Other audit services
We help clients with the application and use of foreign financial aid of EU and other funds and help prepare financial reports.
The calculator will answer if the company's sales revenue, assets or number of employees exceed the limit of an inspection or audit.
Payroll and related services
We perform payroll accounting for companies whether they employ a few or hundreds of employees.
Grant Thornton Baltic's experienced tax specialists support accountants and offer reasonable and practical solutions.
We prepare annual reports in a timely manner. We help to prepare management reports and various mandatory reports.
Consolidation of financial statements
Our experienced accountants and advisors help you prepare consolidation tables and make the consolidation process more efficient.
Consultancy and temporary staff
Our experienced specialists advise on more complex accounting transactions, rectify poor historic accounting, and offer the temporary replacement of an accountant.
Our CFO services suit companies where creating a CFO position would not be economically feasible, but professional financial leadership is still needed.
Assessment of accounting processes
We help companies to implement accounting practices that are in compliance with local and international standards.
Accounting services for small businesses
We offer affordable service for small businesses. We help organize processes as smartly and cost-effectively as possible.
We keep up with blockchain technology to serve and advise crypto companies. We are supported by a network of colleagues in 130 countries.
Trainings and seminars
Our accountants have experience in all matters related to accounting and reporting. We offer our clients professional training according to their needs.
We offer legal support to both start-ups and expanding companies, making sure that all legal steps are well thought out in detail.
Our specialists advise payment institutions, virtual currency service providers and financial institutions.
We advise on legal, tax and financial matters necessary for better management of the company's legal or organizational structure.
We provide advice in all aspects of the transaction process.
Legal due diligence
We thoroughly analyze the internal documents, legal relations, and business compliance of the company to be merged or acquired.
In-house lawyer service
The service is intended for entrepreneurs who are looking for a reliable partner to solve the company's day-to-day legal issues.
The contact person service
We offer a contact person service to Estonian companies with a board located abroad.
We organize both public trainings and tailor made trainings ordered by clients on current legal and tax issues.
Business model or strategy renewal
In order to be successful, every company, regardless of the size of the organization, must have a clear strategy, ie know where the whole team is heading.
Marketing and brand strategy; creation and updating of the client management system
We support you in updating your marketing and brand strategy and customer management system, so that you can adapt in this time of rapid changes.
Coaching and development support
A good organizational culture is like a trump card for a company. We guide you how to collect trump cards!
Today, the question is not whether to digitize, but how to do it. We help you develop and implement smart digital solutions.
Sales organisation development
Our mission is to improve our customers' business results by choosing the right focuses and providing a clear and systematic path to a solution.
Business plan development
A good business plan is a guide and management tool for an entrepreneur, a source of information for financial institutions and potential investors to make financial decisions.
We perform due diligence so that investors can get a thorough overview of the company before the planned purchase transaction.
Mergers and acquisitions
We provide advice in all aspects of the transaction process.
We estimate the company's market value, asset value and other asset groups based on internationally accepted methodology.
Forensic expert services
Our experienced, nationally recognized forensic experts provide assessments in the economic and financial field.
Business plans and financial forecasts
The lack of planning and control of cash resources is the reason often given for the failure of many businesses. We help you prepare proper forecasts to reduce business risks.
Business Intelligence and financial management
Analysing and making sense of numbers in financial reports enables a company’s management to identify new prospects of development and growth.
Our experienced reorganizers offer ways to overcome the company's economic difficulties and restore liquidity in order to manage sustainably in the future.
Restructuring and reorganisation
We offer individual complete solutions for reorganizing the structure of companies.
We advise on all matters related to corporate taxation.
Value added tax and other indirect taxes
We have extensive knowledge in the field of VAT, excise duties and customs, both on the national and international level.
We advise on foreign tax systems and international tax regulations, including the requirements of cross-border reporting.
We help plan and document all aspects of a company's transfer pricing strategy.
Taxation of transactions
We plan the tax consequences of a company's acquisition, transfer, refinancing, restructuring, and listing of bonds or shares.
