EMI Licensing in Europe: A Strategic Guide

If you're building anything that touches stored value, wallets, merchant balances, prepaid accounts, or "money that sits with you before it moves," you eventually run into the same question: Do we need an EMI licence - and where should we get it? An Electronic Money Institution (EMI) licence is the EU framework for issuing electronic money and (typically) providing payment services around it. The rules are harmonised at EU level, but the experience of getting licensed (and then supervised) varies significantly by jurisdiction. Below is a pragmatic guide to what matters most: the legal baseline, the approval workflow, the documentation regulators care about, and how to choose the right country for your strategy.

At the EU level, the EMI regime is rooted in the Electronic Money Directive (Directive 2009/110/EC). It defines electronic money as stored monetary value representing a claim on the issuer, issued on receipt of funds for payment transactions and accepted by parties other than the issuer. Two requirements show up in almost every licensing discussion: - Initial capital: Member States must require EMIs to hold at least €350,000 at the time of authorisation. - Safeguarding: EMIs must safeguard funds received in exchange for e-money (segregation / low-risk assets, with timing requirements), and regulators focus heavily on how you implement this operationally. A useful mental model: - EMI licence = permission to issue e-money + operate payments around it (wallet balances, stored value, etc.). - Bank licence = permission to take deposits (EMIs are explicitly not banks).

Once authorised in one EU/EEA country, an EMI can typically expand via passporting (freedom to provide services / establish branches, agents; and for EMIs, distributors in certain cases). The process is based on notification between home and host authorities rather than re-licensing. This is exactly why regulators care about the "quality" of authorisations: passporting makes your home licence a gateway to the Single Market. Practical takeaway: choose a home regulator you're happy to live with for years, not just the one that looks fastest on paper.

Even though the details differ, most EU EMI authorisations follow a similar arc: Step A - Pre-application engagement (don't skip this) Many regulators explicitly encourage early contact and discussion before submission. Lithuania's central bank, for example, describes authorisation as starting "well before an application" and encourages applicants to engage early. Step B - Build "substance" (mind & management) Regulators are licensing a real institution, not a shell with outsourcing contracts. Expect scrutiny on: - local management presence and decision-making, - governance structure, - risk/compliance independence, - operational resilience and IT controls. Step C - Submit the application package EBA authorisation guidance (used across the EU ecosystem) points to the themes regulators expect: program of operations, governance, safeguarding, risk management, and clear evidence you can operate safely. Step D - Q&A loop and remediation This is where timelines expand or shrink. The best predictor of speed is not the jurisdiction - it's how complete and internally consistent your submission is. Step E - Authorisation + ongoing supervision After authorisation, the real work begins: reporting, audits, safeguarding controls, AML programme effectiveness, outsourcing oversight, and change management.

If you want to think like an examiner, focus on five areas: 1) Safeguarding design (segregation is not enough on its own) You need to show: - where client funds sit, - how reconciliation works (daily, automated, controlled), - who can access accounts, - how insolvency protection is achieved, - what happens during incidents. 2) AML/CFT capability (people + process + evidence) Most regulators can spot "policy PDFs written for the licence" from a mile away. They want to see: - MLRO independence and seniority, - transaction monitoring logic aligned to your product, - sanctions screening approach, - onboarding controls, CDD/EDD triggers, - case management and reporting readiness. 3) Outsourcing governance (especially for fintech stacks) In practice, most EMIs outsource something material (cloud, KYC vendors, card processing, core ledger, customer support). Some regulators demand extremely structured outsourcing risk analysis. 4) IT/security and operational resilience Even before DORA fully bites across the ecosystem, supervisors expect: - clear architecture and data flows, - incident management, - access controls, logging, audit trails, - change management and SDLC discipline. 5) Governance and "fit & proper" Expect deep review of owners, group structure, close links, and key function holders (including questionnaires / background checks depending on country).

Instead of "which country is fastest," use a scorecard that matches your business model. A) Your product and rails - SEPA credit transfers? Instant payments? Cards? FX? Crypto on/off-ramp partnerships? - Do you need agents/distributors across countries quickly (passporting intensity)? B) Your operating model - How much is outsourced? - Where is your leadership team actually located? - Do you want a regulator that's comfortable with innovative models - or one that will force you into conservative patterns? C) Your credibility goals If you're selling to banks, enterprises, or large merchants, "licence credibility" can matter as much as legal validity. D) Your talent and compliance bench Some jurisdictions require (in practice) stronger local senior hires and deeper local presence.

These are not "rankings." They're what each place signals through its published guidance.

If you have these in good shape, your process becomes dramatically more predictable:

The EMI licence is not just a legal checkbox - it's a long-term operating posture. If you treat licensing as a product build (clear scope, strong controls, credible people, disciplined vendor governance), your odds of approval - and smooth supervision - go way up. And if you choose your jurisdiction based on strategic fit rather than speed, you avoid the classic fintech mistake: winning the licence and losing the business.