and minimizes legal risks.
Legal process for acquiring cryptocurrency
I start every project by mapping processes. A legal flow diagram for crypto acquiring usually includes: client identification, selection of a wallet provider (custodial or non-custodial), receipt of funds, transaction analysis (KYT), conversion, settlement, accounting and tax reporting. The solution developed at COREDO always describes the roles of VASP/PSP/merchant, the chain of responsibilities, control points and event logs for recordkeeping.
For teams we document threshold values for client verification, escalation rules and SAR: suspicious activity reporting. Such a legal flow addresses questions during audits and banking underwriting, and also speeds up onboarding to correspondent banking relationships for fiat settlement.
KYC, KYB, EDD, KYT and sanctions screening
KYC process management and EDD: not a formality. In crypto payments enhanced due diligence (EDD) is applied to high-risk geographies, new recipients and high-ticket transactions. We use PEP screening and adverse media checks, as well as OFAC and EU sanctions screening for each payment session.
We build transaction monitoring (KYT) rules on behavioral models and velocity checks. We take into account darknet indicators and monitoring of criminal activity, as well as privacy coins and anonymity risks. For blockchain transaction analysis at COREDO we use Chainalysis, Elliptic, TRM Labs, Coinfirm as monitoring tools, integrating them via API into a single dashboard.
AML policy, RBA and regulations
Corporate AML policy for crypto acquiring enshrines the risk-based approach (RBA) to AML for payments: client segmentation, EDD triggers, address white/blacklists, geo-restrictions, transaction speed controls and velocity checks. A comprehensive compliance framework and internal regulations set procedures, roles, deadlines, metrics and SLAs for PSPs and crypto providers.
AMLD5 and AMLD6 requirements in Europe set the baseline, and FATF recommendations and the travel rule for acquiring create the mandatory transmission of sender/recipient data. Implementing the FATF travel rule in acquiring processes requires compatibility with counterparties’ VASP providers and documenting exceptions when the counterparty is a non-custodial wallet.
Personal data protection under GDPR
GDPR and personal data protection in KYC are part of the licensable perimeter. We define data minimization, legal bases (legitimate interest/contract), retention periods and secure deletion. KYC-as-a-Service providers undergo Due Diligence for SOC2 and ISO27001, and data is tokenized for transfer via API.
Licensing and registration: what and where
Licensing and registration in the crypto services sector differ in requirements across jurisdictions, so it is important to understand exactly what and where is required for lawful activity. In the following section we will examine VASP, the registration procedure, compliance obligations and the key factors that influence the choice of place and form of obtaining authorizations.
VASP registration and compliance
VASP registration and acquiring requirements vary by jurisdiction, but everywhere include an AML/KYC policy for crypto acquiring, an internal compliance officer, reporting and independent audit. VASP registration and compliance obligations cover KYB checks for merchants, verification of UBOs and the beneficial ownership structure, and retention of transaction records for prescribed periods.
EU: MiCA, AMLD5/6, PSD2/EMI
Licensing of crypto acquiring in the EU is changing under the influence of MiCA, and the impact on crypto acquiring in the EU is already being felt. MiCA implementation: main consequences: harmonization of requirements for crypto services, tightening of rules for stablecoins and doubled attention to reserves (proof of reserves and proof of solvency requirements). PSD2 interaction with traditional PSPs and EMI license and electronic money in the EU remain key for fiat onramp/offramp solutions, especially when integrating with IBAN bank accounts.
Singapore and Hong Kong
licensing in Singapore and Hong Kong for crypto services focuses on risks to retail customers and market protection. At COREDO we build models with access restrictions, transparent T&Cs and reporting within local guidelines, which simplifies coordination with banks, opening corporate accounts and access to local PSPs.
Regulatory sandboxes in the CIS
Regulatory sandboxes (regulatory sandbox) for payment providers allow piloting solutions with a limited scope and set of controls. regulatory requirements in the CIS and local differences relate to token status, record keeping, KYC thresholds and tax classification. The COREDO team prepares legal opinions for banks and providers, which speeds up integrations.
How to avoid regulatory arbitrage
Avoiding regulatory arbitrage: a mature business strategy. I advise aligning standards to the most stringent markets (EU/Singapore) and scaling globally, instead of ‘patching’ local holes. This approach reduces the cost of changes as you grow and strengthens the trust of banking partners.
Payment architecture: wallet – IBAN
The architecture of the payment solution covers the entire flow of funds: from the wallet to working with IBAN, combining business logic and infrastructure. Below we will examine the key elements: integration with PSP, organization of IBAN processing, and the on/off-ramp mechanisms that provide entry and exit to the banking network.
