Recently, there have been discussions regarding Estonia’s new law on cryptocurrency, the revocation of 500 crypto licenses in Estonia, and companies exiting from Estonian regulatory jurisdiction. Let’s focus on three major recommendations.
Do your research before engaging with a legal partner in Estonia
Yes, it might sound odd, but I think one of the reasons why companies have been losing their crypto licenses is some consulting companies. I won’t mention specific firms, but I am aware that some consulting companies conduct very aggressive marketing, spamming their adverts for a single reason — to sell a “ready company” with licenses and, in some cases, with a bank account.
Why are they to blame? First, they spam and try to sell their services to everyone who is working in the cryptocurrency business, which I feel isn’t appropriate. Estonian licenses are for very specific services and may not be applicable to everyone who works in the crypto industry. I have personally met people who bought a “ready company” from one of those consulting companies. When figuring out their business model, I came to the conclusion that they did not really need them.
Second, a bank account, which was opened for a company before the sale, will most likely be suspended or blocked from operating normally when a buyer starts changing the shareholders and directors. In Estonia, banks are very conservative and they usually do not work with crypto business and non-Estonian residents, especially when the company cannot prove the direct connection to Estonian jurisdiction. Having an Estonian company is not enough.
My recommendation is to “do your own research” when selecting your legal partner in Estonia. Try to avoid consulting companies that spam you or employ aggressive marketing tactics. Usually, they do not have time to thoroughly analyze your business model to understand what you really need. Their aim is solely to sell you the licenses and other services.
There are also some consulting companies operating or located outside of Estonia — e.g., in Russia, Israel, etc. Such companies are unfamiliar with the local jurisdictions. Engaging with them, you risk receiving inaccurate information. Moreover, in some cases, they will hire an Estonian law firm to help, and your fees will be much higher since the consulting companies will charge extra on top of the fees from an Estonian law firm.
Be ready to start the business within 6 months after the issuance of the license
The second recommendation is related to a legal requirement indicated in the Money Laundering and Terrorist Financing Prevention Act of Estonia. This is easy to comply with, but quite often, it has been the reason for the revocation of licenses. If you do not want to miss a small detail that can impact your license, please, continue reading.
The widespread reason for revocation of the cryptocurrency licenses by the Estonian Financial Intelligence Unit, or FIU, is that some companies were simply not able to start operations within a specific period of time. Under Estonian law, a company has six months to start its business once the license has become valid. The important detail here is when it becomes valid.
During the application process, the applicant indicates the specific date for the license validity to start. For example, when you are applying for a cryptocurrency license, and you forecast that the start of operations won’t be within six months, there is a possibility to delay the starting date. If you think it will take your business one year to start operating, simply indicate the start date one year ahead from the time you apply for your license.
This seems simple, however, it has become the reason why some companies have lost their licenses. The FIU is responsive and can give an extension only in the event when you can prove that the delay of the launch of your business was outside of your control. If you cannot prove this, the FIU is usually strict with the deadline and exercises the right to revoke the cryptocurrency license.
It is just a small yet crucial detail in the application to mark the start date for the validity of the license. Therefore, pay attention and discuss it in detail with your legal partner.
AML/KYC compliance is the core focus if you want to keep your license
The third recommendation is related to compliance, which is usually the core focus of the Estonian Financial Intelligence Unit.
I’ve seen many companies that have been granted licenses with the help of consulting companies and did not understand the importance of Anti-Money Laundering compliance. They were thinking, once they have a license, they could request something from the customer and do their business. However, this is not the case.
Cryptocurrency exchanges in Estonia are required to adhere to strong KYC/AML measures from the outset with customer onboarding and finishing with transaction monitoring. To comply with AML/KYC requirements, a lot of human resources, money and legal expertise are required. Sometimes the requirements are a bit confusing in the Estonian AML framework, creating additional risks for the crypto business.
Cryptocurrency exchanges registered in Estonia are required to have an AML officer who is the resident of the country and has specific experience in AML. To find such a person is a real challenge in a small country like Estonia with lots of registered cryptocurrency businesses.
This requirement for a local AML officer has impacted the business of some of the consulting firms in Estonia, as it has become a market practice for them to provide the services of an AML officer. Imagine if one consulting firm is the registered AML officer for 20 or more companies. What kind of quality can their services offer when servicing so many companies?
This is the risk in deploying a firm to be an AML officer for a cryptocurrency exchange, as the FIU might have some questions for an individual who is an AML officer for more than two companies. Usually, the AML officer has a lot of requirements and is usually under time constraints. An individual can be the AML officer for more than one company, however, this is not a good standard to follow.
My recommendation is to take AML/KYC compliance seriously. One should try to find an AML officer dedicated to one company only. Additionally, you should do your research about what can be outsourced — e.g., KYC or AML cryptocurrency screening services.
Currently, the FIU is a unit of the Estonian Police and Board Guard. However, there is ongoing discussion to make the FIU a separate agency and to grant it more power and resources. Consequently, they will have more expertise to supervise companies that comply with the relevant AML regulations.
This is not legal advice and this recommendation is for informational purposes only. It is your own responsibility if you choose to rely on it when doing business in Estonia.
The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.
Mykola Demchuk is a fintech lawyer based in Estonia who has been working with blockchain clients since 2016. He has assisted companies in applying for cryptocurrency licenses and complying with the law.