Payment Services Act and PSD2:

This guide provides specific, actionable answers for foreign businesses and investors navigating the Czech Republic's FinTech regulations. We will demystify the legal landscape, from the Payment Services Act to PSD2 compliance, and outline the strategic steps for a successful launch from Prague.

Need advice on this topic? Contact the ARROWS law firm by email office@arws.cz or phone +420 245 007 740. Your question will be answered by "Mgr. Marek Hučík", an expert on the subject.

The New Era of Digital Payments—Building a Secure Base in the European Union

What Is PSD2 and Why Does It Matter to Your Business?

The revised Payment Services Directive (PSD2), a key European regulation, came into effect in 2016 as an update to the original directive from 2007. The EU adopted PSD2 to address the challenges and opportunities of rapidly growing online and mobile transactions.

PSD2’s primary objectives are to make European online payments more secure and to foster market competition. It lowers barriers for new players like FinTech companies by requiring banks to open their services to third-party providers with customer consent.

PSD2 is built on several key components that shape the modern payment landscape. The most prominent is Strong Customer Authentication (SCA), which mandates multifactor authentication for most online transactions to minimize digital payment fraud.

This typically involves verifying a customer's identity using at least two independent elements from three categories: something they know, something they have, and something they are.

Another critical component is Open Banking, which, with customer consent, requires banks to provide third-party providers with access to customer bank accounts. This enables services like

Account Information Service Providers (AISPs), which consolidate information from different bank accounts.

The directive also enables Payment Initiation Service Providers (PISPs), which can initiate payments on a user's behalf. Additionally, PSD2 has introduced stricter security requirements and protected consumers by prohibiting surcharges for card payments within the EU.

The EU has also proposed a PSD3 revision to address new forms of fraud, such as "spoofing". This continuous evolution of the framework demonstrates that compliance is an ongoing process requiring constant adaptation.

A Safe European Harbour: How Czechia Became a FinTech Hub

The Czech Republic has become a premier destination for FinTech companies, offering a compelling blend of legal stability and a progressive regulatory environment. The national implementation of PSD2 is enshrined in Czech Payment Services Act No. 370/2017 Coll., which provides a clear legal framework.

The Czech FinTech ecosystem is vibrant, with over 200 companies and projects, both regulated and unregulated, operating within the sector. Czech consumers are at the forefront of digital payment adoption, with nearly 57% making cashless payments and 99% of domestic card payments being contactless.

This high level of digital readiness makes the Czech Republic a highly attractive market for foreign firms. The financial market is overseen by a strong and independent regulator, the Czech National Bank (CNB), which is tasked with ensuring financial stability.

While some may perceive the Czech Republic as a place where financial licenses are easy to acquire, this is a dangerous misconception. The CNB has been actively "cleaning" the market by revoking licenses from non-operational "shell" companies.

This proactive regulatory stance demonstrates a commitment to a quality-over-quantity approach, ensuring that the Czech market remains a genuinely "safe harbour". For a foreign entrepreneur, this means that a successful licensing application must prove a genuine, long-term commitment.

Securing a license from a strict and credible regulator like the CNB provides a stamp of legitimacy that can be crucial for future business success and expansion across the EU.

Gaining Legal Access to the European Market

Which Licenses Do You Need to Operate in the Czech Republic?

For a FinTech company to operate legally within the Czech Republic and the broader European Union, it must obtain the correct license from the Czech National Bank (CNB). The choice of license is a strategic business decision that can significantly impact a company's future growth. The two primary types of full-scope licenses are the Payment Institution (PI) license and the Electronic Money Institution (EMI) license.

A Payment Institution license authorizes a company to provide a range of payment services, such as money remittance and payment processing. The initial capital required for a PI license is lower, ranging from €20,000 to €125,000, depending on the specific services offered.

In contrast, an Electronic Money Institution license is more comprehensive, granting all the rights of a PI license plus the ability to issue and manage electronic money (e-money), such as digital wallets and prepaid cards. An EMI license requires a much higher minimum initial capital of €350,000. The CNB's review process for an EMI license is more intensive and detailed, reflecting the heightened responsibility that comes with holding and safeguarding customer funds.

