5 Key Factors
- AML in Lithuania goes beyond preventing money laundering. It encompasses customer identification, beneficial owner verification, ongoing monitoring of business relationships, suspicious transaction reporting, sanctions compliance, and internal controls – all enforced through a risk-based regulatory framework.
- Not every Lithuanian company is an obliged entity under AML law. However, financial institutions, payment and e-money businesses, crypto-asset service providers, accountants providing certain services, gambling operators, and other specified sectors have explicit, mandatory AML obligations.
- AML compliance in Lithuania is supervised by two principal authorities: FNTT (the Financial Crime Investigation Service) – the core financial intelligence unit and AML enforcement authority – and the Bank of Lithuania, which supervises financial market participants. The applicable supervisor depends on the company’s sector and licence type.
- AML is not a one-time setup. Obliged entities must maintain risk assessments, customer due diligence procedures, ongoing transaction monitoring, staff training, and reporting workflows throughout the life of the business. Non-compliance can result in substantial fines, supervisory action, and reputational damage.
- Company in Lithuania UAB (company code 304377400) helps businesses with initial business-model review, identification of AML exposure, company formation, documentation support, and coordination with compliance specialists for businesses operating in Lithuania.
Anti-money laundering requirements are among the most critical compliance obligations for businesses operating in Lithuania – particularly for those in financial services, crypto, payments, and other regulated sectors. Lithuania’s AML framework follows EU directives and is enforced through dedicated national authorities with substantial supervisory and penalty powers.
For foreign founders entering the Lithuanian market, understanding whether and how AML obligations apply is essential before operations begin. This article explains the AML framework in Lithuania as of 2026: who is affected, what the core requirements are, how supervision works, and what happens when compliance falls short.
What AML Means for Businesses in Lithuania in 2026
AML – anti-money laundering – in the Lithuanian regulatory context refers to a comprehensive system of controls designed to prevent the financial system from being used for money laundering and terrorist financing. For businesses, this means far more than a policy document. It includes customer identification and verification, beneficial owner checks, risk-based assessment of business relationships, ongoing monitoring of transactions and customer behaviour, detection and reporting of suspicious monetary operations to FNTT, and compliance with international sanctions regimes.
The framework is built on Lithuanian national legislation transposing EU anti-money laundering directives, and is enforced by FNTT and the Bank of Lithuania depending on the sector.
Do All Lithuanian Businesses Have AML Obligations?
No. AML obligations in their full scope apply to obliged entities – specific categories of businesses defined by law. An ordinary commercial company (for example, a trading or IT services UAB) is not automatically subject to the full AML regime simply because it is registered in Lithuania.
However, any business that falls within a regulated category – by the nature of its services, clients, or licence – becomes an obliged entity with mandatory AML duties. The critical step is determining whether the company’s business model places it within the scope of AML law before or immediately upon registration.
Which Businesses in Lithuania Are Considered Obliged Entities
The main categories of obliged entities under Lithuanian AML law include financial institutions – banks, credit unions, and other licensed financial service providers; payment institutions and electronic money institutions; crypto-asset service providers, now operating under CASP licensing expectations; insurance companies and intermediaries in relevant lines; accountants and auditors providing certain professional services; gambling operators and related businesses; real estate agents, dealers in high-value goods, and other specified categories.
Accountants deserve particular attention. Lithuanian regulatory practice and professional guidance specifically highlight AML obligations for accounting service providers – a point that foreign founders often overlook when engaging Lithuanian bookkeepers or outsourced accounting firms.
Who Regulates AML Compliance in Lithuania
AML supervision in Lithuania is divided between two authorities. FNTT – Finansinių nusikaltimų tyrimo tarnyba (the Financial Crime Investigation Service) – is the national financial intelligence unit and core enforcement authority. It receives suspicious transaction reports, conducts investigations, and imposes sanctions for violations.
