🇱🇹 Will AMLD6 reshape Lithuania’s crypto and payments sector more than expected?

🏛️ Regulatory foundation: AMLD6, MiCA, and Lithuania’s response

AMLD6 tightens liability regimes, expands the catalogue of predicate offences (including aiding, abetting, and attempt), and enhances cross-border cooperation and freezing/confiscation powers. It places stronger obligations on national authorities and legal persons, aiming for harmonised enforcement across Member States.

At the same time, the Transfer of Funds Regulation (TFR) now incorporates crypto-asset transfers, effectively enforcing the “travel rule” across CASPs (crypto-asset service providers). This means originator and beneficiary data must accompany transfers, regardless of the threshold. In Lithuania, the Financial Crime Investigation Service (FCIS) already expects CASPs to record and share originator/beneficiary information in all transactions.

Lithuania adopted its Law on Markets in Crypto-Assets on 11 July 2024, explicitly aligning with MiCA Title V, and designated the Bank of Lithuania as the competent authority for authorisation and supervision of CASPs. The national law mirrors MiCA’s governance, risk, capital, and consumer-protection obligations.

In late 2024, Lithuania’s Bank and FCIS signed a cooperation agreement to strengthen AML/CFT oversight over crypto firms. The ambition is clear: only operators meeting both MiCA and AMLD6 standards should survive.

Yet Lithuania’s transitional regime is under adjustment. Initially, operators were to apply for CASP licenses by 1 June 2025, but in May 2025, the Lithuanian Parliament extended the deadline to 1 January 2026. Meanwhile, the Bank of Lithuania confirms that the transitional period ends on 31 December 2025, after which the provision of crypto services without an MiCA license becomes illegal. These overlapping dates indicate some regulatory discretion and possible tension in enforcement timing.

The Bank of Lithuania has warned crypto operators that if they do not intend to continue under MiCA, they should begin winding down now-informing clients, returning assets or transferring them, and ceasing service acceptance ahead of the cutoff. After the transitional period ends, non-licensed crypto services are deemed illicit. Lithuanian law prescribes that providing financial services without proper licenses may carry fines, restriction of liberty or imprisonment of up to four years.

These reforms build upon Lithuania’s earlier crypto-AML regime, which required VASP registration (via the State Enterprise Centre of Registers), capital thresholds (traditionally approximately €125,000), and resident management. Under MiCA, capital requirements vary (commensurate with risk level and service type, often ranging from €50,000 to €150,000).

Thus, Lithuania’s regulatory regime now binds crypto firms to a hybrid of national measures, MiCA rules, and overarching AMLD6 expectations.

🔍 Compliance challenges and legal tension points

Transitional timing and uncertainty

Because Lithuania extended the transitional deadline to 1 January 2026, yet maintains a formal cutoff at 31 December 2025, providers face uncertainty on exactly when enforcement pressure will fully kick in. Some firms may risk operating in a grey zone if licence approval lags behind the legal cutoff.

Expanded liability under AMLD6

AMLD6’s broader liability scope may capture service providers previously shielded under narrower national definitions. A CASP or payment intermediary could face aiding/abetting or attempt liability for transfers they facilitate. This is particularly acute for cross-border or linking operations.

Travel rule and data architecture

The requirement to transmit full originator and beneficiary information for all crypto transfers (even low-value) imposes heavy data-governance, IT, privacy and cross-border compliance demands. In Lithuania, there is no de minimis threshold for the travel rule: all transfers by CASPs must carry full data. Smaller firms or new entrants may struggle to build compliant systems in time.

Enforcement capacity and regulatory stress

Lithuania’s supervisory bodies (Bank, FCIS) must scale resources fast to monitor, evaluate license applications, inspect, and enforce in a new regime. AMLD6 also envisages more EU-level coordination via AMLA, mutual evaluations, and common standards, meaning local bodies must perform to EU expectations.

Cross-border providers and passporting friction

CASPs operating in Lithuania under EU passporting but without physical presence might find themselves caught between national enforcement and EU oversight. Some decisions (or disputes) might be escalated through AMLA or require cooperation between national authorities. The legal boundaries of liability for providers without a local footprint remain an unsettled area.

Risk to payment service providers integrating crypto

Payment providers or aggregators that embed crypto rails (or EMTs) may fall within scope under the broadened obligations. They may need to comply with both payment-service licensing and CASP obligations, especially if they facilitate crypto-fiat on-ramps or custody services. This dual regulation adds complexity in governance, capital, and contract structuring.

📊 Case scenarios and real examples

Scenario A: A Lithuanian CASP neglecting the travel rule

A Lithuanian exchange fails to transmit beneficiary details for cross-chain transfers. Under AMLD6 and TFR, it may be liable for facilitating opaque transactions, even if it claims it acted only as a technical bridge. The legal risk includes administrative fines and criminal exposure, as well as possible revocation of the license.

Scenario B: A payment aggregator integrating crypto on-ramps

A payment aggregator enables merchants to accept crypto via third-party wallets without itself holding a license. But under AMLD6/MiCA, its services may be reclassified as “reception and transmission of crypto-asset orders,” thus requiring CASP registration and full compliance. If it fails to comply, it risks retroactive enforcement.

Real example: FNTT and Lithuanian enforcement

Lietuvos bankas has already warned that some operators not seeking a MiCA license should begin winding down, and that post-2025 their operations will be illegal. The Bank also publicly flagged that the FNTT in 2024 imposed a “record fine” on a virtual currency operator (≈ €9.3 million) for AML breaches, signalling serious regulatory resolve.

In the payments sphere, the Bank of Lithuania has historically fined e-money institutions for AML or sanctions non-compliance (e.g. the Nexpay case) as a signal that strong enforcement can follow in adjacent financial sectors.

As the MiCA/CASP regime matures, a Lithuanian CASP must anticipate audits, inspections, documentation demands, cross-border reporting, and enforcement actions-even retroactive ones if violations occurred before licensing.

✅ Conclusion

Lithuania now stands at a critical juncture: combining AMLD6’s force with MiCA’s crypto licensing regime, it demands immediate and precise compliance from crypto and payment providers. While Lithuania has been proactive and relatively advanced, key uncertainties remain: the precise enforcement start date, the burden of expanded liability, the technological demands of the travel rule, and the interplay with EU-level oversight. Real-world examples and hypotheticals indicate that firms cannot afford to wait-they must act now with legal and technical diligence.

If your business operates, or plans to operate, in the Lithuanian crypto or payments space, you would benefit from legal support for licensing, AML compliance, gap analyses, and risk mitigation. Contact NUR Legal-we offer tailored advisory services in this rapidly evolving regime to help safeguard your operations.

#CryptoRegulation #AMLD6 #MiCA #Lithuania #CASP #Payments #AML #Crypto #FinancialCompliance #EUlaw