Mankiw Research | Lithuania CASP License Application Guide 2025

Lithuania - The front line of the EU Crypto Assets industry Against the backdrop of the accelerating formation of a global Crypto Assets regulatory framework, Lithuania is becoming an important hub for the European Crypto Assets industry with its forward-thinking regulatory approach and efficient compliance system. As one of the first member states of the EU to establish a legal framework for Crypto Assets, Lithuania has created a "tech-friendly" regulatory environment that not only meets the compliance requirements of the EU single market but also provides a clear development path for innovative enterprises. (1) First-mover advantage of the regulatory framework The regulatory advantages of Lithuania are first reflected in the foresight at the legislative level. As early as before the formal implementation of the EU's Markets in Crypto Assets Regulation (MiCA), the country had established a dual licensing system for Virtual Currency Exchange Service Providers (VCESP) and Virtual Currency Wallet Service Providers (VCWSP). This system not only provides enterprises with clear business boundaries but also builds a relatively mature risk prevention and control mechanism through the in-depth integration with AML/CFT (Anti-Money Laundering/Counter-Terrorism Financing) rules. With the full implementation of MiCA in 2025, Lithuania quickly aligned its domestic regulations with the EU unified framework, forming a "dual compliance guarantee"—enterprises can freely conduct business in the 27 member states by obtaining a local license in Lithuania while leveraging the EU "passporting principle," significantly reducing the legal costs of cross-border operations. (2) Efficient Market Access Mechanism Compared to traditional financial regulatory jurisdictions, the licensing application process in Lithuania demonstrates significant efficiency advantages. According to the practical experience of Mankun Law Firm, the entire process from company registration to license approval can be completed within 3 to 6 months. This efficiency is attributed to the Lithuanian government's supportive attitude towards the fintech industry: the country has established a dedicated digital governance platform that allows businesses to submit application materials online and connect with regulatory agencies such as the Bank of Lithuania and the Financial Crime Investigation Service through a "single window." It is worth noting that if a company completes the compliance system construction in advance (such as AML/CFT process design and risk management system establishment), the approval cycle can be further shortened to 2-4 months. (3) The optimization space for compliance costs In terms of financial compliance, Lithuania has set flexible capital requirements. According to the new regulations implemented after MiCA, the minimum registered capital for businesses is divided into three tiers based on the type of service: Crypto Assets consulting service companies only need €50,000, custodial wallet and deposit/withdrawal service providers require €125,000, while those involved in crypto trading platforms need €150,000. In addition, Lithuania's tax policy is also attractive: the corporate income tax rate is 15%, and undistributed profits are not subject to additional taxes. Types of Crypto Assets Licenses in Lithuania and Their Applicable Scenarios MiCA Unified Licensing System (Effective from January 2025) With the implementation of the regulatory framework at the EU level, Lithuania will introduce MiCA-compatible licenses starting in 2025, consolidating the original two types of licenses into the "Crypto Assets Service Provider (CASP)" license, covering the following four major business categories:

1. Crypto Assets trading services: including the compliance architecture design of centralized exchanges (CEX) and decentralized exchanges (DEX), but the regulatory classification of DEX still needs to be determined in conjunction with the actual controlling party of the smart contract.
2. Crypto Assets Custody and Management: Expand to institutional-level custody services, such as providing custody, valuation, and other services for fund companies.
3. Investment consulting and information services: including market analysis reports, investment strategy suggestions, etc., but it is necessary to strictly distinguish between "general information" and "personalized investment advice," the latter requires an additional application for an investment consulting license.
4. Payment and Settlement Services: Allow licensed institutions to act as payment gateways, connecting Crypto Assets with traditional financial systems, such as developing cross-border Crypto Assets payment solutions. Core compliance requirements for applying for a Lithuanian Crypto Assets license (1) Legal Framework Construction
5. Company entity registration All applicants must establish a limited liability company (UAB) in Lithuania, and the registration process must be submitted online through the Lithuanian Centre for Registers. Core documents include: Articles of Association (which must specify the business scope and shareholding structure), proof of shareholder identity (individuals need notarized passports, legal entities must provide a registration certificate), and proof of registered address. The registration period usually takes 10-15 working days, and the name approval must be checked for duplicates in advance through the "Company Name Pre-check System".
