Overview of Lithuania’s CASP licensing process
Lithuania remains one of the most in-demand regulatory hubs for crypto companies in the EU, and interest in obtaining a CASP license continues to grow. Strict rules, a well-defined regulatory structure and a high level of trust from banks make the jurisdiction attractive for businesses looking to operate legally and scale their services across Europe. However, the licensing process has become significantly more complex following updates to AML legislation, the implementation of the Travel Rule and preparations for the full rollout of MiCA. Regulators now expect not just a formal set of documents, but a well-designed operating model, genuine risk controls and transparency in corporate governance. Mistakes at early stages often lead to clarification requests, delays or even license refusals. In this article, we break down the CASP licensing process in Lithuania, the key requirements and the common pitfalls that applicants should be aware of.
What is CASP and why is this license needed in Lithuania?
A CASP is a legal entity that provides services related to crypto-assets, including exchange, custody, transfer, wallet administration, trading platforms or any other service enabling the movement or use of digital assets. The term is introduced by the EU’s MiCA framework to establish a unified approach to crypto-service providers across the EU. This definition covers a wide range of business models—from exchanges and custodians to operators of certain DeFi infrastructure, provided their activities fall within the scope of regulation.
Why Lithuania is a popular jurisdiction for CASP licensing?
Lithuania attracts companies with its transparent supervision, clear legislation and predictable interaction with regulators. The country has built a stable infrastructure for the crypto sector: fast administrative procedures, accessible communication with Bank of Lithuania, and the ability to develop an operational model aligned with international AML/KYC standards. As a result, Lithuania has become a gateway for many global companies seeking regulated access to the EU market.
Regulatory advantages of holding a CASP license
CASP status enables a company to legally offer crypto services, work with banks, access payment infrastructure and partner with European providers without the risk of rejection due to being «unlicensed». A license increases trust among clients and counterparties, simplifies compliance checks and reduces the likelihood of account restrictions from financial institutions. In a tightening regulatory environment, a CASP license is not only a formal requirement but a competitive advantage that demonstrates the company’s resilience and regulatory reliability.
Legislative and regulatory framework for CASP in Lithuania
Regulation of CASPs in Lithuania is based on a combination of national legislation and EU-wide standards. This framework creates clear requirements that all crypto-service providers operating in the country, and those planning to scale across the EU, must follow. To understand the licensing process, it is important to review the key regulatory elements that shape the expectations of Lithuanian authorities.
AML Law (Law on the Prevention of Money Laundering and Terrorist Financing)
The updated Lithuanian AML Law is the cornerstone of CASP regulation. It sets requirements for customer identification, internal controls, reporting and risk assessment. The law explicitly states that companies must apply a risk-based approach, ensuring genuine, not formal, protection against financial crime.
For CASPs, this law defines the minimum standards later complemented by EU rules. Another important obligation is the need to maintain continuous transaction monitoring and ensure full transparency of the corporate structure, including beneficial ownership.
EU framework: the role of MiCA and other EU directives
Above national rules stands the EU regulatory layer. The key document is MiCA – the first comprehensive framework for crypto-asset regulation in the EU, establishing uniform requirements for all CASPs across the Union.
MiCA sets out:
- General licensing and supervisory standards;
- User-protection requirements;
- Rules for custodians, exchanges and trading platform operators;
- Whitepaper and token-issuance standards (excluding fully decentralised models).
In addition to MiCA, CASPs remain subject to AMLD5/AMLD6 and the Regulation on cross-border fund transfers, which incorporates the Travel Rule. Together, these instruments form a coordinated EU anti-money laundering framework. While the new European Anti-Money Laundering Authority (AMLA) will play a central role in strengthening EU-level coordination and supervision from 2028, MiCA licensing and day-to-day supervision of CASPs remain primarily within the competence of national authorities, such as the Bank of Lithuania, acting within the broader EU regulatory architecture.
Basic requirements for obtaining a CASP license
To obtain a CASP license in Lithuania, a company must demonstrate transparency, effective risk management and compliance with corporate governance standards. The regulator evaluates not only the submitted documents but also the company’s real ability to operate sustainably.
Organizational structure and governance
Lithuanian authorities place significant emphasis on the transparency of the corporate structure. A company must show that its management, shareholders and beneficial owners meet integrity requirements and possess the necessary competencies.
