Cryptocurrencies are one of the most legislatively fragmented markets in Estonia. Because of that, there is no definitive answer, and many service providers need to acquire one or several licenses, while others can operate on an unregulated market entirely.

According to the analysis of the Financial Supervision Authority of Estonia, determining the licensing obligation starts with deciding whether the coin gives its owner an expectation of income or a voting right (similar to the voting right of a shareholder).

There are three main possibilities if the coin does not give any such right:

• the service is aimed at enabling transfer/storage/exchange/etc of virtual currency (e.g Bitcoin). In this case, you would need either a virtual currency wallet service or a virtual currency exchange service license;
• organisation and offering of financial services, if related to ICO’s is regulated as a virtual currency service;
• the coin is issued without any promise of income, voting right, or any other benefit. In that case, it is possible that such an issue would be considered as a donation and would not be regulated;
• the coin gives a right to use/access a certain service. In most cases, this activity would not be regulated and the standard provisions of the Law of Obligations would apply.

In case the coin does give a promise of future income or a voting right, then it is necessary to consider, whether:

• the coin has the qualities of traditional security. If yes, then a sufficiently large public offering (€1 00 000) would bring about an obligation to issue a prospectus;
• the ICO organizer invests the acquired funds under a certain investment policy. In that case, it is possible that the undertaking would be classified as an investment fund with the consequent obligation of appointing a licensed fund manager;
• the ICO organizer uses the acquired funds to issue loans in its name while promising the coin holder returns on interest. Such activity would potentially qualify as activity of a credit institution and necessitates a license from the Financial Supervision Authority.

You (or rather your company) need to apply for a license with the Estonian Financial Intelligence Unit (FIU). The application fee amounts to 10 000 EUR and the procedure can last up to 2 months (in certain cases up to 4 months). During the procedure, any new service providers are required to provide several AML documents and confirmations.

The documents include, but are not limited to:

• ID documents of managers, direct owners, beneficial owners;
• company managers’ CVs with proof of acquired qualifications;
• confirmations on lack of previous criminal record of managers, direct owners, the beneficial owner;
• information on shareholdings in other companies;
• information on internal and external auditors of the company;
• documentation on the internal AML/KYC procedures of the company;
• information on bank/payment accounts belonging to the company;
• business plan of the company;
• document on IT solutions used to comply with the obligations for provision of service.

To be compliant with the requirements of the law the company must be managed from Estonia. Meaning the majority of the management board must reside in Estonia. Managers of the company must have experience in crypto or adjacent fields and have higher education.

In addition to that, it is necessary to have a registered bank account with a credit institution within the EEC. The company must have a share capital of 100 000 – 250 000 euros, depending on the offered service type.

When applying for a license, it is necessary to determine the exact service that you intend on offering.

As per Estonian legislation, there are four types of cryptocurrency services:

• virtual currency wallet service, and
• virtual currency exchange service, and
• virtual currency transfer service, and
• arranging for a public or directed offer or sale or providing a financial service in connection with the issuance of a virtual currency.

The wallet service is defined as “a service in the framework of which keys are generated for customers or customers’ encrypted keys are kept, which can be used for the purpose of keeping, storing and transferring virtual currencies”.

The exchange service has the following definition: “a service with the help of which a person exchanges a virtual currency against a fiat currency or a fiat currency against a virtual currency or a virtual currency against another virtual currency”.

The virtual currency transfer service means a service that allows a transaction to be made at least in part electronically through a virtual currency service provider on behalf of the originator for the purpose of transferring the virtual currency to the recipient’s virtual currency wallet or account, regardless of whether the originator and the recipient are the same person or whether the originator and the recipient use the same service provider.

The last service type concerns the organisation of an ICO as a service to third parties. The international standards issued by FATF (Financial Action Task Force) have clarified that: the sole act of issuing a virtual currency, entirely on its own, is not a covered service under the virtual currency service definition.

However, any persons which conduct the exchange and transfer of the issued virtual currencies as a business for or on behalf of another person would be a covered service, as would the participation in and the provision of financial services related to any ICO associated with the issuance.

The discrete act of creating virtual currency software to issue a virtual currency does not make the creator a virtual currency service provider, unless the creator also performs the covered functions mentioned in the definition as a business for or on behalf of another person.

In the latest round of discussions surrounding a reform of virtual currency regulation, the government made the following statement: Estonian legislation is not able to effectively cover the range of obliged persons in decentralised solutions. The draft does not aim to cover services and technological solutions, nor their creation and development, which are not intended to provide any of the services set out in the RahaPTS.

The amendment must be read in conjunction with the existing criteria for the definition of a service provider:

• the service provider is a person (not a group of persons);
• the provision of the service must take place within the framework of the economic, professional or trade activity of the person.

Any of the virtual currency service providers is considered an obligated entity under the AML (anti-money laundering) regulation of Estonia. This means that such an entity has an obligation of establishing and applying its own rules of procedure.

These rules must comply with a comprehensive set of standards set by the Estonian legislation, which is in turn based on the best EU and international practice.

Some of the examples of such obligations include:

• a requirement to identify the personality of the client through a KYC process;
• a requirement to establish a risk assessment for identifying the acceptable and unacceptable AML/terrorist financing risks;
• a requirement to monitor the new and existing client relationships on the subject of their compliance with the risk assessment and rules of procedure;
• a requirement to appoint a compliance officer, who oversees communication with the authorities on the matters of suspicious activity;
• a requirement to gather and store any relevant information pertaining to the relationship with the client;
• an obligation to update the existing rules with any changes to active legislation.