Outsourcing Services for Fintech Companies in Lithuania

AT A GLANCE

Outsourcing key functions — CFO, compliance officer, MLRO, legal counsel, and DPO — allows a fintech company to access qualified professionals at a fraction of the cost of full-time employment while satisfying Bank of Lithuania requirements.
The Bank of Lithuania permits outsourcing of regulated functions, provided the arrangements are properly documented and the licensed entity retains full accountability for compliance.
We provide six outsourced functions for fintech companies: CFO, compliance officer, MLRO, legal counsel, data protection officer, and regulatory reporting support.
All outsourced functions come with the documentation required by the Bank of Lithuania — written outsourcing agreements, notification where required, and audit-ready records.
Outsourcing is available as a standalone service or as part of a combined setup covering all functions a new licensed entity needs from launch.

Outsourcing services for fintech means engaging qualified professionals to perform specific functions — CFO, compliance officer, MLRO, legal counsel, or data protection officer — on a retainer basis rather than as full-time employees. The Bank of Lithuania permits licensed entities to outsource these functions, subject to proper documentation and oversight requirements. Outsourcing gives early-stage and mid-size fintech companies access to senior expertise from the first day of operations, at a cost structure that scales with the business rather than requiring upfront headcount investment. We provide all six outsourced functions under one engagement, with a single point of contact and a team that understands the full regulatory picture of each client.

Why Fintech Companies Outsource Key Functions

A Bank of Lithuania-licensed fintech entity is required to have qualified people performing specific functions — compliance, MLRO, risk management, financial oversight — from day one of operations. For most early-stage and mid-size fintech companies, hiring senior full-time professionals in all of these roles simultaneously is neither practical nor cost-efficient at launch stage.

Outsourcing provides a structured alternative: the function is performed by a qualified professional on a defined retainer, the licensed entity retains full accountability and oversight, and the cost scales with the actual scope of work rather than being fixed at a full-time salary plus employer contributions. As the company grows and transaction volumes increase, the outsourced retainer can be scaled up or transitioned to a full-time hire when that makes more operational sense.

The cost comparison

A full-time senior compliance officer in Vilnius costs approximately €3,000–€4,500 gross per month plus 4.77% employer social contributions — representing a total employer cost of €3,143–€4,715 per month, or €37,716–€56,580 per year. This commitment is made before the company has any clients, before the licence is granted, and before revenue has begun. An outsourced compliance officer covering the same regulatory function on a retainer costs a fraction of this, scales with the actual workload, and can be supplemented by full-time hiring when the volume justifies it.

When outsourcing is the right structure

Pre-licence stage — when the company needs qualified functions for the application but revenue has not yet begun
Post-licence launch — when functions are needed from day one but transaction volumes do not yet justify full headcount
Growth stage — when the company needs to scale specific functions faster than it can hire and onboard in-house
Multi-jurisdiction operations — when a function covers multiple entities and full-time duplication across entities is inefficient
Interim coverage — when a function holder leaves and a qualified replacement is needed while recruitment takes place

Outsourcing vs. staffing through us

We provide both outsourcing (where our team members perform the function) and recruitment (where we find and place a permanent employee). For functions that require deep, ongoing involvement in day-to-day operations — such as a full compliance officer managing a growing team — a permanent hire is eventually the right structure. For functions that require senior oversight without daily operational involvement — CFO advisory, MLRO sign-off, DPO management — outsourcing remains appropriate indefinitely. We advise on which model fits each function as the company evolves.

Outsourcing and the Bank of Lithuania: What Is Permitted

The Bank of Lithuania’s framework for outsourcing by licensed entities is based on the EBA Guidelines on Outsourcing Arrangements (EBA/GL/2019/02). Understanding what is and is not permitted — and how to structure an outsourcing arrangement to satisfy the regulator — is essential before entering into any outsourcing arrangement for a regulated function.

