BLOG
Crypto regulation in Estonia - state of play
If we were to make a movie about the history of Estonian cryptocurrency regulation, it would definitely be a movie with a promising introduction and an unexpected twist. This is how you can briefly describe the process of creating and evaluating Estonian legal regulations regarding the crypto industry. At the beginning of the screening, the viewer is intrigued by the captivating plot, but due to the unexpected turn of events, the film does not evoke such enthusiastic feelings, and our viewer asks himself whether it is worth staying in the cinema until the end of the screening. Similarly, Estonia, from a strong player on the FinTech market, with an interesting, fresh and innovative approach to crypto-assets with more than 1300 crypto exchanges,[1] is transforming before our eyes into a destination with more stringent legal restrictions, which will certainly have a number of consequences.
If you are interested in our review of events with spoilers, about which we loyally warn, please read the article below.
REGULATORY OVERVIEW (HOW IT STARTED)
The beginnings of the Estonian cryptocurrency regulation date back to 27 November 2017, when this state became one of the first EU member states to enact legislation that regulates and controls cryptocurrencies (Estonia was the first country to implement into the national laws EU Directive 2015/849), effectively making it one of the first jurisdictions in the world to provide a framework that facilitated crypto entrepreneurship and innovation. As a result, Estonia has gained a reputation for being open to innovation, especially in comparison to other EU member-states and was a very popular country among businessmen willing to legalize their business activities.
In 2019 Estonia enacted amendments to its anti-money laundering laws, which define cryptocurrencies as a digitally represented value that can be transferred, preserved or traded digitally and that natural or legal persons accept as a payment instrument, but not any country’s legal currency or funds (bank notes or coins held by banks or electronic money). Mainly from the cited date the Estonian Financial Intelligence Unit (FIU) (supervised by Financial Supervisory Authority) started licensing virtual asset service providers (VASPs) – requirements for obtaining a license were lenient and allowed companies who are not connected to or do not operate in Estonia to be licensed.
Due to the fact that many such entities have been licensed (the fact that most of the companies never began their operation), effective supervision over them has been quite difficult and therefore, in order to reduce the inflow of new license applications in 2020, the existing regulations were amended. FIU created additional regulations for the cryptocurrency license process which included, but was not limited to, paying a licensing fee, registering a headquarters physically located in Estonia, and identifying customers. Following these new regulations the FIU withdrew more than 1,000 active licenses of virtual currency companies.[2] What is important, up until 2020, cryptocurrency exchanges had to obtain two licenses from the Financial Intelligence Unit of Estonia: the Virtual Currency Exchange Service License and the Virtual Currency Wallet Service License. After the changes made the Estonian government merged these two licenses into the single Estonian Cryptocurrency Exchange License. What is more, responsibility for monitoring and supervising the sector moved to the Financial Supervisory Authority. It’s worth mentioning that a new minimum authorized capital requirement of EUR 12,000 was also introduced.
Another change in the Estonian regulatory approach, which caused a lot of controversy was announced a year later. On 21 September the Estonian Ministry of Finance published a draft bill to update the Money Laundering and Terrorist Financing Prevention Act (the AML Act) as part of the government’s effort to prevent money laundering and terrorist financing[3], and on 23 December 2021, Estonian government approved draft legislation that tightens regulation of VASPs). The draft law has now been submitted to Riigikogu, the Estonian parliament, where the bill needs to undergo three readings to become law. It is expected that the law will take full effect in the first half of 2022. What is certain, regulated crypto companies have until March 18, 2022 to adjust their operations and documentation.What does the new regulation provide and what to be prepared for?
A very significant modification is that the new regulations states that only companies who operate in Estonia or are connected to Estonia can apply for a license to operate as a VASP. The new legislation will directly adopt the definitions of virtual asset service providers provided by FATF in its Updated Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Provider. The new definition of a virtual asset service provider includes virtual asset (virtual currency) transfer services and services related to issuing virtual assets. Among others, this includes virtual asset brokerages, order-to-book exchanges and other intermediaries as well as platforms facilitating ICOs – however, not necessarily entities who conduct an ICO. All the different services will be included under the term VASP.’
