To continue our sequence of articles about “how not to lose the cryptocurrency license in Estonia” Nikolay has prepared a third recommendation. You can read about the first and second recommendations here.
The third recommendation is related to compliance, which is usually the core focus of the Estonian Financial Intelligence Unit.
Disclaimer: This is not legal advice and this recommendation is for informational purposes only. It is your own responsibility if you choose to rely on it when doing business in Estonia.
Part 3. Recommendation 3.
AML/KYC compliance is the core focus if you want to keep your licenses
I’ve seen many companies that were granted licenses with the help of consulting companies did not have a real understanding of how important AML compliance is. They were thinking once they have a license, they can ask something from the customer and do their business. However, it is not the case.
The cryptocurrency exchange in Estonia is required to undertake strong KYC/AML measures of its customers from the onset with customer onboarding and finishing with the transaction monitoring. To comply with AML/KYC requirements requires a lot of human resources, money and legal expertise. Sometimes the requirements are a bit confusing in the Estonian AML framework which create additional risks for the cryptocurrency.
A cryptocurrency exchange registered in Estonia is required to have an AML officer who is the resident of the country and with specific experience in AML. To find such a person is a real challenge in a small country like Estonia with lots of registered cryptocurrency businesses.
This requirement for a local AML officer impacted the business of some of the consulting firms in Estonia, as it has become a market practice for them to provide the services of an AML Officer. Imagine if one consulting firm is the registered AML Officer for 20 more companies. How good of a quality can their services be?!
This is the risk to deploy a firm as described to be an AML Officer for a cryptocurrency exchange as the FIU might have some questions for an individual who is an AML Officer for more than 2 companies. Usually, the AML Officer has a lot of requirements and is usually under time constraints. An individual can be the AML officer for more than 1 company, however this is not a good standard to follow.
My recommendation is take AML/KYC compliance seriously. One should try to find an AML Officer dedicated to one company only. Additionally, one should do the research about what can be outsourced, e.g. KYC or AML cryptocurrency screening services.
Currently, the FIU is a unit of the Estonian Police and Board Guard. However, there is ongoing discussion to make the FIU a separate agency and to grant them more power and resources. Consequently, they will have more expertise for supervision of companies to comply with the relevant AML regulations.