Crypto License Pro OÜ is a designated obliged entity under the Estonian Money Laundering and Terrorist Financing Prevention Act (Rahapesu ja terrorismi rahastamise tõkestamise seadus, "RahaPTS"). This page summarises the AML/CFT framework that governs our work. Our internal procedures are more detailed and are available to clients on request.
1. Client due diligence (CDD)
Before opening an engagement, we identify and verify:
- The client entity (or natural person) and its legal form;
- Beneficial owners holding 25% or more of the client entity, or otherwise exercising control;
- Authorised representatives signing the engagement letter;
- The nature and intended purpose of the engagement.
Verification is done against original or certified copies of identity documents, recent corporate extracts, and independent reference data. We apply enhanced due diligence ("EDD") to clients in high-risk categories, including politically exposed persons (PEPs), high-risk third countries, and complex ownership structures.
2. Source of funds and source of wealth
For engagements involving capital deposits to be paid to a regulator (such as MiCA prudential capital), or where the transaction profile of the prospective licence-holder warrants it, we conduct source-of-funds and source-of-wealth checks proportionate to the assessed risk.
3. Sanctions screening
All clients, their beneficial owners, and their authorised signatories are screened against EU consolidated sanctions lists, the UN Security Council Consolidated List, the UK OFSI list, and the US OFAC SDN list. Screening is repeated at engagement renewal and on any material change in ownership.
4. Ongoing monitoring
We monitor engagements throughout their lifecycle for transactions or instructions that are inconsistent with the client's profile. Triggers for review include changes in beneficial ownership, unusual payment routings, and deviations from the operating model described at engagement onboarding.
5. Suspicious-transaction reporting
If we identify a fact giving rise to a suspicion of money laundering or terrorist financing, we are required to report it to the Estonian Financial Intelligence Unit (Rahapesu Andmebüroo). We are prohibited by law from informing the client that a report has been made (the "tipping-off" prohibition).
6. Record keeping
AML records — including CDD documentation, EDD findings, sanctions screening results, and any internal escalation notes — are retained for a minimum of five years following the end of the engagement.
7. Training and accountability
All personnel receive AML/CFT training on induction and annually thereafter. Our designated MLRO is responsible for the framework and is the firm's contact point with the Financial Intelligence Unit.
8. Contact
AML and MLRO contact: aml@cryptolicense.pro.