This distinction is not merely about capital requirements; it is about future-proofing your business. A company might initially opt for the lower capital barrier of a PI license, but as its business grows, it may need to issue e-money.

In such a scenario, upgrading from a PI to an EMI license is not a simple amendment but requires a completely new, full-scope application process. This can lead to a long and expensive delay, during which competitors could gain a significant market advantage.

Therefore, a careful analysis of the long-term business model is essential to select the right license from the outset, avoiding costly and time-consuming re-application processes down the line.

The Ultimate Advantage: How to 'Passport' Your Business Across the EU

One of the most compelling strategic benefits of obtaining a full-scope financial license in the Czech Republic is the ability to leverage passporting. Once the CNB grants a full PI or EMI license, the institution automatically gains the right to offer its services across all 30 member states of the European Economic Area (EEA) without needing a new license in each country.

This mechanism transforms a locally licensed company into a pan-European player, granting immediate access to one of the world's largest and most lucrative markets. For foreign, non-EEA entities, this is a distinct advantage compared to the alternative of a complex, country-by-country approach.

Without a single European license, these firms must consider local laws and registration obligations on a case-by-case basis. Offering services aimed at the Czech Republic, even through a website, can trigger local licensing requirements.

A notable exception is "reverse solicitation," where a customer independently and proactively contacts the foreign entity. The rigor of the CNB's licensing process is a pre-emptive measure to ensure that licensed companies are genuinely ready to take full advantage of the passporting benefit.

The CNB's strict scrutiny serves as a mark of credibility, helping to build trust with other EU regulators and facilitating a seamless expansion across the bloc. Passporting is not merely a legal formality; it is a stamp of quality and operational readiness.

What It Takes to Succeed: Your Application Blueprint

Obtaining a financial license from the CNB is a rigorous process that demands a meticulous and professionally prepared application. The CNB evaluates every aspect of the applicant's business to ensure it is financially sound, operationally robust, and managed by trustworthy individuals.

The single most important document in the application package is the business plan. The CNB expects a highly detailed, realistic, and comprehensive blueprint for the first three years of operation. A generic or poorly justified plan is the most common reason for rejection.

The business plan must include a detailed description of the proposed services, a thorough market analysis focused on the EU, a credible marketing strategy, and sound financial projections. The CNB is particularly scrupulous with applications from firms with founders from CIS countries, which necessitates an even higher degree of detail and transparency.

In addition to the business plan, applicants must demonstrate operational and technical readiness. This includes proving sufficient material, technical, and organizational resources to provide services securely and reliably.

A key requirement is the establishment of a physical office in the Czech Republic, as the CNB expects at least part of the business to be genuinely managed from within the country.

Furthermore, all members of the management board, key function holders, and significant shareholders must undergo a "fit and proper" assessment. This involves a thorough vetting of their professional qualifications, relevant experience, and personal integrity, including a clean criminal and regulatory record.

The application process requires a strategic approach, detailed financial modeling, and a deep understanding of the regulator's priorities.

Contact our experts:

FAQ – Legal Tips About Your FinTech License

1. How long does the licensing process take?

The application for a full Payment Institution (PI) license can take approximately 12 months, while an Electronic Money Institution (EMI) license can be obtained in about 6 months on average. These timeframes do not include the preparatory procedures, which typically take an additional 3–4 months. For immediate assistance, write to us at office@arws.cz.

2. Can I obtain a license with a limited liability company (SRO)?

Yes, a limited liability company (SRO) is a common choice for a legal entity with a registered office in the Czech Republic, which is a requirement for a license. Our lawyers are ready to assist you – email us at office@arws.cz.

3. What happens if our application is rejected?

Rejection is common for applications with generic or poorly justified business plans. This can result in significant delays and a loss of market share to more agile competitors. Get tailored legal solutions by writing to office@arws.cz.

The High Stakes of Non-Compliance

The Perils of Operating Without a License

For any FinTech company operating in the Czech Republic, proceeding without a proper license is an existential threat. The potential consequences of non-compliance are severe, ranging from massive financial penalties to criminal charges and irreparable reputational damage.

Operating an unlicensed financial business can lead to significant financial penalties. For instance, an offense under the Trade Licensing Act can result in a fine of up to 500,000 CZK.

