What Regulators Actually Look For in an EMI Application — Beyond the Checklist

Every jurisdiction publishes guidance on what an EMI or PI application should contain. Business plan. Financial projections. Governance structure. AML policies. Risk framework. Capital adequacy. The checklist is public. The bar for passing isn't.

Having led license applications in Luxembourg, Brazil, Cyprus, and the Netherlands, I can tell you: the difference between applications that get approved and applications that stall is rarely about what's included. It's about how it's presented and whether the regulator believes you've actually thought it through.

Regulators aren't evaluating whether your revenue projections are accurate. They know you're guessing. What they're testing is whether your model demonstrates that you understand the economics of your business.

Do your costs reflect the actual infrastructure you'll need? Not just salaries and rent — but scheme fees, banking costs, compliance tools, audit fees, insurance. Do your projections show when you'll need additional capital? Is your safeguarding framework costed? Does your FX exposure show up in the model?

A model that shows hockey-stick revenue with flat costs tells the regulator you don't understand the business you're applying to run. A model that shows realistic losses in years one and two, with clear assumptions about when and how breakeven occurs, tells them you do.

The second area where applications fail is governance. Many applicants submit an organizational structure with boxes and lines — CEO, CFO, Head of Compliance, Head of Operations — and consider it done.

Regulators want to know: Who are these people, specifically? What is their experience? Have they operated in a regulated environment before? Are they fit and proper — and can they pass the assessment? Do you have a clear segregation of duties? Who approves what? What happens when the compliance officer flags a concern — does it go to the board, or does it get buried?

The quality of your key function holders is often the single most important factor in a license application. I've seen applications stall for months because the proposed director couldn't demonstrate relevant experience. And I've seen applications accelerate because the applicant presented a board with genuine regulatory and operational credibility.

Lawyers and compliance consultants do an excellent job on the legal and regulatory framework. AML policies, risk assessments, governance documents — these are typically well-prepared.

The operational plan is usually not. Because the people writing the application are rarely the people who will run the operations.

The regulator wants to see: How will you actually process payments? What systems will you use? How does settlement work? How is safeguarding managed — not in theory, but in practice? What does your reconciliation process look like? How will you handle incidents? What's your disaster recovery plan?

These aren't compliance questions. They're operations questions. And if the application reads like it was written by someone who's never run a payment institution, the regulator notices.

The CBC in Cyprus tends to be pragmatic and relationship-driven. They want to know you're serious, and they want to see you face-to-face. The conversation matters as much as the paperwork.

The CSSF in Luxembourg is thorough and process-oriented. They will ask detailed follow-up questions, often weeks after submission. The quality of your responses to those questions matters as much as the initial application.

The BCB in Brazil has its own framework entirely — deeply influenced by the Pix ecosystem and local market requirements. Understanding what "payment institution" means in Brazil versus Europe is essential before you even start writing.

The DNB in the Netherlands is rigorous on governance and IT risk. They want to see that your technology infrastructure is robust, that you have clear IT governance, and that your operational resilience framework is credible.

The FCA in the UK is arguably the most demanding. The bar for approved persons is high, the scrutiny on financial crime controls is intense, and the ongoing supervision expectations mean that what you promise in your application, you must deliver in practice.

We don't just help you fill out the application. We help you design the operation that the application describes — so that when the regulator asks "how does this work in practice," you have an answer that's both true and impressive.