Buy-side PI acquisition · Estonia
Buy a Payment Institution in Estonia
A Finantsinspektsioon-authorised payment institution sits inside the EU 27 with full PSD2 passporting, a euro-area domestic banking corridor, and a supervisor whose digital-first administrative culture is unusual in European fintech. Cadena Brokers represents acquirers only. Every Estonian PI we surface has been pre-vetted on banking continuity, qualifying-holding history, and Finantsinspektsioon supervisory posture before it reaches your desk.
Why Estonia
Finantsinspektsioon discipline, EU 27 passporting, e-state operating environment
The Estonian Financial Supervision and Resolution Authority — Finantsinspektsioon, in everyday usage simply “FI” — is the integrated supervisor of the Estonian financial sector. Operating since 1 January 2002 from Tallinn, it consolidates prudential and conduct oversight of banks, payment institutions, e-money institutions, investment firms, fund managers, insurance undertakings, creditors, and credit intermediaries under a single authority, with the Bank of Estonia (Eesti Pank) running monetary policy and payment-systems oversight alongside it. That structural choice keeps the qualifying-holding file, the AML inspection record, and the prudential supervision history in one place rather than spread across two or three agencies. Acquirers used to fragmented supervisory architecture in some peer EU jurisdictions feel the difference inside the first iteration of comments. The supervisor reading the change-of-control notification has typically already worked the target’s prudential and conduct files in parallel.
The Estonian PI population is small in headcount and skewed toward digitally-native operators. Finantsinspektsioon publishes its register of authorised payment institutions and a separate register of small payment institutions (väikemakseasutused under domestic statute) on its public website. Active charters cluster around three patterns: cross-border remittance and account-execution operators that picked Tallinn for the e-Residency programme and the engineering talent pool, and now passport into the wider EU 27; domestic Estonian operators that scaled inside the country’s mature digital banking corridor on instalment-payment, expense-management, or merchant-acquiring books; and English-language fintech operators with a Baltic or Nordic customer base that bought into the licence rather than queueing through a fresh authorisation. The banking cluster around the licensed entities is smaller than the Nordic one but real — LHV Pank (the local fintech-friendly counterparty of choice), Coop Pank, Luminor, SEB Eesti, and Swedbank Eesti, with the wider euro-area infrastructure one passport notification away.
Three reasons acquirers shortlist Estonia. First, the cross-border reach is unambiguous: a Finantsinspektsioon-authorised PI passports under PSD2 through FI to every EU 27 host competent authority on a notification basis, with cross-border services and the establishment of branches, agents, and distributors all available across the EEA. Second, operating-environment quality is unusually high for the licence cost — Estonia has been a euro member since 2011, an EU member since 2004, runs a corporate income tax regime that taxes only distributed profits (so retained earnings are deferred at 0% and only the dividend distribution attracts the 22% headline rate from 2025 onward), and the e-Residency programme makes the nominal infrastructure of Estonian incorporation, banking, and reporting digital from day one. Third, the supervisor speaks fluent English on regulatory correspondence, accepts EBA-aligned documentation conventions, and runs its file in writing through a digital case-management system that gives a well-prepared acquirer a faster path through completeness review than most peer jurisdictions.
What an Estonian PI authorisation permits
Scope, capital, and the obligations a buyer inherits
The activities Finantsinspektsioon authorises follow PSD2 directly. Directive (EU) 2015/2366 was transposed into Estonian statute through the Payment Institutions and E-money Institutions Act (Makseasutuste ja e-raha asutuste seadus, “MERAS”), originally adopted in 2010 and substantially recast on PSD2 transposition. The licence covers PSD2 Annex I services in full: account-information services, payment-transaction execution from a payment account (with or without credit line), payment-initiation services, money remittance, and the issuance of card-based payment instruments and acquiring of payment transactions. An Estonian PI cannot take deposits or issue electronic money; those activities sit under separate Finantsinspektsioon authorisations (the credit-institution licence under the Credit Institutions Act and the e-money institution authorisation under MERAS, respectively, the latter sitting at the EUR 350,000 minimum-capital tier).
