Estonia Crypto Regulations

Estonia has been at the forefront of the crypto revolution, as one of the first countries in the world to open its doors to blockchain-native firms.

The nation has been a pioneer, adopting regulations and policies favourable to the fostering of crypto business.

This is due in significant part to the country embracing digitisation, the growth in blockchain business and investors’ interest in blockchain solutions are high.  Estonia’s e-residency marketplace has been a great aid in the digitalisation of the economy’s infrastructure, it supports companies in selecting the right service providers – the marketplace includes basic information about blockchain and fintech firms in Estonia with background and quality checks – to provide accurate and safe information to the public.

Examples of Estonian crypto companies include crypto wallet provider, CW Lab OU, providing cryptocurrency storage to customers as well as direct crypto to fiat trading and inter-currency exchange services, and Maincoin OÜ, providing a virtual currency wallet service in connection with Neo Crypto.

Here, Coinfirm’s Regulatory Affairs departments look into the AML/CFT stipulations, licensing requirements of virtual currency service providers and more in 2022.

Can I Buy/Sell/Own Crypto in Estonia?

It is legal for residents in Estonia to own, buy and sell cryptocurrencies and blockchain-based assets, which is regulated by the Estonian Financial Intelligence Unit. This can be done through exchanges, Bitcoin ATMs and peer-to-peer.

How is Crypto Taxed in Estonia?

Crypto assets are classed as property under §15 (1) of Chapter 3 of the Income Tax Act in the Republic of Estonia.

To Which Virtual Currency Service Providers Does VAT Apply and Who is Exempt? 

Exemptions are granted based on Article 135 (1) (d) of the EU VAT Directive implemented into Estonia’s national law as the Value-Added Tax Act  – ‘’EU countries must exempt certain transactions that are considered to be in the public interest. They are mostly carried out by public bodies but exemption also extends to several of the same transactions when carried out in the public interest by bodies in the private or charitable sector.’’

Wallet Services

Paid digital wallet services are subject to VAT as they are a technological aid to store private keys and are not essential for carrying out transactions exempt from tax. The European Commission concluded that BTC users can set up un-hosted digital wallets and the service itself does not entail any change in the right of ownership of Bitcoin. 

However, their taxation depends on the offered services which may render them exempt from VAT. ‘’The European Commission has emphasised that, for the tax exemption to apply, the service must be directly linked to the currency transaction itself.’’

The exemption may apply to virtual wallet service providers which enable Bitcoin users to perform transactions, on top of the above-mentioned service, that create rights and obligations in relation to the currency, and are regarded as a financial service as per §16 (21) of the Value-Added Tax Act .

Miners of Virtual Currency

Mining is deemed to not generate taxable supply rendering it exempt from VAT. This is due to the miners’ activities being sufficiently linked to BTC and the VAT on necessary goods to supply the service, such as computers and electricity, is not deductible. 

Also, transactions made with newly mined virtual currency, such as exchange for fiat, generate supply exempt from tax. 

The European Commission considers that ‘’given the nature of the activity, mining virtual currency as a service provided to another person could be covered by the exemption of tax provided for in the Article 135(1)(d) of the VAT Directive.’’

Platform Usage Services

‘’A paid service which gives access to a software application and the purpose of which is to enable the recipient of the service to use the platform is subject to regular VAT depending on the recipient of the service. The service of using a platform is not a financial service and is therefore not exempt from VAT under the Value-Added Tax Act.’’

More information regarding all crypto-related activities subject to tax can be found here. Failure to comply with the tax requirements will be punished under the Taxation Act §153 and the Penal Code §389.

VASP Licence Requirements in Estonia

In 2017, Estonia launched specifically tailored licences for crypto exchanges in the country. Previously, two different sets of licences were given, the Virtual Currency Exchange Service License and the Virtual Currency Wallet Service License. Now only one cryptocurrency license is required for any crypto-activity.  

Some of the requirements to apply for an Estonian Cryptocurrency Exchange License are:

• Company registered in Estonia
• A business plan, for at least two years, detailing the business activities, organisational chart, and operational procedures
• Details about the UBOs
• Financial information
• Risk assessment 
• Information about the assigned audit firm, which must not be appointed for more than five years
• Technological system
• A share capital of at least EUR 100,000 for virtual currency exchange services and EUR 250,000 for virtual currency transfer services

The full list of requirements can be found in Chapter 8 §70 (3²) of the Money Laundering and Terrorist Financing Prevention Act. An authorisation application is granted by the Financial Intelligence Unit also has the right to refuse a license. 

