Leave an application
COREDO > Blog > Why formal AML more often harms than helps

Why formal AML more often harms than helps

Avatar photo
Updated: 03.01.2026
Content

Greetings — I am the CEO and founder of COREDO.

Over nine years my team and I have helped hundreds of entrepreneurs from Europe, Asia and the CIS register companies in key jurisdictions, obtain financial licenses and set up robust AML compliance. Our experience shows: formal AML is a trap that masquerades as protection but in practice leads to account freezes, AML fines and wasted time. Instead, focus on a risk-based approach — it is what saves businesses from real threats and increases ROI.

Over the years we’ve seen the same pattern: companies that “do AML as a box‑ticking exercise” spend more money and encounter more problems than those who build a risk-based model from the outset. Formal AML means the same procedures for everyone, overloaded checklists and endless manual reviews.

Risk-based AML is a managed system where resources are directed to where risk actually exists. Banks and regulators today assess not the number of checks, but the quality of decisions and the ability to explain the rationale for each step.

Imagine: you register a company in Estonia or Singapore, open accounts, and six months later banks are blocking transactions due to “suspicious activity.” This is not uncommon. The COREDO team recently completed a project for a fintech startup from the Czech Republic expanding to Dubai. The client faced false positives in their manual AML monitoring: the system flagged 40% of legitimate payments from high-risk clients. The result: weeks-long delays, reputational damage and the threat of license revocation. We implemented automated AML systems with algorithms of a risk-based approach (risk-based approach according to FATF standards), reducing false positives to 5% and speeding up processing by 70%.

False positives are the key enemy of modern AML. They not only overload the team, but also destroy banks’ trust: when 30–40% of transactions look “suspicious,” compliance ceases to be a protective tool and becomes a source of noise.
At COREDO we always start by analyzing the causes of false positives: incorrect thresholds, outdated rules, lack of client risk segmentation. Optimizing these parameters almost always produces a quick effect — without increasing regulatory risk.

Registration of companies abroad: AML risks

Illustration for the section «Registration of companies abroad: AML risks» in the article «Why formal AML more often harms than helps»

Many entrepreneurs make the mistake of thinking that AML starts after company registration. In practice, banks and regulators assess risks already at the stage of onboarding a legal entity. Ownership structure, founders’ history and the chosen jurisdiction form the initial risk profile, which is then extremely difficult to change.

Registration of a legal entity in the EU, Asia or the CIS: the first step to global scaling, but without proper KYC and AML screening it turns into problems. In 2025 remote registration became the norm: in the EU (Czechia, Slovakia, Estonia, Cyprus) digital identification of founders via eIDAS or BankID is mandatory, plus full disclosure of beneficial owners. In Asia (Singapore, Dubai) automated KYC and checks against sanctions lists, PEP lists (politically exposed persons) and greylists are added.

According to our statistics, the main triggers for refusals and blocks during registration and account opening:

  • complex multi-level structure without a clear business rationale;
  • sources of funds not documented;
  • involvement of a PEP without enhanced EDD;
  • mismatch between client geography and the company’s jurisdiction;
  • absence of a described AML architecture at the start.

Formal AML does not close these risks — it only records them after the fact.

COREDO’s practice confirms: for high-risk businesses such as crypto or payment services, choose jurisdictions that balance tax benefits with strict but transparent regulation. Our experience at COREDO with a holding structure project in Cyprus for a client from the United Kingdom showed how to integrate AML compliance at the registration stage. We prepared a business plan with confirmation of the source of funds, conducted Due Diligence on high-risk clients and ensured the opening of accounts in European banks within 3 weeks, without delays due to KYC deficiencies.
In this project the key success factor was segregating clients and operations by risk levels. Instead of checking everyone the same way we focused on high-risk segments: investment flows, cross-border transfers and UBOs with an international background. This approach allowed banks to faster pass internal compliance and reduce additional inquiries.

Why does formal AML fail here? Companies spend resources on manual checks of all clients equally, ignoring risks. Global AML spending exceeds tens of billions of dollars annually, but the effectiveness of money laundering detection is less than 1%. In the EU and Asia fines for AML violations in 2024–2025 exceeded $7 billion, with a focus on ineffective AML and overcompliance.

According to international consulting reports, over 90% of AML spending goes to processes that do not uncover real criminal schemes. Overcompliance has become a separate problem: companies formally comply with requirements but lose flexibility, clients and money. That is why regulators increasingly require a risk-based approach rather than mechanical rule-following.
Jurisdiction Registration time AML requirements Suitable for
Estonia (EU) 1–2 weeks Digital KYC, eIDAS, SAR reporting Fintech, crypto
Singapore (Asia) 2–4 weeks KYC automation, PEP screening Payments, trading
Cyprus (EU) 5–10 days Full UBO disclosure, sanctions lists Holding, investments
Dubai (UAE) 3–7 days Free Zone, enhanced monitoring High-risk business
When choosing a jurisdiction ask yourself:

  • Where are my clients and funds located?
  • What AML expectations do banks in that country have?
  • Can I confirm the source of funds without “grey areas”?
  • Are there requirements for substance and governance?
  • How easy is it to scale AML as turnover grows?

