COREDO – EU Legal & Compliance Services Expert legal consulting, financial licensing (EMI, PSP, CASP under MiCA), and AML/CFT compliance across the European Union. Headquartered in Prague, we provide seamless regulatory solutions in Germany, Poland, Lithuania, and all 27 EU member states.
Grigorii Lutcenko
23.03.2026 | 6 min read
Updated: 23.03.2026
Since 2016 I have been building COREDO as a platform for pragmatic legal and financial consulting that truly values speed, predictability and quality. The COREDO team supports registrations and licensing in the EU, the United Kingdom, Singapore, Dubai, the Czech Republic, Slovakia, Cyprus and Estonia, as well as projects from countries in Asia and the CIS that need access to European and international financial infrastructure. Over the years I have repeatedly seen how a competently designed crypto onboarding for corporate clients at a bank turns from a barrier into a catalyst for business growth.
I view bank crypto onboarding as a collaborative engineering project. It requires precise alignment of the client’s operating model, regulatory expectations and the bank’s risk appetite. The solution developed at COREDO combines regulatory expertise (FATF, EU AMLD5/AMLD6, Travel Rule, GDPR), advanced on-chain analysis (Chainalysis, TRM Labs, Elliptic) and document structuring so that the bank’s compliance team is left with no “blind spots”. In practice this saves months and turns the process into a predictable roadmap with clear SLAs.
Banks’ requirements for crypto companies
Banks manage credit, operational and reputational risks, and crypto-assets traditionally fall into the “elevated” segment of the risk profile. COREDO’s practice confirms: as soon as a bank sees a transparent model for controlling sources of funds, a manageable sanctions risk and mature transaction monitoring, its stance becomes constructive. It’s a matter of evidence, not of attitude toward the industry.
On the bank’s side a trigger logic operates: sanctions lists and screening for cryptocurrency, PEP screening and contextual risks, scenarios for million-dollar and suspicious transactions, plus integration of AML systems with blockchain analytics providers. Our experience at COREDO has shown that a proactive set of documents and on-chain Due Diligence close up to 70% of typical questions already at pre-screening.
From prescreening to servicing
I always divide the onboarding of crypto companies at a bank into four phases. In presale we shape the client’s position: licenses/registration of VASP, corporate structure, UBO, KYC for crypto companies, AML for cryptocurrency clients, Travel Rule and custody policies. Next the COREDO team implemented the technical preparation: audit of internal KYC/KYB, on-chain due diligence and blockchain forensics, test reports from Chainalysis/Elliptic/TRM Labs and proofs of control over addresses.
The third phase: delivery of the dossier to the bank with alignment of risk appetite and the operating model. SLA, TAT and predictability of responses are important here, so I build in a buffer for clarifications on transactional scenarios and API integrations for real-time monitoring. The final phase: transition to BAU mode with KPIs for the client and the bank: share of false positives, MTTR for alerts, monitoring throughput and latency, stability of liquidity sources.
Regulatory guidelines: the bank’s expectations
It’s important to me that the bank’s compliance team sees a clear compliance map. We systematically link regulatory expectations on KYC for virtual assets with FATF Guidance, EU AMLD5/AMLD6 and national rules in the EU, UK, Singapore and the UAE. When it comes to VASP registration and Licensing in the EU and Asia, I parallel this with requirements for capital, internal audit, staff training and independent reviews.
Travel Rule and interbank data exchange are a separate block. I lay out the scheme for transferring sender/recipient attributes, justify the choice of a Travel Rule compliance provider and show how the bank’s policy and the client’s policy align on formats, retention periods and GDPR.
Documents for onboarding a crypto startup
For European banks, structure and completeness are important. In the basic package I include corporate documents and UBO disclosure, confirmation of VASP registration/license (if applicable), AML policy and compliance programs, including the EDD procedure and risk threshold values. Verification of the crypto client’s source of funds and the requirements for source of wealth (SoW) documentation for founders and key beneficiaries play a significant role.
The technical section contains the whitepaper and business model, wallet architecture, key and access management policy, standards for secure key storage and HSM. I add blockchain analytics reports with analysis of wallets and transaction histories, transaction monitoring scenarios, evidence for the Travel Rule and procedures for confirming control over wallet addresses.
