This edition of RegRally Insights: EMI/PI Regulation – April 2026 highlights a rapidly evolving regulatory environment for electronic money institutions, payment institutions, and fintech businesses across the Baltics and the wider EU.
A clear trend continues to emerge: regulators are moving beyond formal authorisations and increasingly focusing on business model substance, governance quality, AML/CFT effectiveness, ICT resilience, and access to core financial infrastructure. Licensing remains important, but it is no longer the sole benchmark of regulatory readiness.
Lithuania remains particularly active, with notable developments involving limited network exemptions, multi-licensing strategies for crypto and payment businesses, TARGET system access for non-bank institutions, and the practical transition toward DORA as the central ICT compliance framework. At the same time, supervisory enforcement continues to emphasise transaction monitoring and ongoing compliance effectiveness.
Across the region, Latvia continues to strengthen its position as a competitive licensing hub, while Estonia is digitising authorisation processes and maintaining a structured supervisory approach.
This edition also covers the implementation of Consumer Credit Directive II (CCD II), which is set to materially reshape the regulatory perimeter for non-bank lending, BNPL, and consumer finance products throughout the Baltic market.
Limited Network Exemption Confirmed in Lithuania
The Bank of Lithuania has included UAB EECO and its student ID card payment solution in the public list of limited network exemption arrangements.
The “E-wallet – Electronic Student Certificate Payment Function” exceeded the EUR 1 million annual transaction threshold, triggering notification to the regulator.
Following the assessment, the Bank of Lithuania confirmed that the solution qualifies for the limited network exemption under the Law on Payments of the Republic of Lithuania and added it to the public register of exempted schemes.
Under the Law on Payments of the Republic of Lithuania, where the total value of payment transactions executed through a payment instrument exceeds EUR 1 million over the last 12 months, the service provider is required to notify the Bank of Lithuania.
In practice, however, this requirement should not be viewed merely as a formal threshold. Reaching or approaching this level should prompt a careful reassessment of whether the business model genuinely meets the criteria of the limited network exemption. Where there is any uncertainty, adopting a proactive notification approach not only ensures compliance but also allows the Bank of Lithuania to assess the applicability of the exemption at an early stage. This can provide regulatory comfort and reduce the risk that the activity will later be reclassified as a regulated payment service requiring authorisation.
Robinhood Europe, UAB, was granted a payment institution license for payment services related to EMT
This development reflects a broader sequencing strategy increasingly observed in regulatory practice. The company initially obtained an investment firm (brokerage) licence, followed by authorisation as a crypto-asset service provider under Markets in Crypto-Assets Regulation (MiCA). The subsequent step, obtaining a payment institution licence, appears driven by the expansion of its product offering to include EMT-related services, such as EMT custody and transfers.
From a regulatory perspective, this approach aligns with the treatment of EMTs as “funds” under EU financial services legislation. As a result, activities involving the transfer or safekeeping of EMTs may fall within the scope of payment services under the Payment Services Directive 2 (PSD2). In supervisory practice, this creates a clear expectation that firms engaging in such activities must obtain the obtain payment authorisation, in addition to their MiCA permissions.
In practical terms, firms planning to offer a broad suite of crypto-related services should carefully assess the regulatory perimeter at an early stage. While MiCA provides a framework for crypto-asset services, it does not displace PSD2 where activities qualify as payment services. This is particularly relevant for EMTs, given their functional equivalence to electronic money.
Accordingly, the case of Robinhood Europe, UAB illustrates a structured regulatory pathway: starting with investment services, expanding into crypto under MiCA, and subsequently securing payment authorisation to support EMT-related functionalities. Firms adopting similar business models should anticipate the need for multi-licensing strategies and ensure that their regulatory planning reflects this layered approach from the outset.
Lithuania Opens Framework for TARGET System Access
The Bank of Lithuania has approved a new framework for access to the TARGET-LIETUVOS BANKAS payment system.
The framework sets requirements for non-bank financial institutions, including electronic money and payment institutions, seeking direct access to Eurosystem infrastructure.
Following EU-level changes, national central banks may, at their discretion, grant such access to non-bank payment service providers. In Lithuania, access is possible but subject to strict national eligibility criteria.
The framework requires that ultimate beneficial owners and senior management meet high reputational standards and do not pose a risk to national security or Lithuania’s reputation. In addition, institutions and their related parties must not be subject to international sanctions, and specific restrictions apply in relation to links with Russia and Belarus, subject to limited exceptions.
From an operational perspective, firms should be prepared to provide detailed information to support the assessment of money laundering and terrorist financing risks. This indicates that access to TARGET will be closely aligned with AML/CFT expectations and broader prudential considerations, rather than being treated as a purely technical onboarding process.
It is also important to note that these requirements are consistent with those already applied to participants of the CENTROlink system, suggesting a coherent supervisory approach by the Bank of Lithuania across different payment infrastructures.
Overall, while the possibility for non-bank institutions to access the TARGET system represents a significant step towards greater integration into core payment infrastructure, firms should approach this opportunity with careful preparation. Early engagement with the regulator, robust governance arrangements, and a clearly articulated AML/CFT framework will be key factors in successfully obtaining access.
Bank of Lithuania Aligns ICT Rules with DORA
The Bank of Lithuania has repealed certain national rules on ICT risk management and incident reporting following the application of DORA and related EU legislation.
Remaining requirements relevant to payment service providers and credit institutions have been consolidated into a new framework for notifications to the Bank of Lithuania under the Law on Payments.
This confirms the shift toward harmonised EU regulation, with DORA now serving as the primary framework for ICT risk management and incident reporting obligations.
