Cryptocurrency regulations in Estonia
Estonia is one of such a few countries in the world that was first to legalize cryptocurrency activity and continues to keep up with the development of technology and alternative payment methods. Since 27.11.2017, a new law was introduced in Estonia, according to which entrepreneurs can apply for a license in two directions: exchange of virtual currency to FIAT/virtual currency and provision of virtual currency wallet services.
The legal field of Estonia allows entrepreneurs to legally provide services related to the exchange of cryptocurrency for fiat funds for their clients both directly in the representation of the company and remotely throughout the world, or via the company’s website.
According to Estonian legislation, virtual currency is a digital value that can be traded, stored and transmitted and that natural and legal persons accept as a means of payment, but which is not a monetary or legal tender of any state. It follows that cryptocurrency and its derivatives, including tokens, fall fully within the definition of virtual value.
The legislation of the Republic of Estonia, this activity imposes on companies that exchange cryptocurrencies for fiat funds, the obligation to comply with measures to combat money laundering and the financing of terrorism (incl. AML/KYC procedures) and the obligation to obtain a state license of a virtual value service provider — a cryptocurrency license (i.e. provider of virtual currency services).
The anti-money laundering regulator in Estonia is Financial Intelligence Unit, FIU
Law on the basis of which a cryptocurrency license is issued in Estonia – https://www.riigiteataja.ee/en/eli/52912202100/consolide
What kind of activity requires crypto license in Estonia
In Estonia, the need to obtain a license arises from companies providing services related to virtual currencies.
The Virtual Currency Service is a service specified in paragraphs 3 10) and 101) of the Law on the Prevention of Money Laundering and Financing of Terrorism (MoneyPTS). The data services are:
- virtual currency wallet service is a service that creates or stores encrypted client keys that can be used to store and transfer virtual currencies;
- virtual currency exchange service is a service in which a client exchanges virtual currency for money or money for virtual currency or one virtual currency for another.
Virtual currency is the value represented in digital form, which can be transferred, stored or sold digitally and accepted as a means of payment by natural or legal persons, but is not a legal tender or financial instrument of any country within the meaning of Directive (EU) 2015/2366 of the European Parliament and the Council on domestic payment services amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EC and Regulation (EC) 1093/2010 and repealing Directive 2007/64/EC (OOP L 337, 23.12.2015, p. 35-127) within the meaning of Article 4 (25) or payment instrument or transaction within the meaning of Article 3 (k) and (l) of this Directive.
In order to legally provide a virtual currency wallet service in Estonia, companies offering such service, which includes the storage of the virtual currency of third parties, must apply for a license in this way, so that the company has the necessary data and control over transactions taking place in clients’ wallets.
Applying for a cryptocurrency license in Estonia
Application for a cryptocurrency license in Estonia is submitted electronically on the State Portal mtr.mkm.ee.
The application for a license must contain the following information:
- The address of the service provider and the signed agreement on the rental of the office in Estonia/agreement confirming the ownership of the office.
- Name and contact details of the person responsible for providing the service to all places where the service is provided in paragraph 1.
- Name, personal code, date of birth, place of birth and address of residence of a member of the governing body and a solicitor of a service provider that is a legal person, if the service provider is not registered in the Estonian Commercial Register.
- Rules of Procedure and Rules of Internal Control prepared in accordance with the PTC ¿ 14 and 15 on Money, and in the case of persons with special obligations listed in ¹ 20 of the International Sanctions Act, Rules of procedure prepared in accordance with the ¹ 23 Law on International Sanctions and the procedure for verifying its observance.
- Name, personal code, if not available, date of birth, place of birth, nationality, address of residence, position and contact details of the contact person designated in accordance with ¹ 17 PTS.
- Name, personal code, if missing then date of birth; place of birth, nationality, address, post and contact details of the person responsible for the implementation of the international financial sanction, designated by the enterprise in accordance with paragraph 20 (3) of the International Sanctions Act.
- If the enterprise, a member of its governing body, the prosecutor, beneficial owner or owner is a foreign national, a service provider registered abroad or, if the enterprise is a foreign service provider, a certificate of criminal record or its equivalent, Issued by a competent judicial authority or administrative authority, or for another intentionally committed criminal offense, not more than three months after the issuance of which notarized or certified in a manner equivalent to it and legalized or certified by a replacement legalization certificate (apostille), unless otherwise provided by an international agreement.