The Bank of Lithuania supervises AML compliance among financial market participants – banks, payment institutions, e-money institutions, and investment firms. Understanding which authority supervises a specific business is essential for reporting, inspections, and guidance.
Core AML Requirements for Obliged Entities
The fundamental AML obligations for obliged entities in Lithuania include establishing internal AML policies and procedures tailored to the business; conducting customer due diligence (CDD) before and during business relationships; identifying and verifying beneficial owners of corporate clients; maintaining ongoing monitoring of transactions and customer behaviour; detecting and reporting suspicious monetary operations to FNTT; complying with international sanctions screening requirements; keeping records of customer identification, transactions, and due diligence measures; and training staff on AML procedures, red flags, and reporting obligations.
These requirements form an integrated compliance system – each element supports the others, and a gap in any area can undermine the entire framework.
Risk Assessment: The Starting Point of AML Compliance
AML compliance in Lithuania is risk-based. Obliged entities must assess their own exposure to money laundering and terrorist financing risks – by customer type, geographic jurisdiction, products and services, and delivery channels.
The risk assessment is not a one-time exercise. It must be reviewed regularly to reflect changes in the business and risk environment. Lithuania’s National Risk Assessment provides broader context, but each business must conduct its own entity-level assessment.
Customer Due Diligence and Identification Rules
Customer due diligence is the practical core of AML compliance. Before establishing a business relationship, the obliged entity must identify the customer, verify their identity using reliable sources, understand the purpose of the relationship, and assess the customer’s risk profile.
CDD is not reducible to collecting a copy of an ID document. The Bank of Lithuania emphasises that the depth of checks must be proportionate to the assessed risk – requiring a genuine understanding of who the customer is, what they do, and whether the relationship presents elevated risk.
Beneficial Owner Identification
Identifying the ultimate beneficial owner (UBO) of a corporate client is a separate and critical AML duty. For companies with complex ownership structures – particularly international groups and multi-layered holding arrangements – UBO identification requires tracing the ownership chain to the natural person who ultimately controls the entity.
The Bank of Lithuania treats beneficial owner identification as a standalone compliance category. Failure to identify the UBO – or relying on incomplete or outdated information – is a common compliance gap that attracts supervisory attention.
Ongoing Monitoring and Transaction Review
AML compliance does not end after onboarding. Obliged entities must monitor business relationships and transactions on an ongoing basis – looking for changes in customer behaviour, unusual patterns, and indicators of money laundering or terrorist financing. FNTT requires submission of data on monetary operations meeting defined thresholds, reinforcing that monitoring is an active, continuous obligation.
When Suspicious Transactions Must Be Reported
When an obliged entity identifies a monetary operation or transaction that raises suspicion of money laundering or terrorist financing, it must report it to FNTT. The obligation to report is absolute – it applies regardless of the transaction amount, the customer relationship, or any internal uncertainty about whether the suspicion is well-founded.
The volume of suspicious transaction reports in Lithuania remains very high, reflecting both the scale of regulated activity and the intensity of supervisory expectations. Failure to detect and report suspicious transactions is one of the most serious AML compliance failures and a primary focus of enforcement action.
International Sanctions as Part of AML Compliance
In 2026, sanctions compliance is integral to the AML framework. FNTT confirms that all persons in Lithuania must comply with international sanctions and not facilitate their circumvention.
For businesses, this means sanctions screening of customers, counterparties, and transactions; maintaining current sanctions lists; internal escalation for potential matches; and ensuring no relationship or transaction violates applicable regimes. This obligation applies to all obliged entities and, in broader terms, to all Lithuanian businesses.
PEPs, Enhanced Due Diligence and High-Risk Cases
Politically exposed persons (PEPs) – individuals who hold or have held prominent public functions – require enhanced due diligence under Lithuanian AML law. This includes senior management approval for establishing the relationship, enhanced monitoring, and additional measures to understand the source of funds.
