Business Services for Fintech Companies in Lithuania

AT A GLANCE

Lithuania has issued more EMI and payment institution licences than most other EU member states — making it the most accessible regulated fintech jurisdiction in the EU.
A Lithuanian fintech company needs more than a registration certificate — it requires an AML/KYC framework, a compliance officer, capital adequacy planning, and governance that satisfies the Bank of Lithuania.
We provide seven service areas for fintech companies: accounting, legal, compliance, compliance documentation drafting, recruitment, outsourcing, and regulatory advisory.
MiCA regulation took full effect in December 2024, establishing Lithuania as one of the primary EU jurisdictions for crypto-asset service provider authorisation.
Our fintech team works across the full spectrum of Lithuanian and EU regulatory frameworks — EMI, PI, MiCA, VASP, investment firm, and crowdfunding licences.

Lithuania is the leading EU jurisdiction for fintech licensing — accessible, well-regulated, and actively open to payment companies, EMIs, crypto businesses, and forex operators. Establishing a fintech company here requires company registration, AML/KYC compliance documentation, regulatory advisory on the applicable licence, and ongoing accounting and legal support calibrated to the obligations of a licensed entity. We cover all seven service areas under one engagement — from initial structure design through to licence approval and post-licence operations. Our fintech team has direct experience across EMI, PI, MiCA, VASP, and investment firm regulatory frameworks.

Why Lithuania Is the Leading EU Fintech Jurisdiction

Lithuania’s position as the EU’s primary fintech licensing destination is not the result of marketing — it is the outcome of deliberate regulatory infrastructure built over a decade. The Bank of Lithuania has invested in making its licensing process faster, more transparent, and more accessible than most comparable EU regulators, while maintaining the compliance standards required for EU-wide passporting rights.

EMI and payment institution licensing

Lithuania has issued more electronic money institution (EMI) and payment institution (PI) licences than any other EU member state. The Bank of Lithuania processes licence applications within statutory timelines that are shorter than the EU average, its pre-application consultation process is genuinely accessible, and the capital requirements are proportionate. An EMI licence issued by the Bank of Lithuania carries full EU passporting rights under the Electronic Money Directive (EMD2) and the Payment Services Directive (PSD2), allowing the licensed entity to offer services across all 27 EU member states under a single authorisation.

MiCA and crypto licensing

The EU Markets in Crypto-Assets Regulation (MiCA — Regulation EU 2023/1114) took full effect in December 2024 and introduced a harmonised EU licensing framework for crypto-asset service providers (CASPs). Lithuania is one of the primary MiCA licensing destinations in the EU. The Bank of Lithuania and the Financial Crime Investigation Service (FNTT) jointly oversee crypto regulation in Lithuania. Companies that registered as Lithuanian VASPs before MiCA now have a transitional pathway to full MiCA authorisation. New entrants can apply for MiCA CASP authorisation directly through the Bank of Lithuania.

CENTROlink and SEPA infrastructure

The Bank of Lithuania’s CENTROlink payment system provides licensed Lithuanian institutions with direct access to the Single Euro Payments Area (SEPA) infrastructure — a significant practical advantage for payment companies that would otherwise need to access SEPA through a sponsor bank. For EMIs and PIs that process EU payments, CENTROlink access eliminates the dependency on a third-party bank and gives the company direct settlement capability within the EU payments network.

Talent, cost, and operational environment

Vilnius has a growing fintech talent pool — compliance officers, AML analysts, software engineers, and financial professionals with experience in regulated entities. The cost of establishing operations in Lithuania is competitive relative to Western European fintech hubs. The country’s digital infrastructure ranks among the best in the EU, and English is widely used in the corporate and professional services environment. For companies that need to demonstrate genuine operational presence to the regulator — as most licensed entities do — Lithuania is both credible and practical.

Lithuania fintech by numbers

300+ licensed fintech companies operating in Lithuania · #1 EU jurisdiction by volume of EMI licences issued · Pre-application consultation with Bank of Lithuania: available and recommended · SEPA direct access via CENTROlink for all licensed institutions · MiCA CASP authorisation framework operational since December 2024 · AML supervision: Bank of Lithuania (licensed entities) and FNTT (VASPs and obliged entities)

Regulated Licences Available in Lithuania

Different fintech activities require different licences. The table below maps the most common fintech business models to the applicable Lithuanian regulatory framework. We advise on the correct licence category as the first step of every regulatory advisory engagement.

