COREDO – EU Legal & Compliance Services Expert legal consulting, financial licensing (EMI, PSP, CASP under MiCA), and AML/CFT compliance across the European Union. Headquartered in Prague, we provide seamless regulatory solutions in Germany, Poland, Lithuania, and all 27 EU member states.
Alena Sharykava
28.03.2026 | 6 min read
Updated: 28.03.2026
I founded COREDO in 2016, when it became clear that international business requires not just company registration and a “quick” license, but a holistic solution — from choosing a jurisdiction to setting up compliance, building AML processes and being ready for regulatory inspections. Over the years the COREDO team has delivered projects in the EU, the United Kingdom, the Czech Republic, Slovakia, Cyprus, Estonia, Singapore and Dubai; we supported licensing of payment institutions and EMIs, crypto providers (VASP), forex brokers, and also built comprehensive AML and financial monitoring for businesses.
In this article I have gathered our practical experience and industry methodologies to answer a concrete request from executives and finance directors: how to configure threshold reporting, avoid falling into heightened scrutiny, reduce false positives and at the same time ensure operational efficiency. Threshold transactions are not about ticking boxes; they are a strategic tool for managing risk and reputation that affects your ROI.
What are threshold transactions?
Threshold transactions are transactions that, by amount, frequency or type, reach thresholds established by the regulator and are subject to mandatory monitoring and (in some cases) reporting. Threshold amounts for reporting depend on the jurisdiction and the type of transactions: often they are around 10 000 EUR or the equivalent for cash transactions; separate limits apply to e-money, money transfers and crypto-asset transactions. European directives AMLD5/AMLD6 and the recommendations of FATF provide a framework, and national regulators specify it.
COREDO’s practice confirms: correctly defined thresholds are a pillar for a risk-based approach (RBA). Incorrectly chosen values lead to two extremes, a surge in false positives (false positive rate) and undetected risks (false negative risk). In the first case, analysts’ time is lost and the cost-to-detect increases; in the second case: regulatory and reputational risk is created, which costs more than any fine.
Checks when registering a legal entity
When registering a company in the EU or another foreign jurisdiction, it is important to take threshold checks into account before submitting documents. The issue is not only the form of ownership and tax status, but also the KYC/KYB procedures for companies and the UBO (beneficial ownership) verification. Beneficial owner registries in the EU and in a number of Asian countries require accurate and timely disclosure of ultimate beneficiaries, including indirect ownership and trusts.
The COREDO team sets up “know your customer” policies for corporate clients taking into account the regulatory expectations of the specific country. We implement entity resolution — combining client data from multiple sources — and link analysis: graph analysis of connections between UBOs, directors, suppliers and affiliated entities. This reduces the risk of hidden threshold transactions related to the aggregation of payments between related parties.
Licensing of payment, crypto, and forex
Licensing of a payment institution, an EMI, a forex‑provider or a VASP is not only about meeting capital requirements and a business plan. The solution developed at COREDO always includes a compliance architecture: a threshold matrix by products (payouts, acquiring, e‑wallets), geographies and client segments. For crypto business we take into account threshold transactions with cryptocurrencies: limits on deposits/withdrawals, rules for mixed transactions, use of on‑chain analytics tools and scenarios to reduce false positives in crypto operations.
I pay particular attention to correspondent accounts and correspondent banking. Threshold control in correspondent relationships requires detailed questions to partner banks: geo‑corridors, sources of funds (source of funds), transaction authentication mechanisms and triggers for enhanced customer due diligence (EDD). It is important to substantiate the business model in advance to avoid account blocks and delays.
Compliance policy for threshold transactions
Risk‑based approach (RBA) policy, the core. It sets the KYC principles/KYB, Customer Risk Rating, client segmentation and behavior profiling. The internal regulation on threshold operations describes:
- threshold limits by products, currencies and geographies;
- threshold aggregation, rules for aggregating transactions for clients, related parties and UBOs;
- monitoring scenarios and triggers for escalation to enhanced control;
- escalation and documentation procedures for suspicious transactions;
- procedures for interaction with the FIU (Financial Intelligence Unit), timelines and roles.
The role of the board of directors and C‑level in threshold control is key. Management approves the risk appetite, the compliance department’s KPIs and performance metrics: TPR/FPR, number of escalations, time‑to‑resolution, time‑to‑report. Our experience at COREDO has shown that regular review of these indicators at the board level reduces operational risks and speeds up licensing.
Link between KYC, KYB, UBO and EDD and thresholds
KYC and KYB practices for companies should be linked to threshold levels: the higher the volume of transactions and the sensitivity of corridors, the deeper the checks. Enhanced customer due diligence (EDD) and thresholds are interrelated. For high-risk clients we use additional data collection, source-of-funds verification, independent verification of beneficiaries, as well as cross-checking of data (data enrichment) from external registries and commercial databases.
We use eKYC, eID and biometric verification to ensure timeliness and reduce onboarding time without loss of quality. The compliance audit second line/third line periodically rechecks the correctness of assigned thresholds and the relevance of dossiers.
