What You Need to Launch a Fintech Company
A fintech company in 2026 needs five interlocking components: a regulated operating entity in the licensing jurisdiction, sufficient initial capital under the chosen regime, a payment institution or electronic-money institution authorisation, an operational and safeguarding banking arrangement, and a live compliance stack covering AML/CFT, DORA, and PSD2 reporting.
The operating entity is typically a private limited company in the licensing jurisdiction. The form varies: an osaühing (OÜ) in Estonia, a limited liability company in Cyprus, a private limited company in the United Kingdom, a free-zone company in Abu Dhabi or Dubai, a federal corporation under the Canada Business Corporations Act, or a proprietary limited company in Australia. Capital structure must reflect both the regulator’s minimum and the ongoing own-funds requirement under PSD2 Article 9 or the equivalent national rule.
The licence is the gate. Inside the EU, the relevant authorisations are PI under PSD2 (Directive (EU) 2015/2366) and EMI under EMD2 (Directive 2009/110/EC). In the UK, the equivalents are authorised PI and authorised EMI under the Payment Services Regulations 2017 and the Electronic Money Regulations 2011 respectively. Outside Europe, the routes diverge sharply: the UAE has three regulators (CBUAE for onshore, ADGM Financial Services Regulatory Authority, and DIFC Dubai Financial Services Authority); Canada operates two parallel regimes (FINTRAC for money-services-business registration and the Bank of Canada under the Retail Payment Activities Act); Australia regulates under AUSTRAC for remittance and is mid-reform on stored-value facilities and payment services.
Banking is the binding constraint, not the licensing one. A fintech company needs two distinct banking arrangements: an operational account for the firm’s own treasury (payroll, vendor payments, FX), and a safeguarding arrangement for client funds. PSD2 Article 10 and EMD2 Article 7 set the safeguarding rule: client funds held at end of business day must be segregated at an authorised credit institution or covered by an insurance policy or comparable guarantee. In our experience, the safeguarding letter, not the licence file itself, is the document that determines whether the authorisation lands on schedule.
Capital must be paid up before the file is filed. Under PSD2 Article 7, the initial capital for a PI is €20,000 (money remittance only), €50,000 (payment initiation services only), or €125,000 (services 1 to 5 of PSD2 Annex I). Under EMD2 Article 4, the initial capital for an EMI is €350,000. Ongoing own funds, calculated under PSD2 Article 9 or EMD2 Article 5 using Method A, B or C, must equal the higher of the initial capital or the method-based requirement.
Ongoing compliance is the permanent operating expense. The PSD2 conduct and reporting rules, the EU Travel Rule under Regulation (EU) 2023/1113 (where the firm intermediates crypto-asset transfers), the AML Regulation (Regulation (EU) 2024/1624) when it applies in full from , and DORA under Regulation (EU) 2022/2554 (applicable since ) run in parallel inside the EU. The UK FCA operates an equivalent perimeter under the EMRs, PSRs, and the FCA Handbook.
Experienced applicants begin safeguarding-bank conversations in parallel with the licence file, not after, because a regulator that opens an information request on the safeguarding section will not close the file on a “to be confirmed” answer. The dependency sequence is the differentiator. Formation runs first, but capital can be paid up alongside director appointments. Safeguarding pre-qualification should begin before capital is locked, because credible institutions onboard authorisation candidates once the application file is in the regulator’s queue, not after the grant.
Infrastructure Checklist
| Component | Purpose | Typical Timeline | Cross-Link |
|---|---|---|---|
| Company formation | Establish the regulated operating entity in the licensing jurisdiction | 1 to 4 weeks | Company formation |
| Licensing (PI or EMI) | Authorise the firm to provide payment services or issue electronic money | 4 to 12 weeks drafting; 3 to 18 months regulator review depending on jurisdiction | EMI & payment licensing |
| Safeguarding banking | Hold client funds at an authorised credit institution under PSD2 Article 10 / EMD2 Article 7 | 4 to 10 weeks once compliance documentation is complete | Banking |
| Operational banking | Provide treasury, payroll, FX, and vendor-payment infrastructure for the licensed entity | 2 to 6 weeks | Multi-currency accounts |
| Card scheme or BIN access | Issue cards (EMI) or acquire transactions, via direct scheme membership or principal-issuer programme | 8 to 24 weeks | (reference only) |
| Ongoing compliance | AML/CFT programme, MLRO, safeguarding audit, DORA ICT controls, PSD2 reporting | Permanent operating cost | (cross-reference within page) |
Choosing the Right Jurisdiction
The jurisdiction choice determines the regulatory framework, the capital requirement, the market access, the corporate tax treatment, and the realistic licensing timeline. For a fintech company, the key variables are EU passporting (or its absence), the distinction between full prudential authorisation and AML-style registration, and the relative weight of safeguarding rules in the home regulator’s onboarding assessment.
