AML Compliance Guidelines: Lithuania

Lithuania is a member of the European Union and one of the three states on the Eastern shore of the Baltic Sea. In recent times, the Baltic state has emerged as a fintech hub, especially in digital banking, blockchain, and payment services.

Its highly educated workforce, well-developed digital infrastructure, and business-friendly and relaxed licensing environment have proved to be the best bet for many financial companies from the EU and outside.

Whereas this expansion brought economic prosperity, it also increased vulnerability to financial crimes, such as complex money laundering schemes, illicit cryptocurrency transactions, and sanctions evasion risks, mainly linked to Belarus and Russia.

Lithuania FATF Compliance

Lithuania’s Mutual Evaluation Report (MER), adopted in 2018 by Moneyval, identified some shortcomings in key areas, including the regulation of the non-financial sector (such as accountants and real estate agents), the application of a risk-based approach, transparency, beneficial ownership of legal persons, and the implementation of international sanctions.

As a result, the Baltic state was rated partially compliant on eight FATF recommendations. Though the country has made significant progress since then, some shortcomings remain, so Lithuania is rated partially compliant on four out of 40 Financial Action Task Force (FATF) recommendations.

Latest National Risk Assessment of Lithuania

The Third National Risk Assessment (NRA) of Lithuania, published in 2024, identified very high risks of money laundering and terrorist financing in two sectors: cryptocurrency operators and e-money or payment institutions. Notably, both of these sectors have underlying risks associated with new technologies.

To give an idea about the risk level, 97% of the STRs in 2023 were filed by these two sectors, as per the report published by the Financial Crime Investigation Service. Other sectors facing a significant threat of money laundering were identified as the trade in real estate, money remittance, and the professions of accountants, auditors, and tax advisors. These sectors need a robust and proactive approach to their AML compliance obligations.

Lithuania has implemented a robust anti-money laundering (AML) and counter-terrorism financing (CTF) framework to mitigate the risks of financial crime, particularly money laundering activities. These AML Guidelines for Lithuania aim to provide an overview of the laws, supervisory authorities, and compliance obligations applicable to entities subject to Lithuania’s AML regulations.

Key AML and Sanction Laws and Regulations in Lithuania

Law on the Prevention of Money Laundering and Terrorist Financing (AML/CTF Law)

The AML/CTF law is the primary legislation that transposes the 5th AML Directive and subsequent amendments into Lithuania’s legal system. This law lays the foundation of Lithuania’s AML Framework. The Anti-Money Laundering Act of Lithuania sets out the measures required to prevent money laundering and terrorism financing in Lithuania, as well as designates businesses and professions that will be obliged to implement these measures.

EU AML Directives and Regulations

EU AML Regulations are directly applicable in every EU member state, whereas EU Directives are implemented by transposing them into the national legislation. As an EU member, Lithuania is required to comply with EU AML Regulations, including the 5th and 6th AML Directives.

Law on International Sanctions (Sanctions Law)

This Law implements international sanctions in Lithuania, including those issued by the United Nations (UN) and the European Union (EU), or any other international organization of which Lithuania is a member, or in which it participates. This Law also defines the nature, scope, categories, and purpose of international sanctions in Lithuania. It also designates competent authorities responsible for ensuring compliance with the applicable sanctions in Lithuania.

Regulatory and Supervisory Authorities

Financial Crime Investigation Service (FNTT)

The FNTT or FCIS is the primary authority tasked to protect the Lithuanian financial system by uncovering crimes and legal violations. The FCIS achieves these goals by uncovering and conducting pre-trial investigations and implementing an AML/CFT strategy in coordination with supervisory authorities. The Service also acts as the country’s Financial Intelligence Unit (FIU), responsible for receiving, analyzing, and investigating suspicious transaction reports.

Bank of Lithuania (LB)

Apart from regulating and issuing currency and monetary policy of the country, the Bank of Lithuania also supervises financial market participants and monitors their compliance with obligations mandated under AML/CTF Law. The Bank enforces compliance with AML obligations by issuing guidelines, conducting inspections, and imposing penalties for verified violations.

