While the draft Crowdfunding and Other Investment Instruments and Virtual Currencies Act published at the beginning of 2021, which intended to regulate virtual currency services further before the EU-wide regulation comes into force, did not proceed any further (more information available here) a new draft act with even stricter requirements has now been published. The new draft act does not build upon the previous draft and instead extends the regulation under the current Money Laundering and Terrorist Financing Prevention Act (the draft AML Act).

The respective EU regulation in this area is currently in the form of a proposal (Proposal for a Regulation of the European Parliament and of the Council on Markets in Crypto-assets, and amending Directive (EU) 2019/1937) and is expected to come into force no earlier than 2028 (the Regulation).

The concept of virtual currency services expanded

One of the main changes is that the concept of virtual currency services will be expanded.

According to the current law, virtual currency services are the virtual currency wallet service and the virtual currency exchange service. The following will be added to the meaning of virtual currency services in the future:

1. “virtual currency transfer service, which enables at least partially electronic transaction through a virtual currency service provider on behalf of the originator for the purpose of transferring the virtual currency through the virtual currency service provider to the recipient’s virtual currency wallet or account, regardless of whether the originator and recipient are the same person or the recipient uses the same service provider;”

After the inclusion of this point in the AML Act, the definition of a virtual currency service provider will, in addition to the currently regulated persons who exchange the virtual currencies themselves, also include those persons who simply enable transfers in virtual currencies.

2. “the issue of a virtual currency, the organization of its offer or sale or the provision of related financial services.”

The point includes both services provided by the issuer itself and services provided by another party in connection with the offer, marketing, sale, distribution, and measures necessary to ensure trading. This means that any ancillary activities to the current virtual currency service provision, such as companies facilitating ICOs or marketing agencies for virtual currency services, will be subject to licensing requirements in the future.

License application and new financial requirements

Another important change in the sphere of application is the time limit for new license application. Currently, there are no limits on when the new application can be sent after the first one is revoked, refused, or stopped. However, starting from the year 2022, a new application can only be submitted 2 years after the first procedure.

Moreover, new rules establish that licenses cannot be suspended or transferred to another entity.

More importantly, the list of requirements to obtain a virtual currency service provider’s activity license will be added to the AML Act. In order to provide a comparison with the new requirements, here is a list of the current requirements among others applicable to virtual currency service providers in Estonia:

  • the company’s share capital must be at least EUR 12,000;
  • state fee for the application is EUR 3,300;
  • the company must appoint a compliance officer who works permanently in Estonia and has the education, professional suitability, abilities, personal qualities, experience, and impeccable reputation required for the performance of the duties of a compliance officer. This appointment is to be coordinated with the FIU;
  • the company must have in place internal procedure rules and risk assessment documents with respect to AML and sanctions rules and risks;
  • the company; members of its management body; and its procurator, beneficial owner, and owner are to be checked for any unexpired penalties for a criminal offense against the authority of the state, criminal offenses relating to money laundering or other wilfully committed criminal offenses, and criminal registry extracts need to be submitted for that purpose;
  • the company must have a payment account with a credit institution, an electronic money institution or a payment institution established in Estonia or a Contracting State of the European Economic Area providing cross-border services in Estonia or having established a branch in Estonia.

New requirements for virtual currency service providers

Under the new requirements, service providers must meet the following requirements:

  • the company’s paid-in share capital must be at least EUR 350,000;
  • the own resources of a virtual currency service provider shall at all times correspond to one of the following amounts, whichever is greater: the amount of share capital or at least a quarter of the fixed overheads of the previous financial year;
  • state fee for the application is EUR 10,000;
  • the registered office, seat, and place of business of the virtual currency service provider must be in Estonia;
  • it should be possible at any time to ensure that a representative of the supervisory or investigative body has access to the data collected and stored by the service provider;
  • if the licensed virtual currency service provider wishes to operate abroad, including establishing a branch abroad or providing cross-border services abroad, the virtual currency service provider shall submit an application and relevant documents to the FIU. The FIU will then decide whether to approve the application or not within one month from the receipt of the required documents. The decision shall be made based on, among other things, the applicant’s financial state, organizational structure, and business plan;
  • a member of the board of a virtual currency service provider must have a university degree and at least two years of professional experience and may not hold the position of the member of the board in more than two virtual currency service providers. A member of the management board must also have an impeccable business reputation, which means that:
    • his or her activities or omissions have resulted in the bankruptcy of the service provider or another person subject to financial supervision or revocation of the activity license on the initiative of the financial supervision authority;
    • he or she has committed a criminal offense of the first degree;
    • the court has imposed a prohibition on acting or a prohibition on entrepreneurship;
    • he or she is unable to organize the activities of the service provider in such a way that the interests of investors and customers are sufficiently protected;
    • he or she has submitted false information to the Financial Intelligence Unit or failed to submit important information;
    • he or she has been punished for an offense of economic, professional, property or public trust and his or her corresponding punishment information has not been deleted from the punishment register pursuant to the Punishment Register Act or an international sanction has been applied to him or her.
  • the contact person may not be the contact person or the head of a structural unit of another virtual currency service provider;
  • a member of the management board may work as a contact person or as the head of a corresponding structural unit only in those virtual currency service providers where he or she is a member of the management board;
  • a person that may acquire, hold and increase a qualifying holding shall have an impeccable business reputation, strong financial position, ability to ensure that the service provider is able to comply with the own funds and asset management requirements, absence of reasonable doubt that the acquisition is related to money laundering or terrorist financing and absence of international sanctions.;

