Case Study: Financial licensing in CIS

Financial licensing in CIS jurisdictions is one of the most operationally demanding regulatory processes an international business can face. The regulatory frameworks across Kazakhstan, Georgia, Armenia, and Uzbekistan differ substantially in structure, timeline, and capital requirements - yet each presents a viable entry point for fintech operators, payment service providers, and financial intermediaries seeking regional scale. This article maps the licensing landscape across key CIS markets, identifies the most common strategic errors, and provides a practical framework for selecting the right jurisdiction and licence type for your business model.

The CIS region has undergone significant regulatory modernisation over the past decade. Kazakhstan';s financial regulator, the Agency of the Republic of Kazakhstan for Regulation and Development of the Financial Market (ARDFM), operates under a consolidated supervisory framework that covers banking, insurance, securities, and payment services. Georgia';s National Bank (NBG) has built a reputation as one of the more accessible regulators in the post-Soviet space, particularly for electronic money institutions and payment service providers. Armenia';s Central Bank (CBA) and Uzbekistan';s Central Bank (CBU) have each introduced dedicated fintech licensing tracks, reflecting a regional trend toward structured regulatory accommodation of technology-driven financial services.

For an international operator, the choice of CIS jurisdiction is rarely straightforward. Each regulator applies different criteria for beneficial ownership disclosure, minimum authorised capital, fit-and-proper assessments of management, and ongoing compliance obligations. A common mistake is treating the CIS as a single regulatory bloc. In practice, a licence obtained in Georgia does not confer passporting rights into Kazakhstan or Armenia. Each market requires a separate application, a locally incorporated entity, and - in most cases - locally resident management.

The business case for CIS licensing typically rests on one of three scenarios. First, a fintech operator seeking to serve a large domestic market, such as Kazakhstan';s population of approximately 19 million with high smartphone penetration. Second, a payment service provider using a CIS licence as a stepping stone toward broader regional expansion, leveraging lower capital thresholds compared to EU jurisdictions. Third, a holding structure that uses a CIS-licensed entity to manage intra-group financial flows, taking advantage of favourable tax treaty networks in Georgia or Armenia.

Kazakhstan';s financial licensing framework is anchored in the Law on Banks and Banking Activity and the Law on Payment Services and Payment Organisations. Under Article 10 of the Law on Payment Services, payment organisations must obtain a licence from the ARDFM before commencing operations. The minimum authorised capital for a payment organisation is set at a level that, in general terms, falls in the low hundreds of thousands of USD equivalent - a meaningful but not prohibitive threshold for a well-capitalised operator.

The ARDFM applies a two-stage review process. The first stage involves a preliminary assessment of the business plan, ownership structure, and management qualifications. The second stage involves a full due diligence review of the applicant entity, its beneficial owners, and proposed key personnel. The statutory review period runs to 60 working days from the date a complete application is accepted, though in practice the process frequently extends beyond this period when the regulator requests supplementary documentation.

A non-obvious risk in Kazakhstan is the ARDFM';s approach to beneficial ownership. The regulator applies a look-through analysis that extends to ultimate beneficial owners holding 10% or more of the applicant';s shares. Where the ownership chain includes offshore holding companies - a common structure for international operators - the ARDFM requires notarised and apostilled corporate documentation for each layer of the structure. Delays in obtaining and legalising these documents are the single most frequent cause of application timeline overruns.

Georgia';s licensing framework for payment service providers and electronic money institutions is governed by the Law on Payment System and Payment Services and the Law on Activities of Commercial Banks. The National Bank of Georgia (NBG) operates a tiered licensing system. A payment service provider licence covers a defined list of payment services enumerated in Article 3 of the Law on Payment System. An electronic money institution licence additionally permits the issuance of electronic money and the maintenance of payment accounts.

The NBG';s application process is notably more streamlined than Kazakhstan';s. The statutory review period for a payment service provider licence is 30 working days from receipt of a complete application. The minimum capital requirement for a payment service provider is lower than for an electronic money institution, and both thresholds are, in general terms, accessible to early-stage operators. Georgia';s regulatory environment is also distinguished by the NBG';s published guidance on application requirements, which reduces uncertainty for first-time applicants.

