16–32 Week EMI Licensing Preparation Roadmap(2026)

Workstreams, Owners, Milestones & Critical Path

Why saying “16–32 weeks” is honest (and “we’ll do it fast” is not)

EMI licensing preparation is not a single “documents project”. It’s a full build-out that covers product, operations, compliance/AML, finance, safeguarding, IT controls, outsourcing, and corporate governance.

Timelines usually break not on “paperwork”, but on evidence of operational readiness:
who actually performs KYC, how alerts are handled, how reconciliations work, how vendors are controlled, and where your logs and access controls are.That’s why a real licensing preparation looks like a managed system:
workstreams → owners → milestones → critical path.

How to run the project so it doesn’t fall apart

One project owner. One critical path. One version-control system.
If “everyone helps”, you don’t have a project owner. You have shared irresponsibility.

Core roles and owners

• Project Owner (usually CEO/COO): timeline, priorities, decisions, escalation
• Compliance Owner / MLRO: AML/CTF, risk model, policies, regulator responses
• Finance Owner (CFO/Head of Finance): financial model, capital, safeguarding, reconciliations
• Product/Tech Owner (CTO/Head of Product): architecture, IT controls, integrations, logs/access
• Operations Owner (COO/Ops Lead): onboarding, support, complaints, incidents, runbooks
• Legal Owner (in-house/outside counsel): governance, contracts, outsourcing, board decisions/minutes

Workstreams (minimum set)

• Scope & product (what exactly you license and how it works)
• Governance & people (structure, roles, fit & proper, committees)
• Risk & compliance / AML (risk assessments, policies, monitoring, SAR)
• Safeguarding & finance (flow maps, accounts, reconciliations, reporting)
• Operations (onboarding, support, complaints, refunds/disputes)
• Technology & security (access, logs, change, incidents, resilience)
• Outsourcing & vendors (register, due diligence, SLAs, exit plans)
• Application file & Q&A management (submission structure, versions, responses)

The 16–32 week plan: phases, milestones and owners

Phase 1 (Weeks 1–4): “Lay the rails”

Goal: lock scope, assign owners, approve target operating model and architecture.

Milestones

• M1: Product scope locked (what you do and what you do NOT do)
  Owner: CEO/COO + Legal + Compliance
• M2: Target Operating Model v1 (how the EMI runs day-to-day)
  Owner: COO/Ops
• M3: Architecture + key vendor list v1
  Owner: CTO
• M4: Project plan + critical path + evidence list
  Owner: Project Owner

Key artifacts

• end-to-end user scenarios (onboarding, top-up, transfer, refund, dispute, freeze/block)
• minimum policy/procedure list
• outsourcing map: what’s critical and how you control it

Phase 2 (Weeks 5–10): “Docs and ops become real”

Goal: turn intentions into repeatable processes you can prove.

Milestones

• M5: Governance pack v1 (structure, roles, committees, accountability)
  Owner: Legal + CEO
• M6: Risk assessment + risk appetite v1
  Owner: Compliance/Risk
• M7: AML/CTF framework v1 (CDD/EDD/sanctions/monitoring/escalations)
  Owner: MLRO
• M8: Safeguarding design v1 (accounts, reconciliations, reports)
  Owner: CFO
• M9: Operational runbooks v1 (complaints, incidents, support, KYC ops)
  Owner: Ops Owner
• M10: IT controls v1 (access, logs, change, incidents, BCP)
  Owner: CTO/Security

Phase 3 (Weeks 11–18): “Package assembly + evidence testing”

Goal: build a regulator-readable pack and run full end-to-end scenarios.

Milestones

• M11: Application file structure fixed + version control implemented
  Owner: Project Owner
• M12: End-to-end walkthroughs (client → transaction → alert → complaint → incident)
  Owner: COO + MLRO + CTO
• M13: Outsourcing pack ready (register, due diligence, SLAs, exit plans)
  Owner: Legal + CTO + Risk
• M14: Financial model + proof of capital/source of funds ready
  Owner: CFO
• M15: “Ready-to-file” draft (sanity check: no contradictions)
  Owner: Project Owner + Legal

Phase 4 (Weeks 19–32): “Submission + Q&A cycle”

Goal: respond fast and consistently without breaking the pack or creating contradictions.

