Financial licensing in Europe is one of the most consequential regulatory decisions a fintech or financial services business can make. The wrong jurisdiction, an incomplete application, or a misread of regulator expectations can cost a business twelve to twenty-four months of delay and hundreds of thousands of euros in sunk costs. This article walks through the key stages of the European licensing process using realistic business scenarios, identifies the structural risks at each stage, and explains how to build a licensing strategy that survives regulatory scrutiny.
The European financial licensing landscape is governed by a layered framework: EU-level directives set the minimum standards, national competent authorities (NCAs) apply and interpret those standards, and the European Banking Authority (EBA) and European Securities and Markets Authority (ESMA) provide binding technical standards and supervisory convergence. For a business seeking to serve clients across multiple EU member states, understanding how these layers interact is not optional - it is the foundation of any viable licensing strategy.
This article covers the principal license categories available in Europe, the procedural mechanics of obtaining them, the most common strategic errors made by international applicants, and the business economics of each path. It also addresses the passporting mechanism that allows a single EU license to unlock access to the entire single market.
What license categories are available for financial services in Europe
European financial regulation does not offer a single universal license. The applicable framework depends on the nature of the business activity, the instruments involved, and the client base. The principal categories are as follows.
An Electronic Money Institution (EMI) license, governed by the Electronic Money Directive 2 (EMD2, Directive 2009/110/EC), authorises the issuance of electronic money and the provision of payment services. It is the most commonly sought license for fintech companies offering e-wallets, prepaid cards, and digital payment infrastructure. The minimum initial capital requirement under EMD2 is EUR 350,000, though NCAs may impose higher requirements based on the business model.
A Payment Institution (PI) license, regulated under the Payment Services Directive 2 (PSD2, Directive 2015/2366/EU), covers payment initiation, account information services, and money remittance without the issuance of electronic money. The minimum capital for a PI ranges from EUR 20,000 to EUR 125,000 depending on the specific payment services provided. PSD2 also introduced the Open Banking framework, which created regulated access to payment account data held by banks.
A MiFID II (Markets in Financial Instruments Directive, Directive 2014/65/EU) investment firm license is required for businesses providing investment services such as portfolio management, investment advice, execution of orders, or dealing on own account. The capital requirements under MiFID II vary significantly: a restricted license for investment advice without holding client assets may require as little as EUR 75,000, while a full-scope investment firm dealing on own account may require EUR 750,000 or more.
A credit institution license - a full banking license - is the most demanding category. It is governed by the Capital Requirements Directive IV (CRD IV, Directive 2013/36/EU) and the Capital Requirements Regulation (CRR, Regulation 575/2013). Minimum capital starts at EUR 5 million, but in practice most NCAs expect significantly more, and the application process typically takes eighteen to thirty-six months.
For businesses managing collective investment schemes, the AIFMD (Alternative Investment Fund Managers Directive, Directive 2011/61/EU) and UCITS framework (Directive 2009/65/EC) apply. These are relevant for asset managers, fund administrators, and private equity vehicles seeking EU-regulated distribution.
The choice between these categories is not always obvious. A common mistake made by international applicants is selecting the license category based on what sounds most prestigious rather than what the business model actually requires. A company offering a corporate expense management platform with a prepaid card component does not need a full banking license - an EMI license is sufficient and far faster to obtain.
How jurisdiction selection shapes the licensing outcome
Jurisdiction selection is the single most consequential strategic decision in the European licensing process. Every EU member state has an NCA with its own interpretation of EU directives, its own processing timelines, its own staffing levels, and its own supervisory culture. These differences are material.
Luxembourg';s Commission de Surveillance du Secteur Financier (CSSF) is widely regarded as one of the most technically sophisticated regulators in Europe. It has deep experience with fund structures, payment institutions, and investment firms. Processing times for a well-prepared EMI or PI application typically run between six and twelve months. The CSSF expects applicants to demonstrate genuine substance in Luxembourg: a local compliance officer, a locally resident management board member, and operational infrastructure that is not purely nominal.
