Compliance Setup for Estonia Jurisdiction
Estonia was the first jurisdiction in the world with mass VASP licensing (since 2017). After the 2022 reform, requirements tightened significantly: from ~1,400 licenses, only ~100 remained. Now Estonia is a strict but predictable regulator for serious crypto business.
Types of Estonia FIU Licenses
Virtual Currency Exchange Service (VCES): crypto-to-fiat exchange and crypto-to-crypto exchange. Includes exchanges and brokers.
Virtual Currency Wallet Service (VCWS): virtual currency storage and transfer (custodial wallets).
Both licenses can be obtained simultaneously. License is valid for 3 years, then renewal.
Requirements After 2022 Reform
Real presence in Estonia: office and at least one director or employee physically located in Estonia. Nominal director with permanent absence — no longer accepted.
Local AML Compliance Officer: appointed MLRO (Money Laundering Reporting Officer) with confirmed AML experience. Estonia's FIU reviews CVs.
Minimum capital: €125,000 for VCES, €250,000 for VCWS. Not just on account — documented in corporate documents.
IT audit: external IT system audit from Estonian auditor.
AML Policy for Estonia Requirements
Estonia FIU expects specific elements in AML Policy:
Mandatory sections per MLTFPA (Money Laundering and Terrorist
Financing Prevention Act):
1. Description of business model and risks
2. Customer Due Diligence procedures (including enhanced for high-risk)
3. Transaction monitoring system with example rules
4. SAR reporting procedure (in Estonia — via FinanceIntelligence.ee portal)
5. Sanctions screening
6. Record keeping (5 years)
7. Staff training
8. Internal audit
9. Board-level oversight
FIU is known for requesting additional documents in 2-3 rounds. Generic policy downloaded from the internet — immediate rejection.
Technical Requirements
// For Estonian license you must document:
const EstoniaVASPRequirements = {
// Transaction monitoring rules (with examples of how they work)
tmRules: [
"Structuring detection: >3 transactions just below €1000 within 24h",
"High-value: single transaction >€10,000",
"Rapid fund movement: deposit + withdrawal within 24h",
"High-risk country: any transaction involving FATF blacklist country",
],
// KYC levels tied to limits
kycLevels: {
BASIC: { limit: 1000, required: ["email", "phone", "wallet_screening"] },
STANDARD: { limit: 15000, required: ["government_id", "address", "liveness_check"] },
ENHANCED: { limit: Infinity, required: ["source_of_funds", "source_of_wealth", "video_call"] },
},
// SAR reporting
sarReporting: {
platform: "FinanceIntelligence.ee",
deadlineDays: 10, // Estonia has stricter deadline than FATF standard
reportingCriteria: ["suspicion of ML/TF", "unusual transaction patterns"],
},
};
Application Process
- Preparation of all documents (8-12 weeks)
- Submission via Estonian Business Register
- FIU review (60 working days by law, realistically 3-5 months)
- Follow-up questions from FIU (usually 2-3 rounds)
- License grant or motivated refusal
Government fee cost: €10,000 per license.
Compliance setup for Estonian license includes AML Policy development, technical procedures, and support during FIU interaction — 4-8 weeks preparation.