Cryptocurrencies in Estonia – the final list of updates to the AML Act

For those operating in the field of crypto (or virtual currency) services, the latest developments in crypto-regulation have been the biggest concern of the latest years. If you were out of the loop, you can find our last article on the topic: What you should expect from Estonia crypto regulation in 2022.

The final version of the anti-money laundering act (AML Act) was adopted on February 23, 2022. The following is the list of changes that we found to be the most important.

Two new service types added

1. A virtual currency transfer service is defined as a service that allows a transaction to be made at least in part electronically through a virtual currency service provider on behalf of the originator to transfer the virtual currency to the recipient’s virtual currency wallet or account, regardless of whether the originator and the recipient are the same people or whether the originator and the recipient use the same service provider.
2. The service of arranging for a public or directed offer or sale or providing a financial service in connection with the issuance of a virtual currency.

The new definitions come in addition to the already existing service types. Virtual currency wallet service means a service in the framework in which keys are generated for customers or customers’ encrypted keys are kept, which can be used to keep, store, and transfer virtual currencies.

The virtual currency exchange service was already defined as a service with the help of which a person exchanges a virtual currency against a fiat currency or a fiat currency against a virtual currency, or a virtual currency against another virtual currency

The above services are to be interpreted in conjunction with the guidance of the Financial Action Task Force (organisation responsible for establishing international anti-money laundering regulations). According to them, a service is not considered regulated if none of the defined services are offered.

What about DAO, DeFI, and WEB 3.0 services?

DeFI and Web3 services have been a topic of discussion, and it is the consensus that true DAO-type applications should remain outside the scope of the regulation. This includes community-based applications, where no single person has the power to provide and operate the service, and includes software developers whose role is to execute the decision of the DAO to implement a function or process into the protocol.

During one of the discussions, the government commented that Estonian legislation could not effectively cover the range of obliged persons in decentralised solutions. The law does not aim to cover services, technological solutions, service providers, or their creation and development, which are not intended to provide any of the services set out in the law.

The amendment must be read in conjunction with the existing criteria for the definition of a service provider:

• a service provider is a person (not a group of persons);
• the provision of the service must take place within the framework of the person’s economic, professional, or trade activity.

The virtual currency service providers shall be assessed based on the actual will of the service provider and the nature and purpose of its activities.

Requirements for companies holding/applying for a license

The direction of the new regulation remains essentially the same as with the original drafts but is more lenient in certain areas. The following are the changes compared to the existing rules.

1. Virtual currency service providers cannot offer services outside an established business relationship.
2. An explicit ban was set on opening anonymous accounts.
3. The travel rule is the obligation to send information on the transaction (contact information) for outbound transactions. If the receiver can not accept the data, then the service provider must adopt measures for tracking and risk analysis measures.
4. A virtual currency service provider must store the documents related to the use of the travel rule for five years following the end of the business relationship.
5. During licensing, additional data will need to be provided, including overviews of income and balance sheet, business plan, and provision of information on the IT systems and technologies used for the service provision.
6. Licensed entities now need to find both an external and an internal auditor.
7. Share capital minimum raised to EUR 250 000 for transfer services and EUR 100 000 for all others.
8. Requirements to own funds and liquidity were introduced, similar to requirements for credit institutions.
9. Higher education and at least two years of experience are requirements for the management board.

An application for licensing will now cost EUR 10 000, up from the previous cost of EUR 3300.

For virtual currency companies with valid licenses, the deadline for submitting the updated documents is the 15^th of June. The FIU can extend the deadline for the submission of documents up to 150 days. If the service provider does not provide the updates, their license will be revoked.

If you apply for the first time, the proceeding under the new requirements will start from 15. March 2022.

Do you need legal help with your crypto project? Check out our legal services for crypto companies. You can see some of our previous work here.