new regulation rules of the crypto sector in Estonia

Late last year, the Financial Intelligence Unit (FIU) presented a review of digital currency-related services and market participants in Estonia, including risk analysis related to money laundering and illegal operation of digital currencies. The review was prompted by the fact that the rapid growth in digital currencies service providers in recent years has increased the reputational risks associated with the crypto sector in Estonia. 

Estonia was one of the first countries in the EU to provide an opportunity for crypto business to legally operate. In 2016, the Supreme Court ruled that cryptocurrency trading was an economic activity for providing alternative payment instruments and should be subject to anti-money laundering regulation and government oversight. In 2017, the concept of alternative payment instruments was replaced by two groups of providers: digital currency exchange providers and e-wallet service providers. Thus, the first licenses were issued in 2017, four for digital currency exchange providers, and two for e-wallet service providers, followed swiftly by a sharp increase in license applications. In 2018, 612 companies received licenses as digital currency exchange providers, and 525 companies for e-wallet service providers, which subsequently increased to 666 and 638 licenses in 2019. But such a rapid increase has made this sector uncontrollable, leading to reputational risks for Estonia. In this regard, FIU conducted a survey among enterprises that received licenses before June 30, 2019. 

The analysis indicated that the number of applications increased rapidly (more than 1,300 licenses were issued from 2017 to 2019) in Estonia. At the same time, companies with license, haven’t conducted business in Estonia. All activities, board members, beneficiaries, and clients were located abroad. All of that complicated supervision for money laundering and criminal activity.

The survey noted that a wide range of activities (82 activities were mentioned) related to digital currency services were entered in the commercial register. Forty percent of companies indicated that “Provision of other financial services n.e.c. except insurance and pension funds,” “Other business support services n.e.c.”, with 13% of enterprises providing services to non-governmental organizations and 10% delivering programming. While the main activity of licensed companies is digital currency Exchange providers or e-wallet service providers, some offer other services. These include financing, investments, and co-financing, as well as cryptocurrency lending and others.

The analysis indicated that the owners, board members and legal addresses were the same in many cases. For example, 135 digital currency exchange providers in Estonia had the same official address. The survey identified 20 addresses that were the legal addresses of 624 companies, that is, more than half (57%) of the digital currency exchange providers. 

Also, many companies actually had business abroad, not in Estonia, as evidenced by an analysis of websites digital currency services websites (contacts and company representatives were foreign) and data from the commercial register (no turnover and no employees in Estonia). For the most part, companies were identified from Russia, Latvia, and other Eastern European countries. Often these companies were united by the same Estonian service providers, who acted as intermediaries. Less than 5% of the largest digital currency exchange providers had actual businesses and owners in Estonia while 40% of companies indicated in the survey that they had employees in Estonia.  Current accounts also indicated that most of the companies didn’t have any business in Estonia. Almost 40% of companies had a current account in Lithuania, 25% in the UK, and only 10% in Estonia.

Estonia’s reputational risks are also increasing due to electronic residents. According to the Commercial Register, as of February 2020, 36% of e-wallet service providers and 35% of digital currency exchange providers had at least one e-resident as a related party (excluding contact persons). A total of 554 e-residents were associated with digital currency service providers.

The majority of digital currency service provider’s customers were located in other countries. Users from the United States amounted to just over one-tenth of all customers. Venezuela took a little less than one-tenth. Citizens of Vietnam, Russia, Brazil, and Indonesia amounted (separately) to about 5% of all customers. More than 2% of all users were from India, Iran, UK, China, and Japan. Only about 0.15% of all customers were Estonian citizens. Thus, there were many users and owners from countries with higher geographic risk.

Moreover, the total turnover of companies increased rapidly, doubling from 590 million euros in 2018 to 1.2 billion euros in the first half of 2019. Meanwhile, the number of business relationship for the provision of digital currency services grew rapidly, similarly to the turnover of brokerage services. In 2018 it was 280,000, in the first half of 2019, it reached 500,000.

In the first half of 2019, the establishment of a business relationship or the occasional transaction was refused 60,000 times, while due to the suspicion of money laundering, only 584 of all established business relationships were terminated. It is also important to note that 39 companies transacted digital currency without any relationship, allowing 36,000 customers to use the service (which is no longer possible). In addition, companies identified higher-risk customers as one-third of their service users.

The application of KYC varies greatly among companies that responded to the survey. The vast majority of companies stated that they monitored all customers, based on the risk profile of the relationship or, to a lesser extent, the transaction limit. More than half of companies used external providers for KYC. Companies used external providers to comply with KYB (know your business) principles on occasion, but in general, it overlapped with the one used for KYC.

According to the FIU, there are shortcomings in the processing of KYC, both in the identification and monitoring of customers. Research indicated that companies accepted non-compliant documents for identification purposes. Customers were mainly identified remotely, the personal details were often not verified by information technology means  and most companies didn’t require additional documents. Often identification providers required only one identity document (a passport). Also, the client’s risk profile was reappraised only every six months after establishing a business relationship.

The situation will be improved by the stricter identification requirements, which entered into force in March 2020 (amendments to the RahaPTS). Now the third-country nationals, in addition to an identity document, must be verified by information technology means if the customer or his/her representative is not present in Estonia.

In the case of this analysis and the new FATF standards, Riigikogu updated the regulation of digital currencies RahaPTS (at the end of 2019). New rules made stricter the requirements for obtaining a license (for example, companies must be registered or operated through a branch office in Estonia).

In accordance with the FATF guidelines, the requirement of a company’s pure commercial reputation was added in March. Also, Estonia began to regulate the exchange of digital currency for digital currency based on the recommendations of the FATF, unlike most of the EU member states. Equating the crypto industry with standard financial institutions means more strict requirements for digital currency service providers. Now verification of customers with less than 15,000 euros is required in all cases.

In addition, the requirements for verification have been strengthened for citizens of third-country parties. All companies with a license had to update their activities (no later than Jan. 7, 2020) as it is required with the amendments to the law.

The amendments to the law (dated Oct. 3, 2020) quickly brought meaningful results. Firstly, the issue with  companies operating abroad and only formally connecting with Estonia has significantly decreased. From March 2020 forward, the FIU can execute oversight more effectively and quickly respond to non-compliance. As part of the new changes, the FIU reduced the number of company licenses whose activities are not related to Estonia or who did not comply with the regulations.

Based on these updates, the number of issued licenses were decreased:

  1. In 2019, the total number of licenses issued was 1,234. In August 2020, only 353 issued licenses were left.
  2. In 2019, the total number of licenses issued for digital currency exchange providers was 1,210, but in 2020, only 296 licenses were left.
  3. In 2019, the total number of licenses issued for e-wallet service providers was 1,104, with only 261 licenses left in 2020.
  4. In 2020, digital currency service providers (both services combined) received only 55 licenses.

Thus, the attraction of Estonian jurisdiction for digital currency service providers who don’t operate in Estonia has decreased. It ultimately gives a competitive advantage for companies that do operate in Estonia.