In practical terms, firms should not assume that regulatory burden has decreased, but rather that it has been restructured and centralised at the EU level. Internal policies and procedures should therefore be reviewed and aligned with DORA requirements and relevant regulatory technical standards, rather than relying on legacy national frameworks that are no longer applicable.
Overall, these changes confirm that DORA is now the central framework governing digital operational resilience in the EU financial sector, and firms should treat it as the primary reference point when designing ICT risk and incident management systems.
Bank of Lithuania AML Settlement with ValorPay
The Bank of Lithuania concluded an administrative settlement with ValorPay, UAB following an AML/CTF inspection that identified deficiencies in client relationship and transaction monitoring.
ValorPay admitted the breach, implemented corrective measures, and committed to submitting an independent audit report confirming remediation.
A monetary penalty of EUR 30,000 was agreed.
From a regulatory practice perspective, this case illustrates the Bank of Lithuania’s willingness to apply cooperative enforcement tools where firms demonstrate transparency, remediation, and proactive engagement. Administrative settlements can serve as an alternative to more severe sanctions, particularly where the breach is acknowledged and corrective measures are implemented promptly.
At the same time, the underlying issue – deficiencies in ongoing monitoring remains a key supervisory focus. Firms should ensure that their transaction monitoring frameworks are not only formally in place but also operationally effective, risk-based, and capable of identifying unusual or suspicious activity in a timely manner.
In practice, institutions should view this case as a reminder that early engagement with the regulator, combined with swift remediation and independent validation (e.g., through audit), can significantly influence the outcome of enforcement actions. However, reliance on such mechanisms should not substitute for robust first-line controls, as AML/CFT monitoring remains a high-priority area of supervisory scrutiny.
Finantsinspektsioon – payment/e-money licence applications
From 18 March 2026, applications for an operating licence as a payment institution or e-money institution in Estonia must be submitted through the Finantsinspektsioon application portal. – https://taotlus.fi.ee/en.
Practical tip. If the representative or contact person of the applicant or acquirer does not have a user account on the FI Application Portal and cannot authenticate with an Estonian ID card, Mobile ID, or Smart ID, then one must please contact [email protected] to create a user account, providing your first name, last name and e-mail address.
There is no need to contact Finantsinspektsioon if a person without an Estonian ID code is added as a representative of the applicant during the application process.
In that case, a user account is created automatically. An email will be sent to confirm that the account has been created.
Transposing the EU Consumer Credit Directive II in the Baltics
Lithuania, Latvia, and Estonia are implementing CCD II, bringing major changes to the Baltic consumer credit market.
The new regime expands regulated credit to include certain low- and high-value loans and BNPL products, while strengthening rules on creditworthiness checks, disclosures, advertising, automated decision-making, staff competence, remuneration, and forbearance.
National developments:
- Lithuania: draft law progressing, with broader obligations and expected transition period.
- Latvia: moving toward centralised supervision of non-bank lenders under the Bank of Latvia.
- Estonia: retaining its current distributed supervisory model.
Businesses should review licensing status, compliance frameworks, and product scope. CCD II will significantly reshape the Baltic consumer credit market while leaving important national differences in implementation.
For fintech companies, non-bank lenders, and credit intermediaries, aligning internal processes with both the Directive requirements and the specific provisions of each national draft framework will be essential for maintaining compliance, operating efficiently, and securing a competitive position in the region in 2026 and beyond.
Our legal team provides full support in navigating CCD II compliance, compliance, licensing, consumer protection, and fintech regulatory requirements in Lithuania, Latvia, and Estonia.
Licensing Trends in Latvia: MONELIQ EUROPE SIA
The Latvijas Banka has recently granted an electronic money institution licence to MONELIQ EUROPE SIA, authorising it to issue electronic money, execute payment transactions, issue payment instruments, and provide payment initiation and account information services.
This development should be viewed in a broader context of Latvia’s increasingly active licensing environment, with multiple electronic money and payment institutions already operating in the jurisdiction. It reflects a clear strategic direction by the Latvijas Banka to position Latvia as an attractive hub for financial services and fintech businesses within the EU.
The Latvian regulator actively promotes the use of pre-licensing consultations, which serve as an important tool for aligning expectations between applicants and the supervisor at an early stage.
Engagement at the pre-licensing phase allows firms to obtain initial feedback on their business model, governance arrangements, and compliance framework, thereby significantly increasing the likelihood of a successful application. This approach also enables Latvijas Banka to filter and shape incoming applications, resulting in higher-quality submissions and more efficient review processes.
Licensing Trends in Latvia: SIA Catego
Latvijas Banka has announced that its Supervision Committee has issued a payment institution license to a new market participant – SIA Catego, authorising it to provide an account information service.
Currently, there are five licensed payment institutions and ten licensed and one registered electronic money institutions operating in Latvia.
This development should be viewed in a broader context of Latvia’s increasingly active licensing environment. Even though several electronic money and payment institutions already exist, new market participants continue to enter.
The attractiveness of the licensing process in Latvia stems from Latvijas Banka’s policy of providing pre-licensing consultations, which serve as an important tool for aligning expectations between applicants and the supervisor at an early stage.
Engagement at the pre-licensing phase allows firms to obtain initial feedback on their business model, governance arrangements, and compliance framework, thereby significantly increasing the likelihood of a successful application. This approach also enables Latvijas Banka to filter and shape incoming applications, contributing to higher-quality submissions and more efficient review processes.
Transparent and smooth licensing process positions Latvia as an attractive hub for financial services and fintech businesses within the EU.
Newsletter Subscription
Get in touch