Obligations of an Electronic Money Institution (EMI) After Obtaining a License

10.9.2025

Congratulations on securing your Electronic Money Institution (EMI) license from the Czech National Bank (CNB). This milestone opens access to the entire EU market, but the real challenge starts now. This guide offers a practical roadmap for meeting ongoing compliance obligations, helping your business thrive under EU regulation. As a leading Prague law firm with deep fintech expertise, ARROWS is here to guide you through what comes next.

Law firm for the obligations of electronic money institutions (EMIs) after obtaining a license

Need advice on this topic? Contact the ARROWS law firm by email office@arws.cz or phone +420 245 007 740. Your question will be answered by "Mgr. Marek Hučík", an expert on the subject.

The Shift from Applicant to Regulated Institution: Life After Your CNB License

Obtaining your EMI license fundamentally changes your relationship with the Czech National Bank. You are no longer an applicant seeking approval; you are now a supervised financial institution under the constant and comprehensive scrutiny of one of Europe's most respected regulators. The CNB's mandate is to ensure the stability and integrity of the entire Czech financial market, a role it takes very seriously.

This supervision is not a passive process. The CNB actively monitors your adherence to the conditions of your license, Czech laws like the Act No. 370/2017 Coll., on the Payment System, and a host of directly applicable EU regulations. The regulator's objective is not to prevent the failure of any single institution at all costs, but to protect the financial system as a whole. This means that if shortcomings are found, the CNB will not hesitate to use its remedial instruments, which can include fines, operational restrictions, and even license revocation.

The CNB's supervisory approach is holistic, not siloed. A failure in one area, such as a late or inaccurate report, will be viewed as a potential symptom of a wider weakness in your internal control systems. This can trigger heightened scrutiny across all aspects of your operation, from your capital reserves to your customer onboarding processes. Therefore, you cannot treat compliance as a simple checklist. You must cultivate an integrated "culture of compliance" where every operational decision is viewed through a regulatory lens.

office@arws.cz 245 007 740

FAQ – Legal tips about initial post-licensing steps

  • We just received our license. What is the very first thing we should do?

You should immediately activate the internal control, risk management, and governance frameworks that you detailed in your license application. Ensure your appointed Money Laundering Reporting Officer (MLRO) is fully operational and that your regulatory reporting calendar is established and integrated into your financial systems. For a comprehensive post-licensing checklist, contact our experts at office@arws.cz.

  • How often will we interact with the Czech National Bank (CNB)?

You will have regular, formal interactions through mandatory quarterly reporting. Beyond this, the CNB can conduct on-site inspections or request information at any time. Ad-hoc engagement often occurs if they identify any red flags in your reporting or through market intelligence. To ensure you are always prepared for regulatory engagement, email us at office@arws.cz.

Maintaining Financial Stability: What Are Your Ongoing Capital Requirements?

The initial capital of €350,000 required for your license is not a one-time fee; it is a prudential safeguard that must be maintained at all times as a baseline. More importantly, it is the floor, not the ceiling, of your financial obligations. As a licensed EMI, you are subject to ongoing capital adequacy requirements, a cornerstone of EU financial regulation designed to ensure you can absorb operational losses and protect the financial system.

Your ongoing capital requirement is dynamic and directly linked to the scale of your business. While the precise calculation method must be detailed in your application and approved by the CNB, a common approach under EU rules is that your "own funds" must never fall below 2% of the average outstanding electronic money you have issued. 

office@arws.cz 245 007 740

This framework is rooted in complex EU-level directives, including the Capital Requirements Directive (CRD IV) and the Capital Requirements Regulation (CRR), which create a single rulebook for prudential supervision.

This creates a direct and unbreakable link between your commercial success and your regulatory burden. As your business grows—attracting more users and increasing the volume of e-money in circulation—your mandatory capital holdings must also grow in lockstep. A highly successful marketing campaign that doubles your customer base could simultaneously trigger an immediate need for a significant capital injection to remain compliant. 

Failure to forecast this capital need could place a rapidly expanding company in breach of regulations at the very peak of its success. Financial planning and regulatory compliance are, therefore, inseparable disciplines.

Capital Adequacy Risks

Legal Risk and Potential Issues

How ARROWS Helps

Rapid Growth Outpacing Capital Reserves: A surge in business leads to your capital requirements exceeding available funds, forcing you to halt operations or refuse new customers to avoid a regulatory breach.

Legal Opinion & Financial Modeling: We provide legal opinions on the correct calculation methods for capital adequacy and work with your finance team to model capital needs against growth projections. Need to stress-test your financial plan? Email us at office@arws.cz.

