In Estonia, a cryptocurrency license could be easily obtained in a short period of time, and crypto assets could be managed from anywhere in the globe, prior to the tightening of standards for cryptocurrency businesses. This welcoming and simple registration environment for cryptocurrency businesses has stimulated their rapid growth, which in turn had also increased industry risks and resulted in stricter licensing requirements for cryptocurrencies, applying the Resolution on Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT).
The discovery of suspect payments totaling more than $100 billion at one Estonian branch of the Danish bank Danske Bank was another major factor in the tightening of restrictions. In Estonia, there are currently just 300 licensed cryptocurrency businesses after the revocation of such authorization from businesses violating the laws of the nation. Due to this, it is crucial to have the appropriate assistance when starting a cryptocurrency business. Tetra Consultants is an international consulting firm that assists international clients with securing Estonia cryptocurrency license.
Tetra Consultants through this article aims to guide you on the recent amendments under the anti-money laundering act and virtual currencies affecting the cryptocurrency businesses and the licensing regime in Estonia so that you make an informed decision before diving into your entrepreneurial journey.
Guide on Estonia’s New Anti-Money Laundering Act and Virtual Currencies
- The Estonian law Money Laundering and Terrorist Financing Prevention Act (Money laundering prevention and implementation of financial sanctions guidelines and legislation in Estonia and the European Union published by FSA), which regulates cryptocurrency services provided by Estonian businesses, was amended on March 15, 2022, and the changes were implemented on April 1, 2022. With these changes, the possibility of money laundering and terrorist funding during cryptocurrency transactions within Estonian companies will be prevented more adequately. Because additional expectations are being placed on virtual asset service providers (VASPs) in order to do so, both licensed VASPs and new applicants must align their operations and supporting documentation with the changes that took effect on June 15, 2022.
The effects of amendments passed under the Money Laundering and Terrorist Financing Prevention Act to establish stricter boundaries for companies applying for an Estonian crypto-license can be seen as below:
Increased share capital and administrative fees:
- The share capital of the virtual currency service provider should be:
- at least €100,000 if the virtual currency service provider offers a virtual currency exchange service (a service in which a person exchanges virtual currency for money or money for virtual currency or one virtual currency for another)
- at least €250,000 if the virtual currency service provider offers a virtual currency translation service (a service that allows you to make a transaction at least partially electronically through a virtual currency provider on behalf of the initiator in order to transfer the virtual currency to a virtual currency wallet or recipient account) when establishing a company for a virtual currency service provider, the payment of the authorized capital of the company can only be money.
- Furthermore, virtual asset service operators seeking a VASP license must pay an administrative charge of €10,000 in addition to a minimum share capital of EUR 350,000 for operators offering transfer services and €125,000 for those providing wallet services or offering platforms.
The scope of a ‘virtual currency service’
- Prior to the legislative reform, the only virtual currency services available in Estonia were crypto exchanges and wallet services. The updated regulations broadened the definition of a virtual currency service to include any transactions involving virtual assets, such as crypto transfers, virtual currency or token issuance, brokerage services, peer-to-peer services, and DeFi.
- As a result of the broadened definition of virtual currency service, any companies registered in Estonia that provide any form of crypto or DeFi services are subject to the updated legislation’s obligations. Following the FATF’s functional approach to defining a Virtual Asset Service Provider, the provisions’ applicability will be determined by the actual services offered by operators rather than anecdotal terms.
Licensing application requirements
- In addition to existing AML Act obligations, the new legislation will mandate applicants to submit the following:
- Financial information, such as an operator’s assets, share capital, and a breakdown of their revenue, cash flows, and liabilities
- A two-year business plan that details the operator’s operations, organizational structure, and operational processes
- Documents for risk assessment
- Information defining the technical systems that will be utilized to provide services, notably in the areas of security, business continuity, and operations;
- Details about the applicant’s financial audit business, and
- Documentation emphasizing the number of shareholders, the shares they own, and the number of votes they have
- Details on depending the services to be offered have enough capital for the “own funds” buffer, calculated either based on fixed cost or transaction volume, depending on offered services;
- Details on having substantial local substance in the country including Estonian local managers, AML officers, employees, office, etc.;
Introduction of “travel rule”
- The new law expands on a “travel rule” that compels financial institutions to identify transaction participants. Customers and individuals who hold a private wallet and utilize non-VASPs, as well as VASPs in other countries, will be exempt from the restrictions, however, VASPs who perform operations for or on behalf of a natural or legal person as a permanent company will be required to be obligated under the same rule. Accounts created with Estonian VASPs cannot be anonymous, and Estonian VASPs should perceive anonymous services as higher risk – and use real-time transaction monitoring tools to detect and, if required, alert the FIU of suspicious actions.
- Historically, the travel rule applied only to banks and payment services, but the new FATF (the worldwide standards organization for AML/CFT) guidelines suggest that it be extended to virtual asset services as well. This also implies that consumer data security and data protection problems be given full consideration. Reducing anonymity does not imply that the service provider’s personal data will become public or that anonymous crypto transactions would be prohibited. VASPs who break the regulations risk having their license revoked and being fined up to 300 fine units for a natural person and up to €400 000 for a legal person.