Six jurisdictions cover the credible mainstream choice set for a fintech founder operating in the EU, the UK, the Middle East, North America, or APAC. Inside the EU, Estonia and Cyprus offer PSD2/EMD2 authorisation with full passporting across all 30 EEA states under PSD2 Article 28 and EMD2 Article 3, at materially lower cost and timeline than the larger Member States. The UK FCA operates a comparable regime under the Electronic Money Regulations 2011 and the Payment Services Regulations 2017, but post-Brexit holds no EU passport. The UAE has three regulators with three distinct frameworks. Canada and Australia run AML-anchored registration regimes with no prudential capital floor, suited to remittance-led models rather than e-money issuance.
The credible-floor question is sharper for fintech than for crypto. A crypto exchange can route to an offshore VASP licence and operate from a Caribbean or Indian Ocean jurisdiction. A fintech that issues e-money cannot: e-money issuance requires authorisation in a jurisdiction with an EMI-equivalent framework, and the credible jurisdictions that issue EMIs are concentrated in the EU/EEA, the UK, the UAE free zones, and a handful of comparable hubs. Canada and Australia accommodate payment services but do not issue an e-money licence in the European sense.
Fintech Licensing Jurisdictions Compared
| Jurisdiction | Regulator | Licence Types | Initial Capital | EU Passporting | Corporate Tax |
|---|---|---|---|---|---|
| Estonia | Finantsinspektsioon (FI) | Authorised PI; PI by exception; Authorised EMI | €20k / €50k / €125k (PI by service); €350k (EMI) | Yes (PSD2 Art. 28) | 22/78 on distributions (effective 22%) |
| Cyprus | Central Bank of Cyprus (CBC) | Authorised PI; Authorised EMI; AISP-only registration | €20k / €50k / €125k (PI); €350k (EMI) | Yes (PSD2 Art. 28) | 15% CIT (from 1 Jan 2026); 2.65% GHS on dividends to residents |
| United Kingdom | Financial Conduct Authority (FCA) | Authorised PI; Small PI; Authorised EMI; Small EMI; Registered AISP | £350k-equiv.≈ $471K (AEMI); £20k≈ $27K / £50k≈ $67K / £125k-equiv.≈ $168K (API by service); lower for small categories | No (post-Brexit) | 25% main rate |
| United Arab Emirates | CBUAE (onshore RPSCS + SVF); ADGM FSRA Cat 3C; DIFC DFSA Cat 3C/3D/4 | RPSCS; SVF; ADGM Money Services; DIFC Providing Money Services; DIFC Stored Value Issuer | CBUAE: risk-based; ADGM 3C: USD 250k; DIFC 3D: USD 200k; DIFC 3C SVI: USD 500k; DIFC 4: USD 10k (advisory only) | No (third country to EU) | 9% federal CT above AED 375k≈ $102K; 0% QFZP with substance |
| Canada | FINTRAC (PCMLTFA); Bank of Canada (RPAA) | Money Services Business; Foreign MSB; Payment Service Provider (RPAA) | No minimum capital | No | 26.5% ON / 27% BC (federal 15 + provincial) |
| Australia | AUSTRAC (AML/CTF Act 2006); ASIC; APRA | Independent Remittance Dealer; Remittance Network Provider; Affiliate; future SVF/payment-service licence under Treasury reform | No minimum capital under AML/CTF Act | No | 30% headline; 25% base-rate entities below AUD 50m≈ $32.5M |
Choose Estonia if the priority is EU passporting at the credible floor on cost and timeline. The Finantsinspektsioon ran a six-month average review cycle on payment-institution files in 2024–2025, the licensing capital sits at the PSD2/EMD2 minimum, and the corporate tax structure (22/78 on distributions) leaves retained earnings untaxed at the entity level. See the full Estonia licensing guide for the operational detail.
