HOME
/
Blogs
/
Payment Service Provider License: Requirements, Costs, and Timelines

Payment Service Provider License: Requirements, Costs, and Timelines

Jan Strandberg
Jan Strandberg
July 8, 2026
5 min read

A payment service provider license is the legal permission a company needs before it handles customer money, whether holding, moving, or converting it between currencies and tokens. Crypto platforms face this requirement often, since almost every fiat on-ramp or off-ramp counts as a regulated payment service somewhere. Skipping the license risks more than a fine. In several major markets, it is a criminal charge.

What is a payment service provider license?

A payment service provider license is a regulatory authorization to provide one or more payment services as a business, granted by a country’s central bank or financial regulator.

“Payment service provider” (PSP) usually isn’t one specific license. It’s an umbrella term. Saudi Arabia’s central bank, SAMA, defines a Payment Service Provider as any entity licensed as a major Payment Institution, major Electronic Money Institution, micro EMI, or micro PI.

Most regulators split that umbrella into narrower categories based on what a company does. A business that only moves money holds a Payment Institution license. One that also issues stored value, like a prepaid wallet or app balance, needs an Electronic Money Institution license, since EMI holders create a liability (electronic money) that PI holders cannot.

That distinction trips up many crypto founders. A platform letting customers hold a fiat balance inside the app looks more like an EMI than a PI, and the two licenses have different capital and safeguarding rules. Here’s how the terminology stacks up.


What it is Issued by Can issue e-money Typical initial capital
Payment Service Provider (PSP) Umbrella term for any entity authorized to provide payment services, not a single specific license Varies, whichever regulator issues the underlying license Depends on the underlying license held Depends on the underlying license held
Payment Institution (PI) License Authorizes payment services other than issuing electronic money National regulator, for example Bank of Lithuania or the UK Financial Conduct Authority No EUR 20,000 to EUR 125,000 in the EU, depending on services offered
Electronic Money Institution (EMI) License Authorizes e-money issuance plus payment services Same national regulators as PI licenses, under EU or UK e-money law Yes EUR 350,000 in the EU
Major Payment Institution (MPI) License Singapore's uncapped-volume license covering seven payment activities, including crypto Monetary Authority of Singapore Yes, e-money issuance is one of the seven covered activities S$250,000
Money Transmitter License (MTL) / MSB US state-level authorization plus federal Money Services Business registration State regulators plus FinCEN Varies by state Roughly US$25,000 to US$500,000+ per state, combining bonding and capital

What is the purpose of a payment service provider license?

Licensing exists to keep customer money safe and maintain a trustworthy payment system that people use. SAMA’s implementing regulation states the goal directly: manage risk across the payment sector, protect consumers, and support fair competition and financial stability. Article 2 of that regulation lays out those objectives in full.

Regulators also use licensing to draw a hard line around who can touch other people’s money at all. Under the UK’s payment rules, providing payment services without authorization is a criminal offense, and so is falsely claiming to hold a license.

There is a bigger structural reason too. Societe Generale’s response to a Financial Stability Board consultation on cross-border payment oversight pointed out that inconsistent licensing between banks and non-bank PSPs invites regulatory arbitrage, as providers can pick the jurisdiction with the lightest rules. A consistent license requirement closes that gap within a market and increasingly across borders as regulators coordinate.

Who needs a payment service provider license?

Anyone conducting the deposit, transfer, or issuance of customer funds as an ongoing business needs one. That covers:

  • Digital wallets and neobanks holding customer balances
  • Remittance operators and cross-border transfer services
  • Merchant acquirers and payment gateways processing transactions for sellers
  • Crypto exchanges and OTC desks running fiat on-ramps or off-ramps

Crypto platforms sit in a tricky spot right now. Under the EU’s incoming payments package, an issuer of e-money tokens already authorized under MiCA as a Crypto-Asset Service Provider does not automatically need a separate payment services license unless it also provides payment services beyond issuance. A supervisory opinion from the European Banking Authority in February 2026 narrowed which e-money token activities trigger that dual requirement, though two-license outcomes remain necessary for some business models.

