Anti money laundering - Frequently asked questions


What is money laundering?


Money laundering is a process used by criminals to attempt to disguise the true origin of ill-gotten gains – income from illegal activity. Money laundering is a crime that is preceded by crimes that yielded the material gain (antecedent crimes). Decades ago, the only recognised antecedent crimes were drug-related ones, which netted particularly large criminal gains; however, now any crime that results in criminal gains can be considered a money laundering antecedent crime.


Three basic stages of money laundering are classically distinguished. The first is placement, in which the criminal gains are placed into the financial system where it can be exchanged or placed into other, non-cash financial instruments. The second phase is layering, where a number of transactions are used to conceal the origin of assets, such as dividing assets into several parts and moving them around via multiple accounts between different companies. The third stage is integration, where assets are dissolved into the legal economy, such as through buying real estate, stocks or companies.


The first stage described may also be preceded by the rapid conversion of the proceeds of a cybercrime to cash or other alternative means of payment, which can then be placed into the financial system once again.

Money launderers’ main objective is, however, to cover up the link between the money and the crime, in order to leave the impression that the funds are of legal origin


What is terrorist financing?

In recent years, terrorist crimes have posed a greater security risk in society. Terrorist crimes are committed by both members of numerous terrorist organisations and individuals who share their ideologies. At first, such attacks generally involved bombings and armed assaults, but now new methods are being found, such as using trucks as a weapon. The definition of a terrorist crime is also broadening to reflect the new methods being used.

Financing of terrorism is also seen in increasingly broader terms. Terrorist financing is primarily any kind of support or funding provided for terrorist acts, the people committing them, terrorist organisations or individual members of the organisation – whether directly or indirectly, through assets or service, fundraising or even an activity such as providing lodging. Also considered terrorist financing: support rendered to members of terrorist organisations or perpetrators of acts of terror and their close family members, including defraying everyday expenditures or actions such as buying food or medicines for family members.



What are international sanctions?

International sanctions are a set of measures established by the European Union (EU), the United Nations (UN) or the Estonian Government. A sanction is a non-military measure imposed for the purpose of preserving or restoring peace, avoiding conflicts and strengthening international security, supporting and bolstering democracy, and adhering to the principles of rule of law, human rights and international law. 


Measures can be non-economic (such as entry restrictions, suspension of cooperation etc.) and economic. Economic measures can be classified as trade (embargoes, for instance) or financial sanctions.



What do international financial sanctions mean?

An international financial sanction consists of various measures, above all aimed at specific individuals or country/regions. The primary measure is preventing the persons on whom sanctions are imposed from accessing assets. In essence, such individuals should not be issued loans, or be allowed to withdraw savings, transfer funds or execute transactions with property or real estate, among other actions.


Is there anything more I should know about the rules related to international financial sanctions, or will my bank take care of everything for me?

Although banks do verify compliance with international financial sanctions, the onus still lies on each and every individual to ensure that they do not run afoul of the restrictions established. In case of any doubt, contact the Financial Intelligence Unit; in addition, the sanctions list can be queried for individual names here.


Is it true that it is not allowed to provide money even for buying food or medicine if a person appears on the international financial sanctions list?

Most of the restrictive measures established allow for exceptions to be sought under certain conditions. To seek an exception, contact the Financial Intelligence Unit


Could I face penalties if I transfer funds to a person on the international financial sanctions list?

Section 93-1 of the Penal Code stipulates that if the restrictions were disregarded intentionally, a person may be punishable by monetary fine or up to five years’ imprisonment. Violations by legal persons are punishable by a fine. In addition, the assets involved in the violation of the international financial sanctions become subject to confiscation.


If anyone asks to go through my bank account for receiving money from abroad, should I be concerned?

Yes, this is not safe. If you receive a request like this, you should ask yourself why the money cannot be transferred directly to the person’s own account. Cases where a person has no bank accounts at all and banks refuse to open accounts are exceedingly rare and there is always a good reason for this. Perhaps the bank has a well-founded suspicion that the person is involved in money laundering.

