Finland Forces All Crypto Providers to Register by August 18 Deadline as New AML Law Takes Effect

The Legislative Move

On August 18, 2019, a regulatory deadline hit Finland that rippled across the European cryptocurrency landscape. Every virtual currency provider operating in the country — from exchange operators to wallet custodians — was required to submit a registration application to the Finnish Financial Supervisory Authority (FIN-FSA) or face the prospect of shutting down entirely.

The deadline stemmed from Finland’s Act on Virtual Currency Providers (572/2019), which entered into force on May 1, 2019, as part of the country’s implementation of the European Union’s Fifth Anti-Money Laundering Directive (5AMLD). The FIN-FSA issued accompanying regulations and guidelines that took effect on July 1, 2019, giving existing market participants roughly seven weeks to compile and submit their applications.

The scope of the law is broad. It captures virtual currency issuers, operators of exchange services including marketplaces, and providers of custodian wallet services. Any entity falling under these categories that was active before the Act’s May 1 effective date had to file for registration by the August 18 cutoff. The FIN-FSA committed to assessing all submitted applications by November 1, 2019. New market entrants, meanwhile, are prohibited from offering services until their registration has been explicitly approved — a significant departure from the laissez-faire approach that characterized much of Europe’s early crypto regulatory environment.

Jurisdiction Context

Finland did not merely adopt the minimum requirements of 5AMLD — it went significantly further. The EU’s Fifth Anti-Money Laundering Directive defines a virtual currency provider as a virtual currency issuer, a virtual currency exchange service and its marketplace, and a wallet provider. Finland expanded this definition to include exchange services that facilitate the trading of virtual currencies against other commodities — not just fiat or other digital tokens. A crypto-to-gold exchange, for instance, falls squarely within the regulatory perimeter.

The registration requirement itself carries no passporting rights within the European Economic Area. Unlike traditional financial services licenses, a Finnish crypto registration does not grant a provider the ability to offer services in other EEA member states. Each jurisdiction requires a separate application, a deliberate design choice that reflects the fragmented state of European crypto regulation in mid-2019.

The application process demands comprehensive documentation. Providers must submit descriptions of their services, fit and proper statements for key personnel, risk assessments covering client asset protection, marketing materials and customer terms, anti-money laundering compliance frameworks including customer due diligence procedures, employee training programs, and recovery plans for information system failures. All materials must be submitted in Finnish or Swedish, though supplementary English documentation may be accepted where necessary.

This regulatory framework arrived alongside broader international developments. The Financial Action Task Force (FATF) published its updated guidance on virtual asset service providers on June 21, 2019, giving member nations a 12-month implementation window. Finland’s aggressive timeline — moving from legislation to enforcement in under four months — positioned it among the most proactive jurisdictions in translating FATF recommendations into binding domestic law.

Industry Reaction

The August 18 deadline generated significant discussion within the European crypto industry. For smaller operators, the compliance burden was substantial. The requirement to prepare fit and proper assessments, detailed risk management frameworks, cybersecurity protocols, and customer due diligence procedures — all in Finnish or Swedish — created a high barrier for startups and solo operators running exchange platforms or wallet services from Finland.

Larger operators with existing compliance infrastructure viewed the regulation more favorably. The registration requirement provided a degree of legitimacy that had been missing from the Finnish market, potentially opening doors to banking relationships and institutional partnerships that had previously been difficult to secure for unregulated crypto businesses.

The timing also intersected with a growing global conversation about cryptocurrency’s role in illicit finance. On the very same day as Finland’s registration deadline, The New York Times published a major investigation by Nathaniel Popper titled “Terrorists Turn to Bitcoin for Funding, and They’re Learning Fast,” which detailed how groups like Al Qaeda were increasingly soliciting cryptocurrency donations. The convergence of these events underscored the regulatory urgency driving Finland’s approach.

Bitcoin traded at approximately $10,346 on August 18, according to CoinMarketCap, with Ethereum at $194.49. The broader crypto market saw a modest rally that day, with most top-20 cryptocurrencies posting gains of 2-7% on Kraken’s daily market report, suggesting that regulatory developments in a relatively small European market were not materially impacting global price action.

Compliance Hurdles

The practical challenges of the Finnish framework extend beyond the initial registration. Starting December 1, 2019, virtual currency providers became “obliged entities” under Finland’s Anti-Money Laundering Act, meaning they must report suspicious transactions to the Financial Intelligence Unit of the Police. This obligation transforms crypto businesses into active participants in the country’s financial surveillance infrastructure — a role that many in the industry find uncomfortable from a philosophical standpoint but acknowledge as pragmatically necessary.

The FIN-FSA’s supervisory mandate covers not just registration but ongoing compliance monitoring. Providers must maintain robust cybersecurity systems, segregation of customer assets from operational funds, accounting procedures that track fund flows, and documented recovery plans for system outages. Customer accounts must be included in bank and payment account control mechanisms maintained by Finnish Customs, adding another layer of oversight.

The requirement that applications be submitted in Finnish or Swedish poses a practical challenge for international operators. While supplementary English documentation may be accepted, the core application and all primary attachments must be in one of Finland’s official languages. This effectively requires either in-house Finnish/Swedish-speaking compliance staff or engagement of local legal counsel — both of which add cost and complexity for foreign operators seeking Finnish market access.

What’s Next

Finland’s approach in mid-2019 represents an early example of a EU member state going beyond minimum directive requirements to create a comprehensive domestic crypto regulatory framework. The August 18 registration deadline was not the end of the process but rather the beginning of a supervisory relationship between the FIN-FSA and the country’s virtual currency providers.

With assessments due by November 1, 2019, the FIN-FSA faced the task of evaluating each application against the Act’s requirements — a process that would determine which providers could continue operating in Finland and which would need to wind down. The outcomes of these assessments would set important precedents for how European regulators balance the tension between promoting fintech innovation and maintaining robust anti-money laundering controls.

At a broader level, Finland’s framework offers a case study in the challenges of regulating a borderless technology within national boundaries. The lack of EEA passporting means that crypto businesses operating across multiple European markets face a patchwork of registration requirements, each with its own documentation standards, language requirements, and supervisory expectations. As the EU continues to develop more harmonized crypto regulation, Finland’s experience with the 5AMLD implementation provides valuable lessons about both the possibilities and the limitations of national-level regulatory action in a digitally interconnected financial system.

Disclaimer: This article is for informational purposes only and does not constitute legal, financial, or investment advice. Readers should consult qualified professionals for guidance specific to their circumstances. All regulatory information cited is based on publicly available sources as of August 2019.