Understanding how to be a payment institution in Finland is essential for any fintech founder, compliance officer or legal team planning to offer payment services in the Finnish market or passport into the wider EEA from Helsinki. The Finnish Financial Supervisory Authority (FIN-FSA) is the sole competent authority for granting payment institution (PI) and electronic money institution (EMI) authorisations, and its requirements are shaped by both national legislation and the evolving EU regulatory framework. With PSD3 and the new EU Payment Services Regulation (PSR) advancing through the legislative process in 2026, applicants now face tighter governance, capital and safeguarding expectations than at any point in the last decade.
This guide maps the complete authorisation process, from threshold assessment through post-licence reporting, and highlights every practical step a prospective payment institution must take to secure and maintain its FIN-FSA licence.
Yes. Any legal entity incorporated in Finland, or with a branch established in the country, may apply to FIN-FSA for authorisation as a payment institution, provided it meets the regulatory requirements set out in Finland’s Payment Institutions Act and the relevant EU directives. The process is rigorous but well-defined. At a glance, the core steps are:
Each of these steps is explained in detail in the sections that follow. Readers seeking a condensed checklist can also consult the FIN-FSA’s own guidance page for payment service providers.
Not every entity providing payment-related services requires full FIN-FSA authorisation. Finnish law distinguishes between registration (a lighter regime for smaller operators) and authorisation (required once activity exceeds defined thresholds). The critical dividing line centres on average monthly transaction volumes.
According to FIN-FSA guidance, a provider whose average monthly payment transaction volume does not exceed EUR 3 million may operate under a simpler registration regime. Once that threshold is exceeded, or if the entity intends to passport services into other EEA states, full authorisation as a payment institution is mandatory. For electronic money institutions, the threshold analysis applies to e-money outstanding rather than payment volumes alone.
| Criterion | Registration (smaller PI) | Full Authorisation (PI / EMI) |
|---|---|---|
| Average monthly transactions | Below EUR 3 million | EUR 3 million or above |
| Passporting across the EEA | Not permitted | Permitted (notification to FIN-FSA) |
| Capital requirements | Lower / proportionate | Full minimum initial capital applies |
| Supervisory reporting | Basic | Full ongoing reporting suite |
| FIN-FSA supervisory fees | Reduced | Standard annual fees |
Applicants should note that even below the EUR 3 million threshold, certain services, such as account information services (AIS) or payment initiation services (PIS), carry their own registration obligations under the revised payment services framework. Industry observers expect that PSD3 and the new PSR will tighten these thresholds and supervision of registered entities, making early engagement with FIN-FSA advisable regardless of current volumes.
Choosing the right licensing pathway is among the most consequential decisions a prospective payment institution in Finland will make. The three principal entity types, bank, authorised payment institution and electronic money institution, differ significantly in their permitted activities, capital burdens, supervisory intensity and time to market.
| Feature | Bank | Authorised Payment Institution (PI) | Electronic Money Institution (EMI) |
|---|---|---|---|
| Permitted services | Full banking: deposits, lending, payment services | Payment services only (money remittance, payment execution, PIS, AIS) | E-money issuance, payment services, distribution of e-money |
| Initial capital (EUR) | Varies, significantly higher (typically EUR 5 million+) | EUR 125,000 | EUR 350,000 |
| Deposit taking | Yes (deposit guarantee scheme applies) | No | No (e-money is not a deposit) |
| Safeguarding of client funds | Deposit guarantee scheme | Segregated account or insurance/guarantee | Segregated account or insurance/guarantee |
| Passporting across the EEA | Yes | Yes | Yes |
| Typical time to authorisation | 12–24 months | 3–9 months | 4–12 months |
| Prudential supervision | Extensive (ECB / SSM for significant institutions) | FIN-FSA (proportionate) | FIN-FSA (proportionate, slightly higher than PI) |
For most fintechs entering the Finnish market, the PI route offers the fastest path and the lowest capital burden. The EMI licence is necessary only where the business model involves issuing stored-value products that qualify as electronic money. A full banking licence is disproportionate for companies whose core activity is payment processing, remittance or initiation. Understanding these distinctions early prevents costly pivots mid-application.
