Nikita Veremeev
15.02.2026 | 6 min read
Updated: 15.02.2026
Since 2016 I have been heading COREDO and am responsible for ensuring that entrepreneurs from Europe, Asia and the CIS launch and scale businesses in international jurisdictions quickly, transparently and with properly configured compliance. During this time the COREDO team has carried out hundreds of projects: from company registrations in the EU, the Czech Republic, Slovakia, Cyprus and Estonia to licensing in the United Kingdom, Singapore and Dubai. I see the main task as bringing together legal architecture, licensing and the AML/sanctions framework into a single operational model that withstands regulator scrutiny and does not stifle operational efficiency.
Today I will offer you a practical guide to building sanctions screening and anti-sanctions compliance that genuinely reduces false positives, saves budget and maintains control over risks. At the same time I will cover the strategy for registration and licensing, because sanctions screening is not a separate module but a critically important part of your business architecture.
Registration abroad: sanctions and AML
When we design a group structure in the EU, the United Kingdom, Singapore or Dubai, I immediately build AML and sanctions requirements into the founding documents and processes. The right choice of jurisdiction for a specific business model reduces the burden on sanctions monitoring thanks to quality registers, predictable regulators and clear KYC/KYB practice. Our experience at COREDO has shown: if at the incorporation stage you take into account access to corporate registries, rules on beneficial owners (UBO) and local expectations for a risk-based approach (risk-based approach, RBA), the costs of subsequent sanctions screening and KYC fall dramatically.
In the Czech Republic and Slovakia we often use local registries for initial client validation (KYB), and in Estonia the developed digital infrastructure for integrations. In the United Kingdom the UK Office of Financial Sanctions Implementation (OFSI) and its guidance on sanctions control play a significant role, while in Singapore the focus is on process accuracy and the regulator’s expected maturity of compliance. In Dubai it is convenient to assemble international holding structures if you plan from the outset how to synchronize sanctions screening in payment processes and real-time vs batch checking for different customer segments.
Crypto and Payments Licensing
In licensing financial services I always link regulatory expectations with concrete technical solutions. Payment organizations, forex providers and crypto services are required not only to carry out KYC/KYB and PEP and sanctions monitoring, but also to demonstrate the manageability of the process: sanctions screening must be reproducible, explainable and independent of the individual analyst. COREDO’s practice confirms: successfully obtaining a license is accelerated by a clear demonstration of sanctions control systems, configured matching thresholds, procedures for human verification of alerts and a transparent audit trail.
When preparing for licenses for payment companies in the EU and the UK we include watchlist management, whitelist and exclusion policies, as well as screening modes: batch processing vs real-time screening. For crypto organizations we add adverse media screening and graph analysis to reduce false positives when checking addresses and links. In Singapore and Dubai on-premise solutions and security requirements are important, especially when you store sensitive personal data and beneficiary information.
Sanctions screening as a system
I see sanctions screening as a four-layer pipeline: data, matching algorithms, threshold/scoring policy and operational workflow. If each layer has data quality controls, an audit trail and demonstrable decision-making, you both reduce false positive matches and keep the risk of false negatives manageable.
Data quality and watchlist management
The foundation is up-to-date, clean sanctions lists: OFAC, EU, UN and United Kingdom. I insist on watchlist consolidation and deduplication of lists, a clear list refresh cadence and data quality controls: completeness, accuracy, freshness. When the COREDO team implements sanctions list filtering, we remove duplicates, canonicalize names (normalisation), align Unicode normalization (NFC/NFD) and standardize transliteration rules (ISO 9, BGN/PCGN). This reduces false sanctions hits long before fuzzy matching algorithms kick in.
For corporate clients I recommend building a golden record in an MDM system and applying entity resolution/record linkage to merge disparate records. Integrating company registries and beneficial ownership data (beneficial ownership, UBO identification) improves KYC/KYB accuracy and reduces uncertainty in sanctions monitoring. Such data quality management and data profiling is the first lever to reduce false positives.
