Crypto Asset Regulations in Lithuania: New Opportunities with MiCA Compliance

Lithuania has emerged as a progressive hub for cryptocurrency innovation, aligning its regulatory framework with the European Union’s Markets in Crypto-Assets (MiCA). In recent developments, the Lithuanian government has implemented significant changes to its laws to foster a sustainable crypto sector while ensuring consumer protection and financial stability. On June 8, 2022, the Lithuanian Seimas (Parliament) approved amendments to the Law on the Prevention of Money Laundering and Terrorist Financing, tightening regulations for crypto-asset service providers (CASPs). These changes are set to take full effect in December 2024, with a transitional period extending until June 2025, allowing businesses time to adapt to the new requirements. The official announcement is available on the Ministry of Finance’s website.

These regulatory updates aim to:

• Enhance consumer protection: By introducing stringent licensing and compliance requirements, consumers are better protected against fraud and malpractice
• Ensure financial stability: By enforcing capital requirements and risk management protocols, the financial system is safeguarded against systemic risks
• Promote market integrity: Through transparency and governance obligations, the crypto market becomes more reliable and trustworthy.

To help you navigate across the changing regulatory system, we, at Sumsub, have prepared a complete guide on the topic. 

Who is the regulator?

The primary regulatory authority overseeing the crypto sector in Lithuania is the Bank of Lithuania. The Bank of Lithuania is responsible for:

• Issuing licenses: Granting operating licenses to CASPs and ensuring they meet regulatory standards
• Supervision and compliance: Monitoring CASPs for adherence to financial regulations, including anti-money laundering (AML) and counter-terrorist financing (CTF) measures
• Enforcement: Revoking licenses or providing fines for non-compliance.

The Ministry of Finance also plays a crucial role in shaping legislation and aligning national laws with EU directives such as MiCA.

Additionally, the Financial Crime Investigation Service (FCIS) oversees AML/CTF compliance and investigates financial crimes within the crypto sector.

What are the main regulations?

Lithuania’s crypto assets regulations, include several key provisions:

• MiCA (Regulation (EU) 2023/1114): MiCA introduces a set of rules applicable across all EU member states, ensuring market integrity and investor protection. It distinguishes between different crypto assets such as utility tokens and e-money tokens and sets the basis for their regulation. Its overarching aim is to harmonize crypto assets regulations across the EU;
• TFR (Regulation (EU) 2023/1113): The TFR, as defined in MiCA, provides the Travel Rule, mandating the sharing of specific information about the originator and beneficiary during fund transfers. The TFR requires CASPs to collect data about the originator and beneficiary of transfers, verify and share it with counterparties to manage risks in crypto-asset transfers, implement Enhanced Due Diligence (EDD) measures on third-country counterparty CASPs, verify control or ownership of unhosted wallets, comply with AML/CFT measures, etc.
• Law on Prevention of Money Laundering and Terrorist Financing (No. VIII-275, XIV-1374 and XIV-2883): Law No. VIII-275 imposes strict AML/CTF obligations on crypto businesses. Companies must conduct thorough Customer Due Diligence (CDD), monitor transactions, and report suspicious activities to the FCIS. Law No. XIV-1374 and XIV-2883 have implemented MiCA and TFR in Lithuanian legislation and aligned it with the EU’s AML directives.

Suggested read: Global Cryptocurrency Regulations (2024)

Who is affected?