Taxation of employees in cross-border operations
An employee of an Estonian company abroad and an employee of a foreign company in Estonia - we advise on tax rules.
Tax risk audit
We perform a risk audit that helps diagnose and limit tax risks and optimize tax obligations.
Representing the client in Tax Board
We prevent tax problems and ensure smooth communication with the Tax and Customs Board.
Taxation of private individuals
We advise individuals on personal income taxation issues and, represent the client in communication with the Tax and Customs Board.
Pan-Baltic tax system comparison
Our tax specialists have prepared a comparison of the tax systems of the Baltic countries regarding the taxation of companies and individuals.
Recruitment services – personnel search
We help fill positions in your company with competent and dedicated employees who help realize the company's strategic goals.
Recruitment support services
Support services help to determine whether the candidates match the company's expectations. The most used support services are candidate testing and evaluation.
Implementation of human resource management processes
We either assume a full control of the launch of processes related to HR management, or we are a supportive advisory partner for the HR manager.
Audit of HR management processes
We map the HR management processes and provide an overview of how to assess the health of the organization from the HR management perspective.
HR Documentation and Operating Model Advisory Services work
We support companies in setting up HR documentation and operational processes with a necessary quality.
We help to carry out goal-oriented and high-quality employee surveys. We analyse the results, make reports, and draw conclusions.
HR Management outsourcing
We offer both temporary and permanent/long-term HR manager services to companies.
We assist you in performing the internal audit function, performing internal audits and advisory work, evaluating governance, and conducting training.
Internal Audit in the Financial Services Sector
We provide internal audit services to financial sector companies. We can support the creation of an internal audit function already when applying for a sectoral activity license.
Audit of projects
We conduct audits of projects that have received European Union funds, state aid, foreign aid, or other grants.
Prevention of money laundering
We help to prepare a money laundering risk assessment and efficient anti-money laundering procedures, conduct internal audits and training.
Risk assessment and risk management
We advise you on conducting a risk assessment and setting up a risk management system.
At the request of the client, we perform audits, inspections and analyzes with a specific purpose and scope.
External Quality Assessment of the Internal Audit Activity
We conduct an external evaluation of the quality of the internal audit or provide independent assurance on the self-assessment.
Whistleblowing and reporting misconduct
We can help build the whistleblowing system, from implementation, internal repairs and staff training to the creation of a reporting channel and case management.
We help solve issues related to the environment, social capital, employees, business model and good management practices.
Our auditors review and certify sustainability reports in accordance with international standards.
We help investors to analyze the environmental issues, social responsibility and good management practices of the company of interest.
Our international tax specialists define the concept of sustainable tax behavior and provide services related to sustainable tax behavior.
We help assess the digital maturity of your organization, create a strategy that matches your needs and capabilities, and develop key metrics.
We aid you in determining your business’ needs and opportunities, as well as model the business processes to provide the best user experience and efficiency.
Our team of experienced business analysts will help you get a grip on your data by mapping and structuring all the data available.
A proactive cyber strategy delivers you peace of mind, allowing you to focus on realising your company’s growth potential.
Innovation as a Service
On average, one in four projects fails and one in two needs changes. We help manage the innovation of your company's digital solutions!
This article covers the key differences between MiCAR (Markets in Crypto Assets Regulation) and MLTFPA, the fate of the old license, new taxonomies introduced in MiCAR, key regulatory requirements for CASPs, key regulatory requirements for issuing assets and possible redundant requirements of MLTFPA.
The MLTFPA has been in place in Estonia since 2017 and is based on the EU's Fourth Money Laundering Directive. The MLTFPA requires financial institutions and other obligated entities to undertake customer due diligence, identify and report suspicious transactions, and implement internal controls to prevent money laundering and terrorist financing.
The MiCA regulation, on the other hand, is designed to address the unique challenges posed by crypto-assets and virtual currencies. MiCAR is a comprehensive regulatory framework that aims to provide a harmonized approach to the regulation of crypto-assets across the EU. The MiCA regulation seeks to provide a high level of consumer protection, prevent money laundering and terrorist financing, and ensure the stability of the financial system. The regulation sets out strict requirements for Crypto Asset Service Providers (CASPs) operating within the EU. Additionally, a register for all crypto-asset service providers will be established and it will be available to the public and shall be updated on a regular basis.