Choose Cyprus if the priority is a Mediterranean base with English-speaking professional infrastructure and access to a regulator that has actively built EMI capacity since 2018. The Central Bank of Cyprus had roughly thirty new EMI applications under review in late 2024 alongside its existing 37-entity book, indicating active throughput rather than a closed pipeline. The 15% corporate tax rate (from ) is the published headline; effective economics depend on the application of the GHS levy.
Choose the United Kingdom if the target market is sterling-denominated and the value of FCA-grade institutional brand outweighs the loss of EU passporting. The FCA operates the most mature payments regulator globally with the deepest published guidance, and the Small EMI and Small PI categories provide a low-friction starting point for early-stage operators below the €3m monthly average payments threshold. The trade-off is real: a UK EMI cannot serve EU customers on a passporting basis after the temporary permissions regime closed on .
Choose the UAE if the target market is the MENA region, the UAE’s growing population of remittance corridors, or the institutional client base served from ADGM and DIFC. The three regulators are not interchangeable: onshore retail payments and stored-value activity sit with the Central Bank of the UAE; ADGM and DIFC issue financial-services permissions to firms domiciled in those free zones, with capital and conduct rules set in each regulator’s rulebook. The 9 percent federal corporate tax is offset by 0 percent free-zone treatment for Qualifying Free Zone Persons meeting substance tests.
Choose Canada if the model is remittance-led, cross-border money-services-focused, or aimed at the US-Canada corridor. The RPAA registration with the Bank of Canada has been live since , with 320 PSPs registered by October 2025, of which 80.9 percent headquartered in Canada and 13.4 percent in the United States. The absence of a minimum capital requirement is genuine; the safeguarding, risk-management, and incident-response obligations under the RPAA framework are not.
Choose Australia if the model is remittance, money-transfer, or APAC-focused payments without e-money issuance. AUSTRAC operates a registration-based regime under the AML/CTF Act 2006 with no minimum capital. Treasury’s Payments System Modernisation reform is mid-process: Tranche 1b draft legislation was released on , with consultation closing . The new stored-value-facility and payment-service framework will reach Parliament later in 2026 with a 12 to 18 month transition.
Setting Up Your Company
Company formation for a fintech is the first operational step because every subsequent component (capital, licence application, banking) requires a registered entity. The most common formation mistake is to incorporate in a tax-optimised jurisdiction that does not host the chosen licensing regulator, then face restructuring once the file opens.
Entity types vary by jurisdiction. Estonia uses the osaühing (OÜ); Cyprus uses the limited liability company; the UK uses the private limited company under the Companies Act 2006; the UAE uses free-zone companies in ADGM or DIFC for the relevant financial-services permissions, or a mainland LLC where the activity is regulated onshore by the CBUAE; Canada uses a federal corporation under the Canada Business Corporations Act or a provincial corporation; Australia uses a proprietary limited company under the Corporations Act 2001. Share-capital practice varies sharply: Estonia and Cyprus accept paid-in contributions to be made before the licence file progresses; the UAE typically requires the licensing capital to be paid up before the licence application is submitted.
Director and management substance matters more for fintech than for many other regulated activities, because the regulators assess the firm’s risk-management depth as part of the authorisation review. EU PSD2 home-state regulators apply fit-and-proper assessments to directors and substantial shareholders, and they apply substance tests to the management function: a registered office that is in fact occupied, executive management that is in fact resident, an MLRO who is in fact accountable in the jurisdiction. The UAE, Canadian, and Australian frameworks apply equivalent substance and residency standards.