6. Qualification Review of Shareholders and Management The Bank of Lithuania requires background checks on the company's actual controllers (beneficial owners) and core management team, focusing on the following review content: No financial crime record (a certificate of no criminal record issued by the local police must be provided) Possess more than 3 years of compliance experience in the financial or technology industry (management must submit resumes and qualification certificates) The source of shareholder funds is legal (bank statements, asset proof, and other documents need to be provided) For foreign-funded enterprises, foreign shareholders holding more than 25% of the shares must additionally submit a compliance statement from the parent company, explaining the regulatory status of their place of registration. (2) Financial and Capital Requirements As mentioned earlier, after the implementation of MiCA, the registered capital is divided into three tiers: 50,000, 125,000, and 150,000 euros. Companies are required to provide a bank-issued proof of fund freeze at the time of application. It is particularly important to note that this capital must be "continuously sufficient," meaning that if the net assets fall below 80% of the registered capital, the deficiency must be made up within 30 days. Mankun Law Firm recommends that enterprises establish dedicated compliance accounts to ensure that capital flows are traceable. In addition to registered capital, enterprises should set aside an annual compliance budget, which mainly includes: procurement of AML/KYC systems, periodic audit costs, employee training and certification, license renewal fees, etc. (3) Construction of Operational Compliance System
7. AML/CFT/Sanctions Compliance System Design This is the core aspect regulated by Lithuania, and companies need to establish the following prevention and control system: Customer Access Layer: Implement multi-factor authentication (such as biometrics + document OCR) and conduct Enhanced Due Diligence (EDD) for high-risk customers. Transaction Monitoring Layer: Deploy a real-time transaction monitoring system, set a single transaction limit (e.g., trigger manual review for amounts exceeding 10,000 euros), and automatically flag abnormal transaction patterns (e.g., high-frequency transfers within a short time). Reporting and Archiving Layer: Establish a Suspicious Transaction Reporting (STR) mechanism, report to the Lithuanian Financial Crime Investigation Service within 3 working hours, and retain transaction records for at least 5 years. Sanction Compliance: Implement measures such as Name Screening and transaction reviews to prevent international sanction risks.
8. Risk Management System According to MiCA requirements, companies need to develop a "Risk Assessment and Control Manual," covering: Market risk: Establish a circuit breaker mechanism for Crypto Assets price fluctuations; Credit risk: Implement quota management for market makers and liquidity providers, setting a default stop-loss line. Operational risk: Establish a disaster recovery system and conduct regular penetration testing. In addition, enterprises involved in custody services must purchase professional liability insurance with a coverage of no less than 1 million euros.
9. Data Protection and GDPR Compliance As a member state of the European Union, Lithuania strictly enforces the General Data Protection Regulation (GDPR), and businesses must: Appoint a dedicated Data Protection Officer (DPO), who must have experience in data security management and may not hold other positions that could create a conflict of interest. Implement data classification management, categorizing customer private keys and transaction records as "special category data", using encryption storage (AES-256 standard) and access control (principle of least privilege). Establish a data breach response mechanism, report to the Lithuanian Data Protection Authority within 72 hours, and notify affected users. Analysis of the entire process of license application Phase 1: Preparation and Planning (4-6 weeks)
10. Business Plan Preparation The following core content must be included: Business Model Description (Technical Architecture, Profit Model, Target Customer Profile) Market Analysis (EU Crypto Assets Market Size, Competitive Landscape, Lithuania Localization Strategy) Overview of Compliance Framework (AML/KYC Process Flowchart, Summary of Risk Management System); Financial projections (revenue, cost, capital expenditure plans for the next three years, subject to CPA review)
11. Compliance Pre-Assessment Identify potential issues in advance through simulated regulatory reviews: Are there any compliance flaws in the shareholder structure (such as anonymous holdings or multi-layered nested structures); Does the technical system meet the regulatory interface requirements (such as reserving APIs for data connection with the Central Bank of Lithuania) Is the team configuration in place (for example, should there be a compliance officer, AML specialist, DPO)? Phase Two: Company Establishment and Bank Account Opening (2-3 weeks)
12. Register UAB company Submit the application through the Lithuanian e-government platform "E-Register," and upload the notarized company articles (bilingual version, primarily in Lithuanian) and shareholder signature samples. After successful registration, obtain the company registration number (LEI code) and VAT ID.