MiCA introduces a new taxonomy of assets and services with respective license requirements. MiCA regulation covers basically all forms of token offerings and stablecoin issuance plus new market abuse rules for the entire space.
In terms of the obligations on obligated entities, the MiCA regulation builds on the existing requirements under the MLTFPA. Obligated entities will still need to undertake customer due diligence, identify, and report suspicious transactions, and implement internal controls.
Truthfully, for VASPs already licensed in Estonia, the transition from Estonian MLTFPA to MiCAR should be relatively easy as plenty of obligations introduced in MiCA are already in effect under Estonian MLTFPA.
MiCA vs. MLTFPA: Key Differences
Overall, the requirements under MiCA are more specific and comprehensive compared to the existing MLTFPA. MiCA includes new taxonomy of assets and services, requirements for licensing and capital requirements, which may all impact a VASP’s business models and operations. Additionally, MiCA covers a broader range of crypto-assets than the MLTFPA, including stablecoins and utility tokens. However, it's important to note that MiCA doesn't cover crypto assets that fall under existing EU financial services legislation (like securities), digital assets which cannot be transferred to other holders, staking, lending, NFTs (unless issued in a “large series or collection”) and “fully decentralized finance”*.
The most exciting aspect of the new MiCA license is the allowance and regulation of passporting, which will allow institutions to operate across EU under a single regulatory framework. Timeline for applying and getting the authorization to start providing services is said to be about a month.
The MLTFPA and MiCA have different thresholds for customer due diligence (CDD) requirements. For example, the MLTFPA requires CDD to be performed on all customers, while MiCA allows for simplified CDD measures to be applied in certain circumstances, such as when carrying out occasional transactions below €1,000.
A big difference is in the amounts of permanent minimum capital required from CASPs. Currently, under MLTFPA, the lowest requirement is €100,000 (wallet services, exchange services and issuing services) while the highest is €250,000 (transfer services). Under MiCA the requirements are much lower:
- €150,000 for trading platforms,
- €125,000 for custodians and exchanges (brokers),
- and €50,000 for all the others.
Another big general requirement is to place clients’ funds with a bank and in a separate account from where the service provider holds its own funds.
* MiCA states: “where crypto-asset services (..) are provided in a fully decentralized manner without any intermediary, they should not fall within the scope of this Regulation”. However the same documents states that MiCA applies even “when part of such activities or services is performed in a decentralized manner”. So, for now it remains hard to tell how much decentralization (technical, governance, legal etc) is necessary to stay out of the scope.
Fate of the FIU and the old license
The MiCA license is one of the most important changes that MiCA brings. It will be uniform in all Member States as all CASPS must apply for the same license with the same requirements, same obligations, same procedure etc.
It is important to note that the MiCA license still has to be applied for. There will be a new separate application process (hopefully more transparent than so far) where the relevant authority will assess the application and ultimately decide to grant (or refuse to grant) the license. There is no way to transfer or modify the current MLTFPA license or otherwise speed up the procedure.
The license will cover current services listed in MLTFPA and new types of services previously not regulated. We will see modified requirements for service providers (including redundant MLTFPA requirements) and special requirements for each type of service.
So far FIU has been the supervisory authority for VASPs. This will change with presumably the Financial Supervision Authority (FSA) taking over for FIU. This means MiCA applications will be submitted to the FSA, who will review and make the decision to grant or refuse to grant licenses. FSA will also start performing supervision, issuing notices and withdrawing licenses, if relevant grounds are presented. Current licenses will become known as the „old“ ones and they will expire once MiCA is implemented.
Crypto-asset services listed by MiCA
As mentioned above, MiCA will cover current services listed in MLTFPA and new types of services previously not regulated.