Precise name matching without overreach
Algorithms determine which signals you receive. I usually start with fuzzy matching using Levenshtein distance, the Jaro–Winkler algorithm, n-grams and tokenization. For phonetic robustness we use Soundex and Metaphone, and for multiscript names — multiscript matching (Cyrillic Latin Arabic Chinese) with handling of diacritics and apostrophes. Tuning the name matching model for Asian and European languages is critical: Chinese and Arabic names, as well as Latinization of Slavic surnames, cause a spike in alerts without proper normalization.
In COREDO projects we combine deterministic matching for obvious cases and probabilistic matching for borderline situations. When Entity Resolution is required for corporate clients, we add a graph component: links between legal entities, directors and addresses help distinguish true matches from false ones. Visualizing connections for sanctions risk review speeds up analyst work and provides explainable AI for decision-making.
Threshold policy and FP/FN calibration
Reducing false positives is not just “raising the match threshold.” I use score management and threshold policy, threshold calibration and A/B testing of thresholds and matching models. Metrics — false positive rate (FPR), precision and recall, F1-score and ROC AUC — show the trade-off between FP and FN and help select a point that matches the risk appetite and regulator expectations.
Regulators usually support a risk-based approach and do not expect zero FP. It is important to document the methodology, trade-offs and justification for chosen thresholds, and to perform a
compliance audit of sanctions control. Our solution, developed at COREDO, includes regular cost-benefit analysis: we calculate cost per alert, analyst throughput, MTTR and operational efficiency and compare this to the assessed risk of a false negative (FN). This approach demonstrates ROI and the acceptability of changes in the eyes of regulators.
Processing flows: real-time or batch
Each business process dictates its mode. For incoming payments, real-time sanctions screening with API integration of the screening engine into processes is appropriate. For periodic customer base reviews: batch processing (batch checks) with scheduling and SLA. I build human-in-the-loop workflows and SLAs at every stage: initial automated check, alert triage and prioritization, human verification of alerts and case management for alert investigations.
Integrating sanctions screening into payment flows, ERP/CRM systems and AML/CFT platforms requires an audit trail, data lineage and provenance so every decision is demonstrable. At COREDO we implement explainable AI and transparency of decisions: the analyst sees the reasons for the match, the contribution of each token or rule, and the manager sees aggregated metrics and team workload. This reduces operational risk and raises compliance maturity.
False positives: rules, ML, graphs
I start with basic settings: reducing false positives by tuning match thresholds, whitelists and exceptions with clear exception management and documentation of whitelists. Then I add filters by country, birth dates, entity types and context, as well as watchlist management with targeted filtering of entities known as “false matches”.
Next we refine matching rules using ML. Supervised learning to reduce FP is trained on labeled cases (training data labeling), while unsupervised clustering highlights hidden patterns of false alerts. Graph analysis to reduce false positives and network analysis help remove noise from namesakes and identically named companies. In several COREDO projects we introduced greylisting for contentious cases with additional context and “deferred” review, reducing SLA load without loss of quality.
Names, scripts and registries in Europe and Asia
Multilingualism is the main “alert generator.” In Asia we pay special attention to transliteration and name spelling variants, use transliteration tables (ISO 9, BGN/PCGN), configure Unicode normalization and rules for handling diacritics. For Arabic names we apply tokenization, n-grams and canonicalization and normalisation, and for Chinese names — romanization schemes and alternative forms.
In Europe the focus shifts to registry integration and record linkage. Entity Resolution for corporate clients and deduplication in master data remove “echoes” of records. For trade finance and commodity trading we add screening of counterparties, vessels and ports, and for correspondent banking and cross-border screening, praa focus on jurisdiction‑aware filtering. At the same time, we always take into account the legal aspects of storing and transmitting personal data, the requirements for on‑premise solutions and legal hold when cooperating with law enforcement agencies.