Answers to these questions are more important than the tax rate. Choose taking geo-risks into account: for entry into Africa add screening for adverse media data and blacklists.

Obtaining licenses for crypto, banking services, forex or payments requires perfect AML compliance. Regulators like the FCA in the United Kingdom or MAS in Singapore check not only capital, but also transaction monitoring, risk-based AML and readiness for CFT requirements (countering the financing of terrorism).

For regulators a license is an indicator of business maturity. They assess not only current procedures but also the company’s ability to manage risks as it grows. Formal AML here becomes a stop factor: it does not scale and cannot withstand load.
The solution developed by COREDO for a client from Slovakia seeking a crypto license in Estonia illustrates the approach. The client’s standard formal AML approach generated tons of false SARs (suspicious activity reports), blocking operations. We optimized processes: implemented AML automation with machine learning for transaction analysis, integrated updates of PEP and sanctions lists. The license was obtained in 8 weeks, without regulatory risk and with compliance ROI above 300%.

ROI from risk-based AML is evident not only in reduced fines. It speeds up licensing, reduces blocks, and increases the trust of banks and investors. In our projects operational AML cost savings reach 40–60% already in the first year.

The harm of formal AML is obvious: AML overspend up to $28 million for a fintech company, account blocking of legitimate businesses and reputational risks. Why? Manual data processing leads to low AML effectiveness: false positives overload teams, while real threats slip through. In the United Kingdom the SRA recorded 74 AML cases in 2024, many due to ineffective KYC.

AML business risks: fines and criminal liability

Illustration for the section «AML business risks: fines and criminal liability» in the article «Why formal AML more often harms than helps»

AML risks for business are evolving. Violations of AML in the EU and Asia lead not only to financial fines, but also to license suspension, account freezes and even criminal liability for top management. Regulators are escalating levels of intervention: from warnings to full revocation.

In 2024–2025 regulators in the EU and Asia increased personal liability for executives. AML is no longer viewed as a function of the compliance department — it is the responsibility of the CEO and the board of directors. Mistakes in risk assessment can lead not only to fines, but also to criminal prosecution.
Our experience at COREDO with an Asian trader in Dubai highlights: the client ignored product- and geo-risk assessments, working with high-risk clients without due diligence. The bank froze the accounts, the media picked up the scandal, and reputational losses amounted to millions. We conducted an audit, set up AML screening and risk-based monitoring, restoring operations within a month.

Why does formal AML block the accounts of legitimate businesses? It focuses on volume, not on risks: excessive KYC harms ROI, false SARs reduce effectiveness, and scaling AML procedures for Europe, Asia and the CIS becomes chaotic without automation.

How COREDO Solves Problems

Illustration for the section 'How COREDO Solves Problems' in the article 'Why formal AML more often harms than helps'

The COREDO team offers a full cycle: from registration to AML optimization. We conduct risk assessments, implement automated systems for transaction monitoring, and train staff to FATF standards. For international business in Africa we add screening against greylists, minimizing reputational losses.

Example: a project for an Estonian payment company expanding into Singapore. Formal AML caused KYC shortcomings and delays. Our solution: custom algorithms focused on high-risk, which reduced AML false positives by 80% and saved 50% of resources. Now their AML compliance ROI is positive and the license is stable.

Optimizing AML resources is simple:

  • Assess risks by clients, geographies and products;
  • Automate screening for PEPs, sanctions and media;
  • Implement risk-based KYC – only for high-risk;
  • Scale with ROI in mind: automation is five times more effective than a formal approach.
We acknowledge the challenges: regulators are tightening control, but risk-oriented AML is your shield. At COREDO we support you at every stage, ensuring transparency and speed.
Risk-oriented AML is not a one-off project, but a management system. It should evolve with the business, adapting to new markets and products.
At COREDO we do not sell ‘AML policy’. We build an architecture that withstands growth, audits and crises — while remaining economically efficient.

Ready to scale your business without AML traps? Contact us: we’ll discuss your strategy in person.

LEAVE AN APPLICATION AND GET
A CONSULTATION

    By contacting us you agree to your details being used for the purposes of processing your application in accordance with our Privacy policy.

    +420 228 886 867

    K Cervenemu dvoru 3269/25a, Prague, 130 00, Czech Republic

    Sitemap    © 2026 Copyright © RES JUDICATA s.r.o. All rights reserved | llms.txt