MiCA lists the following crypto-asset services:
- the custody and administration of crypto-assets on behalf of third parties
- the operation of a trading platform for crypto assets
- the exchange of crypto-assets for funds
- the exchange of crypto-assets for other crypto-assets
- the execution of orders for crypto-assets on behalf of third parties
- placing of crypto assets
- the reception and transmission of orders for crypto-assets on behalf of third parties
- providing advice on crypto-assets
So, the current wallet services (as described in MLTFPA) remains as “the custody and administration of crypto-assets on behalf of third parties”.
The current exchange service (as described in MLTFPA) was divided into several services:
- the operation of a trading platform for crypto-assets
- the exchange of crypto assets for funds
- the exchange of crypto-assets for other crypto-assets
As you can see, issuing a crypto-asset is not listed as a service. One does not need a license to issue crypto-assets, however there are detailed requirements and sometimes authorization is needed, depending on the asset type.
MiCA identifies 4 different types of assets with respective requirements:
- A crypto-asset is a “digital representation of a value or a right, which may be transferred and stored electronically, using distributed ledger or similar technology”. Most crypto-assets should fall under this “catch-all” category, including Bitcoin and Ether.
- A utility token is a sub-type of crypto-assets “which is only intended to provide access to a good or a service supplied by its issuer”. There are lighter requirements for issuing utility tokens, but we don’t expect to see many of these.
- An asset-referenced token (ART) is a token that aims at stabilizing its value by referencing/pegging to a basket of currencies, commodities, crypto-assets or other single non-fiat currency assets.
- An e-money token (EMT) aims at stabilizing its value by referencing the value of one single fiat currency, for example USDC, USDT, BUSD or EUROC. This concept and most of its requirements stem from the existing regulatory concept of e-money in the EU.
It’s worth noting that for the scope of MiCA, it doesn’t matter if your stablecoin is based on a algorithm - it is in the scope if it matches any of the above mentioned definitions as mechanism doesn’t matter.
Key regulatory requirements and obligations for CASPs
To apply for a CASP license, the application must contain all the following:
- the name, including the legal name and any other commercial name to be used, the legal entity identifier of the applicant crypto-asset service provider, the website operated by that provider, and its physical address
- the legal status of the applicant crypto-asset service provider
- the articles of association of the applicant crypto-asset service provider
- a program of operations setting out the types of crypto-asset services that the applicant crypto-asset service provider wishes to provide, including where and how these services are to be marketed
- a description of the applicant crypto-asset service provider’s governance arrangements
- for all natural persons involved in the management body of the applicant crypto-asset service provider, and for all natural persons who, directly or indirectly, hold 20% or more of the share capital or voting rights, proof of the absence of a criminal record in respect of infringements of national rules in the fields of commercial law, insolvency law, financial services law, anti-money laundering law, counter-terrorism legislation, and professional liability obligations
- proof that the natural persons involved in the management body of the applicant crypto-asset service provider collectively possess sufficient knowledge, skills and experience to manage that provider and that those natural persons are required to commit sufficient time to the performance of their duties
- a description of the applicant crypto-asset service provider’s internal control mechanism, procedure for risk assessment and business continuity plan
- descriptions both in technical and non-technical language of applicant crypto-asset service provider’s IT systems and security arrangements
- proof that the applicant crypto-asset service provider meets the prudential safeguards
- a description of the applicant crypto-asset service provider’s procedures to handle complaints from clients
- a description of the procedure for the segregation of client’s crypto-assets and funds
- a description of the procedure and system to detect market abuse.
- where the applicant crypto-asset service provider intends to ensure the custody and administration of crypto-assets on behalf of third parties, a description of the custody policy
- where the applicant crypto-asset service provider intends to operate a trading platform for crypto-assets, a description of the operating rules of the trading platform
- where the applicant crypto-asset service provider intends to exchange cryptoassets for fiat currency or crypto-assets for other crypto-assets, a description of the non-discriminatory commercial policy
- where the applicant crypto-asset service provider intends to execute orders for crypto-assets on behalf of third parties, a description of the execution policy
- where the applicant intends to receive and transmit orders for crypto-assets on behalf of third parties, proof that the natural persons giving advice on behalf of the applicant crypto-asset service provider have the necessary knowledge and expertise to fulfil their obligations.