SaaS or on‑prem: scale and security
At the architecture stage I assess how ready the business is for SaaS sanctions‑screening providers or whether it needs an on‑premise installation. Key factors: security, latency requirements, multi‑jurisdictional operations and local data laws. For high loads we use Bloom filter to speed up searches in large lists and design CI/CD practices for ML models of sanctions screening to release changes safely and predictably.
We build scaling of sanctions screening to support company growth in Europe and Asia through micro‑services, API gateways and centralized watchlist management. Synchronization of sanctions lists and update frequency become policy‑manageable, and SLA‑oriented tuning keeps MTTR and cost per alert within target bounds. The COREDO team helps run a cost-benefit analysis of the implementation and calculate ROI: how much reducing FP saves, how analyst throughput grows and where the risk balance remains acceptable.
Demonstrating compliance to regulators
Sanctions screening without an audit trail does not pass review. I require a continuous audit trail and provable actions, explainability tools for matching models and a clear separation of roles: analysts, compliance managers, the CTO and data owners. Within the FATF recommendations and regulators’ expectations we organize regular audits of sanctions‑screening effectiveness, A/B testing of models, threshold updates and analyst training.
For transparency we introduce data lineage, provenance and evidence packages for each decision. Case management and workflow automation create reproducibility, and human‑in‑the‑loop processes and SLAs provide risk manageability. When a client receives a request from a regulator or counterparty, the prepared package with precision/recall metrics, F1‑score, ROC AUC and a description of the
risk-based approach provides a convincing response without emergency rework.
COREDO case studies: reducing false positives and screening
In Estonia we worked with a payments company that faced a flood of false sanctions hits. The COREDO team profiled the data, normalized names and transliteration, introduced watchlist consolidation and retuned fuzzy scoring. We implemented whitelists under strict exception governance and trained a supervised model on labeled alerts. The result, real-world cases reducing the number of alerts by 70% while maintaining recall on critical risks. The regulator accepted our documentation on trade‑offs and methodology with no additional requirements.
In Cyprus a forex provider was preparing for licensing and needed to build PEP and sanctions monitoring taking into account multiscript customer names from Asia. The solution developed at COREDO included multiscript matching, Jaro–Winkler and n‑grams, as well as link visualization for checking sanctions risks by UBO. We added adverse media screening and rules for alert triage with SLA metrics. The license was obtained, and the operations team meets target KPIs: cost per alert decreased quarterly, MTTR within 2–4 hours for priority alerts.
In Dubai an international holding structure was building anti‑sanctions compliance at the group level with branches in the UK and Singapore. Our experience at COREDO showed that a unified threshold policy and harmonized watchlist management provide consistency, while regional overlays account for local data laws. We set up a batch review of the database every 24 hours and real‑time screening on payments, introduced A/B testing of thresholds and regularly reported on ROC AUC and F1‑score to the risk committee. The system passed external audit and scaled without an increase in FP.
How to implement sanctions screening
- Assess compliance maturity. Apply a compliance maturity model and identify gaps in data, algorithms, thresholds, and workflow.
- Organize data. Configure watchlist consolidation, deduplication, unicode normalization, transliteration, and a golden record in MDM.
- Design algorithms. Combine deterministic matching, fuzzy matching (Levenshtein, Jaro–Winkler), phonetics, and a multiscript approach.
- Define a threshold policy. Conduct threshold calibration, A/B testing, establish a risk-based approach, and document FP/FN trade-offs.
- Build the workflow. Include human-in-the-loop, case management, alert triage, SLA, and audit trail. Integrate ERP/CRM and payment processes via API.
- Enable ML and graph. Implement supervised learning to reduce FP, unsupervised clustering for anomalies, and graph analysis of relationships.
- Reinforce controls and training. Organize regular effectiveness audits, analyst training, labeling of training data, and CI/CD for rules and models.
Answers to questions: economics and ROI
How to estimate the ROI of implementing a new sanctions screening system? Consider cost per alert, analyst throughput, MTTR, FPR and reduction in investigation time. Add the cost of FN risk, fines and lost revenue due to payment delays. ROI: the difference between total savings and investments in licensing, integration and maintenance.
