Estonian FSA MiCA Guidelines

Authorisation to operate in markets in crypto-assets

The Crypto Markets Act (hereinafter CMA) brought the activities of participants in markets in crypto-assets under the supervision of Finansinspektsioon. The Market in Crypto-Assets Act applies to persons who are engaged in the issuance, offer and admission to trading of crypto-assets on the respective platform, and who provide crypto-asset services within the meaning of Regulation (EU) 2023/1114 of the European Parliament and of the Council (hereinafter MiCA).

For the purposes of CMA and MiCA, crypto-assets are divided into

1. asset-referenced tokens (also known as ART);
2. e-money tokens (also known as EMT); and
3. other crypto-assets (also known as CASP).

Asset-referenced token is a type of crypto-asset that is not an e-money token and that purports to maintain a stable value by referencing another value or right or a combination thereof, including one or more official currencies.

E-money token is a type of crypto-asset that purports to maintain a stable value by referencing the value of one official currency.

Other crypto-assets are a type of crypto-asset that is not an asset-referenced token or an e-money token and that does not reference another value or right or a combination thereof and does not maintain a stable value by referencing the value of one official currency.

Application for authorisation to operate in markets in crypto-assets

When applying for authorisation to operate, a distinction must be made between the asset-referenced token and e-money token issuance service and the provision of other crypto-asset services.

Asset-referenced token issuance service

A person may not make an offer to the public, or seek the admission to trading, of an asset-referenced token unless that person is the issuer of that asset-referenced token and is:

• a legal person or other undertaking that is established in the European Union and has been authorised by a responsible supervisory authority in accordance with Article 21 of MiCA; or
• a credit institution that complies with Article 17 of MiCA.

Upon the written consent of the issuer of an asset-referenced token, other persons may also offer to the public, or seek the admission to trading, of that asset-referenced token. Those persons must comply with Articles 27, 29, and 40 of MiCA.

A credit institution that intends to provide an asset-referenced token issuance service submits an application for authorisation to operate in markets in crypto-assets in accordance with Article 17 of MiCA and § 6(2) of the CMA. If a credit institution intends to issue, and seek the admission to trading, of e-money tokens, it must comply with the conditions laid down in Article 48 of MiCA and notify the white paper to Finantsinspektsioon.

A legal entity (hereinafter applicant) who intends to issue asset-referenced tokens must submit a written application to Finantsinspektsioon in order to apply for authorisation. The application must be submitted on the basis of the EBA’s RTS for application for authorisation. The application must be submitted in Estonian. If the applicant intends to submit documents pertaining to the application in English, it must be clearly stated in the application.

Information and documents required in Article 18(1) of MiCA must be attached to the application, the content of which is specified in the EBA’s RTS:

1. the address of the applicant issuer;
2. the registry code of the legal entity being the applicant issuer;
3. the articles of association of the applicant issuer;
4. a programme of operations, setting out the business model that the applicant issuer intends to follow;
5. a legal opinion that the asset-referenced token does not qualify as either of the following:
   1. a crypto-asset excluded from the scope of this Regulation pursuant to Article 2(4) of MiCA; or
   2. an e-money token;
6. a detailed description of the applicant issuer’s governance arrangements as referred to in Article 34(1) of MiCA;
7. where cooperation arrangements with specific crypto-asset service providers exist, a description of their internal control mechanisms and procedures to ensure compliance with the obligations in relation to the prevention of money laundering and terrorist financing under Directive (EU) 2015/849;
8. the identity of the members of the management body of the applicant issuer;
9. proof that the members of the management body of the applicant issuer are of sufficiently good repute and possess the appropriate knowledge, skills and experience to manage the applicant issuer;
10. proof that any shareholder or member, whether direct or indirect, that has a qualifying holding in the applicant issuer is of sufficiently good repute;
11. a crypto-asset white paper as referred to in Article 19 of MiCA;
12. the policies and procedures referred to in the first subparagraph of Article 34(5) of MiCA;
13. a description of the contractual arrangements with the third-party entities as referred to in the second subparagraph of Article 34(5) of MiCA;
14. a description of the applicant issuer’s business continuity policy referred to in Article 34(9) of MiCA;
15. a description of the internal control mechanisms and risk management procedures referred to in Article 34(10) of MiCA;
16. a description of the systems and procedures in place to safeguard the availability, authenticity, integrity and confidentiality of data as referred to in Article 34(11) of MiCA;
17. a description of the applicant issuer’s complaints-handling procedures as referred to in Article 31 of MiCA;
18. where applicable, a list of host Member States where the applicant issuer intends to offer the asset-referenced token to the public or intends to seek admission to trading of the asset-referenced token.

The details of managers must be provided to Finantsinspektsioon via the fit and proper assessment form.

