The Act for Markets in Crypto-Assets finally clarifies the changes lying ahead for crypto-asset service providers – what you should know

Almost a year has passed since the regulation on markets in crypto-assets (MiCAR) entered into force and the member states are one-by-one adopting legal acts that specify the details of its implementation and enable the substantive implementation of the regulation. Although the regulation should be uniformed, regulating crypto-assets is a hot topic and market participants as well as investors have been eagerly waiting for clarity in each member state. It has been an interesting year to observe how the member states have decided to regulate the topics which the MiCAR has left for the member states to decide and whether the approach of the member states will be more detailed than the MiCAR. Ellex FinTech experts Anneli Krunks and Marko Kairjak will delve further into this topic.

Two weeks ago, it was Estonia’s turn when the Estonian parliament adopted the Act for Markets in Crypto-Assets (AMCA). In general, the regulation provided in the AMCA was to be expected and the act does not introduce anything revolutionary. However, companies that are planning to apply for a crypto-asset service provider license should note some of the rules established in the act in due time.

Estonia does not provide for a simplified transition for companies with a virtual currency service provider authorisation. It can already be said with confidence that the member sates’ approach has varied greatly in terms of whether the virtual currency service providers who currently hold an authorisation under the anti-money laundering and terrorist financing rules framework could apply for the crypto-asset service provider license under the simplified procedure or not.

Insofar as the virtual currency service providers in Estonia have been subject to more stringent rules compared to many other members states, it was expected that the simplified transition would also be adopted in Estonia. A simplified procedure has been provided for similar reasons, for example, in Germany.

The AMCA has not provided for a simplified transition to these virtual currency service providers already operating. This means that the authorised virtual currency service providers need to apply for the crypto-asset service provider license on the same grounds with these companies who do not currently have the virtual currency service provider authorisation. The virtual currency service providers in Estonia have already had to renew their authorisation once during the recent years and have to undergo the licensing process once again under the new requirements.

Although it cannot be read from the AMCA, based on experience we can quite confidently say that in practice, the process of applying for a new license will be more smooth and somewhat easier for already authorised virtual currency service providers, regardless of the lack of relevant provisions in the legal act.  This is because virtual currency service providers are already required to have an operational internal control system and, in several areas, (e.g. internal audit, fit and proper requirements for the managers, implementation of the AML requirements etc.) comply with requirements that are similar to those in the MiCAR.

Estonia has decided to apply the maximum transition deadline for virtual currency service providers. The MiCAR gave the member states the possibility to decide within which timeframe stated in the MiCAR the virtual currency service providers need to apply for the crypto-asset service provider license. Estonia has decided to apply the maximum transition period. According to this, virtual currency service providers can provide services under their current authorisation until 1 July 2026. So by that time, the virtual currency service providers need to have obtained the license from the Estonian Financial Supervision Authority to provide crypto asset services. Otherwise they are not allowed to provide services after 1 July 2026.

The member states have approached this differently as well and quite a few have kept the transition term significantly shorter. For example, at first Lithuania planned on having December 2024 as the transition deadline but it has been extended to 1 June 2025.

Longer transition period leaves the virtual currency service providers in Estonia enough time to prepare for the licensing process and compliance with the requirements which apply to the crypto-asset service providers. Whereas the longer transition period is most relevant probably for the requirements that concern management bodies and  ICT resilience.

As the crypto-asset service provider license enables to provide services all over the Europe Union, it is likely that many virtual currency service providers start the process of applying for a new license as soon as possible.

Requirements for the management bodies pose a challenge for all the applicants. According to the AMCA, a crypto-asset service provider needs to have a two-member management board and crypto-asset service providers that operate as a private limited company usually also need a three-member supervisory board.

A person who is a member of the management body needs to be suitable for the position, i.e., to have sufficient knowledge, skills and experience. Until now, there were no requirements for virtual currency service providers regarding the number of the members in the management bodies, so they often operated with a one-member management board.

Finding one qualified member for the management board was not problematic. In light of the AMCA, however, the crypto-asset service provider needs to have a total of five suitable members of the management bodies. Considering the small size of the Estonian market, finding additional suitable members will be a challenge – there is a limited number of such individuals. This in turn may cause the licensing proceedings to get caught up in finding qualified persons.

The problem with finding additional members to the management bodies could be alleviated if in addition to the individual suitability of the members of the management body, also the collective suitability of the management bodies is assessed. It would mean that persons with different backgrounds could be appointed as members of the management bodies and their suitability would also be evaluated collectively. This way the management bodies could include persons who would be  responsible in the management body for a certain area within their expertise.

An example of this could be including IT experts to the management bodies, with IT being their main area of responsibility. Of course at least basic knowledge and skills in crypto-asset services are a must. Moreover, it is more likely that people already active in the financial sector make their way to the management bodies of the crypto-asset service providers where prior experience in the financial sector could also tick the box of being suitable.

Similar supervision with other financial entities. While the virtual currency service providers have so far been under the supervision of the Financial Intelligence Unit, the crypto-asset service providers will fall under the supervision of the Estonian Financial Supervision Authority. In relation to this, the practice of the Estonian Financial Supervision Authority in the proceedings and supervision of financial institutions will also extend to the crypto-asset service providers. The reference standard here will be financial institutions.

So the companies who wish to apply for the crypto-asset service provider license have an exciting and challenging times ahead of them. It is important to get a head start to have the necessary license by the end of the transition period.