SAR/STR Reporting, FIU, procedures, deadlines
Reporting on threshold transactions and suspicious activity reports (SAR/STR) requires discipline. National FIUs set reporting deadlines; in the EU a common benchmark is: submission without undue delay, with recording of timeliness in the audit trail (audit trail). The Financial Intelligence Unit (FIU) – duties and deadlines are usually described on regulators’ websites, and for international information exchange (FIU‑to‑FIU) the Egmont Group framework applies.
The reliability of the process is ensured through:
- a register of transactions and data retention requirements (often 5 years or more in accordance with AMLD);
- confidentiality of suspicious activity reports and protection of sources;
- legal aspects of personal data transfer in reporting and compatibility with the GDPR. We determine the lawful basis for processing (legal basis), data minimization, and oversee cross-border transfers.
How not to fall under scrutiny
Typical transaction risk indicators (red flags) for thresholds include structuring of transactions (smurfing), splitting payments into amounts below thresholds, frequent activity on new accounts, and mismatch with the customer’s profile.
For foreign trade operations (TBML) we monitor invoice discrepancies with market prices, “debt: set-off” schemes, unusual cargo routes, related insurance and factoring.
Threshold transactions in international transfers and acquiring require monitoring of MOTO/ECOM transactions, returns and chargebacks, especially when selling high-risk goods or services. Cash operations have separate thresholds, and COREDO’s practice confirms: transparent cash collection procedures and justification of economic necessity reduce the likelihood of bank inquiries.
Monitoring automation
Automation of transaction monitoring and threshold configuration, an area where RegTech delivers measurable value. We use hybrid models: rules for regulatory obligations and machine learning to detect transaction anomalies. Tuning aggregation rules by thresholds and customer relationships reduces both FPR and the risk of misses (false negatives), especially in smurfing scenarios.
Optimizing rules to reduce false positives includes:
- parameter tuning, A/B testing and regular benchmarking;
- graph analysis of customer relationships and link analysis to uncover hidden affiliations;
- stress testing of scenarios and risk-modeling methodologies for new products and markets.
The COREDO team integrates AML systems with accounting and ERP, which speeds up the creation of the evidentiary base and reduces time-to-report. When scaling monitoring systems as transaction volumes grow, we use cloud architectures and queues to maintain analysts’ SLAs.
Working with banks and payment partners
Interaction with banks and payment partners on threshold inquiries is built on preventive communication. We prepare a package: compliance policy, description of scenarios, threshold matrix, register of red flags and practices for documenting the economic justification of transactions. This helps justify the business necessity of transactions to the regulator and the bank at the same time.
Threshold control on correspondent accounts requires the exchange of KYC requests between financial organizations, sanctions screening and agreed escalation processes. Our projects show that a unified response format and a defined SLA for time-to-resolution reduce operational delays in cross-border payment chains.
Sanctions screening and threshold reporting
The impact of international sanctions and sanctions screening on threshold reporting is twofold. On the one hand, sanctions hits require immediate escalation; on the other hand, thresholds help separate routine matches from a genuine signal. We apply multi-list screening (national lists, entity lists, country and product restrictions) and supplement it with geo-risk analysis across transaction corridors.
European recommendations on threshold operations for banks and non-bank institutions emphasize the priority of sanctions compliance; therefore, in our projects the sanctions loop precedes AML rules to avoid delays in making critical decisions.
Escalation in internal investigations
Internal investigations of threshold transactions: this is not a one‑off check but a managed process. We develop escalation scenarios and a responsibility matrix, a checklist for analysts, rules for collecting evidence and maintaining an audit trail. Incident management includes closing reports, team training based on the case, and adjustment of rules.
Corporate compliance culture: the foundation. I orient management toward KPIs that actually affect risks: reduction in the share of unfounded SAR/STR, increase in TPR, adherence to timeliness, growth in quality “positive SAR per analyst” while reducing FPR. Employee training and creation of cases for training embed the practice at the level of daily operations.
Dialogue with the regulator and liability
Administrative liability for non-compliance with threshold reporting varies by country: fines, restrictions on activities, personal liability of officials and corporate sanctions.
Examples of punitive sanctions and the criteria for their application are usually related to systematic violations, failure to file reports with the FIU, inadequate RBA policy or insufficient resources in the second/third lines of defense.
Response to regulator inspections — a clear action plan and communication. We prepare companies for an unannounced inspection on threshold reporting: inventory of policies and procedures, sample testing, targeted audit on threshold reporting, log recovery, reconciliation with AMLD/FATF requirements and national directives. Best practices for storing and providing reports to the regulator include a centralized repository, version control and the appointment of a responsible person at the C-suite level.
Regional characteristics of TBML
AML‑topologies by region, Asia, Europe, Africa – differ in cash turnover risks, the intensity of cross-border transfers and the presence of regional sanctions lists. Threshold reporting for foreign trade operations and TBML requires control of invoices, third-country counterparties, carriers and insurance companies. For cross‑border transactions and currency exchange we implement separate threshold scenarios and geo‑filters.
Cases of enhanced controls are often linked to trade schemes and related companies that aggregate payments below the threshold through a network of intermediaries. We counter such practices through threshold aggregation and link analysis, as well as through analysis of the economic justification of transactions.
