Starting 1 January 2026, all electronic money institutions (EMI’s) and payment institutions (PI’s) operating in Lithuania must comply with the enhanced governance, risk management, safeguarding of clients’ funds, and internal control rules established in the Bank of Lithuania’s Resolution No. 03-33.
Under the new regulation, financial institutions must proactively strengthen internal control, risk management and governance. Here are the key points:
– An institution must appoint a senior and qualified officers responsible for Internal Audit, AML/CTF, Compliance, Outsourcing, Risk Management and other control functions, unless the Company is small and has no hierarchical structure.
– The updated provisions introduce more detailed requirements for safeguarding clients’ funds. These requirements include a recommended minimum of two safeguarding accounts, reconciliation obligations for institutions using multiple safeguarding methods, and investment rules that ensure client funds are placed only in safe, liquid, low-risk assets. No more than 70% of the funds can be allocated to investments.
– The overall organisational structure must clearly define the functions of intermediaries and outsourced entities, assign responsibilities, and outline supervision procedures. If the institution operates as a subsidiary, the structure must reflect that of the parent company.
– Responsibilities for risk management must extend beyond the risk officer to all divisions and take into account the institution’s risk tolerance. The supervisory body must approve an internal risk strategy. The risk officer contributes to the development of this strategy, supports decision-making, and submits an annual risk report. Additionally, the management body must review and update risk management plans annually.
– More detailed requirements in terms of Internal Audit. The internal auditor must monitor the correction of identified deficiencies, must perform elimination and perform control over its elimination, as well as escalate any significant violations of the implementation to the supervisory and management bodies.
– If a supervisory board is not required by law or the articles of association, the requirements applicable to a supervisory board shall instead apply to the management body. Each key area, such as strategic planning, AML/CTF, Risk Management, client fund protection, capital management, Internal Audit, Finance and Accounting, as well as Compliance, must be assigned to the supervision of at least one member of the collegial management body
AUDIT AND ADVOSORY LITHUANIA regulatory compliance experts can assist in revising your internal documents to prepare for implementing the legal requirements and ensure compliance.
