ESTONIA Law and Practice Contributed by: Yuliya Barabash, Ivan Nevzorov, Daria Lysenko and Nikita Prokopenko, SBSB FinTech Lawyers
2.6 Jurisdiction of Regulators As mentioned at 2.2 Regulatory Regime , in Esto - nia, full regulation is carried out by Finantsinspekt- sioon (Estonian Financial Supervision and Resolution Authority), which assesses applicants’ businesses for compliance with requirements, issues licences and conducts the necessary supervision. The issue of AML supervision, which is carried out by the Rahapesu Andmebüroo (Financial Intelligence Unit), is dealt with separately. The Financial Intelligence Unit is the lead - ing body and carries out monitoring, collects informa - tion and tracks income obtained by criminal means. 2.7 No-Action Letters Estonia does not have a practice of issuing no-action letters to participants in legal relations. Most often, an informal approach is used, which consists of pre - liminary communication and obtaining clarifications on the application of regulations to certain types of activities. It should be noted that Finantsinspektsioon is open to communication with businesses, but the advice and clarifications provided are not binding and do not guarantee immunity from regulatory action. 2.8 Outsourcing of Regulated Functions For Estonian companies, outsourcing can be used to perform certain regulated functions, but strict restric - tions and requirements must be taken into account. The main thing is that a company cannot outsource its own compliance with regulatory requirements – that is, the company must retain effective control over the functions that are subject to regulation and transferred to another party. The vendor must comply with the requirements for operational stability, data protec - tion, reliability and AML control. Before concluding a contract, the company must assess the counter - party, identify risks and ensure monitoring of activi - ties. In addition, contracts with outsourcing parties must include the regulator’s access to information, data protection, business continuity and the possi - bility of terminating the agreement. Critical business functions, such as compliance processes or IT infra - structure, are particularly important. It should be noted that by using regulated partners for outsourcing, many businesses reduce their own regulatory risks.
The key rule for applicable fees is mandatory transpar - ency and clarity. This means that the business must clearly and unambiguously describe the fee structure, the method of calculation, possible additional costs, and possible conflicts. For certain products, such as crypto services or assets, the product risk, pricing information and transaction execution must be dis - closed. Businesses must adhere to the principle of fair, clear and not misleading disclosure. 2.4 Variations Between the Regulation of Fintech and Legacy Players Estonia applies the same regulatory principles to both traditional financial institutions and fintech, but an important feature is the proportionality of the approach, which directly depends on the level of risk for the business model. In general, traditional players are subject to stricter regulation (in terms of capital requirements, risk management and corporate gov - ernance, liquidity, etc). Fintech companies are subject to separate regimes specifically designed for them. This simultaneously reduces requirements and narrows the range of per - mitted activities, but at the same time lowers the entry threshold. It is important that the rules on AML, con - sumer protection and business stability remain robust and aimed at protecting end customers. 2.5 Regulatory Sandbox Unfortunately, there is currently no sandbox regime for crypto companies in Estonia. It is believed that the introduction of such a regime in the country would be beneficial, as it would allow more innovative busi - nesses to enter the market, compete with each other, and provide better services to consumers. However, there is an alternative option, which is to consult with Finantsinspektsioon before launching a business. Both start-ups and existing businesses planning to expand their range of activities can submit a request. The regulator provides explanations, which can greatly help in understanding the regulatory envi - ronment and the possibility of conducting the desired activities.
245 CHAMBERS.COM
Powered by FlippingBook