In cases of severe non-compliance with Anti-Money Laundering (AML) regulations, the penalty can skyrocket to 30,000,000 CZK. These penalties are particularly dangerous because they can be imposed repeatedly for each violation.

This compounding effect can quickly bankrupt a startup, regardless of its initial capital. Beyond the financial costs, unlicensed activity can lead to criminal charges, including the possibility of imprisonment.

The emotional and reputational toll on founders and their business is often far greater than the financial cost, as a single violation can destroy client trust and a brand's hard-earned credibility.

These penalties are not arbitrary; they are designed to be a significant deterrent, making proactive legal advice and rigorous compliance a necessity.

The Evolving AML/CFT Landscape: Staying Ahead of the Curve

In the Czech Republic, the legal framework for combating money laundering and terrorist financing is primarily governed by the AML Act, No. 253/2008 Coll. This legislation imposes key obligations on all entities operating in the financial market, including FinTechs.

Supervision is a shared responsibility between the Financial Analytical Office (FAU) and the Czech National Bank (CNB), which work closely together to oversee compliance.

Core AML/CFT obligations include:

• Risk Assessment: Obliged entities must identify and assess the risks of money laundering and terrorist financing that their business is subject to.
• Internal Policies: Companies must establish and maintain a written system of internal policies, procedures, and control measures to fulfill their obligations under the AML Act.
• Suspicious Transaction Reporting: One of the most fundamental duties is the prompt reporting of any suspicious transactions to the FAU. Failure to report can result in a fine of up to 30,000,000 CZK.
• AML Officer: Companies, especially those with a large scope of activities, are required to appoint a designated AML compliance officer to ensure all regulations are followed.

The legal landscape is not static. A recent amendment to the AML Act, effective from May 2024, now considers crypto payments over €10,000 as cash payments for AML purposes, imposing new reporting obligations on companies facilitating these transactions.

This highlights the necessity for continuous legal monitoring and updates, as a company that was compliant in 2023 may no longer meet the requirements today. Ignorance of these changes is not a defense and can lead to severe fines.

Proactive legal guidance is therefore a crucial element of a sustainable business strategy, providing long-term protection against the ever-evolving regulatory environment.

Legal and Operational Risks

Legal Risk and Potential Issues	How ARROWS Helps
Rejection of license application. A generic business plan or poorly documented application can result in rejection by the CNB.	Drafting a detailed and realistic business plan for CNB approval; providing legal consultations to ensure the plan meets regulatory expectations. Need legal solutions? Write to us at office@arws.cz.
Non-compliance with initial capital requirements. Failing to provide indisputable proof of the legal origin of funds.	Assistance with providing indisputable proof of the legal origin of funds to satisfy anti-money laundering regulations. Want to discuss your legal options? Email us at office@arws.cz.
Unlicensed activity in the Czech Republic. Operating a financial service without the correct regulatory authorization.	Comprehensive legal consultation to determine the correct license for your business model before you start operations. Get tailored legal solutions by writing to office@arws.cz.

Contact our experts:

Your Strategic Partner for Growth

Navigating the Regulatory Labyrinth with ARROWS

Successfully launching and scaling a FinTech business in the Czech Republic requires more than just capital and a good idea; it requires a deep understanding of the legal and regulatory landscape. ARROWS is a leading Czech law firm in Prague, EU, with over a decade of experience in providing specialized legal services to foreign companies. Our lawyers combine deep knowledge of both local and foreign markets, with a proven track record of handling cross-border matters through the ARROWS International network.

We provide a comprehensive suite of services tailored to the needs of foreign FinTech companies. This includes the preparation of internal company policies, the drafting of legally required documentation, and legal consultations to prevent regulatory inspections or penalties. 

We also offer professional training for employees and management to ensure your team is equipped to handle complex compliance obligations, such as suspicious transaction reporting and customer due diligence. For matters requiring direct engagement with regulators, we provide representation before the CNB and the FAU, ensuring your interests are protected at every stage.

A Critical Look at the Crypto Regulation Shift

The regulatory environment for cryptocurrency businesses is in a state of significant transition. Currently, cryptocurrency activities in the Czech Republic are regulated under the Czech Trade License Act, which is a simpler, less capital-intensive route than a full financial license.