The safest test is not what a company calls itself but what activity it performs. Societe Generale’s FSB submission argued for this approach: oversight should track what a company does, not what it calls itself, so a bank and a startup running the same activity face the same rulebook.

Which activities are regulated, and which are exempt?

Payment laws regulate a consistent set of activities, whatever the local license is called:

  • Depositing and withdrawing funds from a payment account
  • Executing credit transfers, direct debits, and card transactions
  • Issuing payment instruments, including cards and virtual cards
  • Merchant acquiring and payment aggregation
  • Issuing electronic money
  • Payment initiation and account information services, the building blocks of open banking

Most regimes carve out a matching set of exemptions:

  • Cash handed directly from payer to payee with no intermediary
  • Currency exchange with no payment account involved
  • Limited network instruments, like a single-retailer gift card
  • Technical service providers that never take possession of the funds
  • Transactions between companies in the same corporate group
  • Commercial agents acting for one side of a transaction

That last exemption, the commercial agent carve-out, is the one to watch. It’s been narrowed in some EU drafts and restored in others, and the European Banking Authority has been asked to publish guidelines so it applies consistently once the new Payment Services Regulation takes effect.

Who governs payment service providers?

Licensing and supervision sit with a country’s central bank or a dedicated financial regulator, never a generic business registry. A few examples:

  • European Union: national competent authorities in each member state, with PSD3 and the new Payment Services Regulation replacing the current PSD2 framework
  • United Kingdom: the Financial Conduct Authority licenses institutions, and the Payment Systems Regulator oversees access to the payment systems themselves
  • United States: FinCEN handles federal Money Services Business registration, and every state except Montana runs its own money transmitter licensing regime on top
  • Singapore: the Monetary Authority of Singapore licenses Standard and Major Payment Institutions under the Payment Services Act
  • Saudi Arabia: SAMA, the central bank, licenses and supervises payment providers directly
  • United Arab Emirates: the Central Bank of the UAE licenses retail payment services across four categories

Above the national layer, the Financial Stability Board pushes for consistency in how countries regulate cross-border payment activity. Without that coordination, a PSP operating in three countries faces three different rulebooks for what is functionally the same transaction.

What is the equivalent of a payment service provider license in other jurisdictions?

Every major market names its license differently, but they cover roughly the same ground. A few notes worth knowing before comparing options:

The EU currently runs Payment Institution and Electronic Money Institution licenses under PSD2. PSD3 and the new Payment Services Regulation, agreed in final form in April 2026, fold EMIs into a single payment institution category and require existing EMIs to seek reauthorization. Lithuania has become the default EU entry point, with over 100 licensed Payment Institutions and Electronic Money Institutions supervised by the Bank of Lithuania and direct SEPA access through its CENTROlink infrastructure.

Singapore splits its Payment Services Act license into Standard and Major tiers based on transaction volume, and treats digital payment token services, meaning crypto, as one of seven activities covered under the same framework.

The United States requires federal MSB registration with FinCEN plus a separate Money Transmitter License in 49 states, since Montana is the sole exception.

The UAE licenses retail payment services in four categories through its central bank, and a 2025 law extended that perimeter to cover payment services built on virtual assets, with newly captured entities facing a compliance deadline of September 16, 2026.

What are the DORA requirements for payment service providers?

DORA, the Digital Operational Resilience Act, is Regulation (EU) 2022/2554, and it has applied directly across the EU since January 17, 2025, with no national transposition needed. It covers payment institutions and electronic money institutions alongside banks, investment firms, and crypto-asset service providers under MiCA.