A practical consideration in Georgia is the requirement for a locally incorporated limited liability company (LLC) or joint-stock company as the licence holder. The NBG does not licence branches of foreign entities. The locally incorporated entity must have a registered office in Georgia and at least one resident director. In practice, many international operators appoint a local nominee director to satisfy residency requirements while retaining operational control through internal governance documents. This arrangement is legally permissible but requires careful structuring to avoid conflicts between the nominee';s formal obligations and the operator';s commercial interests.

Armenia';s financial licensing framework is administered by the Central Bank of Armenia (CBA) under the Law on Payment and Settlement Systems and Payment and Settlement Organisations. The CBA has introduced a dedicated licensing track for payment organisations and electronic money organisations, with separate capital and operational requirements for each category.

Armenia presents a strategically interesting option for operators focused on the Armenian diaspora market or on cross-border remittance flows. The CBA has demonstrated a willingness to engage with fintech applicants at the pre-application stage, which reduces the risk of submitting an application that fails on technical grounds. The statutory review period is 60 calendar days from receipt of a complete application, with a possible extension of 30 calendar days where additional information is required.

A common mistake among international operators in Armenia is underestimating the CBA';s fit-and-proper requirements for management. The CBA requires that the chief executive officer and chief financial officer of a licensed entity meet specific qualification and experience criteria set out in the CBA';s regulatory acts. Where proposed management does not meet these criteria, the application will be rejected regardless of the strength of the business plan or the adequacy of the capital base.

To receive a checklist on financial licensing application requirements across CIS jurisdictions, send a request to info@vlolawfirm.com.

Uzbekistan';s financial licensing framework has undergone substantial reform since the adoption of the Law on Payments and Payment Systems. The Central Bank of Uzbekistan (CBU) now operates a structured licensing regime for payment organisations, electronic money operators, and currency exchange operators. The CBU has also introduced a regulatory sandbox framework, which allows fintech operators to test innovative services under a time-limited exemption from full licensing requirements.

The CBU';s sandbox regime is available for a period of up to 12 months, extendable in defined circumstances. Operators admitted to the sandbox must demonstrate that their service model cannot be accommodated within existing licence categories and must commit to applying for a full licence upon completion of the sandbox period. The sandbox is a genuine regulatory tool rather than a formality, and the CBU has used it to inform updates to its licensing rules.

A non-obvious risk in Uzbekistan is the currency control framework. Even a fully licensed payment organisation must comply with the Law on Currency Regulation, which imposes restrictions on cross-border transfers and requires prior approval for certain categories of outbound payment. International operators who structure their business model around cross-border payment flows may find that the licensing process resolves only part of their regulatory exposure.

The choice between a payment organisation licence, an electronic money institution licence, and a banking licence is the most consequential strategic decision in the CIS licensing process. Each licence type carries a different capital requirement, a different scope of permitted activities, and a different ongoing compliance burden.

A payment organisation licence is the appropriate starting point for operators whose business model is limited to payment initiation, payment processing, or money remittance. It does not permit the issuance of electronic money or the maintenance of payment accounts in the operator';s own name. The capital requirement is the lowest of the three categories, and the ongoing compliance obligations - while substantial - are less demanding than those applicable to electronic money institutions or banks.

An electronic money institution licence is appropriate where the operator';s model requires the issuance of stored value instruments, the maintenance of payment accounts, or the provision of card-linked products. The capital requirement is higher than for a payment organisation, and the operator must maintain a segregated safeguarding arrangement for client funds. In Kazakhstan and Georgia, the safeguarding requirement is typically satisfied by holding client funds in a dedicated account at a licensed bank, subject to restrictions on the use of those funds.

A banking licence is rarely the right choice for a fintech operator entering the CIS market. The capital requirements are substantially higher - in Kazakhstan, the minimum capital for a new bank is set at a level in the tens of millions of USD equivalent - and the ongoing supervisory burden is commensurate. Operators who require deposit-taking functionality typically achieve this more efficiently through a partnership with an existing licensed bank rather than through a standalone banking licence application.

