Lithuania - The Frontier of the EU Cryptocurrency Industry
Against the backdrop of the global cryptocurrency regulatory framework taking shape, Lithuania is becoming an important hub for the European cryptocurrency industry with its forward-thinking regulatory mindset and efficient compliance system. As one of the first EU member states to establish a legal framework for cryptocurrencies, Lithuania has built a 'technology-friendly' regulatory environment that meets the compliance requirements of the EU single market while providing a clear development path for innovative companies.
(1) First-Mover Advantage of the Regulatory Framework
Lithuania's regulatory advantages are primarily reflected in the forward-looking nature of its legislation. Even before the official implementation of the EU's (Regulation on Crypto-Asset Markets) (MiCA), the country had established a dual-track licensing system for virtual currency trading platforms (VCESP) and wallet service providers (VCWSP).
This system not only provides companies with clear business boundaries but also constructs a relatively mature risk prevention and control mechanism through deep integration with AML/CFT (Anti-Money Laundering/Counter-Terrorism Financing) rules. With the full rollout of MiCA in 2025, Lithuania quickly aligns its domestic regulations with the EU unified framework, forming a 'dual compliance guarantee' - companies obtaining Lithuanian local licenses can freely conduct business in 27 member states under the EU 'passport principle,' significantly reducing the legal costs of cross-border operations.
(2) Efficient Market Access Mechanism
Compared to traditional financial regulatory jurisdictions, Lithuania's license application process shows significant efficiency advantages. According to Mankun Law Firm's practical experience, the entire process from company registration to license approval can be completed within 3-6 months.
This efficiency is attributed to the Lithuanian government’s supportive attitude towards the fintech industry: the country has established a dedicated digital government platform that allows companies to submit application materials online and connect with regulatory authorities such as the Bank of Lithuania and the Financial Crime Investigation Bureau through a 'single window.'
It is worth noting that if companies complete the compliance system construction in advance (e.g., designing AML/CFT processes, building risk management systems), the approval cycle can be further shortened to 2-4 months.
(3) Optimization Potential for Compliance Costs
In terms of financial compliance, Lithuania has set flexible capital requirements. According to the new regulations after the implementation of MiCA, the minimum registered capital for enterprises is divided into three tiers based on business type: cryptocurrency consulting service companies only need €50,000, custodial wallet and deposit/withdrawal service providers need €125,000, while those involved in cryptocurrency trading platforms need €150,000.
Additionally, Lithuania's tax policy is also attractive: the corporate income tax rate is 15%, and undistributed profits are exempt from additional taxation.
Types and Applicable Scenarios of Lithuanian Cryptocurrency Licenses
MiCA Unified License System (to be implemented from January 2025)
With the rollout of the EU-level regulatory framework, Lithuania will implement MiCA-compatible licenses starting in 2025, consolidating the previous two types of licenses into a 'Cryptocurrency Asset Service Provider (CASP)' license, covering the following four major business categories:
1. Cryptocurrency Trading Services: Including compliance framework design for centralized exchanges (CEX) and decentralized exchanges (DEX), but the regulatory classification of DEX still needs to be determined based on the actual control party of the smart contract.
2. Cryptocurrency Custody and Management: Expand to institutional-level custody services, such as providing cryptocurrency asset custody and valuation accounting for fund companies.
3. Investment Consulting and Information Services: Including market analysis reports, investment strategy recommendations, etc., but it is essential to strictly differentiate between 'general information' and 'personalized investment advice,' the latter requiring additional investment consulting licenses.
4. Payment and Settlement Services: Allow licensed institutions to act as payment gateways, connecting cryptocurrencies with traditional financial systems, such as developing cross-border cryptocurrency payment solutions.
Core Compliance Requirements for Applying for a Lithuanian Cryptocurrency License
(1) Legal Framework Establishment
1. Registration of Company Entity
All applicants must establish a limited liability company (UAB) in Lithuania, and the registration process must be submitted online through the Lithuanian Centre for Registers. Core documents include: company articles of association (which must specify business scope and shareholding structure), identification proof of shareholders (natural persons must provide notarized passports, legal persons must provide registration certificates), proof of registered address.
