Verification knowledge hub
Everything you need to know if you pick Lithuania as a launchpad for your fintech.
Lithuania has become a European fintech hotspot thanks to its optimized licensing process for e-money and payment services. Unsurprisingly, this has attracted leading firms to the country, including Revolut—a UK-based unicorn with a $33 billion valuation.
Anti-Money-Laundering (AML) compliance is an essential requirement for getting licensed in Lithuania. So let’s dive deep into the country’s regulatory and licensing regime.
Fintech growth in Lithuania has been driven by Brexit, as fintech start-ups have had to find EU-based alternatives to the UK for their operations within the bloc. Lithuania has emerged as an attractive jurisdiction thanks to the business-friendly practices of the Bank of Lithuania, which enable companies to:
Currently, Lithuania has licensed over 250 fintechs including EMI sector leaders like Revolut, Shift4 Payments, Contis, TransferGo, and others. The country is also within the top 10 of the Global Fintech Ranking.
Lithuania offers an optimized licensing process for payment institutions (PIs) and e-money institutions (EMIs). The licensing rules are described in Resolution № 238 on the authorisations granted by the Bank of Lithuania to Electronic Money Institutions and Payment Institutions (“the Resolution”).
To apply for a license, businesses must fill in the application form provided in Annex 1 (for EMIs) and Annex 2 (for PIs) of the Resolution and prepare a package of documents. This includes:
The full list of documents and requirements are provided in the Resolution, the Republic of Lithuania Law on Electronic Money and Electronic Money Institutions and the Republic of Lithuania Law on Payment Institutions.
*Initial capital requirements depend on the type of license, namely:
The amount of initial capital needed for a PI license depends on the services that the applicant intends to provide. The list of services can be found in Article 6 of the Republic of Lithuania Law on Payments. The corresponding amounts of initial capital are described in Article 14 of the Republic of Lithuania Law on Payment Institutions.
The license issuing process takes on average 3 months and includes several steps:
*In cases when documents are unsubmitted or submitted with deficiencies, the application period may be extended.
All in all, getting licensed as an EMI and a PI in Lithuania entails significantly lower incorporation and operational costs compared to other European countries. At the same time, licensed businesses must сomply with the Lithuanian AML regulations. Below, we’ll talk about these obligations in detail.
Lithuania’s AML law targets “financial institutions” and “other obliged entities” operating or willing to operate in Lithuania. Namely, the regulated businesses include:
Branches of foreign financial institutions established in Lithuania are also subject to the Lithuanian AML scope. This includes e-money and payment institutions whose head office is in another EU Member State providing services in Lithuania via branches or agents.
For a full list of “other obliged entities”, check out Article 2, paragraph 10 of Law on the Prevention of Money Laundering and Terrorist Financing.
There are two main supervising authorities for fintech companies in Lithuania:
Under Lithuanian AML law, businesses must:
The Bank of Lithuania provides businesses with guidelines on AML measures in the Amending resolution № 03-17 of the board of the Bank of Lithuania of 12 February 2015 on the approval of the guidelines on the prevention of money laundering and/or terrorist financing.
Customer Due Diligence (CDD) is the process of identifying customers/beneficial owners and verifying their identity. CDD also includes obtaining information on the purpose and intended nature of the business relationship or transaction. According to the AML law, businesses in Lithuania must undertake CDD before:
Additionally, CDD measures are required when there are doubts over the authenticity of KYC data previously obtained from the customer. Other cases mandating CDD are described in Article 9, Paragraphs 2-10 of the AML Law.
Know Your Customer (KYC) as a part of CDD is the process of identifying and verifying customers. The AML Law describes the information that businesses must obtain from natural and legal persons for their identification and verification.
Identification of natural persons
When the customer is a foreigner, the personal number can be replaced by any other unique identifier or date of birth. Also, in case of foreign customers, businesses must obtain information on their residence permit, namely its number, place and date of issuance, and validity period.
Identification of legal persons
When identifying legal entities businesses must identify their beneficial owners.
The beneficial owner is a person who directly or indirectly owns more than 25% of a company’s capital/voting rights or otherwise exercises ultimate control over it.
Identification of beneficial owners
When identifying a beneficial owner, businesses can use the Information System of Legal Entities Participants (JADIS) or other state registers to assure the validity of the obtained data. Businesses can also ask customers to indicate public sources that could validate information about their beneficial owner(s).
The AML law describes cases when businesses are allowed to identify and verify customers and beneficial owners without their physical presence. This includes cases when:
1. Using verification data obtained from other financial institutions or obliged entities if they meet two conditions:
In this case, it is still the businesses’ responsibility to comply with the CDD requirements and the AML law.
2. Using remote verification solutions operating under the electronic identification schemes with high or substantial assurance levels under Regulation (EU) No 910/2014 (“eIDAS Regulation”);
3. Obtaining a qualified electronic signature under the eIDAS Regulation to confirm a person’s identity;
4. Verifying the customer’s identity documents via a video call. In case the customer’s face is not recorded during the video, their identity must be validated by an advanced electronic signature (according to Article 26 of the eIDAS Regulation);
5. Ensuring that the customer’s first payment comes from an account linked to an EU credit institution or credit institution of a third country applying the same AML standards. This can only be done by simultaneously obtaining a paper copy of the customer’s ID, in case the copy is notarised or certified by a local chief or a consular officer.
During CDD and ongoing monitoring, businesses must pay attention to suspicious transactions. This includes, but not limited to:
When businesses detect a suspicious transaction, they must take the following steps:
Lithuania is one of the most attractive jurisdictions in the EU in terms of payment and e-money institution licensing due to its fastest licensing process, newcomer program, and the friendly investment and start-up environment. At the same time, Lithuania made significant progress in combatting money laundering and terrorist financing, underscoring the importance of compliance for fintechs willing to enter this country. To truly benefit from this promising fintech hub, businesses should ensure they’re meeting all the current and future regulations that Lithuania rolls out.
Let us help your company stay compliant with AML/KYC regulations in Lithuania. Get in touch with us today.