Prior to the draft legislation, a virtual currency service in Estonia was limited to only crypto exchanges and wallet services. The new regulations will expand the scope of a virtual currency service to encompass all manner of transactions involving virtual assets, including crypto transfers, issuance of virtual currencies or tokens, brokerage services, peer-to-peer services, and DeFi. Resale of licenses will be restricted and capital requirements for VASPs will be increased to ensure that licensed entities will be active and able to fulfil their obligations (i.e. to reduce the economic appeal of keeping VASP license “dormant” for future use or re-sale purposes).
The new regulation builds further on a “travel rule” that requires financial institutions to identify participants in a transaction. The rules will not be applied to customers and individuals, who are still allowed to own a private wallet and to use non-VASPs, as well as VASPs in other jurisdictions, but to VASPs who conduct activities for or on behalf of a natural or legal person as a permanent business. The accounts opened with Estonian VASPs cannot be anonymous and Estonian VASPs should treat anonymous services as higher risk – and apply real time transaction monitoring solutions, to spot and, if necessary, notify suspicious activities to the FIU. Historically, the travel rule has been applied to banks and payment services, but new FATF (the international standards body for AML/CFT) guidance recommends extending it to virtual asset services. This also means that due regard on safeguarding customer data and data protection issues is given. Reducing anonymity does not mean that personal data collected by the service provider will become public or a ban on anonymous crypto transactions. If VASPs breach the requirements, they risk revocation of their license and a fine of up to 300 fine units for a natural person and a fine of up to 400 000 euros for a legal person. As the Estonian government points out, the travel rule was designed to reduce abuse of the financial system for nefarious purposes like money laundering, fraud or other financial crime. The intent behind extending this rule to virtual assets is to reduce this risk.[4]
After such a transformation of regulations, an extremely important question arises: will Estonia ban owning crypto? To answer this question, it should be recalled that the new regulation aims to regulate VASPs to the extent that they perform the same functions as a financial service, while regulating the services provided and not specific technologies. The legislation does not contain any measures to ban customers from owning and trading virtual assets and does not in any way require customers to share their private keys to wallets. The regulation does not affect individuals who own virtual currency through a private wallet not provided by a VASP. Rumors that Estonia would introduce regulations banning the possession of crypto assets are therefore untrue, but it is true that their possession will be subject to stricter legal regulations.
The regulation also introduces drastic changes in license fees and minimum capital requirements. Share capital of a VASP must be a minimum of 125 000 euros for wallet services, exchanges, and ICO and similar platforms; for transfer services, the minimum is 350,000 euros. In addition to the minimum share capital the virtual service providers wishing to obtain a VASP license will have to pay an administration fee of 10,000 EUR. Additionally, a supervision fee will apply starting from April 2022 in the amount of 1% of share capital and 0.035% of all transactions for virtual asset transfer services. Indicated requirements have been increased to ensure that only companies who are active can apply for a license and to discourage registering dormant entities for purposes of resale.
In addition to the existing licensing requirements, under the new regulations, registrants will be required to submit additionally the following documents: financial information on assets, an overview of income, as well as information of beneficial owners and the management board, a business plan for the first two years, a risk assessment, documentation of risk appetite, information outlining the applicant’s financial audit firm, information outlining technological systems to be used for services offered, particularly around security, business continuity and operations and documentation highlighting the number of shareholders, the shares they hold, and how many votes they are entitled to. The new restrictions also impose an obligation for board members to have completed higher education and at least two years of professional work experience. Members of the management board may not hold board positions in more than two Estonian VASPs. Members of the board must also have an impeccable reputation and necessary experience, as determined by the FIU.