The regulator assesses:
- The availability of statutory documents and a clear organizational structure;
- The qualifications of the director and key managers;
- The absence of criminal records and sanctions for beneficial owners;
- The company’s ability to carry out real operations rather than exist as a formal shell.
Particular attention is given to substance – regulators expect actual operational processes and staff, not a nominal registration.
Capital, financial stability and reporting requirements
While the exact minimum capital for CASPs depends on the type of services, a company must prove financial stability and the ability to cover operational and regulatory risks. Under MiCA, own funds requirements are tiered depending on the services (commonly summarised as €50k / €125k / €150k baseline thresholds), plus ongoing prudential requirements linked to fixed overheads.
Bank of Lithuania assesses:
- Adequacy of capital and reserves;
- Transparency of the source of funds;
- The presence of a business plan with a sustainable financial model;
- The company’s capacity to maintain accounting and submit reports in Lithuania.
Businesses with a non-transparent financing structure risk refusal even if other documents are prepared correctly.
AML/KYC requirements and internal policies
A crypto company must demonstrate a complete AML framework built on a risk-based approach. This is a key element of the assessment, and most applicants receive follow-up requests precisely in this area.
An AML policy must include:
- Customer identification and data verification procedures;
- Risk assessment models for clients, transactions and jurisdictions;
- Transaction monitoring and escalation rules;
- Sanctions screening and PEP checks;
- Internal controls, AML Officer responsibilities and staff training procedures.
The regulator expects documentation to be tailored to the specific business model rather than taken from a generic template.
License application process: step-by-step guide
The procedure for obtaining a CASP license in Lithuania is well structured but requires thorough preparation of all materials and readiness to engage with the regulator. Bank of Lithuania evaluates not only the documentation but also the company’s actual ability to perform its functions, manage risks and maintain stable operations.
Preparatory stage: analysing requirements and collecting documents
An applicant begins by assessing the business model and determining which services fall under CASP regulation. At this stage, the core documentation package is formed, describing the company’s structure, corporate governance, funding sources and operating principles.
Key preparation elements include:
- Developing a business plan with financial projections;
- Preparing statutory documents and the ownership structure;
- Drafting internal policies (AML, risk management, operational procedures);
- Appointing an AML Officer and key management;
- Gathering evidence of source of funds and information on beneficial owners.
Companies that underestimate the complexity of this stage often receive follow-up requests, significantly extending the review timeline.
Applying the required information
Once the documents are prepared, the company submits its application to Bank of Lithuania via the prescribed form. The application must clearly describe the business structure, the scope of planned services and the company’s readiness to comply with regulatory standards.
The package includes:
- The company’s registration documents;
- Information on directors, key personnel and beneficial owners;
- A business plan and operational model description;
- Internal policies, including AML/KYC and transaction monitoring;
- Details on technical and organisational control measures.
The regulator checks the internal consistency of the documents and whether the business activities comply with legal requirements.
Assessment of the application and regulatory review
Once submitted, Bank of Lithuania conducts an in-depth review, which includes due diligence on the company, its management and its beneficial owners. The regulator assesses the adequacy of internal controls, the realism of the business model and the company’s ability to meet AML/KYC requirements in practice.
Bank of Lithuania may issue clarification requests, ask for additional documents or require amendments to AML policies. This back-and-forth is a standard part of the process and is not considered a negative signal if the company responds promptly and comprehensively.
Review timelines and possible outcomes
The average review time depends on the complexity of the business and the quality of the submitted documentation. Companies that submit a coherent and complete set of documents typically receive a decision faster than those providing incomplete or template-based materials.
Possible outcomes include:
- Approval of the license if the applicant meets the requirements;
- A request for revisions if certain elements need to be strengthened or clarified;
- Refusal if significant deficiencies or inadequate internal controls are identified.
It is essential to understand that obtaining a CASP license is not a procedural formality but a confirmation that the company is prepared to operate within a regulated environment and comply with EU standards.
Post-licensing obligations for CASP
Obtaining the license is only the first step. Once it is granted, the company enters a regime of continuous supervision, which requires consistent operational discipline, regular updates to internal procedures and timely adjustments to regulatory changes. Lithuanian authorities expect CASPs to demonstrate not a formal compliance approach but full integration of compliance into day-to-day operations.
Regular reporting and interaction with Bank of Lithuania
After receiving the license, a company must maintain transparency through systematic reporting. Bank of Lithuania requires updated information on the corporate structure, sources of funding, key personnel changes and the results of internal controls.
Key post-licensing reporting obligations include:
- Notifications of changes in beneficial owners, directors or the AML Officer;
- Suspicious transaction reports (STR/SAR) submitted in the prescribed manner;
- Periodic reports on the status of the AML system and internal reviews.
The regulator may also conduct unplanned inspections if it detects anomalies in transaction patterns or receives alerts from financial institutions.
Updating AML/KYC policies and internal control
A CASP must regularly review its AML/KYC policies, considering changes in legislation, sanctions regimes, geographic risks and new typologies of financial crime.
A company must demonstrate that:
- Its risk-management system evolves in line with the business;
- Internal controls can identify emerging risks;
- Employees receive ongoing training and understand their AML/KYC obligations.
Special attention is paid to whether transaction monitoring functions effectively and is proportionate to the scale of operations.
Sanctions screening and compliance with EU standards
CASPs must ensure continuous updates of sanctions lists and the automatic application of screening procedures to all clients and transactions. Lithuanian regulators evaluate not only the technical availability of such tools but also how effectively they are used in practice.
A company must be ready to demonstrate:
- Accuracy and timeliness of sanctions checks;
- A clear escalation and response mechanism for matches and identified risks;
- Documentation of each step in the handling of sanctions alerts.
As EU sanctions regimes expand, regulatory scrutiny of these processes continues to increase.
Practical advice for companies planning to obtain a CASP license in Lithuania
Companies that approach the licensing process strategically significantly increase their chances of receiving approval on the first attempt. Lithuanian regulators evaluate not only the documentation but also the maturity of internal infrastructure, the realism of the business model and the applicant’s ability to follow procedures in practice. For this reason, preparation should begin well before the application is submitted.
Timely preparation as the key to reducing timelines and risks
Successful applicants start by analysing regulatory requirements, aligning them with their business model and developing a complete set of internal documentation. The regulator expects not a formal collection of policies but a coherent risk-management system in which every component is logically connected.
Key preparation steps include:
- Analysing whether the business model meets MiCA and national AML requirements;
- Building a real operational infrastructure, including process descriptions and role allocation;
- Preparing a robust business plan demonstrating financial sustainability;
- Developing internal policies and procedures tailored to the specific activity;
- Conducting a preliminary risk assessment and documenting it properly.
Companies that work systematically and address potential gaps in advance generally pass the review process much faster.
The importance of professional legal and compliance support
Even experienced teams face nuances in national and EU requirements that are difficult to navigate without deep familiarity with Bank of Lithuania expectations. Legal advisers help structure documentation, refine internal policies and provide accurate responses to regulator inquiries. Compliance experts can identify weaknesses in the business model, evaluate the readiness of transaction monitoring systems and recommend solutions aligned with supervisory standards. This type of support helps minimise the risk of delays or refusals.
How to avoid mistakes and improve the chances of approval?
Companies that closely analyse previous market cases note that most issues arise from inconsistencies between the stated model and the actual processes. It is essential not only to prepare the documents correctly but also to demonstrate operational maturity: competent leadership, a well-designed governance structure, a strong AML framework and proof of financial stability. Regulators pay particular attention to beneficial owners, the origin of funds and the effectiveness of internal controls — factors that often become decisive during the licensing review.
How can Key2Law help companies get CASP-licensed in Lithuania?
Obtaining a CASP license requires not only a solid understanding of the regulatory framework but also the ability to build operational processes that meet the regulator’s expectations. Many companies face refusals due to insufficiently developed internal policies, weak corporate structures or incomplete disclosure of beneficial ownership. The Key2Law team helps applicants navigate the entire process confidently and systematically, ensuring full compliance with both national requirements and MiCA standards.
Key2Law supports companies at every stage of the CASP licensing process:
- Developing the business model, internal policies and risk assessment tailored to the specific activity;
- Preparing the full application package and managing communication with Bank of Lithuania;
- Auditing existing AML/KYC processes and identifying elements that may trigger inquiries or refusals;
- Advising on corporate governance, beneficial ownership requirements and proof of funds;
- Preparing the team for regulatory inspections and supporting the process until license approval.
If you plan to enter the regulated European market and want to obtain a CASP license without delays or unnecessary risks, contact Key2Law. Our team will provide comprehensive support and help you complete the licensing process as efficiently as possible.