A Payment Institution License is the regulatory permission a non-bank organization needs to move customers’ money or cryptocurrency. If you’re building anything that touches other people’s funds, a license usually sits between you and a live, bankable product.
Crypto founders often assume a MiCA crypto-asset license covers payments too. It doesn’t, not fully. The moment a platform moves fiat on behalf of users instead of just crypto assets, the payment services question comes back on the table, and that’s where a Payment Institution License comes in.
A Payment Institution License is the authorization a national regulator grants to a non-bank firm so it can provide payment services such as money transfers, card acquiring, or payment initiation. In the EU and EEA, the license traces back to the Payment Services Directive, Directive (EU) 2015/2366, better known as PSD2.
PSD2 created a single rulebook so a company licensed in one EU member state can passport its services into every other EEA country. That’s the whole point of asking what a Payment Institution License is in the first place. It’s the legal wrapper that lets a fintech move money across borders without opening a bank in each one.
Outside the EU, the concept repeats under different names. The UK calls it FCA authorization while Singapore calls it a license under the Payment Services Act. The US skips a national license entirely and instead runs fifty separate state money transmitter regimes.
The license exists to separate “moving money” from “taking deposits,” so payment companies can operate without the full weight of banking regulation, while still protecting the people whose money passes through their systems. Two goals sit at the center of the framework: consumer protection and market access.
Licensed institutions must ring-fence customer funds through safeguarding arrangements, so a licensee’s insolvency doesn’t wipe out client balances. In return, they get a passportable, EU-wide market instead of dozens of fragmented national approvals: one license, twenty-seven-plus countries.
For a crypto platform, that tradeoff matters directly. A licensed PI can hold user fiat balances in a way that survives due diligence from banking partners, card networks, and institutional counterparties who might otherwise treat an unlicensed crypto business as too risky to touch.
Any non-bank company that transmits, holds briefly, or executes payments on behalf of someone else generally needs one. That list includes remittance companies, card acquirers, payment gateways, and, increasingly, crypto exchanges and OTC desks that let users deposit or withdraw fiat currency.
Crypto-specific nuance matters here. A European Banking Authority opinion issued in February 2026 narrowed the overlap between crypto-asset authorization under MiCA and payment services licensing for firms handling e-money tokens. Depending on the business model, some crypto-asset service providers still need both a MiCA authorization and a Payment Institution License to operate legally.
If a platform only ever touches crypto assets and never custodies, converts, or transmits client fiat, it likely stays outside PSD2 entirely. The moment fiat enters the picture, the licensing question comes right back. This includes euro-to-dollar on-ramp, a stablecoin redemption to a bank account, or an OTC settlement by wire transfer.
In the EU and EEA, national regulators authorize and supervise Payment Institutions under a common framework set by the European Banking Authority. The Central Bank of Ireland authorizes and supervises Irish PIs under that shared rulebook. The Bank of Lithuania, Banco de España, and Germany’s BaFin do the same in their own markets, applying the same PSD2 rules and reporting into the same EBA registers.
The UK left this EU framework after Brexit but kept nearly identical rules. The FCA now authorizes and supervises UK Payment Institutions under the domestic Payment Services Regulations 2017, a near-copy of PSD2 with its own capital thresholds and safeguarding rules.
Elsewhere, the regulator changes but the model doesn’t. The Monetary Authority of Singapore licenses payment institutions under its Payment Services Act, Hong Kong’s Monetary Authority oversees stored value facilities, and in the US, the Financial Crimes Enforcement Network handles federal registration while each state banking department runs its own money transmitter license.
PSD2 splits licensing into tiers based on transaction volume and the services offered, and the terminology varies by jurisdiction. The three categories investors run into most often are the Payment Institution (PI), the Registered Payment Institution (RPI), and the Small Payment Institution (SPI).
A full PI, sometimes called an Authorised Payment Institution, can offer the entire PSD2 service catalog and passport across the EEA. An RPI is a lighter registration track, generally reserved for narrow-scope services like account information, where the firm never actually touches client money. An SPI sits below an EU-wide transaction cap and trades full EEA passporting rights for a lighter compliance burden.
Here’s how the three compare side by side.
Electronic Money Institutions (EMIs) sit adjacent to this table rather than inside it. An EMI can do everything a PI does, plus issue and redeem electronic money, which is why EMI capital requirements run higher, €350,000 minimum under the E-Money Directive. Under the incoming PSD3 framework, EMIs are set to fold into the PI category as a sub-type rather than stay a separate license, so the PI-versus-EMI line is likely to blur further before it disappears.
Yes, and the underlying logic (separate non-bank payment activity from full banking, then regulate it proportionally) shows up almost everywhere. The names and thresholds just change by country.
In the United States, there’s no single Payment Institution License. Instead, a fintech needs FinCEN registration as a Money Services Business plus a money transmitter license in nearly every state where it has customers, with Montana as the lone state exempting most money transmission activity.
Singapore consolidates everything into one statute, the Payment Services Act, with Standard and Major Payment Institution tiers set by transaction thresholds around S$3 million and S$5 million, respectively.
