Baltic FIUs Publish Landmark Study On Payment Rails And AML Risk
The Estonian Financial Intelligence Unit, together with the FIUs of Latvia and Lithuania and with support from the Bank of Lithuania, has published a major regional strategic study titled โEvolving Payment Landscapes and AML Challenges in the Baltic States.โ The study covers the period from 2021 to the first half of 2024 and analyses payment service providers, credit institutions, payment institutions, e-money institutions, cross-border payment accounts, suspicious transaction reports, and emerging money-laundering typologies across the Baltic States.
For FinTelegram, the study is highly relevant. It confirms what our investigations into illegal casino payment rails, investment scam payment infrastructures, crypto on-ramp structures, and open-banking routes have repeatedly shown: the modern AML battlefield is no longer limited to traditional banks. It is increasingly located in the opaque interaction between digital banks, EMIs, PIs, VIBAN structures, embedded finance platforms, crypto platforms, and cross-border payment accounts.
The study does not read like a theoretical risk paper. It reads like an official confirmation of the new payment-rail reality.
Key Findings
The Baltic FIUs identify clear structural differences between the three jurisdictions. Estonia and Latvia remain largely bank-dominated markets with predominantly domestic client bases, while Lithuania has developed into a regional FinTech payment centre with materially higher foreign-client activity and cross-border exposure. The study states that Lithuaniaโs growth in digital banking, EMI and PI services has deepened integration with the EU financial system but has also increased ML/TF risks linked to complex transactions and non-face-to-face service delivery.
The study also confirms that Estonia and Latvia have reduced exposure to high-risk non-resident clients through de-risking and stronger AML controls. However, this did not eliminate risk. Instead, some risk appears to have migrated. The FIUs note that client off-boarding by traditional banks helped drive customers toward Lithuanian PSPs and other alternative digital providers.
A central finding is that Lithuanian FinTech PSP accounts stand out in suspicious transaction reporting by Estonian and Latvian FIUs. Fraud schemes, tax evasion, and attempts to circumvent EU sanctions dominate the regional ML landscape and are often facilitated through digital banks, EMIs, and VASPs. The study further highlights transit accounts, shell companies, strawmen, and VIBAN structures as recurring obstacles to identifying beneficial owners and tracing illicit funds.
Lithuania: Regional FinTech Hub โ And Regional Risk Magnet
Lithuaniaโs strategy to become an EU FinTech hub has succeeded. According to the study, Lithuania has attracted a significant number of payment and e-money institutions and hosts a materially larger PI/EMI market than Estonia or Latvia. The study also notes that Lithuaniaโs PI/EMI sector has been assessed as high-risk because of non-resident portfolios, international transactions, high-risk industries, remote onboarding, and pass-through payments.
This is not a condemnation of Lithuaniaโs FinTech strategy. It is a warning about its consequences.
The study shows that Lithuaniaโs role as a regional hub comes with structural AML pressure. Lithuanian PSPs process very large volumes for non-domestic clients. In 2024, Estonian and Latvian clients overwhelmingly used a single Lithuanian digital bank, both in terms of client numbers and transaction volumes. The study does not name the institution, but the concentration finding is significant for regulators, supervisors, and investigative journalists alike.
This concentration matters because FinTelegramโs own Rail Atlas investigations have repeatedly encountered Lithuanian-regulated or Lithuania-linked digital banking and FinTech structures in payment chains serving high-risk sectors, including offshore gambling, crypto on-ramps, and cross-border investment schemes.
Estonia: BaaS, VIBANs And Crypto Correspondent Risk
The study also identifies Estonia-specific vulnerabilities. Although Estonia remains bank-dominated, the FIUs point to risks arising from a BaaS model used by a market participant and from correspondent-style services involving foreign virtual-asset and FinTech platforms. The study states that suspicious funds are often channelled through the Estonian financial system using VIBANs, which may obscure the beneficial owner and the transaction origin.
The numbers are striking. According to the study, cross-border payment volumes of respondent financial institutions in Estonia rose from โฌ105 billion in 2021 to โฌ136 billion in 2024. Of this, PI/EMI respondent payments reached โฌ84 billion in 2024, while VASP-related transactions reached โฌ33.5 billion. Approximately 89% of the total cross-border payment volume involved non-resident respondents, mostly from the EEA and the United Kingdom.
This aligns closely with FinTelegramโs investigative focus on payment chokepoints. The critical issue is not only whether a bank, EMI, or payment institution is licensed. The issue is whether its business model creates nested, opaque, or insufficiently monitored rails for third-party operators, crypto platforms, offshore merchants, or high-risk digital businesses.
VIBANs And Embedded Finance: The New Opacity Layer
The study gives particular attention to VIBANs, open-banking structures, embedded finance, and BaaS. Latviaโs NRA flags VIBANs and open-banking structures as emerging risks because of sub-account opacity, unclear responsibility for CDD and transaction monitoring, and difficulties for FIUs or law enforcement when requesting information or freezing assets across jurisdictions. Estoniaโs NRA also flags VIBAN services offered to financial intermediaries without sufficient risk assessment of their clients, as well as bundled transaction files that may prevent adequate risk profiling.
