As Lithuania, the financial powerhouse of the Baltic states, enjoys a wave of fintechs obtaining financial licences, recent years indicate regulators play a balancing act between fostering innovation and preventing financial crime through robust AML/CTF frameworks. Whilst Lithuania’s fintech market booms, despite numerous money laundering scandals in the Baltic states, one thing is certain; regulators will continue to tread the fine line between stepping up AML/CTF compliance measures, whilst also supporting an innovative ecosystem for start-ups. Lithuania’s fintech boom may just be a wave destined to crash for businesses ill-equipped to face the constantly changing compliance measures.
As the swathe of money laundering scandals swept through the Baltic states between 2010 and 2018, the post-Soviet vision of acting as a bridge between east and west appeared fanciful. If anything, the bridge allowed a syndicate of trojan horses to infiltrate Europe’s financial system under the guise of increasing international investment. The scandals exposed not only the region’s vulnerability to money laundering but also the weaknesses of the EU’s AML/CTF regulatory framework.
The widespread money laundering revealed the titanic failure of regulators and financial institutions to identify suspicious transactions. Swedbank’s three Baltic subsidiaries processed approximately $19 billion of suspicious incoming transactions, and $20 billion outgoing, between 2014 and 2019. In Estonia, Danske Bank also failed to detect money laundering, resulting in an estimated $200 billion in suspicious transactions flowing into the country, making it likely the largest money-laundering operation in history. Similarly, Ukio in Lithuania became a crucial steppingstone for the Troika Laundromat, funnelling an estimated $4.9 billion out of Russia and into Europe. In 2018, Latvia’s third-largest bank, ABVL, went into voluntary liquidation due to systematic money laundering, which led to the circumvention of sanctions on North Korea. The following year, there were also corruption allegations against the governor of the Central Bank of Latvia.
In response, regulators re-evaluated their approach and placed the Baltic states under intense scrutiny to ensure they were better equipped to combat money laundering. Despite the goal of developing a global fintech hub in Lithuania, the country has struggled to swallow MONEYVAL’s medicine, being downgraded during the Enhanced Follow Up Report from ‘largely compliant’, to ‘partially compliant’.
As Lithuania courts fintechs via a throng of attractive measures such as tax rebates, as well as technical and legal cooperation, it also risks replicating the same relaxed AML/CTF compliance mistakes of the past. This is precisely why regulators at the intergovernmental and international level have hammered Lithuania’s on its head during their evaluations.
By 2019, Lithuania was enjoying its crowned position as the largest growing fintech sector in the European Union. Challenger banks, EMIs and FX have become increasingly prominent in Lithuania. More recently, the country is showing signs of becoming the new epicentre of govtech. Yet, of all the fintech niches, payments and remittances had been central to Lithuania’s burgeoning economy, accounting for 37% of the fintech sector in 2020.
How such a small economy outbid the rest of Europe reflects Lithuania’s flexibility of regulation for fintechs. It reduced the electronic banking licence application timeline to three months, whereas most European countries take twelve. Lithuania provided English translation for documentation, and for lending and payments companies it also lowered the minimum capital threshold to $1 million, whereas traditional banks require $5 million.
Yet, Lithuania has simultaneously been stepping up its regulatory framework for combating financial crime despite these ease of business measures. Lithuania became one of the first countries in the world to adopt the IMF and World Bank’s guiding principles for fintech regulation.
Marius Jurgilas, board member for the Bank of Lithuania notes this high wire balancing act, “Seeking to achieve a balanced approach, we maintain a supportive and open attitude to help foster innovation in the financial sector, while at the same time demanding strict regulatory compliance to ensure appropriate risk management.”
Even though the European regulatory focus is now on the innovators, the recent Wirecard scandal shows that the measures in Lithuania are still not enough to effectively curb financial crime. Like a broken record in a loop, this has been met yet again with increased pressure from regulatory bodies at the EU level for Lithuania to improve its level of oversight of the fintech sector.
The ebb and flow of financial regulation in Lithuania reflects its aim of developing an attractive ecosystem for innovators, whilst also maintaining efforts to impose strict anti-money laundering requirements. Developing a nuanced approach where regulations are proportionate to the size and risk of the company would be an important step forward for maintaining the longevity of the fintech boom.
Efforts such as the Bank of Lithuania’s regulatory sandbox, which allows start-ups to live test their solution in a controlled environment, whilst also allowing the bank to identify risks, is a promising development. Initiatives such as these that develop dialogue will help foster financial innovation while mitigating risk and regulatory shortcomings. Additionally, the newcomer programme is another promising initiative that promotes dialogue between regulators and new entrants to the market.
For the fintech sector, Lithuania’s flippant approach to regulation can be a major impediment for financially strapped start-ups aiming to scale their business, while also maintaining compliance. Too often, compliance measures rely on applying static transaction monitoring rules based on outdated risk typologies, which create a blind-spot as illicit actors continually
adapt their modus operandi. The results of this process are costly and time-consuming as they require the manual assessment of large numbers of false-positive transactions.