Hong Kong splits the workload between two regulators instead: the Customs and Excise Department licenses money service operators for remittance, while the Hong Kong Monetary Authority licenses stored value facilities.
Mainland China requires a payment business permit from the People’s Bank of China, with a separate registration for foreign exchange activity on top of that.
The practical takeaway for a crypto founder: a Payment Institution License from one country almost never satisfies another country’s regulator. Expansion plans need a jurisdiction-by-jurisdiction licensing map, not a single global permit.
Every regulator asks for some version of the same package: capital, safeguarding, governance, and a working AML program. Payment Institution License requirements generally include minimum initial capital set by service type, a business plan with three-year financial projections, documented AML/CFT policies, and evidence that directors and major shareholders pass a fit-and-proper review.
Safeguarding sits at the center of the list. A PI has to protect customer funds either by segregating them in a dedicated account with a credit institution or by covering them with an insurance policy or comparable guarantee. UK regulators just tightened this further: FCA Policy Statement PS25/12 introduces mandatory daily reconciliations, annual safeguarding audits, and statutory trust status for segregated funds, effective 7 May 2026.
Firms offering payment initiation or account information services also need professional indemnity insurance. The European Banking Authority quantified this in dedicated guidelines so regulators apply a consistent minimum coverage amount across the EU instead of each country inventing its own number.
Getting licensed follows roughly the same sequence everywhere, even though the paperwork and timelines shift by country. Here’s the general path:
Founders asking how to get a Payment Institution License usually underestimate step three. Regulators reject or stall applications far more often over vague AML programs and thin business plans than over the capital requirement itself.
Payment Institution License cost breaks into three buckets: the statutory application fee, legal and consulting fees, and the locked-up minimum capital. In Lithuania, one of the EU’s most active PI hubs, the state application fee runs around €898 to €1,463, while legal and consulting work to prepare a complete file typically adds another €20,000 to €25,000, according to figures published by the Bank of Lithuania and licensing advisers active in the market.
Add in office space, local staff, and the minimum capital itself, €20,000 to €125,000 depending on the service mix, and a lean first-year EU setup lands somewhere between €200,000 and €350,000 all-in. The UK runs similar territory, with FCA capital thresholds set at £20,000, £50,000, or £125,000 depending on services offered.
The US changes the math entirely because there’s no single national license to price. A single-state money transmitter license typically costs $15,000 to $50,000 once legal fees and surety bonds are included, but a full 50-state program can run $500,000 to $2 million once every state’s bond, application fee, and registered agent cost gets added up.
Timelines depend heavily on jurisdiction, license tier, and how clean the application is on first submission. In Lithuania, the statutory review clock is three months for a full PI and two months for a Small PI, though incomplete filings restart that clock and push the real-world timeline to five or six months.
The UK’s FCA takes longer on average: six to twelve months for full Authorised Payment Institution status, three to six months for the lighter SPI registration. In the US, a single state money transmitter license can clear in three to six months, but a nationwide licensing program realistically takes two to four years once New York and California, the two slowest and most demanding states, are factored in.
None of these numbers account for resubmissions. A regulator that finds gaps in an AML program or safeguarding arrangement pauses the clock rather than offering a grace period, so budgeting extra runway matters more than chasing the fastest quoted timeline.
Yes. Buying an already-licensed entity, sometimes marketed as a “ready-made” Payment Institution License, is a real alternative to a fresh application. It can save a meaningful chunk of the twelve to twenty-four months a full build-out typically takes. The buyer isn’t purchasing a document. They’re acquiring the corporate entity that holds the license, along with its compliance history, its safeguarding accounts, and whatever operational infrastructure survived the deal.
M&A marketplaces like Acquire.Fi carry exactly this kind of inventory, including EEA-passported PI entities with money remittance permissions ready to change hands. Deal structures like this appeal to crypto platforms that need EU fiat rails now, not in eighteen months.
The catch is that a change of control almost never happens instantly. Regulators still have to approve new beneficial owners and directors through a fit-and-proper review, and the acquired entity brings its full regulatory history along for the ride. Any prior complaint, enforcement action, or open investigation becomes the buyer’s problem the moment the deal closes. A license that’s sat dormant for over a year often triggers extra scrutiny before the new owner can actually use it, so buyers should budget time for that review even on a ready-made purchase.
Regulation isn’t standing still while all this plays out. The EU’s incoming Payment Services Regulation and PSD3 package got final political agreement in April 2026 and is expected to apply roughly 21 months after publication in the Official Journal, folding EMIs into the PI category and tightening fraud liability and safeguarding rules along the way. Existing PI and EMI licenses will need reauthorization under the new regime, so anyone licensing now (or buying an existing license) should build a compliance program that survives that transition, not just clears today’s bar.
Whether a Payment Institution License gets built from the ground up or acquired ready-made, the real question is the same: can the compliance infrastructure behind it actually hold up once a regulator, a bank, or an institutional counterparty starts asking hard questions? For anyone weighing a fresh application against a market-ready acquisition, Acquire.Fi’s marketplace listings are worth comparing against a from-scratch build cost. Reach out through Acquire.Fi’s team for a broader search across licensed PIs, EMIs, and adjacent crypto authorizations beyond what’s publicly listed.