The comparison between jurisdictions on the basis of capital requirements alone is a common strategic error. Georgia';s lower capital thresholds are attractive, but the Georgian licence does not provide market access in Kazakhstan or Uzbekistan. An operator who licenses in Georgia and then seeks to expand into Kazakhstan will face a full second licensing process, including a new entity incorporation, a new application, and a new review period. The total cost and timeline of a multi-jurisdiction strategy should be modelled at the outset, not discovered incrementally.

A European payment service provider with an existing EU licence seeks to expand into Kazakhstan to serve a corporate client base. The operator incorporates a Kazakhstani joint-stock company (aktsionernoe obshchestvo), appoints a locally resident general director, and submits an application to the ARDFM for a payment organisation licence.

The ARDFM';s preliminary review identifies that the operator';s ultimate beneficial owner holds the shares through a chain that includes a BVI holding company. The regulator requests notarised and apostilled corporate documentation for the BVI entity, including a certificate of good standing, the register of members, and the register of directors. Obtaining and legalising these documents takes approximately six weeks, extending the overall application timeline by the same period.

The operator also discovers that its proposed IT infrastructure - hosted on servers located in the EU - does not satisfy the ARDFM';s data localisation requirements under the Law on Personal Data and Its Protection. The operator must either migrate its data processing to Kazakhstan-based servers or obtain a specific regulatory dispensation. This requirement was not identified during the initial market entry assessment, resulting in additional costs and a further delay of approximately eight weeks.

The total timeline from incorporation to licence issuance in this scenario is approximately nine to twelve months. The lesson is that data localisation and beneficial ownership documentation are the two most common sources of delay in Kazakhstan applications, and both should be addressed before the application is submitted.

An operator focused on remittance flows between the Armenian diaspora in Western Europe and recipients in Armenia seeks a payment organisation licence from the CBA. The operator incorporates a limited liability company in Armenia, appoints a resident director and a resident chief financial officer, and submits a pre-application inquiry to the CBA.

The CBA';s pre-application engagement reveals that the operator';s proposed fee structure includes a foreign exchange margin that the CBA classifies as a currency exchange service. This classification triggers an additional licensing requirement under the Law on Currency Regulation of the Republic of Armenia. The operator restructures its fee model to separate the payment service fee from the foreign exchange conversion, which is then routed through a licensed currency exchange partner. This restructuring resolves the dual-licensing issue without materially affecting the operator';s commercial model.

The CBA';s fit-and-proper review of the proposed chief executive officer identifies a gap in the candidate';s formal financial services qualifications. The CBA requires a minimum of three years of relevant management experience in a licensed financial institution. The operator replaces the proposed CEO with a candidate who meets this requirement, adding approximately four weeks to the preparation timeline but avoiding a rejection on fit-and-proper grounds.

The total timeline from incorporation to licence issuance in this scenario is approximately six to eight months. The pre-application engagement with the CBA is identified as the single most valuable step in the process, as it allows the operator to resolve structural issues before they become grounds for rejection.

To receive a checklist on fit-and-proper requirements for CIS financial licence applicants, send a request to info@vlolawfirm.com.

A regional payment network operator seeks to use a Georgian electronic money institution licence as the regulatory anchor for a multi-country expansion strategy. The operator incorporates a Georgian LLC, appoints a resident director, and submits an application to the NBG.

The NBG';s review proceeds within the statutory 30-working-day period. The operator receives its electronic money institution licence and commences operations. The operator then seeks to use the Georgian entity to process payments on behalf of merchants located in Kazakhstan and Uzbekistan.

The operator discovers that the Georgian licence does not authorise the provision of payment services to merchants in Kazakhstan or Uzbekistan without a separate licence in each of those jurisdictions. The operator';s legal advisers had correctly identified this limitation, but the operator';s commercial team had proceeded on the assumption that the Georgian licence would provide a temporary operational basis while the Kazakhstan and Uzbekistan applications were pending. The Georgian regulator, on review, determines that the operator';s cross-border merchant acquiring activity requires a specific authorisation under Georgian law that was not included in the original licence scope.

