New Compliance Requirements for Electronic Money and Payment Institutions

The Bank of Lithuania has adopted the Resolution No 03-33 Amending resolution No 247 of the Board of the Bank of Lithuania of 30 December 2009 On requirements for electronic money institutions and payment institutions regarding internal control, risk management and safeguarding of received funds (hereinafter – the Resolution).

The institutions must comply with requirements in terms of wind down plan starting from 9th of April 2025. Based on the Resolution, collegial management body of the institution shall approve a plan for the termination of the activity of issuing electronic money and/or providing payment services, which must include at least the following:

  • Scenarios for the termination of electronic money issuance and/or payment service provision activities and their implementation measures;
  • Groups of persons affected by the wind-down (the number of persons in each group), the anticipated impact, and measures to minimize the negative impact on these persons and the financial market to the greatest extent possible;
  • Indicators that determine the possible need to terminate the activity, values ​​of indicators under which the institution shall decide whether to terminate the activity, and the procedure for monitoring indicators;
  • The form and procedure for drawing up a list including all holders of electronic money and/or payment service users;
  • The procedure for adopting a decision on the termination of the activity of issuing electronic money and/or providing payment services, actions that ensure that the Bank of Lithuania is immediately informed of the decision to terminate the activity and the persons responsible for performing these actions;
  • Actions and deadlines for the termination of the activity, as well as the procedure for managing the process of terminating the activity and specific risks that may affect the smooth termination of the activity;
  • Non-financial resources and financial resources and their sources required for the termination of the activity;
  • A communication plan for informing stakeholders about the wind-down;
  • Measures ensuring that the institution can, if necessary, immediately contact each electronic money holder and/or payment service user;
  • The procedure for reporting to the institution for the implementation of the wind down plan;
  • Periodicity of the review of the wind-down plan and the persons responsible for the review, as well as the cases where the wind-down plan must be reviewed without delay.

Compliance with requirements in terms of other parts of the Resolution regarding governance, internal control, risk management and safeguarding of clients funds shall be ensured starting from 1st of January 2026.

The main aspects of the Resolution include:

  • Provision of more detailed requirements in terms of safeguarding of clients’ funds:
  • Recommendation to have at least 2 safeguarding accounts;
  • Requirements on reconciliation process, including cases where several methods for safeguarding of clients’ funds is applied in the institution;
  • Specific requirements for investment in safe, liquid and low risk assets, including but not limited to the provided list of safe, liquid and low risk assets; established maximum amount of clients funds to be invested (70% of the total amount of client funds to be safeguarded).
  • Key requirements in terms of the collegial management body activities:
  • If, according to the laws and the Articles of Association, a collegial supervisory body (supervisory board) is not required to be established, the requirements established for the supervisory body shall apply to the collegial management body;
  • Each area (strategic planning, prevention of money laundering and/or terrorist financing, other risk management, protection of client funds, equity issues, internal audit, finance and accounting, compliance, etc.) in which decisions are made by management board is assigned to the supervision of at least one member of this collegial management body.
  • Key requirements in terms of the control functions:
  • The Company must appoint responsible officers for various control functions, including AML, compliance, risk, outsourcing, capital requirements, safeguarding of clients’ funds, and internal audit;
  • Officers responsible for compliance, risk, safeguarding of clients’ funds, and capital requirements must hold positions of a higher hierarchical level unless the Company is small and has no hierarchical structure.
  • Key requirements in terms of organizational structure and internal control:
  • The organizational structure must outline each function performed by intermediaries and outsourced entities, specify responsible persons, their responsibilities, detail monitoring and supervision roles; if the Company is a subsidiary, it must also reflect the parent company, its bodies, divisions, and decision-makers;
  • More detailed requirements for the internal information system. All relevant bodies, members, and employees must be informed about internal documents; employees must perform their functions only after they get familiarized with applicable internal documents, effective exchange of information between control function personnel must be ensured;
  • The Company must have an alert system for managers and bodies to receive reports on operational, management, and internal control issues;
  • The bodies of the Company are responsible for the development and implementation of conflict of interest management measures;
  • If the Company has branches, it must approve procedures for their control;
  • Contracts with intermediaries and outsourced entities must clearly define roles, rights, duties, and responsibilities.
  • More detailed requirements in terms of risk management:
  • Risk management responsibilities must be delegated not only to the person responsible for ensuring risk management (risk officer), but also to all divisions, taking into account the level of risk acceptable to the Company and its capacity to assume risk.
  • The supervisory body must approve an internal risk strategy document outlining risk strategy and risk management principles;
  • The risk officer must help draft the risk strategy, participate in decision making regarding the management of significant risks;
  • The risk officer must submit an annual risk management report to the collegial management body once a year, and the latter shall assess it. The annual risk management report must include a general risk assessment, including information on the risks faced by the Company, the implemented risk management improvement and other risk management measures and their impact on risk management, the proposed measures to improve risk management and the expected risk change after their implementation.
  • The collegial management body, taking into account the results of the risk management system assessment, must periodically, but not less than once a year, assess whether there is a need to improve the risk management system, and having determined that the risk management system needs to be improved, approve a risk management improvement plan, which must specify the measures to improve risk management, the persons responsible for the implementation of these measures and the deadlines for the implementation of the measures, the persons responsible for controlling the implementation of this plan and assessing the risk change after the measures have been implemented.
  • More detailed requirements in terms of internal audit. The internal auditor must perform control over the elimination of identified deficiencies and the implementation of the recommendations provided and, if significant violations are found (the action plan is not implemented properly, the deadlines set therein are not met, etc.), immediately inform the supervisory body and the management body.

We would like to draw your attention to the importance of the upcoming regulatory requirements. Therefore, we recommend:

1. Starting the preparation of your wind-down plan as soon as possible.

2. Reviewing your internal documents to ensure compliance with the Resolution’s requirements.

3. Adjusting your processes to align with the forthcoming regulations.

Our law firm helps in creating a wind-down plan that fully complies with the requirements of the Bank of Lithuania. As well we can assist in revision of your internal documents to prepare for implementation of the upcoming legal requirements.

Newsletter SubscriptionGet in touch
Free initial advice now!

Have a question or need more information?

Send us an e-mail message!