The registration cycle usually takes 10-15 working days, and name approval must be checked in advance through the 'Company Name Pre-Check System'.
2. Eligibility Review of Shareholders and Management
The Bank of Lithuania requires background checks on the company's actual controllers (beneficial owners) and core management, focusing on content such as:
No financial crime record (proof of no criminal record issued by the police in the place of residence is required)
Possess at least 3 years of compliance experience in the financial or technology industry (management must submit resumes and qualification certificates)
The source of shareholder funds is legal (documents such as bank statements and asset proofs are required)
For foreign-funded enterprises, foreign shareholders holding more than 25% must additionally submit a compliance declaration from the parent company, explaining their regulatory status in the place of registration.
(2) Financial and Capital Requirements
As mentioned earlier, after the implementation of MiCA, registered capital is divided into three tiers of €50,000, €125,000, and €150,000, and companies must provide a bank-issued proof of fund freezing at the time of application. Notably, this capital must remain 'continuously sufficient,' meaning that if the net assets fall below 80% of the registered capital, the deficit must be made up within 30 days.
Mankun Law Firm recommends that companies establish dedicated compliance accounts to ensure traceability of capital flow. In addition to registered capital, companies need to reserve an annual compliance budget, mainly including: procurement of AML/KYC systems, regular audit costs, employee training and certification, and license renewal fees.
(3) Construction of Operational Compliance System
1. Design of AML/CFT/Sanctions Compliance System
This is a core aspect regulated by Lithuania, and companies need to establish the following prevention and control system:
Customer Access Layer: Implement multi-factor authentication (e.g., biometrics + document OCR), and apply enhanced due diligence (EDD) on high-risk customers.
Transaction Monitoring Layer: Deploy a real-time transaction monitoring system, set single transaction limits (e.g., triggering manual review if over €10,000), and automatically flag unusual transaction patterns (e.g., high-frequency transfers within a short period).
Reporting and Archiving Layer: Establish a Suspicious Transaction Reporting (STR) mechanism, report to the Lithuanian Financial Crime Investigation Bureau within 3 working hours, and retain transaction records for at least 5 years.
Sanctions Compliance: Implement measures such as name screening and transaction review to prevent risks of international sanctions.
2. Risk Management System
According to MiCA requirements, companies must develop a Risk Assessment and Control Manual, covering:
Market Risk: Establish a circuit breaker mechanism for cryptocurrency price fluctuations;
Credit Risk: Implement quota management for market makers and liquidity providers, setting default stop-loss thresholds
Operational Risk: Establish a disaster recovery system and conduct regular penetration testing.
Additionally, companies involved in custodial services must purchase professional liability insurance with a coverage of no less than €1 million.
3. Data Protection and GDPR Compliance
As an EU member state, Lithuania strictly implements the General Data Protection Regulation (GDPR), and companies must:
Appoint a dedicated Data Protection Officer (DPO), who must have experience in data security management and must not hold any other positions that may create conflicts of interest
Implement data classification management, categorizing customer private keys and transaction records as 'special category data,' using encryption storage (AES-256 standard) and access controls (principle of least privilege)
Establish a data breach response mechanism, reporting to the Lithuanian Data Protection Authority within 72 hours and notifying affected users.
Analysis of the Full Process of License Application
Phase One: Preparation and Planning (4-6 weeks)
1. Preparation of Business Plan
Must include the following core content:
Business Model Description (Technical Architecture, Profit Model, Target Customer Profile)
Market Analysis (EU Cryptocurrency Market Size, Competitive Landscape, Lithuanian Localization Strategy)
Overview of Compliance Framework (AML/KYC Process Flowchart, Summary of Risk Management Systems);
Financial Forecast (revenue, cost, and capital expenditure plans for the next three years, to be audited by a registered accountant)
2. Compliance Pre-Evaluation
Identify potential issues in advance through simulated regulatory reviews:
Whether the shareholder structure has compliance flaws (e.g., anonymous shareholding, multi-layer nested structures);
Whether the technical system meets regulatory interface requirements (e.g., reserving APIs for data integration with the Bank of Lithuania)
Is the team configuration in place (e.g., is there a compliance officer, AML officer, DPO)?