PSP, IBAN and on/off-ramp integration
Payment integration of crypto acquiring with PSP is built around transaction routing, status monitoring, reconciliation and reporting. We handle the process of obtaining a bank IBAN for the merchant and correspondent banking relationships for fiat settlement taking into account the bank’s AML requirements and the origin of funds. We include fiat onramp/offramp solutions in the scheme so that the client receives convenient fiat settlement at the output when using crypto acquiring.
Custody model for the merchant
The custody model for the merchant in crypto acquiring defines operational and legal risks. Custodial and non-custodial wallets allocate responsibility differently; hosted wallets and operational risks require serious assessment of SLAs and fallback procedures. Self-custody solutions and merchant responsibility complicate access control, so we design multisig and key management, and for smart contracts we order independent security audits and smart contract security reviews.
Settlement and liquidity
Liquidity management and conversion between stablecoins and fiat are critical for pricing and taxes. Settlement via stablecoins reduces time and fees, and on the fiat side we connect liquidity pools and liquidity aggregators, market makers and OTC desks for corporate settlements. We take into account on-chain vs off-chain settlements and, when necessary, use atomic swaps and OTC solutions for large tickets, synchronizing rates and exchange pairs for settlement.
API and webhooks performance
Integration of crypto acquiring APIs and webhooks must account for API rate limits and scaling issues. Latency and TPS in payment flows we measure in pilots, building SLA and fallback mechanisms. API webhooks, callbacks and settlement reconciliation are designed so that data is logged and flows into accounting with minimal manual work.
Analytics and anti-fraud
Transaction analysis and fraud monitoring include behavioral models, blacklist addresses, velocity, geo and multi-accounting patterns. Reducing chargebacks and fraud with crypto payments is achieved through a combination of KYT, sanctions screening, limits and escrow and conditional settlements in crypto payments for transactions with delayed confirmation. We implement transaction rate controls and additional checks for anomalies so as not to block the entire flow.
Legal aspects of agreements
Contractual and legal nuances often become a key barrier when vetting partners and formalizing relationships with a merchant. An analysis of merchant underwriting and counterparties will help systematize risks, documentation requirements and terms of cooperation.
Merchant and counterparty underwriting
The merchant underwriting process and checklists include the business model, geographies, traffic sources, marketing, complaints, chargebacks, and counterparty checks. Verifying beneficial owners (UBO) during acquiring ensures structural transparency and mitigates the risks of sanctions and money laundering.
Contract terms and liability
Contractual terms and the merchant agreement define risk allocation, fees, settlement timelines, measures in case of SAR and reporting. Legal agreements: merchant agreement, T&Cs and contracts with custodial providers — we align them to account for proof of reserves and proof of solvency requirements, as well as the parties’ liability for failures and losses.
Document flow and reporting
document flow requirements and record retention cover KYC/KYB files, transaction logs, suspicious activity reports and client communications. Record retention periods and recordkeeping comply with the license jurisdiction, and PSP reporting and SAR obligations are set out in policies and SLAs. The COREDO team configures internal audit and compliance monitoring for regular performance assessment.
Security audit
Security requirements: ISO27001, SOC2 and independent penetration testing and security audits: «must have» for payment providers. SOC2 and ISO27001 for payment providers help pass bank due diligence and accelerate merchant onboarding. We also implement staff training on AML and compliance, incident testing and a recovery plan.
Taxation and Reporting
Taxation requires a thoughtful approach: the chosen scheme determines the level of tax burden and the financial stability of the company. Proper reporting ensures transparency of operations and allows for competent handling of VAT and tax models.
VAT and tax models
VAT and the tax regime for crypto payments depend on the jurisdiction and the status of the asset. In the EU there is potentially an obligation to charge VAT on goods/services when settled in cryptocurrency, and the “rate” is fixed at the moment of acceptance. Taxation models in the EU and Asia for legal entities differ, which requires international tax reporting on crypto payments and alignment of methods for recognizing income and expenses.
Corporate Accounting and Settlements
Taxation of crypto payments for companies comes down to fair value assessment, exchange rate differences and recognition of fees. To simplify accounting we propose settlement in fiat for crypto acquiring or via stablecoins with a fast off-ramp, which reduces volatility on the balance sheet and simplifies auditing.