Other Supervisory Authorities

Other supervisory authorities responsible for AML/CFT compliance within the sectors regulated by them include the Gaming Control Authority, the Lithuanian Bar Association, the Lithuanian Chamber of Auditors, the Lithuanian Chamber of Notaries, the Chamber of Judicial Officers of Lithuania, and the Lithuanian Assay Office.

Who is Subject to AML Laws in Lithuania?

The AML/CFT measures apply to both financial and non-financial sectors, including:

Financial institutions:

• Banks
• Credit institutions
• Insurance companies
• Payment service providers
• E-money institutions
• Fintech companies
• Crowdfunding Platforms
• Financial market intermediaries
• Virtual Asset Service Providers (VASPs) such as cryptocurrency exchanges and wallet providers

Designated Non-Financial Businesses and Professions (DNFBPs):

• Lawyers & Notaries
• Accountants & Auditors
• Real estate agents
• Dealers in high-value goods such as jewelry and art
• Non-Profit Organizations (NPOs)

Key AML Compliance Obligations

Risk Assessment

Risk assessment is the foundational stone of a risk-based approach (RBA). The goal is to create a risk profile of each customer and categorise them according to their risk levels, in order to apply measures proportionate to their risk levels. Obligated entities must conduct risk assessments to identify and mitigate money laundering and terrorist financing risks associated with their customers, products, services, and business operations.

Customer Due Diligence (CDD)

Financial Institutions and other obliged entities must include the following measures in the CDD process:

• Identify and verify the customers and beneficial owners
• Obtain information on the intended nature and purpose of the business relationship
• Establish ownership, control structure, and nature of its activities, if the customer is a legal entity

When applying the above measures, ensure there are no grounds to apply EDD (including by screening the relevant persons against PEP lists).

When to identify customers:

• Before establishing business relationships
• Conducting occasional transactions that equal or exceed €15,000 (or equivalent)
• For foreign exchange operations in cash that equal or exceed €3,000
• For virtual currency exchanges, deposits or transactions of €1,000 or more
• Money remittance services in cash that equal or exceed €600
• If there are doubts about the accuracy of identity data previously obtained
•  When there’s a suspicion of money laundering or terrorist financing

Some sector-specific cases:

• Identify the customer before proceeding with real estate transactions of €10,000 or more paid in cash
• Lottery companies must verify customers when the amount of winnings exceeds €1,000
• Gaming (casinos) operators must verify customers when conducting transactions in cash that exceed €1,000

On-going Monitoring

Monitor customers’ activity and transactions throughout the business relationship to ensure they match the institution’s knowledge of the customer, its risk profile, and source of funds. Regularly review documents and data about the customer and beneficial owner obtained during the CDD process to keep it up-to-date.

Enhanced Due Diligence

Enhanced customer due diligence (CDD) is required when establishing a business relationship or conducting a transaction in the following situations:

• Establishing a correspondent relationship with an FI from a third country
• Dealing with politically exposed persons
• Dealing with customers from high-risk third countries identified by the European Commission
• Dealing with customers from high-risk jurisdictions listed by the FATF
• A higher ML/TF risk is identified in the risk assessment process

Politically Exposed Person (PEPs)

Reporting institutions should have a risk management system to identify PEPs. Bank of Lithuania Guidelines and Association of Lithuanian Banks Guidelines recommend using PEP screening as part of the risk assessment and customer due diligence process. When dealing with PEPs, their relatives, or close associates of a PEP, obliged institutions must:

• Get approval from senior management before starting or continuing business relationships.
• Verify the source of their wealth and the funds involved in transactions.
• Conduct enhanced, ongoing monitoring of their business relationships.

Suspicious Activity Reporting

Financial institutions and other obligated entities are required to file suspicious transaction reports (STRs) with the FNTT when potential money laundering or terrorist financing activities are identified.

Record-Keeping

Maintain all documents and data related to transactions and due diligence activities for at least five years after a business relationship is terminated.

Internal Controls and Compliance Programs

FIs and DNFBPs should have written policies, procedures, and controls in place as per regulatory requirements, including the appointment of a money laundering reporting officer. Have an independent audit function to review the effectiveness of the AML/CFT program.

