On 4th April 2016 in case number 3-3-1-75-15, the Estonian Supreme Court ruled that the exchange of cryptocurrency is a lawful business activity regulated by the Anti-Money Laundering Act and Terrorism Finance Act and in order to operate in cryptocurrency exchange, an applicant shall obtain an authorisation (known as a Provider of Alternatives Means of Payments) from the Financial Intelligence Unit (in Estonian: Rahapesu Andmebüroo).
On 27th November 2017, a new version of the Anti-Money Laundering Act and Terrorism Finance Act was enacted by the Parliament of Estonia and it addressed many shortcomings of the previous version of the law. The main highlights of the new version of the Anti-Money Laundering Act and Terrorism Finance Act (2017) are:
- A clear definition of cryptocurrencies (“virtual currencies”)
- Regulation of the provision of cryptocurrency wallets
- Remote identification of clients for cryptocurrency exchange, and storage service providers
- The possibility of delegating client identification to a properly qualified 3rd party
- A new definition and significant expansion of the duties of an anti-money laundering reporting officer
- The obligation for regulated companies to develop sound risk management policies, taking into consideration their risk appetites, liquidity, capital and many other risk factors.
- Hefty fines for non-compliance
Pursuant to Section 3 (9), cryptocurrencies are named “virtual currencies” and defined as follows:
“ ‘virtual currency’ means a value represented in the digital form, which is digitally transferable, preservable or tradable and which natural persons or legal persons accept as a payment instrument, but that is not the legal tender of any country or funds for the purposes of Article 4(25) of Directive (EU) 2015/2366 of the European Parliament and of the Council on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC (OJ L 337, 23.12.2015, pp. 35–127) or a payment transaction for the purposes of points (k) and (l) of Article 3 of the same Directive”.
Pursuant to Section 2(10), a holder of a valid authorisation to deal with virtual currency in Estonia is called “a provider of a service of exchanging a virtual currency against a fiat currency” (in Estonian: Virtuaalvääringu raha vastu vahetamise teenuse pakkujad).
The Act does not specify which type of blockchain technology shall be considered a ‘virtual currency’. In this case ICO tokens bear a value and can be classified as a virtual currency. Thus exchange of fiat currencies into ICO tokens can be at least partially covered by the Anti-Money Laundering Act and Terrorism Finance Act.
Provision of cryptocurrency wallets
Section 3 (10) defines a provider of cryptocurrency storage solutions as “a service in the framework of which keys are generated for customers or customers’ encrypted keys are kept, which can be used for the purpose of keeping, storing and transferring virtual currencies”.
A holder of a valid authorisation for cryptocurrency wallet services is called “a provider of a virtual currency wallet service” (in Estonian: Virtuaalvääringu rahakotiteenuse pakkujad).
Pursuant to Section 70, a business which would like to offer cryptocurrency exchange and storage services is required to obtain authorisation from the Financial Intelligence Unit.
It is a criminal offence to conduct such business without official authorisation.
Risk management and compliance
A company authorised to conduct cryptocurrency exchange and storage business is obliged to assess and document its risk appetite: “… the total of the exposure level and types of the obliged entity, which the obliged entity is prepared to assume for the purpose of its economic activities and attainment of its strategic goals, and which is established by the senior management of the obliged entity in writing”. (Section 10)
Notably, the Act regulates not only the exchange of fiat currencies into cryptocurrency but also the exchange of cryptocurrencies into other cryptocurrencies. It means that a provider of cryptocurrency exchange services carrying out a transaction to exchange 1 BTC/XRP is obliged to comply with client identification procedures and other provisions stipulated by the said Act.
The Act regulates activities of firms authorised to conduct virtual currency exchange and provide virtual currency wallet services in Estonia. However, the Act does not exclude the provision of services outside of Estonia.