EEA Tracker · May 2026

EEA Regulated-Fintech Tracker

Name: EEA Regulated-Fintech Tracker
Creator: finconduit
Published: 2026-05-08T00:00:00Z
License: https://finconduit.com/terms

CASP authorisation throughput continued to concentrate in Germany (53 authorised CASPs as of early May, more than double second-placed Netherlands at 29). The PSD2-to-MiCA transition for EMT-related payment services ended on 2 March 2026 — supervisory tolerance for non-compliant flows has now expired. PSD3 / PSR cleared COREPER on 22 April and the ECON committee vote is scheduled for 5 May, with Official Journal publication tracking June / July. The MiCA Article 143 grandfathering window for the bulk of EEA member states closes on 1 July 2026; CySEC and MFSA confirmed that local transitional regimes terminate the same day. AMLA published its first set of RTS targets for 10 July 2026, ahead of AMLR application on 10 July 2027. Banking access stayed bifurcated: Tier-1 EU clearing tightened further on crypto-adjacent profiles, while Tier-2 specialist and Tier-3 crypto-aware partners continued to absorb displaced demand.

Snapshot 2026-05 · published 2026-05-08 · methodology

Practitioner layer

Where's the door open this month?

Per-jurisdiction temperature read on banking-access reality for foreign-controlled regulated fintechs. Tier-archetype framing — finconduit does not name specific banks per its published constraint.

Tier acceptance posture

Selective

Tier 1 — EU clearing

Tier-1 EU clearing banks accept institutional B2B fintech profiles but tightened in Q2 2026 on crypto-adjacency, mass-retail B2C, and sanctions-adjacent geography. Onboarding cycles 16–26 weeks; pre-approval engagement before a formal application is now the differentiator.

Open

Tier 2 — Specialist

Tier-2 specialist EEA banks and EMI-as-correspondent partners actively absorb demand displaced from Tier-1. Pricing has firmed 15–30% YoY. Onboarding 6–14 weeks; AML / TM programme depth is the binding constraint, not appetite.

Open

Tier 3 — Crypto-aware

Tier-3 crypto-aware correspondents continue to onboard at scale. Sanctions-screening and KYT depth (Travel Rule readiness, blockchain analytics integration) are the binding constraints. Onboarding 4–10 weeks for prepared applicants.

Jurisdiction temperature

Germany

↘

Selective

Tier-1 EU clearing concentrated and operationally workable, but BaFin-aware risk committees tightened crypto-adjacent customer review further this quarter. Heavy CASP authorisation throughput (53 firms) is creating displaced demand at Tier-2 partners.

Netherlands

→

Selective

Strong Tier-1 access for institutional B2B and EMI profiles. AFM is technical and quick to engage; banking onboarding tracks the supervisory dialogue. Crypto-flow customers face 4–8 weeks longer review than Q4 2025.

France

↗

Open

PSAN-to-CASP transition has matured Tier-1 risk committees on crypto activity. Banking access here improved meaningfully this quarter; ACPR's authorisation cycle is the bottleneck, not banking.

Ireland

→

Selective

English-speaking corridor stays workable for US-headquartered groups. Irish-resident customer-base bias persists; pure cross-border models face longer onboarding.

Lithuania

↘

Constrained

BoL-licensed firms have viable EMI-tier banking but Tier-1 EU correspondent reach contracted further this month after policy shifts at two correspondent banks. The 80 EMIs / 43 PIs market remains the EEA's deepest payments hub but the banking layer is the binding constraint.

Estonia

→

Constrained

Post-2022 cleansing residue persists. New authorisations face heightened banking-onboarding scrutiny vs peer EEA jurisdictions; FI authorisation does not translate automatically into euro IBANs.

Luxembourg

→

Selective

Strong private + institutional banking; specialist Tier-2 partners actively onboard regulated firms with mature AML programmes. CSSF Circular 26/906 (governance alignment with banks) raises the substance bar for both authorisation and banking.

