Crypto license in Estonia 2023
New Requirements for Virtual Currency Service Providers
The amendments to the Money Laundering and Terrorist Financing Prevention Act (hereinafter the Act) that entered into force on 15 March 202 significantly increased the capital adequacy requirement for providers of virtual currency services, introduced the obligation to conduct an audit of the annual report and internal audit, and made a number of other changes.
Virtual currency providers that already held a valid activity license were given a deadline until 15 June 2022 to align their operations with the new requirements. This article discusses the most important amendments.
New types of virtual currency services
To the two existing types of virtual currency services – virtual currency wallet services and virtual currency exchange services – two new types of virtual currency services have been added:
- virtual currency transfer service and
- organization of an offer or sale in connection with the emission of a virtual currency.
These two activities are not yet regulated by law. Thus, under the new Act, providers of virtual currency services who were not previously required to hold an activity license are now required to analyse and clarify whether their activities fall under the two added types of virtual currency services.
In virtual currency transfer service, the service provider concludes on behalf of the transaction’s initiator (user) a transaction through which the virtual currency is transferred to the virtual wallet or to the recipient’s account. This includes services that allow the user to make transactions between their wallets or accounts. Such a service is also considered to be the case when several service providers are involved in the provision of the service at the same time and the transaction is carried out by each service provider separately or jointly with several service providers.
In the case of a service related to the issuance of a virtual currency, the service provider acts for or on behalf of the issuer and arranges for a public or directed offer or sale or provides a related financial service. An example of this service is the organization of an ICO (initial coin offering) and the provision of related services, if this is carried out for or on behalf of the issuer of the virtual currency.
Increase in the requirement for the statutory capital of the Estonian company
Capital adequacy requirements will increase significantly in the interest of greater reliability of service providers and better protection of creditors. The unit capital or share capital of the virtual currency service provider that previously was EUR 12,000 must now be at least EUR 100,000 if a wallet service, exchange service or a virtual currency-related public or targeted offer or sale is provided.
Since the role of the service provider in the case of a virtual currency translation service is similar to that of an electronic money institution, the capital adequacy requirement for such a service is the same as the EUR 250,000 requirement for an electronic money institution. In this case, the contribution to the unit or share capital of the provider of the virtual currency service can only be monetary.
Requirements for the own funds of the virtual currency service provider are also added as an innovation. The virtual currency provider’s own funds shall at all times correspond to one of the following, whichever is greater:
- the amount of the unit capital or share capital established in the Money Laundering and Terrorist Financing Prevention Act, or
- the amount of own funds calculated according to the calculation method established in Part 3 or Part 6 of Article 72² of the Act.
The virtual currency service provider’s own funds consist of Tier 1 fixed assets as set out in Articles 26 to 30 of Regulation (EU) No 575/2013 of the European Parliament and of the Council of the EU, together with the deductions provided for in Article 36, and the deductions are not subject to the exemptions related to the threshold set out in Articles 46 and 48 of the Regulation.
Obligation to audit the annual report and internal audit
According to the changes in the law, the audit of the annual report of the virtual currency service provider’s will become mandatory, and it must be carried out by an audit firm, which is appointed for no more than 5 years.
The audit firm verifies, as at the reporting date, that the virtual currency service provider has fulfilled the requirements set for its own funds and provides an opinion to the virtual currency service provider and the Financial Intelligence Unit by the due date of the submission of the report for the economic year of the service provider.
In the future, providers of virtual currency services should develop and implement adequate internal controls that cover all levels of management and operations. To this end, the supervisory board of the service provider or, in the absence of a supervisory board, the management board of the service provider appoints an internal auditor to carry out the tasks of the internal control department, who will verify the compliance of the activities of the service provider, its managers and employees with legal acts, regulations of the Financial Intelligence Unit, decisions of the governing bodies, internal regulations, contracts concluded by the service provider and good tradition.
If the internal auditor becomes aware of information that indicates a violation of the law or harm to the interests of clients, he/she must immediately transmit such information to the heads of the virtual currency service provider and the Financial Intelligence Unit.
More information about the initiator of the transaction
Further, when identifying, the service provider must request at least his phone number and e-mail address as the customer’s contact information. When performing a virtual currency exchange and transfer operation, a requirement similar to the so-called travel rule requirement is applied to payment services. According to this requirement, the following data should be collected about the virtual currency transfer initiator:
- unique transaction identifier
- ID code of the payment account or virtual currency wallet
- personal identification code, name and number of the identity document or date of birth, place of birth and address of residence.
In addition, the service provider must ensure that the data is stored in a way that responds to requests from the Financial Intelligence Unit or law enforcement authorities. Data and documents related to the client must be kept for five years after the end of the business relationship.
Requirements for members of the management board
A member of the management board of a virtual currency service provider may not be a member of the management board of more than two virtual currency service providers at the same time. However, in certain cases, exceptions are possible – if the positions of a board member are in the same concern or commercial partnerships in which the virtual currency service provider has a significant participation. In justified cases, the Financial Intelligence Unit may exceptionally authorize one additional board member position.
It also adds the requirement that a board member must have had at least two years of higher education and professional experience. Areas that should be considered professional include banking and finance, economics, law, accounting, auditing, public administration, financial regulation, information technology, among others. Experience can be gained in both the private and the public sector, and may consist, for example, in supervision or training, ”notes the explanatory note to the bill amending the Money Laundering and Terrorist Financing Prevention Act and other laws.
The new version of the Prevention of Money Laundering and Terrorism Financing Act also supplements the grounds for refusing to issue a licence to operate. An important innovation is that the Financial Intelligence Unit may refuse to issue a licence to operate if sufficient supervision of the applicant is prevented by a substantial link between the entrepreneur and another person, or if it is found that the entrepreneur does not intend to operate in Estonia, that his activities are not related to Estonia or that the origin of his share or share capital is questionable.
Preparation for auditing a virtual currency service provider
Since 2023, all undertakings licensed to provide virtual currency services will be subject to mandatory audit of their financial statements and the adequacy of their own funds.
In order for the company’s management and accountants to successfully complete the audit, it is necessary to prepare the software and to establish the methods for storing and presenting the data in advance, so that the auditor can gather sufficient relevant evidence during the audit, which in turn will give him the opportunity to express an opinion on the financial statements.
There are four specific areas of virtual currency accounting where auditors may have more questions than usual:
- confirmation of balances and transactions in virtual currency;
- confirmation of liabilities in virtual currencies;
- accounting and periodization of sales revenue;
- accounting for revaluation of the cost of virtual currencies.