Digital Bank License Application Guide

Introduction

Getting a digital bank license is not a form you fill out and submit. It's a multi-phase regulatory evaluation that can run anywhere from six months to several years, and approval comes only when a regulator is satisfied — on their timeline, not yours.

Many fintech founders underestimate what that evaluation actually involves. Strong technology and a compelling investor deck don't move the needle with regulators.

What they assess — before a single customer account is opened — includes:

  • Compliance governance and the policies supporting it
  • Capital adequacy relative to your proposed business model
  • AML controls and transaction monitoring infrastructure
  • Technology resilience, including disaster recovery and operational continuity
  • Leadership fitness to run a supervised financial institution

This guide is for fintech startups, neobank founders, crypto firms, embedded finance companies, and money transmitters operating in or expanding into the US, UK, EU, or Canada. It explains what the application process involves, which license type fits different business models, what regulators actually evaluate, and where applicants most commonly fail.

TL;DR

  • A digital bank license is a regulatory authorization to conduct specific financial activities — permitted activities vary significantly by license type and jurisdiction.
  • Three main paths exist: full bank charter, EMI/PI license, or a jurisdiction-specific digital bank license, each with different capital requirements and timelines.
  • Regulators evaluate compliance governance, leadership credentials, capital adequacy, technology infrastructure, and AML/KYC controls — not just your business plan.
  • Timelines range from 6 months (EMI/PI) to 3+ years (full bank charter).
  • Most neobanks don't need a full banking license to launch; a BaaS or EMI/PI path is typically faster and better suited to early-stage operations.

What the Digital Bank License Application Process Actually Involves

A digital bank license application is the formal regulatory process through which an entity seeks authorization from a national or regional authority to conduct regulated banking activities. Depending on the license category, those activities may include deposit-taking, e-money issuance, payment services, or balance-sheet lending.

The outcome of a successful application isn't just a certificate. It means the legal right to hold or safeguard customer funds, access payment infrastructure, operate within a supervised framework, and earn the institutional credibility that counterparties and investors require.

This is fundamentally different from registering a company or signing up with a payment processor. A license creates ongoing supervisory obligations:

  • Minimum capital requirements held on an ongoing basis
  • Governance standards covering board composition and management fitness
  • Regular regulatory reporting to your supervising authority
  • Demonstrated ability to manage financial, operational, and compliance risk

Fall short of those standards post-authorization, and regulators — whether the OCC, FCA, or ECB — can and do withdraw licenses for capital breaches, governance failures, or AML breakdowns.

One critical clarification: "digital bank license" is not a universal category. In the US, UK, EU, and Canada, digital banks operate under standard bank, EMI, or payment institution frameworks — there is no lighter regulatory treatment because you don't have branches. Regulators in Singapore (MAS), Hong Kong (HKMA), and Malaysia (BNM) have created explicit digital bank license categories, but those are exceptions, not the rule in core Western markets.

How the Digital Bank License Application Process Works

Applications are evaluated holistically. Regulators don't review the business plan, then governance, then capital in sequence — they assess all of it simultaneously, and a weakness in any area affects the whole.

Step 1: Pre-Application Assessment and Regulatory Strategy

Before filing anything, you need to answer three questions:

  1. Which license type matches your intended product set?
  2. Who is the relevant regulatory authority?
  3. Do you meet the minimum capital requirements?

Most regulators offer — and in some cases require — pre-application engagement. The OCC normally requires a prefiling meeting attended by organizers and the proposed CEO before a de novo charter application is filed. The PRA and FCA encourage pre-application engagement through the New Bank Start-Up Unit, including technical challenge sessions that surface problems before they become reasons for rejection.

Use pre-application meetings to test your business model, governance assumptions, and capital position — not to introduce yourself.

Step 2: Building the Compliance and Governance Structure

This is where most applicants fall short. Regulators require:

  • A board with relevant financial services experience
  • A designated compliance function — CCO, BSA Officer (US), or MLRO (UK/EU)
  • A documented, board-approved AML/CFT program
  • A risk management framework with written policies and procedures
  • Evidence that named individuals have the qualifications to hold these roles

Applicants who treat compliance leadership as a post-approval hire are routinely rejected or asked to resubmit. The compliance structure needs to exist — with named, credentialed individuals — at the time of submission.

For early-stage applicants who can't justify a full-time hire, fractional compliance officers are a practical alternative. Fraxtional provides named CCOs, BSA Officers, MLROs, and CAMLOs who can be formally designated in regulatory filings and take direct ownership of the compliance program from day one.

