Banking licence and credit institution authorisation routes
A banking licence — formally a credit institution authorisation — is the only route that permits the acceptance of deposits repayable on demand. It is the most complex and capital-intensive regulated authorisation in the EU/EEA financial services framework and is required for any business that wishes to take deposits, extend credit funded by customer money, or present itself as a bank.
What a banking licence covers
A credit institution authorisation is defined in CRD5 Article 4 as the business of taking deposits or other repayable funds from the public and granting credits for its own account. NCAs may also grant specific limited banking licences covering a narrower activity scope.
- Acceptance of deposits and other repayable funds from the public — the defining activity of a credit institution.
- Granting of credits and loans funded by deposit liabilities, own funds, and wholesale funding.
- Issuance of guarantees, standby letters of credit, and documentary credit facilities.
- Trading on own account in financial instruments, foreign exchange, and money-market instruments.
- Provision of payment services, including all PSD2 payment service categories.
- Issuance of e-money and prepaid instruments (where authorised under EMD2 equivalent provisions).
- Participation in securities issuance, underwriting, and placement services.
- Safe-keeping of financial instruments and asset management for third parties.
The phrase 'banking licence' is sometimes used informally to describe EMI or PI authorisations. Only a credit institution authorisation under CRD5 permits the actual acceptance of deposits. Using 'bank', 'banking', or 'deposit' in marketing without a credit institution licence is a criminal offence in most EEA jurisdictions.
What this route is not — scope limits
A banking licence is the broadest financial services authorisation in the EU/EEA. However, it does not authorise every financial activity. Several adjacent areas require separate or additional authorisation.
- Investment services and MiFID II regulated activities (portfolio management, investment advice, execution of orders) require a MiFID investment firm authorisation in addition to or separately from the banking licence, unless the bank's licence specifically covers those activities.
- Insurance and reinsurance distribution requires FCA/IDD authorisation — banking does not cover insurance risk-taking.
- Crypto-asset services under MiCA require a CASP authorisation, unless the bank obtains explicit NCA permission to extend its licence to MiCA activities.
- Consumer credit in some jurisdictions requires a separate national consumer credit authorisation even for banks.
- Banking licence does not remove the obligation to comply with AML/CTF laws — banks are obliged entities with the highest regulatory scrutiny.
Banking vs EMI vs PI — decision matrix
A banking licence is the correct route only if deposit-taking or balance-sheet lending is core to the business model. Fintech businesses often find EMI or PI sufficient.
| Criteria | Banking LicenceCredit Institution | EMIE-Money Institution | PIPayment Institution |
|---|---|---|---|
| Accept deposits (repayable on demand) | |||
| Extend credit from own balance sheet | |||
| Issue e-money / stored value | |||
| Execute payment transactions | |||
| Issue prepaid cards / wallets | |||
| Money remittance | |||
| Deposit guarantee scheme coverage | |||
| EEA passport | |||
| Minimum initial capital | €5m+ | €350k | €20k–€125k |
| Full Basel III / CRR2 capital regime | |||
| Typical authorisation timeline | 12–36 mo | 6–18 mo | 3–12 mo |
Permitted and excluded activities
Credit institutions may engage in a broad range of financial activities. The table below covers common activities relevant to fintech and challenger bank projects.
Covered by this licence
- Accept deposits repayable on demand
- Grant loans and credit lines
- Issue e-money and prepaid cards
- Execute payment transactions (all PSD2 categories)
- Trade on own account in financial instruments
- Issue guarantees and standby letters of credit
- Provide FX conversion services
- Safekeeping and administration of securities
Not covered — separate licence required
- Provide MiFID investment services without MiFID licenceRequires MiFID investment firm authorisation unless explicitly covered
- Underwrite insurance riskInsurance undertaking authorisation required
- Provide crypto-asset services under MiCA without CASP authorisationBanks must apply for a MiCA extension if providing CASP services
Banking compliance obligations
The banking compliance stack is materially more extensive than EMI or PI. The following areas represent the minimum framework for a new credit institution.
€5m minimum paid-up capital at authorisation; NCAs routinely set higher requirements based on the business plan.
CET1 ≥ 4.5%, Tier 1 ≥ 6%, Total Capital ≥ 8% of risk-weighted assets; plus capital conservation buffer and any O-SII buffer.
Annual Internal Capital Adequacy Assessment Process; NCA conducts Supervisory Review and Evaluation Process and may impose a Pillar 2 capital add-on.
Liquidity Coverage Ratio ≥ 100%; Net Stable Funding Ratio ≥ 100% — ongoing daily and monthly monitoring required.
Banks face the highest regulatory scrutiny under AMLD6. Full CDD, EDD, transaction monitoring, MLRO, SAR reporting, and de-risking obligations.
Two-person management principle; supervised persons regime; NCA approval of all management body members and key function holders.
Large exposure limits (25% of own funds); resolution planning obligations under BRRD for systemically relevant institutions.
Mandatory participation in the national DGS (or ICS for building societies); contribution to DGS fund.
Is a banking licence right for your project?