Legal Consequences of Sanctions
Sanctions control and sanctions screening are not up for discussion. The legal consequences of circumventing sanctions for a company include account freezes, contract terminations and large fines. I always choose a compliance-first approach and insist on documenting refusals and reporting in case of attempts to circumvent.
Implementation: marketplaces and exporters
Implementing digital solutions for online stores, exporters, and marketplaces requires taking into account different business models, product categories, and logistical nuances. In the following sections we will examine in detail the practical steps and configurations, starting with online stores, to show how to adapt the approach for each type of seller.
Online stores
Implementing crypto-acquiring in an online store begins with choosing a provider, mapping the user flow, and a custodial solution. Payment integration of crypto-acquiring with a PSP via plugins and SDKs speeds up launch, and support for KYC processes and EDD determines limits and payment methods. For e-commerce it is important to provide dispute handling and chargeback management, even if the risk of returns in crypto is lower.
Exporters and marketplaces
International transfers via crypto-acquiring help marketplaces work with sellers and buyers in different regions. Scaling payment flows and latency is a critical KPI, so we evaluate TPS, rate limits and build processing queues with priorities. For large storefronts liquidity aggregators and exchange pairs for settlement are useful to optimize cost and conversion speed.
Operational models
Operational models: PSP + aggregator vs direct integration differ in control and cost. PSP + aggregator reduces time-to-market and mitigates integration risks, while direct integration provides flexibility but requires more internal expertise. At COREDO we model both schemes taking into account CAC / LTV and the economic model of crypto payments to choose a strategy for your goals.
Assessment of Effectiveness and Risks
Assessment of a project’s effectiveness and associated risks is a necessary practice before any investments and scaling. In the following subsections we will focus on ROI and unit economics, which provide concrete metrics for decision-making and for comparing expected returns with potential risks.
Unit Economics and ROI
Assessment of return on investment (ROI) in acquiring is built on saved card commissions, reduced declines, geographic expansion and turnover acceleration. The ROI assessment from implementing crypto-acquiring is complemented by decline metrics, checkout conversion and compliance costs. Transaction cost and commission modeling take into account the network, provider, liquidity and the settlement currency, with part of the costs offset by a reduction in chargebacks.
Risk Management
risk assessment for crypto-acquiring includes regulatory, banking, technological and reputational factors. I record a risk register with metrics and a mitigation plan: KYT, sanctions screening, undergoing audits, proof of reserves at partners, smart contract control, backup gateways and liquidity reserves. Avoiding “gray schemes” in crypto-acquiring is a mandatory condition for long-term partnership with banks and PSPs.
COREDO case studies: what validates our practice
In the EU the COREDO team launched crypto-acquiring for a B2B marketplace in the industrial equipment sector. We registered a VASP, built PSD2 interaction with traditional PSPs and connected an EMI for IBAN accounts. The project included KYB checks for merchants, verification of UBOs and the beneficial ownership structure, integration of Chainalysis and sanctions screening, which simplified bank underwriting and sped up fiat settlement.
In Singapore COREDO supported a fintech company with a licensing roadmap, a custody model based on hosted wallets and multisig for corporate accounts. We implemented transaction monitoring rules (KYT), EDD for high-value tickets and an escrow scheme with proof of solvency at the custodial provider. The result: reduced transfer times to minutes and lower operational risks thanks to SLAs with multiple liquidity providers.
In Dubai our client — an international marketplace — chose an operational model of PSP + aggregator for a fast launch in Europe, Asia and the CIS. COREDO’s solution included a regulatory sandbox pilot, AML and compliance staff training, internal audit and compliance monitoring. Additionally we integrated an OTC desk for corporate settlements and developed a policy on privacy coins and anonymity risks.
Launch plan with COREDO
- Diagnosis and strategy. I assess the business model, geographies and risks, clarify market requirements (Europe, Asia, CIS) and select the jurisdiction for registration and licensing. At this stage we create a legal-flow diagram for crypto-acquiring and set target KPIs for latency, TPS, cost-per-transaction and ROI.
- Company incorporation and licensing. The COREDO team handles registration in the EU, Czechia, Slovakia, Cyprus, Estonia, the UK, Singapore or Dubai. We include VASP, engage with regulators, use regulatory sandboxes when necessary, and document compliance obligations and internal procedures.
- Banking infrastructure and PSP. We prepare the merchant underwriting dossier, open IBANs and set up correspondent banking relationships for fiat settlement. In parallel we integrate PSPs, agree PSP reporting responsibilities and define SLAs.