Lithuania';s Bank of Lithuania (Lietuvos bankas) became a preferred jurisdiction for fintech licensing after it introduced a streamlined process for EMI and PI applicants. Processing times were historically shorter than in most other EU jurisdictions, and the regulator was known for constructive pre-application engagement. However, the Bank of Lithuania has progressively tightened its substance requirements and AML expectations, and the perception that Lithuania is an easy jurisdiction is now outdated.
The Netherlands Authority for the Financial Markets (AFM) and De Nederlandsche Bank (DNB) operate a dual-regulator model. The AFM supervises conduct of business, while the DNB supervises prudential matters. For payment institutions and investment firms, this means engaging with two regulators simultaneously, which adds procedural complexity but also provides regulatory clarity.
Ireland';s Central Bank of Ireland (CBI) is the preferred jurisdiction for many US and UK-headquartered businesses seeking EU market access, partly because of the common law legal tradition and English-language regulatory environment. The CBI is known for rigorous scrutiny of governance arrangements and individual fitness and probity assessments.
Germany';s Federal Financial Supervisory Authority (BaFin) is one of the largest NCAs in Europe by headcount and supervisory scope. BaFin is known for thorough and sometimes lengthy review processes. For businesses with significant German client exposure, obtaining a German license rather than passporting in from another jurisdiction can reduce long-term supervisory friction.
A non-obvious risk in jurisdiction selection is the post-licensing supervisory relationship. A regulator that is easy to obtain a license from may become a difficult ongoing supervisor, particularly as EU-wide AML and prudential expectations have converged upward. Businesses that selected certain jurisdictions primarily for speed have subsequently faced intensive supervisory reviews, remediation requirements, and in some cases license withdrawal.
To receive a checklist on jurisdiction selection criteria for financial licensing in Europe, send a request to info@vlolawfirm.com
The application process: procedural mechanics and regulator expectations
The application process for a European financial license follows a broadly similar structure across jurisdictions, though the details vary significantly. Understanding the procedural mechanics in advance prevents the most common and costly delays.
The pre-application phase is critical and often underestimated. Most NCAs offer or require a pre-application meeting or written pre-notification. This is not a formality. It is the applicant';s opportunity to present the business model, receive preliminary feedback on the proposed regulatory perimeter, and identify any structural issues before the formal application is submitted. Submitting a formal application without prior regulator engagement is a common mistake that results in requests for information (RFIs) that could have been addressed earlier, adding months to the process.
The formal application package for an EMI or PI license typically includes: a detailed business plan covering at least three years of financial projections; a programme of operations describing the payment services to be provided; a description of the governance structure including the management body and supervisory function; individual questionnaires and supporting documentation for all qualifying shareholders, directors, and key function holders; an AML/CFT programme including policies, procedures, and the identity of the Money Laundering Reporting Officer (MLRO); an IT security assessment; a business continuity plan; and evidence of the minimum initial capital.
Under PSD2, Article 5, NCAs must acknowledge receipt of a complete application within ten business days and must reach a decision within three months of receiving a complete application. In practice, the clock on the three-month period does not start until the NCA considers the application complete, and NCAs routinely issue RFIs that pause the clock. The effective processing time is therefore determined by the quality of the initial submission and the responsiveness of the applicant to RFIs.
Individual fitness and probity assessments are a significant source of delay for international applicants. NCAs assess whether proposed directors and key function holders are fit and proper under criteria derived from EBA Guidelines on the assessment of the suitability of members of the management body (EBA/GL/2021/06). These criteria include professional experience, educational background, criminal record checks, regulatory history, and reputational factors. For applicants with complex ownership structures or directors who have held positions in regulated entities in multiple jurisdictions, assembling the required documentation can take several months.
The AML/CFT programme is increasingly the most scrutinised component of any financial license application. Following the adoption of the Anti-Money Laundering Directive 6 (AMLD6, Directive 2018/1673/EU) and the ongoing development of the EU AML Authority (AMLA), NCAs have significantly raised their expectations for AML governance. A programme that would have been acceptable five years ago may now be considered inadequate. The MLRO must be a senior, experienced individual with genuine authority within the organisation - not a nominal appointment.
