Compliance with Estonian AML rules among crypto licenced companies

NJORD Law Firm’s Regulatory team has compiled a summary of the annual report from the FIU that gives an overview of the statistics regarding AML-reports submitted last year and feedback to the licenced companies.

The Estonian Financial Intelligence Unit (hereinafter FIU) has again compiled an overview of the reports sent to the FIU, this time for the year 2020 by virtual currency service providers (crypto exchanges and e-wallet providers).

Reports submitted in 2020

In 2020, virtual currency service providers sent a total of 530 reports to the FIU. During last year, there were around 370 licenced companies with a virtual currency service licence in Estonia, compared to 2019 when there were more than 1000 licenced companies and the FIU received 405 reports.

It is noteworthy that only 45 companies have submitted the 530 reports. This means that more than 300 companies have found nothing to report to the FIU during a full year.

Submitted reports concerning suspicious transactions for money laundering were highest in number of the reports submitted. These reports were followed by reports of unusual transactions and reports of unusual activities. There were a low number of reports regarding suspicion of terrorism financing, a majority of these reports were related to high-risk countries. For the first time, reports concerning breach of international sanctions were submitted.

Most reports were submitted regarding the suspicion of the accuracy of data provided. The second most common reason were reports about suspicion of an unusual transaction since it was not possible to perform the mandatory due diligence measures.

How did the FIU handle the reports submitted?

Only 2% of the reports were directed to an in-depth analysis by the FIU since in most cases the reports had no connection with Estonia. 9% of reports were forwarded to different investigative bodies, which is a higher number than earlier years. 3% of reports were shared with foreign institutions.

Submission form

The FIU considers that knowledge of the reporting form and the content of the reports have improved. Sometimes a report has been mistakenly submitted with a “High Importance” tag. This is unnecessary, if the transaction has already taken place, or if no client agreement was ever made. The FIU emphasizes that all reports must be submitted via their web form or via the X-road service. Roughly 10% of the reports were still submitted via e-mail. E-mailed reports are no longer accepted.

Feedback to the licenced companies – trends and what to improve

The FIU said that while fulfilling the reporting obligation has improved, the due diligence by the service providers is still weak, especially regarding the identification of the source of funds and the in-depth analysis of transactions.

The FIU expects all virtual currency service providers to monitor transactions related to dark web environments, as some of the virtual currency service providers are already doing.

The FIU points out that a new trend in the market is the emergence of persons who specialize in money laundering. Another trend is the use of virtual currency ATMs, which are often used in money laundering schemes.

The supervision by the FIU found that too many obliged entities do not use independent sources correctly when identifying the persons involved in a transaction. It should also be noted that when remotely identifying a person, a minimum of two sources must be used. In addition, there are shortcomings in identifying PEPs, their family members or close associates. For that, reliable databases must be used. The FIU also notes that an efficient method that is too rarely used is interviewing the client.

There are also problems with data retention. Copies of documents used for person identification must be retained, this also applies to the correspondence with the client in the course of due diligence.

Another important issue is the proper monitoring of the business relationships over time and ensuring that rules of procedural and internal rules are legitimate and correspond with the actual activities of the licenced entity. Too many companies have procedures and rules in place that are not a good match with their actual business activities. It should be noted that the compliance officer needs to be competent and fit for the job. For example, there have been problems with communication between the FIU and the compliance officers, since some of them do not speaks neither Estonian nor English, at an acceptable level.


Source: “RAB tagasiside virtuaalvääringu teenuse pakkujatele - Ülevaade teadetest, mille Eesti virtuaalvääringu teenuse pakkujad aastal 2020 RAB-le saatsid, ja nende kasutamisest RAB poolt”, April 2021

Henrik Link
Assistant Attorney, Associate
Mobile:  +372 56 48 02 09

Karolina Ullman
Attorney at Law, Partner
Mobile:  (+372) 53 48 91 21

Add a comment

Email again: