Folio 05 · Insights · Article

Feb 24, 2026

Lithuania EMI in 2026: lead times, capital and conduct rules

The Bank of Lithuania remains a practical EU EMI route — but the bar has moved. Updated guidance on substance requirements, key function holders, and the timeline you should actually plan around.

Editorial illustration for Lithuania EMI in 2026: lead times, capital and conduct rules

Lithuania can still be a practical EMI jurisdiction, but applicants should treat substance, governance, safeguarding, and operational readiness as core filing issues rather than post-authorisation cleanup. The Bank of Lithuania built the EU's largest EMI cluster by being fast and accessible; it keeps its standing now by being demanding. The route works — for applicants who plan around what the supervisor has become, not what it used to be. This is the updated picture: where the bar has moved, what the file costs in capital and people, the lead times to actually plan around, and the conduct relationship after authorisation.

Why Lithuania still earns its place

Three structural advantages survive the tightening:

  • CENTROlink. The Bank of Lithuania's payment system gives licensed institutions direct access to SEPA — credit transfers and instant payments — without renting access through a commercial bank's correspondent stack. For a payments business, owning the rail access rather than borrowing it is a margin and resilience decision, and it remains the single strongest practical argument for the jurisdiction.
  • A supervisor that knows payments. The Bank of Lithuania has processed more EMI and PI files than almost any EU authority. Expectations are published, question letters are specific, and the institution's experience shows in the quality of the dialogue — demanding, but legible.
  • An ecosystem. Vilnius has the lawyers, auditors, compliance professionals, and second-hand operational knowledge that come from hosting dozens of licensed institutions. Hiring a Lithuanian MLRO with real EMI experience is a recruitment exercise, not a miracle.

The advantage that did not survive: speed through leniency. The licence is no longer fast because the bar is low; when it is fast, it is because the file was complete.

Where the bar has moved

Three shifts define the current filing climate:

  • Substance first. The era of remote-run EMIs is over. The Bank of Lithuania expects management genuinely working from Lithuania, key function holders with real local presence, and decision-making that happens where the licence lives. A Lithuanian UAB with a Vilnius office and a foreign management team on video calls is precisely the pattern the supervisor now filters for.
  • Governance depth. Boards need members who can each pass a fit-and-proper assessment on their own merits — including genuine independent challenge, not founder allies with titles. Key function holders — compliance, AML, risk — are interviewed individually, and a weak interview can stall an otherwise solid file for months.
  • Conduct history matters. The supervisor has revoked licences, fined publicly, and forced wind-downs. Applicants connected to previously sanctioned ventures should expect the history to be raised and should raise it first, with the remediation narrative attached.

Capital and the financial file

The initial capital requirement remains €350,000 for a full EMI, paid in and evidenced. Ongoing own funds track the e-money float — the standard 2% method on average outstanding e-money — plus the payment-services component where applicable. The Bank of Lithuania reads the financial projections critically:

  • Capital must visibly survive the downside case, not just the plan. Build the stress case into the model rather than waiting to be asked for it.
  • The funding source for future top-ups must be identified, and the funder's capacity demonstrated. A shareholder letter of support carries weight only when the shareholder's own accounts can carry the promise.
  • Unit economics are read for coherence: a plan that only reaches break-even at volumes the AML staffing could not monitor is a finding, not a projection.

Safeguarding, contractual at filing

Safeguarding arrangements must be contractual at filing, not "in discussion". A named credit institution, the account structure, and the daily reconciliation procedure belong in the application. Two Lithuanian specifics worth knowing: safeguarding via the central bank's own infrastructure is part of the local model for many institutions, which simplifies one of the hardest dependencies elsewhere; and the supervisor examines reconciliation operationally in the early years — the procedure described in the file will be tested against practice.