- If the enterprise, a member of its governing body, the prosecutor, the beneficial owner or the self-employed person is a foreign national, copies of identity documents for all countries of nationality and the non-custodial documents referred to in paragraph 8
- For a member of an administrative body and a prosecutor, documents containing the level of education, a full list of positions and, in the case of a member of a management body, obligations, as well as documents that the applicant considers important for the provision, as well as CV with an indication of previous work experience.
- A list of payment accounts opened in the name of the applicant enterprise, with the unique identifier of each payment account and the name of the account holder; All available payment accounts must be submitted with an application for a license to operate in the environment of the Register of Economic Activities, to which must be attached a certificate of credit institution, electronic money institution or payment institution, confirming the existence of a payment account.
- Information on what virtual currency service will be provided.
- The equity of the enterprise at the time of the application in euros and a statement from the bank confirming the presence of these funds.
- Subsidiaries (subject to a cryptocurrency license) if any.
- Data of the auditor/auditing company that will audit the applicant.
- The company’s business plan for the next two years.
- Detailed technical description of the company’s website through which services will be offered.
Requirements for an applicant
In order to obtain a license to operate, an enterprise must comply with the following circumstances of a controlled facility:
- The company, its member of management, prosecutor, beneficiary and owner shall not have a lawful penalty for a crime against the State or for money laundering or other intentional crime.
- The company, its member management body, prosecutor, beneficial owner and owner have a proper business reputation. The body issuing the license assesses the existence of a proper business reputation, taking into account the previous activity of the person and the circumstances connected with it. A proper business reputation is presumed in the absence of circumstances that call it into question.
- The contact person designated by the enterprise in accordance with the ¿ 17 RahaPTS money, meets the requirements established by the law. Only a person with the necessary education, aptitudes, personal qualities and experience and an impeccable reputation for acting as a contact person may be appointed as a contact person.
- If an enterprise has a subsidiary for which it is desirable to use a license for the activity in the name of the enterprise, the subsidiary must also meet the above requirements.
- The legal address, board and place of business of an enterprise applying for a license in the sphere of activity of a virtual currency provider must be in Estonia, or a foreign company operates in Estonia through a branch registered in Estonia. Estimating
- The seat of the Board shall be based, for example, on the residence and citizenship of the members of the Board (the Board member shall be either a resident or an Estonian citizen) and other data confirming the seat of the Board. The place of activity must comply with the requirements of article 29, paragraph 2, of the Law on the General Part of the Civil Code (place of activity of a legal entity – place of its permanent and long-term economic activity or other legally prescribed activity). If it is not possible to provide a virtual currency service on site or if it is not possible to fulfill the RahaPTS requirements, it cannot be a place of activity. In practice, this means that those responsible for compliance with the RahaPTS requirements, work on site, have immediate access to mandatory data, derived from RahaPTS, which the person obliged to collect, store and make available to the supervisory authority, as well as having immediate access to the rules procedure, risk assessment, internal control rules and other possible additional documents, ensure compliance with the requirements of RahaPTS, the obliged person and his or her employees. The location should also allow the Financial Intelligence Unit to exercise the oversight provided for by law, including on-site oversight. Virtual currency service providers are requested to attach to the business register a document certifying the right to use the location and place of business, such as a lease or lease agreement. There is immediate access to mandatory data derived from RahaPTS, which the person is obliged to collect and store and provide to the supervisory authority, as well as regulations, risk assessment, internal control rules and other possible additional documents.
- An enterprise applying for a license in the sphere of activity of a virtual currency provider must have an open payment account in a credit institution, electronic money institution or payment institution, established in Estonia or the Contracting State of the European Economic Area and providing cross-border services or opening a branch office in Estonia. All available payment accounts must be submitted with a license application for activities in the registry of economic activity to which a certificate of credit institution, electronic money institution or payment institution confirming the existence of a payment account must be attached.
What information does FIU pay special attention in the process of obtaining a cryptocurrency license in Estonia
- The origin of the authorized capital of virtual currency service providers.
- Information on the criminal record of the company and persons connected with it, participation in various productions (criminal proceedings, misdemeanour proceedings, administrative proceedings, bankruptcy proceedings, etc.).
- Education and experience of persons, connections with entrepreneurship.
- The Financial Intelligence Unit also has the right to request information from other State bodies under the ¿ 54(11) and ¿ 58(1) Money Laundering Act, as well as from third parties by prescription and in the framework of international exchange of information under the ¿ 63 Money Laundering Act.
