Estonia’s Crypto Crackdown Weeds Out Bad AML/KYC


At the height of the unprecedented crypto boom of 2017, Estonia emerged as the digital trailblazer of the European Union, issuing hundreds of licenses to crypto companies. The country’s regulators moved to authorize the issuance of operating permits to crypto companies back in 2017 under Estonia’s e-Residency permit program.

The e-Residency program is a government-issued digital identity and status that allows entrepreneurs, freelancers and digital nomads to run and manage paperless companies while living or traveling abroad. The lax rules at the time even enabled companies with no physical presence in the Baltic state to receive licenses.

As a result, over 1,400 permits were issued in three years. But now, reports show that Estonia’s regulators have moved to revoke the licenses of 500 crypto companies in response to a $220 billion money laundering scandal.

While speaking to Bloomberg, Madis Reimand, the head of Estonia’s Financial Intelligence Unit, opined that regulators were concerned that the firms that had their licenses revoked might be using their local credentials to commit fraud abroad.

The end of Estonia’s crypto boom?

To most onlookers, the move by Estonia’s government is more proof that cryptocurrencies are nothing more than a high-risk investment. However, others still believe that it’s nothing more than a case of inadequate regulation of the crypto market. 

However, despite the crackdown, Reimand made it clear in his statement that the idea was not to cripple the crypto sector but rather to prevent risks associated with money laundering: “This is a first step in tidying up the market.” In addition, Reimand told Cointelegraph:

“The Financial Intelligence Unit can revoke the authorizations of a virtual currency provider in cases where the provider has repeatedly disobeyed precepts of the supervisory authorities.”

Licenses in Estonia: What happened?

The move by Estonia’s FIU to turn its attention from banks to crypto firms after the allegation that hundreds of billions of dollars flowed through the Estonia-based branch of Danske Bank puts a spotlight on how genuine the crypto companies are. However, in a conversation with Cointelegraph, Mykola Demchuk — a financial technology lawyer based in Estonia — revealed that the move made by the Baltic state had little to do with the $220 billion money laundering scandal.

After all, Reimand did not highlight any wrongdoing by any of the crypto companies that had their licenses revoked in his statement. Plus, only companies that failed to start operations in Estonia within six months of getting permits were affected by the crackdown.

Furthermore, Reimand said that only companies that disobeyed authorities, did not commence operations within six months of the issuance of authorizations, or “provided false information when applying for authorization” would be affected.

Perhaps the involvement of Danske Bank’s Estonia branch in a multibillion-dollar scandal left Estonia’s regulators with a sour taste in their mouths, forcing them to crack down on crypto firms as a scapegoat measure. Demchuk opined that there could only be four reasons that triggered the move by Estonia’s FIU:

“Some companies that had received licenses, did not really need them. They applied to get the license because of unclear regulatory practices that existed in the period between 2017 and 2018.” 

Secondly, Demchuk argued that “some were simply not able to start operations within 6 months” as required by regulators, adding that “the third reason is compliance. The companies failed to comply with the Anti-Money Laundering regulation and consequently, the licenses were revoked.” Demchuk also said that “there were some consulting companies in Estonia who were selling ‘ready-to-go’ companies with already obtained crypto licenses.” He concluded: “Some of them failed to sell such companies within 6 months. Consequently, the FIU revoked the licenses.”

Increased illicit use of crypto in 2020

Even though the money laundering scandal involving Danske Bank happened last year, the revoking of licenses by Estonia’s regulators, possibly in response to the scandal, sheds light on ongoing attempts by fraudsters to use crypto in laundering money.

So far, 2020 has seen a high use of crypto in money laundering, according to a report released earlier this month by intelligence firm CipherTrace stating that ill-gotten funds siphoned through crypto since the start of the year now stand at $1.4 billion.

Related: Crypto Crime on the Rise — Good Odds of 2020 Becoming a Record-Breaker

The CipherTrace report also noted that money launderers tend to use high-risk exchanges from United States-based Bitcoin ATMs as opposed to lower risk crypto exchanges that are well established. As a result, experts have concluded that Bitcoin ATMs are a greater risk, as most of them feature lax AML and Know Your Customer policies.

Even though cryptocurrencies are routinely maligned by proponents of fiat currencies for their use by bad actors, the share of Bitcoin transactions linked to illicit activity has dropped over the past few years with the increased realization that blockchains lack anonymity given their capacities to trace and identify transactions.

In the view of authorities all over the world, the pseudo-anonymous nature of cryptocurrency transactions present challenges that make it virtually impossible to implement AML and KYC policies. However, blockchain’s underlying features have the potential to help out the efforts. If all crypto wallets require undergoing compliance during onboarding, it will be easy for authorities to track illicit funds. Although significantly impacting user privacy, such a solution can ensure the growth of the crypto industry free from bad actors.

Creating crypto-centric AML policies

For countries such as Estonia to sufficiently implement AML guidelines for the crypto industry, it is essential to create bespoke solutions that take into consideration crypto’s decentralized nature. Arguably, one of the reasons why there is a misguided perception around cryptocurrencies being popular with hackers is that most jurisdictions have AML and KYC systems that are tailored for centralized financial systems.

While it is evident that the crackdown by Estonia’s regulators was not targeting the crypto industry but was a general move to tidy up the market, the challenge for regulators is to come up with proper policies for the supervision of crypto companies, as Demchuk said, clarifying:

“The concern now is to build a system where cryptocurrency companies can be properly supervised by the authorities. This also includes revoking licenses from those who are not able to comply with the law.”

In Estonia, change has already begun. In his remarks, Demchuk said that now, “one needs to have a physical presence in Estonia” and that “there are stricter AML requirements and more time to process applications for licenses from crypto companies.” Reimand clarified: “New requirements for applying for authorization of the virtual currency service providers are in place since March 10, 2020,” concluding:

“Companies which received their authorizations before March 10, 2020, have until July 1st to meet the requirements. Authorizations of those companies, which fail to do so and do not notify the FIU, must be revoked. As of today, there are more than 900 authorized virtual currency service providers.”