There are a number of dangers related to receiving money sent from abroad and intended for another person, starting from the fact that we do not know the nature of the transaction, to the possibility that you could wind up with a loan obligation or accusation of money laundering or terrorist financing. The last two are criminally punishable.


Why do banks ask for so much information when an account is opened?

Banks are required by law to follow the principle “know your customer” in order to prevent money laundering and terrorist financing as well as to apply international restrictive measures such as international sanctions and prevent violations. To open an account at a bank anywhere in the world, customers are asked for personal data, and the amount of information requested depends on the laws in each country.

The number of money launderers, terrorists and other criminals targeted by these rules make up a negligible share of the population, and thus a person opening an account may wonder how it all relates to them. The reason is simple. Without knowing their customer – which entails asking them for information – it isn’t possible to distinguish criminals from ordinary citizens or law-abiding business people.


Why do banks ask for information from people who are already their customers, even though the bank “sees” their activity?

Banks' obligation to know their customers is not a one-off action. A bank receives much necessary information about their customers in the course of everyday customer service (e.g. customers take loans, execute transactions), but some data are required by law to be updated and banks cannot obtain such data without asking customers. Such data may include contact addresses, tax residency or data on place of work.

Updating customer data cannot be completely automated based on registers and transactions; it has to take place by communication between customer and the bank, so the bank can be sure that the data are correct and current.

In addition to regularly updating data, banks may contact customers for information on a transaction. The reasons for this can be many: perhaps the transaction varied from the customer’s ordinary transaction profile or the bank processing an international payment was asked for an explanation about the transaction.


What is tax residency?

Tax residency is a term used in tax law, basically meaning which country’s tax laws a person’s income is taxed under. Tax residency is determined according to the rules of the country that is an individual’s permanent place of residence, or the place where a legal person is registered.

For instance, if a person has spent at least 183 days of the past 12 months in Estonia and the Tax Board has confirmed Estonia as the person’s country of tax residency after receiving a request to that effect, he or she is considered under Estonian law to have Estonian tax residency.

Many countries use additional identification numbers that facilitate administration of taxation. Estonia does not use such separate numbers. For individuals, their Estonian personal identification code serves as the identification number; for legal persons, their registry code.


Who is a PEP?

The acronym PEP stands for politically exposed person – a person with a government background who is currently or has recently been entrusted with a prominent public function, or relatives or close associates of such persons. Identifying PEPs is important because banks are obligated to apply more stringent due diligence measures in regard to PEPs.

Relatives of PEPs include their spouse or person deemed equivalent to a spouse, children, parents and their spouse or persons deemed equivalent to a spouse. Close associates of PEPs include individuals who co-own a company or have any legal connection with a PEP or are in close business relations with a PEP. Persons with beneficial ownership of legal entities or arrangements known to have been founded for the benefit of a PEP are also considered close associates.


What happens if my mother, father, sister or brother is a member of parliament – will I face restrictions on use of money?

If your relative is a PEP, it is important to know that you are a PEP as well. There are no restrictions on use of funds for PEPs and their relatives. However, banks may establish their own rules on providing service to PEPs and their relatives, as they are subject to higher risk indicators. Family members of PEPs should be prepared to furnish their bank with additional explanations on the origin of assets and funds used in transactions.


Who is the beneficial owner?

Banks are required to collect information on beneficial owners both for money laundering and prevention and for compliance with obligations arising from the Tax Information Exchange Act.

A beneficial owner is an individual who:

-   taking advantage of their influence, exercises influence over a transaction, operation or another person and in whose interests, for whose benefit, or on whose account the transaction or operation is performed;

 exercises ultimate control of the company’s shares or voting rights or exercises ultimate control of the management of the company;

-  holds over 25 per cent of shares or voting rights through direct or indirect shareholding or control, including in the form of bearer shares, or exercises control over the management of the legal person in some other manner.

If after the exhaustion of all possible methods to establish the beneficial owner, the beneficial owner cannot be determined yet there is no doubt that such a person exists, the member of the highest executive body is considered to be the beneficial owner.