Bank checklist: onboarding a crypto client
Banks operate using systematic questionnaires, and I prepare the client to answer fully and calmly. A comprehensive checklist of bank questions about wallets and custody solutions includes the self-custody vs custodial wallets scheme, the level of asset segregation and reserve arrangements. Bank questions about the KYC processes of partners and subcontractors crypto companies focus on end-to-end verification of the liquidity chain and contractual guarantees.
The format of bank questions about the operational model of a crypto company usually touches on jurisdictions of presence, interaction with centralized exchanges and liquidity providers, projected volumes and peak load. Questions about corporate structure and European/Asian jurisdictions require a clear ownership ontology, procedures for identifying the UBO and an assessment of links to offshore structures and ownership chains.
How the bank verifies on-chain history
The bank matches off-chain information with an on-chain profile. The COREDO team prepares an on-chain narrative: key addresses, the role of smart contracts, routes, risk levels and filtering by high-risk counterparties. Blockchain analytics: Chainalysis, Elliptic, TRM Labs – the three pillars I work with daily. Integration of the bank’s AML systems with blockchain analytics providers happens via API, and we model false positives in advance and select acceptable alert thresholds.
Which sanctions and PEP checkers the bank uses for crypto clients is a matter of screening architecture. We reconcile lists and contextual sources, take into account restrictions by the country of origin of funds and geo-blocks, and document the escalation logic. At the same time we describe EDD (Enhanced Due Diligence) practices for crypto clients, including OSINT, court and regulatory records, as well as checks of incident history.
GDPR and storage of crypto-onboarding data
Data retention and GDPR requirements for crypto onboarding are coming to the forefront in the EU and UK. I define data minimization, legal bases for processing, retention periods and an access policy for compliance and information security. API integration for real-time monitoring requires a DPIA, as well as controls and logging for a compliance audit so that internal and external auditors receive reproducible artifacts.
COREDO’s practice confirms that when a bank sees a deliberate data model and a mature privacy policy, some risk issues are automatically resolved. This reduces TAT in onboarding and increases the conversion rate without sacrificing control quality.
Bank and Client Compliance in DeFi
Decentralized protocols are a source of increased risk due to pseudo-anonymity and the absence of centralized intermediaries. I describe how to assess the compliance of DeFi projects with banking requirements: audits of smart contracts and cybersecurity, independent reports, KYP (Know Your Product) for tokens, and the legal qualification of tokens and regulation in the relevant jurisdictions. Combined approaches work well here: the risk rule + behavioral analysis, especially for high-frequency flows.
How a bank assesses the risks of stablecoins and tokenized assets: through the issuer, reserves, jurisdiction, and transparency of reporting. Questions about fiat acceptance and crypto-to-fiat conversion should be linked to correspondent banks and an analysis of payment routes and correspondents. When a client demonstrates liquid and verifiable conversion paths, the bank can more easily calibrate limits.
Custody, keys and address verification
Custody solutions and custodial providers come under a bank’s scrutiny through questions about key management and access in corporate wallets. I break down Self-custody vs custodial wallets: bank requirements depend on segregation, multisig, use of HSM and recovery procedures. Methods of proving control over private keys include signed messages, transactions with minimal amounts, verification via providers, and tools for verifying digital signatures and DID.
A bank’s checklist of questions about wallets and custody solutions always covers exit/liquidation plans and token liquidity. We include client exit scenarios and account closure procedures so the bank can see the service lifecycle from onboarding to offboarding.
KYB and UBO: how to mitigate risks
The KYB process for cryptocurrency companies requires a transparent ownership structure, confirmed UBO control and verified reputations of directors and officers. UBO and corporate rights verification is the basis for decision-making, and here COREDO prepares a comprehensive ownership map with evidence of rights and economic interests. Questions about UBO (ultimate beneficial owner) identification procedures are resolved with unified dossiers so the bank can quickly reconcile the facts.
What evidence of source of funds and wealth the bank requests depends on the client’s profile and the beneficiary’s country of residence. These usually include dividends, business income, realized assets, supported by tax filings and verified payment flows. We link SoF/SoW with the on-chain profile so there are no gaps between blockchain analysis and bank statements.
