Lithuania CASP License 2025 Application Guide

Compliance is not a constraint, but the escort of innovation!

Authors: Shao Jia-io, Huang Wen-jing

Lithuania - the frontier of the EU cryptocurrency industry

As the global cryptocurrency regulatory framework is accelerating, Lithuania is becoming an important hub for the European cryptocurrency industry with its forward-looking regulatory thinking and efficient compliance system. As one of the earliest EU member states to establish a cryptocurrency legal framework, Lithuania has built a "technology-friendly" regulatory environment, which not only meets the compliance requirements of the EU single market, but also provides a clear development path for innovative companies.

1. First-mover advantage of regulatory framework

Lithuania's regulatory advantage is first reflected in its forward-looking legislation. Long before the EU's Markets in Crypto-Assets Regulation (MiCA) was officially implemented, the country had established a dual-track licensing system for virtual currency trading platforms (VCESP) and wallet service providers (VCWSP).

This system not only provides enterprises with clear business boundaries, but also builds a relatively mature risk prevention and control mechanism through deep integration with AML/CFT (anti-money laundering/counter-terrorist financing) rules. With the full implementation of MiCA in 2025, Lithuania quickly connected domestic regulations with the EU unified framework to form a "double compliance guarantee" - while obtaining a local license in Lithuania, enterprises can freely conduct business in 27 member states based on the EU's "passport principle", greatly reducing the legal costs of cross-border operations.

2. Efficient market access mechanism

Compared with traditional financial regulatory jurisdictions, Lithuania’s license application process has shown significant efficiency advantages. According to Mankiw’s practical experience, the entire process from company registration to license approval can be completed within 3-6 months.

This efficiency is due to the Lithuanian government's support for the fintech industry: the country has established a dedicated digital government platform that allows companies to submit application materials online and connect with regulatory agencies such as the Bank of Lithuania and the Financial Crimes Investigation Bureau through a "single window".

It is worth noting that if the company completes the construction of the compliance system in advance (such as AML/CFT process design and risk management system establishment), the approval cycle can be further shortened to 2-4 months.

3. Room for Optimization of Compliance Costs

In terms of financial compliance, Lithuania has set flexible capital requirements. According to the new regulations after the implementation of MiCA, the minimum registered capital of enterprises is divided into three tiers according to the type of business: crypto consulting service companies only need 50,000 euros, custodial wallet and deposit and withdrawal service providers need 125,000 euros, and cryptocurrency trading platforms need 150,000 euros.

In addition, Lithuania's tax policy is also attractive: the corporate income tax rate is 15%, and there is no additional tax on undistributed profits.

Types and applicable scenarios of Lithuanian cryptocurrency licenses

MiCA unified licensing system (implemented from January 2025)

With the implementation of the EU-level regulatory framework, Lithuania has implemented MiCA-compatible licenses since 2025, integrating the original two types of licenses into a "Crypto Asset Service Provider (CASP)" license, covering the following four business categories:

1. Cryptocurrency trading services: including the compliance architecture design of centralized exchanges (CEX) and decentralized exchanges (DEX), but the regulatory classification of DEX still needs to be determined in combination with the actual controller of the smart contract.

2. Crypto asset custody and management: Expand to institutional-level custody services, such as providing cryptocurrency asset custody, valuation and accounting services to fund companies.

3. Investment consulting and information services: including market analysis reports, investment strategy recommendations, etc., but a strict distinction must be made between "general information" and "personalized investment advice", the latter of which requires an additional application for an investment consulting license.

4. Payment and Settlement Services: Licensed institutions are allowed to act as payment gateways to connect cryptocurrencies with traditional financial systems, such as developing cross-border cryptocurrency payment solutions.

Core compliance requirements for applying for a Lithuanian cryptocurrency license

1. Establishing the legal framework

1. Corporate Entity Registration

All applicants need to establish a limited liability company (UAB) in Lithuania, and the registration process must be submitted online through the Lithuanian Centre for Registers. The core documents include: Articles of Association (must clearly state the business scope and equity structure), shareholder identification (natural persons need notarized passports, legal persons need to provide registration certificates), and proof of registered address.

The registration period is usually 10-15 working days, and the name approval must be checked in advance through the "Company Name Pre-check System".