13. Opening a bank account It is recommended to choose local banks in Lithuania (such as Swedbank, SEB Bank), and you need to provide: Company registration documents Shareholder and Management KYC Information Executive Summary of the Business Plan Compliance Officer Appointment Letter Due to the particularity of the Crypto Assets industry, banks may require enterprises to provide additional guarantees (such as 20% of the registered capital as margin). Mankun Law Firm can assist in connecting with partner banks and optimizing the account opening process. Phase 3: License Application and Review (8-12 weeks)
14. Submit application materials Submitted through the "Financial License Application Portal" on the official website of the Bank of Lithuania, the core documents include: Completed application form (including attachments such as business scope, technical solutions, risk mitigation measures, etc.) Audited financial statements (enterprises established for less than one year need to provide a capital verification report) Compliance system documents (AML/KYC manual, risk management system, data protection policy, etc., Lithuanian version required) Management Commitment Letter (Commitment to comply with EU and Lithuanian regulatory requirements, assuming compliance responsibilities)
15. Regulatory Inquiry and Supplementary Materials During the review period, the Bank of Lithuania may initiate inquiries on the following issues: Custodial model for client funds (whether to use a third-party trust institution, details of asset isolation measures) Algorithmic Trading Rules (Whether there are risks of market manipulation, explanation of order matching mechanism) Cross-border Business Plan (How to ensure compliance operations in other EU member states) Phase Four: Ongoing Compliance and License Maintenance
16. Annual Compliance Report Submit to the Bank of Lithuania by January 31 each year, including: Business Development Status (Number of Users, Trading Volume, Major Product Iterations Summary of Risk Events (such as data breaches, suspicious transaction handling results) Financial Condition Statement (Balance Sheet, Compliance Cost Proportion Analysis)
17. Major Event Reporting Report to the regulatory authority within 10 working days in the following situations: Change in equity structure (single shareholder holding more than 10% or exiting) Core system upgrade (such as changing KYC service providers, trading engine restructuring) Business scope expansion (new derivative trading, cross-border payment services, etc.)
18. Employee Compliance Training Establish an annual training plan to ensure that all employees (especially customer service and technical teams) are familiar with: Latest AML/CFT regulations (such as the amendments to the EU's 6th Anti-Money Laundering Directive) Customer Complaint Handling Process (Must comply with Lithuanian Consumer Protection Law) Data security operation specifications (such as prohibiting the transmission of customer sensitive information via personal email) Potential Challenges and Response Strategies (1) Language and Cultural Barriers Official documents in Lithuania are provided in Lithuanian, and all application materials must be certified by a Sworn Translator. In addition, there may be differences in terminology understanding during regulatory communications (such as the legal definition of "non-custodial wallet" in Lithuanian). Mankiw Solutions: Establish a bilingual compliance team, equipped with local lawyers proficient in Lithuanian legal terminology, adopting a "translation + legal review" dual-track system to ensure document accuracy; develop a regulatory terminology reference manual and regularly update the industry-specific vocabulary database. (2) Complex Multi-level Regulation Enterprises must comply with Lithuanian domestic laws (such as the "Virtual Currency Service Providers Law"), EU regulations (MiCA, GDPR), and international standards (FATF travel rules), and the compliance system must have dynamic adaptability. For example, the "cross-border transaction customer information transmission" rule required by FATF must interface with the reporting system of the Bank of Lithuania. Mankiw Solutions: Build a "Regulatory Mapping Matrix" to correspond different levels of compliance requirements to specific business processes. (3) Qualifications Requirements for AML Officers According to the regulations in Lithuania, the AML compliance officer must be a resident of the country and have at least 5 years of financial compliance experience, familiar with the MiCA and AML-D6 directives. This has led to a shortage of qualified talent to some extent, especially as foreign companies face competitive pressure when hiring locally. Mankun Solutions: Utilize a global talent network to assist enterprises in recruiting local talents with EU compliance qualifications; provide "Compliance Officer Outsourcing Services" to meet transitional period needs. Mankun Law Firm - Your Professional Partner in the Compliance Journey in Lithuania As a legal service institution deeply involved in the global web3 compliance field, Mankun Law Firm has developed a "full-cycle compliance solution" in conjunction with Lithuania's regulatory characteristics, helping enterprises achieve seamless integration from market access to sustainable operation: (1) Customized License Application Service
19. Preliminary Diagnosis: Identify potential risk points through compliance questionnaires and technical architecture audits, and develop a "defect remediation roadmap."