The people the file stands on

Plan the hiring before the filing:

  • Management board members resident or genuinely present in Lithuania, individually interview-ready on strategy, financials, and controls.
  • An MLRO with Lithuanian or comparable EU experience, hired before submission — their fingerprints on the AML programme are visible to an experienced reader.
  • Compliance and risk ownership separated from operations, scaled to the plan rather than to the seed budget.
  • A board calendar, committee structure, and reporting pack that exist on paper at filing and in practice at first inspection.

The recruitment reality: the Vilnius market has the talent, and competitors know it too. Budget senior compliance salaries at Western European levels and start the searches at project kickoff — the MLRO hire is on the critical path more often than the legal drafting is.

Lead times you should actually plan around

The statutory assessment period — three months to a decision — only starts when the application is accepted as complete, and completeness review is where optimistic timelines die. Realistic planning for a well-prepared applicant:

  • Two to four months building the file: business plan, policies, governance recruitment, safeguarding agreement, IT and security documentation.
  • One to three months of completeness dialogue before the statutory clock starts in earnest.
  • Three to six months of substantive assessment, including at least one substantial question round and the key-person interviews.
  • A six-to-nine-month end-to-end path is a good outcome; twelve months is not a failure, it is the median for files that arrive with gaps.

The fastest applicants share one habit: they answer the first question letter completely and quickly. Response latency is the variable the applicant controls, and the supervisor notices it the way any counterparty notices reliability.

Conduct expectations after authorisation

Authorisation in Lithuania starts a supervisory relationship with real cadence:

  • Periodic regulatory reporting on capital, float, safeguarding, and activity — read, not archived.
  • AML inspections in the first operating years as a planning assumption, not a risk.
  • Safeguarding audits and reconciliation walkthroughs.
  • Attention to drift: new products, new corridors, new outsourcing, and material deviations from the authorised business plan need notification or approval, and the reporting data reveals unannounced changes on its own.

The enforcement record — revocations and public fines across the sector's recent years — is best read as a published curriculum of what the supervisor checks: safeguarding discipline, AML programme reality, governance that functions, and honesty in the regulatory relationship. None of it is exotic; all of it is enforced.

Common mistakes in Lithuanian files

  • Filing with governance recruitment "in progress" — the interviews cannot happen, so the clock cannot run.
  • Safeguarding as an intention rather than a contract.
  • Projections tuned for investors rather than supervisors — growth curves without the control costs that growth implies.
  • Treating the completeness round as bureaucracy rather than the actual first assessment.
  • Underestimating the post-authorisation reporting load in the operating budget.

CENTROlink in practice

Direct SEPA access deserves its own planning chapter, because it changes both the economics and the obligations:

  • What it buys: SEPA credit transfers and instant payments cleared through the central bank's infrastructure without a commercial correspondent in the middle — lower per-payment economics, no correspondent's risk appetite to manage, and resilience that does not depend on another institution's strategy meeting.
  • What it requires: technical onboarding with its own project timeline (message formats, testing cycles, operational procedures), participation requirements maintained continuously, and the operational maturity to run payment operations against central-bank service windows.
  • What it does not replace: a commercial banking relationship is still needed for the institution's own funds, FX beyond the euro, and services CENTROlink does not provide. The stack is complementary, not either-or.
  • The strategic read: institutions that built their flows around CENTROlink describe it as the reason Lithuania remains worth the hardened supervision. Price the access into the jurisdiction comparison explicitly — it is the line that usually decides it.

The application file, section by section

The Bank of Lithuania's question letters trace a consistent reading order:

  • Programme of operations: each service mapped to systems, partners, and volumes — with the e-money lifecycle (issuance, distribution, redemption) described operationally.
  • Business plan and financials: three years, base and downside, the 2% own-funds calculation shown against the float curve, top-up funding evidenced.
  • Safeguarding chapter: the contractual arrangement, account structure, reconciliation procedure, and breach escalation.
  • Governance: board and key-holder files ready for individual interviews, the committee structure, and the MI that reaches the board.
  • AML/CFT: risk assessment tuned to the actual corridors and client base, tooling named, staffing scaled to projected volumes, the MLRO's authorship visible.
  • ICT and security: architecture, outsourcing map with exit plans, incident procedures, business continuity with tested recovery objectives.
  • Internal control: compliance monitoring plan, internal audit arrangement, and the three-lines model as it will actually operate.

