Lithuania CASP/VASP License Requirements 2026
Lithuania CASP authorization requires €50,000–€150,000 paid-up capital (depending on service class), a Lithuanian UAB, fit-and-proper key personnel, a 5AMLD/6AMLD-compliant AML program, and meaningful local substance. This page lists every requirement.
Capital requirements by service class
MiCA Article 67 sets minimum capital depending on the CASP service class. Capital must be paid-up before authorization is granted and maintained throughout operations.
| Class | Min capital | Services included |
|---|---|---|
| Class 1 | €50,000 | Reception/transmission of orders; advice on crypto-assets; portfolio management. |
| Class 2 | €125,000 | Class 1 + custody and administration; exchange of crypto for fiat or other crypto; execution of orders; placing of crypto-assets. |
| Class 3 | €150,000 | Class 2 + operation of trading platform. |
Capital is in addition to the €2,500 minimum share capital required to incorporate the UAB itself. Capital must be deposited into the UAB's bank account and confirmed by an auditor before submitting the CASP application.
Corporate structure requirements
Lithuania CASP must be a Lithuanian UAB (Uždaroji Akcinė Bendrovė — private limited company). This is non-negotiable; non-Lithuanian entities cannot directly hold a Lithuanian CASP authorization. Foreign-headquartered groups typically structure as: Foreign Parent → Lithuanian UAB (CASP).
UAB requirements:
- Minimum share capital: €2,500 (separate from the CASP capital).
- Minimum 1 shareholder (no maximum).
- Minimum 1 director (board member).
- Registered office in Lithuania.
- Share certificates registered (not bearer).
- Annual filings with Lithuanian Register of Legal Entities.
Key personnel — fit-and-proper requirements
Bank of Lithuania assesses every key person before authorization. Failures here are the most common cause of CASP rejection.
Who is "key personnel"?
- Members of the management body (typically 2–5 board members).
- Money Laundering Reporting Officer (MLRO).
- IT/cybersecurity officer (often combined with another role for smaller CASPs).
- Any individuals owning ≥10% of voting rights.
- Any individuals exercising control over the CASP (de facto or via shareholder agreements).
Fit-and-proper criteria
- Reputation: No criminal convictions for financial crimes (fraud, money laundering, market abuse). No disciplinary findings by financial regulators.
- Knowledge and experience: Relevant experience in financial services or crypto. Bank of Lithuania expects 5+ years for board members; 3+ years for MLRO.
- Time commitment: Sufficient availability to perform the role. Excessive directorships elsewhere can disqualify.
- No conflicts of interest: Disclosure of all relevant connections, related-party transactions, board memberships at competitors.
- Independence (for some roles): MLRO must be independent from operational pressure; cannot be the CEO simultaneously.
Each key person submits a fit-and-proper questionnaire (~15–20 pages) with: CV, criminal record check (apostilled if foreign), professional references, declarations, photo ID. Bank of Lithuania reviews each individually.
AML/KYC compliance program — 5AMLD/6AMLD requirements
The AML program must comply with EU 5th and 6th Anti-Money Laundering Directives as transposed into Lithuanian law. The program documents:
- Customer Due Diligence (CDD): ID verification, source-of-funds, PEP screening, sanctions screening.
- Enhanced Due Diligence (EDD): For high-risk customers (PEPs, high-risk countries, complex structures, large transactions).
- Risk assessment: Documented analysis of ML/TF risks specific to YOUR business — customers, geographies, products, channels.
- Transaction monitoring: Automated monitoring with documented escalation rules.
- Reporting to FCIS: Suspicious Activity Reports (SARs) to Financial Crime Investigation Service of Lithuania within 1 business day.
- Record-keeping: 8 years (longer than the 5-year EU minimum, due to Lithuanian transposition).
- Training: Annual mandatory training for all staff with documented attendance.
- Independent audit: Annual independent review of the AML program.
- MLRO: Named, fit-and-proper, independent.
Critical: Bank of Lithuania reviews the AML program as a deliverable, not a formality. Generic templates fail. Each section must be tailored to the specific CASP — its customers, services, geographies, and risks.