How we built threshold reporting
- Payment institution in the EU. The client was launching international transfers and card acquiring in multiple currencies. We implemented a compliance policy for threshold transactions, introduced aggregation by UBO and geo-corridors, and RegTech tools to automate monitoring. Result: FPR decreased by 38%, time-to-report to the FIU down to 24 hours in high-risk scenarios, license obtained on schedule.
- Crypto provider (VASP) in Estonia. The task was to reconcile AML reporting and personal data protection (GDPR), and also to account for threshold operations with cryptocurrencies and fiat on/off-ramps. We implemented on-chain analytics, eKYC and EDD for large inflows, plus scenarios for smurfing and structuring. Result: TPR increased by 21%, a reduction in unwarranted SAR/STR, seamless interaction with partner banks.
- Fintech provider in Singapore with correspondent relationships in Europe. COREDO’s practice confirmed the value of early engagement with banks and payment partners on threshold queries. We synchronized sanctions screening, threshold rules and escalation procedures. Result: a 30% reduction in correspondent account escalations, and a stable SLA for time-to-resolution.
How to choose an AML outsourcing partner
Outsourcing AML services reduces time-to-market and stabilizes operating costs. It is important to assess the risks and provider selection criteria: experience in your business model, jurisdictional coverage, RegTech stack, second/third-line independent checks and risk management in outsourcing (vendor Due Diligence).
At COREDO we offer operational playbooks that account for threshold operations in payment services and e-wallets, and provide compliance audits with measurable KPIs: cost-to-detect, SAR per analyst, timeliness.
Cost-benefit analysis of investments in AML technologies shows that correctly chosen tools and tuning deliver payback by reducing manual work, lowering FPR and preventing downtime during blocks. This is the direct impact of threshold reporting on the company’s operational ROI.
How to Reduce the Risk of Heightened Scrutiny
- Create a risk map and a matrix of thresholds by products, customer segments, and geographic corridors. Review it quarterly.
- Implement a Customer Risk Rating, link risk levels to the depth of KYC/KYB and EDD.
- Configure threshold aggregation for customers, related parties and UBOs; apply link analysis and entity resolution.
- Deploy ML models and A/B testing to optimize FPR/TPR; perform scenario stress tests.
- Ensure sanctions screening as part of AML rules and oversight of correspondent relationships.
- Create escalation procedures, an audit log, and an internal investigation checklist; assign a responsibility matrix.
- Organize training and KPIs for the compliance department: number of escalations, time-to-resolution, time-to-report.
- Conduct a targeted audit of threshold reporting before an inspection; maintain a unified transaction register and retain data within AMLD retention periods.
- Develop proactive measures to reduce the number of SARs/STRs: accurate onboarding, timely EDD, correct limits and explanations to clients.
- Align GDPR and AML policies: data minimization, lawful basis for processing, transparency for the client.
How to justify transactions to the regulator
Key to trust: an evidentiary base. We assemble a package: a description of the business model, calculations demonstrating the economic justification of transactions, confirmations of the source of funds, copies of contracts and logistics documents for TBML cases. We add a decision log, screenshots from AML systems, sanction screening results and excerpts from internal procedures. This approach demonstrates system maturity and reduces questions from the regulator.
If an unscheduled inspection occurs, we act according to plan: a rapid inventory of SAR/STR, verification of timeliness, KPI reports, recording of corrective actions. The solution developed by COREDO helps clients respond to inspections calmly and on time.
Regulatory sandboxes in fintech
Threshold transactions and FinTech business models require special oversight. Regulatory sandboxes for FinTech and AML solutions in several EU and Asian countries allow testing monitoring scenarios before scaling.
We support sandbox applications, define performance metrics, set up engagement with national AML regulators, and prepare reporting based on the pilot results.
For small businesses, RegTech and AML platforms with preconfigured rules and a library of red flags are useful. The COREDO team adapts them to your products and geographies, ensuring compliance with AMLD/FATF and local requirements.
Reducing the risk of being flagged for review
- Segment clients and set behavior corridors taking seasonality and industry into account to reduce unnecessary triggers.
- Implement third-party management and supplier verification; check beneficiaries and contractors for sanctions risks.
- Regularly review thresholds and scenarios after changes to products, geographies, and partner networks.
- Use data enrichment: trade registers, ship registries, price databases — especially for TBML.
- Set up proactive communication with banks and payment partners on complex transactions; agree on the format of justifications in advance.
Maturity instead of reactivity
My experience shows: business wins when it treats threshold reporting and AML not as a formality, but as a strategy. This reduces the cost of incidents, speeds up licensing, strengthens relationships with banks and regulators, and directly affects ROI.
COREDO takes on the entire trajectory – from registering legal entities in the EU, Asia and the CIS to obtaining financial licenses, building AML processes and regulatory communications.
If your goal is sustainable international scale without “blind spots” and fines, let’s conduct a targeted audit of threshold reporting, build an RBA policy and automate monitoring. COREDO’s practice confirms: a systematic approach, correctly set thresholds and reporting discipline turn AML into a competitive advantage, not a brake on growth.