Lithuanian EMI licence: the quiet benchmark for fintechs in 2026

Why Lithuania became the default jurisdiction

The story starts in 2018. Estonia faced the Danske Bank scandal, and the FSA tightened compliance to the point where application timelines stretched past eighteen months. Malta suffered reputational erosion after successive FinCEN advisories and FATF grey-listing threats. Lithuania moved in the opposite direction: the central bank invested €4.2 million into a dedicated fintech unit, digitalised the entire application portal, and published explicit supervisory expectations in English.

By 2023, Bank of Lithuania processed seventy-three EMI and payment institution applications. Approval rate hovered around sixty-one per cent—high enough to be credible, low enough to signal real scrutiny. Compare that to Malta, where the MFSA approved eleven licences in the same year, or Estonia, which granted fourteen. The differential is structural, not accidental.

Our desk worked with a UK-based founder—neo-banking rails for SME cross-border payments, €1.8 million seed round—who applied simultaneously in Estonia and Lithuania. Estonia requested four separate AML manual revisions and imposed a face-to-face board interview in Tallinn. Lithuania's supervisor sent two clarification rounds via the online portal, scheduled a single video compliance review, and issued the licence in eight months and two weeks. The founder relocated the registered office to Vilnius three months later.

This is not anecdote. It is pattern. The regulator's published service standard commits to a decision within six months from the date the application is deemed complete. In practice, completeness takes two to three months to achieve if the applicant engages local counsel early. Total elapsed time: nine to eleven months in seventy per cent of cases we tracked between 2022 and 2025.

Capital requirements and operational substance

The statutory minimum for an EMI licence under Lithuanian law—transpose of PSD2—is €350,000 in paid-up share capital. That figure must sit in a segregated account at a licensed credit institution before the licence is granted. No staged payment. No loan notes. Cash.

Once operational, the capital requirement scales with the volume of outstanding electronic money and payment transactions. The Bank of Lithuania applies the own-funds calculation under Article 7 of the EMI Directive: initial capital plus two per cent of average outstanding e-money, whichever is higher. For a fintech processing €40 million in monthly volume, that translates to roughly €800,000 in own funds. The regulator audits this quarterly.

Substance requirements are explicit. The applicant must maintain a registered office in Lithuania with at least two resident directors who pass fit-and-proper assessments. The central bank publishes a thirty-two-page questionnaire covering criminal records, previous regulatory sanctions, credit history, and professional references. We have seen one director rejected because of an unresolved County Court Judgment in the UK worth £14,000. The bar is high.

• Minimum two employees physically based in Vilnius performing compliance and risk management functions.
• IT infrastructure hosted either in Lithuania or another EEA state, with documented data residency and incident response protocols.
• Third-party service agreements (banking partner, KYC provider, fraud monitoring) submitted for prior approval.

These are not box-ticking exercises. The supervisor conducts on-site inspections during the first operational year. A fintech we advised—payment gateway for e-commerce merchants—was inspected four months post-licence. The team found the compliance officer working remotely from Warsaw. Licence was suspended pending relocation. The founder moved the officer to Vilnius within six weeks and the suspension was lifted, but the message was clear: remote compliance does not qualify.

Passporting mechanics and cross-border reality

A Lithuanian EMI licence grants automatic passporting rights across the European Economic Area under PSD2. That includes all twenty-seven EU member states plus Iceland, Norway, and Liechtenstein. The process is notification-based, not approval-based. The applicant submits a passporting notice to the Bank of Lithuania specifying target jurisdictions and services. The regulator forwards the notice to the host supervisors, and operations can commence within two months.

Now to the friction points. Passporting does not exempt the entity from local consumer protection rules, advertising standards, or anti-fraud regulations in the host state. A Lithuanian EMI offering payment initiation services in Germany must comply with BaFin's notification requirements for PIS providers. In France, the entity must register with the ACPR's public register even though no separate licence is required. In Italy, Banca d'Italia imposes quarterly transaction reporting for non-resident EMIs processing over €10 million annually.

The upside is scale. A properly structured Lithuanian EMI can onboard customers in Paris, Milan, and Amsterdam using a single compliance framework, a single capital buffer, and a single supervisory relationship. The alternative—applying for separate licences in France, Italy, and the Netherlands—would require upward of €2.5 million in regulatory capital, three local boards, and eighteen to twenty-four months per jurisdiction. The arithmetic is unambiguous.

Lithuania versus Malta: the divergence sharpens

Malta used to be the offshore fintech hub. The MFSA was early to PSD2, offered English-language supervision, and had a functional relationship with UK-based applicants. Then came the Pilatus Bank scandal, the murder of Daphne Caruana Galizia, and Moneyval's 2019 enhanced follow-up report flagging systematic AML deficiencies.

The regulatory response was predictable: the MFSA doubled application fees, extended timelines, and introduced a pre-application interview process that effectively operates as informal gatekeeping. Application costs for a Malta EMI licence now sit at €30,000 excluding legal and compliance advisory. Timeline stretches to fourteen months at median. The regulator requests board composition changes, shareholder due diligence on beneficial owners three steps removed, and certified translations of documents issued in non-EU jurisdictions.

Compare that to Lithuania. Application fee: €3,000. Supervisory fee: €1,500 annually. No pre-application interview. No translation requirement for documents in English. The Bank of Lithuania publishes a seventy-eight-page application guide with annotated examples of acceptable AML manuals, business plans, and governance structures. The MFSA publishes a six-page rulebook and expects applicants to figure out the rest.