For a PSP, DORA means five things in practice:

  • Running a documented ICT risk management framework that gets reviewed and tested on a schedule.
  • Reporting major ICT incidents on a strict clock, starting with an initial notification within hours of classifying an incident as major.
  • Running annual resilience testing, with threat-led penetration testing required for larger institutions.
  • Maintaining a Register of Information covering every ICT third-party contract, including cloud and software vendors, kept current and ready for submission at any time.
  • Joining threat-intelligence sharing with other financial entities where relevant.

The penalties aren’t symbolic. Non-compliant entities face fines up to 10% of annual global turnover or €10 million, whichever is higher, with individual senior managers personally exposed to fines up to €1 million.

For a PSP that’s also a MiCA-authorized crypto-asset service provider, the overlap actually cuts paperwork rather than doubling it. PSD3 is expected to incorporate DORA’s operational resilience rules by reference, so a payment institution already meeting DORA won’t face a second, parallel resilience regime once the new payments package applies.

What are payment service provider license requirements?

Payment Service Provider License requirements vary by jurisdiction and tier, but five categories show up almost everywhere.

  • Initial capital varies widely: EUR 20,000 to 125,000 for an EU Payment Institution depending on services, EUR 350,000 for an EU EMI, SAR 500,000 to 10,000,000 in Saudi Arabia depending on license class, and S$100,000 to 250,000 in Singapore.
  • Fit-and-proper checks: Directors, controllers, and anyone with a meaningful ownership stake get screened for competence, integrity, and financial soundness.
  • A detailed business plan: Most regulators want a three-year program of operations with revenue, cost, and risk projections attached.
  • Safeguarding and AML arrangements: Customer funds typically sit in a segregated account at a licensed bank, alongside an anti-money laundering program sized to the actual risk profile of the business.
  • Governance and IT security documentation: This covers outsourcing agreements, business continuity plans, and increasingly, DORA-aligned ICT risk controls for anyone operating in the EU.

Several jurisdictions layer local substance requirements on top of that list. Lithuania’s regulator, for example, expects resident directors and compliance staff rather than a fully outsourced setup, plus a genuine local office rather than a virtual address.

How do you get a payment service provider license?

Figuring out how to get a Payment Service Provider License starts with the activity a business actually performs, not the jurisdiction it would prefer. The general path looks like this:

  1. Map the services against the regulated activities list in the target jurisdiction, and confirm which license tier applies, since a small-institution track usually has lighter requirements than full authorization.
  2. Choose a jurisdiction and entity structure based on where customers are and whether passporting rights matter to the business model.
  3. Build the compliance package: business plan, AML program, safeguarding arrangements, governance structure, and IT security documentation.
  4. Arrange the required capital and be ready to prove its source. SAMA, for example, requires an irrevocable bank guarantee covering the minimum capital before it will issue a license.
  5. Submit the application and respond quickly to regulator follow-up requests. The Bank of Lithuania expects a pre-application meeting before any formal filing gets reviewed.
  6. Clear the regulator’s review window. Saudi Arabia commits to a decision within 90 calendar days of a complete application, and EU regulators typically commit to a similar three-month window for a complete Payment Institution or EMI file.
  7. Finalize corporate formalities once authorization is granted, then register any agents or electronic money distributors the business plans to use.

Most delays trace back to the same root cause across jurisdictions: applications with missing documents or inconsistent information, which pushes the process beyond the regulator’s stated review window.

What does a payment service provider license cost?

Payment Service Provider License costs break into three buckets, and founders who only budget for the government fee are usually caught off guard later.

Government fees are the smallest cost by far. Saudi Arabia charges SAR 20,000 to 50,000 depending on license type, and Lithuania charges EUR 898 for a Payment Institution filing and EUR 1,463 for an EMI filing.

Legal and compliance preparation consumes most of the budget. A complete Lithuanian EMI application typically costs EUR 40,000 to 100,000 in legal and compliance work.

US applicants face a wider range, since federal MSB compliance consulting alone runs USD 15,000 to 75,000, before a single state Money Transmitter License adds another USD 30,000 to over 525,000, including bonding and capital.