Statutory minimum initial capital follows the PSD2 Article 7 schedule, transposed into MERAS without variation. EUR 20,000 covers only money-remittance activity. EUR 50,000 covers only payment-initiation services. EUR 125,000 covers the full account-based payment-services menu, which is the threshold most acquirers are working against because the post-close service mix almost always reaches into card acquiring, card issuing, or PSD2 Annex I (3) execution. Own funds are then maintained on a continuous basis under one of the three PSD2 calculation methods, with Method B (the volume-linked formula) the most common posture for active issuers and acquirers. Finantsinspektsioon sizes the operating buffer to the post-acquisition business plan; credible cross-border passport ambition typically calls for an operating capital base above the statutory floor.
Customer payment funds are safeguarded under MERAS: held in a segregated account at a credit institution authorised in the EEA and ring-fenced from the PI’s own resources, or covered by an insurance policy or comparable financial guarantee from an institution outside the same group. Finantsinspektsioon’s supervisory expectations on AML and governance sit alongside the prudential test as a parallel gate, with the Estonian Money Laundering and Terrorist Financing Prevention Act (RahaPTS) carrying the AMLD5 and AMLD6 transpositions. The institution must maintain real office space and staff in Estonia, with the management body and the heads of compliance, AML, and risk on the payroll of the licensed entity rather than on a service-agreement basis from a foreign parent. ICT and operational-resilience requirements follow DORA (Regulation EU 2022/2554), which has applied to Estonian PIs since 17 January 2025; FI has been preparing its first DORA inspections through 2025, so the ICT third-party register, the operational-resilience self-assessment, and incident-reporting plumbing are now part of the live supervisory file.
What we broker here
The Estonian PI profiles in our book
Specific entities are not disclosed outside an executed NDA. The general profile of what reaches an acquirer’s brief from the Estonian shelf falls into three patterns. Cross-border digital-payments operators with a Tallinn hub: small-to-mid-cap PIs running remittance and account-execution books across the Baltic-and-Nordic corridor, with passport notifications already filed across multiple EU 27 host states and a small but solid Estonian compliance and AML team. Domestic Estonian operators that exited the founder cycle: PIs that scaled inside the Estonian retail and SME banking corridor on instalment-payment, expense-management, or merchant-acquiring books, where the founders are exiting without exiting the customer franchise. Niche-acquired charters: PIs held by groups that parked the charter alongside an EMI, a credit business, or a crypto-asset operation and are now unwinding the payments arm cleanly to focus on a different vertical.
The diligence gates we work through with every Estonian file are four. Banking continuity: which Estonian or Baltic credit institution holds the safeguarded balances (LHV Pank is the most common counterparty for the digital-payments cohort, but bank-onboarding posture varies by acquirer profile and the post-close service mix), what the timeline looks like for re-papering on change-of-control, and whether SEPA participation, card-scheme memberships, and any acquiring sponsorship survive the new controlling group. AML programme integrity: Finantsinspektsioon’s expectations on transaction monitoring, sanctions screening cadence, MLRO seniority, and the most recent on-site or off-site supervisory letter, with any open recommendations the acquirer would inherit treated as a deal item rather than a footnote (post-2018 Estonia carries a heightened AML supervisory baseline; the DanskeBank Estonia branch case shaped how FI now reads cross-border high-risk flows). Substance test in Estonia: real headcount in country, real office, the management-body and four-eyes expectations, and the local compliance and AML officers staying through closing or replaceable on a pre-agreed timetable. IT and DORA readiness: the ICT third-party register, the operational-resilience self-assessment, and the incident-reporting plumbing FI has been examining since the 17 January 2025 application date.
