An Electronic Money Institution (EMI) licence, granted under the EU's Second Electronic Money Directive (2EMD, Directive 2009/110/EC) and its national transpositions, authorises a non-bank entity to issue electronic money, hold customer funds in safeguarded accounts, issue payment instruments such as prepaid cards and IBANs, and execute payment transactions. This article covers the precise scope of an EMI licence, how it differs from a banking licence and an Authorised Payment Institution authorisation, the capital and safeguarding requirements, passporting mechanics across the EEA, and the typical application journey.
An Electronic Money Institution is a legal person authorised under Article 2(1) of Directive 2009/110/EC — commonly abbreviated as 2EMD or the Second E-Money Directive — to issue electronic money as defined in Article 2(2): "electronically, including magnetically, stored monetary value as represented by a claim on the issuer which is issued on receipt of funds for the purpose of making payment transactions." In plain terms, an EMI converts received fiat currency into a digital store of value, makes that balance accessible via payment instruments, and settles resulting transactions through card schemes or payment rails such as SEPA or SWIFT.
The 2EMD replaced the original E-Money Directive (2000/46/EC) in 2011, substantially broadening the permitted activity set and lowering the initial capital threshold to make the licence commercially viable for fintechs. National competent authorities — the De Nederlandsche Bank, the UK's Financial Conduct Authority, the Belgian National Bank (NBB), and their equivalents — grant the licence within their jurisdiction; EEA passporting then extends the permission across member states without requiring separate national licences.
EMI vs Authorised Payment Institution (API). An API, governed by the Payment Services Directive 2 (PSD2, Directive 2015/2366/EU), may execute payment transactions and provide ancillary payment services but cannot issue electronic money; it operates on existing accounts rather than creating a stored-value balance. An EMI subsumes the payment-services permissions of an API and adds e-money issuance on top. Consequently, an EMI may issue prepaid cards, assign IBANs, and maintain a float — activities an API alone cannot undertake.
EMI vs banking licence. The critical constraint distinguishing an EMI from a credit institution (bank) is that an EMI cannot use customer funds to grant credit. Deposits at a bank are lent out as part of fractional-reserve banking; funds held by an EMI must instead be safeguarded in segregated accounts or covered by an insurance policy, protecting them in the event of insolvency. Banks are supervised under the Capital Requirements Directive (CRD V/CRR2) and benefit from deposit guarantee schemes (up to €100,000 per depositor under Directive 2014/49/EU); EMI customer funds receive no such guarantee but are ring-fenced from the institution's own assets, achieving a structurally different form of protection. For most payment and e-money use cases — cards, wallets, IBAN accounts — an EMI licence is both sufficient and considerably faster and cheaper to obtain than a full banking licence.
The lifecycle of an EMI spans authorisation, launch, ongoing supervision, and, where relevant, passporting into additional jurisdictions. Understanding each stage is essential for any business evaluating whether to obtain its own licence or access the market via a licensed partner.
Authorisation. The applicant submits a programme of operations, a business plan with three-year financial projections, governance documentation (including AML/CFT policies, IT security arrangements, and business continuity plans), evidence of initial own funds, and fit-and-proper assessments for all qualifying shareholders and senior management. The competent authority has three months from receipt of a complete application to grant or refuse, per Article 3(4) of 2EMD — though in practice most national regulators apply additional information rounds that extend the total elapsed time to six to eighteen months depending on jurisdiction and applicant complexity.
E-money issuance. Once authorised, the EMI receives fiat from customers or counterparties. Those funds are immediately converted into an equivalent e-money balance on the EMI's ledger. The customer's claim is against the EMI, not against a bank in the traditional sense. The EMI then makes the balance accessible via a payment instrument — a prepaid Mastercard or Visa card (see card issuing), a virtual wallet, or an assigned IBAN — enabling the customer to initiate credit transfers, direct debits, or card-present and card-not-present transactions.
Safeguarding. Article 7 of 2EMD requires EMIs to safeguard funds received in exchange for e-money. Two permitted methods exist: (a) depositing the funds in a segregated account at a credit institution or investing them in secure, liquid, low-risk assets; or (b) obtaining insurance or a guarantee from an authorised insurer or credit institution. In practice, the overwhelming majority of EMIs use method (a), maintaining one or more "safeguarding accounts" at major banks, labelled in a manner that identifies them as holding client funds and excluded from the EMI's own asset pool in insolvency.
Passporting. An EMI authorised in any EEA member state may passport its services into other EEA states under Article 3 of 2EMD. The home-state regulator notifies the relevant host-state regulators; no separate national authorisation is required. The EMI may provide services cross-border either directly (freedom to provide services) or by establishing a branch or appointing an agent in the host state. This mechanism has made jurisdictions such as Ireland, Lithuania, and the Netherlands popular bases from which to serve the entire EU single market.
Redemption. Article 11 of 2EMD grants e-money holders the right to redeem outstanding e-money at par value at any time. EMIs must disclose any applicable redemption fees clearly in pre-contractual documentation. This redemption obligation, combined with the safeguarding requirement, ensures that customer funds are accessible and protected throughout the relationship.
