Nikita Veremeev
29.01.2026 | 6 min read
Updated: 29.01.2026
I have been working with international investment platforms and crowdfunding services for many years, and today I see a unique window of opportunity in Europe. Regulation has become strict and transparent, the infrastructure: mature, and investors demanding and disciplined. In such an environment, those who build compliance by design, plan licensing in advance, and understand how ECSP, MiFID II and MiCA relate to one another win. In this article I will lay out how we, together with the COREDO team, build strategies for platforms operating at the intersection of crowdfunding, P2P lending and crypto-assets, and I will show practical steps, timelines and metrics that really work.
Now for investment platforms in the EU
Regulation of crowdfunding in the EU has finally entered a phase of maturity: European Crowdfunding Service Providers (ECSP) have removed barriers between countries for investment and debt crowdfunding, providing single passporting and clear rules. This means that a well-chosen jurisdiction and properly designed compliance will allow scaling across the Union without duplicating licenses. Our practice confirms: those who adopted ECSP in 2024–2025 gain a noticeable advantage in the cost of raising capital and the speed of launching partner programs.
At the same time, MiCA moves crypto-assets out of the “grey area” into a regulated space: platforms can reasonably plan work with utility tokens, ART/EMT and tokenize equity instruments in combination with traditional crowdfunding models. It is important here to soberly assess where ECSP ends and MiFID II begins, and which part of the model requires a whitepaper and disclosure under MiCA. At COREDO we have learned to assemble these pieces so that the legal architecture does not break the product and growth metrics.
ECSP or CIS: which is more advantageous and when?
Moving from general logic to practical criteria helps to understand exactly what the key differences between ECSP and CIS are. We’ll examine which model is more advantageous for different business goals and when it makes sense to follow the MiFID II regime and when to prefer the European crowdfunding framework.
Differences between ECSP and CIS under MiFID II
ECSP is a specialized regime for investment crowdfunding and SME lending with a limit of €5 million per project within 12 months and enhanced protection for non‑qualified investors. It provides passporting across the EU, establishes suitability tests, a cooling‑off period and disclosure standards. For most platforms where the core product is equity crowdfunding or business lending, ECSP is the optimal route balancing requirements and flexibility.
CIS under MiFID II is essentially an investment firm providing investment services (for example, reception and transmission of orders, placing without firm commitments). Such a regime is more powerful but more expensive in terms of capital and processes, and may require a prospectus in some structures. It is needed when you exceed €5 million per issuance, work with more complex instruments, or want the full range of MiFID services.
Costs and licensing timelines
In terms of licensing timelines for ECSP, we consistently see 3–6 months from submission to authorization with good preparation and effective communication with the regulator. In some jurisdictions and with a complex structure the period can stretch to 9 months, but disciplined document preparation brings the project back into the target range. For MiFID II‑CIS you should plan 6–12 months, enhanced capital and governance requirements, and a more stringent risk management infrastructure.
The investment cap in ECSP is €5 million per project per year, and this is a key parameter of economic efficiency. At the investor level the EU does not set a single quantitative limit, but for the non‑sophisticated segment the platform must conduct suitability tests and inform about risks. The COREDO team usually recommends internal starting limits in the range of €500–€5,000 per transaction for non‑qualified investors until they pass the test and confirm their experience. This reduces fundraising volatility and the risk of breaches.
Choice of jurisdiction: Estonia, Lithuania
jurisdiction choice: between Estonia, Lithuania, Cyprus, Czechia and Poland – sets the key framework for compliance, taxation and the operational business model. Below we will examine practical aspects and advantages of different countries, starting with obtaining an ECSP license in Estonia and e-residency opportunities.
ECSP license in Estonia and e‑residency
Estonia offers a fast speed-to-market thanks to digital company registration, e-residency and clear communication with the regulator. The COREDO team implemented several projects where we combined registration via e-residency, preparation of policies for ECSP and integration of RegTech providers for KYC/AML to reduce time to first listings. The regulator values a transparent ownership structure, real substance and a well-thought-out conflicts of interest management policy.