Step 3: Preparing the Application Package

Once your governance structure is in place, the application package becomes the next critical workstream. Incomplete submissions are the single most common cause of delay. A complete application typically includes:

  • Business plan — target market, product roadmap, revenue model, and unit economics
  • Financial statements — projected or audited, with capital adequacy evidence
  • AML/CFT policies — written, board-approved, with named responsible individuals
  • IT and operational resilience plan — covering disaster recovery, cloud policy, and third-party risk
  • Recovery and resolution plan
  • Key personnel documentation — fit-and-propriety evidence for all senior roles
  • Ownership and group structure disclosures

The FCA's approach document states that an application still incomplete after 12 months is likely to be refused. Treat completeness as a board-level workstream, not an admin task.

Step 4: Regulatory Review and Authorization

After submission, regulators conduct a formal review that typically generates requests for additional information (RFIs). This is normal — respond promptly and completely.

Timeline benchmarks vary by jurisdiction and license type:

License / Jurisdiction Statutory Review Period
OCC de novo bank charter 120 days from complete application
UK bank (complete application) 6 months
UK bank (incomplete application) Up to 12 months
FCA EMI/PI (complete) 3 months
FCA EMI/PI (incomplete) Up to 12 months

Digital bank license review timelines comparison across US UK EU jurisdictions

In the UK, the PRA offers a mobilization route — a restricted authorization that allows limited operations while the full review is completed. During mobilization, total customer deposits are typically capped at £50,000, and the bank must apply to vary its permissions before operating fully. This is not a soft launch. It's a separate regulated phase with its own conditions.

Types of Digital Bank Licenses and Where They Apply

Full Bank Charter (US, UK, EU, Canada)

A full bank charter grants the widest product permissions: deposit-taking, balance-sheet lending, net interest income, and access to payment infrastructure as a direct participant.

The trade-off is the most demanding entry requirements across all three dimensions — capital, governance, and timeline.

Jurisdiction Regulatory Authority Key Capital Requirement
US OCC (national) or state + FDIC Tier 1 leverage ratio of at least 8.0% for first three years
UK PRA + FCA (dual authorization) Firm-specific via ICAAP/ILAAP
EU ECB + national competent authority National law + ECB assessment
Canada OSFI Minimum CAD$5M paid-in capital before order to commence

Full bank charter requirements comparison across US UK EU Canada jurisdictions

This path makes sense when deposit-taking and direct lending are core to your revenue model. It's not appropriate for payments-led products or pre-product-market-fit businesses.

EMI or Payment Institution (PI) License (UK, EU)

The EMI/PI route is the practical starting point for most payments-led digital banking products in the UK and EU. It supports:

  • E-money issuance
  • Payment accounts and cards
  • Transfers and FX
  • Payment initiation and account information services

It does not authorize bank-style deposit-taking or balance-sheet lending.

Capital thresholds are standardized and substantially lower than a full bank charter:

  • Authorized EMI: €350,000 initial capital
  • Authorized PI: €20,000, €50,000, or €125,000 depending on payment services offered

The FCA's recent authorization data is instructive: of 100 payment services/e-money applications received in Q4 2025/26, only 20% were approved, 10% refused, and 70% withdrawn — with a median determination time of 6 months. Most withdrawals happen after applicants realize mid-process how underprepared they were.

Jurisdiction-Specific Digital Bank License Frameworks

A handful of regulators have created dedicated digital bank categories:

  • Singapore MAS — Digital Full Bank (DFB) and Digital Wholesale Bank (DWB). DFBs require S$1.5B capital at full operation; restricted phase starts at S$15M.
  • Hong Kong HKMA — Virtual bank authorization with minimum share capital of HK$300M.
  • Malaysia BNM — Phased digital bank framework with asset thresholds and an 8% total capital ratio requirement.

These frameworks share common characteristics: full AML/CFT and prudential compliance, restrictions on physical presence, and phased entry with escalating requirements.

Outside these dedicated frameworks — in Germany, Brazil, the US, UK, EU, and Canada — digital banks operate under standard licensing frameworks. The neobank label doesn't create a separate regulatory track.

Key Factors That Affect Your Application's Success

Regulators don't weigh these factors independently. A strong business plan won't compensate for weak governance, and adequate capital won't overcome an incomplete AML program.

Capital adequacy Demonstrate sufficient initial capital to meet the jurisdiction's minimum threshold and maintain a credible buffer through the mobilization period and early operations. For OCC applications, capital must support the business plan and projected losses before the bank reaches stable profitability.

Compliance leadership and governance quality Every regulator conducts fitness-and-propriety assessments of key personnel. A named CCO, BSA Officer, or MLRO with a documented track record is weighted heavily. Applicants without this in place at submission are routinely rejected — not asked to add it later.

Business plan credibility Regulators evaluate whether the business model is viable, the target market is realistic, and the financial projections are internally consistent. Vague projections or unrealistic growth curves generate RFIs that delay the entire review.

Technology infrastructure and operational resilience Evidence of IT governance, data security, cloud policy, disaster recovery, and third-party risk management is required across all jurisdictions. FCA PS21/3 sets specific operational resilience requirements for UK financial firms; EU DORA applies directly to credit institutions, payment institutions, and electronic money institutions. Treat this as a substantive submission requirement, not a technical appendix.