This current system represents a rapidly closing window of opportunity for founders to enter the market with lower regulatory and financial barriers. However, the legal landscape is set to change dramatically with the introduction of the Markets in Crypto-Assets Regulation (MiCA).

MiCA is a new EU-wide framework that will introduce a much stricter, full-fledged CNB licensing process for crypto-asset service providers, likely by the end of 2024. This transition presents a critical, time-sensitive decision for founders.

Acting now could allow a FinTech to get a head start under the current, simpler regime. However, it is equally important to prepare for the stricter requirements of MiCA, which will demand greater capital, a robust internal control system, and comprehensive AML/CFT policies.

Our firm is on the cutting edge of these developments and can provide critical legal opinions and strategic advice on whether to apply under the current regime or prepare for the upcoming MiCA framework.

Compliance and Financial Penalties

Compliance Risk and Potential Issues	How ARROWS Helps
Failure to report a suspicious transaction. A fundamental duty under the AML Act.	Development of robust internal company policies and professional training for employees on suspicious transaction reporting. Do not hesitate to contact our firm – office@arws.cz.
Failure to prepare internal AML/CFT policies. This can result in significant fines and penalties from the FAU or CNB.	Drafting legally required documentation and establishing a robust system of internal procedures to prevent significant fines and penalties. Need legal help? Contact us at office@arws.cz.
Failure to fulfill legal obligations. Ignoring official requests or obstructing a regulatory inspection.	Representation in court or before public authorities to defend your business and resolve legal disputes. Our lawyers are ready to assist you – email us at office@arws.cz.

Conclusion: Launch Your FinTech Venture with Confidence

The Czech Republic offers a strategic and stable gateway to the entire European FinTech market. Its progressive legal framework and central location make it an ideal jurisdiction for foreign companies. Navigating this landscape, however, demands strategic foresight, meticulous preparation, and a commitment to continuous compliance.

The risks of non-compliance are severe and can lead to devastating financial and reputational consequences. The difference between success and failure often lies in proactive legal guidance and the establishment of robust internal procedures.

ARROWS, a leading Czech law firm based is uniquely positioned to be your strategic partner. With a proven track record of supporting over 150 joint-stock companies and operating in 90 countries, we possess the cross-border expertise and deep local knowledge necessary to help you launch and manage your FinTech venture with confidence.

Get tailored legal solutions by writing to office@arws.cz.

FAQ – Most Common Legal Questions About FinTech Licensing in the Czech Republic

1. Is a Czech license valid only in the Czech Republic?

No. Once a full-scope license (PI or EMI) is obtained from the Czech National Bank, it grants the company the right to provide its services across all 30 member states of the European Economic Area (EEA) through a mechanism known as "passporting". For assistance with passporting your license, contact us at office@arws.cz.

2. How long does the CNB application process take?

The time for obtaining an EMI license in the Czech Republic is, on average, about 6 months, while a PI license can take up to 12 months. This does not include the 3–4 months of preparatory procedures required before submission. Need a legal opinion? Email us at office@arws.cz.

3. What are the main differences between a PI and an EMI license?

A Payment Institution (PI) license allows for services like money remittance, but an Electronic Money Institution (EMI) license is more comprehensive, covering all PI services plus the ability to issue e-money such as digital wallets. EMI also requires a higher initial capital of €350,000, compared to €20,000–€125,000 for a PI license. Our legal experts are ready to help. Write to office@arws.cz.

4. What is the biggest mistake FinTechs make when applying for a license?

The most common reason for rejection is a generic or poorly justified business plan. The CNB expects a highly detailed, realistic blueprint for the first three years of operation. Do not hesitate to contact our firm – office@arws.cz.

5. Do I need to be a Czech resident to own a FinTech company here?

No, the founders and directors of a Czech legal entity do not have to be Czech residents. However, the company must have a registered office and head office in the Czech Republic to obtain the license. For assistance with fulfilling all legal requirement  s, contact us at office@arws.cz.

6. How will the new MiCA regulation affect my crypto business?

The Markets in Crypto-Assets Regulation (MiCA) will soon replace the current trade license system for crypto services with a full CNB licensing process. This transition will introduce stricter requirements for capital, internal controls, and AML/CFT compliance. Our lawyers are ready to assist you – email us at office@arws.cz.