Can an individual be the beneficial owner?

Yes, if the account holder is not the actual owner of the funds or operations are performed on the account for the benefit of some other person. In such a case, the beneficial owner is the person in whose interests the transactions are executed.


Why is a non-resident a higher-risk customer?

Solely having non-resident status does not automatically mean a higher degree of risk. However, non-residents are often assigned a higher risk level at the outset of a customer relationship, due to the particularities of the country of location. Often it is difficult or more time- and labour-intensive to ensure full application of due diligence measures in regard to non-resident customers. The bank must follow the “know your customers” requirements and in case of any doubt that the requirements have been met with sufficient diligence, the non-resident customer (the same goes for resident customers if necessary, of course) be treated as a higher-risk customer, and heightened attention must be devoted to their activities.

The high risk level of non-residents from certain countries may be due solely to the country of residency. Such countries are often either risk countries with insufficient measures in place to prevent money laundering and terrorist financing or countries subject to international sanctions.


Can an e-resident open a bank account?

E-residency makes it possible to authenticate and verify via information technology the identity of persons who wish to become customers, meaning that it is not necessary for them to visit a bank branch in person. E-residents are essentially ordinary non-residents. As a result, banks’ requirements for e-resident customers may be more stringent than for residents, and opening an account at the bank depends on meeting the requirements of the specific bank.


Is video identification just as secure as visiting a bank in person?

Authentication by information technology is equivalent to verifying the identity of a customer face to face. In both cases, the “know your customer” requirements must be fulfilled, and the person wishing to become a customer must fill in a form and respond to questions from the bank in the form of a direct interview.

Authentication using an IT tool allows the bank to perform database queries simultaneously with the authentication process, using face recognition software if desired. Insofar as a recording is made of the authentication process, the bank can review the process later if needed.

Authentication using an IT tool, the quality of information stream and information system itself are subject to requirements established by a Minister of Finance regulation.


Why are there limits on my account for use of funds?

The limits are necessary to reduce the risk of possible losses. Although banks do their utmost to protect customers’ accounts, it is impossible to completely rule out the risk of unauthorised access to the account. The limit on transactions is namely the measure that keeps a criminal from accessing the funds on the account. If an incident is discovered, the bank can ensure the safety of the remainder of the funds on the customer’s account. 


Who has the right to obtain data about me?

Credit institutions have the right and responsibility to disclose bank secrets to certain authorities or persons if required for performing functions set forth in legislation. Persons entitled to bank secrets are listed in the Credit Institutions Act. Bank secrets may be divulged to persons not specified in the Act only with the customer’s consent expressed in a form reproducible in writing.


Will my bank send data about me to the police?

A bank will not send customer data to the Police and Border Guard Board at its own initiative (except for when it is authenticating a person through the PPA database). However, banks are required to forward customer data to the Police and Border Guard Board if the latter is conducting criminal proceedings and the data are sent in response to an inquiry. 


Can the bank refuse to delete data received from me?

The Money Laundering and Terrorist Financing Prevention Act obliges credit institutions to retain documents related to authentication of customers (and the data in such documents) for at least five years after the end of the business relationship.

Good Banking Practice


I General principles

The goal of Good Banking Practice is to set out in writing the principles that Estonian credit institutions and branches of foreign credit institutions (hereinafter collectively referred to as “banks”) proceed from and which contribute to better mutual understanding and fair and free competition, and ensure the reliable functioning and good reputation of the entire banking system.

By publishing Good Banking Practice, banks wish to emphasise the importance of good practices and professional ethics and to notify customers, employees and other interest groups that the bank follows good banking practices.

Good Banking Practice was approved by the board of the Estonian Banking Association (hereinafter referred to as Banking Association). The Banking Association board supplements and updates Good Banking Practice as needed, inter alia as occasioned by changes in the banking sector and the economic and legal environment.