Processing of an application for a cryptocurrency license in Estonia
The submitted application shall be processed within 60 days after the provision of all necessary information, which may be extended up to 120 days. The initial response must be received from FIU no later than the third working day after the submission of the application. The decision on obtaining the license and additional issues the representative of the regulator sends in electronic form to email specified at the request. The activity permit is issued electronically and is valid indefinitely. FIU also indicates that if a company changes persons involved in the circumstances of the object of control during the procedure/license change (e.g., a board member, contact person)The company must notify FIU to verify the circumstances of the facility within 60 days. If the Money Laundering Data Bureau is unable to verify these circumstances during this period, the Money Laundering Data Bureau may refuse to issue a license for activities because the person does not correspond to the circumstances of the object of the inspection.
Changes in the structure of the company applying for a cryptocurrency license in Estonia
If the circumstances that have been verified as a prerequisite for obtaining a license change (cf. Requirements for applicants), you must notify FIU at least 30 days prior to the planned change. The other shall be notified as soon as possible, but not later than within 5 working days, any changes that have occurred independently and other information indicated in the activity license application.
If you notify a change in a company that is a member of its management body, to the prosecutor, beneficial owner or owner, the notification shall be accompanied by evidence of the absence of applicable sanctions if the person affected by the change is a foreign national. Other information, referred to in article 70, paragraph 3, of the Law on Money shall also be provided in respect of a member of the management body and the prosecutor.
The cryptocurrency license is denied or revoked if:
- It seems that when you apply for a license, you intentionally provided false information that affected the issuance of the license and in case of failure to submit it should be refused.
- Refusing the economic activity (an enterprise that has not fulfilled the legal obligation to submit an annual report six months after the expiry of this period is also considered to have completely abandoned the economic activity duties). An enterprise that has not submitted the required annual confirmation that it has notified the Money Laundering Reporting Bureau of all changes to the terms of the operating license is also considered to have terminated its business activity.
- Prohibition of the relevant economic activity imposed on the subject by a court decision or arising from the law, except for the prohibition of economic activity applied under the SOA.
- The enterprise repeatedly fails to comply with the supervisory authority’s instructions, and repeated non-compliance is also a failure to comply with two regulations and is assessed in proportion to the entrepreneur’s sphere of activity, the grounds and significance of the issued orders;
- The enterprise did not start activities in the requested sphere of activity within six months from the date of issue of the permit (according to the right to temporary cessation of the business activity of the enterprise, in accordance with the Law 34 (5) MSÜS, This does not suspend the commitment to carry out the activity for a period of six months).
- The enterprise did not carry out economic activity for two years from the moment of issuing the license.
- The requirements for economic activity included in the object of control of the license or additional conditions of the license have been substantially violated (i.e.. The company no longer respects the circumstances of the object of control of the license on the basis of art. 72 of the Law on Money).
- Activities authorized by an activity license cause significant damage or threat to public order, which did not exist or were not known at the time of the issuance of the operating license and which outweigh the entrepreneur’s interest in continuing the activity and which cannot be remedied by changes to the license.
Changes in the Guide of the Estonian Cryptocurrency Regulator (Rahapesu andmebüroo)
On 14 June 2021, Matis Mäeker was appointed head of the Financial Intelligence Unit. Matis Mäeker has been working for the Financial Inspectorate for the last 10 years, since January 2019 as the head of the Supervision Department for the Prevention of Money Laundering and the Financing of Terrorism.
According to Estonian Finance Minister Keit Pentus-Rosimannus, Matis Mäeker has been involved in solving several major international money laundering cases and adds expected competence to the Financial Intelligence Department. He is a leading expert in this field, who is very well versed in business and risk management of participants of the Estonian financial market, as well as has extensive experience in international cooperation to combat money laundering. Looking to the future, a very important task of the new manager is to develop the function of strategic data analysis and risks in the sphere of cryptocurrency», – added Keit Pentus Rosimannus.
«The main task of the Financial Intelligence Unit in the coming years will be to create a function of strategic analysis of money laundering and terrorist financing and to share the results with the competent authorities and the private sector», – said Matis Mäeker, head of the Financial Intelligence Unit. «The ability of strategic analysis gives the state direction to counteract real threats of money laundering and financing of terrorism». According to Matis Mäeker, The Financial Intelligence Unit is also faced with more automated processes and more intelligent solutions for the collection, analysis and transmission of financial intelligence information to investigative agencies. Money-laundering and the financing of terrorism are cross-border phenomena and it is therefore necessary to keep abreast of new trends and methods of detection the crimes. The Financial Intelligence Unit can become a center that trains both the public and private sectors and will help to better coordinate and integrate the fight against money laundering and terrorist financing in Estonia», – noted Mäeker as the third priority when taking up office.
