Nikita Veremeev
21.12.2025 | 6 min read
Updated: 21.12.2025
Banks in Lithuania reject 40–60% of applications to open accounts for non-residents: this is not accidental, but the result of strict requirements from the Bank of Lithuania and strengthened AML in Lithuania under pressure from the EU and the FATF. Imagine: your business from Asia or the CIS is ready to enter the European market, but the account is blocked due to “insufficient substance”. In this article I will analyze why Lithuanian banks have become stricter than they seem and give a step-by-step plan to pass banking due diligence without wasting time or damaging your reputation. Read to the end: get checklists, case studies from COREDO and strategies that have worked for dozens of clients.
Context and drivers of tightening
European standards FATF have been transformed into Lithuanian national law, strengthening the Bank of Lithuania’s oversight of transaction monitoring and reporting to the Lithuanian FIU. Since 2024, MiCA and DORA have raised the bar: banks now assess not only compliance but also operational resilience, especially for fintech. COREDO’s practice confirms: the number of supervisory reviews has increased by 35%, and sanctions monitoring has become a daily norm due to OFAC and EU lists. Trends of tightened checks for crypto and cross-border payments make Lithuania the “gateway to the EU” with a high entry threshold.
How Lithuanian banks implement compliance
Banks implement a risk-based approach, where Lithuania’s KYC requirements are combined with automated controls. Our experience at COREDO showed: 70% of blocks stem from weak bank Due Diligence.
Onboarding: verification when opening an account in Lithuania
When opening a bank account in Lithuania for non-residents, the focus is on KYC/KYB procedures, CDD and UBO disclosure. company registration for a bank account in Lithuania requires proof of economic substance – contracts with EU partners, an office or employees. Documents: articles of association, shareholder register, proof-of-address. The COREDO team recently prepared a package for an Asian fintech, adding contracts worth 500k EUR, the account was opened in 10 days.
Transaction monitoring and triggers for SAR/STR
Real-time transaction monitoring via TMS detects payment structuring (smurfing) and threshold values (from 15k EUR). AML automation reduces false positives, but Lithuanian banks require an AML/CFT policy with KRIs. A solution developed at COREDO integrated an API for Know Your Transaction – clients reduced STRs by 40%.
Sanctions and correspondent risks
Sanctions screening and correspondent banking risk in the EU block payments from high-risk jurisdictions. Banks check PEP status and conduct reputational due diligence. COREDO’s practice confirms: verification of a bank reference letter minimizes correspondent banking risks.
Reasons for bank refusals in Lithuania
Rejections are growing due to offshore structures without substance and weak source-of-funds. Lithuanian banks apply EDD for 80% of non-residents.
- Opaque UBO: disclose the ownership chain with an apostille.
- Lack of economic substance: add EU contracts, bank statements.
- PEP risks: provide a declaration and EDD documents.
- Suspicious patterns: explain transactions in advance.
- No AML Officer: appoint one with certification (CAMs).
- Weak business plan: include 3-year forecasts.
- High-risk geo: evidence of local operations.
- No ISMS: ISO27001 certificate.
- False KYC: update passports, utility bills.
- Reputational flags: RDD report.
COREDO solution: for each: remediation plan.
Features for fintech/crypto and non-residents from Asia and the CIS
Licensing EMI in Lithuania and the MiCA license in Lithuania make access harder: banks require VASP evidence. For Asia — why Lithuanian banks tightened requirements for non-residents: because of multi-jurisdictional KYB. COREDO case: crypto from Singapore passed by adding crypto-fiat on-ramp compliance.
Banks’ requirements for companies and EMIs/VASPs
Bank requirements for companies, EMI and VASP today go far beyond formal compliance with a licence or minimum capital. For banks the key factors are the quality of risk control, reproducibility of processes and the company’s ability to manage AML/CTF risks dynamically, not just “on paper”. It is at the bank onboarding stage that most projects face refusals — not because of the absence of a licence, but due to weak governance, opaque sources of funds, underdeveloped EDD procedures or the lack of a technological monitoring infrastructure.
For EMI and crypto companies, banks effectively act as a second regulator: they assess the business model, payment and crypto flows, ownership structure, IT landscape and the competencies of key persons. After MiCA came into force and supervision of TCSP tightened, banks’ expectations have moved closer to regulator requirements — with an emphasis on demonstrability, audit trail and manageable risk metrics.