In addition to the above, Finantsinspektsioon’s guidelines , which can be found on the website of Finantsinspektsioon, must be taken into account when preparing the materials required for applying for authorisation and in subsequent activities.

Finantsinspektsioon may demand additional information and documents if it is not convinced on the basis of the submitted information and documents as to whether the applicant for authorisation has adequate facilities for the provision of crypto-asset services or whether it meets the requirements of legal requirements, or if other circumstances relating to the applicant need to be verified.

Finantsinspektsioon will assess whether the application for authorisation for an asset-referenced token is complete within 25 working days from receiving the application for authorisation. Finantsinspektsioon informs the applicant whether the application is complete or incomplete. If Finantsinspektsioon has come to the conclusion that the application for authorisation is complete, Finantsinspektsioon will assess within 60 working days whether the applicant issuer meets the requirements established for the issuer of an asset-referenced token. If any additional questions arise, the time limit for the above procedure may be paused for up to 20 working days.

E-money token issuance service

A person may make an offer to the public, or seek the admission to trading, of an e-money token if that person is the issuer of such e-money token and:

• a credit institution or e-money institution; and
• has notified the white paper to Finantsinspektsioon and has published the white paper in accordance with Article 51 of MiCA.

Upon the written consent of the issuer, other persons may offer to the public, and seek the admission to trading, of the e-money token. Those persons must comply with Articles 50 and 53 of MiCA.

An e-money institution that intends to operate as a crypto-asset service provider must comply with the conditions for the provision of crypto-asset services as laid down in Article 60 of MiCA and in § 6(3) of CMA and must provide Finantsinspektsioon with proper and complete information.

By its decision, Finantsinspektsioon confirms the right of a credit institution and e-money institution to offer, and seek the admission to trading, of an e-money token issued by them if the credit institution or e-money institution complies with the conditions provided in Article 48 of Regulation (EU) 2023/1114 of the European Parliament and of the Council and has notified the white paper to Finantsinspektsioon.

Other crypto-asset services

An applicant that intends to operate as a crypto-asset service provider must comply with the conditions for the provision of crypto-asset services as laid down in Article 62 of MiCA and in § 6(1) of the CMA and must provide Finantsinspektsioon with proper and complete information.

In order to provide other crypto-asset services, the applicant submits an application for authorisation on the form of Annex VI to the ESMA’s RTS.

An application for authorisation must be accompanied by the information and documents required in Article 62(2) of MiCA, the content of which is specified in Annex V to the ESMA’s RTS:

1. the name, including the legal name and any other commercial name used, the legal entity identifier of the applicant crypto-asset service provider, the website operated by that provider, a contact email address, a contact telephone number and its physical address;
2. the articles of association of the applicant crypto-asset service provider;
3. a programme of operations, setting out the types of crypto-asset services that the applicant crypto-asset service provider intends to provide, including where and how those services are to be marketed;
4. proof that the applicant crypto-asset service provider meets the requirements for prudential safeguards set out in Article 67 of MiCA;
5. a description of the applicant crypto-asset service provider’s governance arrangements;
6. proof that members of the management body of the applicant crypto-asset service provider are of sufficiently good repute and possess the appropriate knowledge, skills and experience to manage that provider;
7. the identity of any shareholders and members, whether direct or indirect, that have qualifying holdings in the applicant crypto-asset service provider and the amounts of those holdings, as well as proof that those persons are of sufficiently good repute;
8. a description of the applicant crypto-asset service provider’s internal control mechanisms, policies and procedures to identify, assess and manage risks, including money laundering and terrorist financing risks, and business continuity plan;
9. the technical documentation of the ICT systems and security arrangements, and a description thereof in non-technical language;
10. a description of the procedure for the segregation of clients’ crypto-assets and funds;
11. a description of the applicant crypto-asset service provider’s complaints-handling procedures;
12. where the applicant crypto-asset service provider intends to provide custody and administration of crypto-assets on behalf of clients, a description of the custody and administration policy;
13. where the applicant crypto-asset service provider intends to operate a trading platform for crypto-assets, a description of the operating rules of the trading platform and of the procedure and system to detect market abuse;
14. where the applicant crypto-asset service provider intends to exchange crypto-assets for funds or other crypto-assets, a description of the commercial policy, which is non-discriminatory, governing the relationship with clients as well as a description of the methodology for determining the price of the crypto-assets that the applicant crypto-asset service provider proposes to exchange for funds or other crypto-assets;
15. where the applicant crypto-asset service provider intends to execute orders for crypto-assets on behalf of clients, a description of the execution policy;
16. where the applicant crypto-asset service provider intends to provide advice on crypto-assets or portfolio management of crypto-assets, proof that the natural persons giving advice on behalf of the applicant crypto-asset service provider or managing portfolios on behalf of the applicant crypto-asset service provider have the necessary knowledge and expertise to fulfil their obligations;
17. where the applicant crypto-asset service provider intends to provide transfer services for crypto-assets on behalf of clients, information on the manner in which such transfer services will be provided;
18. the type of crypto-asset to which the crypto-asset service relates.