The operator applies for an extension of its Georgian licence to cover cross-border merchant acquiring, which the NBG grants after a supplementary review of approximately 45 working days. The operator also commences parallel licensing processes in Kazakhstan and Uzbekistan. The total additional cost of resolving the cross-border scope issue - including legal fees, regulatory filing costs, and operational delays - is estimated in the low tens of thousands of USD. The lesson is that the scope of a CIS financial licence must be defined with precision at the application stage, and that cross-border activity assumptions must be validated with the regulator before operations commence.

Obtaining a financial licence in a CIS jurisdiction is the beginning of a regulatory relationship, not the end of a process. Each of the major CIS regulators imposes ongoing reporting, capital adequacy, and operational compliance obligations that generate recurring costs and management attention.

In Kazakhstan, licensed payment organisations must submit quarterly financial reports to the ARDFM, maintain minimum capital at all times, and notify the regulator of any material change in ownership, management, or business model within defined timeframes. Under Article 30 of the Law on Payment Services, a change of beneficial owner holding 10% or more of the shares requires prior regulatory approval. Failure to obtain this approval before completing a share transfer is a common compliance failure among international operators who complete corporate restructurings without considering the regulatory notification requirements in each jurisdiction where they hold licences.

In Georgia, the NBG requires electronic money institutions to submit monthly reports on the volume and value of transactions processed, the number of active payment accounts, and the balance of client funds held in safeguarding accounts. The NBG also conducts periodic on-site inspections of licensed entities. A non-obvious risk is the NBG';s approach to outsourcing: where a licensed entity outsources material operational functions - such as IT infrastructure, customer due diligence, or transaction monitoring - to a third party, the NBG requires prior notification and, in some cases, prior approval. Many operators discover this requirement only after they have already entered into outsourcing arrangements.

In Armenia, the CBA requires licensed payment organisations to maintain an anti-money laundering and counter-terrorist financing (AML/CTF) programme that meets the standards set out in the Law on Combating Money Laundering and Terrorism Financing. The CBA conducts thematic reviews of AML/CTF programmes and has issued enforcement actions against licensed entities whose programmes were found to be inadequate. The cost of building and maintaining a compliant AML/CTF programme - including transaction monitoring software, compliance officer salaries, and periodic independent audits - is a material ongoing expense that should be factored into the business case for an Armenian licence.

In Uzbekistan, the CBU requires licensed payment organisations to comply with the data localisation requirements of the Law on Personal Data, which mandate that personal data of Uzbek residents be stored on servers located in Uzbekistan. This requirement applies to transaction data, customer identification data, and AML/CTF records. Operators who use cloud infrastructure hosted outside Uzbekistan must either migrate their data processing or obtain a specific regulatory dispensation, which the CBU grants on a case-by-case basis.

The aggregate cost of ongoing compliance across a multi-jurisdiction CIS portfolio - including regulatory reporting, AML/CTF programme maintenance, capital adequacy monitoring, and periodic regulatory engagement - typically runs in the low hundreds of thousands of USD per year for an operator with active licences in two or three jurisdictions. This cost should be modelled as a fixed overhead in the business case, not as a variable cost that scales with revenue.

Operators who delay the licensing process in CIS jurisdictions face a compounding set of risks. Regulatory frameworks in Kazakhstan, Georgia, Armenia, and Uzbekistan are actively evolving, and the direction of travel is consistently toward more stringent requirements - higher capital thresholds, more demanding fit-and-proper assessments, and broader AML/CTF obligations. An operator who defers licensing in anticipation of a more favourable regulatory environment is more likely to encounter a more demanding one.

The risk of operating without a licence in any CIS jurisdiction is substantial. In Kazakhstan, unlicensed payment activity is subject to administrative penalties under the Code of Administrative Offences, including fines and a prohibition on continuing the activity. In Georgia, the NBG has the authority to impose fines, issue public warnings, and refer cases to the prosecutor';s office for criminal investigation. In Armenia and Uzbekistan, the consequences of unlicensed financial activity include both administrative and criminal liability for the entity';s management.