Cross-border tax component
Which questions a bank asks about tax reporting and cross-border fund flows depend on the jurisdictions in which activity is conducted. I demonstrate compliance with CRS/FATCA, the rules on economic presence and the transparency of money routes. Assessment of connections with offshore structures and ownership chains goes together with analysis of payment routes and correspondents to eliminate “black boxes” along the funds’ path.
regulators in the EU/UK/Asia expect comprehensive reporting, and reporting requests to regulators in the EU/UK/Asia when working with a crypto client are easier to resolve if the client has initially built a single registry of transactions, tax events and sources of funds. I include such a registry in the mandatory minimum for medium and large operations.
Questions about the product and smart contracts
The questions a bank asks about smart contracts and tokenomics go beyond basic compliance. It is important for the bank to understand the token’s business logic, token emission allocation, vesting, utility/security characteristics and mechanisms to control abuses. Questions about the legal qualification of tokens and regulation we interpret through KYP and relevant guidelines of the jurisdictions of the EU/UK/Singapore/UAE.
Smart contract review and security audit confirm that operational risks are reduced. I always attach independent audits, bug bounty results and an incident response plan: blocking, temporary freezing of custodians’ accounts, filing SAR/STR in case of suspicious activity.
Integrations and data sharing (Travel Rule)
We address questions about API integration and data sharing for transaction monitoring at an early stage. The bank expects clarity on event formats, SLAs for alert delivery and escalation methods. I describe the Travel Rule and interbank data exchange via compatible providers, mapping of required fields and delivery metrics to address technical and regulatory risks at the same time.
Tools for cross-border identification and eID are especially important for remote onboarding and servicing corporate signatories. We document how key decisions are signed, and which tools for verifying digital signatures and DIDs are used to ensure legal validity.
Metrics: SLA, TAT, ROI, false positives
Banks are increasingly implementing KPIs and SLAs for onboarding crypto clients, and I suggest that clients adopt this logic as their own. The scale and metrics: MTTR, SLA, TAT for onboarding, the percentage of false positives (false positive) in AML systems, throughput and latency of monitoring – these are not just operational numbers. They demonstrate process manageability and reduce the burden on both sides.
Cost-per-onboarding and the assessment of economic efficiency fit into a basic ROI model from implementing specialized AML tools. When we show a 20–30% reduction in false positives, a 25% reduction in TAT and a decrease in case cost per client, the bank and the business speak the same language.
How to align limits with risk appetite
Questions about the bank’s risk appetite for crypto operations determine acceptable jurisdictions of counterparties, transaction limits and EDD escalation rules. I perform a risk assessment in advance when onboarding a corporate crypto client and propose threshold risk values and tiered KYC, where “green” scenarios follow a simplified trajectory, and “orange” ones go through additional checks.
Sanctions-risk scenarios and the bank’s countermeasures should be compatible with the client’s internal procedures. When the risk policy, risk appetite and transaction limits are formalized, the bank is more willing to approve requests to increase limits and expand the product line.
Counterparties of centralized exchanges and liquidity chains
Control of counterparties and liquidity supply chains is built on the principle of in-depth KYC/KYB. Questions about interaction with centralized exchanges and liquidity providers are addressed through lists of approved platforms, due diligence results, contractual guarantees, and counterparties’ commitments. Verification of links with crypto partners and counterparties relies on OSINT and blockchain forensics to rule out hidden overlaps with mixing services.
Pseudo-anonymity and the risk of mixing services require a clear policy of prohibitions and geoblocking. I formalize this in client standards so that screening and on-chain triggers operate consistently across all business units.
Training and engagement with regulators
Questions about the internal compliance process and staff training determine the client’s maturity. I implement training for the bank’s employees and client-side testing scenarios so that both parties work from a unified case base. Best practices for documenting KYC/KYB decisions include risk acceptance templates, escalation logs and SAR/STR findings, which facilitates the bank’s interaction with regulators and auditors.
Practices for SAR exchange and reporting to regulators are organized into a single timeline with checkpoints. This reduces regulatory stress, accelerates follow-up reviews, and builds trust in the client and in us as a consultant.
