Estonia, being one of the first EU member states to implement the 4th AML directive – by detailing the regulations related to virtual wallets and virtual currency to fiat currency exchanges.
As a result, between November 2017 to March 2019, the Financial Intelligence Unit (FIU) has issued a total of 1367 crypto-related activity licenses, of which 637 have been granted to provide virtual currency wallet service, and 730 to provide a service of exchanging virtual currency to fiat currency. By today, after a new set of regulations came fully into force, only a third of those licenses remain valid.
Virtual currency definition
As both of these licenses are applied for keeping and transacting with virtual currencies, it should first be assessed whether the crypto asset in question could be considered a „virtual currency“.
A definition given to virtual currency in EU law and subsequently in Estonian law includes the following elements:
(i) a value represented in digital form;
(ii) must be digitally transferable, preservable, or tradable;
(iii) accepted as a payment instrument by natural or legal persons;
(iv) is not the legal tender of any country.
While nearly all the elements can be attributed to most cryptographic assets that are offered on the market today, the acceptance of virtual currencies as a payment instrument by natural or legal persons is likely to be most unclear among entrepreneurs and token buyers alike. The legislator has not defined how many natural or legal persons have to accept the coin or token as a payment instrument.
However, the FIU has noted that by concluding transactions within a service provided by the issuer and paying with the same tokens issued therein, the token will not be construed to be a virtual currency and thereby does not fall under the AML regulations.
Virtual currency to fiat currency exchange license and Virtual wallet activity license
The changes to the legislation unified two formerly separated licenses into one. Yet it retained the difference between the two services and each service provider must choose which of the two, or if both of the services are provided. While it may be clear from the article at hand as to what constitutes a service of exchanging a virtual currency against a fiat currency, the same cannot be said for a virtual currency wallet service.
A virtual currency wallet service means a service in the framework of which keys are generated for customers or customers’ encrypted keys are kept, which can be used for keeping, storing, and transferring virtual currencies. The FIU has stated that keeping the encrypted keys as a service includes that the service provider agrees to be in possession of the keys in exchange for a certain fee, possibly to guarantee their safekeeping.
The possession, in this case, presumes that the service provider retains control over the keys and is enabled to perform certain actions with the virtual wallet (such as making backup copies). Only the wallets that are located within the service provider’s server or cloud storage space can be „kept“ by the service provider.
As such, the virtual wallets that are located on the hard disk drive of a token owner and that are not managed by the service provider after the token sale, can not fall under the AML regulations.
Requirements to apply for virtual wallet and exchange licenses
New legislation expanded the requirements for activity license applicants and active service providers. Today the licensing fee for an activity license is 3300 EUR and the procedure can last up to 60 days (120 days if the FIU decides to extend the term).
Another requirement is the obligation of having a share capital of at least 12 000 EUR (instead of standard 2 500 EUR), which must be paid in its entirety prior to application. Finally, the management of the company must happen in Estonia, so it is no longer possible for the entire management board to reside outside the country.
In addition to the registry information of the Estonian company, and the data relating to the shareholder(s), beneficial owner(s), management board member(s), and appointed compliance officer(s), the applicant is also required to submit the rules of procedure and internal control rules that detail the AML policies of the company that are applied when providing these licensed services.
Moreover, information on bank accounts registered in Europe and in the name of the applicant must be provided. Furthermore, if the persons associated with the company are not Estonian citizens, it is also required to submit a criminal records extract to the FIU stating the absence of criminal offenses.
In most cases the managers, owners, representatives, and ultimate beneficiary owners of the service provider will have to provide the FIU with their ID or passport, CV with proof of acquired qualifications, information on shares in other companies and etc.
Situation in practice
Even though in practice we have seen a number of legitimate ways that these licenses are used, we have also come across a number of entrepreneurs using the wallet and exchange licenses to provide certain financial services that fall outside the boundaries of activities for which the licenses were granted.
For example, service providers enable their customers to transfer crypto and fiat funds from one account (or wallet) to another, while actually a payment institution activity license must be applied for from the Financial Supervision Authority (FSA) of Estonia to provide said service.
Even though the FSA has issued notices to warn consumers that some service providers do not have the license needed to provide the offered services, the large number of crypto-licenses granted to make it difficult to conduct regular supervision over these companies, which may possibly bring about additional regulations in the crypto-sphere in the future.