Licensing of investment platforms
Lithuania is strong in the fintech ecosystem and in its interface with banks and PSPs. We have cases where a platform started with ECSP while simultaneously preparing a pipeline for e-money and payment services at the second scaling stage. The Lithuanian regulator pays close attention to transaction monitoring and origin-of-funds verification, as well as to escrow/custody models. This is convenient for P2P lending with a clear flow of funds.
Legal entity registration for crowdfunding
Cyprus: a good hub for structuring investment services and cross-border flows, but it requires a careful approach to substance requirements: an office, key personnel, local directors and management processes. CySEC closely examines the prospectus for a public offering of securities and the delineation of services under MiFID II. The solution developed by COREDO for one client included a combined model: an ECSP platform in the EU and a Cyprus structure for investment services complying with CySEC requirements for reporting and internal control.
ECSP Czechia (CNB) and differences with Estonia
The Czech central bank (CNB) adheres to a conservative approach in assessing governance and risk management. The regulator requires convincing evidence of management competence and the independence of compliance functions. Compared with Estonia, Czechia may take longer to agree operational models but provides a stable position for entering Central European markets. Our experience at COREDO has shown that thorough preparation of documents on EU P2P lending rules and investor protection speeds up the approval process with the CNB.
PKD codes and Due Diligence for SPI/NPI
Poland, a strategic market for payment infrastructure. SPI/NPI (Small/National Payment Institution) are useful if you are building a marketplace with payment flows. It is important here to correctly determine PKD codes with the registrar and to build due diligence for SPI/NPI models so that they do not conflict with the services of an ECSP platform. The COREDO team configured procedures for clients on an AML risk-based approach, FIU reporting obligations and sanctions screening taking into account local requirements and EBA guidance on cross-border compliance.
Markets in Financial Instruments Directive II (MiFID II), Markets in Crypto‑Assets Regulation (MiCA), Sixth Anti‑Money‑Laundering Directive (AMLD VI), European Securities and Markets Authority / European Banking Authority (ESMA/EBA)
MiFID II, MiCA, AMLD VI and ESMA/EBA guidance form a unified regulatory landscape that defines the rules for platforms, from traditional brokers to new models like P2P lending. In the following subsections we will look at how these standards are applied in practice, in particular regarding investor protection and compliance with AML requirements.
MiFID II for P2P: investor protection
MiFID II affects those platforms where the instruments fall into the category of financial instruments. In P2P lending this is more often a matter of structuring: securities or loan agreements, and whether the platform acts as an investment intermediary. COREDO’s practice confirms: with sound legal design ECSP covers 80% of typical models, while MiFID II comes into play for extended functionality, marketing of complex products and a deeper underwriting role for the platform.
MiCA: compliance of platform whitepapers
MiCA classifies tokens as ART (asset‑referenced tokens), EMT (e‑money tokens) and other tokens, setting the regimes for whitepapers and disclosure. For tokenized equity and debt instruments we determine in advance whether the model intersects with MiFID II. For a MiCA whitepaper I recommend the following structure: project and team description; investor rights and risks; token economic model; control and redemption mechanisms; AML/KYC procedures; disclosures on custody and cybersecurity. In some jurisdictions a whitepaper requires notification or approval, which is built into the roadmap.
AMLD VI: KYC/KYB, sanctions, FIU reporting
AMLD VI strengthens personal liability for AML compliance and expands the definition of «involvement» in money laundering. For platforms this means: staged KYC levels (risk‑based), KYB for issuers and borrowers, origin of funds automated verification and continuous transaction monitoring. At COREDO we build full cycles: from risk scoring models to alert tuning rules, as well as FIU reporting procedures and incident escalation.
Compliance by design: building platforms
KYC automation and risk scoring models
KYC automation for investment platforms starts with multi-level verification of identity, address and PEP status, and for KYB – with checks of beneficiaries and ownership structure. We implement risk scoring with dynamic raising/lowering of KYC levels depending on activity, jurisdiction and amount. Origin of funds verification is automated through income confirmations, bank statements and integrations with payroll/tax sources where this is legally possible.
