Estonia recently announced its draft updated cryptocurrency legislation. Based on the English translated draft legislation and the Ministry of Finance comments on it, the outlook for cryptocurrency development and decentralised finance startups in Estonia is grim. As was expected: Estonian legislators propose to implement the awaited FATF guidance with no safeguards.

Here is the short English translated summary of the proposed legislation from the UK compliance service provider company SumSub:

The key discussion revolves around the parts “party who supervises the creation and development of a software” and “smart contract”.

What are FATF and its guidance all about? #

FATF, Finance Action Task Force, describes themselves as “the global money laundering and terrorist financing watchdog”. FATF has 39 countries as a member, founded in 1989 and closely associated with G7 and G20 groups. China and Russia are members. In 2019, FATF received open-ended mandate from ministers. There are also multiple members and observer organizations, mostly banking and police industry groups.

FATF itself is not a legal entity and has multiple red flags on its corporate setup. FATF is opaque and somewhat antithesis to democracy. The actual people in FATF and decision-making process are not public. The funding is not public. It is not possible to get information what are the drivers in decision making: fact-based observed police problems, speculative police problems and justifying the expansion of power without facts, political interests (USA) or business interests (banks).

“It claims to be an intergovernmental organisation but that is a play of words. It is still a project team running around for thirty years now, not being supervised, overseen or under any of the Freedom of Information rules of its constituents.” -Simon Lelieveldt

Despite this, governments still tend to implement whatever guidance FATF feeds to them even though guidance is non-binding and has no legal basis. Estonia is somewhat special, as because of its form of democracy, these changes must be approved by parliament. This allows us to enjoy the first public debate on turning the new FATF new guidance into law.

FATF issued out new guidance in October 2021, to capture more actors in the surveillance networks their member states use. Many lawyers are critical of the new guidance and feel it is overreaching. Here is an overview article on CoinDesk by Yanu Fanunsie, a former CIA analyst. Here is another reporting piece from industry insiders by Tim Alper: “so bad that it makes the American infrastructure bill look reasonable.”

The new Estonian cryptocurrency legislation #

I do not hold any shares in Estonian companies, but I own tokens issued out by Estonian startup teams building decentralised protocols. I originally read about the upcoming legislation from he SumSub’s blog post, as my friends asked to take a look at it, as they know I have extensive subject matter expertise. This original translation on SumSub’s blog was harsher and has been now updated as above:

I tweeted my honest opinion about the legislation based on this information before the New Year and I got the desired reaction. People started to talk about the matter. Although a lot of online discussion lacks understanding of the underlying nuances, the discussion participants correctly understand that Estonia is moving against cryptocurrencies and P2P transactions, to a degree what a lot of people could interpret as a business-killing move to some of the local Estonian cryptocurrency and DeFi projects. It is an open secret that FATF is slowly looking to kill any self-hosted, non-custodial, wallets and P2P transactions by making interaction with them overly difficult.

Whether or not the ministers themselves understand what they are deciding on is still to be seen. This was the first time I saw someone writing a reaction Bloomberg article to my tweet. Despite the statements issued out be the Estonian government, nothing has really changed yet, so please keep reading this blog post to understand the crux of the issue better. At least for now people are talking about the matter, thus increasinging the chances for the draft legislation to be changed to be more Estonian business-friendly.

Why the proposed Estonian legislation is bad and will eventually kill cryptocurrencies? #

There are parties that want to get rid of cryptocurrencies, be it reasons making their policing more difficult or banking less profitable. It would not be politically feasible, outside China, for a politician to say they are banning cryptocurrencies. Instead, currently, the approach is to go after the developers to ensure there is no future cryptocurrency development and P2P transactions. Then, slowly increase the regulatory burden until all players are squeezed out and there are only banks with custodial services left.

Estonian legislation, based on FATF guidance, tries to force software developers to become regulated Virtual Asset Service Providers (VASPs). It is intentionally left vague by FATF what could be a VASP. Here is what Ministry of Finance of Estonia says that a protocol may need to become a VASP if there are any fees:

The problem here is that is open-ended what can be considered a business relationship. The actual FATF guidance takes an even more dim view and cloaked threat saying “please make sure your regulator stops software development for any financial peer-to-peer activity” :

It is not feasible for any P2P protocol to become a VASP. Neither it is feasible for a software developer to be VASP/ Being a VASP means by default centralised, and there must be someone able to freeze transactions, no matter if the reasons behind this are political, business or anti-money laundering. So by definition, peer-to-peer and non-custodial where people interact directly should never happen under the FATF guidance. Only regulated entities are allowed to store value and transfer value to other regulated entities. The downside of this regulated entities only approach means that customers of these regulated entities must generate revenue for their service provider. No middleman has been disintermediated, no cost efficiencies have been gained and banks and credit card companies can happily rake their fees.