Estonia Crypto AML Regulations 

Estonia’s compliance regulations in respect to AML are strict. 

As a European Union member state, the Republic of Estonia follows the EU’s set of regulations surrounding AML (Anti-Money Laundering) and CFT (Countering the Financing of Terrorism). Estonia’s AML/CFT laws have been updated in line with the EU’s 5AMLD.

Read: 5 Steps Into the 5th Anti-Money Laundering Directive (5AMLD)

Crypto businesses operating in Estonia must follow the Money Laundering and Terrorist Financing Prevention Act. The Act stipulates that Virtual Asset Service Providers (VASPs) must follow the same rules as financial institutions, defining the Virtual Currency – a value represented in the digital form, which is digitally transferable, preservable or tradable, and which natural persons or legal persons accept as a payment instrument, but that is not the legal tender of any country or funds. It also entails the appointment of a Compliance Officer that is given oversight of a business’ compliance functions in line with a Risk-Based Approach. Firms must take a Risk-Based Approach by applying Enhanced Due Diligence to high-risk customers and relationships, and conducting Know-Your-Customer (KYC) checks. Suspicious Activity Reports (SARs) can be submitted to the Estonian Financial Intelligence Unit by completing a reporting form. Customer information such as KYC documents, transaction history and SAR filings must be retained for up to 5 years after a relationship has been terminated or the last transaction was conducted.

The Money Laundering and Terrorist Financing Prevention Act was further amended and came into force on 15 March 2022, with a particular focus on building out due diligence obligations on the VASPs, aiming to mitigate the risks of money laundering and terrorist financing. It expands the scope of a virtual currency servicefrom only wallet and exchange service providers to any providers that offer any type of crypto or DeFi services.

The Estonian Financial Intelligence Unit in preparing the amendments, further provides an explanatory note confirming that – “the application used is not a virtual currency service provider, but creators, owners, administrators, and other persons who have influence or control over the terms and conditions of the service or other parameters may be obligated persons, even if the provision of the service is organised in a decentralised manner and/or some processes are automated.” Also, “a person who creates and/or sells a software application or a platform for offering and/or trading virtual currency may not be a virtual currency service provider if their activity is limited to creating and/or selling the application and/or platform. However, as a rule, a party who supervises the creation and development of a software or platform for the purpose of providing virtual currency services also qualifies as a virtual currency service provider, especially if it retains control or sufficient influence over the virtual currency, software, protocol, platform or business relationship with users of the software, even if this is done through a smart contract.”

The Act also provides a more extensive list of due diligence measures, obligations to apply such and data to be collected on the customers under §19, 20 and 21. In addition, “providers of virtual currency services are not allowed to provide services outside a business relationship’’ specified under §25 (1³) are under no circumstance, to offer services to anonymous natural or legal persons. Data collected on the clients, as specified in §25 (2⁴), is to be transmitted ‘’without delay and securely to the recipient’s virtual currency service provider’’ in line with FATF’s Travel Rule. In the instance where the recipient’s provider cannot receive or process this data, the sending provider is to monitor in real time the transaction and keep available personal data of the sender to be readily available for requests from regulatory enforcement, supervisory or oversight or investigative authority.

The Amended Act intends to act in accordance with the Travel Rule set out by the Financial Action Task Force (FATF), bringing VASPs more in line with e-money institutions and payment service providers. The rules do not apply directly to the customers, but the responsibility lies with the VASPs to maintain the due diligence obligations as well as on behalf of the legal or natural person in conducting a crypto-related business. The new rules adopt the same definitions under the FATF in its updated guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers. 

The Travel Rule is designed to identify participants in a transaction, requiring financial institutions to identify both initiating and receiving parties, extending to virtual asset services.

Whilst Estonian VASPs cannot offer anonymous accounts, the Ministry of Finance in Estonia reminds that Estonian VASPs that they should treat anonymous services as higher volatility risk. VASPs are advised to apply solutions with real-time transaction monitoring to perform risk analysis and to notify the Estonian Financial Intelligence Unit whenever a suspicious activity is spotted. The Estonian Ministry of Finance reiterates that personal data collected along with the transaction shall be protected under the Estonian Personal Data Protection Act and the General Data Protection Regulation.