What the Bank of Lithuania permits

Outsourcing of the compliance officer function — provided the arrangement is documented and the licensed entity retains oversight
Outsourcing of the MLRO function — subject to the conditions on MLRO independence and access to information
Outsourcing of financial management and CFO advisory functions
Outsourcing of legal counsel and regulatory advisory functions
Outsourcing of the Data Protection Officer function — explicitly contemplated under GDPR
Outsourcing of regulatory reporting and Bank of Lithuania submission preparation

What must always remain with the licensed entity

Ultimate accountability for compliance — the licensed entity cannot outsource its regulatory responsibility
Strategic decision-making and risk appetite — the board and senior management retain full ownership of strategy
Internal oversight of outsourced functions — the licensed entity must monitor and review outsourced providers
Key management functions where the Bank of Lithuania requires in-house performance — varies by licence type and entity size

Documentation requirements

Every outsourcing arrangement for a regulated function must be covered by a written outsourcing agreement that satisfies EBA guidelines. The agreement must specify: the scope of services, the service level expectations, the provider’s qualifications, the licensed entity’s right to audit and inspect, data protection obligations, business continuity arrangements, and termination provisions. For critical or important outsourcing — functions whose interruption would materially affect operations — the Bank of Lithuania must be notified before the arrangement takes effect. We prepare the required outsourcing agreements and notifications for every function we provide.

Concentration risk

The Bank of Lithuania monitors concentration risk in outsourcing — where a licensed entity outsources multiple critical functions to the same provider. While this is permitted, it requires active management: the entity must demonstrate that it is not excessively dependent on any single provider and has continuity plans if the provider relationship ends. Where we provide multiple outsourced functions to a single client, we document the oversight framework and contingency arrangements as part of the engagement.

Our Outsourced Functions for Fintech Companies

We provide six outsourced functions — covering the financial, compliance, legal, and governance needs of a licensed Lithuanian fintech entity. Each function is delivered on a defined monthly retainer with a clear scope of work, a named responsible professional, and the documentation the Bank of Lithuania requires.

Outsourced CFO — Financial oversight and management reporting
The outsourced CFO provides senior financial oversight for the licensed entity — monthly management reporting, regulatory capital monitoring, investor reporting, and financial planning. For pre-revenue and early-stage fintech companies, the outsourced CFO function fills the gap between the accounting team (which processes transactions) and the board (which needs strategic financial information). For licensed entities, the CFO function also ensures that regulatory capital obligations are monitored and reported correctly.Role scope: Monthly financial oversight, management reporting, regulatory capital monitoring, investor liaison, budget and cash flow planning.

Monthly management accounts — P&L, balance sheet, cash flow, and regulatory capital position
Regulatory capital monitoring — monthly calculation of own funds and minimum capital requirement
Budget preparation and variance analysis — quarterly and annual budget vs. actual reporting
Investor reporting — management packs for shareholders, board, and external investors
Cash flow planning — 13-week rolling cash flow forecast and treasury management guidance
Audit support — liaison with external auditors and preparation of audit schedules
Financial policy review — reviewing and updating financial policies as the business grows
Board financial presentations — preparing and presenting financial data at board meetings

Outsourced Compliance Officer — Ongoing compliance programme management
The outsourced compliance officer manages the licensed entity’s ongoing compliance programme — keeping the AML/KYC framework current, monitoring regulatory developments, conducting compliance testing, and preparing for Bank of Lithuania supervisory interactions. For smaller licensed entities, the outsourced compliance officer can simultaneously hold the MLRO designation, covering both functions under a single retainer. All work is performed by a named compliance professional with direct Bank of Lithuania-regulated entity experience.Role scope: Compliance programme management, regulatory monitoring, compliance testing, staff training coordination, and Bank of Lithuania liaison.

Ongoing AML/KYC compliance programme management — maintaining policies, procedures, and controls
Quarterly compliance review — assessing programme effectiveness and identifying gaps
Annual AML risk assessment update — refreshing the business-wide ML/TF risk assessment
Regulatory change monitoring — tracking EU and Lithuanian regulatory developments affecting the licence
Compliance testing — periodic testing of CDD files, transaction monitoring, and staff knowledge
Staff AML training coordination — annual training delivery and records maintenance
Board compliance reporting — quarterly compliance report to senior management and the board
Bank of Lithuania examination preparation — pre-examination review and document organisation

Outsourced MLRO — Suspicious activity management and FNTT reporting
The outsourced MLRO is the legally designated individual responsible for receiving internal suspicious activity reports from company staff, assessing them, and deciding whether to file Suspicious Transaction Reports (STRs) with the FNTT. The MLRO must be accessible during Lithuanian business hours, have unrestricted access to client data and transaction records, and be available to respond to FNTT enquiries. We provide a named, qualified MLRO on a documented outsourcing arrangement that satisfies Bank of Lithuania requirements.Role scope: SAR assessment, STR filing with FNTT, FNTT liaison, and MLRO reporting to the board.