The regulations impact a wide range of participants in the crypto ecosystem:

Regulated entities:

• CASPs. The primary group affected by these regulations are CASPs, which include exchanges, custodians, and wallet providers. Exchanges that facilitate the trading of cryptocurrencies and tokens are heavily regulated under MiCA. They must ensure market integrity by implementing real-time transaction monitoring, CDD, and asset safeguarding. Additionally, exchanges must ensure that customer funds are segregated from operational capital to prevent misuse in case of insolvency. Custodians must meet strict requirements for securing customer assets, while digital wallets are mandated to have advanced cybersecurity protections, ensuring that customers’ private keys and funds remain safe from hacking and fraud. In general, CASPs’ type of activities include:

1. Custody and administration: Safekeeping of crypto-assets on behalf of clients
2. Trading platform operation: Managing trading platforms where crypto-assets are exchanged
3. Exchange: Exchanging crypto-assets for funds or other crypto-assets
4. Order execution: Executing orders on behalf of clients for the purchase or sale of crypto-assets
5. Reception and transmission: Reception and transmission of orders for crypto-assets on behalf of clients
6. Placement: Marketing and distributing crypto-assets on behalf of the offeror
7. Portfolio management: Managing portfolios of crypto-assets for clients
8. Transfer services: Transferring crypto-assets between distributed ledger addresses or accounts.

• Token issuers. Token issuers, particularly those involved in initial coin offerings (ICOs), are required to follow clear rules on transparency and disclosure. Under MiCA, they must provide detailed whitepapers outlining the purpose of the token, associated risks, and legal obligations to protect investors. Asset-referenced tokens (ARTs) and e-money tokens face even stricter requirements regarding their backing and issuance.

• Other entities. This group includes:

1. Offerors: Entities offering crypto-assets to the public, often on behalf of the issuer. Subject to similar transparency requirements as issuers
2. Persons seeking admission to trading: Entities seeking to list a crypto-asset on a trading platform. Subject to similar transparency requirements as issuers
3. Trading platforms for crypto-assets: Subject to requirements for orderly trading, transparency, and preventing market abuse.

• Protected parties:

1. Institutional investors. MiCA’s introduction of stringent investor protection measures affects institutional investors engaging in crypto asset trading or portfolio management. These regulations ensure that professional investors receive accurate, comprehensive information about the risks and financial characteristics of the assets they are investing in.
2. Retail investors. Retail investors benefit from enhanced consumer protection under MiCA. The regulation requires crypto-asset platforms to disclose all risks associated with trading, provide clear information on fees, and ensure that customer assets are securely held.

How to get authorization

To obtain a license as a CASP in Lithuania, companies must meet specific financial requirements. As of April 2024, the law in Lithuania mandates that entities intending to operate as a virtual currency exchange or deposit wallet provider must have and maintain an equity capital of at least EUR 125,000. Additionally, under the upcoming MiCA Regulation, CASPs must meet the following minimum capital requirements.

Crypto-Asset Service Providers (CASPs) are categorized into three classes based on the type of services they provide and their corresponding minimum capital requirements under Article 67(1), point (a):

• Class 1:
  CASPs authorized for the following crypto-asset services:
  • Execution of orders on behalf of clients
  • Placing of crypto-assets
  • Providing transfer services for crypto-assets on behalf of clients
  • Reception and transmission of orders for crypto-assets on behalf of clients
  • Providing advice on crypto-assets
  • Providing portfolio management on crypto-assets
    Minimum capital requirement: EUR 50,000
• Class 2:
  CASPs authorized for any of the services under Class 1 and:
  • Providing custody and administration of crypto-assets on behalf of clients
  • Exchange of crypto-assets for funds
  • Exchange of crypto-assets for other crypto-assets
    Minimum capital requirement: EUR 125,000
• Class 3:
  CASPs authorized for any of the services under Class 2 and:
  • Operation of a trading platform for crypto-assets
    Minimum capital requirement: EUR 150,000

These capital requirements are designed to ensure financial stability and consumer protection. Maintaining this capital level ensures that companies can manage operational risks and market fluctuations, safeguarding both their business and their customers’ assets.

