18.05.2022 Estonian parliament adopted changes for Investment Funds Act (IFA), which may significantly affect economic activity of small fund managers without license issued by the Estoni...
The purpose of this article is to give a review on the further changes of Estonian regulatory framework regarding Virtual Assets Service Providers (VASPs). In this article will be accessed the amendment of Money Laundering and Terrorist Financing Prevention Act (MLTFPA), which is planned to come into force in 15.03.2022. The existing VASPs should bring their activities in accordance with the new legislation by 15.06.2022.
On the 21st of October 2021 Estonian Ministry of Finance has made a proposal for amending of MLTFPA. Currently the draft law is subject to a third reading in the parliament. In accordance with this proposal's explanatory memorandum, within period since 2019 to 2021 Estonia carried out National Risk Assessment (NRA). As a result, it became clear that there is a need for risk mitigation measures in a number of sectors, including VASPs. New MLTFPA aims the rapidly mitigating money laundering and terrorist financing risks related to VASPs and virtual assets. This amendment will bring substantial changes, which affect all licensed providers of virtual currency services in Estonia: licensing requirements will be similar to other finance market participants (primarily PSPs and EMIs), however supervision authority will remain the same – Estonian Financial Intelligence Unit (FIU). Also, it was noticed, that license application proceeding takes many resources, thus amendment will solve this issue too.
THE DEFINITION OF VIRTUAL CURRENCY SERVICES
The amendment will affect the legal definition of virtual currency services: there shall be described the difference between virtual currency wallet service (which allows only store VC wallets' private keys) and virtual currency transfer to another wallet via VASP. In addition, changes will affect organizing of ICOs and other virtual currency-related projects. Thus, the updated definition of virtual currencies shall be the following:
Virtual currency wallet service
is a service that creates or maintains encrypted keys for customers that can be used to deposit, store and transfer virtual currencies.
Virtual currency exchange service
is a service that creates or maintains encrypted keys for customers that can be used to deposit, store and transfer virtual currencies.
Virtual currency transfer service
is a service that allows a transaction to be made at least in part electronically through a virtual currency service provider on behalf of the originator for the purpose of transferring the virtual currency to the recipient's virtual currency wallet or account regardless fact, that transfer originator and recipient is the same person or if originator and recipient use the same service provider.
Arranging a public or directed offer or sale of virtual currency
providing a related financial service for or on behalf of an issuer involved in the issuance of virtual currency
In addition to new approach to servicesregarding the law's update, VASPs will be not permitted to provide any virtual currency services without concluding a business relationship. It means, that occasional transactions with VASPs will be permitted and all customers shall pass through customer due diligence process, including ongoing due diligence measures.
ADDITIONAL DATA COLLECTING FROM NATURAL PERSONS
Under the current MLTFPA, data on the means of communication is collected for identification purposes only for the legal person and such measure was not implemented against the natural person. In practice, within the course of subsequent investigations and monitoring, situations have arisen where the collection and investigation of data would have been greatly facilitated by the existence of data on means of communication of natural persons. Thus, the amendment will oblige VASPs to collect means of communication also regarding the natural persons – at least the phone number and e-mail address of the natural persons must be provided.
TRAVEL RULE AND ADDITIONAL OBLIGATIONS WHEN PERFORMING TRANSACTIONS
In June 2019 the Financial Action Task Force (FATF) has made recommendation to extended the "travel rule" requirement to VASPs. It obliges VASPs to collect and retain the details of the transaction’s originator (incl. originator's personal data). This data shall be sent promptly and securely to the recipient's VASP. However, VASP provider is not able to receive or process the data, the aforementioned obligation would be deemed to be fulfilled if:
The VASP of the originator of the transaction will be obliged to collect at least the following information on the originator of the transaction:
Natural person
Legal entity
ADDITIONAL DOCUMENTS AND INFORMATION FOR LICENSE APPLICATION
The amendment extends the list of documents and information to be submitted with an application in order to receive a license. The state fee for the submission of the application for VASP license will be risen to 10 000 euros (the current cost is 3 300 euros). For making changes in the existing license, a state fee in the amount of 4 000 euros must be paid (except for the change of the address of the VASP, and the new address shall be also in Estonia).