Internal SAR assessment — reviewing all suspicious activity reports escalated by staff
STR filing with the FNTT — within the statutory timeframe when suspicion is confirmed
FNTT liaison — responding to FNTT information requests, enquiries, and freeze orders
Declination decisions — documented rationale for SARs assessed and not filed
MLRO monthly report — summary of SAR volume, STR filings, and AML risk observations to the compliance officer and board
Regulatory correspondence — drafting MLRO-related responses to Bank of Lithuania queries
MLRO annual review — review of the STR filing record and effectiveness of the internal reporting process
24-hour availability for urgent STR decisions — MLRO reachable outside business hours for time-sensitive matters

MLRO and compliance officer — combined or separate

For smaller licensed entities, the MLRO and compliance officer roles may be held by the same person. We offer a combined outsourced compliance officer and MLRO retainer at a single monthly fee — providing both functions under one engagement with a single named professional. As the entity grows and SAR volumes increase, we advise on whether separating the roles is operationally warranted.

Outsourced Legal Counsel — Ongoing legal advisory and regulatory legal support
The outsourced legal counsel provides ongoing legal advisory to the licensed entity — reviewing and updating commercial contracts, advising on licence condition compliance, analysing the impact of regulatory changes, and drafting regulatory correspondence. For fintech companies that do not need a full-time in-house lawyer but have a continuous flow of legal questions and document needs, an outsourced legal counsel retainer provides senior legal coverage at a predictable monthly cost.Role scope: Ongoing legal advisory, contract review, licence condition monitoring, regulatory change analysis, and regulatory correspondence drafting.

Contract review and negotiation support — reviewing incoming contracts from partners, clients, and technology providers
Licence condition monitoring — tracking ongoing obligations and flagging compliance risks as they arise
Regulatory change analysis — assessing the practical legal impact of new EU and Lithuanian regulation
Employment law advisory — guidance on HR matters, terminations, and employment documentation updates
Regulatory correspondence drafting — Bank of Lithuania letters, notifications, and responses
Corporate governance maintenance — board resolutions, shareholder decisions, and register updates
Ad hoc legal queries — written responses to one-off legal questions within 24 business hours
Monthly legal briefing — summary of regulatory developments relevant to the client’s licence and operations

Outsourced Data Protection Officer (DPO) — GDPR compliance management
The Data Protection Officer (DPO) is a GDPR-mandatory role for organisations that carry out large-scale processing of personal data as a core activity — which includes most fintech companies operating a payment or crypto platform. The DPO monitors GDPR compliance, provides advice on data protection obligations, and acts as the contact point for the State Data Protection Inspectorate (SDPI) and for data subjects exercising their rights. GDPR explicitly permits and in some cases encourages the use of an external DPO. We provide a qualified outsourced DPO on a documented engagement.Role scope: GDPR programme management, SDPI liaison, data subject rights handling, and data protection advisory.

GDPR compliance programme oversight — monitoring the ongoing effectiveness of the privacy framework
Data subject rights management — coordinating responses to access, erasure, portability, and objection requests within GDPR timeframes
Data breach assessment and notification — assessing breach severity and managing SDPI and data subject notifications
DPIA oversight — reviewing Data Protection Impact Assessments for new processing activities
Vendor DPA review — assessing data processing agreements with new third-party service providers
State Data Protection Inspectorate liaison — responding to SDPI enquiries and inspections
Annual GDPR review — reviewing the privacy programme against current regulatory expectations
Staff data protection training — annual privacy awareness training delivery and records

Regulatory Reporting Support — Bank of Lithuania periodic submissions
Licensed Lithuanian fintech entities must submit periodic regulatory reports to the Bank of Lithuania — covering prudential data, payment volumes, client fund positions, and operational matters. These submissions must reconcile with the accounting records and be prepared to a format and standard that the regulator can directly use for supervisory analysis. Errors or delays in regulatory reporting are a supervisory finding. We prepare periodic Bank of Lithuania submissions for licensed entities, coordinating with the accounting team to ensure consistency between the management accounts and the regulatory returns.Role scope: Periodic Bank of Lithuania submission preparation, data reconciliation, and supervisory correspondence.