We moved three clients from Malta to Lithuania between 2023 and 2025. One was a remittance platform with African corridors—€18 million annual volume. The MFSA demanded a physical office in Valletta with four employees, despite ninety-six per cent of transactions originating outside Malta. Lithuania required two employees in Vilnius and accepted remote customer onboarding across EEA jurisdictions. The founder saved €240,000 annually in fixed costs.

Lithuania versus Estonia: speed is not the only variable

Estonia built its fintech brand on e-Residency, digital signatures, and a regulator perceived as tech-friendly. That perception is now obsolete. The Estonian FSA introduced a two-tier licensing process in 2022: applicants first receive a provisional licence, operate under enhanced supervision for twelve months, then apply for a full licence. The provisional period imposes transaction caps—typically €5 million monthly—and prohibits passporting.

Lithuania has no such bifurcation. The EMI licence is granted in full, with immediate passporting rights, subject only to the standard prudential and conduct requirements. A fintech can begin cross-border operations the day the licence is issued. Estonia's provisional regime adds twelve months of restricted operations before the entity reaches functional parity.

The FSA also tightened beneficial ownership disclosure. Any shareholder holding five per cent or more—direct or indirect—must submit notarised background checks, financial statements, and source-of-funds documentation. If the shareholder is a holding company, the FSA pierces through to natural persons. We worked with a founder whose corporate structure included a Cayman SPV holding twenty-eight per cent of the applicant entity. The FSA requested audited financials for the SPV, personal tax returns for three ultimate beneficial owners, and apostilled certificates of good standing from the Cayman registrar. Timeline: six additional months.

• Lithuania: beneficial ownership disclosure stops at twenty-five per cent threshold, consistent with EU 5AMLD.
• Estonia: beneficial ownership disclosure applies at five per cent threshold, with regulator discretion to go deeper.
• Lithuania: no provisional licensing stage; full EMI licence issued upon approval.

The founder chose Lithuania. Licence granted in nine months, passporting into Germany and France operational within eleven months. Estonia would have taken twenty-one months to reach the same point.

What breaks: the common failure modes

Most applications fail on governance and AML. The Bank of Lithuania rejects applicants whose compliance officers lack demonstrable experience in payment services or whose business plans contain revenue projections unsupported by market analysis. We have seen a business plan rejected because it projected €12 million revenue in Year Two based on 'anticipated viral growth'—no customer acquisition cost breakdown, no cohort retention data, no sensitivity analysis.

The second common failure is capital structure. Applicants who capitalise the entity via shareholder loans, not equity, are flagged immediately. The regulator requires share capital, meaning ordinary shares issued for cash consideration, registered in the Lithuanian commercial register, and held free of encumbrances. A founder attempted to satisfy the €350,000 requirement using a director's loan note convertible into equity upon licence issuance. Application rejected within three weeks.

Third failure mode: inadequate IT and outsourcing documentation. The regulator requires detailed service agreements with third-party providers—banking partner, KYC vendor, transaction monitoring system—covering data protection, termination rights, and business continuity. An applicant submitted a Letter of Intent from a KYC vendor instead of a signed contract. The Bank of Lithuania sent a deficiency notice within forty-eight hours. The applicant secured a signed agreement, but the delay added two months to the process.

Fourth: residence and presence. Directors who claim Lithuanian residence but hold no rental agreement, utility bill, or tax registration in the country are rejected. The regulator cross-checks immigration records. One director provided a Vilnius address but had entered Lithuania only twice in the preceding twelve months, both times for less than seventy-two hours. The fit-and-proper assessment failed on residency grounds.

The 2026 landscape: what changed, what remains

Two regulatory shifts matter this year. First, the Bank of Lithuania introduced a new reporting standard for payment fraud under the EBA's revised guidelines on fraud data reporting. EMIs must now submit quarterly breakdowns of authorised push payment fraud, card-not-present fraud, and account takeover incidents. Reporting threshold: any fraud event exceeding €1,000. The data feeds into a cross-border fraud database shared with other EEA regulators.

Second, the regulator tightened safeguarding requirements. Client funds must now be held in segregated accounts at credit institutions rated at least A- by a recognised rating agency. Previously, the rule required only EU authorisation. A Lithuanian EMI using a Latvian bank rated BBB+ received a formal notice to transfer funds to a higher-rated institution within ninety days. The founder moved balances to a German bank rated AA-. Additional cost: €18,000 annually in higher account fees.

On the operational side, Lithuania remains stable. The government extended the corporate tax exemption for fintech companies reinvesting profits into R&D—effective rate drops to five per cent on retained earnings allocated to product development. The labour market tightened slightly: compliance officers with PSD2 experience now command €65,000 to €80,000 annually, up from €55,000 in 2023. Still cheaper than London (£90,000) or Frankfurt (€95,000).

We expect application volume to increase fifteen to twenty per cent in 2026. The Bank of Lithuania is hiring additional supervisory staff—budget allocation of €2.1 million approved by the Seimas in December 2025. That should prevent timeline drift. The regulator's public commitment remains six months from completeness to decision. So long as that holds, Lithuania stays ahead.

I contenuti di questa pagina hanno scopo informativo e non costituiscono consulenza legale, fiscale o finanziaria. Per analisi personalizzate, contatta il nostro team advisory.