Very few fintech projects genuinely require a banking licence. Evaluate whether EMI or PI covers your model before beginning the banking authorisation process.
Best for
- Challenger banks and neobanks that intend to hold deposits as a core product and wish to offer deposit-guarantee-scheme protection to retail customers.
- Lending platforms that need to fund loans from balance-sheet deposits rather than wholesale funding or investor capital.
- Businesses that want to describe their product as a 'bank account' or offer 'savings accounts' — these terms imply deposit-taking.
- Institutions targeting corporate treasury mandates where counterparty status as a credit institution is contractually required.
- Businesses seeking to offer the full suite of payment, e-money, and lending services from a single licence without licence stacking.
Not for
- Digital wallet providers that do not intend to accept deposits — an EMI licence is sufficient and far faster to obtain.
- Pure payment processors or money remittance businesses — a PI licence covers these activities at a fraction of the cost and complexity.
- Crypto-asset businesses whose model is entirely within the VASP/MiCA perimeter — banking and MiCA authorisations are separate.
- Early-stage fintechs without €5m+ in committed capital, experienced banking management, and 12–36 months of runway to complete the authorisation process.
- Businesses based entirely outside the EEA that do not need EU regulatory status — local licensing may be a more proportionate route.
Banking application readiness checklist
NCAs reject or return the majority of first-time banking applications due to insufficient preparation in the areas below. Each item should be addressed before submission.
- Capital — quantum and sourceCritical
€5m minimum fully paid-up at submission; additional buffer recommended. NCA will scrutinise source of capital, shareholder structure, and whether capital is free from encumbrances or conditions.
- Management body compositionCritical
All management body members must satisfy the NCA's fit-and-proper assessment before authorisation. At minimum two independent directors with direct banking or regulated-industry experience are expected. NCA interviews are standard.
- Business plan and financial modelCritical
A detailed 5-year financial model including loan-book projections, deposit-taking assumptions, capital trajectory, liquidity stress scenarios, and profitability analysis. Assumptions must be explained and evidenced.
- ICAAP and capital planningCritical
A draft Internal Capital Adequacy Assessment Process document covering Pillar 1 and Pillar 2 risks, stress testing methodology, and capital planning under adverse scenarios.
- AML/CTF frameworkCritical
Full AML policy suite, CDD and EDD procedures, transaction monitoring system (vendor or in-house), named MLRO with relevant banking AML experience, and documented SAR reporting process.
- Recovery and resolution planningImportant
NCAs require evidence that the applicant has considered recovery scenarios and resolution options, particularly for retail deposit-taking institutions.
- IT infrastructure and outsourcingImportant
Core banking system selection or build, data governance, outsourcing register, business continuity plan, and information security policy suite — increasingly scrutinised for operational resilience.
- Deposit guarantee scheme planAdvisory
Evidence that the applicant has contacted the national DGS, understands contribution obligations, and has budgeted for DGS membership costs from day one of operation.
Banking applications that return to the NCA multiple times due to missing documentation are the norm, not the exception. Engage specialist advisers before submission — NCA clock-stops are frequent and extend timelines significantly.
Related and alternative authorisation routes
A banking licence is the highest-burden regulatory route. Consider whether one of the following provides sufficient scope for your business model before proceeding.
Digital wallets, prepaid card issuers, and neobanks that need to hold user funds and issue stored value, without balance-sheet lending or deposit guarantees. €350k minimum capital.
EMI cannot accept deposits or extend credit funded from customer balances. If deposit guarantee scheme membership or lending is required, banking is unavoidable.
Pure payment processing, money remittance, and payment account provision without stored value issuance. €20k–€125k minimum capital. Fastest regulated payment route.
PI cannot issue e-money, hold balances that users can redeem at will, or provide deposit-equivalent products.
Businesses whose product is primarily a crypto-asset service — custody, exchange, or issuance — and not a traditional banking product.
MiCA / VASP authorisation does not provide deposit-taking or lending capability and cannot substitute for banking where fiat deposit-taking is required.
Banking licence — frequently asked questions
The EU minimum under CRD5 is €5 million, but most NCAs require applicants to demonstrate capital well in excess of this based on the specific risk profile and business model. Some jurisdictions set higher national minimums.
Typically 12–36 months from a complete application submission to authorisation, depending on jurisdiction and complexity. The formal NCA review period is usually 12 months from a complete application, but pre-application dialogue and preparation add significant time.
An EMI must submit a new credit institution authorisation application — there is no automatic 'upgrade' pathway. However, existing EMI infrastructure, governance, and compliance records can support and accelerate the banking application.
Lithuania and Malta have historically been accessible entry points for EU banking applications due to NCA capacity and willingness to engage with fintech models. Germany (BaFin) and the Netherlands (DNB) have robust processes but longer timelines. The appropriate jurisdiction depends on the business model and target market.
Most crypto-asset businesses do not need a banking licence — MiCA authorisation covers the CASP activities. A banking licence is required only if the crypto business also intends to accept fiat deposits or extend credit from its own balance sheet.
This page provides general educational information about banking licence routes. It does not constitute legal or regulatory advice. Engage a licensed compliance adviser before commencing an application.