Employee Training and Awareness Programs

Awareness and training of staff are fundamental elements that will determine the overall execution of the compliance program. FIs and DNFBPs should have an ongoing training and assessment system to ensure individuals responsible for AML compliance are aware of their roles and adequately equipped to discharge their duties.

Penalties for Non-Compliance

Non-compliance with AML Laws and Regulations carries significant consequences for companies and individuals alike. An individual convicted of a money laundering offense may face up to 7 years’ imprisonment.

Administrative penalties may reach up to €5,100,000 for financial institutions and up to €1,1000,000 for other AML obliged businesses. The same penalties can also be imposed on the participant or member of the management body of the legal entity that committed the violation.

In July 2024, Payeer UAB, a virtual currency wallet and exchange operator, was fined a total of €9.29 million, comprising €8.23 million for violations of International Sanctions and €1.06 million for breaches of AML/CFT Law.

Sanctions Screening and Compliance

Applicable Sanctions in Lithuania

As a member of the United Nations and the European Union, all individuals and entities in Lithuania are obligated to adhere to the sanctions imposed by these two Organizations. FIs and DNFBPs must screen transactions, customers, beneficial owners, and any other related parties against the UN and EU sanctions lists to ensure compliance with asset freezes and restrictions on dealing with sanctioned individuals or entities.

Apart from EU and UN sanctions, FIs and DNFBPs are advised to consider the risk of other international sanctions, such as those imposed by the Office of Foreign Assets Control (OFAC) and the UK HM Treasury, which can have a significant impact on their business and dealings. For this purpose, advanced watchlist screening services should be adopted that offer customization according to the business needs or risk appetite.

Sanctions Screening

Sanctions screening must be performed for all potential customers when conducting business with them, as well as for all existing customers on an ongoing basis, to maintain compliance with the updated sanctions list.

Non-Compliance Penalties for Sanctions

In Lithuania, violations of international sanctions can result in fines of up to 100% of the funds or property involved in the breach, or 5% of the gross annual income, and potential confiscation of related goods or funds in addition to the fine.

Best Practices for AML Compliance in Lithuania

Ensuring effective AML and sanctions compliance is not only a regulatory obligation but also a crucial part of sound business practices. The following are some practical guidelines and best practices that can help reporting institutions meet their compliance obligations efficiently:

1. Adopt a risk-based approach through comprehensive AML checks to ensure efficient allocation of resources.
2. To detect high-risk customers and transactions, adopt technologically advanced AML solutions to automate processes like sanctions screening, PEP screening, and transaction monitoring.
3. Leverage adverse media screening to monitor predicate offenses, including illicit drug trafficking, smuggling, theft, and corruption that generate a significant part of illegal proceeds.
4. Establish strong internal controls and procedures, including independent audits and reviews to measure the effectiveness of AML/CFT compliance.
5. Regularly train employees on internal policies, financial crime typologies, and regulatory requirements.

Lithuania and Secondary Sanctions Risk

Lithuania’s aspiration to be a fintech hub in Eastern Europe, while bordering heavily sanctioned jurisdictions like Russia and Belarus, places its businesses at the crossroads of complex and overlapping sanctions regimes.

Compliance demands extend beyond EU and domestic Lithuanian sanctions lists to include the extraterritorial reach of U.S. OFAC sanctions, particularly secondary sanctions that penalize non-U.S. entities engaging with sanctioned parties.

Manually discerning which U.S. sanctions have extraterritorial implications is a resource-intensive and error-prone process, often forcing firms to adopt overly cautious measures, such as de-risking legitimate clients to avoid penalties. This approach not only sacrifices revenue but also risks violating the EU Blocking Statute, which prohibits compliance with certain extraterritorial U.S. laws.

AML Watcher addresses this dilemma with a cutting-edge solution: a proprietary sanctions database enriched with secondary sanctions labeling to distinguish obligations with global enforcement risks.

The platform enables institutions to identify entities subject to primary and secondary sanctions while ensuring adherence to conflicting legal regimes by automating real-time alignment with EU, Lithuanian, and U.S. regulatory frameworks. Advanced contextual intelligence filters out false positives, reducing manual oversight by up to 70%, while ongoing monitoring safeguards against evolving geopolitical threats.