This page summarizes the legal and supervisory framework and the operational expectations for financial institutions evaluating AML software Lithuania, filing via goAML Lithuania, and implementing sanctions screening Lithuania.
Last Updated: 2025-09-07.
Lithuania’s AML/CFT framework is built on the Law on the Prevention of Money Laundering and Terrorist Financing (LPMLTF), which transposes EU AML directives into national law. The Financial Crime Investigation Service (FNTT) serves as Lithuania’s FIU, enforcing the LPMLTF across all obliged entities (banks, credit unions, e-money and payment institutions, cryptocurrency providers, casinos, auditors, notaries, and other non-financial businesses). Key obligations include conducting customer due diligence (KYC) on clients, identifying and verifying beneficial owners of legal entities, screening for Politically Exposed Persons (PEPs), adopting a risk-based approach with ongoing monitoring of transactions, promptly reporting suspicious transactions to FNTT via the goAML system, and adhering to international financial sanctions (UN/EU lists) by freezing and reporting any assets linked to designated parties. Comprehensive recordkeeping of customer and transaction data is mandated (generally for at least 10 years), and each institution must maintain an internal AML/CFT program with written policies, a designated compliance officer, regular staff training, and an independent audit of effectiveness. Increasing digital transaction volumes make manual compliance controls insufficient; supervisory expectations in Lithuania emphasize automated, dynamic controls with full audit trails, versioning of rule changes, and senior management oversight to demonstrate effective governance.
Suspicious activity must be reported immediately once reasonable grounds are established – effectively within 3 hours under the LPMLTF. If a transaction is in progress, it should be suspended and an STR filed via FNTT’s goAML system without delay (tipping-off is prohibited).
At least 10 years under Lithuania’s AML laws. Financial institutions must keep all customer identification records, transaction documents, and STR/CTR filings for a minimum of ten years (often counted from the end of the customer relationship or transaction) to ensure information is available for regulatory review.
Any cash transaction or series of linked cash transactions totaling €15,000 or more triggers a mandatory CTR. Lithuanian law requires obliged entities to report such large cash transactions to FNTT, and the report must be submitted within 7 working days of the transaction(s).
Banks and other obliged entities in Lithuania must screen customers and transactions against the current UN and EU sanctions lists. If a true match to a sanctioned person or entity is found, the institution must immediately freeze the assets (block the transaction/account) and promptly inform the competent authority (usually FNTT or the Bank of Lithuania) as required by law.
If a customer or beneficial owner is a Politically Exposed Person (PEP), the institution must apply EDD. This includes obtaining senior management approval to establish or continue the business relationship, determining the PEP’s source of wealth and source of funds, and conducting enhanced ongoing monitoring of the relationship. These steps, mandated by the LPMLTF, ensure higher scrutiny and oversight for PEP clients.
Copyright © 2025 H3M Analytics Inc.
ISO/IEC 27001:2022 & ISO/IEC 22301:2019 certified — Certificates CFE/25/55892 and CFE/25/41059; valid 12 Aug 2025–11 Aug 2028
We use cookies to ensure that we give you the best experience on our website to personalise content and adverts and to analyse our traffic using Google Analytics.