We are highlighting three major changes concerning the collection of and access to the data of beneficial owners (BO) in accordance with amendments to the Money Laundering and Terrorist Financing Prevention Act (MLTFPA) which entered into force on 7 March 2022.
We will be addressing the definition of BOs and data to be submitted separately in the future.
1. The obligation to submit data and general access to data
Most legal persons governed by private law as well as trusts operating in Estonia must disclose the data regarding their BOs (Article 30 of the 4th EU Anti-Money Laundering Directive and § 77 MLTFPA).
Pursuant to § 762 MLTFPA and the draft Regulation of the Minister of Finance “Establishment and Statutes of the Database of Beneficial Owners” (the “TEKSA Statutes”), an information technology database is established for the collection, retention and disclosure of the data of BOs. The controller of the database will be the Ministry of Finance and the processors of the database will be the Registry Department of Tartu County Court (as the registrar) and the Centre of Registers and Information Services (as the service provider).
According to § 78 MLTFPA and the TEKSA Statutes, the data submitted to TEKSA will be available free of charge to the Financial Intelligence Unit (FIU), the courts, the Estonian Financial Supervision Authority (FSA), other governmental authorities and persons which have the obligation to implement due diligence measures for the prevention of money laundering and terrorist financing (obliged entities). The general public shall also have accessto the data stored in TEKSA, but for a charge. However, we should remember that the TEKSA is neither exhaustive nor the only source from where an obliged entity should query the BO data as part of the due diligence measures to be applied.
2. Sufficiency, accuracy and relevance of data
By virtue of § 77(5) MLTFPA, the corporations governed by private law and the trustees who must disclose the data of their BOs, need also to update the BO data within 30 days of learning that the data has changed. Where the BO data remains unchanged, it must be confirmd as correct each time upon the submission of the annual report (§ 77 (6) MLTFPA). Where BO data have not been submitted, the registrar shall have the right to demand the submission of the BO data under threat of a fine within ten days of the request.
A newly added § 20 (4) MLTFPA obligates the the persons implementing due diligence measures (obliged entities) to notify the registrar (the so-called notice of incorrectness) if the data which they have independently collected in the course of the AML/TFP due diligence measures differs from the data available in the TEKSA.
Upon receipt of a notifice of incorrectness, the registrar notifies the person obligated to submit the BO data and adds a publicly available notation in the TEKSA that there are doubts concerning the accuracy of the BO data. If the BO data is then corrected or confirmed as accurate, the notation is deleted automatically (§ 772 MLTFPA).
3. Right to demand limitation of access to data
As the BO’s are always physical persons, a question regarding the protection of their life and assets from criminals has been rightly raised.
In accordance with the 5th EU Anti-Money Laundering Directive, a new § 792 is introduced to the MLTFPA which provides the BO’s or their representative (where the beneficial owner is a minor or has restricted active legal capacity) to apply to the controller of the TEKSA (i.e. the Ministry of Finance) for a limitation of public access to the BO data on the grounds that “public access to the data of a beneficial owner would expose such an owner to a disproportionately high risk of fraud, kidnapping, blackmail, extortion, harassment, violence or intimidation.”
According to the draft TEKSA Statutes, the application is submitted via the Commercial Register. The limitations, if implemented, apply only to public access (i.e. the data must still remain available to credit and financial institutions, the notaries, other state authorities, the FSA, and the FIU). In the future, it will be interesting to see how the Ministry of Finance and the courts assess and substantiate the parameter of “disproportionately high risk” prescribed by the legislator.
The MLTFPA established the obligation to disclose the data of beneficial owners already from September 2018 as part of the transposition of the 4th EU Anti-Money Laundering Directive (2015/849/EU, “AMLD IV”).
The original wording of §§ 76 and 77 MLTFPA obligated legal persons governed by private law to collect and retain data regarding their BOs or the form of ownership or control and to submit these to the commercial register where they were available to the public.
However, the EU significantly amended the principles of collecting the data of beneficial owners in 2018 with its 5th Anti-Money Laundering Directive (2018/843/EU, “AMLD V”). AMLD V obligated, among others, the Member States to ensure by 10 January 2020 that the BO data can be retained in a so-called corporate register or to establish a separate suitable public register for this purpose and make these data available to other Member States via the European central data processing platform. Estonia, like most other Member States, was unable to implement these requirements of the AMLD V by the deadline, and the EU Commission initiated the respective infringement proceedings.
Estonia first attempted to transpose the part of the AMLD V concerning the data of beneficial owners with the amendments to the MLTFPA adopted in June 2020 (the part concerning beneficial owners entered into force in May 2021), providing for, among others, the establishment of the database of beneficial owners. The database was not actually put into commission due to technical reasons.
The second attempt was made with the amendments to the MLTFPA adopted in June 2021, which will come into effect with regard to the TEKSA on 7 March 2022. So far, the Regulation of the Minister of Finance establishing the TEKSA has not yet taken effect, i.e. TEKSA as a formal public database does not yet exist on the day of publication of this blog.