Phase Two: Company Establishment and Bank Account Opening (2-3 weeks)
1. Register UAB Company
Submit the application through Lithuania's e-government platform 'E-Register,' uploading notarized company articles (bilingual version, primarily in Lithuanian) and shareholder signature samples. Upon successful registration, obtain the company registration number (LEI code) and VAT number.
2. Bank Account Opening
It is recommended to choose local Lithuanian banks (e.g., Swedbank, SEB Bank), which require:
Company Registration Documents
KYC Information of Shareholders and Management
Summary of Business Plan
Appointment Letter of Compliance Officer
Due to the unique nature of the cryptocurrency industry, banks may require companies to provide additional guarantees (e.g., 20% of the registered capital as a deposit), and Mankun Law Firm can assist in connecting with partner banks to optimize the account opening process.
Phase Three: License Application and Review (8-12 weeks)
1. Submit Application Materials
Submit through the 'Financial License Application Portal' on the Bank of Lithuania's official website, core documents include:
Completed application form (including business scope, technical plan, risk mitigation measures, and other attachments)
Audited financial statements (companies established for less than a year must provide a capital verification report)
Compliance System Documents (AML/KYC manuals, risk management systems, data protection policies, etc., required in Lithuanian version)
Management Commitment Letter (commitment to comply with EU and Lithuanian regulatory requirements and assume compliance responsibilities)
2. Regulatory Inquiries and Supplementary Materials
During the review period, the Bank of Lithuania may initiate inquiries on the following issues:
Customer Fund Custody Model (whether to use third-party trust institutions, details of asset segregation measures)
Algorithm Trading Rules (whether it involves market manipulation risks, order matching mechanism description)
Cross-Border Business Plans (how to ensure compliance operations in other EU member states)
Phase Four: Continuous Compliance and License Maintenance
1. Annual Compliance Report
Submit to the Bank of Lithuania by January 31 each year, including:
Business Operation Status (number of users, transaction volume, main product iterations)
Summary of Risk Events (e.g., data breaches, results of handling suspicious transactions)
Financial Condition Statement (Balance Sheet, Compliance Cost Proportion Analysis)
2. Reporting of Significant Matters
In the following situations, reports must be made to the regulatory agency within 10 working days:
Changes in shareholding structure (single shareholder holding more than 10% or exit)
Core System Upgrades (e.g., changing KYC service providers, reconstructing trading engines)
Expansion of Business Scope (new derivative trading, cross-border payment services, etc.)
3. Employee Compliance Training
Establish an annual training plan to ensure all employees (especially customer service and technical teams) are familiar with:
Latest AML/CFT Rules (e.g., content of EU's 6th Anti-Money Laundering Directive amendments)
Customer Complaint Handling Process (must comply with Lithuanian Consumer Protection Law)
Data Security Operating Standards (e.g., prohibiting the transmission of customer sensitive information via personal email)
Potential Challenges and Response Strategies
(1) Language and Cultural Barriers
Lithuanian official documents are in Lithuanian, and all application materials must be certified by a sworn translator. Additionally, there may be terminology understanding differences in regulatory communication (e.g., the legal definition of 'non-custodial wallet' in Lithuanian).
Mankun Solutions: Form a bilingual compliance team equipped with local lawyers proficient in Lithuanian legal terminology, adopting a 'Translation + Legal Review' dual-track system to ensure document accuracy; develop a regulatory terminology reference manual and regularly update the industry-specific vocabulary database.
(2) Complex Multi-Level Regulation
Companies must comply with Lithuanian domestic laws (such as the Virtual Currency Service Provider Law), EU regulations (MiCA, GDPR), and international standards (FATF Travel Rules). The compliance system must possess dynamic adaptation capabilities. For example, the 'cross-border transaction customer information transmission' rule required by FATF must integrate with the reporting system of the Bank of Lithuania.
Mankun Solutions: Build a 'Regulatory Mapping Matrix' that corresponds different levels of compliance requirements to specific business processes.