While existing VASPs have until 15 June 2022 to bring their operations in line with the new regulation, meaning modifying and submitting all existing and new supportive documentation to the Financial Intelligence Unit, new applicants are also required to follow the updated requirements in conformity with the amendments. Existing VASPS that have not brought their operations into compliance and filed documents by the aforementioned, the Financial Intelligence Unit will revoke the authorisation granted in the area of virtual currency operations. An additional 150 days will be granted for VASPs that must follow this process for an undertaking that holds a valid authorisation. 

Other requirements under the Money Laundering and Terrorist Financing Prevention Act impose that VASPs:

• Monitor the transactions in real-time and perform risk analysis by using an appropriate technical solution. 
• A member of the management board of the VASPs may not serve more than two companies in providing virtual currency services.
• Members of the management board of the VASPs must possess a higher education with a minimum of two years of relevant work experience.
•  Internal and external auditing is mandatory.

Notably, the new rules do not prohibit private customers from owning and trading virtual assets and do not affect individuals who hold virtual assets through a private wallet which is not set up in an Estonian VASP. Individuals can still use non-custodial wallets or VASPs in other jurisdictions and are not required to share their private keys to wallets.

There are multiple scenarios with different typologies of perpetrators listed in the Act which bring about penalties of a fine of 300 units, a short-term custodial sentence, detention, or EUR 400,000 for the same act committed by a legal person. 

Legal Framework of ICOs in Estonia

With the issuance of the revised Money Laundering and Terrorist Financing Prevention Act, Initial Coin Offerings (ICOs) are now considered obliged entities. Depending on the type of token issued and offered, they may be governed by securities, commodities or e-currency laws. The Estonian Financial Supervision and Resolution Authority provides a guidance on initial coin offerings (ICOs), last updated July 2020. 

The Authority advises that the issued tokens could be, depending on their structure, securities as defined under § 2 of the Securities Market Act (SMA),  meaning the investors are given rights in the issuer company or the tokens’ value is directly proportional to the future profits or success of the business. 

Entities facilitating the offering of instruments qualified as securities or secondary trading of such tokens could be considered to provide investment services under § 43 of the SMA and may be provided as a permanent activity only by authorised entities.

Businesses financed through the repayable funds received from the public in the form of an ICO, which provide loans on their own name and account, are governed by the Credit Institutions Act (CIA). 

The Authority reaffirms that if what is offered in an ICO, is referred to as a token instead of a share or equity, a token may still qualify as a security governed by the Estonian legislation.

Non-compliance with the proper legal framework of an ICO may lead to investment fraud under the Penal Code §211 and face up to five years’ imprisonment. 

Estonia Crypto Regulators

• The Ministry of Finance in Estonia is responsible for implementing tax, fiscal and financial policies and proposing regulations applicable to crypto-assets.
• The Estonian Financial Supervision and Resolution Authority is responsible for supervising participants in the financial services industry and conducting resolution functions in resolving the financial crisis. The Authority is independent in its decision-making.
• The Estonian Financial Intelligence Unit is the country’s independent agency under the jurisdiction of the Ministry of Finance, responsible for monitoring transactions to combat financial crime. The Unit also has the right to grant and revoke virtual currency licenses. 
• The Estonian Tax and Customs Board is responsible for the collection of taxes in the nation.

Government Commission for the Prevention of Money Laundering

The Government Commission for the Prevention of Money Laundering was established by Government Order No. 285 of 11 May 2006, made up of representatives of public sector institutions and other institutions involved in the fight against money laundering, aiming to provide a national coordination system for finding solutions to problems relating to money laundering and terrorist financing.

Notable Crypto Regulatory Actions in Estonia

According to the Estonian Financial Intelligence Unit’s Annual Reports in 2019 and 2020, 840 licenses to exchange virtual currencies for fiat currencies and 800 licenses to provide virtual currency wallet services were issued, along with 116 licenses which were granted to provide virtual currency services. However, in late 2020, Estonia revoked more than 1,000 licences after the licensees were found to be non-compliant, some were even found to have minimal connections to Estonia – Part of the clampdown was additionally believed to be related to 1) revelations of a large-scale money laundering operation in the country across the wider financial system and 2) the abuse of the e-residency programme where Estonian police uncovered a number of foreign nationals operating crypto businesses benefitting from scams and 3) the difficulty with regulating all licensees due to the COVID-19 pandemic.