Table of Contents
For some time, the Estonian government has been dealing with the aftermath of its early adoption of crypto licenses. Having hundreds of licensed crypto companies offering virtual currency services coupled with weak supervision over the sector is seen as a big risk to the entire financial sector. This is the most significant potential change in the applicable legislation since 2017.
In the year 2021, we have seen four different legislative initiatives. Different suggestions and drafts are now in different stages of discussion and adoption, making it almost impossible for an average market player to follow.
This article will give you an idea of the potential changes to the extent that we know of them at the end of 2021. The first set will come into force in March 2022, with certain additions at the beginning of 2023.
Will my business be affected by the new crypto regulation in Estonia?
The baseline is that all the businesses that require a license today (wallets and exchanges) will require it under the new Estonia crypto regulation. The draft act will also implement two new types of services: (1) transfer of virtual currencies from one person to another and (2) participation in and provision of financial services related to an issuer’s offer and/or sale of virtual currencies. Certain clarifications will also be made to the already existing definitions.
The service of transferring virtual currencies includes the act of initiating a transaction from one wallet to another and vice versa. The crypto law does not provide examples, but it can be concluded that all types of transactions between wallets, for example, crypto-payment gateways, direct transactions, brokerage, and potentially more, would be regulated.
According to the Financial Action Task Force (FATF, the guidelines of which are the basis for this new crypto regulation in Estonia), participation in an offer or sale of virtual currencies includes businesses accepting purchase orders and funds and purchasing virtual currencies from an issuer to resell and distribute the funds or assets, as well as book building, underwriting, market-making, and placement agent activity.
Meanwhile, the sole act of issuing virtual currencies is not considered a regulated activity unless the issuer is offering the above or similar services. In most cases, IT development and consulting services will not be affected.
Should you need any help with crypto licenses, our experienced team of lawyers is here to assist you in any matters.
How will the crypto regulation change licensing?
The procedure for licensing is set to change in two stages. Firstly, in February-March, the operational requirements are set to be equated to requirements for traditional financial institutions.
Some of the biggest new obligations include:
- increased share capital requirements (EUR 125 000 as a minimum and EUR 350 000 for companies offering transfer of virtual currencies);
- Requirements for own funds similar to those of payment institutions, banks, and other licensed financial institutions;
- expanded fit and proper procedure for management board members, whereas a limit is set to several companies that one person can manage;
- requirements to submit business plans and documentation on IT systems;
- obligation to audit accounting reports and hire an internal auditor;
- an increased state fee for making a licensing application (up to EUR 10 000 from EUR 3300);
- introduction of supervision fees (currently suggested to be equal to ≈ 0.035% of every transaction plus 1% of share capital).
The already licensed entities will have c.a. one and a half months to comply with the new Estonia crypto regulation. The Financial Intelligence Unit (FIU, the government authority so far responsible for issuing these licenses), at its sole discretion, will have the right to extend the individual deadline of a service provider by up to 150 days.
Once the new Estonian crypto regulation gets implemented, it is expected that all the existing licenses will need to be transferred from the FIU to the Financial Supervision Authority (FSA, the government authority responsible for the supervision of the financial services and financial institutions) at some point in 2023. The government has indicated that it desires to synch up the requirements of the virtual asset services under the supervision of the FIU and the FSA.
At least the AML procedures won’t have to be changed, right?
In addition to the operational requirements, the service providers must update their rules for anti-money laundering (AML). Until now, there have been few know your client (KYC) procedures that would be specific to the provision of virtual currency services. The draft acts are set to change that and introduce the new obligatory processes to all virtual currency service providers.
When transferring virtual currencies, the service provider will be obligated to collect information necessary for the identification of both the initiator and the receiver of the transfer and to transfer it to the bank or wallet provider of the receiver. This practice has been applied to the banks for some time and is called the “travel rule.”
Suppose the receiver is not capable of accepting or identifying such information. In that case, the service provider must use a technological solution to track the transaction on the blockchain in real-time and to conduct the transaction’s risk analysis. This information will need to be stored for at least five years and made available to the authorities upon request.
For the application of the travel rule, service providers will have an obligation to establish procedures for cases when the virtual currency must be returned to the sender and when the virtual currencies will not be made available to the receiver. In case of suspicion of money laundering, the service provider must notify the FIU.
Some positive changes are set to be made as well. An update to regulation for identifying clients with information technology will simplify the requirements for identifying high-profile and non-EU resident clients. With the existing rules, certain clients needed to use an ID card issued in the EU to fulfill the identification, which required separate integration for each ID system.
The Estonia crypto regulations allow for the identification of the client’s face and government-issued ID together with a comparison of biometric data. Such solutions must be approved by the supervision authority (Financial Intelligence Unit, FIU). Compliance with an internationally recognized standard is also seen as a requirement. The identification procedure could be developed in-house or outsourced to a service provider.
Each case of using such alternative methods will need to be approved by the FIU separately, and the decision will be based on the service provider’s business model. This will allow for easier onboarding of clients both from the EU and third countries.
Previously, in the case of identification with information technology, conducting a real-time interview with the potential client was obligatory. The new rules do not require interviewing unless there are specific reasons, like increased risk of money laundering, the reason for application of increased due diligence measures, etc.
Due to the new Estonia crypto regulation, conducting a crypto business in Estonia will get much more expensive and complicated. Still, the mentioned acts remain at different stages of proceedings in the government and Parliament, so there is still a chance for changes.