Incorrect Calculation of Own Funds: You misinterpret the complex rules of CRD IV/CRR, leading to an overstatement of your capital. This error is discovered during a CNB audit, resulting in penalties and a loss of regulatory trust.

Regulatory Compliance Review: Our lawyers review your capital calculation methodology to ensure it aligns with CNB expectations and EU standards, preventing costly errors and regulatory sanctions. For a compliance review, contact us at office@arws.cz.

Failure to Report a Capital Shortfall: You attempt to conceal a temporary dip in your capital reserves. This is viewed by the regulator as a serious breach of transparency, leading to severe penalties and irreparable damage to your relationship with the CNB.

Crisis Management & CNB Representation: We advise on the correct procedures for notifying the CNB of any capital issues and represent you in communications to mitigate penalties and manage the regulatory fallout. Facing a regulatory issue? Write to us for immediate assistance at office@arws.cz.

Protecting Your Customers: How Must You Safeguard Client Funds?

One of your most critical ongoing duties as an EMI is the safeguarding of client funds. This is a non-negotiable obligation under the EU's Electronic Money Regulations (EMRs) and Payment Services Regulations (PSRs). Its sole purpose is to ensure that, in the event of your firm's insolvency, your clients' money is protected and can be returned to them.

There are two primary methods for safeguarding, and you must adhere strictly to the method approved in your license application:

1. The Segregation Method: This is the most common approach, used by over 95% of firms in the EU. It requires you to hold all client funds in a designated safeguarding account at an authorized credit institution (a bank). This account must be legally and operationally separate from your own corporate funds, which you use for operational expenses like salaries and rent. Client money can never be mixed with your own.

office@arws.cz 245 007 740

2. The Insurance/Guarantee Method: Alternatively, you can cover client funds with a specific insurance policy or a comparable guarantee from an authorized insurer or credit institution. This policy must be structured to pay out to your clients in the event of your insolvency.

Regardless of the method used, you must have robust internal procedures for daily reconciliation. At the end of each business day, you must be able to prove that the total amount of funds held in your safeguarding accounts (or covered by your insurance policy) precisely matches the total amount of electronic money you have issued to your clients.

Regulators across Europe apply intense scrutiny to safeguarding arrangements. This vigilance is a direct response to major failures in other jurisdictions. For instance, investigations into insolvent EMIs in the UK revealed an average shortfall of 80% between the funds owed to customers and the funds that were actually safeguarded.

European regulators, including the CNB, are acutely aware of these precedents. The EU legal framework is designed to ensure client funds are treated as client assets, not the EMI's, in an insolvency. For any foreign company operating from Prague, demonstrating a flawless, auditable, and resilient safeguarding system is the single most important factor in maintaining regulatory trust.

Building a Resilient Operation: What Governance and Controls Does the CNB Expect?

The CNB expects EMIs to be substantive, well-governed, and resilient operations, not just legal shells. Your ongoing compliance in this area rests on four key pillars:

  • Genuine Physical Presence: The CNB requires you to establish and maintain a genuine operational presence in the Czech Republic. A "letterbox company" with no real substance is unacceptable. You must have a physical office, and at least part of your business must be genuinely managed from within the country.
  • "Fit and Proper" Management: Your obligation to have a competent and trustworthy management team is continuous. All members of your management board, key function holders, and significant shareholders must continue to meet the "fit and proper" standard. This includes maintaining a clean criminal and regulatory record and possessing the relevant experience to manage a financial institution.
  • Robust Internal Controls: You must implement and continuously maintain the governance structure detailed in your license application. This includes a clear organizational chart, a comprehensive risk management framework, effective internal control systems, and procedures for regular internal audit. These systems are your first line of defense against operational, financial, and compliance risks.
  • Data Security and GDPR: As an entity processing sensitive customer financial data, you must ensure your IT systems are secure, robust, and fully compliant with the EU's General Data Protection Regulation (GDPR). This includes having clear policies for data protection, breach notification, and client privacy.

office@arws.cz 245 007 740

The "physical presence" requirement is a deliberate regulatory hurdle designed to ensure accountability. It prevents firms from operating in the EU while keeping their core management and decision-making functions beyond the effective reach of European regulators. 

For foreign companies, this has significant strategic and financial implications, requiring a budget for Czech-based real estate, staff, and operational infrastructure. It proves your commitment to the EU market and provides the CNB with tangible local oversight. ARROWS, as an international law firm operating from Prague, European Union, has deep experience helping foreign clients meet these substance requirements efficiently.