Formation Snapshot by Jurisdiction
| Jurisdiction | Entity Type | Formation Cost (professional fees + state) | Formation Timeline | Capital at Formation |
|---|---|---|---|---|
| Estonia | Osaühing (OÜ) | €2,000 to €5,000 | 1 to 3 weeks (faster with e-Residency) | Nominal at formation; licence capital paid in before file progresses |
| Cyprus | Private Limited Company | €3,000 to €6,000 | 2 to 4 weeks | Nominal at formation; licence capital paid in pre-application |
| United Kingdom | Private Limited Company | £1,500 to £4,000≈ $2K–5K | 1 to 2 weeks | Nominal at formation; licence capital paid in pre-submission |
| United Arab Emirates | ADGM SPC / DIFC Co Ltd / Free-Zone Co / Mainland LLC | USD 8,000 to USD 25,000 | 4 to 10 weeks (free-zone), longer for mainland | Capital paid up before licence grant; typically pre-application |
| Canada | Federal Corporation under CBCA | CAD 2,500 to CAD 6,000≈ $2K–4K | 2 to 4 weeks | No regulatory capital floor under RPAA or FINTRAC MSB |
| Australia | Proprietary Limited Company | AUD 1,500 to AUD 4,000≈ $975–3K | 1 to 2 weeks | No capital floor under AUSTRAC RSP regime |
e-Residency in Estonia is operationally useful for non-resident founders managing the entity remotely; it does not substitute for the substantive presence the regulator expects from the management function during the licence file. The common formation mistake is layering a holding entity into a jurisdiction the home regulator later treats as an indirect parent for substance assessment, which adds three to six months mid-application. A simpler structure (operating entity in the licensing jurisdiction, one layer of holding above, substance in both places) survives most fit-and-proper reviews.
Licensing Requirements
A fintech company operating in the EU needs either a payment institution (PI) authorisation under PSD2 (Directive (EU) 2015/2366) or an electronic-money institution (EMI) authorisation under EMD2 (Directive 2009/110/EC). Initial capital ranges from €20,000 (PI, money remittance only) through €125,000 (PI, services 1 to 5) to €350,000 (EMI). Outside the EU, the route depends on the jurisdiction’s framework.
The EMI versus PI distinction. A payment institution may provide any of the eight payment services in PSD2 Annex I but cannot issue electronic money. An electronic-money institution may issue e-money and additionally may provide all payment services. The Annex I closed list covers cash placement and withdrawal, execution of payment transactions, execution against a credit line, issuing or acquiring of payment instruments, money remittance, payment initiation services, and account information services. The licence choice follows the product: an e-wallet that holds customer balances issues e-money, and so requires an EMI; a money-remittance app that moves funds without holding balances is a PI; a payment-initiation service is a PI; a card-acquiring business is a PI. PSD3, once in force, will collapse the EMI and PI categories into a single payment-institution framework with e-money issuance as an authorised sub-service.
Capital and own funds. Under PSD2 Article 7, PI initial capital is €20,000 for money remittance only (service 6), €50,000 for payment initiation only (service 7), and €125,000 for any of services 1 to 5. Under EMD2 Article 4, EMI initial capital is €350,000. The ongoing own-funds requirement, calculated under PSD2 Article 9 (Methods A, B, or C) or EMD2 Article 5, must equal the higher of the initial capital or the method-based figure. Capital must be held as own funds; PSD3, when in force, will index these floors to €25,000 / €50,000 / €150,000 / €400,000.
Safeguarding. PSD2 Article 10 and EMD2 Article 7 require client funds held at end of business day to be segregated at an authorised credit institution under a trust arrangement or covered by an insurance policy or comparable guarantee from an unaffiliated insurer or credit institution. The safeguarding letter is the document that determines whether the regulator closes the file: a generic template adapted from another fintech will not survive the first information request. In the UK, the Payments and Electronic Money (Safeguarding) Instrument 2025 (FCA 2025/38) has applied since and prescribes daily reconciliation and the form of the safeguarding acknowledgement letter.
Passporting and the agent model. An EU-authorised PI or EMI passports across the EEA under PSD2 Article 28 / EMD2 Article 3 by notification to the home regulator. PSD2 Article 19 permits a PI to provide payment services through agents in its name; EMD2 Article 3(5) extends this to EMI agents for payment services unrelated to e-money issuance. Agents and distributors cannot themselves issue e-money: only the principal EMI may issue. Agent registration with the home regulator typically takes two to three months from filing. The agent model is the standard route to time-to-market for an early-stage fintech that wants to operate before its own licence is granted.