The details of managers must be provided to Finantsinspektsioon via the fit and proper assessment form.

In addition to the above, Finantsinspektsioon’s guidelines, which can be found on the website of Finantsinspektsioon, must be taken into account when preparing the materials required for applying for authorisation and in subsequent activities.

A person offering, or seeking the admission to trading, of other crypto-assets has the right to operate as a participant in markets in crypto-assets if the conditions laid down in Articles 4(1) and 5(1) of MiCA are met.

The application must be submitted in Estonian. If the applicant intends to submit documents in English, it must be clearly stated in the application.

Finantsinspektsioon may demand additional information and documents if it is not convinced on the basis of the submitted information and documents as to whether the applicant for authorisation has adequate facilities for the provision of crypto-asset services or whether it meets the requirements of legislation, or if other circumstances relating to the applicant need to be verified.

Finantsinspektsioon will assess whether the application for authorisation for other crypto-asset services is complete within 25 working days. Finantsinspektsioon informs the applicant of whether the application is complete or incomplete. If Finantsinspektsioon has come to the conclusion that the application for authorisation is complete, Finantsinspektsioon will assess within 40 working days whether the applicant crypto-asset service provider meets the requirements of MiCA and CMA. The aforementioned time limit may be paused for up to 20 working days. The applicant will be informed about it within five working days after making the decision.

Processing fee

The processing fee payable when applying for authorisation of a crypto-asset service provider, issuer of an asset-referenced token or e-money institution is 3,000 euros.

Cross-border provision of crypto-asset services

If a crypto-asset service provider intends to provide crypto-asset services in more than one Member State, the following information to the competent authority of the home Member State must be submitted:

1. a list of the Member States in which the crypto-asset service provider intends to provide crypto-asset services;
2. the crypto-asset services that the crypto-asset service provider intends to provide on a cross-border basis;
3. the starting date of the intended provision of the crypto-asset services;
4. a list of all other activities provided by the crypto-asset service provider not covered by MiCA.

A crypto-asset service provider may begin to provide services in the Member States set out in the notification from the day when the competent authority of that State has received the notification of Finantsinspektsioon or at the latest after 15 calendar days have passed from the submission of the information to Finantsinspektsioon. No processing fee is to be paid upon notification of cross-border provision of services.

Estonian FIU annual report

Obtaining a VAT number in Estonia

The number of the Value Added Tax payer or VAT nr. is assigned to the entrepreneur on the basis of an application submitted to the Tax and Customs Board. The obligation to register as a VAT payer arises when the VAT taxable turnover of the company exceeds 40,000 euros in one business year. If the taxable turnover has not yet surpassed the previously defined threshold, but the company has directly commenced commercial activities and obtaining a VAT number is a reasonable step, considering the specifics of the business model and the expected business flows of the project, the entrepreneur has the right to register as liable for turnover tax on a voluntary basis.

#eresidency #estonia #opencompanyinestonia

🔴 Estonia is going to promote its e-Residency Program abroad

The Enterprise and Innovation Foundation (EISA) of Estonia is going to widely introduce Estonian e-residency program to Spain, Germany and UK.

Through e-residency, citizens of other countries can use Estonian public and private sector services, and in order to introduce this opportunity to the world, EISA has an e-residency program.

Advantages of E-Residency for Business:
✅ Efficient Company Formation: Establish your company in Estonia swiftly, completing the entire process in just 30 minutes.
✅ Seamless Documentation: Submit petitions and statements to the Commercial Register effortlessly through a user-friendly online platform.
✅ Tax Efficiency at Your Fingertips: Access the e-Tax department to seamlessly submit declarations, optimizing your tax management strategy for heightened financial efficiency.
✅ Global Accessibility: Sign contracts and oversee all facets of your company securely from any location with an internet connection, whether it be Riga, Rio de Janeiro, or beyond.y area with an internet connection.
✅ Regulatory Clarity with Activity Licenses: Gain direct access to the Registry of Activity Licenses, ensuring a clear understanding of regulatory requirements and compliance for your business operations.
✅ Timely Reporting: Streamline your reporting obligations by easily submitting annual reports through the business register, ensuring your company stays on track with regulatory timelines and commitments.
✅ Cost-Effective Administration: Enjoy the benefits of a cost-effective business administration model, optimizing your financial resources for enhanced profitability and growth.

Elevate your business operations with the unparalleled advantages of e-residency, positioning your company for global success and sustainable growth.

The first joint report of FIU and Eesti Pank must be submitted in April

Kind reminder for Estonian-based #cryptocompanies. The first joint report of FIU and Eesti Pank must be submitted in April.