Corporate Governance Failures

Legal Risk and Potential Issues

How ARROWS Helps

"Letterbox Company" Accusation: The CNB determines your Czech office lacks genuine management and operational substance, viewing it as a mere front. This can lead to license suspension or revocation.

Corporate Structuring & Substance Advice: We advise on setting up an operational framework in Prague that meets the CNB's substance requirements, from drafting employment contracts for key local staff to advising on office setup. Need help establishing a genuine presence? Contact us at office@arws.cz.

Weak Internal Controls: An internal audit reveals critical gaps in your risk management or data security procedures, exposing your firm to both financial fraud and severe GDPR penalties.

Drafting Internal Policies: Our team drafts comprehensive internal control policies, risk management frameworks, and GDPR-compliant procedures to build a resilient and compliant operation from the ground up. Get tailored legal solutions by writing to office@arws.cz.

Key Personnel Fail "Fit and Proper" Test: A director is involved in a regulatory issue in another jurisdiction after your license is granted. Failure to report this to the CNB leads to their disqualification and damages your firm's credibility.

Ongoing Regulatory Counsel & Due Diligence: We provide ongoing counsel on "fit and proper" obligations and can manage the preparation of documentation for any changes in key personnel to ensure a smooth process. For assistance with vetting and documentation, email us at office@arws.cz.

Your Role in Fighting Financial Crime: What Are Your AML/CFT Obligations?

As a licensed EMI, you are on the front line in the fight against money laundering and terrorist financing. Under the Czech Act No. 253/2008 Coll., on Selected Measures against Legitimisation of Proceeds of Crime and Financing of Terrorism (the AML Act), you are classified as an "obliged entity" and must adhere to a strict set of anti-money laundering and counter-terrorist financing (AML/CFT) rules.

Your compliance is overseen by two powerful authorities working in close cooperation: the Czech National Bank (CNB) and the Financial Analytical Office (FAU), which is the Czech Republic's financial intelligence unit.

Your core AML/CFT obligations include:

  • Appointing a dedicated Money Laundering Reporting Officer (MLRO) responsible for overseeing your AML framework.
  • Implementing a risk-based policy for Customer Due Diligence (CDD) for all clients.
  • Conducting Enhanced Due Diligence (EDD) for high-risk clients, transactions, or clients from high-risk jurisdictions.
  • Implementing systems for continuous transaction monitoring to detect unusual or suspicious patterns of activity.
  • Reporting all suspicious activities to the FAU without delay.
  • Providing regular AML/CFT training for all relevant employees.

This dual-authority system means that a failure in your AML controls can trigger a two-pronged regulatory response. The FAU could launch an investigation into potential breaches of the AML Act, which can carry criminal penalties. 

office@arws.cz 245 007 740

Simultaneously, the CNB could move to suspend or revoke your EMI license on the grounds that your internal controls are inadequate, posing a systemic risk to the financial market. This dual jeopardy makes AML/CFT compliance an area of exceptionally high risk that demands constant vigilance and expert guidance.

FAQ – Legal tips about AML reporting

  • Who is the MLRO and do they need to be in the Czech Republic?

The Money Laundering Reporting Officer (MLRO) is a senior individual with sufficient authority who is responsible for your AML/CFT compliance framework and acts as the point of contact with the FAU. Regulators strongly prefer an MLRO with a significant presence in and deep understanding of the local jurisdiction. For guidance on appointing a suitable MLRO, contact us at office@arws.cz.

  • What triggers a "suspicious activity report" (SAR) to the FAU?

A SAR is triggered by any transaction or activity that is inconsistent with a client's known business or personal profile, lacks a clear economic purpose, or raises any other suspicion that it could be linked to illicit funds. We provide professional training for your staff on identifying and reporting suspicious activity. To learn more, email office@arws.cz.

Staying Transparent: What Must You Report to the Czech National Bank?

A cornerstone of the CNB's supervisory regime is a system of regular, detailed reporting. This provides the regulator with the data needed to monitor your financial health, your compliance with capital and safeguarding rules, and the overall risk you pose to the financial system. These duties are not suggestions; they are legally mandated under Decree No. 454/2017 Coll..

Your reporting obligations are structured as follows:

  • Frequency: You must compile and submit reports on a quarterly basis.
  • Deadlines: Reports for the first, second, and third quarters must be submitted within 30 days of the end of the quarter. The report for the fourth quarter has a slightly longer deadline of February 10th of the following year.
  • Format: All reports must be submitted electronically as structured data files through the CNB's dedicated data collection systems, such as SDNS. Submissions must be authenticated with a recognized electronic signature.