MiCA and e-money tokens. Under MiCA Article 48(1), only credit institutions and EMIs may issue e-money tokens; Article 48(2) provides that e-money tokens are deemed to be electronic money. The EBA Opinion EBA/Op/2025/08 of and a follow-up opinion of confirmed that crypto-asset service providers that custody or transfer EMTs perform PSD2 payment services and must comply cumulatively with MiCA Article 67 / Annex IV capital and PSD2 Article 7 capital. The transitional regime under the EBA No-Action Letter ended . A founder building a euro stablecoin needs an EMI licence as a prerequisite, plus MiCA Title IV authorisation, plus the PSD2 capital overlay if any CASP-classified activity sits inside the operating entity.
Non-EU licensing pathways. Outside the EU, the routes diverge:
- United Kingdom: the FCA regime mirrors PSD2 in substance under the Electronic Money Regulations 2011 and Payment Services Regulations 2017, with the practical difference that there is no EU passport and the FCA operates the Small EMI and Small PI categories for firms below the €3m monthly average payments threshold.
- United Arab Emirates: three regulators apply. The Central Bank of the UAE covers onshore retail payment services (RPSCS Circular 15/2021) and stored-value facilities (SVF Circular 6/2020); the ADGM Financial Services Regulatory Authority handles Money Services Business permissions (Category 3C, base capital USD 250,000); and the DIFC Dubai Financial Services Authority issues Providing Money Services and Stored Value Issuer permissions (Category 3D from USD 200,000, Category 3C from USD 500,000, with Category 4 (advisory/arranging only) from USD 10,000).
- Canada: two parallel regimes apply. FINTRAC MSB registration sits under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act, and Bank of Canada PSP registration sits under the Retail Payment Activities Act, live since with a one-off registration application fee of CAD 2,500 (November 2024 base, indexed annually by the change in Canada's September all-items CPI per s.25(1) RPAR).
- Australia: AUSTRAC regulates remittance and money-transfer activity under the AML/CTF Act 2006, with the Treasury Payments System Modernisation reform expected to introduce a new SVF and payment-service framework from 2027.
For the full EMI and payment-institution category page, see the EMI and payment licensing guide. For the UK route under Brexit conditions, see the licensing overview.
Banking
Banking is the single most underestimated component of a fintech launch. A licensed fintech needs two distinct banking arrangements: a safeguarding arrangement for client funds, and an operational account for the firm’s own treasury. The safeguarding side is the regulator’s gate; the operational side is the firm’s runway.
The safeguarding question is the binding constraint, not the operational question. PSD2 Article 10 and EMD2 Article 7 require client funds held at end of business day to be segregated at an authorised credit institution under a trust arrangement, or covered by an insurance policy or comparable guarantee. The institution issues a safeguarding acknowledgement letter confirming trust status, off-balance-sheet treatment, no set-off against the institution’s claims, and exemption from the institution’s general lien. The letter is the document that determines whether the regulator closes the licence file: a draft letter is not enough; the executed letter is what the regulator wants to see. In the UK, FCA Instrument FCA 2025/38 (applicable from ) prescribes the letter form, daily reconciliation, and the annual independent safeguarding audit.
The operational banking layer covers treasury, payroll, FX, and vendor payments. An EU-licensed fintech typically holds operational accounts at one or two credit institutions and uses an EMI-style provider for FX and multi-currency settlement. Direct membership of SEPA Direct (Credit Transfer or Instant) requires participation in TIPS or a sponsor relationship with a TIPS-participating credit institution; most EMIs and PIs operate as Indirect Participants and depend on a sponsor bank for clearing. Correspondent banking and a SWIFT BIC become relevant for non-SEPA flows: increasingly scarce after the global de-risking cycle of 2015–2025, but obtainable for licensed entities with credible AML programmes.