Additionally following documents and information must be provided to FIU:

  • the applicant’s opening balance sheet and overview of income, expenses, profit, and cash flows and the underlying assumptions;
  • a business plan;
  • information concerning the information technology systems and other technological means and systems;
  • information concerning the number of shares or units and votes acquired or owned by each shareholder, partner, or member;
  • information concerning the audit firm of the applicant must be provided;
  • information concerning persons who have a qualifying holding in the applicant;
  • information concerning companies in which the applicant or a member of its management body holds more than 20 percent.;

Additional regulatory requirements for the virtual currency service providers

Travel rule and other protection methods

Currently, there is no obligation on virtual currency service providers to collect information on the recipient of the virtual currency transaction. Under the draft Act, virtual currency service providers must also collect the name of the recipient of the transaction, along with the identifier of the payment account or virtual currency wallet, in their absence, the unique identifier of the transaction.

The new information collection rule will make the responsibilities of virtual currency service providers equal to those of a bank and payment institution.

Under the new draft law, upon concluding a virtual currency exchange or transfer transaction, a virtual currency service provider shall collect at least the following information:

About the originator:

  • in the case of a natural person: the name, payment account, or virtual currency wallet identifier; unique identifier of the transaction, personal identification code, date of birth, name, and number of the identity document, place of birth, and address of residence;
  • in the case of a legal person: the name, payment account, or virtual currency wallet identifier, in their absence the unique identifier of the transaction, registry code, in the absence thereof the relevant identification code of the country of location (combination of numbers or letters) and address.

About the recipient:

  • in the case of a natural person: the name and payment account or virtual currency wallet identifier;
  • in the case of a legal person: the name and identifier of the payment account or virtual currency wallet, in the absence thereof, the unique identifier of the transaction.

This cannot be limited to publicly available information, but the service provider must ensure that the transaction details are recorded with the customer’s data in a way that allows immediate response to FIU or other law enforcement institutions.

The issue with the travel rule is that during the panel of the 22.09.2021 OECD „Global Blockchain Policy Forum 2021“, „Virtual assets and financial crime: Building an effective global regime to mitigate the risks“ it was announced by the representatives of FATF that it is not until November 2021 when FATF intends to publish more precise instructions on how the Travel Rule could be implemented between virtual currency service providers. Among other things, FATF emphasized the need for cooperation and exchange of information between member states in order to develop a better understanding and technical standards in a secure manner of transferring data and the substance of this data. This means that there are currently no technical standards in place EU-wide that would aid virtual currency service providers in implementing the amendments provided in the draft AML Act.

When and what should be done

The law is intended to enter into force on 1st January 2022. However, a virtual currency service provider licensed on the basis of the Act may enjoy a possibility to delay the implementation of the new rules, namely, it is required to bring activities and documents into conformity with the requirements provided for in the new Act by 18th March 2022 at the latest. The virtual currency service provider must notify the FIU of how it has made its activities comply with the conditions prescribed by the new law.

Another important change to note is that upon a decision by the FIU not to issue the virtual currency service license or upon revocation of an existing license, the same applicant is not permitted to apply for a new license within two years from the respective decision.

There are various issues with the draft AML Act in addition to the complications related to the implementation of the Travel Rule referred to above. In addition to the fact that the EU Regulation is not foreseen to be ready for implementation before 2028, the draft AML Act is regulating areas that are not currently regulated in any other EU member state and which are therefore unprecedented and arguably unnecessary, such as the regulation of marketing activities for virtual currencies.

Considering the above complications and the attitude of the market participants towards the draft AML Act, it is difficult to predict whether the draft AML Act will be accepted by Parliament. However, considering that the transition period is rather short, and additional requirements for virtual currency service providers are established internationally by the FATF only in June 2019, we hope that at least the transition period will be extended for existing license holders. In any case, it is very important to start analyzing the new rules and draw up a plan for their possible implementation.

Please also note that Sorainen has participated in the common plea with FinanceEstonia to the Ministry of Finance in order to stop the implementation of the draft AML Act. However, we are yet to hear of the results of this plea. Until further notice, please take this information as an overview of the intentions of the legislator in the area of virtual currency services.

In case of any questions regarding the above, please feel free to contact our specialists Krista Ševerev at krista.severev@sorainen.com or Monika Tomberg at monika.tomberg@sorainen.com.