Lithuania | VASP License & MiCA Transition 2025

Overview

Lithuania has been one of Europe’s most practical jurisdictions for crypto market entry, known for a structured registration model and an operationally realistic compliance approach. Oversight sits with the Financial Crime Investigation Service (FCIS / FNTT) under the Ministry of Interior, with relevant coordination touchpoints across national registries and financial-sector governance. In 2025–2026, Lithuanian VASPs are expected to transition toward MiCA CASP authorization as EU-wide harmonization becomes fully effective.

Regulatory Snapshot

• Typical structure: Registration for crypto exchange and/or custodial wallet services (service perimeter must be declared)
• Primary AML supervisor: FCIS / FNTT
• Legal tender: Crypto is not legal tender
• Operational reality: Bankability and sustainability depend heavily on AML maturity and governance substance
• Planning range: Often ~2–4 months end-to-end (formation → compliance build → registration → banking), depending on account opening timelines

Why Lithuania Stands Out

Lithuania’s value proposition historically came from a balance of speed and supervisory seriousness. The jurisdiction is frequently used by EU-focused teams that want a credible compliance posture without the long timelines and heavier operational burden seen in more complex regimes. The two recurring friction points are: (1) banking timelines, and (2) demonstrating real AML capability (not just documentation).

Regulatory Overview

• Legal base: Lithuanian AML/CFT framework implementing EU AML directives (and related corporate disclosure rules)
• Scope: Exchange services, custody/wallet services, and related client-facing crypto services within the declared perimeter
• Approach: AML-first supervisory posture; governance and documentation quality materially influence speed
• MiCA readiness: National expectations have been trending toward MiCA-style governance, safeguarding, and ICT discipline

Licensing Process (Step-by-Step – Practical)

Stage 1 — Company Incorporation (≈ 1–2 weeks)

• Form a Lithuanian company (commonly UAB)
• Prepare UBO/shareholder documentation, director KYC, and a clear activity description
• Draft the first-pass compliance pack (risk assessment, AML policy, onboarding, monitoring)

Stage 2 — Compliance Build (≈ 2–6 weeks)

• Finalize AML/CFT framework (KYC/KYB, risk scoring, monitoring, sanctions, escalation)
• Define safeguarding model (especially for custody/wallet operations)
• Set operational procedures: complaints, incident response, outsourcing, recordkeeping
• Assign responsible persons (compliance/MLRO function, risk, and operational owners)

Stage 3 — Registration & Supervisor Engagement (≈ 4–10+ weeks)

• Submit to the relevant register / authority workflow
• Handle requests for information (RFIs) and evidence-based clarifications
• Registration completion subject to file quality and declared scope

Stage 4 — Banking & Payments Rails (variable)

• Open corporate account (bank or EMI) based on risk profile and business model
• Finalize fiat rails strategy (EMI sponsorship vs own EMI license path)

Total planning range: ~2–4 months with a well-prepared file; longer if banking onboarding drags or if the service perimeter triggers deeper scrutiny.

License / Service Types (Common Perimeters)

• Exchange services: crypto↔fiat and/or crypto↔crypto exchange within the registered perimeter
• Custody / wallet services: safeguarding and administration of crypto-assets or private keys for clients
• Related services: transfers and brokerage-like execution services depending on declared scope and local interpretation

Core Requirements (What Supervisors Typically Expect)

• Clear governance: accountable management and defined control functions
• AML capability evidenced by:
  • Risk assessment methodology (products, customers, geographies, channels)
  • Monitoring approach (rules, thresholds, escalation, case management)
  • Sanctions screening and adverse media workflow
  • Reporting processes and recordkeeping discipline
• Safeguarding/segregation model for client assets (especially custody)
• Operational controls: complaints, incident response, outsourcing oversight, training

Taxation (High-Level)

• Corporate tax: commonly referenced at 15% (subject to reliefs and qualifying SME/startup regimes)
• VAT: crypto exchange services are commonly treated as VAT-exempt in line with EU practice
• Dividends / WHT: subject to domestic rules and treaty reliefs

Penalties & Enforcement (General)

• Supervisory remediation orders for control weaknesses
• Administrative penalties for AML failures and misleading disclosures
• Suspension or revocation risk for repeated or material breaches
• Public enforcement disclosures depending on case severity

MiCA Transition (2025–2026)

MiCA will consolidate crypto service authorizations into an EU-wide CASP regime. For Lithuania, this means VASPs should plan for MiCA-grade upgrades: clearer service mapping, own-funds requirements (often referenced at €50k / €125k / €150k by CASP class), stronger safeguarding and disclosure standards, and expanded ICT governance (incident management, outsourcing controls, resilience testing). Teams that build these controls during the VASP phase will treat the MiCA transition as an upgrade path rather than a re-platform.

CryptoWisely.io Comment

Disclaimer: Informational only and not legal advice. Always verify the latest FCIS/FNTT guidance and EU MiCA transition rules before proceeding.