EU member Estonia has just over 1.3 million inhabitants and is said to have issued more than 3,000 crypto licenses by June 2020. According to the latest yearbook of the Estonian FIU, the authority issued 667 new licenses for crypto exchanges and 638 licenses for online wallet services in 2019. It doesn’t need a rocket scientist to figure out how important cryptocurrencies and crypto licenses are for this small Baltic country. Lawyers and specialized consulting companies and their employees live off them. The FIU is obviously completely overstrained with this regulatory tsunami and should immediately order a stop to new licenses.
Inadequate regulatory regime
The security of the EU financial market is only as good as its national regulators. A central federal supervisory authority like the SEC in the U.S. is missing in the EU. In this respect, regulatory problems of an EU member state are not national problems, but problems of all EU citizens.
How can a regulator and/or supervising authority monitor a crypto financial industry that has exploded within three years with more than 3,000 licenses? Not at all, as it turns out. It’s simply an impossible task. The licenses are sold through lawyers and consultants and have hardly any serious due diligence procedures or compliance checks. Local frontmen (“monkeys”) and trustees are also arranged for by these providers.
These “regulated” crypto payment processors have become the powerfully beating heart of the international cybercrime scene, helping scammers to defraud the retail investors and care for the necessary money laundering.
In 2019 the Estonian FIU conducted 34 audits of crypto license holders – most of these audits were conducted remotely – while 1,305 new licenses were issued. These figures published by the FIU yearbook 2019 strongly suggest that there can be no proper monitoring.
A responsible regulator would have long since ordered a stop on the reallocation of licences. Every day, new insights are emerging into the extent of the gigantic involvement of Estonian crypto payment processors in the money laundering of cybercrime ventures and scams. This should be the occasion for any responsible regulator to review its licensing policy and suspend new licensing.
Cleaning up the mess
Again, the Estonian crypto licenses are an EU problem. So it is also the responsibility of the EU to intervene. However, the Estonian FIU allegedly wants to clean up with the illegally operating crypto financial service providers and take on the fight against cybercrime. At least that is what FIU boss Madis Reimand claims. According to a report by Bloomberg from June 2020, more than 500 crypto-financial service providers are said to have lost their licenses in the clean-up. That would be more than a third of the licenses issued. This is not likely to have achieved much.
FinTelegram News analyses dozens of scams every week, with a special focus on the participating financial service providers. According to our records, 9 out of 10 scams analyzed are still using Estonian crypto-financial service providers in mid-August 2020. The large cybercrime and scam networks usually run several of those licensed Estonian crypto payment processors.
Cyprus and Estonia are currently a massive problem for the EU financial market with regard to the cyber finance segment. The responsible regulatory and supervisory authorities in both countries are far too lax and/or simply helpless and overburdened in the allocation and monitoring of their units. Where this is leading to was recently seen at the German BaFin with “their” Wirecard.
It is time for Madis Reimand and his FIU to take drastic measures. One way forward, in our opinion, would be a general obligation to have these crypto-licenses reissued, taking into account the experiences of the last three years. One of the license requirements should be that proof of participation in a scam or cybercrime scheme should lead to automatic suspension of the license. In this context, a reporting office would have to be set up at the Estonian FIU through which evil crypto-financial service providers can be reported.