A European Parliament report this week will raise red flags about a surge in cryptocurrency licences to largely offshore applicants in Estonia, whose financial regulators are already under intense scrutiny over their handling of the Danske Bank money laundering scandal.
Ana Gomes, a Portuguese MEP and financial transparency campaigner, told PaymentsCompliance the number of licences granted by Estonia’s Financial Intelligence Unit (FIU) to cryptocurrency platform providers — more than 1,000 during 2018 — is “extremely, extremely alarming”.
Gomes recently visited Estonia as part of a delegation from the European Parliament’s TAX3 committee on financial crimes, tax evasion and tax avoidance, chiefly to study the money laundering scandal involving Danske Bank that was centred in the Danish institution's Estonian arm.
However, Estonia’s unique virtual currency licensing regime, which was introduced late in 2017, raised the eyebrows of several MEPs on the trip and will be discussed in the report, due to be brought to a vote in the committee later this week.
The Baltic state has been keen to beckon fintech start-ups to its shores through a series of legislative initiatives, including its much-touted e-residency scheme. Its virtual currency licensing system sprang out of a desire to regulate the sector.
The country offers two licensing categories: one for providers of virtual-fiat exchanges; and another for virtual wallets.
Currently, applications need to show a passport copy, criminal record check and a draft anti-money laundering protocol. Assessors may also ask for a description of planned activities.
Estonia’s FIU issued a total of 1,124 licences to crypto operators in 2018, FIU head Madis Reimand told PaymentsCompliance. Of those authorisations, 595 were for virtual-to-fiat exchanges and a further 529 for wallets.
By comparison, the FIU issued just 103 new activity licences across all licensing categories for the entire 2017 calendar year, according to its annual report. Of that number, only six related to virtual asset providers.
"The FIU doesn’t have resources to analyse more than 20 percent of the suspicious transaction reports," said MEP Ana Gomes.
The torrent of applications represents a vast increase in the organisation’s licensing processing workload.
Gomes said the delegation “found that the FIU doesn’t have resources to analyse more than 20 percent of the suspicious transaction reports that are filled in, mostly by the banks” and that there are “more than one thousand operators of cryptocurrencies established in Estonia”.
In 2017, the FIU conducted just 15 remote supervisory inspections across all regulated firms that fall under its purview, and none for providers of virtual asset platforms. In 2018, it conducted 26 “supervisory proceedings” against firms licensed under the new crypto regime.
The unit, which is part of Estonia’s police force, is already making attempts to stem the flow of crypto hopefuls. Late last year it proposed that a “fit and proper” check be added to the licence application process.
“We see the risks of fraud and money laundering in a number of virtual companies and we keep an eye on their actions,” Reimand said. “Also, we have made proposals to enhance regulation because it helps us to have a more detailed understanding of the applicant’s credibility.”
A finance ministry spokesman said: “In the future, the Financial Intelligence Unit issuing respective licences will check the suitability and reputation of the governing body of the enterprise instead of that of compliance officers.”
“This is a common requirement in the financial sector, … the objective of which is to prevent the sector from being used for criminal purposes.”
The draft law also stipulates that the licensee must have a head office or branch in Estonia. Currently, companies holding licences are required to be registered in the country, but a physical presence is not necessary.
However, the government’s own efforts to slow the flow of licences stalled just days before the MEPs arrived in the country.
A parliamentary committee tasked with reviewing the bill after its first reading said it would not advance the legal changes until after a new parliament is formed following March elections, according to a separate finance ministry statement.
Finance minister Toomas Tõniste criticised the move to delay the amendments, according to the statement that was only distributed in Estonian.
The ministry spokesman told PaymentsCompliance separately: “This package of measures is our priority and the Ministry of Finance will definitely proceed with it after a new government has been formed.”
Reimand, too, said he hopes “that the next parliament will quickly approve and adopt these suggestions”.
‘Word Got Around’ About Crypto Licences
The FIU was caught unawares after news of Estonia’s virtual currency licences — which were designed to bolster anti-money laundering protections of the sector — spread like wildfire in the crypto community, according to Sille Rästas from TGS Baltics in Tallinn.
“I don’t think that the FIU actually foresaw this amount of applications that they are receiving,” said Rästas, an associate. “They still don’t have reason to refuse giving out this licence if all the documents that are submitted are correct.”
“I think it’s really difficult, because I know they are now trying to improve supervision and I know that they have sent out questionnaires about their activities, but given the number of licences they can’t check on everybody,” she said.
Argos Kracht, chief executive of KRM, a consultancy that helps foreign applicants secure licences and register companies in Estonia, also said that some of his clients had been subject to inspections by the FIU.
Many offshore applicants are attracted to the Baltic republic’s licensing regime because most other jurisdictions have not developed a specific virtual currency regulation package, he said in an interview.
“In most countries, crypto-currencies are unregulated. People want to be regulated.”
He said KRM has obtained around 350 licences since the beginning of last year, for clients hailing from more than 100 countries.
“I don’t think that the FIU actually foresaw this amount of applications that they are receiving,” said Sille Rästas from TGS Baltics.
As the licence can only be granted to a company registered in Estonia, the firm also offers a selection of off-the-shelf, pre-registered companies with names such as DigiFlower and CryptoLight, for fees beginning at €850.
People familiar with the regime said that several licences had been revoked during 2018, mainly because the FIU requires that regulated entities begin carrying out activities within six months of receiving permission.
A small number of applicants were turned down because of problems obtaining or verifying a criminal record check. Kracht said the FIU does “a certain due diligence” but that “crypto business is not opening a bank so the due diligence requirements are not so high”.
When licences are granted, however, almost no operators have been able to open a local bank account. Local financial institutions are refusing to go near the sector, although KRM’s Kracht said that banks have been willing to work with local operators who they can meet in person.
The TAX3 committee’s report, which comes amid renewed examination of Estonia and Denmark’s response to the Danske scandal, is due to be voted on by the committee on Wednesday.
The committee’s chairperson, Czech MEP Petr Ježek, and co-rapporteurs Jeppe Kofod and Luděk Niedermayer, did not respond to interview requests.