20. Material Preparation: The document drafting is led by local lawyers in Lithuania to ensure compliance with regulatory language habits and formatting requirements.
21. Regulatory Communication: Establish a dedicated communication channel to provide real-time feedback on review progress and efficiently handle regulatory inquiries. (2) Construction of a localized compliance system
22. System Design: Tailor-made AML/KYC manuals, risk management systems, data protection policies, and other core documents in conjunction with the business model of the enterprise.
23. System Integration: Assist in connecting to the compliance technology platform designated by the Bank of Lithuania to achieve automatic submission of transaction data and risk monitoring.
24. Team Empowerment: Provide localized compliance training, assist in recruiting or dispatching compliance officers, DPOs, and other key positions. Conclusion: Release the innovative potential within a compliance framework. The application for a cryptocurrency license in Lithuania is not only a practice of regulatory compliance, but also an important opportunity for enterprises to integrate into the global compliant financial system. Despite challenges such as language barriers and multi-level regulation, its advantages as the EU's "regulatory innovation testing ground" provide a rare window for cryptocurrency companies to develop. Mankiw Law Firm has always believed that compliance is not a constraint, but an escort of innovation - through professional legal structure design and continuous compliance operations, enterprises can build a safe and competitive cryptocurrency business ecosystem on the fertile soil of Lithuania, calmly respond to global regulatory changes, and move towards a new journey of sustainable development. Appendix: Frequently Asked Questions Q1: Is it necessary to apply for a license to conduct Crypto Assets business in Lithuania? Yes. According to the Lithuanian Law on Virtual Currency Service Providers and MiCA regulations, any enterprise engaged in cryptocurrency trading, custody, consulting and other services is required to obtain the corresponding license. Before May 31, 2025, you can apply for the old version of the VCESP/VCWSP license, and then the CASP license under the MiCA framework will be uniformly applied. Q2: Can non-EU companies apply for a Lithuania Crypto Assets license? Yes. Lithuania allows 100% foreign ownership, but requires additional suitability assessments for foreign shareholders, including evaluations of the regulatory status of the place of registration, proof of the legality of the source of funds, and more. Mankun Law Firm can assist in preparing cross-border compliance documents to ensure compliance with EU "equivalence regulation" requirements. Q3: How is cryptocurrency trading taxed in Lithuania? At the corporate level, income related to Crypto Assets (such as transaction fees and custody service fees) is subject to a 15% corporate income tax; at the individual level, for a single transaction, the portion of profit exceeding 1500 euros is subject to a 15% capital gains tax. Q4: What are the common reasons for license application rejection? Mainly includes: shareholders or management have financial crime records; registered capital has not been paid as required; compliance system documents have major defects (e.g., incomplete AML processes); technical systems cannot meet regulatory data interfacing requirements. The pre-assessment services of Mankun Law Firm can effectively reduce such risks. Q5: After obtaining the Lithuanian license, can business be conducted in other EU countries? Yes. According to the EU "Financial Services Passport" principle, companies holding a Lithuanian CASP license can establish branches or provide services remotely in any member state without needing to reapply for the license, but must file with the Lithuanian regulatory authority. Mankun Law Firm can assist in handling cross-border filing procedures to ensure compliance with the localization requirements of the target country.

/ END.

Author of this article: Shao Jiadian, Huang Wenjing