A common mistake among international operators is to commence operations in a CIS market under a general commercial licence or a technology services agreement, on the basis that the activity does not technically constitute a regulated financial service. This approach frequently fails when the regulator reviews the operator';s actual transaction flows and determines that the activity falls within the definition of a payment service under the applicable law. The cost of resolving a regulatory enforcement action - including legal fees, penalties, and the disruption to operations - typically exceeds the cost of obtaining the licence in the first place by a significant margin.

Incorrect strategy in the selection of licence type also generates material costs. An operator who obtains a payment organisation licence and subsequently determines that its business model requires electronic money issuance must apply for a new or upgraded licence, a process that typically takes three to six months and requires additional capital to be injected into the licensed entity. The opportunity cost of operating under a licence that does not cover the full scope of the intended business is a hidden cost that is frequently underestimated at the planning stage.

We can help build a strategy for financial licensing across CIS jurisdictions, including jurisdiction selection, entity structuring, and application preparation. Contact info@vlolawfirm.com to discuss your specific situation.

What is the most common reason for a CIS financial licence application to be rejected?

The most common reason for rejection is an incomplete or inadequate beneficial ownership disclosure. CIS regulators apply a look-through analysis that extends to all entities in the ownership chain, and they require notarised and apostilled documentation for each layer. Where the ownership structure includes offshore entities, the documentation requirements are particularly demanding. A secondary cause of rejection is the failure of proposed management to meet fit-and-proper requirements, particularly in Armenia and Kazakhstan, where the regulators apply specific qualification and experience criteria to senior management roles.

How long does the CIS financial licensing process take, and what does it cost?

The timeline varies by jurisdiction and licence type. Georgia offers the shortest statutory review period - 30 working days for a payment service provider licence - while Kazakhstan and Armenia operate on 60-working-day statutory periods that frequently extend in practice. A realistic end-to-end timeline, from entity incorporation to licence issuance, is six to nine months in Georgia, nine to twelve months in Kazakhstan, and six to eight months in Armenia. Uzbekistan';s timeline is broadly comparable to Armenia';s for standard applications. Legal fees for a single-jurisdiction application typically start from the low tens of thousands of USD, with multi-jurisdiction programmes scaling accordingly. Capital requirements add a further cost that varies by jurisdiction and licence type.

When should an operator choose a Georgian licence over a Kazakhstani licence?

The choice depends primarily on the operator';s target market and business model. A Georgian licence is the better choice where the operator';s primary market is Georgia itself, where the operator seeks a lower capital threshold as an entry point, or where the operator values the NBG';s more accessible regulatory engagement process. A Kazakhstani licence is the better choice where the operator';s primary market is Kazakhstan, where the operator requires access to the Kazakhstani banking system for settlement purposes, or where the operator';s corporate clients specifically require a Kazakhstani-licensed counterparty. Neither licence provides market access in the other jurisdiction, so an operator targeting both markets will need both licences regardless of which is obtained first.

Financial licensing in CIS jurisdictions rewards careful preparation and penalises reactive decision-making. The regulatory frameworks in Kazakhstan, Georgia, Armenia, and Uzbekistan are each coherent and navigable, but they differ in ways that matter operationally - in capital requirements, review timelines, management qualification standards, and ongoing compliance obligations. The operators who succeed in obtaining and maintaining CIS financial licences are those who invest in jurisdiction selection analysis, build their ownership structures with regulatory disclosure requirements in mind, and treat ongoing compliance as a core operational function rather than a periodic administrative task.

To receive a checklist on ongoing compliance obligations for CIS-licensed financial institutions, send a request to info@vlolawfirm.com.

Our law firm VLO Law Firms has experience supporting clients in CIS jurisdictions on financial licensing and regulatory compliance matters. We can assist with jurisdiction selection analysis, entity structuring for regulatory purposes, preparation and submission of licence applications, fit-and-proper assessment preparation, and ongoing regulatory engagement with the ARDFM, NBG, CBA, and CBU. To receive a consultation, contact: info@vlolawfirm.com.