Obtaining a license as a CASP in Lithuania involves several steps:

• Application submission. CASPs must submit a comprehensive application to the Bank of Lithuania. The application must include information about the company’s structure, key management personnel, and risk management framework. Detailed documentation regarding AML/CTF compliance, capital adequacy, and governance is also required.
• Capital and financial soundness. Applicants must demonstrate that they meet the capital requirements laid out by MiCA, ensuring that they have sufficient liquidity to operate in the crypto market. Capital adequacy is vital for protecting consumers and ensuring that companies can withstand market fluctuations.
• Governance and risk management. The applicant must prove that its governance structure is robust, with clear responsibilities for board members and management. A strong risk management system is required to identify and mitigate financial, operational, and cybersecurity risks.
• Regulatory review. The Bank of Lithuania assesses the applicant’s ability to comply with MiCA standards. This includes an in-depth review of its financial health, governance structures, and risk management capabilities.
• Approval. If the Bank of Lithuania is satisfied with the application, the company receives a license to operate as a CASP in Lithuania and across the EU.

Licensed CASPs must adhere to ongoing obligations to maintain compliant:

• Periodic reporting:
  • Financial reports: Submit annual audited financial statements.
  • Operational data: Provide regular updates on transaction volumes and customer activity.
• Transaction monitoring:
  • Real-time systems: Implement software to detect suspicious transactions.
  • Risk-based approach: Adjust monitoring based on customer risk profiles.
• Suspicious Activity Reporting (SAR):
  • Timely reporting: Submit SARs to the FCIS within 24 hours of detecting suspicious activities.
  • Relevant link: FCIS Reporting Guidelines
• Record Keeping:
  • Data retention: Keep records of all transactions, customer identification data, and SARs for at least five years.
  • Accessibility: Ensure records are readily available for regulatory inspections.
• AML and KYC processes:
  • Ongoing Due Diligence: Regularly update customer information and reassess risk levels.
  • Enhanced Due Diligence (EDD): Apply stricter checks for high-risk customers.
• Risk management frameworks:
  • Policy updates: Regularly review and update risk management policies.
  • Incident response: Establish procedures for handling security breaches or compliance violations.
• Training and awareness:
  • Employee education: Conduct regular training on AML/CTF obligations, compliance updates, and cybersecurity best practices.
• Compliance officer appointment:
  • Dedicated role: Assign a compliance officer responsible for overseeing adherence to all regulatory requirements.
• Consumer protection measures:
  • Asset segregation: Keep customer funds separate from company assets.
  • Transparency: Provide clear information on fees, risks, and terms of service.
• Cybersecurity and data protection:
  • Security protocols: Implement encryption, multi-factor authentication, and regular security assessments.
  • Data privacy: Comply with the EU’s General Data Protection Regulation (GDPR).

Other authorization requirements in accordance with MiCA

Authorization of issuers of asset-referenced tokens

Issuers of asset-referenced tokens established in the EU must obtain authorization from the competent authority in their jurisdiction before offering such tokens to the public or seeking their admission to trading within the EU. The authorization process also includes the approval of the relevant crypto-asset white paper, which should inform buyers about the characteristics and risks of the tokens. Credit institutions already authorized under Directive 2013/36/EU do not need to obtain another authorization under this regulation to offer or seek admission of asset-referenced tokens to trading. However, they still need to notify the competent authority and have their white paper approved.

Authorization of issuers of electronic money tokens

Issuers of electronic money tokens should be authorized either as a credit institution under Directive 2013/36/EU or as an electronic money institution under Directive 2009/110/EC. Issuers of electronic money should, unless specified otherwise in MiCA, comply with the relevant requirements set out in Directive 2009/110/EC for the taking up, pursuit and prudential supervision of the business of electronic money institutions and the requirements on issuance and redeemability of electronic money tokens. Additionally, issuers of electronic money tokens should draw up a crypto-asset white paper and notify it to their competent authority.

Authorization of issuers of other crypto assets

Issuers of crypto-assets, other than asset-referenced tokens or electronic money tokens, must be legal entities established in the EU and are required to draft a crypto-asset white paper. Exceptions exist for issuers of utility tokens, particularly when the offer involves tokens that grant access to a good or service that already exists or is operational. In such cases, the public offering may be exempt from certain authorization requirements. Additionally, utility tokens used exclusively within limited merchant networks may also be exempt from authorization.