Beyond PEPs, enhanced due diligence applies to any business relationship or transaction that presents a higher risk of money laundering or terrorist financing – whether due to the customer’s profile, the geographic exposure, the complexity of the structure, or other risk factors identified in the entity’s risk assessment.
AML Officer, Internal Policies and Staff Training
Effective AML compliance requires designated responsible persons, documented internal policies, and trained staff. An AML policy on paper – without operational implementation – is insufficient from a supervisory perspective.
Obliged entities must appoint an AML officer or responsible person, maintain written policies and procedures covering all core AML duties, and ensure that relevant staff receive regular training on AML requirements, red flags, and reporting procedures. This is particularly important for accountants, fintech companies, and crypto-asset service providers, where supervisory expectations are high and enforcement is active.
Technology, Monitoring Tools and Outsourced AML Functions
Many businesses use technological solutions for screening, monitoring, and sanctions checks. The Bank of Lithuania has clarified that it does not pre-approve specific AML tools – supervised entities must assess whether the chosen solution meets legal requirements.
Outsourcing AML functions to third parties does not transfer regulatory responsibility. The business remains fully accountable for AML compliance regardless of whether functions are performed internally or externally.
Sector-Specific Focus: Financial Institutions, Crypto and Accountants
The AML burden differs sharply by sector. Financial institutions – banks, payment and e-money institutions – are under the deepest level of prudential and AML supervision, with the Bank of Lithuania as their primary regulator. Crypto-asset service providers in Lithuania now operate under CASP licensing expectations, with AML compliance as a core condition of authorisation.
Accountants and bookkeeping service providers may also fall within AML obligations when they provide certain professional services – a point that Lithuanian regulatory practice and professional guidance specifically highlight. Foreign founders engaging accounting services in Lithuania should verify whether their provider is AML-compliant and whether their own business model creates AML duties.
What Happens If a Business Fails AML Compliance
Non-compliance carries serious consequences. FNTT and the Bank of Lithuania impose substantial fines for AML infringements – with publicly reported aggregate enforcement figures confirming active use of this power.
Beyond financial penalties, consequences include supervisory findings, mandatory remediation orders, reputational damage affecting banking relationships, and in severe cases, licence revocation or criminal investigation. Building AML compliance into the company structure from the outset is far less costly than addressing enforcement action after the fact.
AML Checklist for Lithuanian Businesses in 2026
A practical AML compliance sequence for businesses in Lithuania follows this logic. First, determine whether the company is an obliged entity under AML law. Second, map the company’s risk exposure – by customer type, geography, product, and delivery channel. Third, appoint an AML officer or responsible person. Fourth, implement internal AML and sanctions policies and procedures. Fifth, establish customer due diligence and beneficial owner identification workflows. Sixth, set up ongoing monitoring and suspicious transaction reporting mechanisms. Seventh, train all relevant staff on AML requirements and red flags. Eighth, maintain evidence, records, and documentation for supervisory review. This sequence applies from the first day of operations – not as a future improvement plan.
When a Simple Company Setup Is Not Enough
For businesses whose model falls into an AML-sensitive or licensed category, company formation in Lithuania is only the first step. Immediately upon registration – and ideally before – the company must address governance, internal policies, CDD procedures, monitoring systems, and sector-specific compliance requirements.
Foreign founders who register a UAB without anticipating AML obligations risk launching operations that are structurally non-compliant from day one. Identifying AML exposure at the business-planning stage allows the company to be set up with the right governance, documentation, and compliance framework from the start.
How We Help Lithuanian Businesses Build AML-Ready Structures
Company in Lithuania UAB supports businesses with initial business-model review and identification of AML exposure, company formation and registration of a Lithuanian UAB, documentation support for internal policies and compliance frameworks, coordination with legal and compliance specialists for AML-sensitive sectors, and ongoing corporate and accounting support for businesses operating in Lithuania.
Contact Company in Lithuania UAB – our team will help you assess your AML obligations and build a compliant business structure in Lithuania from the start.