Requirements for share capital and own funds
In a case when the VASP provides any virtual currency services besides virtual currency transfer service, its share capital must be at least 100 000 euros. In a case when virtual currency transfer services are provided, the share capital amount of the VASP must be at least 250 000 euros. In both cases the share capital must be paid in full by monetary contribution. There are also requirements regarding monitoring of amount of own funds. The VASP's own funds must at all times correspond to one of the following amounts, whichever is higher:
It's important to notice, that requirements for calculation of overheads, specified in REGULATION (EU) No 575/2013 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 26 June 2013 on prudential requirements for credit institutions and investment firms and amending Regulation (EU) No 648/2012 will apply to VASPs
Business plan
The business plan must cover the period of at least 2 years and as a minimum must contain description of the nature of the VASP's proposed business, its organisational structure and management structure and a description of the rights, obligations and responsibilities of the entities involved in the provision of the envisaged services, as well as a description, forecast and analysis of:
The business plan shall provide information on the proposed business activities, which will enable to assess whether the VASP will continue to comply with the requirements after granting the license.
Financial information
The VASP must provide opening balance sheet and a statement of income, expenditure, profits and cash flows and underlying assumptions or, in the case of an operating company, the balance sheet and profit and loss account as at the end of the month preceding the month in which the application for license is submitted and, if available, the accounts for the last three financial years. VASP will also be subject to the obligation to have its annual accounts audited. VASP will be required to provide information on the audit firm providing the services.
Risk assessment documents
Such documents must show the determination of the VASP’s risk assessment procedures as well as the VASP’s risk appetite.
Description of IT systems
Virtual currency services are services based on electronic systems, where the security of the systems and the protection of customer and investor data are of particular importance. Therefore, VASP which intends to obtain a license must pay attention to assessing and mitigating the risks associated with the solutions used to provide the service and the security of the data held by the external service providers. Data on the IT systems must include the following:
Information about shareholders
Information about shareholders of a VASP must include the following:
With regard to the supervision of the ownership of significant shareholdings of VASPs, it is necessary to establish the ownership of the company at the time of the application for the license. It is also required to have information on the economic links between the VASP and the members of its management bodies in order to avoid a situation where adequate supervision of the VASP is hindered because of a significant link between the VASP or a member of its management body and another entity.
Good business reputation
Definition of good business reputation has an amendment in the following. Entity does not have a proper business reputation if the circumstances that cast doubt on its existence or confirm its absence became known to FIU. An entity's business reputation is not proper if:
Requirements for VASP's management and compliance officers
Board members of the VASP must have at least higher education and 2 years of professional experience. Also, board member of the VASP has no right to be board member in more than 2 VASPs, except the case, when they're in the same group of companies or the VASP has a significant shareholding in the other VASP. If board member wants to be in same position in one more entity – he or she shall ask permission for this from the FIU.
However a person acting as the contact person of FIU may not act as the contact person of FIU nor a head of a structural unit in any other VASP.
Restriction for transfer of license
A license for provision of the virtual currency service is not transferable. The license shall be revoked if the VASP merges with the establishment of a new entity or merges and is continued by the merging entity.
RIGHT TO REFUSE TO GRANT A LICENSE AND RIGHT TO REVOKE A LICENSE
The FIU has the right to refuse to grant a license for provision of virtual currency service in the following cases:
Thereby, there are lot of grounds for refuse in granting license to the VASP. Some of them require FIU's discretion which also makes regulation regarding VASP less predictable. Also, FIU's rights to revoke the license granted were amended regarding the following grounds:
Equal to grounds for refusing license application, here's a lot of discretion power given to the FIU.
Restriction for the application resubmission
VASP, a member of the VASP's management body and a person with a qualifying holding in the VASP may not submit a new application for license for a period of 2 years from the date of entry into force of the FIU's decision to refuse or revoke of the license.
VASP ACTIVITIES REQUIREMENTS AND CONDITIONS FOR COMPLIANCE HEREOF
Audit requirements
Amendment specifies requirement regarding annual report auditing by sworn auditor.
Internal auditor
VASP shall appoint internal auditor. Such person shall have no other duties in the VASP which will or might cause any conflict of interest and have obligations which lead from law to report compliance issues to supervisory authorities (primarily, FIU). The internal auditor will be subject to the requirements and legal basis for the activities of an accredited internal auditor set out in the Auditors Activities Act, where among other things, they must have passed a respective vocational examination.
Restriction for temporary renouncement of the license
It's restricted to temporary renounce activities for a VASP. Thus, VASP shall be in compliance with the license requirements.
18.05.2022 Estonian parliament adopted changes for Investment Funds Act (IFA), which may significantly affect economic activity of small fund managers without license issued by the Estoni...
The updated Estonian Money Laundering and Terrorist Financing Prevention Act sets requirements for the calculation of the minimum amount of own funds for VASPs, which will be discussed in...
This article gives an overview of the legal status of the different types of tokens issued in an initial coin offering (ICO) in Estonia. Among other things, the regulatory regimes and req...