Quarterly prudential returns — own funds, payment volumes, and outstanding e-money calculations for EMIs and PIs
Annual regulatory financial data — Bank of Lithuania annual data submissions reconciled with the statutory accounts
FNTT periodic reporting — annual AML statistical report filed with the Financial Crime Investigation Service
Ad hoc regulatory submissions — responding to Bank of Lithuania requests for additional data or clarification
Supervisory correspondence support — drafting responses to Bank of Lithuania information requests
Reconciliation with management accounts — ensuring all regulatory submissions are consistent with the accounting records
Submission calendar management — tracking all regulatory reporting deadlines and ensuring timely filing

Outsourced vs. In-House: A Direct Comparison

The right structure for each function depends on the company’s stage, transaction volume, and operational complexity. The comparison below reflects the practical difference between outsourcing and in-house hiring for the key functions at a Lithuanian licensed fintech entity.

Factor	In-House Hire	Outsourced Function
Monthly cost (compliance officer example)	€3,143–€4,715 total employer cost (€3,000–€4,500 gross + 4.77% contributions)	Lower fixed monthly retainer — scales with actual scope of work
Available from	After recruitment (4–8 weeks) + Bank of Lithuania fit-and-proper (4–8 weeks)	From contract signature — typically within 1–2 weeks
Bank of Lithuania approval	Required before key function holder takes up the role	We hold required qualifications — no new fit-and-proper process
Depth of expertise	Single person — expertise limited to that individual’s background	Backed by a team — specialist knowledge across AML, legal, and regulatory
Scale flexibility	Fixed cost regardless of transaction volume or complexity	Retainer adjusts as scope changes; scales up or down with the business
Regulatory documentation	Employment contract; no outsourcing agreement required	Written outsourcing agreement required; we prepare and maintain this
Continuity risk	High dependency on individual — illness or resignation creates gap	Team-backed — continuity maintained if individual is unavailable
Transition to in-house	N/A — already in-house	We support the transition when the time comes — handover of all documentation and processes

Outsourcing Services Pricing

All ongoing outsourced function retainers are quoted on request — the monthly fee depends on the scope of work, transaction volumes, and the complexity of the licensed entity’s operations. One-off engagements and setup fees for defined deliverables are priced at fixed rates. There are no hourly charges within an agreed retainer scope.

Service	Price
Outsourced CFO — monthly retainer Based on company size, transaction volume, and reporting requirements	On request
Outsourced Compliance Officer — monthly retainer Based on licence type, client base size, and compliance programme scope	On request
Outsourced MLRO — monthly retainer Based on expected SAR/STR volume and company risk profile	On request
Combined Compliance Officer + MLRO — monthly retainer Single named professional covering both functions — typically most efficient for smaller entities	On request
Outsourced Legal Counsel — monthly retainer Based on expected contract volume and regulatory advisory requirements	On request
Outsourced DPO — monthly retainer Based on processing volume, number of data subjects, and SDPI interaction frequency	On request
Regulatory Reporting Support — monthly retainer Based on licence type and number of periodic submissions required	On request
Outsourcing agreement preparation (per function) Written outsourcing agreement satisfying EBA guidelines; Bank of Lithuania notification where required	€800
Bank of Lithuania outsourcing notification For critical/important outsourcing arrangements requiring prior notification	€400
Initial compliance programme health check (new outsourcing clients) Assessment of existing programme before we take over the outsourced function	€1,600
Transition-in documentation package Full handover document pack when transitioning from a previous provider or in-house function	€1,000
Transition-out documentation package (to in-house hire) Full handover to an incoming in-house function holder when the company is ready to hire permanently	€1,000
One-off MLRO consultation (complex SAR or regulatory query) Per session — for specific matters outside a standing retainer	€600
One-off regulatory advisory session (CFO / legal) Per session — for specific financial or legal questions outside a retainer	€750

How retainer pricing works

Monthly retainer fees are quoted individually based on a brief scoping call — typically 30–45 minutes. We ask about the licence type, client volumes, current compliance status, and the expected scope of work for each function. From this, we provide a fixed monthly rate. The rate is reviewed quarterly and adjusted where the scope has materially changed. There is no minimum contract period — we work month-to-month, though most clients engage on a rolling 6–12 month basis given the regulatory continuity requirements.