Business Activity	Licence / Registration	Authority	Min. Capital
Issuing e-money, e-wallets	EMI Licence	Bank of Lithuania	€350,000
Payment processing, acquiring	Payment Institution Licence	Bank of Lithuania	€125,000–€250,000
Crypto exchange, custody, brokerage	MiCA CASP Authorisation	Bank of Lithuania	€50,000–€150,000
Forex, CFD, investment services	Investment Firm Licence (MiFID II)	Bank of Lithuania	€75,000–€750,000
Crowdfunding platform	ECSP Licence	Bank of Lithuania	€50,000
VASP (pre-MiCA / transitional)	VASP Registration	FNTT	No minimum
Consumer and P2P lending	Consumer Credit Institution	Bank of Lithuania	€1,000,000

The licence categories above are simplified descriptions. Exact scope depends on the specific services offered and business model. A payment company also holding client funds may need an EMI rather than a PI licence. A crypto business offering staking may be treated differently from one offering exchange services only. We assess the correct category in the initial regulatory advisory consultation before any application work begins.

Our Services for Fintech Companies

Fintech companies in Lithuania have more complex service requirements than standard commercial businesses — spanning accounting, legal, compliance, documentation, staffing, and regulatory engagement simultaneously. We provide all seven service areas under one engagement, with a team that understands both the Lithuanian regulatory environment and the practical realities of building a licensed fintech business.

Accounting Services for Fintech

Accounting for a licensed fintech entity goes beyond standard bookkeeping. Regulatory capital requirements must be monitored monthly. Client fund segregation must be reflected correctly in the accounts. Transactions in multiple currencies — including crypto assets — require specialist treatment. We provide fintech-specific accounting on a fixed monthly retainer, with reporting calibrated to both standard Lithuanian obligations and the additional requirements of a Bank of Lithuania-regulated entity.

Monthly bookkeeping under Lithuanian accounting standards — including multi-currency and crypto transactions
Regulatory capital monitoring — monthly confirmation that minimum capital requirements are maintained
Client fund segregation accounting — separate tracking of client funds in safeguarding accounts
VAT returns — including complex VAT treatment of financial and payment services
Payroll and SoDra declarations for Lithuanian compliance and operations staff
Annual financial statements for both JAR filing and Bank of Lithuania regulatory reporting
Intragroup transaction accounting and transfer pricing documentation
Crypto asset accounting — fair value measurement and VMI-compliant reporting

Legal Services for Fintech

Legal work for a licensed fintech company spans corporate law, contract law, employment law, and regulatory law at the same time. The legal documentation required — terms of service, data processing agreements, payment processing contracts, employment agreements for regulated roles — must satisfy both standard Lithuanian commercial law and the additional requirements imposed by the Bank of Lithuania as conditions of the licence. We prepare and maintain the full legal documentation framework for fintech companies.

Terms of service and user agreements — compliant with PSD2, EMD2, MiCA, GDPR, and Lithuanian consumer protection law
Data processing agreements — for fintech companies processing client personal data at scale
Payment processing and acquiring agreements — for companies operating payment infrastructure
Employment contracts for regulated roles — compliance officers, MLROs, data protection officers
Shareholder agreements and corporate governance — aligned with Bank of Lithuania governance expectations
Cross-border passporting agreements — for companies providing services across EU member states
Licence condition compliance documentation — internal policies required as conditions of authorisation
Regulatory correspondence support — drafting and reviewing communications with the Bank of Lithuania

Compliance Services for Fintech

AML/KYC compliance is a legal obligation under the Lithuanian Law on the Prevention of Money Laundering and Terrorist Financing, which implements the EU Anti-Money Laundering Directives. For licensed entities, the Bank of Lithuania actively supervises compliance frameworks and conducts on-site inspections. A framework that is incomplete, undocumented, or inconsistently applied is a material risk to the licence. We design, implement, and maintain AML/KYC compliance frameworks from pre-licence stage through to ongoing regulatory supervision.

AML/KYC policy drafting — comprehensive internal policy compliant with Lithuanian law and FATF standards
Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) procedures and workflows
Business-wide ML/TF risk assessment and customer risk scoring methodology
MLRO (Money Laundering Reporting Officer) function — outsourced or advisory
Transaction monitoring framework — typologies, alert thresholds, escalation procedures
STR (Suspicious Transaction Report) filing procedures and FNTT reporting
Compliance testing and gap analysis against current Bank of Lithuania expectations
Supervisory examination preparation — supporting companies ahead of Bank of Lithuania reviews

MLRO requirement for licensed entities

Every Lithuanian fintech company subject to AML obligations must designate a Money Laundering Reporting Officer (MLRO) — a named individual responsible for receiving internal suspicious activity reports and filing STRs with the FNTT. The MLRO must be adequately qualified, given sufficient authority, and supported by documented procedures. We provide outsourced MLRO services for licensed entities that do not yet have this function in-house.