Transaction monitoring with AI: alerts
Transaction monitoring systems with AI help catch anomalies, but without correct rules they overwhelm compliance. The COREDO team configures scenarios by transaction types, geography, risk typology and behavioral patterns. We keep the level of false positives down through iterative alerts tuning, maintaining strictness toward sanction risks and signs of layering. This reduces operational costs and speeds up case resolution.
cross-border KYC and clients from Asia
Sanctions compliance screening is not only the EU and UN lists, but also industry, regional and internal watch‑lists. For clients from Asia we build a compliance strategy taking into account local registers, language aspects and MAS Singapore substance requirements for structures operating from Singapore. Practical benefits: fewer bank rejections and fewer “manual” checks when scaling cross-border flows.
Technologies and DeFi under European law
DeFi and smart-contract audits
Hybrid DeFi regulation models are possible when a platform has centralized points of control: onboarding, project listing, custody/escrow, off‑chain management of corporate rights. We integrate smart‑contract audit into the roadmap and link whitepaper sections and cybersecurity procedures to it. Possible DeFi exemptions are limited: if there is an identifiable issuer or operator, the regulator requires the classic set of disclosure and AML obligations.
Custodial vs non-custodial risks
Custodial models provide control over assets and simplicity for FIU reporting, but increase liability and capital/insurance requirements. Non‑custodial reduces the platform’s risk; however, it shifts verification of the origin of funds and monitoring to the deposit and withdrawal stages. We help choose the architecture based on the risk profile, banking relationships and the chosen regime (ECSP, MiFID II, MiCA).
Bank payments infrastructure
Bank account opening for fintechs in the EU
Account opening is a bottleneck. Optimizing bank on‑boarding for platforms starts with a transparent structure, a clear client profile and a well‑designed AML model. Experience shows: a single strategic bank partner and a backup PSP reduce no‑banking risk. At COREDO we set up banking relationships, prepare dossiers and support interviews with the bank to speed up the decision.
Onboarding of payment providers and e‑money
For platforms with intensive payment flows, a setup with e‑money providers and licensed PSPs is useful: it simplifies escrow and provides flexibility in multi‑currency operations. We design the process to avoid duplicating KYC between the platform and the PSP, and we also synchronize the rules for transaction monitoring and sanctions screening.
Taxes and reporting for platforms
IOSS VAT for marketplaces: tax agent
For marketplaces with cross-border sales, IOSS VAT reduces administrative burden but requires correct classification of roles and flows. The tax agent marketplace model allows centralizing settlements and reducing errors. I recommend conducting a tax stress test before scaling across the EU to avoid retroactive surprises.
FIU reporting, ESMA and EBA cross-border
FIU reporting obligations in the EU require a systematic approach: threshold transactions, suspicious activities, record retention and quality control. ESMA oversight sets expectations for investor protection and disclosure for ECSP, and EBA guidance streamlines cross-border compliance. The COREDO team prepares an audit-ready document package, including an escalation policy and a staff training log.
Passporting and scaling in the EU
Passporting and substance tests
Passporting in ECSP gives the right to operate across the EU, but substance tests remain. Regulators assess whether key functions and decisions are actually made within the chosen jurisdiction. We design the allocation of functions in advance to meet substance requirements and ensure sustainable cross-border investment flows without claims of “empty shells”.
MiFID II: governance and tech stack
If the strategy involves moving to a CIS under MiFID II, build in requirements for governance: independent directors, risk/compliance functions, internal audit, strict management of IT risks and cybersecurity. The tech stack should support the investor qualification process, record retention, an end-to-end audit trail and modularity for new jurisdictions.
COREDO practice: cases and figures
e‑residency in Estonia and speed‑to‑market
One of the recent projects included registration via e‑residency, preparation of documents for ECSP and integration of a KYC/KYB provider within 8 weeks. Licensing timelines took 4.5 months, first listings: in the 6th month. Key lesson – early setup of origin of funds verification and a transparent limits logic for non‑sophisticated investors.
Lithuania ECSP license: ROI growth +25%
In Lithuania the platform faced a high number of “false” AML alerts and payment delays. After implementing risk scoring models, alerts tuning and updating policies under AMLD VI the average processing time decreased by 38%, and investor conversion increased. Over a 9‑month horizon ROI grew by 25% due to reduced operational losses and faster funds turnover.
Cyprus: corporate substance and accounts
For a client with a Cyprus structure we built corporate substance: local management, an office, job descriptions and SLAs with providers. This enabled opening accounts at a European bank and PSP without additional requests. As a result the client avoided no‑banking risk and launched cross‑border operations on time.