Malta

→

Constrained

Post-Moneyval reputational drag persists, compounded by the ESMA fast-track peer review on MFSA CASP authorisation (July 2025). Tier-2 specialist banking via EU correspondents typical; local Tier-1 access remains narrow.

Cyprus

→

Constrained

Limited correspondent reach via Cypriot banks; reliance on EMI partners is the norm. Tier-1 EU correspondents remain selective for Cyprus-domiciled regulated firms.

Material events — last 30 days

2026-05-04
tier1 tightening
A major Tier-1 EU clearing bank circulated revised internal risk-appetite criteria narrowing the crypto-customer onboarding scope to authorised CASPs only with > €5m capital and named-counterparty exclusivity for first 12 months.
2026-04-28
nca derisking statement
A Western EEA NCA published a "Dear CEO" letter on de-risking, requiring banks to document case-by-case rationale before terminating regulated-fintech relationships. Mirrors EBA opinion on de-risking trajectory since 2022.
2026-04-22
tier3 entry
A new crypto-aware correspondent quietly opened a fintech-onboarding desk for non-EEA-headquartered EMT issuers. Capacity remains modest; intake limited to firms already authorised under MiCA Title IV.
2026-04-18
correspondent policy shift
Two Tier-1 EU correspondents updated USD-clearing onboarding policies for EEA-licensed fintechs serving emerging-market corridors. Effect: 4–8 weeks additional onboarding extension and broader source-of-funds documentation.
2026-04-12
safeguarding bank change
A specialist EEA safeguarding-bank partner re-priced its EMI safeguarding service upward by an average 22%. The move is pricing-in increased ICAAP-equivalent capital expectations under the CSSF Circular 26/906 governance-alignment direction.

Supervisory layer

What did supervisors do this month?

Public NCA enforcement actions and supervisory notices with a one-line read on what the action signals for the wider regulated-fintech population.

CSSF · Luxembourgaml cft action
2026-05-02
CSSF imposes administrative fine on EMI for AML programme deficiencies
CSSF published the outcome of a multi-year inspection finding inadequate transaction-monitoring scenario coverage and weak EDD procedures. Administrative fine in the low six figures + remediation plan. Action consistent with Circular 26/906 trajectory aligning EMI / PI governance to bank-equivalent standards.
finconduit's read
CSSF treats TM scenario coverage and EDD documentation as inspection-priority items. The Circular 26/906 trajectory means EMI / PI governance findings now carry bank-supervision weight.
DNB · Netherlandsgovernance finding
2026-04-29
DNB warns on inadequate ICT risk-management framework at registered CASP
DNB issued a public warning to an unnamed registered CASP on the inadequacy of its ICT risk-management framework relative to DORA Article 5 baseline, six months after the second annual Register-of-Information submission window closed (20 March 2026). Six-month remediation deadline.
finconduit's read
DORA-aligned ICT RMF deficiencies are now treated as MiCA-CASP supervisory issues. The 2026 Register-of-Information submission cycle has surfaced a first wave of supervisory follow-ups.
BaFin · Germanyauthorisation revocation
2026-04-22
BaFin revokes ZAG authorisation following sustained AML failings
BaFin announced the revocation of ZAG (PSP) authorisation of a German-based payment institution, citing repeated AML programme failings over an 18-month supervisory period. Customer-balance wind-down under DGSD-comparable framework. Pattern follows BaFin's 2025 first-MiCA-enforcement action against a German EMT issuer.
finconduit's read
BaFin's tolerance for unremediated AML findings is short. Two consecutive supervisory cycles without progress = revocation, not warning.
ACPR · Franceamla readiness
2026-04-15
ACPR publishes inspection summary on PSAN-to-CASP transition compliance
ACPR published an aggregate-level summary of inspections of firms transitioning from the legacy PSAN regime to MiCA CASP authorisation. Common findings: Article 67 own-funds documentation, Article 75 custody segregation, Article 88 white-paper notification timing.
finconduit's read
Three points of failure recur across the PSAN-to-CASP transition. Firms still in transit should self-audit against these specifically before the next ACPR review cycle.
CySEC · Cypruscasp supervisory notice
2026-04-10
CySEC public statement on backlog of incomplete MiCA applications
CySEC reminded applicants of the 27 February 2026 MiCA application deadline and noted a backlog of incomplete applications. Recommended firms complete pre-application engagement before resubmission. Transitional regime for legacy CASPs ends 1 July 2026.
finconduit's read
Late-stage applicants now face direct competition for limited supervisory bandwidth. Pre-application engagement is the differentiator; the supervisory dialogue starts before the file is filed.
EBA · EEA-widedesignation
2026-04-08
EBA progresses first significance assessments under MiCA Articles 43 / 56
EBA published its progress note on significance assessments for ART and EMT issuers under MiCA Articles 43 and 56. The first formal significance designation is expected in Q3 2026, triggering EBA direct supervision and the 3% reserves own-funds uplift.
finconduit's read
Significance designation is now real and proximate. EMT issuers approaching the Article 43 thresholds (10m users / €5b daily-tx volume / etc.) should plan the 3%-of-reserves capital uplift now, not after designation.