The report shall be submitted within 20 days after the end of the reporting period. Reporting period is one quarter.

The reports of #CASPs are integrated reports, with which the collected data is used by FIU for the performance of its supervisory tasks and by Eesti Pank for national statistics.

e-Residency Program abroad

#eresidency #estonia #opencompanyinestonia

🔴 Estonia is going to promote its e-Residency Program abroad

The Enterprise and Innovation Foundation (EISA) of Estonia is going to widely introduce Estonian e-residency program to Spain, Germany and UK.

Through e-residency, citizens of other countries can use Estonian public and private sector services, and in order to introduce this opportunity to the world, EISA has an e-residency program.

Advantages of E-Residency for Business:
✅ Efficient Company Formation: Establish your company in Estonia swiftly, completing the entire process in just 30 minutes.
✅ Seamless Documentation: Submit petitions and statements to the Commercial Register effortlessly through a user-friendly online platform.
✅ Tax Efficiency at Your Fingertips: Access the e-Tax department to seamlessly submit declarations, optimizing your tax management strategy for heightened financial efficiency.
✅ Global Accessibility: Sign contracts and oversee all facets of your company securely from any location with an internet connection, whether it be Riga, Rio de Janeiro, or beyond.y area with an internet connection.
✅ Regulatory Clarity with Activity Licenses: Gain direct access to the Registry of Activity Licenses, ensuring a clear understanding of regulatory requirements and compliance for your business operations.
✅ Timely Reporting: Streamline your reporting obligations by easily submitting annual reports through the business register, ensuring your company stays on track with regulatory timelines and commitments.
✅ Cost-Effective Administration: Enjoy the benefits of a cost-effective business administration model, optimizing your financial resources for enhanced profitability and growth.

Elevate your business operations with the unparalleled advantages of e-residency, positioning your company for global success and sustainable growth.

ESMA is preparing the implementation of the Markets in Crypto-Assets Regulation

ESMA is preparing the implementation of the Markets in Crypto-Assets Regulation. #MiCA is a crucial regulatory step, but it does not address all the risks associated with cryptos – hence it is not a safe haven for investors 🙉. Based on our experience with two rounds of consultations launched and one yet to come, a constructive dialogue with the industry, and a fruitful exchange with decision makers, we put together a few important reminders 

🗓️ Timeline buzz: While MiCA has been adopted by legislators, there is still a long way before it fully enters into application – July 2026.

⚠️ Transitional period: The period before full application might create confusion for investors regarding applicable rules and increase the risk of regulatory arbitrage.

🧿 National eye: Competent authorities will set in place authorisation procedures, communication lines with industry, effective coordination with other EU NCAs.

🔊 Industry take: Get ready-set-go for adapting business practices and applying the MiCA rules as early as possible.

Company in Croatia EU

Setting up a company in Croatia can offer several advantages, making it an attractive location for business establishment:

1. Strategic Location: Croatia's geographical location provides access to both Central and Southeast Europe, serving as a bridge between Western Europe and the Balkans. This can be advantageous for companies aiming to access markets in these regions.

2. EU Membership: Croatia is a member of the European Union (EU) since 2013. This membership provides businesses with access to EU markets, funding, and various support programs aimed at fostering economic growth and development.

3. Business Incentives: The Croatian government offers various incentives to attract foreign investments, such as subsidies, grants, tax breaks, and other financial benefits to stimulate economic activities and job creation.

4. Skilled Workforce: Croatia has a relatively well-educated and skilled workforce, particularly in sectors such as tourism, IT, engineering, and manufacturing. The availability of skilled labor can be beneficial for companies seeking specific expertise.

5. Tourism Potential: Croatia's beautiful coastline, historic cities, and natural landscapes attract millions of tourists annually. For businesses in the hospitality, travel, and leisure industries, this presents opportunities for growth and expansion.

6. Infrastructure Development: Croatia has been investing in improving its infrastructure, including transportation networks, ports, and energy systems. This ongoing development can benefit businesses by providing better logistical support and connectivity.

7. Quality of Life: Croatia offers a high quality of life with a Mediterranean climate, beautiful scenery, and a relatively low cost of living compared to some other European countries. This can be appealing for expatriates and employees relocating for work.

8. Stable Political Environment: Croatia has a stable political environment, which is crucial for business stability and growth. Being a part of the EU further ensures adherence to EU regulations and standards, offering a predictable business environment.

9. Ease of Doing Business: Efforts have been made to simplify administrative procedures and improve the ease of doing business in Croatia. The government has implemented measures to streamline processes, reducing bureaucracy for entrepreneurs.

10. Investment Opportunities: There are various sectors with untapped potential for investment in Croatia, such as renewable energy, technology, agriculture, and infrastructure, providing opportunities for innovative businesses.

Before setting up a company in Croatia, it's essential to conduct thorough research, consider the specific industry, understand local regulations, and consult with legal and financial advisors to ensure a smooth and successful establishment of your business.

