Bank Account for an EMI: 2026 Buyer's Playbook

Holding an EMI authorisation does not solve banking. Most founders discover this within ninety days of the licence grant — the regulator has approved the business, supervisors have signed off the AML programme, and yet not a single bank will open the safeguarding account legally required to operate. The gap between authorisation and a funded, fully operational multi-account treasury is typically twelve to eighteen months. It is also the single most under-planned phase of any EMI build.

The architecture you actually need is three relationships at three different institutions: an operating bank for the EMI's own corporate flows, a safeguarding bank for client funds (legally segregated under EMD2 Article 7 of the Electronic Money Directive¹^[1]), and at least one USD correspondent for cross-border treasury and FX. Each of the three has its own diligence cycle, document expectations, and capital posture. Trying to consolidate at one institution is a structural error supervisors increasingly flag in inspection.

This is the buyer's playbook: the application sequence, the full document file, the seven dimensions banks score you on, the timeline from licence grant to working treasury, and the rejection reasons we see most often in 2026.

The single-bank model died around 2019. Banks have segmented their fintech-facing offerings, with operating accounts and safeguarding accounts now treated as distinct products with different risk weights, capital costs, and supervisory expectations. Combining them at one institution either gets refused at onboarding or — worse — gets clawed back when the bank's risk committee reweights the relationship eighteen months later.

The operating bank holds the EMI's own corporate funds: capital, retained earnings, payroll, vendor payments, tax. Functionally a corporate account with elevated diligence because of the EMI status. Capital threshold to apply: typically €500k to €2M of own funds parked at the relationship. Diligence is shallower than safeguarding because the bank's exposure is limited to the EMI's own balance sheet, not customer money.

The safeguarding bank is the most-inspected and hardest-to-secure of the three. EMD2 Article 7 — and the European Banking Authority²^[2] guidelines that operationalise it — require customer funds held in a separately-named account, ring-fenced from the EMI's own assets, with daily reconciliation and supervisor-mappable account naming. The bank holding this account inherits a piece of the EMI's regulatory perimeter — and that is what makes safeguarding banks rare, expensive, and slow to onboard.

USD correspondent banking is the third relationship — typically secured 6–12 months after the safeguarding bank is live. Without USD correspondent access, an EMI cannot move dollars to or from US-based counterparties without going through a third-party FX house, which adds 30–80 basis points to every transaction and creates settlement risk. Direct USD correspondent access is the marker of a mature EMI treasury.

The order matters. Get it wrong and you waste twelve months reapplying.

File the safeguarding bank application immediately upon authorisation grant. The diligence cycle is 4–7 months; you cannot accept customer funds without it; the business cannot generate revenue until safeguarding is live. The operating bank can wait — your existing pre-licence corporate account holds the EMI's own funds for 6–12 months without issue. USD correspondent comes last because it requires a track record at the safeguarding bank as a precondition.

A bank application file for an EMI is 50–100 pages. The contents are surprisingly standardised across credible institutions — the questions are predictable, document expectations are documented, the diligence flow is repeatable. The file we ship for clients in 2026 has nine sections.

Full Programme of Operations (POO) as filed with the NCA, the licence grant letter, and any conditions imposed at authorisation. Banks want to see what the supervisor approved, and what they didn't. If your POO scope is narrower than what you're asking the bank to facilitate, that's a refusal in the first review.

Audited opening balance sheet, prudential capital calculation methodologies (Method A or D under EMD2), ICAAP if you've been in operation, and a 36-month capital projection. Banks want to confirm own funds are, and will remain, above the EMD2 floor of €350,000 or 2% of average outstanding e-money — whichever is higher.

Full AML/CTF policy, risk-appetite statement, customer risk model, EDD triggers, sanctions screening setup, transaction monitoring rules and tuning thresholds, MLRO appointment letter, training records. Substance bar is the AMLR (Regulation 2024/1624)³^[3] overlay alongside existing 6AMLD — generic templates fail.

The safeguarding bank in particular wants to see how you'll operate the account it is about to open: account naming convention, reconciliation cadence, attestation procedures, exception handling, customer-fund segregation, and contingency in the event of safeguarding-bank failure — yes, they want to see you have a backup plan even though they are the bank.

Board composition with regulator-approved fit-and-proper references, senior management bios, MLRO and Compliance Officer CVs, organisational chart, three-lines-of-defence model. UBO documentation back to natural persons including source-of-wealth dossiers at the shareholder level.

Business continuity plan, IT disaster recovery plan, RTO and RPO commitments per service, vendor concentration risk, cyber-incident response plan. Mandatory DORA⁴^[4] alignment for any institution operating into the EU after 17 January 2025.

IT architecture diagram, third-party processor list, API security model, PSD2 SCA-compliant customer authentication flows under the Payment Services Directive (PSD2)⁵^[5], GDPR programme, audit trail and record-retention setup.

Forecast monthly transaction volumes year 1, 2, 3, breakdown by customer type (retail vs business), geographies served, average ticket size, expected concentration in higher-risk corridors. Banks weigh this heavily in their own ICAAP for the relationship.

Latest audited accounts, management accounts to most recent month, shareholder list with UBO breakdown, source-of-wealth dossier for any UBO above 25%, group structure chart if part of a wider corporate group.

Banks read the file in a predictable order, scoring against seven dimensions. Get all seven right and you compress diligence from twenty weeks to eight; get any one badly wrong and the file is rejected before the others are read.

Is the licence current? What's the scope? Are there conditions? Has the supervisor issued any directions or notices? The bank's first call is to confirm the public authorisation register entry — for example the Bank of Lithuania⁶^[6] EMI register, the FCA Financial Services Register, or the equivalent NCA database — matches what you've filed.