In this section we examine which specific documents, processes and elements of corporate governance banks expect to see from EMI and VASP, where the “red lines” are during onboarding and which requirements are critical for sustainable banking services rather than a one-off account opening.
EMI and payment providers: what documents are needed?
To obtain an EMI licence in Lithuania, banks and the regulator evaluate not only the formal package but also operational readiness. In addition to requirements for initial capital (minimum €350k) and safeguarding of client funds, it is critical to have IT redundancy, segregated accounts and incident management procedures. The basic package includes a detailed business plan, financial forecasts for 3–5 years, a description of payment flows, an AML/CTF policy and IT architecture. In bank onboarding special attention is paid to the reproducibility of processes: who, how and within what timeframes makes decisions on clients and transactions.
MiCA and crypto: impact on banks and VASP
The introduction of MiCA has reinforced banks’ conservative stance toward VASP and crypto companies. For Lithuania this means mandatory EDD for clients with P2P models, on/off-ramp operations and interaction with non-custodial wallets. Banks expect the implementation of TMS (transaction monitoring systems) capable of tracking crypto flows, identifying risky counterparties and linking on-chain and off-chain data. The absence of such infrastructure often becomes a reason for refusal of services, even when formally compliant with MiCA.
corporate governance: AML Officer, KRI, audit
Corporate governance is a key factor for banking trust. The appointment of an AML Officer in Lithuania implies residency or a stable presence, proven experience and a formalized AML training matrix for the team. Regulators and banks expect not a nominal figure but an active role in decision-making. AML program governance should include KRIs for C-level (alerts, MTTR, EDD cases), regular internal audits and an independent assessment of effectiveness. This approach reduces personal risks for management and increases the chances of stable banking services.
How to prepare for and pass a bank due diligence
Bank due diligence is not a one-off document check but an assessment of the overall readiness of the business to manage risks. The “gather documents on request” approach almost always delays onboarding or results in rejection. An effective strategy is to prepare a bank-pack in advance: a structured set of documents, processes and evidence that demonstrates predictable operations, transparent structure and a controlled AML framework. The fewer clarifying questions the bank has, the higher the chance of passing the review within a reasonable timeframe.
Documents for account opening
The basic document package must not only be collected but also logically consistent. The articles of association and UBO information should match the business plan, contracts and actual payment flows. Banks pay attention to the validity of apostilles, the readability of the ownership structure and the presence of an AML policy with a designated Officer. Proof of substance (office, employees, local presence) is becoming an increasingly critical factor, especially for EMIs and VASPs.
| Document | Mandatory | Evidence |
|---|---|---|
| Articles of association | Yes | Apostille |
| UBO register | Yes | Passports |
| Business plan | Yes | 3-year forecasts |
| Contracts | Yes | EU partners |
| Bank reference | Optional | Previous bank |
| AML policy | Yes | With designated Officer |
| Proof substance | Yes | Office / employees |
How to validate source-of-funds for large transfers
For transactions from ~€50k banks automatically trigger an enhanced source-of-funds review. Expect supporting invoices, contracts, payment schedules and a logical link to the stated business model. Lithuanian banks often use selective audits and cross-checks with bookkeeping and tax reporting. Mismatches in amounts or gaps between documents and the actual movement of funds are among the most common reasons for freezes.
Checklist for fintech / EMI / VASP
- API integrations with payment gateways
- ISMS / ISO 27001 (or an implementation plan)
- TMS for transaction monitoring
RegTech solutions to reduce compliance costs
For most financial and crypto projects the cost of compliance consistently eats up 20–30% of the operating budget, especially during the growth stage. The main cost driver is manual checks, a high level of false positives and fragmented control infrastructure. RegTech solutions allow you to turn compliance from a manual cost-center into a manageable system with measurable impact, where a 3x ROI is achieved through automation, reduced MTTR and scalability without proportional team growth.
Top solutions and their impact
Key RegTech tools deliver the greatest effect when combined rather than individually. TMS reduces alert noise and eases the load on analysts, automated EDD speeds up onboarding and improves verification quality, and outsourced compliance removes fixed costs at an early stage. The choice between an in-house and outsourced model should be based on a cost-benefit analysis: for startups and new EMI/VASP, outsourcing is most often economically justified.
| Solution | Effect | ROI |
|---|---|---|
| TMS | −70% false positives | ~6 months |
| RegTech EDD | Auto-screening and scoring | ~4x |
| Outsourced compliance | −50% costs | Immediately |
How to present a RegTech solution to a bank?