CASP & Internal control

#CASP #InternalControl

#InternalControl refers to the measures and processes put in place by #cryptoserviceproviders (#CASP ) to ensure the security, integrity, and reliability of their #cryptocurrency operations. It involves the implementation of policies, procedures, and technologies to safeguard digital assets, prevent fraud, and mitigate risks associated with #cryptocurrencies.

Even if the risks were assessed correctly, but the #InternalControl is not in place, understanding the risks without taking appropriate measures and without control over them, will not guarantee that #CASP activity is compliant with laws and regulations.

Nowadays finding a balance between keeping costs low due to economic downturn and being compliant with laws and regulations is a challenge.

One of the most important thing here is to choose the right and cost-effective methods for the smooth operation of #InternalControl. For instance, even when you have top service providers there is no confidence that the processes are being monitored in right way (for example, one person is responsible for initiating transactions and approving them).

Overall, #InternalControl is essential for #CASPs to protect their digital assets, maintain the trust of their stakeholders, and ensure the smooth and secure operation of their cryptocurrency activities.

Some key components of #InternalControl in #CASP include:

1. Segregation of duties, which includes preventing any single person from having complete control over the entire process. For example, the person responsible for initiating transactions should be different from the person responsible for approving them.

2. Access controls, which includes establishing strict controls over access permissions to #cryptocurrencyWallets, private keys, and other sensitive information.

3. #TransactionMonitoring monitoring, which includes having systems in place to monitor and track transactions.

4. Security measures, which includes implementing robust security measures to protect #cryptocurrency holdings from external threats, such as using secure wallets and storage solutions, encrypting sensitive data, regularly updating software and firmware, and conducting vulnerability assessments and penetration testing.

5. Training and awareness. It is crucial to provide training and awareness programs to employees about the risks and best practices associated with #cryptocurrencies. Employees who have the proper skills and are trained on an ongoing basis are best investment to the future of every #CASP.

6. #Compliance with regulations, which includes ensuring that #CASPs #crypto operations comply with relevant laws and regulations, such as #AML and #KYC requirements.

Finitive Technologies OÜ new activity licence

Applying procedure has changed for small fund managers

Crypto Licence in Lithuania

Registering a company and obtaining a cryptocurrency license in Lithuania will provide you with the opportunity to offer services for the exchange of cryptocurrencies and the storage of crypto assets in the legal field of the EU, as well as on the territory of other states without violating the law.

500+ of our clients have already successfully obtained licenses to work with crypto-assets in Lithuania with our help and are actively developing their projects in countries of the European Union.

Lithuanian crypto license will undoubtedly become an effective tool for your business, as a company operating in the field of cryptocurrencies is required to have a license.

New requirements for the VASP license application in Estonia

New requirements for the VASP license application

In order to apply for the VASP license in Estonia, the applicant must:

a)       have a sound internal compliance and risk management framework in place, including AML regulations, risk management policies, business continuity plan, etc.;

b)      have no prior convictions regarding economic activities and have a good business reputation (be “fit and proper”), this includes both, the management of the company and the investors;

c)       have a share capital of EUR 250,000 to offer virtual currency transfer service or otherwise share capital of EUR 100,000 for other VASP services. Source of funding must be thoroughly disclosed as well;

d)      draw up the business plan and financial projections for at least two subsequent years;

e)      depending the services to be offered, have enough capital for the “own funds” buffer, calculated either based on fixed cost or transaction volume, depending on offered services;

f)        have substantial local substance – Estonian local managers, AML officer, employees, office, etc.;

g)       have a sound IT system framework & a plan to provide services.

To sum up, applicants are expected to create a functioning business unit in Estonia that is also governed from Estonia. Many of the requirements above are not surprising to those, who have already worked in the financial sector as new requirements mimic the existing financial service provider’s requirements to a great extent.

New requirements for the existing VASPs

All the organisational requirements applicable for new VASP applications shall also be enforced for the existing VASPs. VASPs must review their internal setup to see if they need to improve or adjust internal controls, risk assessments, management board’s composition, etc. While there are many tiny details included in the new AML Act, we strongly advise to keep in mind at least the following:

a)       Make sure that you have identified the VASP services you provide under the amended AML act. It is very important to establish how much the share capital should be increased and what the specific own funds’ requirements are. For example, the virtual currency transfer service makes it obligatory to have a share capital of EUR 250,000 and enough own funds based on the percentage of transaction volume. While it is obvious that this transfer service shall be applied to various crypto payment services, it should be noted that transfer means any kind of transfer between two wallets. Hence, if the crypto exchange offers account withdrawals off-exchange in cryptocurrencies, this transaction is also a transfer service because the movement of funds is from wallet A to wallet B.