Even though MiCA is way more detailed and crypto focused, much of CASP obligations are already in act in Estonia through MLTFPA. So, we would like to currently only highlight distinct new or changed obligations:
- crypto-asset service providers must have a registered office in an EU Member State in which at least part of the CASP’s crypto-asset activities is carried out as well as have an effective management in the EU and at least one director being a resident of the EU
- crypto-asset service providers shall make their policy procedures in place for identifying, preventing, managing and disclosing conflicts of interests publicly available
- crypto-asset service providers shall, at all times, have in place prudential safeguards, which may take the form of own funds requirement or an insurance policy covering the territories of the Union where crypto-asset services are actively provided
- crypto-asset service providers shall arrange for records to be kept of all crypto-asset services, activities, orders and transactions undertaken by them and allow clients to receive such records
- crypto-asset service providers shall, promptly place any client’s funds, with a central bank or a credit institution. Crypto-asset service providers shall take all necessary steps to ensure that the clients’ funds held with a central bank or a credit institution are held in an account or accounts separately identifiable from any accounts used to hold funds belonging to the crypto-asset service provider
- crypto-asset service providers, that rely on third parties for the performance of operational functions, take all reasonable steps to avoid additional operational risk
- outsourcing cannot result in the delegation of the responsibility of the crypto-asset service providers
- outsourcing cannot alter the relationship between the crypto-asset service providers and their clients, nor the obligations of the crypto-asset service providers towards their clients
- crypto-asset service providers must have direct access to the relevant information of the outsourced services
- crypto-asset service providers shall have a policy on their outsourcing, including on contingency plans and exit strategies
- crypto-asset service providers shall enter into a written agreement with any third parties involved in outsourcing. That written agreement shall specify the rights and obligations of both the crypto-asset service providers and of the third parties concerned and shall allow the crypto-asset service providers concerned to terminate that agreement
- specific ESG requirements
- crypto-asset service providers must establish an appropriate plan to support an orderly wind-down
- crypto-asset service providers must establish and maintain a proper complaint handling procedure, informing clients of a possibility to file a complaint
Depending on the services they provide and due to the specific risks raised by each type of services, crypto-asset service providers are subjected to requirements specific to those services. We will cover those in another article.
Requirements for issuing assets
Issuing assets other than ARTs and EMTs:
- issuer must be a legal person
- requirement to draft and publish a white paper
- doesn’t have to be approved previously, but a local competent authority needs to be notified and the white paper has tons of requirements
- requirements on marketing communication
- no ex-ante approval of documents, notification to the home member state competent authority 20 working days prior to publishing white paper
- possibility to modify the white paper
There are exemptions for when there is no obligation to draft the white paper and publish it:
- crypto-assets are offered for free
- crypto-assets are offered to fewer than 150 natural or legal persons per Member State
- cmall offering – does not exceed 1M EUR (or equivalent) over a period of 12 months
- offer is solely addressed to qualified investors and crypto-assets can only be held by qualified investors
As mentioned, MiCA’s goal is to also offer protection for consumers and investors. This is reflected in the consumer’s right to withdraw from a crypto-asset purchase within 14 calendar days. Issuer must make this possible without incurring any costs and without asking for a reason or an explanation.
Asset reference tokens are considered more riskier and their regulation is heavier.
