Reporting suspicious activities by crypto licence holders

The first statistics collected by the Estonian FIU on the duty to report suspicious activities of money laundering and terrorist financing have been made available.

The Estonian Financial Intelligence Unit (FIU) has prepared an overview of the notifications received from providers of virtual currency services during 2019 that are under a reporting obligation of suspicion of money laundering or terrorist financing. This is the first time such an overview has been done and the FIU is receptive to suggestions on how to improve the efficiency of the reporting process.


Around 300 companies have started operations under the virtual currency licenses in 2019, i.e. they started providing custodial virtual currency exchange, custodial currency wallet or both. Some companies did not start operations within the first 6 months of the license(s) being issued, which is a ground for revocation of the license.

From these 300 companies operating in 2019, 16 reported suspicions of money laundering or terrorist financing to the FIU. In total, 405 notifications were sent to the FIU. Two companies alone sent around 330 notifications.

When counting the total number of notifications from all companies with the same duty to report suspicious activities of money laundering and terrorist financing, virtual currency companies sent 5.7% of all notifications during 2019.

Even though the statistics show that only 5% of the operating virtual currency companies have sent notifications to the FIU, the fact is that the FIU has indicated that the reporting volumes have skyrocketed, which has helped the FIU to significantly better understand the situation and vulnerabilities of the virtual currency sector. As the regulation of virtual currency companies is still quite novel, the notification of suspicious activities will tendentially become clearer and more efficient over time.

The 405 notifications were divided into the following categories regarding its content: 324 were notifications of suspected money laundering transactions, 55 were notifications of unusual activity, 19 were notifications of unusual transactions, 6 were notifications related to the financing of terrorism and 1 was a notification of a cash transaction exceeding the limit.


The FIU concludes its statistics with some recommendations to the obliged entities. In terms of format, there is a specific web form that should be filled in, while many notifications were sent by e-mail.

Regarding the content of the notifications, the FIU highlights that very often the dates of birth of individuals is missing and a reasoning for such absence is not provided. Birth dates are important to identify a natural person since it is very often the case that people have common gaiven names and surnames.

The other problem regarding the content of notifications is that the suspicious activity described is not linked to the correct category. Additionally, the FIU concluded that the overall picture shows that the background of the parties and virtual currency transactions are not sufficiently analysed by the virtual currency service providers.

The licensed virtual currency service providers are under the obligation to conduct KYC on their customers. The concepts of KYC and AML are often used interchangeably. The fact is that the purpose to conduct KYC is not only to prevent money laundering but also to avoid (or at least identify) financing of terrorism. The FIU recommends increasing the monitoring of customers and pay special attention to the risk of financing terrorism and to the international sanctions list.


Estonia was one of the first EU countries to implement licensing obligation for providers of custodial crypto exchange and wallet. This has attracted many companies that want to be compliant and supervised in a jurisdiction that brings some legal certainty on such a new area of regulation.

The blockchain and virtual currency services are probably one the best examples of a cross-border and global market. This means that the people behind the different licensed entities originate from different countries and usually communicate in English. The other main Fintech and blockchain centres in Europe are the UK, Malta and Gibraltar. It is not a coincidence that the English language is a language used with the countries’ official entities.

The fact that English is not an official language in Estonia could prove to be a challenge for compliance of virtual currency service providers. However, even though the FIU website says that the Estonian web form still does not work in English, it is actually possible to enter with the ID-Card and see two different web forms: one in English and one in Estonian. This is great news for compliance and for supervision, since the information will go straight from the licensed entity to the regulator and there are mechanisms to assist so that all requested information is noted in the report.

Two very important principles that apply to virtual currency service providers compliance are the transparency and the legal certainty. The publication of these statistics certainly contributes for market transparency and give important feedback to the licensed companies.

When we look at the principle of legal certainty it would be positive to align the terminology used by the FIU and the translation of the Money Laundering and Terrorist Financing Prevention Act (RahaPTS) to avoid confusion as the Estonian concept of “teade” is translated in the law as “report” and by the FIU as “notification”.

Karolina Ullman
Attorney at Law, Managing Partner
Direct: (+372) 66 76 444
Mobile: (+372) 53 48 91 21

Add a comment

Email again: