Applying for a MiCA CASP Licence in Lithuania in 2026
A MiCA Crypto-Asset Service Provider (CASP) authorisation is the EU legal basis to provide listed crypto-asset services from Lithuania into the Union. It replaces the “AML-only” setup for firms that want to operate as a regulated provider.
In Lithuania, the competent authority for MiCA is the Bank of Lithuania. The transition also involves the Financial Crime Investigation Service (FCIS/FNTT) for the legacy AML registration perimeter.
The deadline is no longer theoretical. Lithuania has confirmed that, from 1 January 2026, crypto-asset services must be provided under MiCA authorisation, with enforcement and liability risk for firms that keep operating without it.
To navigate this transition, founders usually choose between building a MiCA-ready CASP from scratch or restructuring an existing crypto business to meet the new regime. Both paths require early decisions on scope, capital, governance, safeguarding, and banking readiness.
Legasset supports CASP projects end-to-end. We work with teams applying for a new MiCA authorisation and with operators transitioning from legacy VASP models, covering structuring, regulatory filings, governance design, and supervisory engagement.
Below, we explain how the Lithuania MiCA CASP framework works in practice, where its limits are, and how to approach authorisation under the 2026 enforcement reality.
Do you need our help in getting compliant under MiCA?
Table of Contents
Subtype
CASP
Jurisdiction
Lithuania
Category
Cryptocurrency
Type
Business Licenses
Alternative Ready-Made Licenses
Key Takeaways for CASP license in Lithuania
- MiCA is mandatory. Lithuania requires MiCA CASP authorisation for crypto-asset services in 2026.
- Scope drives obligations. Services requested set your own funds, governance depth, and safeguarding design.
- Own funds are fixed. MiCA minimum own-funds floors commonly sit at EUR 50k / 125k / 150k by service set.
- Safeguarding is a gate. Client-fund handling requires segregation and placement mechanics that often depend on banking.
- BoL expects maturity. The regulator flags empty-shell models, weak ownership transparency, and low-quality packs.
- Review clocks exist. Completeness and decision windows are defined, but Q&A cycles still drive real timelines.
- DORA matters now. ICT risk, incident response, and vendor oversight must look like financial-sector controls.
- Legasset support. We structure the perimeter, build the licensing file, and carry safeguarding and outsourcing through to supervision readiness.
How a Lithuania MiCA (CASP) Licence Works in Practice
MiCA authorises specific services, not a marketing label. Your permitted activities must map to MiCA’s closed service list, and the approved scope drives your own-funds baseline, governance depth, and safeguarding design.
The Bank of Lithuania reviews whether your controls match the scope you request. Overbroad scopes with weak evidence trigger follow-up questions and redesign work.
Regulatory architecture in Lithuania: Bank of Lithuania + transition perimeter
Lithuania’s MiCA “home supervisor” is the Bank of Lithuania, which handles authorisation and supervision. The regulator also points to the national MiCA implementation law and related Lithuanian legislation used in licensing practice.
AML does not disappear. Legacy VASP-style AML duties remain relevant for risk assessment and monitoring, but they do not replace MiCA prudential and organisational controls.
Transitional timeline: what changes after 31 December 2025
The Bank of Lithuania has stated that, after the transitional period ends, services must be provided under MiCA. FCIS/FNTT has separately communicated the end-of-transition consequences, including enforcement exposure for unlicensed activity.
- Deadline insight: Plan backwards from 31 December 2025. January 2026 should be treated as a “must be authorised” operating date.
Which MiCA Services You Can Apply For in Lithuania
MiCA defines crypto-asset services as a closed set, including custody, trading platform operation, exchange, order execution, reception and transmission, advice, portfolio management, placing, and transfer services. Your application must map your real workflow to those definitions.
Some scopes attract deeper review because they touch client asset control and complex operational risk. In practice, the following choices often raise the bar: custody and administration, platform operation, and models that require heavy outsourcing of key functions.
What the licence does not give you: MiCA authorisation is not a banking licence. It does not grant payment rails or guarantee account onboarding. Safeguarding rules can also create a real dependency on banking access.
- Scope insight: A focused perimeter with evidence is usually easier to defend than a “future feature” perimeter.
Own Funds and Prudential Planning Under MiCA
MiCA sets minimum own-funds floors for CASPs depending on the authorised services. The common minimum levels are EUR 50,000, EUR 125,000, or EUR 150,000, depending on the service set.
MiCA also requires ongoing own funds that are not just “registered capital.” In practice, your prudential planning must cover the minimum floor and the overhead-based logic, with documentation that stays consistent with your scope.
Lithuania VASP legacy vs MiCA prudential logic
Under the legacy Lithuanian AML registration model, many firms focused on “company setup + AML staffing.” The Bank of Lithuania has been explicit that MiCA is different: it expects mature applicants with real risk management and operational capacity.
Safeguarding: The Control Area That Often Decides the Timeline
MiCA includes detailed safeguarding duties for client funds and crypto-assets. For client funds, the rule is operational, not cosmetic: funds received from clients must be handled with segregation and placement mechanics, including placing them with a central bank or credit institution by the end of the next business day (where applicable under the MiCA safeguarding framework).
This has a practical consequence in Lithuania: if your model requires holding or moving client funds, banking engagement cannot be left to “after the licence.” You must show reconciliations, account structure, and control ownership.
Bank of Lithuania Expectations That Shape Approval Quality
“Mature provider” standard and empty-shell risk
The Bank of Lithuania has warned that it intends to admit prepared, mature providers. It highlights the risks of “empty-shell” structures that outsource most key operational and control functions without real internal control.
Legal form and entity separation risk
Lithuania’s MiCA implementation materials state that the applicant’s legal form must be a private or public limited liability company. The Bank of Lithuania also notes it can refuse authorisation until a separate entity is established if mixed activities undermine supervision.
Documentation language and submission quality
The Bank of Lithuania highlights practical expectations around document quality and preparedness, including Lithuanian-language documentation for certain customer-facing and programme materials. Poor-quality or incomplete packs may not be taken forward for full examination.
Outsourcing and ICT Risk: MiCA + DORA Are Now One Workstream
Outsourcing is allowed, but accountability stays with the CASP. Where key functions are outsourced, expect scrutiny on risk assessment, audit rights, exit planning, and business continuity.
DORA applies across the EU financial sector and is relevant for ICT risk management expectations from 2025. For CASPs, this means you should treat ICT governance, incident response, and vendor oversight as licensing-grade controls, not a later upgrade.
Bank of Lithuania Review Timelines: What’s “minimum” vs what’s realistic
For CASPs that are not using exemptions, the Bank of Lithuania references MiCA’s review mechanics: an initial completeness check within 25 working days, then a decision window of 40 working days from receipt of a complete application. These are minimum regulatory clocks, not a promise of an end-to-end project timeline.
Some financial institutions can provide certain services via a notification pathway, with a minimum 40 working day review referenced for that route as well.
Eligibility Requirements for a Lithuania MiCA (CASP) Application
Eligibility depends on whether your scope, governance, safeguarding, and operational readiness match what MiCA requires and what the Bank of Lithuania expects in practice. The regulator’s published expectations show a clear focus on transparency, preparedness, and control ownership.
Scope and perimeter discipline
Your activities must map to MiCA services, and your controls must match that perimeter. Overbroad scopes raise own-funds and safeguarding complexity.
– Focus on the services you can evidence today
– Avoid “future roadmap” scopes without working controls
Shareholding and source-of-funds evidence
The Bank of Lithuania highlights scrutiny of complex ownership structures and the origin of funds used for capitalisation. If the structure looks artificial, simplification may be requested.
– Clear UBO trail and rationale for the structure
– Documents supporting origin of funds and funding scheme
Own funds and prudential consistency
Minimum own funds are service-linked, with common floors at EUR 50k / 125k / 150k. Your financial plan must not contradict your scope, staffing, and safeguarding design.
Safeguarding and banking readiness
Where your model receives client funds, you must show segregation, reconciliation, and placement mechanics. This often depends on workable banking arrangements.
Governance and real control ownership
The regulator expects qualified management and an effective control environment. Nominal appointments and outsourced “paper compliance” are a weak point.
Operational and ICT resilience
Expect serious questions on IT governance, incident response, and vendor oversight. DORA-era expectations make this part of baseline readiness.
Pros & Cons of a Lithuania MiCA (CASP) Licence
+ Single MiCA supervisor. One competent authority handles authorisation and supervision, which reduces fragmentation in practice.
+ EU authorisation basis. MiCA defines a clear legal route to provide listed services across the Union once authorised.
+ Clear timeline mechanics. Published completeness and decision clocks help teams plan the regulator workstream realistically.
+ Public supervisory stance. The Bank of Lithuania has published expectations, which lets applicants design controls for real review themes.
– Higher build burden. MiCA adds prudential, safeguarding, governance, and operational controls beyond AML registration.
– Banking dependency. Safeguarding design can depend on bank access, which is outside the regulator’s control.
– Entity purity risk. Mixed activities can trigger a requirement for a separate CASP entity, resetting structure and timelines.
– Hard post-2025 line. Lithuania has communicated enforcement exposure for firms that continue without MiCA authorisation in 2026.
How to Get a MiCA CASP Licence in Lithuania (New Application)
Lithuania’s core route is a full MiCA authorisation application. Some regulated financial institutions may rely on the MiCA notification pathway for specific services, but most new entrants should plan for the full pack.
- Step 1: Service scope and perimeter mapping 2-4 weeks
Define the exact MiCA services and remove anything you cannot evidence.
Key Documents: Activity map to MiCA services, scope statement, exclusions list.
Estimated Cost: Advisory scoping + internal workshops.
Timeline: 2–4 weeks. - Step 2: Entity and group structure (separation if needed) 2-6 weeks
Confirm the CASP sits in a clean structure and does not create supervisory conflicts.
Key Documents: Group chart, rationale memo, conflicts assessment.
Estimated Cost: Structuring + corporate work.
Timeline: 2–6 weeks (depends on restructuring). - Step 3: Ownership and source-of-funds file 2-6 weeks
Build a defensible UBO narrative and evidence for capitalisation funding.
Key Documents: UBO pack, funding evidence, source-of-funds narrative.
Estimated Cost: Document collection + legal review.
Timeline: 2–6 weeks. - Step 4: Prudential planning and own-funds confirmation 2-4 weeks
Set own funds to match services and ensure financials are consistent with the model.
Key Documents: Own-funds position, projections, assumptions, capital evidence.
Estimated Cost: Finance modelling + policy drafting.
Timeline: 2–4 weeks. - Step 5: Safeguarding design (assets + funds) 4-8 weeks
Design segregation, reconciliations, and operational controls that work daily.
Key Documents: Safeguarding policy, flow diagrams, reconciliation procedures.
Estimated Cost: Controls build + internal testing.
Timeline: 4–8 weeks (often parallel). - Step 6: Banking and payment onboarding track
Start bank discussions early if your safeguarding model requires it.
Key Documents: Funds-flow pack, AML summary, governance pack, banking Q&A file.
Estimated Cost: Onboarding effort + possible account setup costs.
Timeline: Parallel; timing varies by bank and risk profile. - Step 7: Governance, AML, conflicts, complaints, outsourcing and ICT readiness 4-10 weeks
Turn policies into working processes and assign real owners for each control area.
Key Documents: Governance policy, AML framework, conflicts register, outsourcing file, ICT risk framework.
Estimated Cost: Policy drafting + tooling + staffing.
Timeline: 4–10 weeks (depends on maturity). - Step 8: Filing and iterative regulator review
Submit the full pack and handle requests without changing your story mid-review.
Key Documents: Full application file, responses to information requests, updated annexes.
Estimated Cost: Regulatory engagement + revisions.
Timeline: Statutory clocks apply after completeness; plan extra time for Q&A cycles.
- Process insight: Most timelines slip because safeguarding and banking assumptions collapse under review, not because “forms take time.”
-
Total estimated timeline and costs
End-to-end projects for new entrants commonly run 6–9 months, because preparation and banking are the long poles. Regulatory clocks include a 25 working day completeness check and a 40 working day decision window after a complete file, but Q&A cycles can extend the calendar. Capital planning should start with MiCA own-funds floors (often EUR 50k–150k, scope-dependent), then add non-capital build costs for staffing, controls, tooling, and audits.
Post-Licensing Compliance Obligations for Lithuania CASPs
- Safeguarding and daily reconciliations
You must keep segregation and reconciliation controls working continuously. Any break between policy and practice becomes a supervisory issue. - AML monitoring and reporting
CASPs remain within AML expectations and should keep monitoring, reporting, and training audit-ready. - Governance, conflicts, and complaints handling
Management accountability must be real, documented, and consistent. Conflicts and client-facing disclosures must be controlled, not improvised. - Outsourcing and ICT oversight (DORA-era expectations)
Vendor oversight must include continuity and exit planning, plus ICT governance and incident readiness.