Through Jagelski & Partners’ partner network, businesses placed more than fourteen billion euros in client turnover across banking and EMI relationships in 2025. Placement runs as pre-qualification across the network rather than sequential applications: the firm’s analysts assess the client profile against the live appetite of more than 90 institutions, surface credible matches for both the safeguarding leg and the operational leg, and run the placement in parallel with the licence application. In our experience, fintech founders who secure a safeguarding letter before the file is filed shorten the path to authorisation by four to ten weeks, because the regulator’s safeguarding question is answered when the file is read, not after.
Jagelski & Partners is paid by the institution, not by the client. We do not charge an onboarding fee. The pricing on the client’s account-opening documentation is the institutional rate. There is no markup layered on top of institutional pricing.
Ongoing Compliance
Ongoing compliance is a permanent operating expense, not a one-time licensing event. For an EU-authorised EMI or PI, the compliance perimeter runs across AML/CFT, PSD2 conduct and reporting, safeguarding audit, complaints handling, passporting notifications, and DORA. The realistic annual envelope for a mid-sized EMI sits between €1.0m and €2.0m.
AML/CFT. EU PIs and EMIs are obliged entities under the Anti-Money Laundering Directives (currently 5AMLD and 6AMLD). The new AML Regulation, Regulation (EU) 2024/1624, applies in full from ; AMLD6 (Directive (EU) 2024/1640) must be transposed by the same date, with certain beneficial-ownership register interconnection and access provisions (Article 74 AMLD6) applying from . The European Anti-Money Laundering Authority (AMLA) has been operational in Frankfurt since . The MLRO function is a permanent senior-management appointment, and the AML/CFT manual is a living document the regulator can request at any time.
PSD2 conduct and reporting. The EBA Guidelines on fraud reporting and on major incident reporting (EBA/GL/2017/10, since superseded) govern statistical and incident reporting cycles. ECB Regulation (EU) 2020/2011 (Payments Statistics) imposes harmonised statistical reporting on PSPs. PSR, when in force, will introduce a collaborative fraud-data sharing platform among PSPs and harmonised liability rules for authorised push-payment fraud.
Safeguarding audit. Annual independent auditor’s report on safeguarding compliance is required across all EU and UK EMI/PI regimes. In the UK, FCA Instrument FCA 2025/38 (applicable from ) sets the prescribed scope: daily reconciliation, the form of the safeguarding acknowledgement letter, and the annual external audit.
Operational resilience. The Digital Operational Resilience Act (Regulation (EU) 2022/2554) has been applicable to PIs, EMIs, credit institutions, investment firms, and CASPs since under Article 2(1). DORA covers ICT risk management, incident reporting (initial notification within four hours where applicable under Commission Delegated Regulation (EU) 2025/301), threat-led penetration testing every three years for significant entities, and the Register of Information on ICT third-party contractual arrangements. The first register submission was due , and runs annually thereafter under Commission Implementing Regulation (EU) 2024/2956 of (ITS on the Register of Information).
Complaints, passporting, and prudential reporting. PSD2 Article 101 and the EBA Guidelines on complaints handling set the customer-complaint perimeter. Material changes to services, agents, distributors, or branches must be notified to the home regulator, with regulator approval typically within one month under PSD2 Article 28. Capital adequacy is reviewed annually against the higher of the initial capital and the Method A/B/C requirement.
Annual cost framing. Compliance is a recurring fraction of the firm’s revenue, not a project line. For a small EMI safeguarding €50m of client funds, the realistic annual envelope sits between €300,000 and €500,000 across the MLRO and compliance function, safeguarding audit, ICT controls under DORA, and regulatory levies. For a mid-sized EMI safeguarding €500m, the figure rises to €1.0m to €2.0m. For a large EMI safeguarding €5bn or more, the figure exceeds €5m and includes dedicated second-line and third-line teams, a full DORA programme, and potential AMLA direct supervision.
Realistic Timeline and Costs
The realistic end-to-end timeline from formation to operational launch is six to eighteen months. The realistic professional-fee envelope is €40,000 to €250,000, plus initial capital, plus banking float. In our experience, the variance comes from jurisdiction, the completeness of the file at first submission, and whether safeguarding is sequenced in parallel with licensing or after it.
