Estonia has long been recognized as a pioneer in digital innovation, with a business-friendly environment that welcomes new technologies and business models.
However, in 2018 Danske Bank scandal that involved the Estonian branch of the bank and resulted in the laundering of billions of dollars in the country. In response to the scandal, during the last few years, Estonia has taken significant steps towards developing a robust Anti-Money Laundering /Combating the Financing of Terrorism (AML/CFT) framework, aligning its framework with global and European best practices.
Supervisors in Estonia
The Estonian regulatory landscape requires comprehensive AML/CFT frameworks for a variety of financial institutions. The Estonian Financial Supervision Authority (EFSA) is responsible for supervising and regulating financial institutions in Estonia, including:
- Credit institutions
- Insurance companies
- Investment firms
- Fund management
- Payment service providers
- Electronic money institutions
Additionally, the Estonian Bar Association (BA) is responsible for the AML supervision of notaries and lawyers.
Estonian Financial Intelligence Unit (EFIU) supervises financial institutions that are not supervised by EFSA and Designated Non-Financial Businesses and Professions (DNFBPs), that are not members of the BA, including:
- casinos, CSPs
- pawnbroking services
- dealers in Precious Metals and Stones
- virtual currency services.
Requirements of the AML Law in Estonia
The Money Laundering and Terrorist Financing Prevention Act (MLTFPA) is the central legislation governing AML/CFT matters in the country and is in full compliance with the European AML Directives. The MLTFPA requires obliged entities to implement the following among others:
- conduct due diligence on business relationships
- appoint an AML Compliance Officer
- establish transaction monitoring processes to identify suspicious transactions
- have in place suspicious transaction reporting procedures
- establish an audit function
- employees’ training
- other controls to prevent financial crime.
It also provides for the establishment and functioning of the EFIU and the approach for supervision, which is divided between EFSA, and BA.
AML requirements for Virtual Asset Service Providers (VASPs) in Estonia
The MLTFPA was updated in March 2022 to include provisions that specifically target VASPs operating in Estonia. VASPs are required to comply with a number of obligations to prevent ML/TF. These requirements include:
- New definition of “Virtual Currency Service”: the definition was expanded to include, not only virtual currency exchanges and wallet services but also virtual currency transfer services and services related to the issuance of virtual currency (i.e. Initial Coin Offering – ICO)
- Licensing: VASPs must obtain a license to provide virtual currency transfer services, which include receiving, executing, and transmitting virtual currency orders on behalf of third parties or issuing virtual currencies through ICOs. The licensing requirements were expanded.
- Updated requirements for the members of the Board of Directors (BoD): members of the BoD must have a specific level of education and at least two years of work experience. Additionally, a member of the BoD may not hold this position at more than two VASPs.
- “Travel rule” requirement: VASPs must comply with the “travel rule” by collecting and transmitting certain customer information to the beneficiary VASP for transactions above a certain threshold. The threshold is set at €1,000 for virtual currency transfers and €10,000 for wire transfers.
- Prohibition of anonymous accounts: VASPs are prohibited from opening anonymous accounts, and they must verify the identity of their customers and beneficial owners.
- Real-time transaction monitoring: VASPs are required to implement real-time transaction monitoring tools to identify suspicious activities and transactions.
As Estonia continues to strengthen its AML/CFT framework and enhance regulations governing VASPs and other financial institutions, it has established a reputation for being welcoming to innovation and new technologies. This has attracted many entities to establish a presence in Estonia, including numerous VASPs.
As the regulatory landscape continues to evolve, it is important for obliged entities, including VASPs operating in Estonia, to remain vigilant and up-to-date on these regulatory developments to ensure continued compliance with the evolving requirements.