What matters to the bank is not the vendor itself but the manageability of risk. When presenting RegTech solutions focus on specific AML metrics: time-to-onboard <30 days, SAR count <5%, reduced MTTR and a transparent audit trail. Additionally, show integration of the solutions into the overall risk framework and readiness to scale without degradation of control — this directly increases the bank’s trust and speeds up onboarding.
Preventive measures for reputational risks
For banks the sanctions and reputational risk appetite remains extremely low, especially regarding fintech, EMI and VASP. Even formal compliance with requirements does not guarantee servicing if the client’s profile is perceived as potentially toxic to the bank’s reputation. Therefore preventive measures are more important than reactive ones: the task is not to “fight refusals”, but to reduce the likelihood of their occurrence through a transparent model, manageable risks and readiness for dialogue with the bank.
What to do if a bank refuses: how to appeal
A bank refusal is not the end but a signal of a weakness in the risk profile. The first step is to officially request the reasons for the refusal, even if they are phrased generally. Next prepare a remediation plan: what exactly was improved (EDD, source-of-funds, governance, IT controls) and within what timeframes. Resubmission is only possible with additional evidence — updated documents, policies and metrics. Banks respond positively to a structured and professional approach, not emotional appeals.
- Request reasons for the refusal
- Prepare a remediation plan
- Resubmit with additional documents
How to minimize reputational risks
Minimizing reputational risks starts with a Risk & Due Diligence (RDD) framework embedded into onboarding and the operating model. This includes avoiding inherently high-risk jurisdictions, opaque structures and clients with an unclear source of funds. It is important to document the logic of risk acceptance and regularly review the risk profile. For the bank this signals that the company consciously manages its exposure and does not shift responsibility onto the servicing bank.
Cases and Examples
The practice of bank onboarding and regulatory reviews shows that refusals are more often related not to formal requirements but to risk perception. Below — typical cases where targeted changes in structure, governance and the AML framework made it possible to remove the bank’s key objections and pass the review without changing jurisdiction or business model.
Case 1: Asian EMI — refusal due to UBO
The project was refused at the bank’s due diligence stage due to non-transparent UBO disclosure and lack of local presence. After COREDO’s intervention, the substance structure was refined: an office, staff and operational functions in the EU were confirmed, UBO documentation and the risk memo for the bank were updated. As a result the risk profile was reassessed and the account was opened without additional conditions.
Case 2: Crypto VASP under MiCA — passing EDD
The VASP faced enhanced EDD due to P2P operations and on/off-ramp interactions. The solution involved integrating a TMS with crypto-transaction monitoring capabilities and formalizing AML procedures to meet MiCA requirements. After demonstrating the monitoring system and audit trail, the bank approved servicing with regular reporting.
Case 3: Company from the CIS — reducing a high-risk profile
A company with beneficiaries from the CIS was classified by the bank as high-risk. The team focused on proving a real economic link to the EU: contracts with EU partners, verified payment flows and local management. This shifted the assessment focus from origin to the actual business model and allowed onboarding to proceed.
Conclusion
Refusals by Lithuanian banks to open accounts for non-residents are not an anomaly and not a “failure of a particular bank”, but a systemic result of tightened supervision by the Bank of Lithuania, the EU and the FATF. In the current reality banks assess companies as a permanent risk, not a one-off client: it is important not only to meet requirements at the moment of onboarding, but also to demonstrate the ability to manage AML/CTF risks in the long term.
The key conclusion is simple: bank due diligence today is a review of the business model, governance and infrastructure, not a folder of documents. Economic substance, a transparent UBO, managed transaction monitoring, the presence of an AML Officer and reproducible procedures are more important than the formal presence of a license or capital. This especially applies to fintech, EMI and VASP, where banks effectively act as a second regulator.
COREDO’s practice shows: most refusals can be prevented or successfully appealed if you approach the process systematically — prepare a bank-pack in advance, build a remediation plan, use RegTech and speak to the bank in the language of risk, KPIs and evidence. This approach saves months of time, reduces reputational losses and allows building sustainable banking services, not a one-off account opening.
If you plan market entry to the EU via Lithuania, the question is not “will they open an account”, but how ready you are for the level of control banks consider normal. Preparing for this level is the key to successful onboarding.