A practical scenario: a US-based payments company seeking an EU EMI license submitted an application to a mid-tier EU NCA with a business plan that described its global operations accurately but failed to articulate a credible EU-specific operating model. The NCA issued an RFI requesting a revised business plan, a detailed description of the EU governance structure, and evidence of local substance. The applicant spent four months revising the application, effectively restarting the process. The lesson is that the application must describe the EU entity as a standalone regulated business, not as a branch or subsidiary of a global operation.
Passporting: unlocking the single market from a single license
The EU passporting mechanism is one of the most commercially significant features of European financial regulation. Once a financial institution obtains a license in one EU member state, it can provide the same services in any other EU member state either through the freedom to provide services (FPS) or by establishing a branch, without obtaining a separate license in each host state.
The passporting procedure is governed by the applicable directive. Under PSD2, Article 28, a payment institution wishing to passport its services must notify its home NCA, which then notifies the host NCA within one month. The institution may begin providing services in the host state one month after the home NCA sends the notification, unless the home NCA has reason to doubt the adequacy of the administrative structure or financial situation. Under MiFID II, Article 34, the procedure is similar but the home NCA must transmit the notification within one month, and the investment firm may commence activities in the host state immediately upon transmission.
Passporting does not mean operating without regulatory oversight in host states. Host NCAs retain supervisory authority over conduct of business rules, consumer protection requirements, and local AML obligations. A business that passports into Germany, France, and the Netherlands must comply with the local implementation of EU directives in each of those jurisdictions, and must be prepared to engage with BaFin, the Autorité de Contrôle Prudentiel et de Résolution (ACPR), and the DNB respectively.
A non-obvious risk of passporting is the substance requirement in the home state. If the home NCA concludes that the licensed entity lacks genuine substance - that it is a "letter-box" entity with no real operations in the home state - it may withdraw the license or impose remediation requirements. The EBA has issued opinions on the risks of regulatory arbitrage within the EU, and NCAs have become more vigilant about substance assessments, particularly following Brexit when many firms relocated their EU licensing to smaller member states.
The comparison between passporting and establishing separate local entities is a genuine strategic choice for businesses with significant operations in multiple EU markets. Passporting is faster and cheaper to establish, but it concentrates regulatory risk in the home jurisdiction and may create friction with host NCAs that prefer locally licensed entities for systemically important activities. Establishing separate licensed entities in multiple jurisdictions provides regulatory resilience but multiplies compliance costs, capital requirements, and supervisory relationships.
A practical scenario: a UK-based investment firm that had previously relied on its FCA authorization to serve EU clients lost its passporting rights following Brexit. It obtained a MiFID II license from an EU NCA and passported into fourteen EU member states. Within eighteen months, two host NCAs requested information about the firm';s local substance and the adequacy of its local compliance arrangements. The firm had to appoint local compliance representatives in those jurisdictions and enhance its local reporting procedures. The cost of this remediation was material and had not been budgeted at the time of the initial licensing decision.
To receive a checklist on passporting procedures and host-state compliance obligations in Europe, send a request to info@vlolawfirm.com
Common strategic errors and how to avoid them
International businesses entering the European financial licensing process for the first time make a predictable set of errors. Understanding these errors in advance reduces the risk of costly delays and regulatory friction.
The first and most common error is underestimating the substance requirement. European NCAs have consistently raised their expectations for what constitutes genuine local presence. A registered office address and a nominal director are not sufficient. The NCA expects to see a management body that meets regularly in the home jurisdiction, makes genuine decisions about the business, and has the expertise to oversee the regulated activities. For businesses based outside Europe, this means either relocating senior management or appointing genuinely experienced local directors with real authority - not figureheads.
The second common error is treating the business plan as a marketing document. The business plan submitted to an NCA must be a detailed, credible, and internally consistent operational document. It must describe the target market, the distribution channels, the revenue model, the risk management framework, and the compliance infrastructure in sufficient detail that the regulator can assess whether the business is viable and whether the applicant understands the regulatory obligations it is assuming. Vague or aspirational language is a red flag for NCAs.