IT and operational requirements
MiCA imposes IT/operational requirements that Bank of Lithuania reviews:
- Cybersecurity framework — ISO 27001 alignment expected (not strictly required). Penetration testing schedule. Incident response plan.
- Business continuity plan — documented procedures for service continuity, with annual testing.
- Custody segregation (Class 2/3 only) — customer crypto-assets segregated from CASP's own funds. On-chain segregation evidence.
- Outsourcing arrangements — written contracts with all critical service providers (cloud hosting, KYC vendors, transaction monitoring). Bank of Lithuania reviews for over-dependency on single providers.
- Conflicts of interest policy — documented identification and management of conflicts.
- Complaint handling procedure — EU consumer protection law requires documented procedure with response timelines.
Application package — what's submitted to Bank of Lithuania
The CASP application package typically includes 30+ documents totaling 200–500 pages.
| Document category | Pages typical | Notes |
|---|---|---|
| UAB incorporation + capital | 20–40 | Articles, share certificates, capital deposit confirmation, bank statement. |
| Business plan + financial projections | 30–80 | 3-year revenue/cost model, customer acquisition plan, capital adequacy. |
| AML/KYC program | 60–120 | Policies, procedures, risk assessment, training material. |
| IT and security framework | 20–60 | Cybersecurity, custody, business continuity, outsourcing. |
| Key personnel fit-and-proper | 50–100 | ~15-20 pages per key person × 4-7 persons. |
| UBO + ownership structure | 10–30 | UBO disclosures, organizational charts, shareholder agreements. |
| Service descriptions | 20–50 | Detailed description of each crypto-asset service offered. |
| Customer-facing terms | 20–50 | Terms of service, white papers (if applicable), risk disclosures. |
FAQ — Lithuania CASP requirements
What documents are required for Lithuania CASP application?
Bank of Lithuania requires approximately 30+ documents in the CASP application package: (1) Lithuanian UAB incorporation documents, (2) proof of paid-up capital (€50K–€150K by class), (3) business plan with 3-year financial projections, (4) AML/KYC compliance program, (5) IT and security framework, (6) business continuity plan, (7) outsourcing arrangements, (8) fit-and-proper documentation for all key personnel (CVs, criminal records, professional references), (9) ownership/UBO disclosure, (10) source-of-funds for capital deposit. The complete application typically runs 200–500 pages.
Who counts as 'key personnel' for Lithuania CASP?
Bank of Lithuania defines key personnel as: (1) members of the management body (board), (2) the Money Laundering Reporting Officer (MLRO), (3) the IT/cybersecurity officer, (4) any individuals owning ≥10% of voting rights, (5) any individuals exercising control over the CASP. Each must pass fit-and-proper assessment: relevant experience, no criminal convictions for financial crimes, no disqualification from financial roles, sufficient time commitment, no conflicts of interest.
Does Lithuania CASP require a local director or substance?
Bank of Lithuania expects meaningful local substance — typically at least one board member or senior officer based in Lithuania, plus a local MLRO. A virtual office and entirely foreign management is rarely accepted. Most successful CASP applicants combine: founder(s) on the board + Lithuanian-resident MLRO + Lithuanian compliance/operations staff. Substance expectations have tightened post-MiCA enforcement.
Can foreign criminal record checks be used?
Yes — criminal record checks from the country where each key person resides are accepted, but they must be apostilled (or consular-legalized for non-Hague Convention countries) and translated into Lithuanian or English. Apostille processing varies by country (1-4 weeks). Start collecting these early as they're often the bottleneck.
What happens if a key person fails fit-and-proper?
If Bank of Lithuania finds a key person unsuitable, they request the CASP to replace that person before authorization can be granted. This typically extends the timeline by 6–10 weeks (find replacement, submit new fit-and-proper documentation, await second review). Most rejections relate to insufficient experience or undisclosed prior regulatory issues.
Related pages
Need help with the requirements checklist?
We'll send you a personalized requirements checklist within 24 hours, customized to your CASP class (1, 2, or 3) and current corporate structure.
Request checklist → 📞 +372 58155779