A payment service provider license is the legal permission a company needs before it handles customer money, whether holding, moving, or converting it between currencies and tokens. Crypto platforms face this requirement often, since almost every fiat on-ramp or off-ramp counts as a regulated payment service somewhere. Skipping the license risks more than a fine. In several major markets, it is a criminal charge.
A payment service provider license is a regulatory authorization to provide one or more payment services as a business, granted by a country’s central bank or financial regulator.
“Payment service provider” (PSP) usually isn’t one specific license. It’s an umbrella term. Saudi Arabia’s central bank, SAMA, defines a Payment Service Provider as any entity licensed as a major Payment Institution, major Electronic Money Institution, micro EMI, or micro PI.
Most regulators split that umbrella into narrower categories based on what a company does. A business that only moves money holds a Payment Institution license. One that also issues stored value, like a prepaid wallet or app balance, needs an Electronic Money Institution license, since EMI holders create a liability (electronic money) that PI holders cannot.
That distinction trips up many crypto founders. A platform letting customers hold a fiat balance inside the app looks more like an EMI than a PI, and the two licenses have different capital and safeguarding rules. Here’s how the terminology stacks up.
Licensing exists to keep customer money safe and maintain a trustworthy payment system that people use. SAMA’s implementing regulation states the goal directly: manage risk across the payment sector, protect consumers, and support fair competition and financial stability. Article 2 of that regulation lays out those objectives in full.
Regulators also use licensing to draw a hard line around who can touch other people’s money at all. Under the UK’s payment rules, providing payment services without authorization is a criminal offense, and so is falsely claiming to hold a license.
There is a bigger structural reason too. Societe Generale’s response to a Financial Stability Board consultation on cross-border payment oversight pointed out that inconsistent licensing between banks and non-bank PSPs invites regulatory arbitrage, as providers can pick the jurisdiction with the lightest rules. A consistent license requirement closes that gap within a market and increasingly across borders as regulators coordinate.
Anyone conducting the deposit, transfer, or issuance of customer funds as an ongoing business needs one. That covers:
Crypto platforms sit in a tricky spot right now. Under the EU’s incoming payments package, an issuer of e-money tokens already authorized under MiCA as a Crypto-Asset Service Provider does not automatically need a separate payment services license unless it also provides payment services beyond issuance. A supervisory opinion from the European Banking Authority in February 2026 narrowed which e-money token activities trigger that dual requirement, though two-license outcomes remain necessary for some business models.
The safest test is not what a company calls itself but what activity it performs. Societe Generale’s FSB submission argued for this approach: oversight should track what a company does, not what it calls itself, so a bank and a startup running the same activity face the same rulebook.
Payment laws regulate a consistent set of activities, whatever the local license is called:
Most regimes carve out a matching set of exemptions:
That last exemption, the commercial agent carve-out, is the one to watch. It’s been narrowed in some EU drafts and restored in others, and the European Banking Authority has been asked to publish guidelines so it applies consistently once the new Payment Services Regulation takes effect.
Licensing and supervision sit with a country’s central bank or a dedicated financial regulator, never a generic business registry. A few examples:
Above the national layer, the Financial Stability Board pushes for consistency in how countries regulate cross-border payment activity. Without that coordination, a PSP operating in three countries faces three different rulebooks for what is functionally the same transaction.
Every major market names its license differently, but they cover roughly the same ground. A few notes worth knowing before comparing options:
The EU currently runs Payment Institution and Electronic Money Institution licenses under PSD2. PSD3 and the new Payment Services Regulation, agreed in final form in April 2026, fold EMIs into a single payment institution category and require existing EMIs to seek reauthorization. Lithuania has become the default EU entry point, with over 100 licensed Payment Institutions and Electronic Money Institutions supervised by the Bank of Lithuania and direct SEPA access through its CENTROlink infrastructure.
Singapore splits its Payment Services Act license into Standard and Major tiers based on transaction volume, and treats digital payment token services, meaning crypto, as one of seven activities covered under the same framework.
The United States requires federal MSB registration with FinCEN plus a separate Money Transmitter License in 49 states, since Montana is the sole exception.
The UAE licenses retail payment services in four categories through its central bank, and a 2025 law extended that perimeter to cover payment services built on virtual assets, with newly captured entities facing a compliance deadline of September 16, 2026.
