BTC $67,420 ▲ +2.4% ETH $3,541 ▲ +1.8% SOL $178 ▲ +5.1% BNB $412 ▼ -0.3% XRP $0.63 ▲ +0.9% ADA $0.51 ▼ -1.2% AVAX $38.90 ▲ +2.7% DOGE $0.17 ▲ +3.2% DOT $8.42 ▼ -0.8% LINK $14.60 ▲ +3.6% MATIC $0.92 ▲ +1.5% LTC $88.40 ▼ -0.6% BTC $67,420 ▲ +2.4% ETH $3,541 ▲ +1.8% SOL $178 ▲ +5.1% BNB $412 ▼ -0.3% XRP $0.63 ▲ +0.9% ADA $0.51 ▼ -1.2% AVAX $38.90 ▲ +2.7% DOGE $0.17 ▲ +3.2% DOT $8.42 ▼ -0.8% LINK $14.60 ▲ +3.6% MATIC $0.92 ▲ +1.5% LTC $88.40 ▼ -0.6%
Crypto Currencies

Crypto Exchange License Lithuania: Mechanics and Compliance Paths

Lithuania established a crypto service provider (CSP) registration regime in 2018, making it one of the earliest EU states to offer a…
Halille Azami · April 6, 2026 · 8 min read
Crypto Exchange License Lithuania: Mechanics and Compliance Paths

Lithuania established a crypto service provider (CSP) registration regime in 2018, making it one of the earliest EU states to offer a dedicated legal framework for digital asset operators. The licensing framework covers virtual asset exchange, wallet custody, and token issuance activities under a single registration maintained by the Register Center. The mechanics differ meaningfully from full capital markets licensing regimes, and recent tightening in 2022 and beyond has changed barrier to entry assumptions. This article walks through registration categories, capital and conduct requirements, the actual application process, and pitfalls that delay or derail approvals.

Registration Categories and Scope

Lithuania issues two distinct registrations under the Law on the Prevention of Money Laundering and Terrorist Financing.

Virtual Currency Exchange Operator covers fiat-to-crypto and crypto-to-fiat exchange services. This includes spot trading platforms, OTC desks handling fiat settlement, and onramp/offramp providers embedded in wallet applications. It does not cover pure crypto-to-crypto swaps if no fiat touches the system. In practice, most applicants pursue this category to enable local bank connections for EUR deposits.

Virtual Currency Depository Wallet Operator authorizes custody of private keys or seed phrases on behalf of clients. This applies to hosted wallets, custodial staking services, and any system where the operator can initiate outbound transfers without direct per-transaction client approval. Noncustodial wallets, hardware wallet manufacturers, and pure software providers without key access fall outside the scope.

Many operators hold both registrations simultaneously. The application is unified; you select applicable activities during submission. Expanding later requires amendment filings but does not restart the review clock from zero.

Capital and Organizational Requirements

Minimum share capital was raised to EUR 125,000 in 2022, paid in full before application submission. The capital must sit in a Lithuanian bank account or EU credit institution branch, and the applicant provides notarized proof with the filing. Some operators structure a Lithuanian subsidiary purely to hold this capital and the license, leaving parent company treasury elsewhere.

Management residency is enforced. At least one board member or equivalent management body member must reside in Lithuania and hold authorization to represent the company in dealings with supervisors. Remote management from other EU states is insufficient. In practice this means hiring a Lithuanian director or relocating an existing executive, not merely appointing a local nominee with no operational authority.

AML officer and compliance function must be in place before approval. The officer must be named in the application, demonstrating relevant experience and passing a background check. Outsourcing the AML function to a third party consultant is not acceptable; the officer must be an employee or board member with direct reporting lines.

Physical office requirement exists but is interpreted flexibly. A coworking space mailbox will fail review. A serviced office with desk access and a local business address satisfies the rule, provided the compliance officer and at least some operational staff actually use it. Fully virtual operations are not approved.

Application Process and Timelines

Applications are submitted to the Register Center online portal with supporting documentation. The statutory review period is 30 business days, but in practice most approvals take 60 to 120 days for first time applicants. Amendments for existing registrants often clear in under 30 days.

Core documentation includes articles of incorporation, shareholder registry, criminal background checks for all directors and officers, detailed business plan, AML/CFT procedures manual, IT security policy, fund segregation plan, and proof of capital deposit. The business plan must map transaction flows showing where fiat enters, how crypto is sourced or delivered, and where customer funds sit at each step. Generic boilerplate fails. Reviewers specifically check whether your described custody model matches your declared registration category.

Bank account sequencing creates a circular dependency. Most Lithuanian banks will not open accounts for crypto businesses until the license is granted, but you need a local account to deposit share capital before applying. The workaround is to use an EU bank with a Lithuanian branch (some international banks facilitate this) or work with one of the few crypto-friendly Lithuanian banks that open pre-license accounts with restricted terms. Budget for higher initial deposit requirements and longer KYB clearance with these banks.

The Register Center may issue clarification requests. Response time matters. Failing to reply within 10 business days can pause the review indefinitely. Common clarification topics include source of funds for share capital, beneficial ownership chains when shareholders are offshore entities, and detailed explanations of smart contract logic if the platform includes DeFi integrations or staking.

Ongoing Compliance and Supervision

Annual audited financial statements must be filed within six months of fiscal year end. The auditor must be licensed in Lithuania or another EU state. Statements must separately report crypto asset balances, client liability positions, and reconciliation between the two.