Since 2015, Matis Mäeker is a certified assessor of the Expert Committee on the Prevention of Money Laundering and Financing of Terrorism of the Council of Europe and FATF, the Inter-state Group on Money Laundering, and since January 2020 is a member of the governing body of MONEYVAL. Matis Mäeker is an alternate member of the Anti-Money Laundering Committee of the European Banking Authority and has published several publications on the prevention of money laundering. Matis Mäeker received a master’s degree in law from the University of Tartu.
On 14 May 2021, the Estonian government decided to appoint Matis Mäeker as the new head of the Financial Intelligence Group. The Government based its decision on the results of a public competition conducted by the selection committee of top managers of the Apparatus of the Government. Since 1 January 2021, the Financial Intelligence Unit has been a separate State institution under the Ministry of Finance and its main task is to prevent money laundering and the financing of terrorism in Estonia.
Forthcoming changes in Estonian legislation
The Estonian Government has supported a bill to tighten the requirements for virtual currency service providers to reduce the risks of financial crime. Among other things, in the future an activity license will be issued only to those service providers who plan to work in Estonia, and the data of clients must also be tied to transactions.
“In the field of virtual currencies in recent years the risks have grown rapidly and it has required us to act quickly, said the director of the financial intelligence unit Matis Mäeker. One of the most important changes will be to reduce the anonymity of crypto transactions to ensure transparency and more effective monitoring of the business environment. In the future, the provision of a virtual currency translation or exchange service requires the identification of the user. Personal data must communicate with the transaction in the same way as bank transfers. If the recipient’s purse does not have a service provider or is unable to receive data, real-time transaction monitoring and risk analysis of each transaction should be ensured.
The requirements are similar to those applicable to the movement of money through banks and payment institutions. Virtual currencies are also used mainly for payments or value transfers, i.e. as an exchange currency – for example, for purchase of services. Data collection and sharing significantly reduces the risk of financial crime. Among other things, extending the rules to suppliers virtual currency services were recommended by FATF, the international standard for the prevention of money laundering and terrorist financing.
The current rules have allowed service providers who do not work in Estonia, have no connection with Estonia and whose supervision – for example, the identification of the actual beneficiaries will require unreasonable resources – to apply for an Estonian operating license. However, the risks are transferred to the economic environment of Estonia, endangering law-abiding service providers, whose reputation may be damaged and communication with foreign partners may be difficult.”
According to the project, FIU will be able to refuse to issue a license for virtual currency services in the future if it turns out that the enterprise does not intend to work in Estonia or that its business is not connected with Estonia. The project also provides that the license to operate is non-transferable. Trading opportunities with licensed companies will be limited: in the future, the sale of qualified holding will be prohibited during the first two years of operation. Suppliers are those who create virtual currency service providers on a large scale to sell to third parties. A change is necessary to avoid a situation where, after obtaining a license, the enterprise is resold to a person who does not meet the requirements of the license. In addition, the project will increase capital requirements, which will increase the responsibility of companies and ensure that licensees are active companies. When creating a virtual currency service provider as a new company, the capital contribution should be 125,000 or 350,000 euros, depending on the services provided. To the same extent, licensed operating companies also had to contribute their own funds in the future. The current minimum authorized capital limit is EUR 12,000.
Compliance with capital requirements should be accessible to the average virtual currency service provider, given that the average turnover of the company working in this area is estimated by FIU at 80 million euros per year.
Business organizations and experts, including the Estonian Virtual Currency Association, xChange AS virtual currency service provider, the IO and IT Law Committee of the Estonian Bar Association and the Estonian Chamber of Commerce and Industry, participated in the project development and making proposals.
Changes in Estonian legislation – updated requirements for cryptocurrency companies from 15.03.2022
On 15 March 2022, the amended Money Laundering and Terrorist Financing Prevention Act entered into force in Estonia.
The main purpose of the new legislation is to reduce the risks of money laundering, the financing of terrorism and the financing of the proliferation of weapons of mass destruction in the sphere of virtual currencies.
These measures are taken to reduce the risks associated with Virtual Asset Service Providers (VASP) and to improve the supervision of VASP. The changes are also aimed at ensuring that VASP, which is not affiliated with Estonia, will lose the Estonian virtual currency license.
Main changes adopted:
1) Share capital of the virtual currency service provider The authorized capital of the virtual currency service provider should be:
- At least 100,000 euros if the virtual currency service provider provides a virtual currency exchange service (a service in which a person exchanges virtual currency for money or money for virtual currency or one virtual currency for another).