AML/CFT program completeness Under US regulations, a bank's AML program must be written, board-approved, and name a responsible individual. It must also include:

  • Internal controls and transaction monitoring procedures
  • Independent testing and audit mechanisms
  • Staff training on AML obligations
  • Customer due diligence (CDD) procedures

Four-pillar AML CFT compliance program requirements for digital bank license applications

The FCA's guidance positions the MLRO as the focal point for AML compliance oversight. Incomplete programs are a non-negotiable reason for rejection across all target jurisdictions.

Common Mistakes in the Digital Bank License Application Process

The Funding Fallacy

The most damaging assumption is that strong technology or substantial funding is sufficient for approval. Regulators don't assess product quality or investor backing — they assess operational readiness, governance maturity, and compliance infrastructure. Well-funded applicants are rejected regularly because compliance was treated as a secondary concern.

Premature Submission

Filing before the governance structure, compliance framework, and capital position are fully in place creates problems that can't be fixed mid-review. Once submitted, the clock starts. Responding to RFIs with "we're building that" signals the application wasn't ready.

Failed applications rarely fail on one point. The pattern is multiple incomplete areas appearing together:

  • Governance structure defined on paper but not operationally in place
  • Compliance framework drafted but not tested or staffed
  • Capital position meeting minimums on paper but not stress-tested
  • Key policies referencing roles that haven't been hired

Four common digital bank license application failure patterns that lead to rejection

Each gap alone might be addressable. Combined, they signal an organization not ready to operate as a supervised institution.

Misunderstanding What Authorization Means

Authorization means you're approved to begin operating under restrictions — not that you're cleared to launch fully. The UK mobilization route, for example, comes with meaningful constraints:

  • Deposit cap typically set at £50,000
  • Restrictions on product scope and customer numbers during mobilization
  • A separate application required to vary permissions before full launch

Build mobilization duration into your planning timeline from the start. Authorization date and go-live date are rarely the same, and treating them as interchangeable is one of the most consistent planning errors in new bank applications.

When a Full Digital Bank License May Not Be the Right Path

A full bank charter makes sense when deposits and balance-sheet lending are the core revenue drivers. For most early-stage fintechs, that's not the case at launch.

Consider an EMI or PI license if:

  • The product is payments-only, card-led, or FX-focused
  • You need e-money accounts but not insured deposits
  • You're targeting UK or EU markets with a sub-18-month launch timeline

A sponsor bank or BaaS arrangement fits better if:

  • You're pre-product-market-fit
  • The business plan doesn't include direct deposit-taking or lending
  • The founding team lacks prior banking regulatory experience
  • You lack the capital to sustain a multi-year regulatory process alongside product development

Fraxtional works with fintechs across all stages of this decision. That includes pre-application compliance readiness assessments, sponsor bank introductions, and building the governance structures a direct license application requires when the business is ready.

A staged strategy is typically faster and more capital-efficient: start with BaaS or EMI/PI, then pursue a full charter when the business model actually requires it.

Frequently Asked Questions

What is a digital bank license?

A digital bank license is a regulatory authorization issued by a national financial authority permitting an entity to conduct digital banking operations. The specific activities permitted depend on the license category and jurisdiction — ranging from e-money issuance under an EMI license to full deposit-taking and lending under a bank charter.

How much does it cost to start a digital bank?

Costs vary significantly by path. A BaaS or EMI/PI route involves legal fees, compliance preparation, and a capital minimum (as low as €20,000 for a basic PI license). A full bank charter requires substantially more capital, longer advisory engagement, and multi-year operating runway — confirm jurisdiction-specific minimums before finalizing your financial model.

Are digital banks regulated?

Yes — digital banks are subject to the same fundamental regulatory requirements as traditional banks, including AML/CFT compliance, prudential capital requirements, consumer protection rules, and data privacy obligations. The neobank label doesn't create a lighter regulatory track in the US, UK, EU, or Canada.

How long does it take to get a digital bank license?

Timelines vary by license type and jurisdiction. An EMI/PI license in the UK or EU can take 6–18 months; a full bank charter in the US or UK typically takes 1–3+ years. Some jurisdictions offer phased or mobilization pathways that allow limited operations before full authorization is granted.

What is the difference between a digital bank license and an EMI license?

A full digital bank license (or bank charter) permits deposit-taking and balance-sheet lending. An EMI license covers e-money issuance, payment accounts, and related payment services — but not bank-style deposits or direct lending. If deposits and net interest income drive your revenue model, you need the charter; if not, an EMI license is likely sufficient.

Do I need a full banking license to launch a neobank?

Most neobanks launch without one — using either an EMI/PI license for payments and e-money, or a sponsor bank/BaaS arrangement for deposit and card products. A full bank charter becomes relevant when deposits, lending, and net interest income are the core of the revenue model.