The Newly Adopted Estonian Money Laundering and Terrorist Financing Prevention Act
On the 15th of March 2022, the newly adopted Estonian Money Laundering and Terrorist Financing Prevention Act enters into force.
The main purpose of the new legislation is to mitigate and lower the risks of money laundering, terrorist financing and the financing of the proliferations of weapons of mass destruction in the field of virtual currencies in Estonia.
These measures are taken to mitigate the risks associated with virtual asset service providers (VASPs) and improve the supervision of VASPs. The changes are also focused on ensuring that VASPs who do not intend to operate in Estonia and those who cannot be supervised in Estonia do not have an Estonian virtual currency license.
The main changes adopted are:
1. The definition of virtual asset services was expanded and the became broader:
- Virtual currency wallet service is a service where encrypted keys of customers are stored, which can be used for the purpose of storing, maintaining, and transferring virtual currencies.
- Virtual currency exchange service is a service where a person exchanges virtual currency for FIAT currency, vice-versa, or virtual currency for another virtual currency.
- Virtual currency transfer service is a service that enables a transaction to be performed at least partially electronically through a virtual currency service provider on the behalf of the originator for the purpose of transferring virtual currency to the recipient’s virtual currency wallet or account, regardless of whether the originator and recipient is the same person or if the same service provider is used by the parties.
- The organization of a public or directed offer or sale or the provision of related financial service on behalf of an issuer related to the issuance of virtual currency.
2. An audit of the annual accounts of the virtual currency service provider shall be mandatory.
3. The supervisory board of the VASP shall appoint an internal auditor to perform the tasks of the internal audit unit. The task of the internal auditor is to check the compliance of the activities of the VASP and its managers and employees with the legislation, the precepts of the Estonian Financial Intelligence Unit, decisions of the management bodies, internal rules, contracts entered into by the VASP and good practice.
4. Increased requirements for the location, place of business, members of the management board and contact person of the virtual currency service provider
- A member of the management board of a virtual currency service provider shall have higher education and at least two years of professional work experience.
- A member of the management board of a virtual currency service provider shall not hold the position of more than two members of the management board of a virtual currency service provider.
- A contact person appointed by a virtual currency service provider pursuant to § 17 of the Act shall not be the contact person or head of a structural unit of another virtual currency service provider.
5. A provider of virtual currency services may not give notice of temporary withdrawal from economic activities.
6. The share capital of a VASP must be at least 100,000€ or 250,000€, depending on the service which the company provides. Upon the establishment of a new company which is aimed to become a VASP, the contribution of the share capital may only be made in cash.
7. The object of inspection of the activity license and the ground for refusal to issue the activity license.
Per the new legislation, the Estonian Financial Intelligence Unit (FIU) has the right to refuse an activity license in the field of virtual currencies if:
- the information submitted by the company shows that its purpose is not to operate in Estonia, or its business has no significant connections with Estonia other than the place of business being in Estonia and the members of the management board located in Estonia.
- the internal rules submitted by the company are not sufficient, proportionate, and unambiguous considering the nature, extent, and degree of complexity of the activities of the applicant or are in conflict with the applicable law.
- the information technology systems and other technological means of the company are not sufficient for the provision of the service.
Entrepreneurs have until the 15th of June 2022 to adapt to the new requirements. However, businesses applying for new licenses must be in full compliance with the new legislation upon submitting their application.
RCA is prepared to give practical consultations and advice on how your business can become compliant with the new AML legislation. If this is of interest to your organization, please reach out to us!