- At least 250,000 euros if the virtual currency service provider provides a virtual currency translation service (service that allows you to make a transaction at least partially electronically through a virtual currency service provider on behalf of the initiator in order to transfer the virtual currency to a virtual currency wallet or recipient account).
When establishing a company for a virtual currency service provider, the payment of the authorized capital of the company can only be money.
2) Prerequisites for customer identification and verification
The service provider should use technology with a high level of reliability in identifying and verifying identity through information technology tools, which provide the true identity and prevent the alteration or misuse of the transmitted data.
In the identification and verification of identity by means of information technology, the natural person referred to in paragraphs 1 and 2 of Article 31 of the Law on the Prevention of Money Laundering and Financing of Terrorism or the legal representative of the legal entity shall use a document of digital dentification or other electronic identification system with a high level of reliability issued under the Act on Identity Cards is included in the list published in the Official Journal of the European Union in accordance with article 9 of the Regulation (EC) No. 910/2014 of the European Parliament and the Council on Trust Services Required for Electronic Identification and Electronic Transactions, repealing Directive 1999/93/EC (OJ L 257, 28.08.2014, pp. 73-114), and information technology tool with a functioning camera, Microphone and hardware and software required to digitally identify and connect to the Internet of sufficient quality
In identifying and verifying identity, the service provider can use an information technology tool to compare biometric data.
When performing an exchange and transfer transaction, the virtual currency service provider of the originator of the transaction shall establish the identity of each customer in accordance with the provisions of articles 21 and 22 of this Law and shall collect at least the following information concerning the originator of the transaction:
1) In the case of a natural person, name, unique transaction identifier, payment account or virtual currency wallet identifier, name and number of identity document, as well as personal identification code or date of birth, place of birth and address of residence;
When performing a transaction for exchange and transfer of virtual currency, the virtual currency service provider collects unique identification data of the transaction about the recipient of virtual currency or transfer, as well as data of the payment account identifier or virtual currency wallet, if payment account data or virtual currency wallet identifier is used for the transaction.
3) Virtual Currency Provider Business Plan
The business plan of the virtual currency provider is submitted for at least two years.
4) Requirements for the virtual currency provider’s own funds
The Virtual Currency Provider’s own funds should correspond to one of the following sizes at any given time, whichever is larger:
1) Size of the authorized capital
2) The amount of own funds calculated according to the calculation method:
If the virtual currency service provider provides the service specified in paragraphs 101 or 102 of part 3 of this Law, the provider’s own funds of the virtual currency service provider shall be at least equal to the sum of the following parts of the volume:
1) 4 per cent of the volume of transactions made in the provision of the service, which is up to or equal to 5 million euros;
2) 2.5 per cent of the share of transactions made in the provision of services, which is more than 5 million euros, but does not exceed 10 million euros;
3) 1 per cent of the share of transactions carried out in the provision of the service, which is more than EUR 10 million but does not exceed EUR 100 million;
4) 0.5 per cent of the share of transactions carried out in the provision of services, which is more than 100 million euros but does not exceed 250 million euros;
5) 0.25 per cent of the share of transactions made within the service, which is more than 250 million euros.
The share of transactions performed as a service specified in paragraph 6 of this Article, shall be calculated on the basis of one twelfth of the total amount of transactions performed as services specified in paragraphs 101 and 102 of Article 3 of this Law for the previous year. A venture capital provider who has been in operation for less than 12 months in the previous year must split the amount of remittance and exchange transactions made in the previous year by the number of months in force in the previous year to obtain the corresponding figure.
The virtual currency service provider is required to implement measures to ensure that its own funds can be calculated with sufficient accuracy at any time.
The Financial Intelligence Unit may establish a period of time within which the virtual currency service provider must bring its own funds into compliance with the requirements established by this Law and the legal acts issued on its basis.
5) Audit of virtual currency provider
Auditing of the virtual currency service provider’s annual reports is mandatory. The auditor’s data must be specified when applying for a license.
6) Requirements for location, location, board members and contact person of the virtual currency provider
The member of the board of the virtual currency service provider must have higher education and professional experience of at least two years.
A member of the management board of a virtual currency service provider may not hold the position of a member of the management board of more than two virtual currency service providers.
7) State fee for application for crypto-currency license increased from EUR 3,300 to EUR 10,000
Lawyers of our company are always glad to answer all your questions on obtaining a cryptocurrency license in Estonia and also accompany your company throughout the whole licensing process.
At the moment, the main services of our company are legal and compliance solutions for FinTech projects. Our offices are located in Tallinn, Vilnius, and Warsaw. The legal team can assist with legal analysis, project structuring, and legal regulation.