2. Review of shareholder and management qualifications

The Central Bank of Lithuania requires a background check on the company’s actual controller (beneficial owner) and core management, with key review items including:

  • No record of financial crimes (a certificate of no criminal record issued by the police in the place of residence is required)

  • Have more than 3 years of compliance experience in the financial or technology industry (management needs to submit resume and qualification certificate)

  • The source of shareholder funds is legal (bank statements, asset certificates, etc. are required)

For foreign-invested enterprises, overseas shareholders holding more than 25% of the shares are required to submit an additional compliance statement from the parent company, explaining the regulatory status of its place of registration.

(II) Financial and capital requirements

As mentioned above, after the implementation of MiCA, the registered capital is divided into three tiers: 50,000, 125,000, and 150,000 euros. Enterprises are required to provide a capital freeze certificate issued by the bank when applying. It is particularly important to note that the capital must remain "continuously sufficient", that is, when the net assets are less than 80% of the registered capital, the difference must be made up within 30 days.

Mankiw LLP recommends that companies establish dedicated compliance accounts to ensure that capital flows are traceable. In addition to registered capital, companies need to set aside an annual compliance budget , which mainly includes: AML/KYC system procurement, regular audit fees, employee training and certification, license renewal fees, etc.

(III) Construction of operational compliance system

1. AML/CFT/Sanctions Compliance System Design

This is the core link of Lithuania's supervision. Enterprises need to establish the following prevention and control systems:

  • Customer access layer: Use multi-factor authentication (such as biometrics + document OCR) to implement enhanced due diligence (EDD) for high-risk customers.

  • Transaction monitoring layer: deploy a real-time transaction monitoring system, set single transaction limits (such as exceeding 10,000 euros to trigger manual review), and automatically mark abnormal transaction patterns (such as high-frequency transfers in a short period of time).

  • Reporting and archiving layer: Establish a suspicious transaction reporting (STR) mechanism, report to the Lithuanian Financial Crime Investigation Bureau within 3 working hours, and keep transaction records for at least 5 years.

  • Sanctions compliance: Implement measures such as name screening and transaction review to prevent international sanctions risks.

2. Risk management system

According to MiCA requirements, enterprises need to develop a Risk Assessment and Control Manual covering:

  • Market risk: Establish a circuit breaker mechanism for cryptocurrency price fluctuations;

  • Credit risk: Implement quota management for market makers and liquidity providers, and set default stop loss lines

  • Operational risks: Establish a disaster recovery system and conduct penetration tests regularly.

In addition, companies involved in hosting services must purchase professional liability insurance with a coverage of no less than EUR 1 million.

3. Data protection and GDPR compliance

As a member of the European Union, Lithuania strictly implements the General Data Protection Regulation (GDPR). Enterprises need to:

  • Appoint a full-time Data Protection Officer (DPO), who must have experience in data security management and must not hold other positions that may create conflicts of interest.

  • Implement data classification management, classify customer private keys and transaction records as "special category data", and use encrypted storage (AES-256 standard) and access control (principle of least privilege)

  • Establish a data breach response mechanism , report to the Lithuanian Data Protection Authority within 72 hours, and notify affected users.

Analysis of the entire license application process

Phase 1: Preparation and Planning (4-6 weeks)

1. Business plan preparation

The following core contents should be included:

  • Business model description (technical architecture, profit model, target customer profile)

  • Market analysis (EU cryptocurrency market size, competition landscape, Lithuania localization strategy)

  • An overview of the compliance framework (simplified diagram of the AML/KYC process, summary of the risk management system);

  • Financial forecast (revenue, cost, and capital expenditure plan for the next three years, to be reviewed by a certified public accountant)

2. Compliance Pre-Assessment

Identify potential issues ahead of time by simulating regulatory reviews:

  • Whether there are compliance defects in the shareholder structure (such as anonymous shareholding, multi-layered nested structure);

  • Whether the technical system meets the regulatory interface requirements (such as reserving an API for data connection with the Central Bank of Lithuania)

  • Whether the team configuration is in place (for example, a compliance officer, AML specialist, and DPO are required).