(3) Qualifications Requirements for AML Officers
According to Lithuanian regulations, AML compliance officers must be residents of the country and have at least 5 years of financial compliance experience, familiar with MiCA and AML-D6 directives. This has led to a supply-demand imbalance for qualified personnel, especially for foreign enterprises facing competitive pressure when hiring locally.
Mankun Solutions: Utilize a global talent network to assist companies in recruiting local talents with EU compliance qualifications; provide 'Compliance Officer Outsourcing Services' to meet transitional needs.
Mankun Law Firm - Your Professional Partner in the Lithuanian Compliance Journey
As a legal service organization deeply engaged in the global web3 compliance field, Mankun Law Firm has developed a 'full-cycle compliance solution' tailored to the regulatory characteristics of Lithuania, helping enterprises achieve seamless integration from market access to sustainable operation:
(1) Customized License Application Services
1. Preliminary Diagnosis: Identify potential risk points through compliance questionnaires and technical architecture audits, and develop a 'defect repair roadmap.'
2. Material Preparation: Draft documents led by local Lithuanian lawyers to ensure compliance with regulatory language habits and formatting requirements.
3. Regulatory Communication: Establish dedicated communication channels to provide real-time feedback on review progress and efficiently handle regulatory inquiries.
(2) Development of Localized Compliance System
1. System Design: Customize AML/KYC manuals, risk management systems, data protection policies, and other core documents based on the company's business model.
2. System Integration: Assist in connecting to the compliance technology platform designated by the Bank of Lithuania to achieve automatic reporting of transaction data and risk monitoring.
3. Team Empowerment: Provide localized compliance training, assist in recruiting or dispatching compliance officers, DPOs, and other key personnel.
Conclusion: Unlocking Innovation Potential Within a Compliance Framework
Applying for a Lithuanian cryptocurrency license is not only a regulatory compliance practice but also an important opportunity for companies to integrate into the global compliant financial system. Despite challenges such as language barriers and multi-tiered regulation, its advantages as the EU's 'regulatory innovation testing ground' offer cryptocurrency enterprises a rare development window. Mankun Law Firm firmly believes that compliance is not a constraint but a protector of innovation - through professional legal framework design and continuous compliance operation, companies can build a cryptocurrency business ecosystem in Lithuania that is both safe and competitive, enabling them to respond calmly to global regulatory changes and embark on a new journey of sustainable development.
Appendix: Frequently Asked Questions
Q1: Is it necessary to apply for a license to conduct cryptocurrency business in Lithuania?
Yes. According to Lithuanian (Virtual Currency Service Provider Law) and MiCA regulations, any enterprise engaged in cryptocurrency trading, custody, consulting, and other services must obtain the relevant license. Applications for the old version of the VCESP/VCWSP license can be submitted before May 31, 2025; afterwards, the CASP license under the MiCA framework will apply uniformly.
Q2: Can non-EU companies apply for a Lithuanian cryptocurrency license?
Yes. Lithuania allows 100% foreign ownership, but additional eligibility checks on foreign shareholders are required, including assessments of the regulatory status in their place of registration and proof of legal sources of funds. Mankun Law Firm can assist in preparing cross-border compliance documents to ensure compliance with EU 'equivalent regulation' requirements.
Q3: How does Lithuania tax cryptocurrency transactions?
At the enterprise level, income related to cryptocurrencies (such as transaction fees and custodial service fees) is subject to a 15% corporate income tax; at the individual level, the portion of profit from a single transaction exceeding €1,500 is subject to a 15% capital gains tax.
Q4: What are the common reasons for license application rejection?
Common reasons include: shareholders or management having financial crime records; registered capital not being fully paid up as required; significant defects in compliance system documents (e.g., incomplete AML processes); technical systems unable to meet regulatory data integration requirements. Mankun Law Firm's pre-evaluation service can effectively reduce such risks.
Q5: After obtaining a Lithuanian license, can business be conducted in other EU countries?
Yes. According to the EU's 'Financial Services Passport' principle, companies holding a Lithuanian CASP license can establish branches or provide services remotely in any member state without reapplying for a license, but must file with the Lithuanian regulatory authority. Mankun Law Firm can assist with cross-border filing procedures to ensure compliance with local requirements in the target country.
/ END.
Authors: Shao Jiadian, Huang Wenjing