b)      Auditing is mandatory. An important caveat is that for the companies, the fiscal year of which begins earlier than 10.03.2022, the auditing obligation shall be applied from 2023 onward. If the company’s fiscal year starts after 10.03.2022, the auditing obligation is applied right away.

c)       An internal auditing is mandatory. VASPs must hire/outsource an internal audit service provider. Internal auditor is someone, who regularly reviews the effectiveness of a company’s internal controls and regulations. In practice, this means that VASPs must use the “three lines of defence” internal control system, required from other financial service providers as well.

d)      MLROs/AML Officers are tied to two companies. The newly amended law stipulates that MLROs/AML Officers can only serve two separate companies. The Financial Intelligence Unit (“FIU”) can allow persons to be a member of the management board for one additional company, but this is an exception that the FIU is not forced to provide. Currently, most MLROs/AML Officers serve on multiple management boards simultaneously. If the company’s MLRO/AML Officer is also serving on multiple boards, it is wise to have a discussion if the person shall remain with the current company or if a new MLRO/AML Officer must be hired.

e)      Making changes is more expensive. Every change regarding the composition of the management board, shareholders, etc., shall cost EUR 4,000. Therefore, it is advisable to make the changes rarely and together in bulk, if necessary.

f)        Higher F&P requirements for the management board members. All members of the management board must have at least higher education and have professional work experience for at least 2 years.

g)       Transaction monitoring. Upon any exchange or transaction activity, transaction ID and information regarding both, the originator and recipient must be saved and stored. If possible, such information must be shared with the recipient service provider. This is a simplified version of the FATF (Financial Action Task Force) “Travel Rule”. If it is not possible to share information with the recipient’s service provider, the VASP must simply store transaction data and monitor all the transactions live to stop any suspicious transactions from occurring.

Most of those requirements are applicable from 15.06.2022. However, the requirement regarding transaction monitoring shall be applicable from 15.03.2022. Therefore, it is important that existing VASPs start working on upgrading the level of compliance as soon as possible. Before 15.06.2022, VASPs must provide the FIU proof that new measures have been implemented and VASPs are compliant with the new requirements..

What happens when you don’t comply with AML/KYC regulations?

The financial and criminal dynamics across the world are also changing. Financial crime is becoming more sophisticated and hard to detect. In the wake of the increasing cases of laundering and scams; businesses and financial institutions are adopting a risk-based approach to avoid losses from fraud and penalties. Organisations are using KYC and AML compliance to check financial crimes before they happen. Firms are also scrutinising risk exposure to PEPs and sanctioned governments. The fear of being penalised is a strong motivating factor to maintain ongoing, robust compliance systems.

Why Is AML Compliance So Important?

Anti-money laundering penalties and fines continue to rise in 2021. Money laundering, terrorist financing, corruption, fraud, bribery, and other financial crimes have many negative consequences. With the improvement of technology, Access to financial instruments becomes easier. It has created various opportunities for criminals. When we look at the AML penalties in recent years, we can see an increase in the total penalty amount. While the AML penalties given in 2018 were approximately $ 4 billion, the AML penalties given in 2019 increased by two times to roughly $ 8 billion.

Prevent and avoid risks with ComplyWise

Frequently Asked Questions about AML

AML stands for Anti-Money Laundering, and is a set of measures for combating the laundering of money and other financial crimes.

Who is an AML officer?

An AML officer is a person, who is responsible for the company’s compliance with the requirements for preventing money laundering.

Key elements of KYC & AML policy

The elements include the detection of suspicious activity, risk assessment, internal practices, AML training and independent audits.

What are AML requirements?

The primary AML requirement is to adopt measures in order to keep money laundering out of a company’s business.

FATF Travel Rule: What You Need To Know

Second 12-Month Review of the Revised FATF Standards on Virtual Assets and Virtual Asset Service Providers

On July 5, 2021, the Financial Action Task Force (FATF) completed its second 12-month review of the implementation of its revised Standards on virtual assets and virtual asset service providers. This review looks at how jurisdictions and the private sector have implemented the revised Standards since the FATF’s first 12-month review.

The FATF’s first 12-month review report found that, overall, both the public and private sectors had made progress in implementing the revised FATF Standards, however, substantial work remained for the revised FATF Standards to be effectively implemented globally. As such, this second 12-month review focuses on the continued implementation of the FATF Standards.

While the second 12-month review reveals progress has been made in the implementation of the Revised FATF Standards, after two years many jurisdictions still do not have the basic regulatory framework for VASPs. The FATF covers more than 200 countries and jurisdictions, however, less than half (45%) of the 128 reporting jurisdictions reported that they have passed the necessary laws/regulations to permit or prohibit VASPs.

The number of jurisdictions whose AML/CFT regime for VASPs is actually operational is even lower. Most jurisdictions and most VASPs are not complying with the travel rule with only 10 jurisdictions reporting that they have implemented and are enforcing Travel Rule requirements for VASPs.