- Custody and liquidity. We choose custodial and non-custodial wallets, configure multisig and key infrastructure, and perform security audits. We connect liquidity aggregators, market makers, OTC solutions and define on-chain vs off-chain settlements and settlement via stablecoins.
- AML/KYC/KYT framework. We develop AML/KYC policies for crypto-acquiring, KYC thresholds, EDD, the travel rule and SAR procedures. We integrate KYC-as-a-Service providers, Chainalysis/Elliptic/TRM Labs/Coinfirm, sanctions screening and PEP/adverse media checks.
- Integration and testing. We implement crypto-acquiring API integrations and webhooks, configure API webhooks, callbacks and settlement reconciliation, test API rate limits and latency. We check load, TPS and watchdog timers, and eliminate bottlenecks.
- contractual relationships. We agree legal agreements: merchant agreement, T&Cs, contracts with custodial providers, proof of reserves/solvency, escrow. We define document flow and recordkeeping requirements and retention periods.
- Launch and monitoring. We include dispute and chargeback management, internal audit and compliance monitoring, regular penetration testing and security audits. We maintain a compliance-first approach and prepare international tax reporting for crypto payments, taking into account VAT and local rules.
Choosing a crypto-acquiring provider
I look at the following criteria: licenses and VASP registration, compatibility with MiCA/AMLD6, presence of SOC2/ISO27001, depth of AML/KYT tools, access to liquidity and stable settlement. Important are SLAs for PSPs and crypto providers, transparent fees, scaling of payment flows and latency, resilience to API rate limits and fallback channels. I separately evaluate integration of crypto acquiring with IBAN bank accounts and the availability of fiat onramp/offramp solutions, as well as the process of obtaining a bank IBAN for the merchant.
I avoid providers that offer a “quick start” by circumventing procedures and using “grey” schemes. Avoiding regulatory arbitrage and having an honest dialogue with banks and regulators is the only strategy that works long-term, predictably and with growing trust capital.
Technologies for automating compliance
To accelerate operations we use technologies to automate compliance (RPA, ML) that eliminate manual checks, classify risks and generate alerts. Integration of DeFi rails: we analyze risks and compliance selectively, limiting channels by geography and tokens and requiring demonstrable counterparty controls. This stack increases throughput without risk creep.
Frequently Asked Questions from Clients
- How to set up crypto acquiring for a business if there is already a PSP and an IBAN? We assess existing contracts, define PSD2 interactions, supplement AML and KYT, connect an on/off ramp and align reconciliation processes. This route is often the fastest.
- What to do with privacy coins? We either exclude them entirely or introduce strict limits and EDD with mandatory blockchain analysis. The decision depends on jurisdiction and the risk profile.
- How to calculate ROI? We factor in CAC / LTV and the economic model of crypto payments, transaction costs and fee modeling, and the impact on turnover and checkout conversion. The return on investment (ROI) for acquiring is set as a KPI before launch and checked quarterly.
Markets for deployment in Europe, Asia and the CIS
In Europe, MiCA sets a baseline, and businesses benefit from predictability. In Asia, Singapore and Hong Kong are strong, with transparent rules and access to world-class liquidity. In the CIS, local regulatory requirements and banking integrations are important; we take local differences into account, build a compatible AML framework and provide legal support for crypto acquiring at every stage.
Why COREDO Is a Reliable Partner
The COREDO team can combine legal frameworks, licenses, banks, technologies and operations into a single working mechanism. Our experience at COREDO has shown: when compliance is embedded in the product, rather than stuck on from the outside, crypto-acquiring becomes a growth driver, not a point of vulnerability.
We candidly discuss limitations, propose lawful workarounds, and take on the heavy lifting of integrations and negotiations with banks and regulators.
Conclusions
Crypto acquiring: a mature instrument with clear rules of the game, if a compliance-first approach to crypto acquiring is made a priority.
MiCA, AMLD5/6, FATF and the travel rule do not slow down business, but provide a predictable framework into which growth, scaling and international transfers via crypto acquiring can be integrated. COREDO helps navigate the entire path: from company registration and VASP to API integration, custody setup, KYT and tax reporting, maintaining transparency and manageability.
If you are considering crypto acquiring for an online store, export business or marketplace, start with architecture and licenses, then establish AML/KYC/KYT, and then connect liquidity, IBAN and PSP. The solution developed at COREDO will give you legal crypto acquiring without shady schemes, controlled risks, predictable settlement and measurable ROI.
I am open to discussing your goals and, together with the team, will propose a practical launch plan tailored to your markets: Europe, Asia and the CIS.