New Estonian cryptocurrency licensing laws – What you must do to comply

Once an industry that was used to operating with minimal government guidelines, cryptocurrency licensing in Estonia now has complex new laws coming into force. Here, Silva Hunt explores some of the new rules, taking you through the requirements and the penalties if you fail to comply. Don’t worry if anything seems confusing, we offer support to help businesses like yours make sense of everything!

Cryptocurrency, a form of digital currency, is rapidly gaining popularity and recognition as an alternative form of investment within the global financial market. With thousands of versions of cryptocurrencies available, the top cryptocurrencies include Bitcoin, Ethereum and Tether.

Using blockchain technology, cryptocurrencies are currently based on a decentralised system meaning that they are not regulated by any central authority such as a government or bank. This makes cryptocurrencies volatile and opens consumers up to potential risks within the industry.

As one of the first EU countries to offer cryptocurrency licenses to businesses in 2017, Estonia is the European hotspot for the industry, playing home to a large number of crypto companies. However, following the Estonian parliamentary review and amendment of existing laws within the Money Laundering and Terrorist Financing Prevention Act (ALM Act) at the end of February this year, tougher new laws on cryptocurrency licensing came into force on 15 March 2022. These new laws set out new requirements for existing and future virtual asset service providers (VASPs).

Sitting within an existing framework, these laws provide more clarity and reassurance on the safety of the cryptocurrency industry and mitigate any risks relating to money laundering and financing terrorism.

Who will the new cryptocurrency laws affect?

The new laws apply to all financial service providers, but primarily target existing VASPs working in Estonia and future applicants. This includes all decentralised platforms, NFTs and other service providers who fall within this category.

Depending on whether you are an existing VASP or a future cryptocurrency license applicant, we have highlighted below some of the key new requirements crypto companies must fully adopt and implement by 15 June 2022.

I am a business seeking to become a VASP and wish to apply for a new cryptocurrency license in Estonia. What are the new requirements for new VASP license applicants?

The cryptocurrency license is granted by the Estonian Financial Intelligence Unit (FIU). To be eligible for a cryptocurrency license in Estonia, as an applicant you must be aware of the following changes and be compliant with the following new requirements:

  1. The definition of VASP services has now been expanded to include four service options: virtual currency wallet service, virtual currency exchange service, virtual currency transfer service and the issue and trading of virtual currency service.
  1. Meet the new share capital requirements of a VASP: At least EUR 100,000 for a company providing virtual currency wallet, virtual currency exchange and issue services and at least EUR 250,000 for a company providing virtual currency transfer services, both of which must be paid in fiat money only.

  2. When applying for a cryptocurrency license, a newly increased state fee of EUR 10,000 must be paid (the former state fee of EUR 3,300 applies only to applications for crypto-licenses submitted before 15 March 2022).

  3. You will need to present a two-year business plan.
  4. New requirement towards own resources of a VASP that at all times must make up one of the following amounts, whichever is bigger:

    The share capital of the VASP
  5. The amount that is calculated by a specific scheme depending on the services provided* (*View the Money Laundering and Terrorist Financing Prevention Act for more information)
  6. There is also an entire list of new enhanced due diligence requirements concerning virtual currencies transactions, counterparties identification and transactions related to data collection and storage.
  7. Internal AML business processes and IT systems must also be set up under the new Act.

The FIU has published an additional guide for applying for a cryptocurrency license on the FIU website https://www.fiu.ee/en/authorisation-economic-activity/authorisation-economic-activity

Are there any requirements that will only concern e-Residents?

If you are not a resident of Estonia and want to get a crypto-license please keep in mind that you need to have at least one Estonian (a resident) board member and an AML specialist who is an Estonian resident.

What if I already have an existing crypto-license in Estonia?

The same new regulations that apply to new VASP license applicants as outlined above also apply to existing VASPs with an existing cryptocurrency license, and in addition, there are further new regulations that will affect you: 

1. A new restriction has been applied in relation to the transfer of a license. A license for the provision of the virtual currency service is now no longer transferable.

2. An annual audit of the VASP is now mandatory.

3. An internal audit of the VASP led by an independent internal audit service provider is now mandatory. 

4. Requirements for members of the management board, the contact person (AML specialist) and the business location of the VASP have been updated

  1. The member of the management board at the VASP is restricted to serving only two separate VASPs
  2. The contact person at the VASP (appointed in accordance with § 17 of this Act) must not be a contact person at any other VASP
  3. The location of the business and registered office must be in Estonia. In addition to this, requested access to any collected and stored data by the VASP must be provided to Supervision Authorities at any time

We strongly advise you as an existing cryptocurrency license holder to review your level of compliance as soon as possible in accordance with the new regulations and to evaluate if any adjustments are necessary, to ensure that you are fully compliant with the new legal requirements.

Any new requirements must be adopted and implemented with documented proof submitted to the FIU. This provides evidence that the new measures have been implemented and that you are compliant with the new requirements. Remember, in order to retain your existing license, this must be done by 15th June 2022.

What are the penalties if my business does not comply with the new cryptocurrency rules?

If a VASP fails to comply with the new requirements, the director or business owner of the VASP risks having their existing license revoked. They also face a fine of up to 300 fine units (one fine unit equals 4 euros) and a fine of up to EUR 400, 000 for the legal VASP licensee holder.

In general, the new requirements are now more comparable to obtaining an e-money license, but it is important for crypto companies to be aware that the new requirements for cryptocurrency licenses are also both unique and complex.

The new conditions highlighted above are only some of the key requirements that must be adopted and implemented by 15 June 2022 to allow businesses to retain existing cryptocurrency licenses or apply for a new cryptocurrency license. There are further new requirements that crypto companies must fully comply with in addition to these. Refer to the Money Laundering and Terrorist Financing Prevention Act to view the new regulations in full. Additionally, for general knowledge about the license application process look here.

Silva Hunt understands that these new laws and regulations can be challenging to navigate, and we sympathise with the consequences if you do not fully comply.  There is help available to you, however, and we are available to answer your questions. For more information and to find out how we can help you to fully comply with these new laws, get in touch with our team of legal experts by emailing info@silvahunt.ee.