The completeness review reads for presence; the substantive review reads for reconciliation. The file that names the same volumes, the same headcount, and the same float curve in every chapter is the file that moves.

Budgeting the project honestly

  • One-off: the €350,000 capital (held, not spent), advisory and drafting, recruitment fees for the key holders, office setup, and the CENTROlink technical onboarding.
  • Standing from before authorisation: the management and compliance payroll — Vilnius senior compliance salaries at Western European levels — office, tooling (screening, monitoring, reporting), and audit arrangements.
  • Standing after authorisation: supervision fees, reporting operations, annual audits including safeguarding attention, and the compliance function's growth tracking the float.
  • The line founders forget: the cost of time. Each month of assessment is a month of payroll without revenue; the cheapest acceleration available is file quality and response speed, which cost discipline rather than money.

As a planning envelope, teams that budget the licence project at the capital figure alone discover during assessment that the organisation around it costs as much again in the first year. Teams that budget the organisation treat the assessment as the predictable phase it can be.

PI or EMI in Lithuania: the same desk, a different file

The Bank of Lithuania processes payment institution applications through the same machinery, and the choice tracks the same test as everywhere in the EU: transit-only flows fit a PI at €125,000 initial capital and a lighter file; stored client balances need the EMI at €350,000 with the safeguarding architecture described above. Two local notes: CENTROlink access is available to licensed PIs as well, which makes the Lithuanian PI unusually attractive for pure payments models; and the supervisor applies the same substance and governance expectations to both licences — the PI saves capital and the float machinery, not the organisational bar.

Questions applicants ask

Is Lithuania still faster than Ireland or the Netherlands?

For a complete file, usually — the supervisor's process experience shows. For an incomplete file, no jurisdiction is fast, and Lithuania's completeness review is exactly where thin files stall.

Do we really need to relocate management?

The decision-making core, yes. The pattern that clears: genuine executive presence in Vilnius with group functions abroad. The pattern that stalls: local nominees fronting a foreign management loop.

Can we passport immediately after authorisation?

Passporting notifications follow authorisation and process on regulatory timelines measured in weeks. Build them into the launch plan per target market rather than assuming day-one EEA coverage.

Is the SEMI route worth it first?

A small e-money licence trades lighter requirements for hard ceilings and no passport. For products testing demand it can make sense; for anything with traction, it usually means running the full authorisation project later anyway, with the migration on top.

Plan the substance before the filing, recruit the key holders before the interviews, sign the safeguarding bank before the submission — and the lead time becomes the predictable part of the project. Lithuania rewards exactly that kind of applicant, which is the politest way the supervisor has of saying it no longer rewards any other kind.

Compare current EMI routes

No live Lithuanian EMI file is listed right now. Use the EMI hub or brief SKY7 for current availability before relying on a ready-made route.

Editorial disclaimer

This article is general information only and is not legal, regulatory, tax, investment, or financial advice.

Need this guide turned into a decision?

Send SKY7 the product model, customer geography and launch timing. You get a route memo back: two or three workable jurisdictions, the capital and timeline for each, and which file we would open first.

Sofia Reinholt

Sofia Reinholt covers EU electronic money and payment institution authorisations for SKY7, including EMI, PI, API and SPI perimeter questions. Her work focuses on substance, safeguarding, own-funds, conduct controls, outsourcing and the practical evidence a buyer needs before relying on a seller-provided licence file. Sofia compares ready-made opportunities with new-authorisation timelines, separates EEA passporting from local permissions, and flags when a headline claim needs regulator, bank or scheme confirmation. Her articles are written for founders, acquisition teams and regulated operators that need a sober view of what can transfer, what must be notified, and which operating assumptions should be tested before signing or submitting a change-of-control package.