Compliance Documentation Drafting

A licensed fintech company is not compliant simply because it has an AML policy — it is compliant when all of its operational procedures, internal controls, and staff-facing documents are correctly drafted, consistently applied, and regularly reviewed. The Bank of Lithuania's supervisory examinations assess documentation quality directly. Gaps between a company's stated policies and its actual documented procedures are one of the most common findings in regulatory examinations. We draft the complete suite of compliance documentation required for a licensed Lithuanian fintech entity.

AML/CFT Compliance Programme — the master document defining the company's full anti-money laundering framework
Customer Acceptance Policy — defining which customers are accepted, rejected, or subject to enhanced scrutiny
KYC Onboarding Procedures — step-by-step documented procedures for individual and corporate client onboarding
Enhanced Due Diligence (EDD) Procedures — for PEPs, high-risk jurisdictions, and complex ownership structures
Transaction Monitoring Procedures — alert handling, investigation workflow, and escalation to the MLRO
Sanctions Screening Procedures — screening against EU, UN, OFAC, and other applicable sanctions lists
Internal STR Reporting Procedures — how staff report suspicions internally before the MLRO files externally
Compliance Training Programme — staff AML/KYC training materials and training records framework
Data Retention and Record-Keeping Policy — aligned with AML retention obligations (minimum 5 years)
Outsourcing Policy — governing third-party service arrangements in accordance with EBA guidelines
Business Continuity and ICT Risk Policy — for companies subject to DORA (Digital Operational Resilience Act)
Annual Compliance Review Template — structured internal review of the compliance programme effectiveness

Documentation vs. policy

There is a meaningful distinction between having an AML policy and having a fully documented compliance programme. An AML policy states what the company does in principle. Compliance documentation provides the step-by-step procedures that staff actually follow — the KYC checklist an analyst uses when onboarding a client, the decision tree a transaction monitoring officer uses when an alert fires, the escalation flowchart the MLRO uses when deciding whether to file an STR. The Bank of Lithuania's examiners review both. We draft both.

Recruitment Services for Fintech

A Lithuanian fintech licence requires a demonstrably qualified team. The Bank of Lithuania assesses the fitness and propriety of key function holders — directors, the compliance officer, the MLRO, the risk manager, and any other persons responsible for regulated activities. Beyond the regulatory requirement, a fintech operation needs staff who understand compliance, payments infrastructure, and financial services. We support fintech companies in identifying, assessing, and onboarding the key personnel needed to satisfy both the regulator and operational requirements.

Compliance officer and MLRO sourcing — candidates with Bank of Lithuania-approved qualification profiles
Risk manager and internal audit function sourcing for licensed entities
AML analyst and KYC specialist recruitment for companies building in-house compliance teams
Technical staff sourcing — payments engineers, backend developers, and infrastructure specialists
Employment contract drafting for regulated roles — compliant with the Labour Code and licence conditions
Fit and proper assessment support — preparing key function holders for Bank of Lithuania suitability review
Employer registration and payroll setup for companies making their first Lithuanian hires

Outsourcing Services for Fintech

Not every fintech company needs a full in-house team from day one. Outsourcing key functions — CFO, compliance officer, legal counsel, and MLRO — allows companies to access qualified professionals at a fraction of the cost of full-time employment, while meeting the Bank of Lithuania's requirements for demonstrated expertise in regulated roles. We provide outsourced function services specifically designed for licensed and pre-licence fintech entities.

Outsourced CFO — monthly financial oversight, management reporting, investor relations support
Outsourced Compliance Officer — ongoing compliance programme management, policy maintenance, staff training
Outsourced MLRO — STR assessment and FNTT filing, SAR management, internal reporting oversight
Outsourced Legal Counsel — ongoing advisory on licence conditions, regulatory changes, and contracts
Virtual DPO (Data Protection Officer) — GDPR compliance programme management
Regulatory reporting support — periodic Bank of Lithuania submissions and supervisory correspondence
Board advisory services — preparing management for Bank of Lithuania governance assessments

Outsourcing and the Bank of Lithuania

The Bank of Lithuania permits outsourcing of key functions — including compliance and MLRO — provided arrangements are properly documented, the provider meets qualification requirements, and the licensed entity retains full oversight responsibility. Outsourced functions must be covered by a written outsourcing agreement satisfying EBA guidelines. We prepare the required outsourcing agreements as part of every outsourced function engagement.