Forthcoming layer

What's coming, and when?

Upcoming regulatory milestones across MiCA, DORA, AMLR, ESA technical standards, EU lists, and national transpositions. Operational impact noted per item.

Next 30 days

2026-05-05PSD3eea

PSD3 / PSR — ECON Committee vote

European Parliament ECON committee scheduled to vote on the PSD3 / PSR trilogue text endorsed by COREPER on 22 April 2026. A Parliament plenary vote follows later in May.

Operational impact

Adoption track is on schedule. PIs / EMIs and CASPs interfacing with payment rails should map their current SCA, fraud-prevention, and open-banking interfaces against the new PSR text now; transposition window starts on Official Journal publication.

Next 90 days

2026-07-01MiCAeea

MiCA Article 143 grandfathering — main EEA expiry (incl. CY, MT)

The 18-month MiCA Article 143 grandfathering window expires for the bulk of EEA member states that did not adopt a shortened transition. Cyprus, Malta, and others confirmed the local transitional regime ends on this date. Pre-MiCA registered VASPs must hold full CASP authorisation by this date or cease activity / submit a wind-down plan.

Operational impact

Firms still operating under grandfathering should already have CASP applications filed; June 2026 is the last operational window. CySEC has flagged a backlog of incomplete applications — the supervisory bottleneck is now at the regulator end, not the applicant end.

2026-07-10AMLReea

AMLA — first RTS publication deadline

AMLA (the new EU Authority for AML) is required to publish its first set of Regulatory Technical Standards by 10 July 2026 — one year after AMLA commenced operations on 1 July 2025 and one year before AMLR application.

Operational impact

These RTS will define the operational AML / CFT obligations under AMLR. Firms designing AML programme uplifts for AMLR should treat July 2026 as the moment the design parameters move from draft consultation to binding standard.

2026-07-15PSD3eea

PSD3 / PSR — Official Journal publication (anticipated)

OJ publication of PSD3 (Directive) and PSR (Regulation) anticipated for June / July 2026 (may slip to September). PSR applies 20 days after OJ publication for selected provisions; PSD3 requires 18-month national transposition.

Operational impact

Once published, all in-scope PIs / EMIs have a defined start of the transposition clock. Practical applicability tracks Q2 / Q3 2028. Begin gap analysis now against the trilogue text — substantive changes to the final published text are not expected.

Next 180 days

2026-09-01ESA RTSeea

ESMA RTS — MiCA market-abuse detection (CASP trading platforms)

ESMA scheduled to finalise the RTS on market-abuse detection systems for CASPs operating trading platforms (MiCA Class 2). Adopts a proportionate framework across venue size tiers.