The required reports are highly specific and demand a significant level of detail:

  • PLT(ČNB) 10-04: A full quarterly balance sheet.
  • PLT(ČNB) 20-04: A quarterly profit and loss account.
  • PLT(ČNB) 30-04: A detailed report on your capital, including the calculation of your capital requirements.
  • PLT(ČNB) 40-04: A report on your eligible assets used for safeguarding, the total volume of payment transactions processed, and the volume of electronic money issued.

office@arws.cz 245 007 740

The prescriptive nature of these reporting requirements means they cannot be an afterthought. Your internal accounting, treasury, and IT systems must be designed from day one to capture and categorize financial data in the precise format the CNB requires. Attempting to extract this data retroactively from a generic accounting system is inefficient, prone to error, and a common source of non-compliance. Seeking legal advice during the system design phase is a crucial step to avoid costly future rework and regulatory penalties.

The Cost of Non-Compliance: What Penalties and Sanctions Can You Face?

Non-compliance with your obligations as a licensed EMI is not treated lightly by the Czech authorities. The potential consequences are severe and are designed to be a powerful deterrent, not just a "cost of doing business." Breaches can result in a cascade of penalties that threaten your operations, your finances, and the personal liberty of your management team.

The range of sanctions includes:

  • Hefty Administrative Fines: For serious breaches of financial regulations, such as those found in the EU's MiCA framework, fines can be enormous, potentially reaching up to €15 million or 15% of your total annual turnover. Even for seemingly minor administrative failures, like repeated late reporting, fines can reach CZK 500,000 (approx. €20,000) and can be imposed repeatedly for each offense.
  • License Suspension or Revocation: For systemic failures in critical areas like safeguarding or AML controls, the CNB has the power to suspend your operations or revoke your license entirely, effectively ending your ability to do business in the EU.
  • Criminal Liability: In cases of serious AML breaches, company executives and directors can face personal criminal liability, including imprisonment.
  • Reputational Damage: The CNB is empowered to publish its final enforcement decisions, creating significant and lasting reputational damage that can destroy trust with customers, partners, and investors.

The scale of these penalties demonstrates that the risk/reward calculation for cutting corners on compliance is overwhelmingly negative. The potential cost of failure far outweighs any perceived savings from under-investing in your compliance infrastructure. This reality underscores the absolute necessity of continuous, expert legal guidance to navigate the regulatory landscape.

office@arws.cz 245 007 740

Regulatory Enforcement Risks

Legal Risk and Potential Issues

How ARROWS Helps

Systemic AML Failures: A joint CNB/FAU audit uncovers persistent weaknesses in your customer due diligence and transaction monitoring, leading to proceedings for license revocation and potential criminal charges for directors.

Representation in Court or Before Public Authorities: We represent clients during regulatory inspections and enforcement proceedings, working to demonstrate remedial actions and negotiate favorable outcomes. Need legal representation? Write to office@arws.cz.

Inadequate Safeguarding Discovered: A surprise inspection reveals that client funds were not properly segregated or that reconciliations were inaccurate. The CNB imposes an immediate operational suspension and initiates penalty proceedings.

Preventative Audits & Documentation Drafting: We conduct mock regulatory audits to identify compliance gaps before the CNB does and draft the legally required documentation to prove your safeguarding methods are robust and auditable. Want to be inspection-ready? Contact us at office@arws.cz.

Repeated Late or Inaccurate Reporting: Consistent failure to meet the reporting deadlines and data standards under Decree 454/2017 Coll. leads to escalating fines, increased regulatory scrutiny, and public reputational damage.

Legal Consultations & Professional Training: We provide legal consultations to ensure your reporting systems are compliant and offer professional training for your finance and compliance teams on their specific duties, complete with certificates. To prevent penalties, get in touch at office@arws.cz.

A Global Perspective: How Does the Czech/EU Framework Compare to the UK and US?

Your choice of the Czech Republic for your EMI license was a strategic one, and understanding its advantages in a global context is key to leveraging its full potential. The EU, UK, and US have fundamentally different regulatory approaches to electronic money, making your Czech license a uniquely powerful asset.