Licensing and scaling: EU, UK
VASP registration and licensing in the EU and Asia make it possible to significantly expand access to banking services. In the EU I align EU AMLD5/AMLD6 requirements for crypto providers with local rules in Estonia, Lithuania, the Czech Republic and Cyprus. In the UK, FCA approaches are important; in Singapore: the Payment Services Act and MAS expectations; in Dubai: the VARA and DIFC/ADGM regimes for specific models.
VASP licensing and capital requirements, AML plans and compliance programs for corporate clients, as well as regulatory reporting: this is the area where COREDO’s experience provides acceleration. When a client comes with a license and a mature AML/CFT program, bank crypto onboarding is significantly faster and more predictable.
COREDO case studies: what worked
Recently the COREDO team implemented VASP onboarding at a commercial bank in the EU with integration of the Travel Rule and on-chain monitoring via TRM Labs. We reduced false positives by 28% through retraining scenarios and introduced an MTTR of 4 hours for high-priority alerts. The bank approved limit increases in the second month of service thanks to transparent risk management.
Another example, licensing in Singapore under the Payment Services Act for a tokenized asset provider with a custody model. We established a Self-custody vs custodial wallets policy; banking requirements were met through HSM and an independent smart contract audit. The client received correspondent channels for crypto-to-fiat conversion and clear service KPIs.
In the UK we supported a crypto broker with a forex component, where the bank’s questions about the full KYC/KYB cycle for subsidiaries and branches required a unified methodology. The solution developed at COREDO combined KYP for tokens, screening of counterparty chains and SAR/STR reporting according to UKFIU standards. This allowed the bank to safely expand the client’s access to trading limits.
In the UAE the COREDO team prepared a liquidity operator for onboarding at an international bank via DIFC. We focused on the Travel Rule, API integration, scalability issues: cloud vs on-prem solutions and throughput/latency metrics. The bank approved the model with agreed SLAs and a fallback freezing scenario in case of incidents.
How to start cooperating with COREDO
I begin with a rapid assessment: risk policy, licensing, corporate structure, KYC/KYB, custody, the Travel Rule and transaction monitoring. Next we create a checklist for the AML officer when assessing a corporate crypto client with specific KPIs for TAT and MTTR. At this stage it is important to determine which KPIs and SLAs the bank applies for onboarding crypto clients, and to synchronize them with the client’s processes.
Then I prepare a bank-ready dossier: documents for onboarding a crypto startup in a European bank, the format of questions about the crypto company’s operating model, the legal qualification of tokens and regulation, as well as questions on smart contract audits and cybersecurity. In the final stage we support communication with the bank until stable BAU and hand over control and logging tools for compliance auditing.
What entrepreneurs should pay attention to
Compile a consolidated registry of on-chain addresses with proof of control, describe monitoring scenarios and risk threshold values, and test the operational integration with Chainalysis, Elliptic, or TRM Labs. Update your AML policy to align with FATF and EU AMLD5/AMLD6, formalize the Travel Rule, and ensure that GDPR practices and storage policies withstand audit. Separately, implement KYP for tokens and map out sanction-risk scenarios, including blocking and temporary freezing responses.
If the project works with DeFi and stablecoins, document liquidity sources, counterparty control procedures, and geoblocking. Specify contractual guarantees and counterparty obligations and prepare reports on interactions with centralized exchanges and liquidity providers. This directly affects the assessment of onboarding costs and the ROI of working with a crypto client from the bank’s perspective.
Conclusions
I treat bank crypto-onboarding as a managed process with its own engineering, legal, and operational contours. When an entrepreneur sees this logic as a whole, the complexity breaks down into concrete steps: licensing, KYB and UBO verification, on-chain analysis, Travel Rule, custody and KYP. COREDO’s experience shows that discipline in documentation, transparency of flows, and mature AML processes turn the dialogue with a bank into a productive project with clear timelines, SLAs and quality metrics.
COREDO is a team that takes on the burden of methodology and communication, leaving you time for product and growth. If you are looking for a reliable partner for registration in the EU, Asia, and the CIS, obtaining financial licenses, AML consulting and comprehensive support, I am ready to show a roadmap that works in banks today. Transparency, predictability and practicality: three principles on which I build every solution and that help businesses scale without unnecessary pauses.