Capital quantum versus the EMD2 floor, plus quality of capital: paid-in equity is gold-standard, retained earnings second, subordinated debt third (and rarely accepted by safeguarding banks). Below 1.5x the EMD2 floor you are below the comfort line for most credible banks.

Three things: (a) is the policy aligned with EBA guidelines and the latest AMLD package, (b) is the implementation evidenced (training logs, SAR filings, transaction-monitoring tuning records), and (c) is the MLRO independently capable of running it. Junior MLROs are an instant flag.

Banks want to trace the equity in the EMI back to clean source of wealth at the natural-person level. This is the most-failed dimension in 2026 — opaque holding structures, professional shareholders, or circular funding patterns are red-lined immediately under enhanced due diligence on any beneficial owner above 25%.

Is this a real operating business with management, infrastructure, and decision-making in the licensing jurisdiction? Or a paper structure with management offshore? Substance has hardened materially since 2023; banks now treat thin substance as evidence of reverse-solicitation or shopping behaviour.

What does the actual book look like or will it look like? The bank's risk team is sizing exposure. Outsized retail volume in higher-risk geographies pushes the file to specialist desks; predominantly B2B flows in EU/UK lower friction.

What happens if the relationship terminates? How quickly can you migrate? Is there a backup safeguarding bank identified? Banks now ask this at onboarding — they want comfort that a forced exit will not trigger a customer-funds crisis.

The realistic end-to-end timeline is 12–18 months from licence grant to a fully-funded three-bank treasury. Most founders are quoted '3–6 months' and budget accordingly; the consequence is a 6–12 month revenue gap and emergency bridge financing.

Document file assembly. Pre-meetings with 3–5 candidate safeguarding banks. NDA exchanges, indicative term-sheet conversations. Most of this can be started before the authorisation grant if you have visibility on grant timing.

Formal application with two or three banks in parallel. Diligence questions, follow-ups, additional document requests, credit committee, account opening. Expect 14–20 weeks at the most prepared institutions, 24–30 weeks at the more conservative.

Started in parallel with safeguarding from month 4–5 typically. Operating bank diligence is 8–12 weeks once the safeguarding bank is committed, because the safeguarding bank's existence is itself a strong reference.

Begun once 90 days of clean operation at the safeguarding bank are evidenced. Diligence is 16–24 weeks because the OFAC and US-domestic-AML overlay is its own workstream. Some EMIs solve via a specialist crypto-native counterparty rather than direct correspondent — at the cost of 30–80 bps per USD movement.

Most EMIs add a second safeguarding bank in months 12–18 to remove single-point-of-failure exposure. The diligence is faster the second time because the first relationship is itself collateral.

Five rejection patterns we see most often, and how to remediate them in advance.

The single most common reason for rejection at safeguarding banks. Holding structures with multiple corporate layers, undisclosed UBOs, or professional-shareholder arrangements get an immediate decline. Pre-empt by mapping UBO to natural-person source of wealth before you file.

Templated AML policies that do not reflect the actual customer base, risk appetite, or transaction-monitoring setup of the EMI fail at first review. Pre-empt by having an independent AML review three months before banking.

Forecast monthly volumes that exceed the small-EMI threshold (€5M outstanding e-money) trigger a different bank desk and a different diligence depth. Pre-empt by being honest about year 2–3 forecasts at first contact.

'What's your contingency if we exit?' — and the file has no answer. Pre-empt by mapping a backup safeguarding bank into the BCP from day one, even if you have not applied yet.

Politically exposed persons in the shareholder structure trigger enhanced diligence beyond what most safeguarding banks will entertain. Pre-empt with source-of-wealth dossiers on every PEP shareholder filed at first contact.

The safeguarding bank — the gating relationship — takes 4–7 months from first contact to live account at well-prepared applicants. The full three-bank treasury (operating + safeguarding + USD correspondent) is 12–18 months. Founders quoting '3–6 months' are typically referring to the operating account only.

Practically, separate. A handful of institutions offer combined operating-and-safeguarding products, but they treat the relationship as a single piece of risk and price it accordingly — and supervisors increasingly query the concentration. Best practice is two distinct relationships at two distinct institutions for resilience.

For some operating models, yes — particularly if you are operating as an agent or distributor of e-money rather than holding the licence yourself. If you hold an EMI authorisation, the safeguarding obligation is yours and cannot be delegated. The BaaS provider can offer the safeguarding-bank relationship as part of the package, but the bank does the diligence on you regardless.

The bank's own fit-and-proper questionnaire — separate from and on top of the regulator's — covering CV, criminal-record check, regulatory-history declaration, conflicts-of-interest disclosure, and source-of-wealth declaration. The bank is checking whether the regulator's approval was based on a complete file; if anything material was withheld at authorisation, expect it to surface here.

€500k–€2M of own funds parked at the relationship as a minimum balance, depending on the bank's tier and your forecast volumes. This is on top of any safeguarded balance held at the separate safeguarding bank. Some operating banks charge per-transaction fees on top; some charge a flat monthly account fee in lieu.

• EMI Safeguarding Architecture: How to Build It Right — the safeguarding-bank-side architecture, segregation, daily reconciliation, attestation.

• How to Get a Bank Account for a VASP or CASP — full diligence framework for crypto-asset firms.

• EMI vs PSP vs VASP vs CASP — choosing the right authorisation before the banking conversation begins.

• Banking Access for Regulated Fintechs — the finconduit service: introductions, file engineering, diligence pre-clearance.

The EMIs that compress this timeline treat banking as a parallel workstream to authorisation, not a sequential one. Start the safeguarding-bank conversations 90 days before licence grant, file the full document set on day one, and expect diligence to be slower than you have been told. The institutions that move quickly are the ones that have done this twice before.