AML requirements

Lithuania’s Anti-Money Laundering (AML) framework, based on the EU’s AML directives, requires crypto asset businesses to follow strict procedures to prevent financial crimes:

• Customer Due Diligence:
  CASPs and other obliged entities must verify customer identities and assess their risk profiles. KYC checks must be conducted before services are provided
• Transaction monitoring:
  Obliged entities must monitor transactions for unusual patterns and immediately report suspicious activities to the FCIS. This includes large, complex transactions or those involving high-risk jurisdictions​
• Suspicious Activity Reporting (SARs):
  Obliged entities are required to submit SARs within 24 hours of detecting potential money laundering or other illegal activities. Failure to report can result in penalties, including fines​
• Record-keeping:
  Obliged entities must retain records of customer data and transactions for at least five years. These records must be available to regulators for audits and investigations.

Travel Rule

Along with MiCA Regulation, the Transfer of Funds (TFR) Regulation was adopted in Lithuania, taking significant steps to implement the Travel Rule related to virtual assets, in line with FATF Recommendations aimed at combating money laundering and terrorist financing. This rule requires CASPs to collect data on the originator and beneficiary of transfers, verify this information, and share it with counterparties to manage risks in crypto-asset transfers for transactions exceeding EUR 1,000. The required data includes the names and account details of both the originator and the beneficiary, as part of a broader effort to increase transparency in financial transactions. It also necessitates adapting CASPs’ systems to comply with information requirements, ensure secure data transmission, and report suspicious transactions to Financial Intelligence Units (FIUs).

To ensure compliance with the Travel Rule, Lithuanian CASPs must register with the FCIS and maintain strict AML and KYC procedures. This is crucial for both domestic and cross-border transactions, ensuring that Lithuania follows international standards outlined by FATF. CASPs that fail to adhere to these regulations face potential penalties. The full set of AML obligations for Lithuanian financial market participants is outlined in the Bank of Lithuania’s guidelines.

Suggested read: What is the FATF Travel Rule? The Ultimate Guide to Compliance (2024)

New opportunities for crypto entities in Lithuania

With the adoption of the MiCA regulation across the European Union, Lithuania presents significant opportunities for crypto entities. As one of the more crypto-friendly nations in the EU, Lithuania already has a well-developed regulatory framework for digital assets, offering a favorable environment for crypto businesses. 

MiCA harmonizes regulations across the EU, meaning that crypto entities established in Lithuania can access the entire EU market of over 450 million people under a single set of rules, eliminating the need to navigate disparate national regulations. This regulatory clarity is likely to attract more startups, institutional players, and fintech companies to the country. Beyond transaction value, the opportunities include growing demand for services like asset tokenization, DeFi, and crypto-enabled financial products. Lithuania’s tech-savvy workforce, relatively low operational costs, and established financial sector also make it an attractive hub for crypto innovation, allowing businesses to scale quickly and seamlessly within the broader EU market.

Conclusion

Lithuania’s adoption of comprehensive crypto-asset regulations positions it as a forward-thinking jurisdiction within the EU. Its alignment with MiCA and implementation of stringent national laws provide clarity and security for both businesses and consumers. As the crypto market in Lithuania continues to grow—projected to grow at a rate of 4.73% from 2024 to 2028, reaching an estimated revenue of $31.64 million by 2028—it is crucial for CASPs to navigate the regulatory landscape diligently.

For CASPs, partnering with professional verification providers can streamline compliance efforts, especially in complex areas. These collaborations not only ensure regulatory adherence but also enhance operational efficiency and customer trust. By embracing these regulations and leveraging expert support, CASPs can help build a sustainable and secure crypto ecosystem in Lithuania, fostering innovation while safeguarding against financial crimes.