End-to-End Timeline and Cost Range
| Phase | Timeline | Cost Range (professional fees) | Notes |
|---|---|---|---|
| Company formation | 1 to 4 weeks | €2,000 to €25,000 | Varies by jurisdiction; UAE free zones at the higher end; e-Residency-led Estonia formation at the lower end |
| Banking and payments pre-qualification | 3 to 5 days pre-qualification; placement 4 to 10 weeks downstream | €0 (paid by the institution) | No markup, no onboarding fee; runs in parallel with capital deposit and file drafting |
| Licensing application drafting and filing | 4 to 12 weeks drafting; 3 to 18 months regulator review | €40,000 to €200,000 | EMI authorisation in the EU/UK at the higher end; FINTRAC MSB and AUSTRAC remitter registration at the lower end |
| Pre-launch readiness | 2 to 6 weeks | Variable | Governance sign-off, MLRO induction, safeguarding-letter execution, DORA register set-up, external-audit engagement |
| Total to operational launch | 6 to 18 months realistic | €40,000 to €250,000 in professional fees, plus initial capital, plus banking float | The dependency sequence drives the variance more than the regulator’s pace |
What compresses the envelope: pre-qualified safeguarding before capital is locked; pre-drafted compliance documentation (AML/CFT manual, governance policies, MLRO appointment); a clean fit-and-proper file for directors and substantial shareholders; and a chosen regulator with a published throughput record. What expands it: safeguarding sequenced after the licence application rather than in parallel; an MLRO appointed late; a parent-company structure the home regulator decides to assess for indirect substance; and an over-engineered product scope that triggers multiple service-line authorisations at once. Figures date-stamped as of and quoted in euros for the EU/UK columns, US dollars for the UAE columns, and Canadian and Australian dollars for the North American and APAC columns respectively where applicable.
Frequently Asked Questions
You need an EMI licence if the business issues electronic money: electronically stored monetary value representing a claim on the issuer, issued on receipt of funds to make payment transactions to third parties (EMD2 Article 2(2)). E-wallets, prepaid cards, tokenised balances, and euro stablecoin issuance all require an EMI. A PI licence is sufficient for money remittance, FX-as-a-service, card acquiring, payment initiation, account information, and B2B payment-rails plays that do not hold customer e-money balances. Once PSD3 enters into force (anticipated 2027 to 2028), the standalone EMI category disappears: e-money issuance becomes an authorised sub-service of a payment institution rather than a separate licence type.
Yes. PSD2 Article 19 permits a PI to provide payment services through agents in its name; EMD2 Article 3(5) extends this to EMI agents for payment services unrelated to e-money issuance. Agent registration with the principal’s home regulator typically takes two to three months from filing. The limit is that agents and distributors cannot themselves issue e-money: only the principal EMI may issue. Commercial terms with a principal typically include a setup fee, a monthly platform fee, an FX margin share, and minimum volume commitments. The agent route is the standard time-to-market shortcut.
Under EMD2 Article 4, EMI initial capital is €350,000. Under PSD2 Article 7, PI initial capital is €20,000 (money remittance only), €50,000 (payment initiation only), or €125,000 (services 1 to 5 of PSD2 Annex I). Ongoing own funds, calculated under PSD2 Article 9 or EMD2 Article 5 using Method A, B, or C, must equal the higher of the initial capital or the method-based requirement. Capital must be held as own funds and is consumed by losses. PSD3, once in force, will re-index the floors to €25,000 / €50,000 / €150,000 (PI by service scope) and €400,000 (e-money issuance as a sub-service).
No. Post-Brexit, UK EMIs and PIs have no PSD2 or EMD2 passport. The UK temporary permissions regime for inbound EEA firms ended . A UK fintech serving EU customers has three realistic alternatives: authorise an EU subsidiary in Estonia, Cyprus, Lithuania, Ireland, or another Member State and passport from there; operate as an agent of an EU-authorised principal under PSD2 Article 19 or EMD2 Article 3(5); or rely on bilateral memoranda of understanding for recognition, which exist in limited scope and do not substitute for authorisation in the relevant Member State.