Milestones

• M16: Submission filed
  Owner: Legal / Project Owner
• M17: Q&A playbook approved
  Owner: Project Owner
• M18: Iterations based on requests (policies/processes/evidence updates)
  Owners: all workstream owners
• M19: Operational readiness for launch (if a demo is required)
  Owner: COO/CTO/MLRO
• M20: Final consistency reconciliation of the full pack
  Owner: CEO + Project Owner

Critical path: what really slows projects down

This is what the CEO should look at weekly. These are the actual bottlenecks, not “pretty diagrams”.

• Scope and boundaries: what you do legally and what you don’t
• Governance and key roles: accountability, fit & proper, decision-making
• AML as an operating system: onboarding, EDD, monitoring, escalations, SAR
• Safeguarding and reconciliations: account structure, frequency, reporting, controls
• Outsourcing: oversight of critical vendors, SLAs, exit plans
• IT controls and evidence: access, logs, changes, incidents, BCP
• Financial model + proof of capital: consistent numeric storyline
• Ability to answer questions: speed, quality, version control

If these are weak, you’ll land closer to 32 weeks. If they’re strong, 16–24 becomes realistic.

How the CEO stays in control (without micromanagement)

Five rules that actually work:

• Weekly 45-min steering meeting: decisions, blockers, critical path
• One backlog of changes (not five random spreadsheets)
• Version everything: documents, diagrams, responses, appendices
• Evidence first, words second: no evidence = it doesn’t exist
• Stop-doing list: new “wants” only enter if something else exits

Table: workstream → owner → key deliverables

Workstream	Owner	Minimum deliverables
Scope & Product	CEO/COO + Legal	service description, scenarios, limitations/prohibited activities
Governance	CEO + Legal	org structure, roles, committees, fit & proper pack
Risk & AML/CTF	MLRO/Compliance	risk assessment, AML policy, CDD/EDD, monitoring, SAR process
Safeguarding & Finance	CFO	safeguarding design, reconciliations, reporting, financial model
Operations	COO/Ops	SOPs: onboarding ops, support, complaints, incidents, refunds
IT & Security	CTO	access, logs, change mgmt, incident mgmt, BCP/DR
Outsourcing & Vendors	Legal + CTO + Risk	register, due diligence, SLAs, exit plans, oversight
Application file & Q&A	Project Owner	pack structure, version control, response procedure

Conclusion

16–32 weeks is not “too long”. It’s a normal timeline to build a regulated business that can prove it’s controlled.Fastest way to lose time: writing policies without real operations.
Fastest way to win: keep the critical path and the evidence list under weekly control.

GET A ČNB-READY GAP CHECK AND A CLEAR FIX LIST

 

START EMI PRE-CHECK

ORDER

FAQ: EMI licensing preparation roadmap

Why is the plan so long? We’re a startup, we want speed.

Because EMI prep is not “launch an app”. It’s building an operating system that can prove: who decides what, how AML runs, where safeguarding sits, how vendors are controlled, and where logs/access are. Fast can get you a pitch deck. Not licensing readiness.

What decides whether it’s 16 weeks or 32?

Usually three things:

• evidence quality: logs, cases, SOPs, reconciliations, outsourcing oversight
• owner readiness: not “everyone a bit”, but named accountable owners
• scope stability: if you change the product every 2 weeks, the timeline slides

 

What’s the most common bottleneck on the critical path?

Top three forever-delays:

• AML as a real process, not “a PDF policy” (EDD, alerts, escalations, SAR)
• safeguarding + reconciliations (who does it, how often, what proves it)
• outsourcing (critical vendor oversight, SLAs, exit plan)

Can we start with a partner/agent model and prepare EMI licensing in parallel?

Yes. It’s a common strategy: partnership gives speed to market, while the EMI programme builds long-term independence.

How many people do we realistically need so the project doesn’t die?

Minimum viable setup:

• Project Owner (CEO/COO)
• MLRO/Compliance (can be external early, but with real authority)
• Finance owner (CFO/Head of Finance)
• CTO/Tech owner
• Ops owner

You can outsource tasks. You can’t outsource ownership.