Due diligence measures are always required upon establishment of a business relationship and upon suspicion of money laundering or terrorist financing (regardless of any limits provided by law).
Otherwise, there is a EUR15,000 threshold for transactions (regardless of whether one or several related payments); EUR6,400 upon provision of currency exchange services; EUR2,000 for organisers of
games of chance, regarding all persons who pay or receive more than that in a single transaction or several related transactions.
An obligated person shall identify a natural person (face-to-face) and verify the person on the basi
An obligated person shall identify a legal person and its passive legal capacity and verify the information obtained. Legal persons registered in Estonia and branches of foreign companies registered in
Estonia shall be identified on the basis of an extract of a registry card of the relevant register. Foreign legal persons shall be identified on the basis of an extract of the relevant register or a transcript of the
registration certificate or an equivalent document which has been issued by a competent authority or body not earlier than six months before submission thereof.
Identification of the beneficial owner is a part of due diligence measures, it includes gathering information about the ownership and control structure of a legal person, trust, civil law partnership or other
a) if the nature of a situation involves a high risk of money laundering or terrorist financing; b) if a person participating in a transaction, in a professional operation, or using a professional service; or a customer has been identified and verified without being present at the same place as the person or customer; c) if upon identification or verification of a person suspicion arises regarding the truthfulness of the data or authenticity of the documents submitted or regarding the identification of the beneficial owner or beneficial owners; and d) if a subject is a politically exposed person of a contracting state of the European Economic Area or a third country or their family member or close associate
Upon establishment of a business relationship with or entry into a transaction with or performance of a professional operation for or provision of professional services
The regular due diligence measures shall be applied more frequently than usually. Additionally, the following requirements must be implemented: a) appropriate risk-based internal procedures for making a decision on establishment of a business relationship or entry into a transaction applied; b) the management board or a person or persons authorised by the management board shall decide on establishment of business relationships; and c) upon establishment of a business relationship and entry into a transaction, appropriate measures taken for identification of the origin of the money or other property used. Also at least one of the following enhanced due diligence measures shall be undertaken: a) identification and verification of a person on the basis of additional documents, data or information, which originates from a reliable and independent source or from a credit institution or a branch of a credit institution registered in the Estonian commercial register or from a credit institution which has been registered or has its place of business in a contracting state of the EEA or in a country where requirements equal to the Estonian legislation are in force, and if in such credit institution the person has been identified while being present at the same place as the person; b) application of additional measures for the purpose of verifying the authenticity of documents and the data contained therein, among other things, demanding that they be notarised or officially authenticated or confirmation of the correctness of the data by the credit institution which issued the document; and c) making the first payment relating to a transaction through an account opened in the name of a person or customer participating in the transaction in a credit institution which has its place of business in a contracting state of the EEA or in a country where requirements equal to those provided for in Estonian legislation are in force. Also enhanced due diligence measures shall be undertaken upon opening a correspondent account with a credit institution of a third country and during the period of validity of the respective contract, thereby regularly assessing the following: a) based on public information, the nature of the economic activities and the trustworthiness and reputation of the credit institution of the third country and the effectiveness of supervision exercised over the credit institution; and b) the control systems of the credit institution of the third country for prevention of money laundering and terrorist financing. The contract serving as the basis for opening a correspondent account or the rules of procedure of the credit institution shall contain the obligations of the parties: a) upon application of due diligence measures for prevention of money laundering and terrorist financing, including with regard to a customer having access to a payable-through account or another similar account; b) upon submission, on the basis of a query, of data gathered in the course of identification of customers and verification of submitted information; and c) upon preservation of data and upon performance of the notification obligation and application of other measures for prevention of money laundering and terrorist financing. Prior consent of the management board of the credit institution or financial institution or the person authorised by the management board is required for opening a correspondent account for a credit institution or a financial institution of a third country or for opening a correspondent account in a third country credit institution or financial institution or for signing the corresponding contract. Credit institutions and financial institutions are prohibited to open or hold a correspondent account in a credit institution, which meets at least one of the following conditions: a) the actual place of management or business of the credit institution is located outside its country of location and the credit institution is not part of the consolidation group or group of undertakings of a credit institution or financial institution that is subject to sufficient supervision; b) an account for a credit institution corresponding to the characteristics specified in clause 1) has been opened in the credit institution; and/or c) according to international standards or the circumstances provided for in this section, which are to be used as a basis for assessment, deficiencies become evident in the trustworthiness of the executives of the credit institution and in assessment of measures for prevention of money laundering and terrorist financing
No, Estonian law does not regulate such situations. However, every person must take all necessary steps to avoid money-laundering activities taking place.