However, budding innovative financial institutions in Lithuania, such as Mano.bank – a digital bank delivering easy access to financial products for both individuals and businesses, are now proactively addressing regulatory compliance measures by partnering with regtech companies using future-proof AI technologies. AI-powered transaction monitoring systems offer future-proof support helping fintechs remain compliant with the fast-paced regulatory landscape, at the same time accelerating their business growth. While Mano.bank's use of an AI-powered transaction monitoring system may make it an outlier today, AI-based solutions are already shaping the future of the industry.
If we can glean a lesson or two from Lithuania’s financial sector’s recent history, regulatory measures will continue to ebb and flow. Lithuania has developed its fintech sector largely due to the innovative approach taken by regulators to foster innovation but the ease of gaining a payment institution license comes at a cost. Inherent in innovation are mistakes and blunders. For young financial institutions to succeed they need to approach transaction monitoring compliance with innovative solutions that allow the flexibility to easily adapt processes according to the changing regulations. Technologies like machine learning are emerging as a path forward for fintechs aiming to scale their business, whilst maintaining regulatory compliance. As Lithuania continues to cement its position as Europe’s fintech hub, quashing money laundering, quashing money laundering will continue to be front and centre for regulators. For those unable to implement the right regtech solutions and keep pace with the changing AML/CTF regulatory environment, capitalising on Lithuania’s fintech boom may just be a mirage on the horizon.
Sentinels' mission is to balance the fight against financial crime by arming financial institutions with better client surveillance solutions. Get in touch to learn more about our AML and transaction monitoring tool.
Sentinels (‘us’, ‘we’, ‘ our’’) is dedicated to protect the confidentiality and privacy of your personal data and information entrusted to us. This Privacy Statement provides an overview of our standard data processing activities and sets forth your rights in relation to the processing of your personal data.
Slimmer AI Sentinels B.V. a limited liability company incorporated under the laws of the Netherlands, Chamber of Commerce number 82155313, having its registered office at The Rock Atoomweg 6-B 9743 AK Groningen (‘Sentinels’).
We are responsible for processing your personal data in accordance with the European General Data Protection Regulation (‘Data Protection Regulation’).
We have appointed a Data Protection Officer (DPO) for you to contact if you have any questions or concerns about this Privacy Statement and/or your rights set forth in this statement. Please contact us at firstname.lastname@example.org.
This Privacy Statement provides information about collecting, storing and processing of your personal data that you disclose to us when you use our services.
The type of personal information we collect may depend on how you interact with us and our platform and which services you choose to use. Generally, we collect, store and use the following personal information: name, surname, job title, company, business type, and email address.
When you choose to use our services, you agree to provide us with most of the personal data when you:
We process your personal data in accordance with the provisions of Data Protection Regulation. We will only use and process your personal data we obtain in the context of commercial relationship. We intend to use and process your personal data under the following conditions:
In case we rely on consent as a legal basis for processing your personal data, please note that you have the right to withdraw your consent at any time by contacting at email@example.com. However, please consider that withdrawing the consent may affect the legal basis of processing of your data, hence we may not be able to provide certain products or services to you. If this is the case, you will be advised accordingly at the time you withdraw your consent.
We are committed to maintaining organizational and technical security measures to protect the personal data we hold about you. We have implemented a set of controls and relevant policies and procedures to prevent the personal data we hold about you from being accidentally or deliberately compromised.
Your personal data is stored in accordance with the provisions of the contractual agreements and/or applicable statutory obligations. We maintain adequate retention policies and procedures so that your personal data are deleted after a reasonable and prescribed time. The data will not be stored longer than is strictly necessary to achieve the purposes for which the data have been collected.
Data collected via the website will be retained until users unsubscribe (after which a new consent will be requested)
We do not transfer your personal data to third parties unless it is mandatory by law or court order, in order to protect the rights of the parties involved in the performance of the agreement or if you give your consent to do so.
Cookies are files with a small amount of data, which may include an anonymous unique identifier. We use functional cookies that are essential for technical operations necessary for the users’ navigation on the platform. These cookies also support the website security and basic functionality.
You can set your browser in order not to accept cookies. However, in certain cases, some of our website features may not function as expected.
For more information regarding the cookies in use can be found in our Cookies Policy.
You have the right (under the certain circumstances and subject to the exceptions), pursuant to Data Protection Act to:
You can exercise any of the above-specified data protection rights, by contacting us at: firstname.lastname@example.org.
Should you have any questions or concerns about this privacy statement or you would like to exercise one of your data protection rights, please do not hesitate to contact us at: email@example.com.
However, if you feel we haven't addressed your concern in a satisfactory manner, you have the right to contact the Data Protection Authority.
Address: PO Box 93374, 2509 AJ DEN HAAG
Telephone: +31 70 888 85 00
Privacy Statement Version
This Privacy Statement was last modified on September 1, 2021.
We reserve the right to update or change our Privacy Statement at any time and you should check this Privacy Statement periodically. Your continued use of the service after we post any modifications to this Statement will constitute your acknowledgement of the modifications and your consent to abide and be bound by the modified Privacy Statement.
If we make any material changes to this Privacy Statement, we will notify you either through the email address you have provided us or by placing a notice on our website.