It is assumed that the majority of jurisdictions that did not provide a response to the FATF in this report have made even less progress in the implementation of the Revised FATF Standards.

FATF Travel Rule Takes Center Stage

The Travel Rule is the most focused on issue in terms of VASPs’ compliance with the revised FATF Standards. Yet only 10 jurisdictions reported that they are actively enforcing Travel Rule requirements for VASPs. An additional 14 jurisdictions reported that they have introduced Travel Rule regulations but were not yet enforced the requirements. No jurisdictions reported being aware of any VASP that fully complied with all elements of the Travel Rule.

There are various technologies and tools available that enable VASPs to comply with the Travel Rule, yet compliance with the Travel Rule continues to be reported as challenging due to “the lack of one unified technology to support it,” according to the FATF report.

Since FATF’s first 12-Month Review, there has been significant progress in Travel Rule technology development. Several standards and protocols—such as the Travel Rule Information Sharing Architecture (TRISA)—can now help enable interoperability between solutions and, when enhanced by blockchain analysis tools such as in CipherTrace Traveler, can also safely identify VASPs to exchange Travel Rule data.

The lack of Travel Rule implementation globally is a major obstacle to effective global AML/CFT mitigation and undermines the effectiveness and impact of the revised FATF Standards. For this, the FATF has indicated that one of its major next steps will be to accelerate the implementation of the Travel Rule globally.

How Jurisdictions Have Implemented the Revised FATF Standards

The report finds that many jurisdictions have continued to make progress in implementing the revised FATF Standards. Out of the 128 reporting jurisdictions that responded to the FATF’s questionnaire—triple the number that responded to the first 12-month review—52 jurisdictions claimed to now regulate VASPs, 6 jurisdictions prohibit the operation of VASPs, and the other 70 jurisdictions have not yet implemented the revised Standards in their national law. These gaps in implementation mean that there is not yet a global regime to prevent the misuse of virtual assets and VASPs for money laundering or terrorist financing.

For context, in the last 12-month review, 32 jurisdictions reported having existing regulations for Virtual Asset Service Providers, 13 jurisdictions reported having regulations in development, and 5 jurisdictions indicated the prohibition or potential near future prohibition of VASPs. The increase in jurisdictions that now regulate VASPs suggests that significant progress has been made, however global implementation still has very large gaps that need to be addressed.

Only 35 of the 58 jurisdictions that claimed to now regulate or prohibit VASPs reported that their regime was currently operational.

For jurisdictions that have yet to prohibit or regulate VASPs, 26 jurisdictions reported that they were in the process of passing the necessary legislation in order to regulate or prohibit VASPs;

12 jurisdictions reported that they had already decided which approach they intended to take on VASPs but had not yet commenced the necessary legislative/regulatory process; and 32 jurisdictions reported that they had not yet decided what approach to take for VASPs.

Of the 52 jurisdictions that reported that they have established regulatory regimes permitting VASPs, only 36 of these jurisdictions advised that they have commenced licensing and registering of VASPs. Only 32 reported jurisdictions have extended their regime to included VASPs incorporated overseas but which offer products/services to customers in their jurisdiction. In total, these jurisdictions have reported that they have so far licensed or registered 2,374 VASPs—more than double the reported number of registered/licensed VASPs recorded in the first 12-month review.

Non-Compliance with FATF Standards

The FATF calculates implementation of FATF Standards through a self-assessment by participating jurisdictions and is not an official assessment of the level of actual compliance with the FATF Standards. By assessing jurisdictions through the Mutual Evaluation and Follow-Up Report (MER/FUR) process, the FATF found that no jurisdictions with published reports have received a compliant (C) rating. Most jurisdictions have received a partially compliant (PC) rating or above. Two jurisdictions have been assessed as having a non-compliant (NC) rating.

According to the FATF, the main barrier to compliance appears to be a lack of action by jurisdictions. A third of jurisdictions with FURs/MERs assessing Recommendation 15 have taken no or minimal action to implement the requirements. The other two thirds of jurisdictions have taken action, but have not implemented the requirements fully—such as omitting Travel Rule regulations.

Suspicious Transaction Reporting (STR)/Suspicious Activity Reporting (SAR) and VASPs

In the FATF Report, 36 jurisdictions provided Suspicious Transaction Report (STR) data from VASPs. According to these 36 jurisdictions, VASPs had filed 146,704 STRs between 2019 and 2020. Some jurisdictions noted that they had noted an increasing number of STRs in 2020 as more VASPs entered the market, knowledge of AML/CFT grew in the sector, and VASPs developed their reporting systems. Of the 146,704 STRs reported, 55,118 were from 2019 and 91,586 were from 2020.