AML transaction monitoring is actively supervised. Lithuania applies FATF standards with added scrutiny on Eastern European counterparties and privacy coin handling. Operators must file suspicious activity reports (SARs) with the Financial Crime Investigation Service (FNTT). Platforms allowing privacy coins, mixer interactions, or anonymous deposits face heightened reporting burdens. Many operators geo-block certain jurisdictions to reduce monitoring overhead.

Client fund segregation is required but mechanics are not prescribed in detail. Most operators open a separate omnibus bank account for client EUR holdings and maintain internal accounting ledgers mapping client balances. Crypto assets must be held separately from operating wallets. Commingling fails compliance even if balances reconcile. Using third party custodians is allowed but does not transfer liability; the operator remains responsible for client asset security.

Capital maintenance is checked at renewal and during ad hoc audits. If losses erode share capital below EUR 125,000, the operator must restore it within 90 days or face suspension. Some operators maintain additional buffer capital to avoid triggering this rule during market downturns.

Worked Example: OTC Desk Setup

Consider an OTC desk incorporated in Lithuania offering fiat-to-crypto trades for institutional clients.

Step 1: Incorporate Lithuanian UAB with EUR 125,000 share capital deposited in a local bank. Appoint two directors, one resident in Vilnius.

Step 2: Hire a Lithuanian AML officer with prior financial sector experience. Draft AML/CFT procedures covering client onboarding, transaction monitoring thresholds, SAR escalation, and record retention schedules.

Step 3: Submit virtual currency exchange operator application to Register Center. Include business plan describing trade flow: client wires EUR to segregated bank account, desk sources BTC from liquidity provider (Kraken or similar), BTC delivered to client provided address. No custody; client receives coins immediately post settlement.

Step 4: During review, Register Center asks for liquidity provider contracts proving the desk can source sufficient volume. Desk provides executed agreements with two institutional liquidity sources and sample transaction logs from a test environment.

Step 5: Approval granted after 75 days. Desk opens full commercial bank account, connects to liquidity providers, and begins client onboarding with manual KYC review for first 50 accounts.

Step 6: Six months post launch, desk files first SAR after detecting structuring behavior in client deposit patterns. FNTT follows up within 10 days requesting additional transaction details. Desk provides full audit trail and blocks the client account pending investigation.

Common Mistakes and Misconfigurations

Nominee directors with no operational authority. Supervisors verify management reality through interviews and document requests. A resident director who cannot explain the business model or access company systems will trigger rejection or later revocation.

Inadequate AML procedures for actual transaction types. Cutting and pasting generic AML templates designed for forex brokers or payment processors fails. The manual must address blockchain tracing, address clustering, coin provenance analysis, and mixing detection specific to crypto.

Underestimating bank relationship timelines. Some applicants assume a license guarantees banking access. Several Lithuanian banks exited crypto services after 2021. Opening accounts now requires upfront relationship building, often 3 to 6 months before licensing, and acceptance is not guaranteed.

Failing to segregate test and production environments in IT security documentation. Reviewers check whether customer data and private keys are isolated from development systems. Shared databases or insufficiently permissioned admin access raise red flags.

Ignoring Travel Rule implementation. Platforms facilitating transfers above EUR 1,000 must collect and transmit originator and beneficiary data. Platforms without Travel Rule infrastructure face enforcement risk during supervision audits.

Misclassifying noncustodial services as exempt. If your wallet uses client-side encryption but your servers can reconstruct keys via backup recovery flows, you may require depository wallet registration. The test is control, not stated custody model.

What to Verify Before You Rely on This

  • Current minimum share capital requirements and whether amendments are pending. The 2022 increase was substantial and future changes may follow broader EU directives.
  • Residency rules for directors and whether remote EU presence satisfies updated interpretations. Register Center guidance documents may clarify this.
  • Bank availability for crypto operators. Confirm which banks currently accept CSP clients and their account opening criteria. This changes frequently.
  • Travel Rule implementation deadlines and technical standards. Lithuania follows EU timelines but may adopt stricter domestic reporting thresholds.
  • Registration renewal timelines and fee schedules. Initial approvals do not auto-renew; confirm current renewal submission windows.
  • Supervisory stance on DeFi integrations, staking services, and yield products. Regulatory interpretation of these activities is evolving and may require additional permissions.
  • Tax treatment of crypto assets held for clients versus operating reserves. Consult Lithuanian tax advisors for current VAT and corporate tax implications.
  • Any pending amendments to the AML law that could change capital requirements, reporting thresholds, or permissible activities for registered operators.
  • Whether your planned banking partners support the transaction volumes and counterparty geographies in your business model. Some banks cap monthly volumes for crypto accounts.
  • Current processing times from recent applicants in similar categories. Register Center capacity and review speed vary with application volume.

Next Steps

  • Engage a Lithuanian corporate service provider to structure the entity and navigate local incorporation mechanics before drafting the license application. Incorporating correctly the first time avoids costly amendments.
  • Draft your AML/CFT procedures manual concurrently with the business plan. Map every transaction flow to a specific monitoring rule and escalation path. Reviewers cross-reference these documents closely.
  • Secure your resident director hire and confirm their willingness to engage directly with supervisors before filing. Their interview performance influences approval outcomes and this is not a role to fill with unengaged staff.

Category: Crypto Regulations & Compliance

Topics: Crypto CurrenciesCrypto DerivativesCrypto ExchangesCrypto Investment StrategiesCrypto Market AnalysisCrypto NewsCrypto Portfolio TrackingCrypto Price PredictionCrypto RatingsCrypto RegulationsCrypto SecurityCrypto TaxesCrypto TradingCrypto Wallets

Related Stories