The FIN-FSA authorisation process for payment service providers follows a structured sequence. Applicants who prepare thoroughly and engage in pre-application dialogue tend to move through the process more efficiently. Below is the end-to-end workflow, broken into four phases.
Before submitting a formal application, prospective applicants should request a pre-application meeting with FIN-FSA. This meeting is not mandatory, but it allows the regulator to signal any preliminary concerns about the business model, governance or safeguarding approach. During this phase the applicant should:
The formal application is submitted to FIN-FSA together with a comprehensive dossier. Based on FIN-FSA’s published guidance for FIN-FSA payment service providers, the core documents include:
Once the application is filed, FIN-FSA conducts a substantive review. The regulator will typically issue one or more rounds of supplementary questions. Response times from the applicant directly influence the overall timeline. Applicants should assign a dedicated regulatory liaison to manage the Q&A process and maintain a log of all correspondence.
FIN-FSA issues a formal decision either granting or refusing authorisation. Upon approval, the entity is entered into the FIN-FSA national register and notified to the European Banking Authority (EBA) for inclusion in the EU-wide register of payment and electronic money institutions. The authorised payment institution in Finland may then begin providing payment services and, if desired, initiate the passporting notification process to operate in other EEA states.
| Phase | Estimated duration | Key deliverable |
|---|---|---|
| Pre-application | 4–8 weeks | Programme of operations; fit-and-proper files |
| Application submission | 1–2 weeks | Full dossier filed with FIN-FSA |
| FIN-FSA review and Q&A | 8–24 weeks | Responses to supplementary questions |
| Decision and registration | 2–4 weeks | Formal authorisation; register entry |
Overall, a well-prepared PI application can achieve authorisation in approximately three to nine months. EMI applications generally take longer owing to the additional complexity of e-money safeguarding and higher capital requirements. The actual processing time depends on the completeness of the submission and FIN-FSA’s caseload at the time of filing.
Capital and safeguarding sit at the heart of any payment institution application. FIN-FSA scrutinises both the initial capital at the point of authorisation and the ongoing own funds the entity must maintain throughout the life of the licence.
The minimum initial capital thresholds for payment institutions and electronic money institutions in Finland are drawn from EU directives and transposed into Finnish law. The applicable minimums are:
| Entity type | Minimum initial capital | Notes |
|---|---|---|
| Payment Institution (PI), money remittance only | EUR 20,000 | Applies to entities providing only money remittance services |
| Payment Institution (PI), payment initiation services only | EUR 50,000 | PIS-only providers |
| Payment Institution (PI), full payment services | EUR 125,000 | Execution of payment transactions, acquiring, etc. |
| Electronic Money Institution (EMI) | EUR 350,000 | Issuance of e-money and related payment services |
Capital must be fully paid up and evidenced at the time of application. FIN-FSA may require an auditor’s confirmation. The capital must remain available and unencumbered, it cannot consist of funds borrowed from related parties.
After authorisation, the PI or EMI must maintain own funds calculated using one of three methods prescribed by the EU framework (Methods A, B or C), based on transaction volumes, overheads or a combination. FIN-FSA may specify which method applies. Own funds must at all times meet or exceed the higher of the initial capital minimum and the calculated ongoing requirement.
Safeguarding is the mechanism by which a payment institution protects the funds it holds on behalf of clients. Under Finnish law and the EU framework, a PI or EMI must ensure that customer funds are ring-fenced from the institution’s own assets. FIN-FSA accepts two principal safeguarding models:
| Safeguarding model | How it works | When to choose it |
|---|---|---|
| Segregated account method | Client funds are deposited in a dedicated, segregated account at a credit institution (bank) or invested in secure, liquid, low-risk assets approved by FIN-FSA. The funds are insolvency-remote from the PI’s own estate. | Most common choice; suitable for high-volume PIs and EMIs with predictable fund flows. |
| Insurance or guarantee method | An insurance policy or comparable guarantee from an authorised insurer or credit institution covers the amount of client funds held. The policy must pay out directly to clients in the event of the PI’s insolvency. | Suitable where segregated banking relationships are difficult to establish; less common in Finland. |
Applicants must describe their chosen safeguarding model in detail in the application dossier, including the identity of the custodian bank or insurer, the contractual terms and the procedures for reconciling client balances daily. FIN-FSA expects evidence that the safeguarding mechanism is operational, not merely planned, before authorisation is granted. Industry observers expect PSD3 and the new PSR to further tighten safeguarding requirements, potentially mandating more frequent reconciliation and stricter insolvency-remoteness tests.