The primary EU legislative instrument is Directive 2009/110/EC (2EMD), amended by PSD2 (Directive 2015/2366/EU) with respect to payment services activity. Each member state has transposed 2EMD into national law — for example, the UK's Electronic Money Regulations 2011 (SI 2011/99) prior to Brexit, and Belgium's Law of 11 March 2018 on the statute of payment institutions and electronic money institutions. Post-Brexit, UK EMI licences are regulated solely by the FCA under the UK Electronic Money Regulations and no longer passport into the EEA.
Capital requirements. Article 4 of 2EMD sets an initial own-funds floor of €350,000 — substantially lower than the €5 million minimum for a payment institution pursuing all payment services, and far below the €5–8 million (or higher) required for a credit institution. Ongoing own funds are the higher of the initial minimum or one of three calculation methods specified in Article 5, typically a percentage (2%) of average outstanding e-money.
AML/CFT obligations. EMIs are "obliged entities" under the EU's Sixth Anti-Money Laundering Directive (6AMLD, Directive 2018/1673/EU) and the associated Regulation (EU) 2015/847 on fund transfers. They must implement risk-based customer due diligence (CDD), transaction monitoring, suspicious activity reporting (SARs) to the national Financial Intelligence Unit, and group-wide AML policies where applicable. FATF Recommendation 10 and the accompanying interpretive notes set the global baseline that EU AML law translates into binding obligations.
Prominent EU EMIs. Revolut (Bank of Lithuania, subsequently upgraded to a Lithuanian banking licence in 2021), Wise (FCA, with EEA passport via Belgium), PayPal (Luxembourg CSSF), and Modulr (FCA) are among the best-known. Codego operates in partnership with an NBB-licenced electronic money distribution partner and is pursuing its own EMI authorisation through Codego Europe SIA, enabling pan-EU passporting across its 12-country footprint.
Obtaining an EMI licence is a structured regulatory project that typically requires dedicated legal, compliance, and technology resources. The broad phases are as follows.
Pre-application engagement. Most competent authorities — including the NBB, the Dutch AFM/DNB, and the Central Bank of Ireland — offer pre-application meetings at which applicants can test the proposed business model against regulatory expectations. This stage, typically two to four months, is used to refine the programme of operations and identify any structural issues (e.g., group ownership involving high-risk jurisdictions) before the formal clock begins.
Application filing. The formal submission includes: constitutional documents; a detailed programme of operations describing every e-money and payment service to be offered; a business plan with projected balance sheets, income statements, and capital adequacy calculations for three years; a security policy document addressing logical and physical access controls, incident response, and outsourcing arrangements; AML/CFT policies including a risk assessment; GDPR and data governance documentation; and fit-and-proper questionnaires for all persons holding qualifying holdings and all members of the management body.
Review period. The statutory maximum is three months from receipt of a complete application. In jurisdictions such as Lithuania (Bank of Lithuania) and Malta (MFSA), review times have historically been faster — often four to eight months total — making them popular with EU market entrants. More complex applications, particularly those involving novel business models, crypto-related activities, or complex group structures, routinely take twelve to eighteen months across any jurisdiction.
Post-authorisation obligations. Newly authorised EMIs must notify the competent authority before launching new payment services or e-money programmes, maintain minimum capital on an ongoing basis, file regular prudential and statistical returns, undergo annual external audits, and implement a robust internal audit function. Outsourcing of material functions — including card processing, core banking technology, and customer support — must follow EBA Guidelines on outsourcing arrangements (EBA/GL/2019/02), requiring formal outsourcing agreements, risk assessments, and maintained access to data for supervisory purposes.
Alternatives to direct authorisation. For businesses seeking faster market entry, two routes exist: (a) operating as an agent of an authorised EMI under Article 3 of 2EMD, which allows the principal EMI's licence to cover the agent's activity; or (b) leveraging a Banking-as-a-Service provider (see BaaS) that supplies licensed infrastructure — IBANs, card programmes, and payment rails — under its own authorisation, enabling the programme manager to launch financial products without holding its own EMI licence. The latter route has driven significant growth in embedded finance and white-label card programmes across Europe.
Codego was founded in 2012 and is headquartered in Malta, serving clients across 12 countries through a combination of its own regulatory authorisations and licensed partnerships. Codego currently operates under an NBB electronic-money distribution licence and is actively pursuing full EMI authorisation through Codego Europe SIA, targeting pan-EU passporting across the EEA once granted.
For businesses that need licensed e-money infrastructure today — without the twelve-to-eighteen-month authorisation timeline — Codego's Banking-as-a-Service platform provides direct access to the full stack: native EU IBANs issued in six countries with SEPA, SEPA Instant, and SWIFT connectivity; Visa and Mastercard BIN-sponsored card programmes via Codego's card issuing and card processing infrastructure; and crypto-funded card products through the white-label crypto programme, with stablecoin and crypto-to-fiat conversion on the fly. Virtual cards are live on day one; physical cards within fifteen days.
Programme managers configure their product through a self-service portal — setting spend controls, KYC flows, and card design — while Codego's core banking and white-label bank layers handle ledger management, reconciliation, and regulatory reporting. Apple Pay and Google Pay provisioning is completed within 24 hours of card issuance. For businesses evaluating their own EMI application or seeking a compliant infrastructure partner in the interim, the programme assessment form provides a structured starting point.