Which KPIs to use to measure the effectiveness of false positive reduction? FPR, precision, recall, F1-score and the share of alerts closed as FP, plus operational KPIs: MTTR, backlog, share of auto-clear. Don’t forget data quality: completeness, accuracy, freshness.
How permissible is it to raise the match threshold from a regulator’s perspective? Within an RBA it is permissible if you document calibration, compromise metrics (precision/recall) and FN control. OFSI and FATF expect demonstrability and auditability, not a dogmatic “zero tolerance for FP”.
Which methodologies minimize operational risks when reducing FP? A/B testing of thresholds, multistage triage, greylisting, human-in-the-loop for borderline cases and explainable AI to justify decisions.
How to scale sanctions screening for growth in Europe and Asia? Centralize watchlist management, use API gateways, Bloom filter for lookups, separate real-time and batch, and apply on-premise in jurisdictions with strict data requirements.
What data and registries are needed for accurate matching of corporate clients? Company registries for the EU/UK/Asia, UBO information, addresses, directors, historical names. Implement record linkage, deduplication and a golden record.
How to choose between SaaS and on-premise? Look at regulatory constraints on data, latency requirements and security. SaaS gets you started faster, on-prem gives control and customization. We often design a hybrid.
How to organize human-in-the-loop and transparent audit? Introduce SLAs, roles and playbooks, case management with a full audit trail, data lineage and explainability reports for each decision.
How to train analysts and automate triage? Standardize training data annotation, deploy supervised models for auto-prioritization, set MTTR targets and hold periodic retrospectives on decision quality.
Which metrics show the trade-off between FP and FN? Use precision/recall, F1-score and ROC AUC, and also track FN risk estimates by customer/transaction types.
Risk management: FN under control
Reducing FP must not be done at the cost of an explosive rise in false negatives. I set threshold policies with a “safety” level of review for high‑risk segments and recommend regular retrospectives on closed cases. Exception management goes through the compliance committee, and any whitelisting and greylisting are documented and reviewed at predefined intervals. This regime keeps FN under control and shows the regulator a mature, risk‑oriented system.
We also use alerting channels and integration with AML/CFT systems so that sanctions alerts do not “get stuck” and move into investigation following a clear workflow. If required, we engage cooperation with law enforcement and implement legal hold, preserving the evidential base and transparency of actions.
COREDO: diagnostics and project support
I build the project in three steps. First, diagnostics and audit: maturity assessment, data profiling, rules inventory, measurement of FPR/precision/recall, evaluation of infrastructure and security. Then architecture and implementation: data and watchlists, algorithms and threshold policy, integrations, case management, explainability, analyst training and CI/CD deployment. And finally – support and development: regular calibration, A/B tests, expansion of jurisdictions, team training and preparation for inspections.
The COREDO team stays focused on the end result: reducing false positives, decision transparency and audit readiness. We handle company registration and licensing in the EU, the Czech Republic, Slovakia, Cyprus and Estonia, support scaling in the UK, Singapore and Dubai, and combine legal, operational and technological competencies into a single workflow.
Conclusions
Sanctions screening and anti-sanctions compliance have stopped being a “checkbox” for regulators. It is a managed system with clear data, transparent algorithms, calibrated thresholds and a disciplined workflow that protects the business and accelerates it. When sanctions control is embedded in a company’s architecture, from registration and licensing to AML-processes and payment integrations – you gain predictability, optimal KPIs and confidence in international scaling.
At COREDO I am responsible for ensuring that every decision is understandable, verifiable and economically justified. If you are planning to expand to Europe or Asia, preparing for a licence or want to put your AML and sanctions in order, let’s discuss a roadmap. I will propose concrete steps, provide metrics, assemble a team for your model and bring the project to operational resilience – so that the
sanctions control system works in your favor every day.
