Learning from the FTX fiasco – the importance of regulation

The year 2022 has been rough for Web3. Starting from the Terra Luna crashing to practically zero on May 1 to FTX filing for bankruptcy in November. The latter states the assets and liabilities of the FTX group are in the range of 10 – 50 billion USD. This is comparable in scale to the entire country of Estonia’s yearly government budget of 17 billion EUR going in the air in a couple of weeks.

While the opponents of crypto are celebrating the end of their hated NFT Bored Apes, there are still thousands of operating exchanges responsible for the assets of their clients. Of those, 162 are registered as providers of virtual currency services in Estonia. Now is an excellent time to look at the regulation and ask: 

  1. What is the current regulatory status in Estonia concerning the holding of assets?
  2. Can the same situation still occur in Estonia?  
  3. What is awaiting the Estonian market soon?

Cleansing of Market

Estonia started its journey as a web3 hotspot for start-ups that do not want strict regulation and want quick registration without much hassle. Over the years, Estonia became one of the more strictly regulated jurisdictions. Not yet making virtual currencies officially subject to financial supervision by the Estonian Financial Supervision Authority, Estonia still needs to supervise crypto exchanges to the same extent as banks or investment funds. Nevertheless, the providers of virtual currency services comply with very similar rules for internal organisation and licensing (which we described here). 

In 2020-2021, the Estonian regulatory body for virtual currency service providers, the Financial Intelligence Unit, oversaw over 1500 companies. This number has dropped to just over 160 following the introduction of more strict regulations. The relicensing process is ongoing, and many more companies will likely lose their right to offer services. 

Protection of Client’s Deposits

One of the more disputed changes to Estonian law in 2022 was the requirement to own funds. These assets’ and liquidity rules are similar to credit institutions’ requirements, i.e., banks. The redaction of the law that came into force on the 15th of March states that the own funds of a provider of virtual currency service must, at all times, correspond to one of the following magnitudes, depending on which of these is the larger:

1) the amount of the share capital (EUR 250 000 for all exchange service providers and EUR 100 000 for all others);

2) the number of own funds equal to either (1) at least a quarter of fixed overhead costs or (2) between 4 and 0,25% of the volume of transactions carried out in the framework of the provision of the service.

The fixed overhead method is used for providers of wallet and ICO services. The volume of transactions method is used for the exchange and transfer services.

This means that the balance sheet of a regulated Estonian exchange must at all times have at least EUR 250 000 in own funds. Where the same exchange grows to have a volume of operations over EUR 250 million (where the volume of operations is just a fraction of the actual volume of total operations occurring on an exchange), the volume of own funds would have to exceed EUR 625 000. This is not the number of deposits but the volume of transactions, which is, in most cases, magnitudes higher than the funds actively stored with the service provider.

What are Own Funds?

Another potential risk related to a company’s assets and liabilities is that they might be illiquid. As was the case with FTX, which held over 500 million USD in its own FTT tokens, millions in real Estate, and a billion in loans to its founder Sam Bankman-Fried. The Estonian law specifically states that the own funds must consist of liquid and easily accessible assets, such as

  • capital instruments, provided specific restrictions are met;
  • share premium accounts related to the abovementioned capital instruments
  • retained earnings;
  • accumulated other comprehensive income;
  • other reserves;
  • funds for general banking risk.

At the same time, deductions must be made concerning the assets to exclude:

  • losses for the current financial year;
  • intangible assets;
  • deferred tax assets that rely on future profitability;
  • other liabilities, obligations, etc.

As such, the assets held up in multi-million real estate on a tropical island would not count towards fulfilling the legal obligations.

Internal Controls and Auditing

While the latest Estonian regulation was criticised for high capital requirements; it was criticised even more heavily for the auditing requirements. More specifically, the requirement to hire certified internal and external auditors. Being a small country, the regulated companies needed help finding competent auditors that would be able to fill this position. However, recent efforts by organisations like the Estonian Digital Assets Union have improved the situation. 

By law, the task of the internal auditor is to verify whether the operations of the provider of virtual currency service and its managers comply with the requirements established by legislation, with any compliance notices issued by the Financial Intelligence Unit, with the decisions of the provider’s management bodies, with internal rules, with the agreements concluded by the provider and with best practice. The audit firm (i.e., external auditor) must verify, as of the balance sheet date, compliance by the provider of virtual currency service with the requirements established in respect of its funds and present, by the due date of filing the provider’s annual accounts, the corresponding opinion to the provider and the Financial Intelligence Unit.

Auditors are independent and have a legal and personal obligation to report breaches of rules and requirements to the Financial Intelligence Unit.

MiCA and the Future

It is only possible to make any piece about the regulation of Web3 in Europe by mentioning the Markets in Crypto-Assets Regulation. The upcoming law is set to create uniform rules across the EU for issuing tokens and providing crypto-related services.

One of these requirements is the requirement for own funds, which primarily uses the wording already implemented into Estonian law. MiCA is yet to be adopted, so the numbers are subject to change. Still, an entity already licensed in Estonia would have little trouble adapting to the EU regulation.

Do you need legal help with your crypto project? Check out our legal services for crypto companies. You can see some of our previous work here.

Get the latest about Hedman law firm


Our memberships:
FinanceEstonia, Lexing®,
Estonian Service Industry Association,
Estonian Chamber of Commerce and Industry,
EstVCA, EstBan, FECC,
IBA & IBA European regional Forum