DORA, the Digital Operational Resilience Act, is Regulation (EU) 2022/2554, and it has applied directly across the EU since January 17, 2025, with no national transposition needed. It covers payment institutions and electronic money institutions alongside banks, investment firms, and crypto-asset service providers under MiCA.
For a PSP, DORA means five things in practice:
The penalties aren’t symbolic. Non-compliant entities face fines up to 10% of annual global turnover or €10 million, whichever is higher, with individual senior managers personally exposed to fines up to €1 million.
For a PSP that’s also a MiCA-authorized crypto-asset service provider, the overlap actually cuts paperwork rather than doubling it. PSD3 is expected to incorporate DORA’s operational resilience rules by reference, so a payment institution already meeting DORA won’t face a second, parallel resilience regime once the new payments package applies.
Payment Service Provider License requirements vary by jurisdiction and tier, but five categories show up almost everywhere.
Several jurisdictions layer local substance requirements on top of that list. Lithuania’s regulator, for example, expects resident directors and compliance staff rather than a fully outsourced setup, plus a genuine local office rather than a virtual address.
Figuring out how to get a Payment Service Provider License starts with the activity a business actually performs, not the jurisdiction it would prefer. The general path looks like this:
Most delays trace back to the same root cause across jurisdictions: applications with missing documents or inconsistent information, which pushes the process beyond the regulator’s stated review window.
Payment Service Provider License costs break into three buckets, and founders who only budget for the government fee are usually caught off guard later.
Government fees are the smallest cost by far. Saudi Arabia charges SAR 20,000 to 50,000 depending on license type, and Lithuania charges EUR 898 for a Payment Institution filing and EUR 1,463 for an EMI filing.
Legal and compliance preparation consumes most of the budget. A complete Lithuanian EMI application typically costs EUR 40,000 to 100,000 in legal and compliance work.
US applicants face a wider range, since federal MSB compliance consulting alone runs USD 15,000 to 75,000, before a single state Money Transmitter License adds another USD 30,000 to over 525,000, including bonding and capital.
Regulatory capital is the third bucket. It is money set aside rather than spent, but it must remain liquid and, in several jurisdictions, in a form pre-approved by the regulator.
Buying an existing licensed entity prices out differently again. Smaller Money Services Business or shell-style licenses trade in the low-to-mid six figures, while operational Payment Institutions, EMIs, and Major Payment Institutions with active business run from high six figures into the multi-millions, depending on jurisdiction, banking relationships, and compliance history.
Timelines depend heavily on completeness and jurisdiction, but a few reference points help with planning:
Whichever route gets chosen, build in buffer time. Every regulator mentioned here treats an incomplete filing the same way: the clock resets, it doesn’t just pause.
Yes, and it has become a legitimate acquisition category rather than a workaround. In practice, a ready-made Payment Service Provider License means buying a company specifically to inherit the working authorization it already carries, rather than filing for one from zero.
The appeal is speed. A target company already has its legal entity, compliance program, and standing with the regulator in place, and that head start typically cuts a year or two off the timeline a fresh application would otherwise take.
The process still runs through the regulator, though. Almost any license category, PSPs included, needs the issuing authority’s sign-off, or at minimum a formal notice, before new owners can take control, and that review stage is usually the slowest part of the deal, well past the point where the parties agree on price.
Buying an existing license also means taking on its track record. Whatever happened before the sale, including enforcement actions, unresolved complaints, or open regulatory inquiries, transfers with the company, and supervisors typically pay closer attention to a license in the months right after ownership changes hands. An entity that hasn’t actively operated under its license for a year or longer usually triggers additional scrutiny before a new owner can put it back to work.
None of that makes the ready-made route a bad idea. For a crypto platform that needs EU passporting or FINTRAC registration next quarter rather than next year, buying an operational PSP, PI, or EMI can be the difference between shipping on schedule and missing a market window entirely.
A payment service provider license is never just paperwork sitting between a platform and its first transaction. It’s the line between a business that can legally hold and move customer funds and one that’s one enforcement letter away from shutting down. Whether the plan is a fresh application or an acquisition, the activity a platform actually performs, not the label on the pitch deck, decides which license applies and how much of this process is unavoidable.
For crypto founders and investors sizing up the fastest path to a licensed operation, Payment Service Provider Licenses listed in the Acquire.Fi Financial License Marketplace are worth a look before committing months to a from-scratch application.