The New Regulatory Amendments also introduces new grounds for refusing or withdrawing an authorization. With the amendment, officials have greater freedom to decline license applications or revoke existing VASP licenses held by virtual currency service providers. The EFIU has the right to revoke an activity license, if the service provider have been withdrawn or if the operator does not have sufficient rules and processes to carry out its business activities. In addition, the FIU may reject an application for a license if it questions the legal origin of the applicant’s share capital. Just for the record, prior to the regulatory changes, the FIU would only reject license applications if the operator did not have anti-money laundering procedures, Estonian payment accounts or other operational procedures deemed necessary by the regulatory authority.
CRYPTO FUNDS
In Estonia cryptocurrency funds are funds that invest their money entirely in cryptocurrencies or combine it with investments in other assets. The alternative investment fund (AIF) is one of the most popular collective investment structures in which investors’ crypto assets are acquired for further use and investment in their interests in line with a predetermined investment policy under the guidance of the company that managed the fund. And though there are no specific regulations for crypto funds, the cryptocurrency fund must comply with generally applicable laws – some of them are listed below.
In connection with the above, it is important that the cryptocurrency investment fund consists of the fund manager. Under the Estonian Investment Fund Act, fund managers are defined as any company which manages one or more funds as its main and permanent business activity.
Interestingly, not so long ago, because two years ago, Estonia seemed to be the first country in the EU to feature regulated AIF investing directly in crypto assets and companies managing such assets under AIF, but most of the initiatives we were aware of did not take place. The best example of this is KJA Digital Asset Investments AS – an Estonian public limited company founded in April 2021, which was in the process of regulation in Estonia to become the country’s first Alternative Investment Fund manager (AIFM) and the first AIFM for digital assets to be in Europe but there is currently no information about this fund. Most likely, the failure to launch crypto funds is related to the change in the approach of state authorities performing supervisory functions to trading in this type of assets.
CRYPTO PERSPECTIVE FOR THE FUTURE
A few years ago, Estonia was spoken of in the context of a friendly cryptocurrency legal environment, while now Estonia is again loud but due to the upcoming legal restrictions in this area. According to an official statement from the Estonian legislator, the government has approved legislation to improve oversight of the cryptocurrency sector, which has grown rapidly due to favorable regulations and the business climate. Unofficially, it is reported that the genesis of legislative changes is the recorded increase in the value of cryptocurrencies, preparing China for the release of its own cryptocurrency and most decisive, is the Travel Rule, a set of regulatory requirements from the Financial Action Task Force (FATF), which countries must adopt.[5]
In connection with the upcoming amendments in the legal regulation, many investors locating or planning to locate crypto assets in Estonia will have to face many challenges and dilemmas. The decision to locate crypto assets business in the analyzed jurisdiction will undoubtedly have to be carefully considered, taking into account the far-reaching investment implications. First of all, the investor must consider the real possibilities of meeting all the mandatory legal requirements set by the Estonian government and make an internal balance covering the benefits and risks associated with functioning on the Estonian cryptocurrency market. Taking the above into account Estonia’s regulatory transformation is an excellent example of the fact that functioning in the cryptocurrency industry requires constant vigilance and the need to include regulatory risk in the strategy of business operations.
Regardless of the assessment of legislative changes made, it must be emphasized that Estonia will also be one of the first jurisdictions to fully comply with the technical guidance of FATF, an international standards body for AML / CFT, on virtual assets and virtual asset service providers. In light of this, the level of investment security appears to be even higher, which may be a factor that will continue to attract investors’ attention. Whether and to what extent they will show interest in the Estonian jurisdiction, we will see in the coming months.
[1] https://www.thomsonreuters.com/en-us/posts/wp-content/uploads/sites/20/2021/06/Compendium_Cryptocurrency-Regs_FINAL.pdf
[2] https://fintechmagazine.com/crypto/estonia-strips-1000-crypto-licenses-2020
[3] https://www.fin.ee/en/news/ministry-finance-will-start-regulating-field-crowdfunding-and-crypto-assets
[4] https://www.fin.ee/en/faq-how-will-new-estonian-draft-legislation-affect-virtual-assets-and-crypto#why-are-vasps-not-al
[5] https://www.pymnts.com/cryptocurrency/2022/estonia-crypto-ban-denial-highlights-regulatory-battle-lines/