Phase 2: Company establishment and bank account opening (2-3 weeks)

1. Register UAB Company

To submit an application through the Lithuanian e-government platform "E-Register", you need to upload the notarized company articles (bilingual version, mainly Lithuanian) and shareholder signature samples. After successful registration, you will obtain the company registration number (LEI code) and value-added tax number (VAT ID).

2. Bank account opening

It is recommended to choose a local Lithuanian bank (such as Swedbank, SEB Bank), and you need to provide:

  • Company registration documents

  • KYC information of shareholders and management

  • Business Plan Summary

  • Compliance Officer Appointment Letter

Due to the particularity of the cryptocurrency industry, banks may require companies to provide additional guarantees (such as 20% of the registered capital as a deposit). Mankiw Law Firm can assist in connecting with partner banks and optimizing the account opening process.

Phase 3: License application and review (8-12 weeks)

1. Submit application materials

Submit through the "Financial License Application Portal" on the official website of the Central Bank of Lithuania. The core documents include:

  • Completed application form (including business scope, technical plan, risk mitigation measures and other attachments)

  • Audited financial statements (enterprises established for less than one year need to provide capital verification reports)

  • Compliance system documents (AML/KYC manual, risk management system, data protection policy, etc., Lithuanian version required)

  • Management Commitment (commitment to comply with EU and Lithuanian regulatory requirements and assume compliance responsibilities)

2. Regulatory Inquiries and Supplementary Materials

During the review, the Bank of Lithuania may ask questions about the following issues:

  • Client funds custody model (whether to use a third-party trust institution, details of asset isolation measures)

  • Algorithmic trading rules (whether there is market manipulation risk, order matching mechanism description)

  • Cross-border business planning (how to ensure compliance in other EU member states)

Phase 4: Ongoing Compliance and License Maintenance

1. Annual Compliance Report

Submitted to the Central Bank of Lithuania before January 31 each year, including:

  • Business development (number of users, transaction volume, major product iterations)

  • Summary of risk events (such as data leakage, suspicious transaction processing results)

  • Description of financial status (balance sheet, analysis of compliance cost ratio)

2. Reporting of major events

The following situations must be reported to the regulatory authority within 10 working days:

  • Changes in equity structure (single shareholder holds more than 10% or withdraws)

  • Core system upgrade (such as changing KYC service providers, refactoring trading engines)

  • Business scope expansion (new services such as derivatives trading and cross-border payments)

3. Employee compliance training

Establish an annual training plan to ensure that all employees (especially customer service and technical teams) are familiar with:

  • The latest AML/CFT rules (such as the revision of the EU 6th Anti-Money Laundering Directive)

  • Customer complaint handling process (subject to compliance with Lithuanian Consumer Protection Law)

  • Data security operation specifications (such as prohibiting the transmission of sensitive customer information through personal email)

Potential challenges and coping strategies

1. Language and cultural barriers

All official documents in Lithuania are in Lithuanian, and all application materials must be certified by a sworn translator. In addition, there may be differences in the understanding of terminology in regulatory communications (such as the legal definition of "non-custodial wallet" in Lithuanian).

Mankiw’s solution: Form a bilingual compliance team, staffed with local lawyers who are proficient in Lithuanian legal terminology, adopt a dual-track system of "translation + legal review" to ensure document accuracy; develop a regulatory terminology comparison manual and regularly update the industry-specific vocabulary database.

2. Complex multi-level supervision

Enterprises must comply with Lithuanian domestic laws (such as the Virtual Currency Service Providers Act), EU regulations (MiCA, GDPR) and international standards (FATF Travel Rules), and the compliance system must have dynamic adaptability. For example, the "cross-border transaction customer information transmission" rules required by FATF need to be connected to the reporting system of the Central Bank of Lithuania.

Mankiw’s solution: Build a “regulatory mapping matrix” to map different levels of compliance requirements to specific business links.

3. Qualification requirements for AML officers

According to Lithuania regulations, AML compliance officers must be residents of the country and have at least five years of financial compliance experience and be familiar with MiCA and AML-D6 directives. This has led to a shortage of qualified talents, especially foreign companies facing competitive pressure when recruiting locally.

Mankiw’s solution: Leverage the global talent network to help companies recruit local talent with EU compliance qualifications; provide “compliance officer outsourcing services” to meet transition needs.