Amendments with respect to the board
- The new regulation specifies these requirements for the management board and contact persons. Here are the two main demands:
- Board members must have higher education and at least two years of professional work experience;
- A member of the management board may not hold this position at more than two VASPs.
- Another reform is that all members of the company must have a clean background, with no criminal record or involvement in fraud. Additionally, all corporate members will be required to provide non-conviction certificates. This is further supported by the fact that, with the implementation of new rules governing cryptocurrency operations, these services have been brought into the purview of Estonian AML legislation, which previously solely applied to financial institutions.
- According to the newly amended law, MLROs/AML Officers can only serve two independent firms. The Financial Intelligence Unit (“FIU”) may enable individuals to serve on the board of directors of one additional company, although this is an exemption that the FIU is not required to offer. Currently, the majority of MLROs/AML Officers serve on many management boards at the same time. If the firm’s MLRO/AML Officer concurrently serves on numerous boards, it is prudent to examine whether the individual should continue with the existing company or whether a new MLRO/AML Officer should be appointed.
Mandatory auditing requirement
- A major proviso is that the auditing duty will be implemented beginning in 2023 for companies whose fiscal year begins before 10.03.2022. If the company’s fiscal year begins after 10.03.2022, the auditing duty takes effect immediately.
- Additionally, Internal auditing is also required where internal audit service providers must be hired or outsourced by VASPs. An internal auditor is someone who examines the efficiency of a company’s internal controls and regulations on a regular basis. In reality, this implies that VASPs must implement the “three lines of defence” internal control system, which is also required of other financial service providers.
Grounds to deny a license application or revoke existing licenses
- The proposed legislation gives Estonian officials more power in refusing license applications or terminating existing VASP licenses held by virtual currency service operators. Prior to the regulatory changes, license applications could only be denied if an operator lacked AML procedures, payment accounts in Estonia, or other operational procedures deemed necessary by the regulatory body; however, license applications can now be denied if it is discovered that an applicant does not plan to undertake sufficient operations in Estonia, if previous licenses have been revoked, or if the operator lacks sufficient rules and processes for conduct. Furthermore, the FIU has the authority to refuse a license application if it challenges the legitimacy of the applicant’s share capital.
- There are also extra requirements for keeping a VASP license active. According to the constitutional amendments, an operator must actively do business in Estonia for six consecutive months and only provide authentic information about its commercial operations. The FIU will have reasons to revoke a VASP license if a license holder is discovered to have participated in money laundering or terrorist financing operations, or has selected Estonia merely to evade harsher AML standards in foreign countries where it actively operates.
- Furthermore, It is the managing board’s duty to bring their company into conformity with the amendments by June 15th, 2022. In addition, by January 1st, 2023, they must produce an audit report on compliance with the regulations surrounding the business’s own finances. This auditing requirement applies to a VASP’s annual accounts for fiscal years starting on or after March 10, 2022. For those who overlook the new requirements, non-compliance with the AML Act can lead to the revocation of their license.
Penalty for non-compliance
- The amended AML Act also adds three new offenses:
- Opening of an anonymous account, savings book, wallet, or purse of virtual currency;
- Breach of own funds requirements;
- Violations of the obligations of a VASP, such as failure to establish or control information related to the originator of a transaction.
- These violations can lead to a fine of up to 300 fine units (one fine unit equals €4) for a natural person and a fine of up to €400,000 for a legal person.
- As a result, the aforementioned legislative changes in regard to cryptocurrency licence provide a basic picture of the new criteria for doing this type of business. However, it is critical to recognize that imposing such stringent standards represents a substantial commercial advantage, given bitcoin activity in Estonia is currently regulated in the same way as fiat money.
- So, unlike in many other countries where cryptocurrencies are still unregulated by the state and anybody who launches a business in such regions risks having it shut down owing to suspicion of money laundering or other similar scams, in Estonia, cryptocurrencies have been equated with alternate ways of payment. Despite the recent legislative changes, Estonia remains the most appealing location for establishing a cryptocurrency business.
- However, navigating the country of Estonia’s complicated business climate and regulatory environment as an entrepreneur trying to establish a cryptocurrency business may be a difficult and time-consuming procedure. With the benefits of increased privacy measures and more secure operations, as well as different tax and accounting advantages, it is no wonder that many firms and international actors continue to pursue an Estonia cryptocurrency license. As a result, Tetra Consultants hopes that this article has given you a much better knowledge of the recent amendments in AML laws of Estonia affecting the regulations and issuance of Estonia cryptocurrency license so that you can genuinely determine whether you should do so yourself.
- Tetra Consultants will not only empower you by helping to navigate the different regulations of Estonia but also aid in facilitating the services to register company in Estonia, corporate bank account opening services, provision of company secretary and local office, preparation, and submission of license application for various offshore financial licenses as well as tax and accounting obligations.
- So, what are you waiting for? Contact us to find out more about the process of obtaining a cryptocurrency license in Estonia, and our dedicated and experienced team will respond within the next 24 hours.