Operational impact

CASPs operating trading platforms should plan market-abuse detection implementation in Q4 2026 once the RTS is final. Smaller venues should track which proportionality carve-outs survive the final draft.

Beyond 180 days

2027-07-10AMLReea

AMLR — application date

Regulation (EU) 2024/1624 (AMLR) becomes applicable. Replaces large parts of national AMLD-derived law with a directly-applicable single rulebook on AML / CFT across the EU. AMLA commences direct supervision of designated cross-border high-risk institutions.

Operational impact

AML programmes designed against current 6AMLD-derived national law need to be re-baselined against AMLR before application. The 14-month runway (May 2026 → July 2027) is the practical implementation window for AMLR-aligned programme uplift.

Working through one of these?

We see the operating reality these tracker entries reflect — every working day.

Authorisation in progress, banking-access pressure, an inspection finding to remediate, a regulatory deadline approaching — book a free assessment to map the right next move against your specific facts.

Book a regulatory assessment

Regulator-issued
ESMA — Interim MiCA Register: authorised crypto-asset service providers under MiCA Title V. Weekly CSV export.
https://www.esma.europa.eu/esmas-activities/digital-finance-and-innovation/markets-crypto-assets-regulation-mica
Verified 2026-05-08
Regulator-issued
ESMA — Interim MiCA Register: authorised E-Money Token issuers (Title IV).
https://www.esma.europa.eu/esmas-activities/digital-finance-and-innovation/markets-crypto-assets-regulation-mica
Verified 2026-05-08
Regulator-issued
ESMA — Interim MiCA Register: authorised Asset-Referenced Token issuers (Title III). 0 authorised as of retrieval date; pipeline of applications under NCA review.
https://www.esma.europa.eu/esmas-activities/digital-finance-and-innovation/markets-crypto-assets-regulation-mica
Verified 2026-05-08
Regulator-issued
BaFin — Database of authorised institutions (EMIs, PIs, MiCA CASPs).
https://www.bafin.de/EN/PublikationenDaten/Datenbanken/datenbanken_node_en.html
Verified 2026-05-08
Regulator-issued
DNB — Public registers of authorised institutions (EMI, PI, ART / EMT issuers).
https://www.dnb.nl/en/public-registers/
Verified 2026-05-08
Regulator-issued
ACPR / Banque de France — REGAFI register of authorised financial institutions.
https://acpr.banque-france.fr/en/popular-services/regafi
Verified 2026-05-08
Regulator-issued
Central Bank of Ireland — Registers of regulated entities.
https://registers.centralbank.ie
Verified 2026-05-08
Regulator-issued
Bank of Lithuania — Public register of supervised financial market participants. EMI / PI counts confirmed against the published "fs-electronic-money-institutions" page (80 EMIs, 43 PIs).
https://www.lb.lt/en/fs-electronic-money-institutions
Verified 2026-05-08
Regulator-issued
CSSF — Public registers of EMIs / PIs / AISPs incorporated under Luxembourg law.
https://www.cssf.lu/en/Document/list-of-electronic-money-institutions-incorporated-under-luxembourg-law/
Verified 2026-05-08
Regulator-issued
MFSA — Financial services register.
https://www.mfsa.mt/financial-services-register/
Verified 2026-05-08
Regulator-issued
CySEC — Public registers and lists.
https://www.cysec.gov.cy/en-GB/entities/
Verified 2026-05-08
Practitioner experience
finconduit engagement-derived observation across active client engagements and aggregated public NCA / EBA statements; tier-archetype framing per finconduit's published constraint of not naming specific banks, EMIs, or qualified custodians.
Verified 2026-05-08
Regulator-issued
Aggregated public NCA statements on de-risking and supervisory expectations, treated at category level rather than naming the individual NCA letter for tracker brevity. Verify in the relevant NCA enforcement-notice or supervisory-communication page for source detail.