Regulatory capital is the third bucket. It is money set aside rather than spent, but it must remain liquid and, in several jurisdictions, in a form pre-approved by the regulator.

Buying an existing licensed entity prices out differently again. Smaller Money Services Business or shell-style licenses trade in the low-to-mid six figures, while operational Payment Institutions, EMIs, and Major Payment Institutions with active business run from high six figures into the multi-millions, depending on jurisdiction, banking relationships, and compliance history.

How long does a payment service provider license take?

Timelines depend heavily on completeness and jurisdiction, but a few reference points help with planning:

  • Saudi Arabia: SAMA must notify a decision within 90 calendar days of a complete application, and in-principle approval stays valid for up to a year, with a possible 180-day extension.
  • Lithuania: The statutory review window runs three months for a full Payment Institution or EMI application and two months for the small-institution tracks, though the realistic timeline including preparation typically runs six to twelve months.
  • United States: A state Money Transmitter License can clear in as little as three months in Texas or stretch to 24 months in New York, on top of FinCEN’s MSB registration, which activates immediately upon filing.
  • Buying a ready-made license instead of applying fresh: PSP change-of-control deals typically close in two to four months, versus three to six months or longer for a brand-new Payment Institution or EMI application.

Whichever route gets chosen, build in buffer time. Every regulator mentioned here treats an incomplete filing the same way: the clock resets, it doesn’t just pause.

Can you buy a”ready-made” payment service provider license?

Yes, and it has become a legitimate acquisition category rather than a workaround. In practice, a ready-made Payment Service Provider License means buying a company specifically to inherit the working authorization it already carries, rather than filing for one from zero.

The appeal is speed. A target company already has its legal entity, compliance program, and standing with the regulator in place, and that head start typically cuts a year or two off the timeline a fresh application would otherwise take.

The process still runs through the regulator, though. Almost any license category, PSPs included, needs the issuing authority’s sign-off, or at minimum a formal notice, before new owners can take control, and that review stage is usually the slowest part of the deal, well past the point where the parties agree on price.

Buying an existing license also means taking on its track record. Whatever happened before the sale, including enforcement actions, unresolved complaints, or open regulatory inquiries, transfers with the company, and supervisors typically pay closer attention to a license in the months right after ownership changes hands. An entity that hasn’t actively operated under its license for a year or longer usually triggers additional scrutiny before a new owner can put it back to work.

None of that makes the ready-made route a bad idea. For a crypto platform that needs EU passporting or FINTRAC registration next quarter rather than next year, buying an operational PSP, PI, or EMI can be the difference between shipping on schedule and missing a market window entirely.

A payment service provider license is never just paperwork sitting between a platform and its first transaction. It’s the line between a business that can legally hold and move customer funds and one that’s one enforcement letter away from shutting down. Whether the plan is a fresh application or an acquisition, the activity a platform actually performs, not the label on the pitch deck, decides which license applies and how much of this process is unavoidable.

For crypto founders and investors sizing up the fastest path to a licensed operation, Payment Service Provider Licenses listed in the Acquire.Fi Financial License Marketplace are worth a look before committing months to a from-scratch application.

Sources

Share this post
About the Author
Jan Strandberg
Jan Strandberg is the Founder and CEO of Acquire.Fi. He brings over a decade of experience scaling high-growth ventures in fintech and crypto.

Before founding Acquire.Fi, Jan was Co-Founder of YIELD App and the Head of Marketing at Paxful, where he played a central role in the business’s growth and profitability. Jan's strategic vision and sharp instinct for what drives sustainable growth in emerging markets have defined his career and turned early-stage platforms into category leaders.
Top 5 most recent blogs
Buy and sell secondaries
Trade SAFT, SAFE notes, locked tokens, and other digital assets in the public Secondaries and OTC marketplace
Acquire a frontier tech business
Browse our curated list of frontier tech businesses and projects available for acquisition; including revenue-generating crypto platforms, DeFi projects, and licensed financial organizations.