A MiCA e-money token (EMT) is a crypto-asset that references the value of a single official currency. Under MiCA Article 48(1), only credit institutions or EMIs may issue EMTs (Article 48(2) deems EMTs to be electronic money): an EMI licence is a prerequisite for euro-stablecoin issuance in the EU, not an alternative. The EMT issuer must additionally publish a MiCA-compliant white paper, notify the regulator at least 40 working days before issuance, comply with reserve requirements under MiCA Title IV, and redeem at par on receipt of funds. The EBA Opinion of confirmed that CASPs custodying or transferring EMTs perform PSD2 payment services and must hold dual MiCA and PSD2 capital. The transitional regime ended .
The realistic professional-fee envelope is €40,000 to €250,000, with EU EMI authorisation at the higher end and Canadian RPAA or Australian AUSTRAC remitter registration at the lower end. Initial capital sits outside that figure: €350,000 for an EMI, €20,000 to €125,000 for a PI by service scope, USD 200,000 to USD 500,000 for the DIFC payment-services categories (Cat 3D Money Services USD 200,000; Cat 3C Stored Value Issuer USD 500,000), USD 250,000 for ADGM Category 3C, and zero for Canada or Australia. Banking float (operational cash above regulatory capital) typically requires €500,000 to €1m of runway for a small EMI to reach break-even. Jagelski & Partners is paid by the institution on banking placement; there is no separate onboarding fee on that line.
The procedural minimum under PSD2 Article 12 is three months from the date the regulator confirms the application complete, with a maximum of twelve months. Real-world timelines exceed the minimum because the completeness clock typically stops and starts across two to four information-request cycles. Realistic averages: UK FCA 6 to 18 months for an Authorised EMI; Estonia Finantsinspektsioon 6 to 9 months; Cyprus Central Bank 9 to 18 months; UAE ADGM and DIFC 6 to 14 months; Canada RPAA 3 to 6 months; Australia AUSTRAC 3 to 6 months. The variable that most determines timeline is the number of information-request cycles.
Jagelski & Partners scopes the jurisdiction against five variables: target market, e-money issuance versus payment services, capital appetite, banking-relationship requirements, and corporate tax treatment. For pan-EU plays needing passporting at the credible floor, Estonia and Cyprus dominate the choice set. For a sterling-only proposition with FCA brand value, the UK is the strongest option but loses EU passporting. For MENA market access, the UAE works once the correct of the three regulators (CBUAE, ADGM FSRA, DIFC DFSA) is identified. For remittance-led models without e-money issuance, Canada and Australia run AML-anchored registration regimes with no minimum capital. The mistake to avoid is choosing the licence before the target market is defined.
Plan Your Fintech Launch
Jagelski & Partners scopes formation, licensing, banking, and compliance for fintech companies across the European Union, the United Kingdom, the Middle East, the Asia-Pacific region, the Caribbean, and the Americas. Strategy call in 24 hours.
References
Show all references
- European Union, Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market (PSD2), Official Journal L 337, , eur-lex.europa.eu, accessed .
- European Union, Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions (EMD2), Official Journal L 267, , eur-lex.europa.eu, accessed .
- European Banking Authority, Register of payment and electronic money institutions under PSD2, euclid.eba.europa.eu, accessed .
- European Union, Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector (DORA), Official Journal L 333, , eur-lex.europa.eu, accessed .
- European Union, Regulation (EU) 2024/1624 of the European Parliament and of the Council on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (AMLR), Official Journal L series, , eur-lex.europa.eu, accessed .
- Financial Conduct Authority, Apply to become an electronic money or a payment institution, fca.org.uk, accessed .
- Finantsinspektsioon, Operating licences for payment institutions and e-money institutions, fi.ee, accessed .
- Central Bank of Cyprus, Licensing and supervision of payment institutions, centralbank.cy, accessed .
- Central Bank of the UAE, Retail Payment Services and Card Schemes Regulation (Circular 15/2021), rulebook.centralbank.ae, accessed .
- Bank of Canada, Supervisory framework: Registration under the Retail Payment Activities Act, bankofcanada.ca, accessed .
- AUSTRAC, Remittance service providers overview, austrac.gov.au, accessed .
- European Banking Authority, Opinion on the interplay between PSD2 and MiCA in relation to e-money tokens (EBA/Op/2025/08), , eba.europa.eu, accessed .