- issuers need to apply for an authorization (including approval of white paper)
- over a period of 12 months, the average outstanding amount of asset-reference tokens does not exceed 5M EUR (or equivalent)
- offer solely addressed to qualified investors and tokens can only be held by such
- notification of the white paper to the competent authorities
- publication of the white paper
- strict requirements which the application and its documentation must meet
- modifications to the white paper are allowed, but are subject to new approval by the authority
- obligation to have reserve assets
- obligation to regularly audit and have independent audit of the reserve assets in every six months
- obligation to disclose at least every month the amount of asset-reference tokens in circulation and the value of the composition of the reserve assets
- authorisation required to act as a Credit institution or an e-money institution
- requirement to draft and publish white paper while also notifying the competent authority
- no ex-ante approval of documents, notification to the home member state competent authority at least 20 working days prior to publishing a WP
- E-money Directive applies
- the above does not apply if:
- e-money tokens are marketed, distributed and held by qualified investors and can only be held by qualified investors;
- if the average outstanding amount of e-money tokens does not exceed 5M EUR (or equivalent) over a period of 12 months
- white paper modifications are allowed – subject to infoming the public and notifying the competent authority along with reasons
Additionally, for ARTs and EMTs, MiCA introduces the concept of “significance”. Significant ARTs and EMTs are tokens that reach certain adoption thresholds and have to meet higher prudential, governance, and liquidity requirements. If three of the following criteria (TBA by EU supervisors) are met, ARTs and EMTs are deemed significant:
- > 10 million holders
- > €5 billion market capitalization
- whether the number and value of transactions per day is higher than 2.5 million and €500 million, respectively
- whether the issuer is designated a gatekeeper according to the Digital Markets Act
- whether the issuer is deemed significant on an international scale, including the use of the token for payments and remittances
- the degree to which the token is interconnected with the financial system
- whether the issuers offer additional ARTs, EMTs, or crypto-asset services
It is also very important to mention that MiCA Article 36 prevents issuers of asset-referenced tokens and crypto-asset service providers from granting any interest to holders of asset-referenced tokens and Article 45 prevents issuers of e-money tokens and crypto-asset service providers from granting any interest to holders of e-money tokens.
Redundant requirements of MLTFPA
Several important requirements of MLTFPA might become redundant as these are
not included in MiCAR:
- Auditor requirements
There is no longer a specific requirement for virtual currency service providers to audit their annual report nor is there a requirement to have an external auditor or internal auditor. However the overall audit requirement pursuant to law will apply (based on parameters such as revenue, assets etc.)
- Higher education requirement
Even though the members of the management body of crypto-asset service providers and the members of the management body of ART issuers shall have sufficiently good repute and possess knowledge, experience and skills to perform their duties and for the purpose of anti-money laundering and combatting the financing of terrorism, there is no requirement for higher education or Estonian residence. However CASPs do need at least one director to be a resident of the EU.
Analysis and conclusion
There has been a lot of active discussions on social media and crypto spaces about the MiCA regulation and its potential impact on the crypto industry. Many people are expressing concerns about the increased regulatory burden and the potential impact on innovation and competition in the sector. Some commentators are also pointing out that the MiCA regulation does not cover certain activities, such as staking and lending, or fully decentralized finance. This has raised questions about the extent to which the regulation will be effective in addressing the risks associated with the crypto industry while some are already calling for MiCA 2.0.
Despite these concerns, we believe that the MiCA regulation is an important step forward in the regulation of the crypto industry, as it provides much-needed clarity and certainty for market participants while also protecting investors. We hope to see this regulation helping increase trust and confidence in the sector, which in turn will encourage greater adoption of crypto-assets and virtual currencies. We are excited to see how this will shape the future of the crypto industry in the EU and beyond!
It's important to note that the MiCA regulation is expected to come into effect in the EU member states by 2024. The exact timeline for implementation in Estonia is not yet clear, but current VASPs should stay tuned for further updates and already begin preparing now to ensure they are ready to comply with the new requirements (especially service-specific requirements) once they come into force. Especially since failure to comply with MiCA can result in substantial fines (which in certain cases may reach 12.5% of the total annual turnover of the entity or more), periodic penalty payments, withdrawal/suspension of the authorization or removal/ban of a natural person from managerial positions.
At Grant Thornton Baltic OÜ, we understand the challenges that come with staying up-to-date on complex regulations and requirements, which is why we offer internal auditing and business risk advisory services. Our experienced professionals can help you navigate the regulatory landscape and implement effective compliance programs that minimize risk and maximize opportunities for growth. Contact us today to learn how we can help you achieve your business objectives while remaining compliant with the new MiCA regulation.
If you have similar challenges and questions, please contact our specialists.