Common Pitfalls and Challenges in Lithuania CASP Applications
- Scope mismatch
Firms request “everything” but cannot evidence controls for each service. The file becomes inconsistent and review resets. - Banking assumptions
Teams treat banking as post-authorisation, but safeguarding can require bank mechanics upfront. That gap becomes a hard blocker. - Empty-shell profile
If most core functions are outsourced and internal control is weak, the model looks non-credible. The Bank of Lithuania has signalled this is unacceptable. - Mixed activities in one entity
If other activities impair supervision, the regulator can require a separate CASP entity. That can restart governance and documentation.
- Risk Insight: The biggest failures come from control ownership gaps, not from MiCA legal text.
How Legasset Supports Your Compliance Under MiCA?
We support CASP projects as a regulatory build, not a paperwork exercise. Our role is to align your business model with MiCA expectations and the Bank of Lithuania’s supervisory focus.
- Scope and authorisation strategy
We map your real activities to MiCA service categories, define a defensible perimeter, and avoid scope choices that inflate capital or delay review. - Own-funds and prudential planning
We structure capital and financial projections to match the authorised services and ongoing overhead logic, not just minimum thresholds. - Governance and accountability setup
We design board structures, senior management roles, and control functions that demonstrate real oversight and decision-making capacity. - Safeguarding and banking readiness
We build client-asset and client-fund safeguarding models that work operationally and prepare banking-ready documentation early. - Outsourcing and ICT risk control
We structure outsourcing files, vendor oversight, and exit plans in line with MiCA and DORA expectations. - Regulator interaction and Q&A support
We manage application filing, coordinate responses to Bank of Lithuania information requests, and keep the regulatory narrative consistent throughout review. - Post-authorisation compliance
We support reporting workflows, notifications, governance updates, and supervisory readiness after licensing.
This approach is designed for teams that want to operate cleanly under MiCA, not just obtain an approval.
Do you need our help in getting compliant under MiCA?
FAQ — Lithuania MiCA Licence (CASP)
Is Lithuania MiCA authorisation granted by the Bank of Lithuania?
Yes. Lithuania’s competent authority for MiCA is the Bank of Lithuania, which handles authorisation and supervision.
Can we keep operating on legacy VASP status in 2026?
Lithuania has communicated that crypto-asset services must be provided under MiCA authorisation after the transition, with enforcement exposure for unlicensed activity.
How long does the regulator review take, at minimum?
MiCA review mechanics include a completeness check within 25 working days and a decision window of 40 working days after a complete file. Real timelines depend on Q&A cycles.
What drives the own-funds requirement under MiCA?
The baseline minimum depends on your authorised services, with common floors of EUR 50k / 125k / 150k. Ongoing prudential planning must remain consistent with scope.
Does MiCA authorisation guarantee banking?
No. Banking remains independent. If your safeguarding model needs bank mechanics, treat banking as a parallel licensing workstream.
Can we outsource custody or operations?
Outsourcing is possible, but responsibility remains with the CASP. Expect review of risk assessments, oversight, and exit planning.
How does Legasset support Lithuania MiCA applications?
We support scope design, structuring, application drafting, regulator Q&A, safeguarding and outsourcing frameworks, and post-authorisation compliance setup.
Additional Links and Resources for CASP License in Lithuania
MiCA hub with Lithuania’s implementation approach and supervisory positioning.
II. Bank of Lithuania – Authorisation of Crypto-Asset Service Providers
Licensing route explanation, statutory review periods, and key legal references used in practice.
III. Bank of Lithuania – Expectation Letter to CASPs (16 Aug 2024)
Regulator expectations on preparedness, ownership transparency, entity separation, and documentation standards.
IV. Regulation (EU) 2023/1114 (MiCA)
Binding EU regulation defining CASP services, authorisation, prudential requirements, and safeguarding duties.
V. Regulation (EU) 2022/2554 (DORA)
EU ICT risk and operational resilience framework that shapes ICT governance expectations for financial entities.
VI. FCIS/FNTT – End of transitional period notice
Official communication on transition end and consequences for providers operating without MiCA authorisation in 2026.