Market Metrics on Peer-to-Peer Transactions

Data collected by the FATF from several blockchain analysis companies, including CipherTrace, indicates the share of illicit transactions appears higher for peer-to-peer transactions than in transactions with VASPs. There were substantial differences in the data provided by the different blockchain analytic companies resulting in the FATF being unable to assess with certainty the size of the peer-to-peer sector and its associated ML/TF risk. The report therefore does not find clear evidence of a shift towards peer-to-peer transactions.

The inconsistency of results from blockchain analytics companies is indicative of inconsistent definitions, double counting and data quality issues.

FATF Next Steps for Crypto AML/CFT Compliance

All jurisdictions need to implement the revised FATF Standards, including Travel Rule requirements, as quickly as possible. The FATF will undertake the following actions focused on virtual assets and VASPs. According to the Second 12-Month Review, the FATF’s next steps will be to:

• accelerate the implementation of the Travel Rule;
• finalizing the revised FATF Guidance on virtual assets and VASPs by November 2021; and
• monitor the virtual asset and VASP sector, but not further revise the FATF Standards at this point in time (except to make a technical amendment regarding proliferation financing).

FATF’s full report can be accessed here: http://www.fatf-gafi.org/publications/fatfrecommendations/documents/second-12-month-review-virtual-assets-vasps.html

Crypto Regulations | What To Avoid When Applying For Estonian Crypto License?

Estonia has adopted new crypto regulations which were enforced on March 10th, 2020. Existing license holders have to comply with the new rules by 1st of July, 2020. 

New crypto regulations

With the new crypto regulations, the biggest challenge for most of the companies is setting up the local management. It’s not easy to find someone you can trust, and someone who can do the necessary work, and someone who is willing to become a member of the management board.

Some businesses just want to fulfill regulatory requirements. Meaning, they don’t expect the board member to do any business development work, and ideally, have the AML officer and the board member two in one. 

It’s understandable, as the goal is to reduce the costs. However, there are some Estonian service providers advertising board member and AML officer solutions which aren’t going to be sufficient nor sustainable. For example, one service provider had installed one AML officer to 28 companies under the old regulations. 

By any objective evaluation, the AML officer can’t do the work that he or she has to do for so many companies.

Why Should You Avoid This Setup?

With the new regulations the FIU has a lot more playing ground on deciding whether the personnel of the applicant is sufficient. Hence, if there’s a solution advertised where one board member sits on 20 different companies, then this simply won’t be accepted anymore. 

As an example, one service provider advertised a full solution – office, AML officer, and the board member for 990€ per month. 

As the Estonian salary taxes make up almost 50% of the salary, then this calculation simply won’t add up. No eligible person is willing to receive a few hundred euros compensation per month for the scrutiny by the FIU and the liability of being a board member of any company. It’s likely that this person is going to sit on the board of many companies.

Imagine if you submit your application and the FIU finds the name of the same person who is already included in 20 other applications. Your whole application loses legitimacy, instantly.

Even if you manage to get a license (let’s say the board member you have will be added to 20 different companies later), it’s guaranteed to have a lot more scrutiny by the authorities going forward. 

Even if you manage to get a license (let’s say the board member you have will be added to 20 different companies later), it’s guaranteed to have a lot more scrutiny by the authorities going forward. 

What to understand about the regulatory changes

The new crypto regulations were enforced for a reason. The authorities want to be able to supervise the companies operating under the Estonian crypto license. If your only goal is to optimize the expenses and to avoid having a proper set-up, it’s going to be difficult to operate this business without running into trouble with the FIU. Everything is possible, but it might make sense to avoid it.

We recommend and help our clients to recruit and build a real operational office. This means that you may have to pay more for the people you’re going to hire, but these people are actually going to work for you. 

Whatever you’re going to do, it’s worth thinking about. Any regulated activity requires a good relationship with the authorities, and building a proper substance is the foundation for this relationship. 

If you’re looking to apply for virtual currency service provider authorization in Estonia, you can write to us at [email protected]

Invest in Estonia

Even if it is a small country, Estonia attracts foreign investors through its pro-business legislation. The Estonian economy is based on the taxes levied on companies which is why the government offers incentives that are meant to draw businessmen from other countries. Businessmen who want to invest in Estonia should know that the most appealing investment fields in this country are the IT sector, the bio technology sector and regenerative industry.

The business environment in Estonia

-          its geographical position at the crossroads between Europe and Russia;

-          foreign companies are not subject to any tax on reinvested profits;

-          a skilled and well-educated workforce;

-          setting up a company in Estonia takes about 15 minutes through the online application platform;

-          the Estonian Banking system allows for almost all operations to be conducted online;

-          Estonia is a member of the World Trade Organization, of the European Union, of the Organization for Economic Co-Operation and Development (OECD) and NATO.

Why invest in Estonia?

Foreign investments in Estonia

Taxation of companies in Estonia