Always, in the case of a person participating in a transaction, in a professional operation, or using a professional service; or a customer has been identified and verified without being present at the same
place as the person or customer.
An obligated person, except a credit institution, shall immediately, but no later than within two working days of executing the transaction, notify the Financial Intelligence Unit of any transaction where a financial obligation exceeding EUR32,000 is performed in cash, regardless of whether the transaction made is a single payment or several related payments. A credit institution shall immediately, but no later than within two working days of executing the transaction, notify the Financial Intelligence Unit of any currency exchange transaction exceeding EUR32,000 in cash, unless the credit institution has a business relationship with the person participating in the transaction.
Both failure to report suspicion of money laundering or terrorist financing and submission of incorrect information as well as unlawful notification of information submitted to the Financial Intelligence Unit are offences punishable by a fine up to EUR1,200 or detention (for individuals) or up to EUR32,000 (for legal persons).
The obligated person has the right to refuse to enter into such a transaction, and they shall immediately, but no later than within two working days from identifying the act or circumstances, or from the rise of the suspicion, notify the Financial Intelligence Unit.
Yes. External auditors must inform the Estonian Financial Supervision Authority if they find out that a credit institution materially violates Estonian law.
yes, sensitive personal data is: a. data revealing political opinions or religious or philosophical beliefs, except data relating to being a member of a legal person in private law registered pursuant to the procedure provided by law; b. data revealing ethnic or racial origin; c. data on the state of health or disability; d. data on genetic information; e. biometric data (above all fingerprints, palm prints, eye iris images and genetic data); f. information on sex life; g. information on trade union membership; and h. information concerning commission of an offence or falling victim to an offence before a public court hearing, or making of a decision in the matter of the offence or termination of the court proceeding in the matter
There is a general principle that the processing of personal data is permitted only with the consent of the data subject unless otherwise provided by law. The consent shall clearly determine the data for the processing of which permission is given, the purpose of the processing of the data and the persons to whom communication of the data is permitted, the conditions for communicating the data to third persons and the rights of the data subject concerning further processing of his or her personal data. Silence or inactivity shall not be deemed to be consent. Consent may be partial and conditional: a) in such case the person communicating personal data has to establish the legitimate interest of the third person, verify the accuracy of the data to be communicated and register the data transmission; b) written consent of the data subject needs to be obtained; and c) written consent of the data subject needs to be obtained.
Compulsory by law, but there is no penalty for not having one.
A copy shall be made of the page of an identity document submitted for identification which contains the personal data and a photograph.
In addition, upon identification and verification the following personal data shall be registered:
a) the name and the representative’s name;
b) the personal identification code or, upon absence of a personal identification code, the date and place of birth;
c) the name and number of the document used upon identification and verification of persons, and its date of issue and the name of the agency which issued the document; and
d) the name of the document used upon identification and verification of the right of representation, and its date of issue and the name of the issuer.
In certain cases the address of the place of residence and the profession or area of activity of the person shall be registered.
A representative of a legal person of a foreign country shall, at the request of an obligated person, submit a document certifying his or her powers, which has been notarised or authenticated pursuant to an
equal procedure and legalised or authenticated by a certificate substituting for legalisation (apostille), unless otherwise prescribed by an international agreement.
Yes, under Article 88 of the Credit Institution Act generally all data and assessments which are known to a credit institution concerning the clients of the credit institution or other credit institutions are deemed to be information subject to banking secrecy. However, the following data are not deemed to be information subject to banking secrecy: a) data which are public or available from other sources to persons with a legitimate interest; b) consolidated data on the basis of which data relating to a single client or the identities of persons included in the set of persons referred to in the consolidated data cannot be ascertained; c) a list of the founders and shareholders or members of a credit institution and data relating to the sizes of their holdings in the share capital of the credit institution, regardless of whether or not they are clients of the credit institution; and d) information relating to the correctness of the performance of a client’s obligations to a credit institution.