FinTelegram publicly confronted Lithuanian EMI Paytend Europe UAB on 18 February 2026, warning that Paytend’s payment rails were facilitating the red-listed crypto exchange MEXC—and that this ecosystem was operating with a striking mix of opacity, regulatory friction, and disregard for basic compliance hygiene. On 6 March 2026, the Bank of Lithuania announced it had revoked Paytend’s EMI licence after an inspection found serious and systematic AML/CFT and internal-control failures.
The BoL anncouncement includes a damning line: Paytend provided incorrect information about a business relationship with a high-risk customer and failed to retain and submit correspondence related to that relationship. The regulator did not name the customer. But FinTelegram had already mapped the rails, named the entities, and put the facilitator on notice. This enforcement action is not only a blow to Paytend—it is a public validation of FinTelegram’s CyberFinance Intelligence model and a fresh warning flare over MEXC’s European fiat access.
Key Findings
- FinTelegram documented the rail early (May 2024): FinTelegram reported that MEXC processed fiat flows for crypto purchases via MEXC Estonia OÜ, which in turn used Paytend Europe UAB (Lithuanian EMI) for bank-transfer handling.
- FinTelegram escalated publicly (18 Feb 2026): In an open letter, FinTelegram said Paytend continued to process euro deposits for MEXC via Finetix Ltd S.R.L. and highlighted traffic/referral signals indicating a material MEXC → Paytend linkage.
- Regulator struck (6 Mar 2026): The Bank of Lithuania revoked Paytend’s licence after an inspection found serious and systematic deficiencies in business-relationship monitoring, AML/CFT risk management, and internal controls—plus failure to submit suspicious transaction reports despite escalation indicators.
- The “high-risk customer” sentence matters: The Bank of Lithuania stated Paytend provided incorrect information about its relationship with a high-risk customer and failed to retain/submit correspondence related to that relationship. The customer was not named.
- Strategic implication: This enforcement outcome materially strengthens FinTelegram’s credibility against recurring legal intimidation: the core compliance warnings published by FinTelegram were aligned with—and later echoed by—regulatory findings.
What Happened: FinTelegram’s MEXC–Paytend Coverage, Then Enforcement
This is not just another supervisory action in the Baltic payments sector. It is a regulatory event that strongly suggests FinTelegram once again identified a high-risk cyberfinance structure before the authorities formally intervened.
FinTelegram has repeatedly assessed MEXC as a high-risk (“red-listed”) exchange and focused on the operational question that matters most to regulators and banks: who keeps the fiat rails open, and how is the risk being laundered into “legitimate” infrastructure? In its May 2024 whistleblower request, FinTelegram described the structure as MEXC → MEXC Estonia OÜ → Paytend Europe UAB, with Paytend functioning as the regulated payment layer enabling bank-transfer fiat flows.
On 18 February 2026, FinTelegram escalated from reporting into formal public accountability with an Open Letter to Paytend Europe UAB. FinTelegram stated it had sent an urgent notification to Paytend’s compliance/board and warned that Paytend’s rails were facilitating MEXC. The open letter further asserted that forensic tests confirmed Paytend was still processing Euro deposits for MEXC via Finetix Ltd S.R.L., and pointed to referral-traffic signals tying Paytend’s inbound audience to MEXC properties.
Less than three weeks later, the Bank of Lithuania published its inspection outcome: Paytend Europe UAB lost its licence. The Bank stated that Paytend’s monitoring measures were insufficient across all stages, internal investigations were incomplete or formalistic, and suspicious transaction reports were not submitted despite escalation indicators.
Read our Paytend Europe reports here.
Then came the line that should make every compliance officer sit up: Paytend provided the supervisor incorrect information about its relationship with a high-risk customer and failed to retain/submit the correspondence related to that relationship.
FinTelegram’s Role: Not “Cause,” But a Public Record That Matters
Let’s be precise—and strong. FinTelegram does not claim to be the regulator. The Bank of Lithuania acted under its own statutory mandate, based on its own inspection. But FinTelegram did three things that are strategically decisive:
- Mapped the rail and named the facilitator early.
FinTelegram identified Paytend’s role in MEXC’s European fiat access long before the enforcement action—turning a vague “crypto risk” story into a traceable compliance architecture. - Put the facilitator on notice and made it public.
The open letter placed Paytend’s compliance posture under public scrutiny and created a timestamped record of FinTelegram’s concerns—explicitly referencing the MEXC rail and the intermediating structure described in FinTelegram’s testing. - Built evidence-led pressure that is hard to SLAPP away.
The Bank of Lithuania’s later findings—systemic monitoring deficiencies, failure to escalate STRs, internal-control failures, and the “high-risk customer correspondence” issue—are exactly the type of supervisory language that validates the direction and seriousness of FinTelegram’s prior warnings.
In short: FinTelegram did not “revoke the licence.” FinTelegram did what a CyberFinance Intelligence platform is supposed to do—identify the rail, name the node, and force the compliance question into daylight.
Was the “High-Risk Customer” MEXC?
The Bank of Lithuania did not name the customer. Full stop.
However, FinTelegram has publicly documented Paytend’s relationship with MEXC-linked rails since 2024 and reiterated it in February 2026 with specific references (including Finetix as the front-layer and Paytend as the regulated pipe).
On that basis, FinTelegram assesses that MEXC is a plausible candidate for the unnamed “high-risk customer” referenced in the revocation announcement. This remains an inference until the underlying supervisory file becomes public or is otherwise confirmed.
What This Means for MEXC and the Ecosystem
Even without naming MEXC, the Paytend revocation has immediate ecosystem implications:
- Fiat access fragility: When a core EMI node is removed, high-risk platforms must scramble for replacement rails—often through weaker intermediaries, more opaque shells, or riskier PSPs.
- Regulatory heat transfer: Enforcement against the facilitator is frequently a prelude to deeper scrutiny of the downstream customer relationships that created the risk.
- Validation effect: This event strengthens FinTelegram’s earlier characterization of MEXC as structurally problematic from a compliance standpoint—because the rails described by FinTelegram now intersect with a regulator’s declaration of serious and systematic AML/CFT failure and a mishandled “high-risk customer” relationship.
Conclusion
The Bank of Lithuania’s revocation of Paytend Europe UAB’s EMI licence is a major compliance event in its own right. But it is also a reputation event for FinTelegram: a demonstration that rigorous rail mapping, evidence-led escalation, and public accountability can anticipate and align with regulatory outcomes.
FinTelegram will continue to publish structured CyberFinance Intelligence that identifies not only the schemes—but also the facilitators who keep them operational.
Call for Whistleblowers and MEXC Customers
If you are a current or former MEXC customer, or a current/former employee or service provider connected to Paytend, Finetix, MEXC Estonia OÜ, or any MEXC fiat on-ramp/payment orchestration stack, we want evidence.
We are especially looking for:
- bank transfer beneficiary details and payment instructions used for MEXC deposits/withdrawals
- Paytend/Finetix-linked correspondence, contracts, onboarding packs, or compliance questionnaires
- screenshots of MEXC deposit flows, KYC/AML interactions, freezes, and withdrawal denials
- payment processor identifiers: PSP names, acquirers, IBANs, descriptors, merchant entities, routing screenshots
- internal compliance/risk decisions (where available)
Submit securely via Whistle42.