The third common error is underestimating the AML/CFT requirements. Many international applicants have AML programmes that are adequate for their home jurisdiction but fall short of EU expectations. The EU AML framework requires a risk-based approach that is genuinely calibrated to the specific risks of the business model, not a generic compliance manual. The MLRO must be a senior individual with real authority, not a junior compliance officer or an external consultant with no operational role.
The fourth common error is failing to engage with the regulator before submission. Pre-application engagement is not a sign of weakness or uncertainty - it is a sign of professionalism. NCAs generally respond positively to applicants who demonstrate that they understand the regulatory framework and have thought carefully about how their business model fits within it. Applicants who submit without prior engagement often receive extensive RFIs that could have been avoided.
The fifth common error is selecting a jurisdiction based on perceived ease rather than strategic fit. The European licensing landscape has changed significantly. Jurisdictions that were once considered more accessible have raised their standards, and the supervisory culture in any given jurisdiction will shape the ongoing regulatory relationship for years. A jurisdiction that is a poor strategic fit - because of language barriers, supervisory culture, or geographic distance from the business';s actual operations - will create friction long after the license is obtained.
The cost of these errors is significant. A delayed application costs the business not only the direct legal and advisory fees associated with responding to RFIs and revising the application, but also the opportunity cost of not being able to operate in the EU market during the delay. For a business with a viable product and a ready customer base, a twelve-month delay in licensing can represent a material loss of revenue and competitive position.
A practical scenario: a Southeast Asian fintech company sought an EMI license in a small EU member state, attracted by the jurisdiction';s reputation for fast processing. The company appointed a local director with no prior financial services experience and submitted an AML programme that had been adapted from its home-jurisdiction documentation without substantive revision. The NCA rejected the application on the grounds that the proposed management body lacked the required expertise and that the AML programme did not adequately address the risks of the proposed business model. The company had to restart the process in a different jurisdiction, with a revised governance structure and a new AML programme, at a total additional cost running into the mid-six figures in euros.
We can help build a strategy for your European licensing application and identify the jurisdiction and structure that best fits your business model. Contact info@vlolawfirm.com
Business economics of European financial licensing
The decision to obtain a European financial license is a significant business investment. Understanding the economics of that investment - the upfront costs, the ongoing compliance costs, the capital requirements, and the expected timeline to revenue - is essential for making a rational strategic decision.
The upfront costs of a European financial license application fall into several categories. Legal and regulatory advisory fees for a well-prepared EMI or PI application typically start from the low tens of thousands of euros and can reach the mid-six figures for complex applications involving multiple license categories or unusual business models. MiFID II investment firm applications are generally more expensive, reflecting the greater complexity of the regulatory framework and the more intensive individual assessment process. Banking license applications are in a different cost category entirely, with advisory fees often running into the high six figures or beyond.
The minimum capital requirements described above are regulatory floors, not business targets. NCAs assess whether the applicant';s capital is adequate for the proposed business model, and they may require capital significantly above the regulatory minimum if the business plan projects rapid growth or involves higher-risk activities. Capital must be available at the time of application and must be maintained on an ongoing basis.
Ongoing compliance costs are a significant and often underestimated element of the economics. A regulated EU financial institution must maintain a compliance function, an AML function, a risk management function, and an internal audit function. For smaller institutions, these functions may be combined or partially outsourced, but the costs are real and recurring. Regulatory reporting obligations under PSD2, MiFID II, and the applicable prudential framework add further operational costs.
The timeline to revenue is a critical economic variable. A business that expects to begin generating EU revenue within six months of deciding to pursue a license will almost certainly be disappointed. A realistic timeline for an EMI or PI license in a well-prepared application to a responsive NCA is nine to fifteen months from the start of the pre-application process. MiFID II applications typically take twelve to twenty-four months. Banking licenses take longer still.
The comparison between obtaining a license and using a third-party regulated entity - through a banking-as-a-service (BaaS) provider or an agent/distributor arrangement - is a genuine strategic alternative for businesses at an early stage. Operating under a third party';s license is faster and cheaper to establish, but it creates dependency on the third party';s regulatory status and limits the business';s ability to control its product and customer experience. The decision to move from a third-party arrangement to a proprietary license is typically driven by scale, strategic control, and the economics of the third-party arrangement becoming unfavourable as volumes grow.