From the point of regulating peer-to-peer developers, we can do a thought play of which of the following activities should be considered VASPs under new regulation in Estonia:

  • A decentralised peer-to-peer exchange that uses an automated market-making (AMM) model to fulfil the user orders and has protocol fees (Sushi)
  • A decentralised peer-to-peer exchange that uses an automated market-making (AMM) model to fulfil the user orders and generates liquidity provider fees (Uniswap)
  • A website that provides access to decentralised finance and takes part in transaction fees (MetaMask, Zapier)
  • A lending protocol with protocol fees (MakerDAO)
  • A non-custodial wallet where the user pays directly for the usage of the wallet (Argent)
  • A non-custodial wallet where the user pays indirectly for the usage of the wallet in the form of ad revenue (TrustWallet)
  • An Ethereum core developer who receives his salary from Ethereum 2.0 transactions and staking fees
  • A Bitcoin core developer who receives compensation in the form of Bitcoin and Bitcoin value going up
  • An NFT marketplace with various smart contract-based fee revenues
  • An NFT artist who earns smart contract-based fees on the royalties on a secondary market

By the strictest FATF promoted definition, maybe with the exception of an NFT artist, all of the above should be VASPs in Estonia. This would effectively ban all cryptocurrency development activities as we know them. If you go to ask from Estonian voters, I can bet my left kidney that the vast majority does not want this to happen.

Peer-to-peer transactions and anti-money laundering concerns #

FATF concern of money laundering in P2P services is somewhat legit. There are multiple use cases like ransomware payments, tax evasion, drug trafficking that may benefit from the cryptocurrencies. There are also other concerns like investor fraud, online scams, helping Hong Kong protesters (remember China is a member), but these are not money-laundering concerns. FATF has only an anti-money laundering mandate, not the world police mandate. Other institutions should address concerns that are outside money laundering. Furthermore, there is the interest of entrenched banking, credit card and payment processing industry to ensure people cannot have digital cash with payments that do not go on their payment trails and have no fees to extract.

I have written on cryptocurrency money laundering before. Based on the public evidence, there is no support for the argument that the proposed FATF changes of designating peer-to-peer parties and developers as Virtual Asset Service Providers will help fight illicit money in Estonia.

The core of the money laundering isssue is able to cash out, through so-called fiat offramps, illicit profits in the US ally jurisdictions like United Arab Emirates and Switzerland that only pay lip services for doing source of funds checks. Estonia has had a regulatory framework to prevent this since 2018 and the proposed FATF changes, maybe outside of the travel rule between regulated entities, do not address any of core money laundering issues.

Furthermore, when talking about peer-to-peer transactions that do not travel through custodian entries, it is impossible to launder money, by definition, on a public blockchjain because you cannot hide your traces in public. There are mixing services like CoinJoin and TornadoCash, but transactions outflowing from these services are easily detectable at the fiat cash out ramps when using state-of-the-art chain analysis solutions.

What will happen in the future for Estonia? #

There are three scenarios.

The good #

Estonians pay attention. Industry activists, like cryptocurrency advocates and trading associations, will contact their Estonian parliament representatives. The draft legislation is changed so that it clearly states any peer-to-peer activity, might it be paid or otherwise, is excluded from the VASP designation, because it does not make any sense. These exceptions are written down to the law, so there is little room for vague interpretations or conflicting business influence.

This would boost the existing Estonian DeFi projects and surely attract a lot of decentralised protocol development (L1, L2, DeFi and even Bitcoin core development) to Estonia.

The bad #

Estonians do not pay attention and the law passes as is. But the world pays attention. All Estonian cryptocurrency startups migrate elsewhere. All web frontends for DeFi services geoblock Estonia. MetaMask bans Estonian users (remember they make money in their internal swap fees.) Bitcoin wallet developers block Estonian users to download any wallets, as they want to avoid overreaching regulatory regimes by legal advice. Effectively Estonians cannot access any peer-to-peer cryptocurrency networks directly and need to make their MacGyver wallets by duct taping pipes and matches together.

Like what happened in South Korea with Coinone exchange, Estonian users cannot withdraw their assets from the centralised custodians. Even though the unhosted wallet withdrawal is not directly banned, there is no requirement to implement it, and FATF in fact advocates blocking it.

Estonians can only buy and sell Bitcoin in SEB bank because no real cryptocurrency companies want to touch hostile regimes. SEB bank charges Estonian users a fat 2% yearly fee on their Bitcoin holdings to make sure the bank manager bonuses are covered.

Keit Pentus-Rosimannus, the minister of finance, goes down to history as the European person who started banned cryptocurrencies. She is not re-elected because of the political uproar. When her successor takes her seat she can take “this is good - there is no way I could do worse than my predecessor, now let’s fix this mess.”

The Ugly #

Estonians do not pay attention. The world does not pay attention to. Some shady lobbyist in the FATF headquarters in Paris pops the champagne. In two-three years FATF comes down with new guidance proposing making unhosted wallets illegal. Nobody has unhosted wallets because all developers are already wiped out.