  • The EU Advantage (via the Czech Republic): The most significant benefit of your full Czech EMI license is the right to "passport" your services. This allows you to operate across all 30 member states of the European Union (EU) and European Economic Area (EEA) without needing to apply for a new license in each country. This unified access to a market of over 450 million consumers is a massive strategic advantage. ARROWS, through its ARROWS International network built over 10 years, can support your cross-border operations across this entire market.
  • The Post-Brexit UK: Since the UK's withdrawal from the EU, an EMI license from the UK's Financial Conduct Authority (FCA) no longer includes passporting rights into Europe. A UK-based firm wishing to serve EU clients must now establish a separately licensed subsidiary in an EU member state, like the Czech Republic. The UK and EU are now on divergent regulatory paths, particularly in areas like safeguarding, where the UK is moving toward a different statutory trust model.
  • The Fragmented US System: The United States does not have a single, federal "EMI license." Instead, a fintech company must obtain Money Transmitter Licenses (MTLs) on a costly and complex state-by-state basis. This fragmented system requires navigating dozens of different state regulators and laws, making a nationwide launch a significant legal and administrative undertaking. The primary federal law, the Electronic Fund Transfer Act (Regulation E), governs consumer rights but does not create a unified licensing regime.

office@arws.cz 245 007 740

For a non-European fintech company looking to expand, the strategic implication is clear. A single license obtained in Prague provides a gateway to 30 national markets. A license in the UK unlocks one. A nationwide presence in the US requires dozens of separate applications. The Czech Republic is not just an option; it is the most efficient and powerful strategic choice for accessing the entire European continent.

Your Next Step: Securing Your EMI's Future in the European Union

Securing your EMI license was the end of the beginning. The ongoing success and survival of your business now depend on building and maintaining a robust, proactive, and expert-led compliance framework. The rules are complex, the regulator's expectations are high, and the penalties for failure are severe. Proactive compliance is not a cost center; it is the fundamental investment that protects your business, your customers, and your management team.

ARROWS is uniquely positioned to be your long-term legal partner on this journey. We combine deep, specialized knowledge of Czech and EU financial regulations with extensive experience in guiding foreign clients through these exact challenges. We understand the nuances that differentiate the Czech legal environment from other jurisdictions and provide strategic, business-focused advice that goes beyond simple legal interpretation.

To discuss how our team at ARROWS, an international law firm operating from Prague, European Union, can build a resilient compliance framework for your EMI, contact us today for a confidential consultation. Our lawyers are ready to assist you – email us at office@arws.cz.

FAQ – Most common legal questions about EMI Post-Licensing Compliance

1. Can we outsource our entire compliance function?

While you can and should hire external legal advisors like ARROWS to manage many compliance tasks, draft policies, and provide expert guidance, the ultimate legal responsibility for compliance always remains with the EMI's management and board of directors. For expert support in managing your compliance burden, write to us at office@arws.cz.

2. We are a non-EU company. Do our foreign directors also need to meet the "fit and proper" requirements?

Yes, absolutely. The CNB's "fit and proper" assessment is a continuous obligation that applies to all key management personnel and qualifying shareholders, regardless of their nationality or country of residence. Our firm can guide your international team through this process. For assistance, contact us at office@arws.cz.

3. What is the difference between a full EMI license and a Small EMI (SEMI) license?

A SEMI license has lower initial capital requirements but is strictly limited to operating only within the Czech Republic and is subject to caps on transaction volume and outstanding e-money. A full EMI license requires €350,000 in initial capital but grants valuable "passporting" rights across the entire EU. To determine the right license for your business model, email our lawyers at office@arws.cz.

4. How does the new EU MiCA regulation affect our EMI?

The Markets in Crypto-Assets (MiCA) regulation introduces a new EU-wide framework for crypto-assets. If your EMI issues e-money tokens (a type of stablecoin), you will have significant additional obligations under MiCA, including publishing a white paper and adhering to stricter governance and reserve rules. To understand how MiCA impacts your specific operations, get a tailored legal analysis by writing to office@arws.cz.

5. Our business model has changed slightly since we applied. Do we need to inform the CNB?

Yes. Any material change to your business model, the types of services you offer, your ownership structure, or your governance framework must be promptly reported to the CNB. In many cases, you will need prior approval before implementing the change. Failure to do so can be considered a serious breach. For guidance on notifying the regulator of changes, do not hesitate to contact our firm – office@arws.cz.

6. Can ARROWS help us connect with other businesses or investors in the Czech fintech ecosystem?

Yes. ARROWS supports over 150 joint-stock companies and 250 limited liability companies, and we often facilitate valuable connections where there are mutual business or investment interests. We welcome innovative business ideas and can help you navigate the local market to find partners and opportunities. To discuss your project, reach out to us at office@arws.cz.