Regulatory Advisory

Regulatory advisory covers the strategic and technical guidance needed to navigate the Lithuanian and EU regulatory landscape — from selecting the right licence through to preparing and submitting the application, managing the Bank of Lithuania review process, and maintaining compliance with ongoing supervisory expectations after the licence is granted. We provide regulatory advisory at every stage of the fintech regulatory lifecycle.

Licence selection and strategy — assessing the applicable regulatory framework and most efficient path to authorisation
Pre-application consultation — preparing for and attending Bank of Lithuania pre-application meetings
Licence application preparation — complete package: business plan, capital adequacy model, governance documents, AML policy
Application submission and Bank of Lithuania liaison — managing the review and responding to regulator queries
MiCA CASP authorisation — full application support for crypto-asset service providers under MiCA Regulation
VASP registration and MiCA transitional pathway — for companies registered pre-MiCA seeking full MiCA authorisation
Ongoing regulatory compliance programme — maintaining licence conditions and preparing for supervisory examinations
Regulatory change monitoring — tracking EU and Lithuanian regulatory developments affecting licensed entities

The Fintech Company Lifecycle in Lithuania

Building a licensed fintech company in Lithuania follows a defined sequence. Understanding what is required at each stage helps avoid the delays that result from preparing documents in the wrong order or starting the licence application before the foundational elements are in place.

Stage	Key Activities	Typical Timeline	Services Involved
Structure design	Entity selection, share structure, governance design, licence strategy	Week 1–2	Regulatory advisory, legal
Company registration	UAB registration, address, bank account, VAT	Week 2–4	Corporate, accounting
Pre-licence prep	AML policy, compliance docs, business plan, capital plan, key personnel	Month 1–3	Compliance, documentation, legal, recruitment, regulatory
Licence application	Submission to Bank of Lithuania; responses to queries	Month 3–6	Regulatory advisory, legal, compliance
BoL review	Regulator assessment, fit-and-proper interviews, additional information	Month 6–12	Regulatory advisory, compliance, outsourcing
Licence granted	Certificate issued; SEPA/CENTROlink connection; operational launch	Month 10–14	All services
Ongoing supervision	Periodic reporting, AML monitoring, licence condition compliance, examinations	Ongoing	Accounting, compliance, documentation, outsourcing, regulatory

Realistic timeline expectations

The Bank of Lithuania’s statutory review period for EMI and PI applications is 3 months from the date a complete application is received. In practice, the total process from initial preparation to licence grant typically takes 10–14 months for well-prepared applications. The most common causes of delay are incomplete applications, governance gaps identified during the review, and fit-and-proper concerns about key function holders. A well-prepared application — with complete documentation, a credible business plan, and qualified key personnel — moves through the process significantly faster than one assembled under time pressure.

AML Compliance: What Lithuanian Fintech Companies Must Have

AML compliance is the area where most fintech licence applications run into problems — either because the framework is incomplete at the time of application, or because it has not been properly maintained after the licence is granted. The Bank of Lithuania and the FNTT both conduct active AML supervision of licensed entities. Here is what a compliant Lithuanian fintech entity must have in place.

Before the licence application

A fully drafted AML/CFT Compliance Programme — not a template, but a document tailored to the specific business model and customer base
A designated MLRO — named, qualified, and with a documented mandate
A business-wide ML/TF risk assessment — identifying the specific money laundering and terrorist financing risks of the company’s activities
Customer Acceptance Policy — defining risk appetite for customer categories, PEPs, high-risk jurisdictions
KYC and EDD procedures — documented step-by-step onboarding workflows for all customer types the company will serve
Transaction monitoring framework — a documented approach to monitoring transactions for suspicious activity

After the licence is granted

Annual review of the AML/CFT Compliance Programme — updated to reflect regulatory developments and business changes
Ongoing transaction monitoring — active monitoring of customer transactions against established typologies and thresholds
STR filing with the FNTT — within the statutory timeframe when suspicious activity is identified
AML training for all relevant staff — documented, with training records maintained
Regular internal compliance testing — assessing whether documented procedures are being followed in practice
Regulatory reporting — periodic submissions to the Bank of Lithuania and FNTT as required by licence conditions