Financial model and platform metrics
ROI, CAC, LTV, ARR and stress‑testing
I recommend evaluating ROI including the cost of compliance and banking infrastructure. CAC should include identity verification and KYB procedures, and LTV should reflect the depth of investor engagement taking into account limits and tests. A platform’s ARR grows sustainably when compliance doesn’t slow onboarding. Financial modeling and stress‑testing should account for bank outages, spikes in alerts, sanctions updates and anomalous outflows.
Costs, timelines and regulatory roadmap
Realistically plan 3–6 months for ECSP and 6–12 for MiFID II‑CIS. Allocate budget for RegTech integration, smart‑contract audit (if applicable), annual compliance audit and training. The regulatory roadmap should cover whitepaper approval under MiCA 2026, the ESMA audit package and potential expansion into Poland via SPI/NPI if payment flexibility is required.
COREDO Launch Roadmap
Jurisdiction audit: whitepaper approval
We start with a regulatory audit of the jurisdiction: comparing Estonia, Lithuania, the Czech Republic and Cyprus by substance, timelines, banking accessibility and supervisory nuances. Next we form the licensing architecture: ECSP vs CIS, MiCA tracks, EU P2P lending rules and investor protection rules. For tokens we prepare the whitepaper structure and the notification/approval process, assembling an ESMA-compatible disclosure package and policies under AMLD VI.
RegTech integration and compliance audit
Next: integration of RegTech providers for KYC/KYB, sanctions screening, transaction monitoring with AI and automated origin-of-funds verification. We set up FIU reporting, escalation procedures and alert quality control. Finally we approve a schedule of regular audits, including an annual compliance audit, cyber risk tests and updates in line with EBA/ESMA guidance.
Frequently asked client questions and my answers
- ECSP vs CIS: when which? If you are within €5 million per project and do not sell complex instruments, ECSP is usually more efficient. For an extended product line and underwriting, we look towards MiFID II‑CIS.
- How long will licensing take? In most of our ECSP projects: 3–6 months, and the general market range is 2–12 months depending on the model and jurisdiction.
- How to reduce AML risks when scaling? Build KYC tiers, implement risk scoring, automate origin of funds and keep AI monitoring on a short leash with clear rule configuration.
- How to account for taxes and VAT? For marketplaces the IOSS scheme is useful, and the tax agent model simplifies collection and remittance. Build this into the payments architecture from the start.
Additional aspects often overlooked
- Registration through e-residency in Estonia speeds up preparation, but substance tests are still required.
- CySEC requirements for a prospectus can apply even to seemingly “simple” offers: analyze the format and method of placement.
- The CNB in the Czech Republic scrutinizes governance in detail; prepare independent functions and the role of the board of directors.
- CIS under MiFID II for investment platforms will require more capital and mature IT security, take this into account when planning.
- Compatibility of DeFi with centralized control points is key to ensuring the project is regulatorily viable and can pass audits.
- Passporting and EU cross-border services work better when there are banking relationships and backup PSPs: this reduces operational risk.
- An origin-of-capital audit before listing the project on a platform saves weeks on subsequent checks and prevents reputational risks.
Conclusions
Launching and scaling an investment platform in the EU: it’s not a race for speed, but discipline in the details. Crowdfunding regulation in the EU via ECSP, its connection to MiFID II and the forthcoming impact of MiCA provide clear rules of the game, but require a compliance, technology and banking infrastructure design planned in advance. I see how a well-structured compliance setup doesn’t slow the business but accelerates it: banks open accounts faster, regulators place more trust, investors return more often.
The COREDO team has gone this route with clients in Estonia, Lithuania, the Czech Republic, Cyprus and Poland. We don’t look for shortcuts: we build robust structures that withstand ESMA audits, EBA requirements and AMLD VI updates. If you are planning a platform based on ECSP, want to understand where and how to connect MiFID II, assess the impact of MiCA 2026 or prepare RegTech integrations for scaling: I’m ready to discuss your case. At the core of a successful project lies an honest risk assessment, a clear strategy and careful implementation. This is what I propose to do together with COREDO.