Recently, we wrote about the planned changes in Estonian law concerning cryptocurrency and crowdfunding services. The main focus of the changes is to introduce new requirements for service providers that offer trading on their platforms with cryptocurrency and related financial instruments or offer crowdfunding-related projects, we continue with an update below.
In the next few months, both the Financial Supervision Authority and some key ministries submitted their opinions. Based on these opinions, we can summarize on the caution upon implementing such fundamental changes and a desire to avoid radical changes in regulation.
There is an opinion that the virtual currency service provider’s sector has today brought some large companies to Estonia. It means additional labor taxes for the state, payments on the infrastructure used (offices, etc.), state fees related to e-residency, and other revenues related to companies such as servicing infrastructure (lawyers, bar association, accounting service providers, etc.). Therefore, considered that a possible change in the regulation would require a prior comprehensive impact assessment.
As a result of the latter:
From a practical point of view, the idea of bringing the authorization procedure for virtual currencies under the Financial Supervision Authority has not been supported. At this stage, the correct location for the supervision of virtual currencies is within the FIU. The issue relates mainly to the risk of money laundering and not to financial stability and market transparency. According to the Financial Supervision Authority, the proper supervisory authority for services with virtual currencies is the FIU, while crypto bears, above all and principally, the risks of preventing money laundering and terrorist financing.
The supervision of the Financial Supervision Authority has focused on increasing the stability, integrity and transparency, and functioning of the financial sector. Also, in reducing systemic risks and contributing to the prevention of criminal exploitation of the financial industry, and resolving the financial crisis, i.e., to avoid negative effects on financial stability resulting from the insolvency of credit institutions.
Financial stability is a vital point of the above. In the case of VCs, the central supervisory key and risk to society are most related to the area of prevention of money laundering, fraud, and similar crime.
There is an opinion that Estonia should adopt separate laws for crowdfunding and virtual currencies. Also, it could be wise not to proceed with further regulation of the crowdfunding framework until the relevant EU legislation materializes, except in key risk areas such as money laundering prevention, fraud, and other such criminal activities.
It is also considered that the timeframe for adopting changes does not fully comply with EU legislation and that it is necessary to await the EU Cryptocurrency Markets Regulation for virtual currencies.
Thus, until the harmonization of the legislation in the European Union and the clarification of supervisory models and frames, especially in the sector of virtual currency, it is premature in Estonia to regulate this topic at an intermediate stage. Otherwise, it may happen that the business and supervisory models already designed under the new Estonian law will have to be redesigned again soon due to the imminent implementation of the requirements of the EU.
At the same time, some important proposals were made in terms of harmonizing definitions and approaches.
For example, it is pointed out that the descriptions of the virtual currency service provided may not cover the virtual currency service and the service provider as defined in the FATF definitions, in particular the virtual currency transmitter. In the context of virtual currency, a transfer on behalf of another natural or legal person means a transaction that moves a virtual asset from one virtual asset address or account to another. It is the execution, receipt, and transmission of virtual currency orders on behalf of third parties. However, this does not precisely coincide with the idea of a virtual currency broker or exchange.
It was proposed to supplement the authorization procedure by requiring an action plan to be submitted when applying for authorization, describing, in particular, the services envisaged. There is an intention to oblige the service provider to provide an independent auditor’s assessment of the adequacy of the applicant’s IT arrangements when applying for authorization, as IT is essential for both co-financing and virtual currencies.
When providing a service abroad both through a branch and cross-border, it is vital to keep in mind that even if the Estonian regulator even allows opening a branch abroad. Still, the field is not sufficiently regulated there, and we do not have a legal obligation to inform for various reasons, particularly at the regulatory level.
Regarding the internal control system requirements, it was proposed to formulate an internal audit obligation and introduce a provision that the internal auditor must be independent. It is emphasized that, for example, in the case of co-financing, operations are carried out with clients’ money, so the lines of defense must be in place. It means that three lines of defense should still be provided.
It was proposed to harmonize the fees charged for applying for an activity license and setting its minimum at least too EUR 3 300; ideally, the fee should be increased up to EUR 4 300.
The fee for registering an information document is intended to be linked to the risk taken and should be at least EUR 3 500.
As a measure in the fight against money laundering, it was proposed, as in the case of a payment service provider, to introduce an obligation for a virtual currency service provider to identify the customer for each transaction exceeding EUR 1000.
In addition to the above, it is considered to oblige the virtual currency service provider to transmit the data related to the transaction, including the originator and the payee’s information throughout the transaction chain.
The proposal comes internationally from the FATF recommendations (so-called travel rule). Virtual currencies have a high risk of international sanctions, money laundering, and terrorist financing, precisely because of their anonymity. In the case of transfers of funds, virtual currency service providers should share information about the payer and the payee to fulfill their customer obligation and identify and identify suspicious transactions and persons.
As a compliance service company, RCA monitors developments in the sector and is ready to provide it’s customers with comprehensive information about both current requirements and planned changes. It’s probably going to take a few more months for the legislature to formulate a final version of the need for regulation and it’s contents. In the meantime, companies need to be ready to go along with the changes, modernise their IT systems, and gather the human resources they need.