A practical scenario: a European payments startup operated under a BaaS provider';s EMI license for its first three years, paying a per-transaction fee to the provider. As transaction volumes grew, the economics of the BaaS arrangement became increasingly unfavourable, and the startup decided to obtain its own EMI license. The licensing process took fourteen months and cost approximately EUR 180,000 in advisory fees, plus the EUR 350,000 minimum capital requirement. The startup calculated that the savings from eliminating the BaaS fee would recover the licensing investment within eighteen months of obtaining the license. This calculation proved broadly accurate, though the ongoing compliance costs were higher than initially projected.
The risk of inaction is also an economic consideration. A business that delays its licensing decision while continuing to grow under a third-party arrangement may find that its growing transaction volumes attract regulatory attention, or that the third-party provider imposes more restrictive terms as the business becomes a larger proportion of the provider';s regulated activity. Delaying the licensing decision by twelve months does not reduce the cost of licensing - it simply defers it while the business continues to bear the costs and constraints of the third-party arrangement.
FAQ
What is the most significant practical risk in a European financial license application?
The most significant practical risk is submitting an application that the NCA considers incomplete or inadequate, triggering a request for information that pauses the regulatory clock and restarts the effective timeline. This risk is highest for applicants who have not engaged with the regulator before submission, whose business plan does not adequately describe the EU-specific operating model, or whose AML programme does not meet current EU expectations. The consequence is not merely delay - repeated or substantive RFIs can signal to the regulator that the applicant lacks the organisational capacity to operate a regulated business, which may influence the outcome of the application. Thorough pre-application preparation and regulator engagement are the most effective mitigants.
How long does European financial licensing take, and what does it cost?
For an EMI or PI license, a realistic timeline from the start of the pre-application process to license grant is nine to fifteen months for a well-prepared application to a responsive NCA. MiFID II investment firm applications typically take twelve to twenty-four months. Banking licenses take eighteen to thirty-six months or longer. Advisory fees for EMI and PI applications typically start from the low tens of thousands of euros for straightforward cases and rise significantly for complex structures. MiFID II applications are more expensive. Capital requirements range from EUR 20,000 for a basic PI to EUR 5 million or more for a credit institution. Ongoing compliance costs - compliance staff, AML infrastructure, regulatory reporting - are a recurring annual expense that must be budgeted from the outset.
When should a business choose passporting over obtaining separate licenses in multiple EU jurisdictions?
Passporting is the appropriate choice for most businesses entering the EU market for the first time, because it allows access to the entire single market from a single license at a fraction of the cost of multiple separate licenses. The case for separate local licenses becomes stronger when the business has significant operations or a large client base in specific member states whose NCAs prefer locally licensed entities, when the home NCA';s supervisory culture creates friction with the business model, or when the business has grown to a scale where the regulatory risk concentration in a single home jurisdiction is strategically unacceptable. The decision should be reviewed periodically as the business grows, because the optimal structure at launch may not be the optimal structure at scale.
Conclusion
Financial licensing in Europe is a structured, demanding, and ultimately manageable process for businesses that approach it with adequate preparation, realistic expectations, and a clear understanding of the regulatory framework. The key decisions - license category, jurisdiction, governance structure, and AML programme - must be made on the basis of the business model and the long-term regulatory relationship, not on the basis of perceived shortcuts. The cost of getting these decisions wrong is measured in months of delay and hundreds of thousands of euros in remediation costs.
Our law firm VLO Law Firms has experience supporting clients across Europe on financial licensing and regulatory compliance matters. We can assist with jurisdiction selection, pre-application regulator engagement, application preparation, fitness and probity assessments, AML programme development, and passporting procedures. To receive a consultation, contact: info@vlolawfirm.com
To receive a checklist on the full European financial licensing process - from jurisdiction selection to post-license compliance obligations - send a request to info@vlolawfirm.com