Meeting the payment institution requirements in Finland goes well beyond capital and safeguarding. FIN-FSA expects applicants to demonstrate robust governance, anti-money-laundering controls, IT security and operational resilience from day one.
Finland’s Anti-Money Laundering Act transposes the EU’s anti-money-laundering directives. Every payment institution must:
PIs and EMIs frequently outsource critical functions, core banking systems, cloud infrastructure, customer support. FIN-FSA requires an outsourcing policy that identifies all material outsourced functions, assesses the risks and ensures that supervision is not compromised. The EU Digital Operational Resilience Act (DORA), which applies from January 2025, adds further obligations around ICT third-party risk management, incident reporting and resilience testing that apply to payment institutions.
FIN-FSA expects applicants to demonstrate strong customer authentication (SCA) capabilities and secure communication channels in line with the PSD2 Regulatory Technical Standards. IT systems must be subject to regular penetration testing, business continuity planning and incident management procedures. Under the new PSR, these expectations are likely to be reinforced and, in certain areas, made directly applicable via regulation rather than directive.
The EU’s legislative overhaul of the payments framework, comprising the third Payment Services Directive (PSD3) and the directly applicable Payment Services Regulation (PSR), represents the most significant change to the regulatory landscape since PSD2 entered force. While the precise timelines for final adoption and national transposition continue to evolve, the direction of travel is clear and the practical implications for anyone seeking to become a payment institution in Finland are already shaping applications.
The key changes that early indications suggest will affect PI and EMI applicants include:
| PSD3/PSR milestone | Expected timing | Practical action for applicants |
|---|---|---|
| European Commission proposal published | June 2023 | Review proposal text and map to current business model |
| Council and Parliament positions / trilogue | 2024–2025 | Monitor negotiation outcomes; adjust application dossier assumptions |
| Final text adopted and published in Official Journal | 2026 (expected) | Confirm final capital, safeguarding and governance requirements |
| PSR becomes directly applicable / PSD3 transposition deadline | 18–24 months after adoption | Ensure full compliance at operational level; update FIN-FSA filings |
Applicants filing now should build their governance and safeguarding frameworks to the higher PSD3/PSR standard rather than relying on current minimum requirements. This approach avoids costly retrofitting and signals regulatory maturity to FIN-FSA during the review process.
Securing authorisation is the beginning, not the end, of the regulatory relationship. An authorised payment institution in Finland must meet ongoing obligations that include supervisory reporting, fee payments and, for those seeking cross-border activity, the passporting notification process.
A practical first-year compliance checklist should include: confirming register entry with both FIN-FSA and EBA, filing initial supervisory returns, conducting the first internal audit of AML controls, performing ICT resilience testing under DORA obligations, and initiating any planned passporting notifications.
This article was produced by Global Law Experts. For specialist advice on this topic, contact Jussi Salo at Fondia, a member of the Global Law Experts network.
posted 16 minutes ago
posted 21 minutes ago
posted 42 minutes ago
posted 46 minutes ago
posted 1 hour ago
posted 1 hour ago
posted 2 hours ago
posted 2 hours ago
posted 3 hours ago
posted 3 hours ago
posted 4 hours ago
posted 4 hours ago
Find the right Legal Expert for your business
Sign up for the latest legal briefings and news within Global Law Experts’ community, as well as a whole host of features, editorial and conference updates direct to your email inbox.
Naturally you can unsubscribe at any time.
Global Law Experts is dedicated to providing exceptional legal services to clients around the world. With a vast network of highly skilled and experienced lawyers, we are committed to delivering innovative and tailored solutions to meet the diverse needs of our clients in various jurisdictions.
Global Law Experts is dedicated to providing exceptional legal services to clients around the world. With a vast network of highly skilled and experienced lawyers, we are committed to delivering innovative and tailored solutions to meet the diverse needs of our clients in various jurisdictions.
Send welcome message