ESTONIA Law and Practice Contributed by: Yuliya Barabash, Ivan Nevzorov, Daria Lysenko and Nikita Prokopenko, SBSB FinTech Lawyers
the country, the term “virtual currency” was mainly considered in the context of AML/CFT regulation, with an emphasis on the storage and exchange of crypto - currencies. Today, after the implementation of MiCA, Estonia uses the concept of crypto-assets, which includes, as mentioned earlier, asset-referenced tokens, e-money tokens and other crypto-assets. Therefore, it can be said that virtual currency is usually considered a sub - category of crypto-assets, while blockchain assets are a broader technological concept that may include tokenised assets or other digital representations of rights. 10.12 NFTs As mentioned earlier, Estonia has implemented the pan-European MiCA regulation, which regulates crypto-assets and excludes NFTs from its scope. Accordingly, NFTs and NFT platforms are not directly included in the financial regulatory perimeter if they represent unique and non-fungible digital assets that are not used as an investment or payment instrument. It should be noted that the regulatory assessment will depend on the actual function of the asset. If, for example, an NFT is used as an investment product, a shared asset or a tokenised financial instrument, it will still be subject to MiCA or MiFID II regulations – ie, it all depends on the nature of the asset. NFT platforms may also be subject to regulation if their activities involve intermediation in financial services or other regulated activities. 10.13 Stablecoins Following the introduction of MiCA into Estonia’s regulatory framework, stablecoins are subject to this regulation. According to the MiCA definition, stable - coins fall under asset-referenced tokens (ART) and e-money tokens (EMT) and are therefore subject to the same regulatory features as in other EU countries. It should be noted that stablecoin issuers must be licensed as EMIs and supervised by Finantsinspekt- sioon . In addition, stablecoins must be fully backed by high-quality liquid reserves in Europe, and, among other things, issuers are required to publish periodic
reports on their reserves and ensure external audits of their assets.
11. Open Banking 11.1 Regulation of Open Banking
The development of open banking in Estonia is largely supported and implemented in accordance with EU law, in particular PSD2, which requires banks to open up customer data to third-party providers. The adop - tion of the regulation has had a positive impact on the development of the fintech sector in the country, creating opportunities for new businesses involving the aggregation of financial data, innovative financial management tools or alternative payment services. It should be noted that, for regulated banks, the imple - mentation of PSD2 was both a challenge in terms of opening APIs and an opportunity, as, following its phased implementation, there has been a significant increase in transaction volumes, and players can pro - vide a wider range of services and meet customer needs. 11.2 Concerns Raised by Open Banking Open banking has created a number of opportuni - ties, but it has also given rise to data security chal - lenges. Estonian fintech providers seek to address cybersecurity and privacy issues by complying with established supranational standards, including PSD2 (also in terms of strong customer authentication) and GDPR, which stipulate that access to banking data is provided exclusively through secure APIs and with the customer’s consent. The most commonly used methods are multi-factor authentication, data encryption, access monitoring, and incident management and resolution procedures, which are implemented by banks and require compli - ance by fintech companies. DORA requirements also strengthen cybersecurity and infrastructure manage - ment controls, which are key to building trust in open banking.
256 CHAMBERS.COM
Powered by FlippingBook