Combined outsourcing package

Companies that need multiple outsourced functions simultaneously — for example, compliance officer, MLRO, and legal counsel at launch — benefit from a combined package at a discounted total monthly rate. Contact us to discuss a combined package for the specific functions you need. We work with companies at pre-licence stage, building the outsourced team in advance of the licence application, and with newly licensed entities that need the functions operational from day one.

Frequently Asked Questions

The Bank of Lithuania does not formally approve or reject individual outsourcing arrangements — but it does review them during supervisory examinations and can issue findings if the arrangement does not satisfy EBA outsourcing guidelines. Findings typically arise from: inadequate outsourcing agreements (missing required clauses), failure to notify the regulator for critical or important outsourcing, insufficient oversight by the licensed entity of the outsourced provider, or concentration risk concerns. We structure all outsourcing arrangements to satisfy EBA guidelines and Bank of Lithuania expectations, including the preparation of the outsourcing agreement and notification where required.

Yes — and for smaller licensed entities, this is the most common structure. Lithuanian AML law and Bank of Lithuania guidance permit the compliance officer and MLRO roles to be held by the same individual, provided that individual has the qualifications and time to perform both functions adequately and that there is no structural conflict of interest between the roles. As the entity grows and the volume of SARs and compliance work increases, separating the roles becomes more appropriate. We provide the combined function initially and advise when separation is warranted.

Whether a specific outsourcing arrangement requires prior notification depends on whether it constitutes ‘critical or important’ outsourcing under EBA guidelines. Outsourcing the compliance officer function at a licensed entity is typically considered critical or important — meaning prior notification to the Bank of Lithuania is required before the arrangement takes effect. We prepare the notification and submit it on behalf of the licensed entity. The Bank of Lithuania does not have a formal approval process for outsourcing notifications — it acknowledges receipt and can raise concerns, but the arrangement can proceed unless the regulator objects.

Transitioning from an outsourced function to an in-house hire is a natural progression that we actively support. When a company decides to bring a function in-house, we manage the transition: preparing a comprehensive handover documentation package, briefing the incoming hire on the regulatory history and current status of the function, and ensuring continuity during the handover period. We charge a fixed transition-out fee of €500 for this service. The transition typically takes 4–6 weeks from the point the incoming hire is confirmed.

A Data Protection Officer is mandatory under GDPR where an organisation’s core activities consist of large-scale processing of personal data — which includes most fintech companies operating payment or crypto platforms. Where a DPO is mandatory, GDPR explicitly permits the role to be performed by an external service provider rather than an employee. The DPO must be accessible to data subjects and the supervisory authority (SDPI), must have expert knowledge of data protection law, and must be provided with the resources necessary to perform their tasks. An outsourced DPO satisfies all of these requirements, provided the engagement is correctly structured.

Yes — and using outsourced functions during the application process is often the most efficient approach. The Bank of Lithuania’s licence application requires demonstrably qualified key function holders to be in place at the point of application. Using our outsourced compliance officer and MLRO during the application phase means the functions are staffed by professionals who already have Bank of Lithuania fit-and-proper standing, eliminating the need to complete a new fit-and-proper process for these roles. This can shorten the pre-application preparation timeline significantly.

When we take over an outsourced function from a previous provider or from an in-house function holder who has left, we conduct a structured transition-in exercise. This includes: reviewing all existing compliance documentation for completeness and quality; assessing the current status of the function against Bank of Lithuania expectations; identifying and prioritising any gaps; briefing ourselves on the company’s client base, risk profile, and regulatory history; and confirming the scope of the ongoing retainer. The transition-in documentation package (€500) covers the review, the written assessment, and the transition plan. It is separate from the first month’s retainer fee.

Ready to discuss outsourcing for your fintech company?

Contact us to book a scoping call. We will assess which functions are most appropriate to outsource at your current stage, confirm whether prior Bank of Lithuania notification is required, and provide fixed monthly retainer quotes for each function within 24 hours. No minimum commitment — we quote on a function-by-function basis.