This is exactly the problem FinTelegram has described in its casino and scam payment-rail investigations: the payment chain becomes fragmented. The consumer sees one interface, the bank sees another counterparty, the real merchant or beneficial operator may sit behind several gateways, and the final economic purpose may be diluted or hidden.
In practice, this creates what FinTelegram calls payment-purpose dilution: the further the payment travels through gateways, processors, VIBAN layers, open-banking intermediaries, crypto ramps, and offshore merchants, the harder it becomes to determine what the transaction was really for.
Fraud, Tax Evasion And Sanctions Circumvention Dominate
The Baltic FIUs identify three dominant predicate offence categories: fraud, tax evasion, and sanctions circumvention. The study notes that payment services in Estonia, Latvia, and Lithuania are frequently used in the layering stage of money-laundering schemes, including fraud-related flows, tax evasion schemes, and sanctions evasion, often through digital banks, EMIs, and VASPs.
For Latvia, STRs referencing Lithuania increased between 2022 and 2024, suggesting growing risk exposure or at least growing reporting attention in relation to Lithuanian-linked financial flows. For Estonia, STRs referencing Lithuanian accounts also increased significantly, and the study states that Lithuanian accounts held by Estonian entities and individuals formed a major share of Estonian STRs concerning foreign accounts.
The study also notes that crypto-related risks appear more pronounced in Lithuanian FinTech PSPs. Around 7% of Estonian STRs involving payment-account transactions included cryptocurrency-related activity on average, but by 2024 that share rose to around 12%. For Lithuanian accounts, the proportion was higher, at roughly 18% of STRs related to payment accounts.
FinTelegram Interpretation: The Baltic Region As A Payment-Rail Laboratory
The Baltic region is becoming a test case for the future of European AML supervision. The region has strong digital infrastructure, advanced FinTech ecosystems, close Nordic banking links, EU passporting dynamics, crypto exposure, and significant cross-border activity. This makes it innovative โ but also vulnerable.
The official study confirms four FinTelegram working theses:
First, de-risking does not remove risk; it relocates it. When traditional banks off-board clients, the business may move to digital banks, EMIs, PIs, VIBAN providers, or crypto-friendly intermediaries.
Second, licensing is not the same as transparency. A licensed EMI or digital bank can still become a chokepoint for high-risk payment flows if it serves opaque intermediaries or relies on insufficiently transparent third-party structures.
Third, crypto risk increasingly enters through payment rails, not only through crypto exchanges. The interaction between bank accounts, VIBANs, EMIs, VASPs, and on/off-ramp structures is now one of the most important AML risk zones.
Fourth, cross-border payment flows require cross-border supervision. National supervision is structurally insufficient where clients, beneficial owners, PSPs, VASPs, merchants, and victims are spread across different jurisdictions.
The Casino Payment-Rail Angle
Although the study is not specifically about illegal online casinos, its findings are directly relevant to FinTelegramโs ongoing investigations into offshore gambling payment rails.
Illegal casino operators frequently rely on exactly the type of structures highlighted by the FIUs: payment intermediaries, cross-border PSPs, non-transparent payees, VIBAN-like account structures, crypto on-ramps, open-banking flows, and payment-purpose dilution. In these ecosystems, the player may believe they are making a casino deposit, while the banking layer may see a transfer to a payment processor, gateway, wallet provider, or unrelated commercial descriptor.
The Baltic FIU study therefore provides an official AML framework for understanding why these rails matter. They are not merely technical payment channels. They are potential financial-crime infrastructure.
Regulatory Takeaway
The Baltic FIUs recommend regional indicators for PSP-related STRs, detailed sector-specific typology studies focusing on digital banking, embedded finance, PI/EMI and virtual-asset segments, better dissemination of red flags, enhanced staff training, and stronger data harmonisation across the region.
FinTelegram would go one step further: European regulators should treat payment-rail opacity as a standalone compliance risk. Where the consumer-facing merchant, payment descriptor, technical gateway, account holder, beneficial operator, and economic purpose do not align, enhanced due diligence should be mandatory.
The key question is no longer simply: Is the PSP licensed?
The better question is: What payment rail is the PSP enabling โ and for whom?
FinTelegram Conclusion
The Baltic FIUs have delivered an important and unusually relevant study. It confirms that AML risk in the Baltic region has moved into a more complex phase: less cash, fewer traditional non-resident banking scandals, but more digital rails, more cross-border accounts, more FinTech concentration, more VIBAN opacity, more crypto adjacency, and more rapid movement of funds.
For FinTelegram, this is a strong validation of the Rail Atlas approach. To understand modern financial crime, investigators, regulators, banks, and victims must follow the rails โ from the consumer interface to the gateway, from the gateway to the PSP, from the PSP to the VIBAN or correspondent layer, and from there into crypto, offshore accounts, or settlement structures.
The Baltic States are not merely a regional AML case study. They are a preview of Europeโs payment-risk future.