Mankiw LLP - Your Professional Partner on the Lithuanian Compliance Journey

As a legal service organization deeply engaged in the field of global web3 compliance, Mankiw Law Firm has created a "full-cycle compliance solution" based on the regulatory characteristics of Lithuania to help companies achieve seamless connection from market access to sustainable operations:

1. Customized license application service

1. Early diagnosis: Identify potential risk points through compliance questionnaires and technical architecture audits, and develop a "defect repair roadmap."

2. Document preparation: Lithuanian local lawyers will lead the drafting of documents to ensure compliance with regulatory language habits and format requirements.

3. Regulatory communication: Establish an exclusive docking channel, provide real-time feedback on review progress, and efficiently handle regulatory inquiries.

(II) Construction of a localized compliance system

1. System design: Based on the enterprise's business model, tailor-make core documents such as AML/KYC manuals, risk management systems, and data protection policies.

2. System connection: Assist in connecting to the compliance technology platform designated by the Central Bank of Lithuania to realize automatic reporting of transaction data and risk monitoring.

3. Team empowerment: Provide localized compliance training, and assist in recruiting or dispatching compliance officers, DPOs and other key personnel.

Conclusion: Unleashing innovation potential within a compliance framework

The application for a cryptocurrency license in Lithuania is not only a practice of regulatory compliance, but also an important opportunity for companies to integrate into the global compliance financial system. Despite challenges such as language barriers and multi-level supervision, its advantage as the EU's "regulatory innovation test field" provides a rare development window for cryptocurrency companies. Mankiw Law Firm has always believed that compliance is not a constraint, but a guardian of innovation . Through professional legal framework design and continuous compliance operations, companies can build a cryptocurrency business ecosystem that is both secure and competitive on the fertile land of Lithuania, calmly respond to global regulatory changes, and embark on a new journey of sustainable development.

Appendix: Frequently Asked Questions

Q1: Is it necessary to apply for a license to conduct cryptocurrency business in Lithuania?

Yes. According to the Lithuanian Virtual Currency Service Providers Act and MiCA regulations, any company engaged in cryptocurrency trading, custody, consulting and other services must obtain a corresponding license. You can apply for the old version of the VCESP/VCWSP license before May 31, 2025, and then the CASP license under the MiCA framework will be uniformly applicable.

Q2: Can non-EU companies apply for a Lithuanian cryptocurrency license?

Yes. Lithuania allows 100% foreign ownership, but requires additional eligibility review of foreign shareholders, including regulatory status assessment at the place of registration, proof of legality of source of funds, etc. Mankiw LLP can assist in preparing cross-border compliance documents to ensure compliance with EU "equivalent supervision" requirements.

Q3: How does Lithuania tax cryptocurrency transactions?

At the corporate level, cryptocurrency-related income (such as transaction fees and custody service fees) is subject to corporate income tax at a rate of 15%; at the individual level, capital gains tax is levied at a rate of 15% on the portion of profit from a single transaction that exceeds 1,500 euros.

Q4: What are the common reasons for license application rejection?

These risks mainly include: shareholders or management have a record of financial crimes; registered capital has not been paid up as required; compliance system documents have major defects (such as incomplete AML process); technical systems cannot meet regulatory data connection requirements. Mankiw LLP's pre-assessment service can effectively reduce such risks.

Q5: After obtaining a Lithuanian license, can I conduct business in other EU countries?

Yes. According to the EU's "Financial Services Passport" principle, companies holding a Lithuanian CASP license can set up branches or provide services remotely in any member state without having to apply for a license again, but they must register with the Lithuanian regulator. Mankiw can assist in handling cross-border registration procedures to ensure compliance with the localization requirements of the target country.

Share to:

Author: 曼昆区块链

This article represents the views of PANews columnist and does not represent PANews' position or legal liability.

The article and opinions do not constitute investment advice

Image source: 曼昆区块链. Please contact the author for removal if there is infringement.

Follow PANews official accounts, navigate bull and bear markets together
Telegram Discussion Group
Telegram News Channel
@PANews
Recommended Reading
1 hour ago
2 hour ago
3 hour ago
6 hour ago
6 hour ago
7 hour ago

Popular Articles

Industry News
Market Trends
Curated Readings
Subscribe

Curated Series

App内阅读