Verified 2026-05-08
Regulator-issued
CSSF — Enforcement action notices and inspection summaries. Circular 26/906 (governance alignment for EMI / PI) published 20 January 2026.
https://www.cssf.lu/en/sanctions/
Verified 2026-05-08
Regulator-issued
DNB — Public warnings and supervisory notices.
https://www.dnb.nl/en/news/
Verified 2026-05-08
Regulator-issued
BaFin — Administrative measures database against supervised institutions. Pattern follows the first-ever MiCA enforcement action (Ethena GmbH, April / June 2025).
https://www.bafin.de/EN/PublikationenDaten/Datenbanken/Massnahmendatenbank/Massnahmendatenbank_node_en.html
Verified 2026-05-08
Regulator-issued
ACPR — Inspection summaries and supervisory communications.
https://acpr.banque-france.fr/en/communiques-presse
Verified 2026-05-08
Regulator-issued
CySEC — Public announcements; press release "MiCA licence applications due by 27 February 2026".
https://www.cysec.gov.cy/en-GB/public-info/announcements/
Verified 2026-05-08
Regulator-issued
EBA — MiCA significant ART / EMT designations under Articles 43 / 56; supervisory priorities note (PSD2-MiCA EMT transition end, 2 March 2026).
https://www.eba.europa.eu/regulation-and-policy/asset-referenced-and-e-money-tokens-mica
Verified 2026-05-08
Regulator-issued
EBA — Annual work programme and pipeline of technical standards / Q&A publications.
https://www.eba.europa.eu/about-us/work-programme
Verified 2026-05-08
Regulator-issued
ESMA — Annual work programme and pipeline of RTS / Q&A publications. Includes ESMA Fast-track peer review on CASP authorisation and supervision in Malta (10 July 2025).
https://www.esma.europa.eu/about-esma/governance/work-programme
Verified 2026-05-08
Regulator-issued
Bank of Lithuania — MiCA implementation hub including national transposition deadlines.
https://www.lb.lt/en/markets-in-crypto-assets
Verified 2026-05-08
Regulator-issued
European Commission — Delegated Regulations (EU) 2026/46 and (EU) 2026/83 amending the high-risk third-countries list under Delegated Regulation (EU) 2016/1675; effective 29 January 2026. Total now 35 jurisdictions; Bolivia and BVI added; Russia in new "FATF-suspended" category; Burkina Faso, Mali, Mozambique, Nigeria, South Africa, Tanzania delisted.
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016R1675
Verified 2026-05-08
Primary statute
Regulation (EU) 2023/1114 (MiCA) Article 143 — transitional provisions / grandfathering. 18-month default window: 30 December 2024 → 1 July 2026.
https://eur-lex.europa.eu/eli/reg/2023/1114/oj
Verified 2026-05-08
Primary statute
Regulation (EU) 2024/1624 (AMLR) — Single Rulebook on AML / CFT, in force 9 July 2024, applicable from 10 July 2027. AMLA commenced operations 1 July 2025; first RTS deadline 10 July 2026.
https://eur-lex.europa.eu/eli/reg/2024/1624/oj
Verified 2026-05-08
Regulator-issued
PSD3 / PSR legislative status: COREPER endorsement 22 April 2026; ECON committee vote scheduled 5 May 2026; Parliament plenary later in May; OJ publication anticipated June / July 2026 (may slip to September). PSR applies 20 days post-OJ; PSD3 18-month transposition.
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=PI_COM:Ares(2023)4083072
Verified 2026-05-08

For orientation only — not financial, legal, regulatory, or investment advice. Outputs are directional and based on generalised inputs. Decisions should be taken only after consultation with a qualified adviser on your specific facts — book the full assessment before acting on anything you read here.

Numbers shown exclude finconduit fees and any third-party costs (legal, audit, regulator-mandated experts, banking-relationship fees, document-translation, ongoing supervisory levies, or local agent / service-provider charges). Real-world authorisation budgets typically exceed the headline regulator-side numbers by a meaningful multiple.