REGULATIONS

Crypto Travel Rule Regulations in

Estonia

by

Financial Intelligence Unit (FIU)

🇪🇪
Travel Rule required from
Travel Rule regulation still pending
June 15, 2022
Content last updated
July 22, 2022

Estonia was the first to begin issuing crypto licenses in 2017, granting upwards of 4,000 licenses. In 2020, Estonia’s crypto regulator changed from the Ministry of Interior Affairs to the Ministry of Finance’s Financial Intelligence Unit (FIU). The FIU found illegal money was moving through shell companies registered in Estonia. On March 15, 2022, amidst the war in the Russian-Ukraine conflict, the Estonian regulator implemented Travel Rule quickly, with the enforcement date just three months behind on June 15, 2022, creating the fastest turnaround for Travel Rule enforcement in history. 

Download the Estonia Cryptocurrency Regulation Guide

Get the PDF

‍

1. Is cryptocurrency legal in Estonia?

Yes. It is legal for Estonian residents to own virtual assets and to buy and sell them. 

‍

2. Are there any AML crypto regulations in Estonia?

Yes. The Money Laundering and Terrorist Financing Prevention Act (”AML Act”), in Sections 3/(3) and 2/(1)/10, includes providers of virtual currency services in the definition of “obliged entities.” The AML Act is therefore applicable to VASPs. 

‍‍

3. Is the Crypto Travel Rule mandated in Estonia?

Yes, the Travel Rule has been mandated in Estonia since March 15, 2022. Section 25 / (24), (25), and (27) transpose Travel Rule requirements to Estonian law. 

AML Act, Section 25 / 23:

When providing the service of exchange or transfer of virtual currency, a provider of virtual currency service is obligated to apply at least the due diligence measures provided by subsections 24, 25, and 27 of this section.

‍

4. Who regulates cryptocurrency in Estonia? 

In 2020, the Estonian Financial Intelligence Unit (FIU) of the Ministry of Finance took control of regulating cryptocurrency. 

‍

FATF Travel Rule requirements in Estonia

1. Are there licensing or registration requirements for VASPs in Estonia?

Estonian VASPs must register with the FIU as outlined in Section 70/(4) of the AML Act. In addition to the information required in the General Part of the Economic Activities Code Act, an application for authorisation concerning virtual currency operations must contain additional particulars and documents, including a description of information technology systems that are to be used by the VASP to guarantee compliance with applicable Travel Rule requirements (see Section 70/(32)/6 of the AML Act). 

‍

2. When does the Crypto Travel Rule go into effect in Estonia?  

The Crypto Travel Rule entered into force in Estonia on March 15, 2022.
‍

3. Does Estonia permit a grace period to comply with the Crypto Travel Rule? 

Estonian VASPs were allowed a grace period to comply between March 15, 2022, and June 15, 2022 (see Section 1183).

‍

View Estonian VASPs on the Notabene Network

Explore the Network

‍

Complying with the FATF Crypto Travel Rule in Estonia

‍

1. What is the minimum threshold for the Crypto Travel Rule in Estonia?

Estonia’s AML Act does not foresee any exception to the application of Travel Rule requirements based on the transaction amount. Estonia does not enforce any de-minimis threshold. (AML Act, Section 25 (23))

‍

2. What personally identifiable information is required to be shared for the Crypto Travel Rule in Estonia?‍

According to the consensus reached during Notabene’s Workshop on Estonia Travel Rule Requirements on May 20, 2022, Section 25 (24), (25), and (27) set forth that the Originator VASP needs to transmit the following information about the Originator and Beneficiary Customers:
‍

‍
⚠️ Unlike most Travel Rule regulations and contrary to FATF Guidance, Estonia does not require VASPs to collect and transmit any personal information about the Beneficiary customer. Most jurisdictions require VASPs to send (and receive) the Beneficiary’s name. Without a Beneficiary name, it is impossible to carry out sanction screening on the counterparty customer. Additionally, Beneficiary VASPs from other jurisdictions may deem the Travel Rule transfer to be incomplete if the Beneficiary name is not included. 

‍

{{training2="/cta-components"}}

‍

3. What are the non-custodial or self-hosted wallet requirements in Estonia?

According to Section 25/(28) of the AML Act, Estonian VASPs are not required to transmit Travel Rule information when transacting with unhosted wallets. Still, they should nevertheless monitor the risk of the transaction at hand, collect and keep the required Originator and Beneficiary information, and make that information available to enforcement or supervisory agencies upon request.  

The same regime applies when the Beneficiary VASP is unable to receive and process Travel Rule information. 

‍

Why choose Notabene for Crypto Travel Rule Compliance in Estonia?

Notabene’s solution is live and used by VASPs to comply with local Travel Rule requirements globally. Complying with the Travel Rule requires significant changes to VASPs’ existing UX and data flows. Most relevantly for Estonian VASPs, our clients can leverage our easy 5-step integration to onboard and signal compliance to the Estonian Financial Intelligence Unit (FIU). We support a staggered implementation and promote testnets for VASPs to take their first steps toward compliance in a simulated environment.

References

Riigi Teataja | Money Laundering and Terrorist Financing Prevention Act 
Silk Legal | Estonia off the list of crypto-friendly jurisdictions following updates to the AML Act
Freeman Law | Estonia and Cryptocurrency

Notabene's commitment to privacy + security:

‍Bank-grade security for an insecure world‍
  • Passed rigorous security reviews by more than 150 institutions, including global banks and top 20 crypto exchanges
  • Annual SOC 2 Type II Audit for Security and Data Privacy Categories
  • Regular penetration testing by security audit leader Cobalt
‍Industry’s strongest protection for your customer data‍
  • Industry’s only escrowed exchange of encrypted PII
  • Compliant with EU GDPR, Singapore PDA
  • Plug-and-play Travel Rule end-user data consent component
‍Enterprise White Glove features‍
  • 24h/7 days a week uptime
  • Configurable enterprise SLA
  • SOC2 compliant disaster recovery and business continuity plans
Learn more about our commitment to security
Learn More from our Travel Rule Compliance Guide - European Union
Download
This content is provided for general informational purposes only. By using the content, you agree that the information on this content does not constitute legal, financial or any other form of professional advice. No relationship is created with you, nor any duty of care assumed to you, when you use this content. The content is not a substitute for obtaining any legal, financial or any other form of professional advice from a suitably qualified and licensed advisor. The information on this content may be changed without notice and is not guaranteed to be complete, accurate, correct or up-to-date.

Help us keep this page up to date! Any comments, corrections or suggestions on this page can be sent to
[email protected].