One contrarian observation worth airing early. Acquirers comparing Estonia to the Lithuanian PI market often assume the two regimes read identically because both transpose PSD2 and both sit inside the euro area. They don’t. The Bank of Lithuania has been running a fast-onboarding posture on payment-services authorisations for almost a decade and the resulting PI population is large, varied, and bank-onboarded across multiple Lithuanian and Latvian counterparties. Estonia has been more selective: fewer authorisations granted, a tighter substance-and-management test at change-of-control, and a banking corridor where LHV Pank concentrates more of the digital-payments population than any single Lithuanian counterparty does. For an acquirer whose post-close thesis depends on a clean substance file and a single, well-understood banking relationship, the Estonian profile is structurally the better fit; for an acquirer who needs banking optionality across multiple counterparties from day one, the Lithuanian comparison set is wider.
Acquisition path
Change-of-control under Finantsinspektsioon’s qualifying-holdings regime
Acquisition runs through a share purchase of the Estonian entity holding the Finantsinspektsioon authorisation, with prior FI approval under the qualifying-holdings regime transposed from PSD2 Article 6 into MERAS. The notification thresholds are the standard EU set: 10%, 20%, 30%, and 50%, plus any move that hands the buyer control of the licensed entity. The fit-and-proper assessment covers beneficial owners, the proposed members of the management body and audit committee, group structure transparency, the source and provenance of funds, and the strategic plan for the PI post-acquisition. Finantsinspektsioon consults the home supervisor of any EU-regulated acquirer through the EBA’s standing colleges and bilateral channels, and works with the Estonian Financial Intelligence Unit (Rahapesu Andmebüroo) where the acquirer profile triggers a direct AML-side review.
The assessment clock under the EBA/ESMA/EIOPA Joint Guidelines on Prudential Assessment of Acquisitions runs sixty working days from a complete file, extendable by thirty working days where the supervisor seeks supplementary information. The bottleneck for unprepared acquirers is the completeness gate, not the substantive review. Acquirers who arrive with a coherent group-structure chart, audited accounts, source-of-funds dossier, and a board-ready strategic plan typically clear the file without iteration. See the four-step acquisition process on the homepage for the standing checklist that runs in parallel with target negotiations.
Why Cadena
Buy-side only, transactional, fast
The mandate is buy-side only. We work for the acquirer. Finantsinspektsioon notices when the same broker name turns up on both sides of a transaction, and the qualifying-holding file lands cleaner when the buyer arrives with independent representation. We do not run listing brokerage, we do not split fees with sellers, and we do not present targets whose seller is paying a placement bonus.
Engagement is transactional. We take the acquirer’s brief, map it to a small shortlist of pre-vetted Estonian profiles, run side-by-side regulatory and banking diligence, then file the qualifying-holding notification with Finantsinspektsioon while target negotiations close in parallel. Each Estonian PI we present has a live, named safeguarding-bank relationship that has been personally confirmed. Our diligence checklist is mapped to MERAS, the Estonian AML Act (RahaPTS), the EBA Guidelines on authorisation information, and the DORA implementation expectations FI has been issuing through 2024 and 2025. If the acquisition thesis depends on a particular service mix (card acquiring, payment initiation, cross-border remittance), we can tell you in the first meeting which targets in the Estonian book are board-ready for it and which need a service-scope amendment first.
FAQ
Estonia PI: questions buyers ask us
Can I buy an Estonian payment institution licence directly, or must I apply for a new one?
Yes. Change-of-control on a Finantsinspektsioon-authorised Estonian PI is the standard buy-side route, and it is materially faster than a fresh application. The transaction is structured as a share purchase of the Estonian entity holding the authorisation, with prior FI approval under the qualifying-holdings regime transposed from PSD2 Article 6 into MERAS. The mechanics: NDA, profile review, term sheet, regulatory and banking diligence, an SPA conditional on Finantsinspektsioon non-objection, then filing of the qualifying-holding notification. Closing is conditional on supervisory clearance. Cadena Brokers does not list targets publicly and does not represent sellers; the entity opens up under NDA after the initial fit conversation.
What is the difference between an Estonian PI and a small payment institution (väikemakseasutus)?
Both are authorised or registered by Finantsinspektsioon under MERAS. A full Payment Institution carries the complete PSD2 Annex I service menu (account services, payment-initiation services, card acquiring, card issuing, money remittance, and account-information services), with EU-wide passporting on a notification basis through FI. A small payment institution (väikemakseasutus) operates only domestically in Estonia, carries a transaction-volume cap under MERAS, and cannot passport into the rest of the EU at all. Statutory minimum initial capital differs accordingly. For an acquirer whose post-close thesis touches cross-border flows or a service mix beyond money remittance, only the full PI fits.
How does Finantsinspektsioon change-of-control approval work?
A qualifying-holding notification filed under the regime transposed from PSD2 Article 6 into MERAS. Thresholds are 10%, 20%, 30%, and 50%, plus any move that hands the buyer control of the licensed entity. Finantsinspektsioon assesses fit-and-proper standing of beneficial owners and the proposed management body, financial soundness and source of funds, group structure transparency, the strategic plan for the PI post-acquisition, and AML/CFT integration. The assessment clock under the EBA/ESMA/EIOPA Joint Guidelines is sixty working days from a complete file, extendable by thirty working days where supplementary information is sought. FI consults the home supervisor of any EU-regulated acquirer through the EBA channels and bilateral colleges, and works with the Estonian Financial Intelligence Unit on the AML-side review.
What is the statutory minimum capital for an Estonian PI?
The PSD2 Article 7 schedule, transposed into MERAS without variation. EUR 20,000 covers only money-remittance activity. EUR 50,000 covers only payment-initiation services. EUR 125,000 covers the full account-based payment-services menu, including card acquiring and card issuing. Most acquirers are working against the EUR 125,000 threshold because the post-close service mix typically reaches into card or account-execution services. Ongoing own funds are calculated on a continuous basis under one of the three PSD2 methods. Finantsinspektsioon sizes the operating buffer to the business plan; credible cross-border passport ambition typically calls for an operating capital base above the statutory floor.
Do Finantsinspektsioon-authorised PIs passport into the rest of the EU?
Yes. A Finantsinspektsioon-authorised PI passports under PSD2 by notification through FI to the host competent authority. Both cross-border services and the establishment of branches, agents, and distributors are available across the EU 27 and the wider EEA. Common host markets for Estonian PIs are Latvia, Lithuania, Finland (the natural Helsinki-Tallinn corridor), Germany, the Netherlands, and the wider Baltic-and-Nordic corridor where euro settlement infrastructure carries operational weight. The passporting notification is administrative; it is not a second authorisation file in the host country. For acquirers whose post-close thesis is EU-wide or Baltic-regional reach, that single feature is the structural reason Estonia sits in the comparison set with Lithuania, Latvia, and Sweden rather than with offshore alternatives.
What about substance and operating presence in Estonia?
Finantsinspektsioon expects real substance, not a brass-plate presence. The institution must maintain office space and employees in Estonia, with the management body and the heads of compliance, AML, risk, and ICT on the payroll of the licensed entity rather than on outsourcing arrangements from a foreign parent. The four-eyes principle on management is enforced at the authorisation level and re-tested at change-of-control. We screen substance posture on every target before introduction; a thin substance file is the most common reason a peer-jurisdiction PI would clear change-of-control where an Estonian one would draw a follow-up. The post-2018 supervisory baseline (the legacy of the Danske Bank Estonia branch case) means FI reads any cross-border AML exposure carefully — well-prepared substance closes the gap quickly.
Next step
Open a buy-side mandate on Estonian PIs
Send a one-paragraph profile of the acquirer, the post-close service scope, banking-stack constraints if any, and any preference on substance footprint. We respond inside one business day with the matching set from the current Estonian book, plus the banking-stack readout and substance-posture score for each. Buy-side only: no listing brokerage, no double-ended deals.
Start the buy-side conversation Request the Estonian shortlist