What Bank of Lithuania examiners look for

During AML supervisory examinations, the Bank of Lithuania’s examiners review the written compliance programme, sample customer onboarding files to assess KYC quality, examine transaction monitoring alert records, and interview the MLRO and compliance officer. The most common findings are: insufficient EDD for high-risk customers; transaction monitoring alerts that were closed without adequate investigation; AML policies that do not reflect the company’s actual business model; and MLRO functions held by individuals without demonstrable AML expertise. Our compliance documentation and outsourced MLRO services are designed specifically to address these examination risk areas.

Frequently Asked Questions

An Electronic Money Institution (EMI) licence allows the holder to issue electronic money — digital representations of monetary value stored on a device or server. This covers e-wallets, prepaid cards, and stored-value accounts. A Payment Institution (PI) licence allows the holder to process payments and provide payment services, but does not permit issuing electronic money or holding client funds beyond what is strictly necessary for payment execution. If your business model involves holding client funds in e-wallets or issuing prepaid products, you need an EMI licence. If you are processing payments without holding funds, a PI licence is sufficient. The minimum capital requirement for an EMI (€350,000) is higher than for a standard PI (€125,000).

The Bank of Lithuania’s statutory review period is 3 months from receipt of a complete application. In practice, the total timeline from initial preparation to licence grant is typically 10–14 months for well-prepared applications. This includes 2–3 months of pre-application preparation, 1–2 months to prepare and submit the formal application, the 3-month review period, and the time required to respond to any queries and complete any final conditions. Applications with incomplete documentation or governance gaps take longer. We manage the full timeline on your behalf.

For standard commercial activities, a virtual office registered address is sufficient. For licensed entities — EMIs, PIs, and MiCA-authorised companies — the Bank of Lithuania expects a genuine operational presence in Lithuania. This typically means at least a physical office address (not just a virtual address), Lithuanian-based staff in key roles including compliance, and demonstrable management activity taking place in Lithuania. The level of physical presence required depends on the size and complexity of the licensed entity. We advise on what constitutes adequate presence for your specific licence category.

MiCA (Markets in Crypto-Assets Regulation — EU 2023/1114) is the EU’s harmonised regulatory framework for crypto-asset service providers, which took full effect in December 2024. Under MiCA, any company offering crypto-asset services to EU users must be authorised by a national competent authority in an EU member state. The Bank of Lithuania is the competent authority for MiCA authorisation in Lithuania. Lithuanian VASPs registered before MiCA have a transitional period to obtain full MiCA authorisation. New entrants must apply for MiCA CASP authorisation directly. We support both the transitional pathway for existing VASPs and new MiCA applications.

Yes — and it should be. The AML/CFT Compliance Programme, Customer Acceptance Policy, KYC procedures, and related documents are required as part of the licence application package. Submitting an application without complete compliance documentation results in an incomplete filing that the regulator will return or query immediately. We prepare the full compliance documentation suite as part of the pre-application preparation phase, typically 2–3 months before the formal application is submitted.

For licensed entities, the Bank of Lithuania expects key function holders to be accessible and actively engaged. The compliance officer does not need to be a Lithuanian resident, but must be able to attend Bank of Lithuania meetings when required, must be reachable during Lithuanian business hours, and must demonstrate that the compliance function is genuinely operational rather than nominal. For companies using an outsourced compliance officer, the outsourcing arrangement must be documented in accordance with EBA outsourcing guidelines and the Bank of Lithuania must be notified of the arrangement.

DORA — the Digital Operational Resilience Act (EU Regulation 2022/2554) — applies to financial entities regulated in the EU, including licensed EMIs, PIs, investment firms, and MiCA-authorised companies. It requires covered entities to have ICT risk management frameworks, ICT incident reporting procedures, digital operational resilience testing, and contractual arrangements with third-party ICT providers that meet specific requirements. DORA compliance is an ongoing obligation for licensed Lithuanian fintech entities from January 2025. We prepare ICT risk policies and DORA compliance documentation as part of our compliance documentation drafting service.

Ready to build your Lithuanian fintech company?

Contact us to begin. We will confirm the correct licence for your business model, assess your current state of readiness, and provide a structured engagement plan covering all seven service areas. We work with pre-application companies, companies mid-application, and licensed entities that need ongoing support. Response within 24 business hours.