AML/CFT Compliance in Lithuania: Bank of Lithuania, AML Law, and the 2026 Regulatory Landscape
Lithuania's AML/CFT regime is under intense scrutiny. The Bank of Lithuania (BoL) has been actively enforcing regulations, particularly on electronic money institutions (EMIs) and fintech companies. A €3.5 million fine was imposed on Revolut Bank in April 2025 for AML breaches, highlighting the regulator's commitment to strict compliance. With over 130 EMI and PI licences issued between 2017 and 2022, Lithuania has become a hub for fintech, but this growth also brings significant AML risks that the BoL is working to mitigate.
Key Facts at a Glance
- Primary regulator
- Bank of Lithuania (Lietuvos bankas)
- Primary AML law
- Law on the Prevention of Money Laundering and Terrorist Financing (PMLTF Law) of 1997, substantively amended in 2022-2024
- FIU
- Financial Crime Investigation Service (FNTT / FCIS) under Ministry of Interior
- Criminal offence
- Section 209 Criminal Code (offence of money laundering)
- EU supervisor
- EC (European Commission) and ESMA (European Securities and Markets Authority)
- Current guidance
- Bank of Lithuania Recommendations on the Prevention of Money Laundering and Terrorist Financing (effective 2022)
- Coming legislation
- EU AMLR (2024/1624) applies 10 July 2027
The Regulatory Landscape
Lithuania's AML/CFT framework is built around the Law on the Prevention of Money Laundering and Terrorist Financing (PMLTF Law), which transposes successive EU directives. The Bank of Lithuania supervises credit institutions, EMIs, PIs, and insurance companies for AML/CFT compliance. Following a 2018 merger, the BoL also oversees AML/CFT for the entire financial sector. The Financial Crime Investigation Service (FNTT / FCIS), under the Ministry of Interior, serves as the country's FIU.
The regulatory landscape is also influenced by EU regulations and directives, including the Sixth Anti-Money Laundering Directive (EU) 2024/1640, which Lithuania has transposed into national law. The European Commission and ESMA play a role in supervising and guiding AML/CFT efforts across the EU, including in Lithuania.
Bank of Lithuania's Guidance and Recommendations
The Bank of Lithuania has issued Recommendations on the Prevention of Money Laundering and Terrorist Financing, effective 2022. These guidelines provide detailed requirements for AML/CFT compliance, including customer due diligence, risk management, and reporting obligations. The BoL has also conducted inspections and imposed fines on non-compliant institutions, demonstrating its commitment to enforcing AML regulations.
Customer Due Diligence and KYC
Lithuanian CDD obligations follow the EU template, requiring verification of natural persons' full name, place and date of birth, nationality, and residential address. For legal entities, verification typically involves commercial register excerpts, articles of association, and beneficial-ownership records. Beneficial-ownership thresholds are set at 25 %. The Transparency Register holds beneficial-ownership information, and institutions must conduct PEP screening for clients, beneficial owners, and counterparties.
Sanctions Screening
Sanctions implementation in Lithuania rests on EU regulations directly applicable in Member States. The Bank of Lithuania and the Financial Crime Investigation Service work together to enforce sanctions, including asset-freezing and prohibitions on transactions with designated persons or entities. Institutions must conduct real-time screening against EU, UN, and national sanctions lists.
SAR/STR Reporting
Suspicious Activity Reports must be filed with the Financial Crime Investigation Service (FNTT / FCIS). The BoL's guidelines emphasize the importance of timely reporting, with institutions expected to file SARs without undue delay. The Money Laundering Reporting Ordinance sets out formal and substantive minimum standards for SARs and Suspicious Transactions and Order Reports (STORs).
Institutions must ensure that their AML/CFT policies and procedures are proportionate to their risk exposure and comply with regulatory requirements. Failure to do so may result in fines, penalties, or reputational damage.
Risk-Based Approach
The PMLTF Law requires institutions to implement a risk-management system proportionate to their nature and size. The BoL's guidelines emphasize the importance of maintaining separate risk analyses for money laundering and terrorist financing. Institutions must conduct regular risk assessments and update their risk-management systems accordingly.
Crypto-Assets
Lithuania has a growing crypto-asset sector, with many institutions offering crypto-related services. The Bank of Lithuania has issued guidelines on crypto-asset regulation, emphasizing the need for documented AML/CFT procedures. Crypto-asset service providers must comply with AML/KYC obligations, including Travel-Rule requirements.
Recent Enforcement
The Bank of Lithuania has been actively enforcing AML regulations on fintech companies, including EMIs. In 2025 and early 2026, the regulator imposed fines on several institutions, including Revolut Bank, for AML breaches. The enforcement record demonstrates the BoL's commitment to strict compliance and highlights the importance of effective AML/CFT measures.
| Date | Institution | Penalty | Basis |
|---|---|---|---|
| Apr 2025 | Revolut Bank | €3.5m | AML breaches (transaction monitoring and suspicious activity identification) |
| Mar 2026 | Paytend Europe | Licence revoked | AML compliance concerns |
| 2025 | Foris DAX | Fines and penalties | AML supervision and examination findings |
| 2025 | Revolut Pay Lithuania | Fines and penalties | AML supervision and examination findings |
| 2025 | Paysera | Fines and penalties | AML supervision and examination findings |
Practical Compliance Checklist
Minimum Documentation Set Under the 2022 BoL Recommendations
- Institution-wide risk assessment under the PMLTF Law, refreshed annually and on material change.
- Internal safeguards manual covering customer due diligence, ongoing monitoring, sanctions screening, training, and reporting.
- Written CDD procedures aligned with the 2022 BoL Recommendations.
- Sanctions screening policy covering EU, UN, and national lists with documented matching logic and false-positive review procedure.
- SAR/STR procedures referencing the PMLTF Law and the BoL's guidelines.
- PEP identification and EDD procedure including the 12-month post-departure continuation requirement.
- Designated AML Officer and deputy notified to the BoL under the PMLTF Law.
- Staff training programme under the PMLTF Law, with documented annual refresher cycles.
- For crypto-asset service providers: documented procedures for crypto-asset regulation and Travel-Rule compliance.
Common Pitfalls
Institutions must avoid SAR latency, fragmented governance, and over-reliance on commercial screening tools without documented rationale. The BoL's enforcement record highlights the importance of effective AML/CFT measures and the need for institutions to prioritize compliance.
The EU AMLR applies directly from 10 July 2027 and will replace much of the PMLTF Law's substantive content. Institutions should treat the period to mid-2027 as a transition window: build now to AMLR standards using the BoL's guidelines as a forward-looking interpretation.
How RegMantle Helps
RegMantle generates jurisdiction-specific AML/CFT documentation for Lithuanian institutions, citing the PMLTF Law, EU regulations, and BoL guidelines directly in the text. Generated documents include the institution-wide risk assessment, AML/CFT policy manual, KYC/CDD procedures aligned with the 2022 BoL Recommendations, sanctions screening policy, SAR/STR procedures, and staff training programme. Live EU, UN, and national sanctions screening is built in, alongside adverse media review.
Generate your Lithuanian AML documentation in minutes
Stop paying for templated consultancy outputs. RegMantle produces audit-ready, PMLTF Law-compliant documentation in under ten minutes.
Start Free →