Organising banking activity

Banks shall organise their activity in a transparent and conscientious manner and ensure that bank employees are suitable and sufficiently well-trained for their positions and that their activity is subject to sufficient control, supervision and management.

In organising their activities, banks shall abide by the law, other legislation, their internal rules and agreements between banks and customers, and shall ensure that all bank employees are sufficiently informed of these rules to perform their work as required and adhere to them with the required care and diligence.

The Banking Association and the banks have a philosophy that issues unregulated by provisions of law should be resolved under self-regulated procedure.

If necessary, the Banking Association shall establish additional instructions and standards that further refine the rules for the banking sector.

Banks shall comply with the advisory guidelines issued by the European Banking Federation (EBF) and the European Banking Industry Committee (EBIC), to which the Banking Association has decided to accede.

Banks and society

Banks shall act in a sustainable and socially conscientious manner.

Prevention of money laundering and implementation of international sanctions is important to ensure the trustworthiness of banks.

Banks shall promote positive developments in Estonian society and contribute to the growth of the Estonian economy.

Banks and the Banking Association support the professionalism of market participants and development of financial literacy and education for customers.

Banks disclose their dividend policy at their website.

II Relations with other banks

In their mutual interaction and business relations, banks shall adhere to principles of propriety, honesty and mutual respect. This means that banks shall fulfil the obligations arising from agreements they enter into, ensure the adequacy of information exchanged by them and refrain from expressing opinions that can lead to negative conclusions being drawn about other banks.


In their business relationships Banks shall adhere to the principle of fair competition and use only legal and ethical means for outperforming a competitor.

Banks shall refrain from entering into agreements that are prohibited or restricting competition in their intent or consequences.

Notification of the public

Banks shall provide true, fair and sufficient information regarding their activities.

Banks shall follow generally accepted marketing principles. In advertising and promotional activity, banks shall provide a true and fair view of their activities and services. In their advertisements, banks shall not make untrue claims or disparage competitors.

Banks and politics

Banks shall not lend support to political movements or parties or other political organisations.

Compliance with Good Banking Practice

The Banking Association assumes that all Banking Association members comply with Good Banking Practice.

The Banking Association board shall give its opinion on cases raised by member banks that can be potentially construed as violation of Good Banking Practice.

A bank which is in conflict with Good Banking Practice intentionally or due to negligence harms its own reputation as well as that of the entire banking sector. In case of violation of Good Banking Practice, the Banking Association may apply appropriate measures. In the case of severe and repeated violations, a bank may be excluded from the list of Banking Association members.

III Relations between bank and customer


Relations between customers and banks are based on mutual propriety, honesty and trust.

Bank employees shall take into consideration the legitimate interests of all parties.

Using the risk-based approach the banks are entitled to decide, which customer due diligence measures to apply. The banks may decide the scope and content of information to be obtained from the customer. The banks are entitled to not establish or terminate any business relationship using the risk-based approach.

Bank employees may not, either by action or omission, or directly or indirectly, compromise the trust between customer and bank. Bank employees are obliged to administer the assets entrusted to them in a professional and trustworthy manner.

Avoidance of conflicts of interest

Banks shall establish codes of ethics and principles for avoidance of conflict of interest and ensure that they are in conformity with provisions of law and good practices, as well as enforce them among their staff. If it is not possible to avoid a conflict of interest, banks shall ensure that such a risk is sufficiently hedged.

Banks shall implement necessary measures so that the personal interests of bank employees do not have a bearing on their decisions made in an official capacity. Bank employees may not take part in the resolution of matters that are related to economic interests of natural persons and legal persons closely related to them.

Bank employees may not accept gifts personally or on behalf of the bank, nor may they incite customers to make gifts that may be construed as bribes in accordance with law or ethical standards.


Safeguarding customers’ assets is of key importance for banks, as a result of which both physical and IT security measures are developed with daily care.

For the purpose of implementing prevention of money laundering and terrorism financing and related international sanctions, banks may refrain from entering into contractual relations with a potential customer or from executing customer transactions.

The right of customers to choose their bank and bank service

Customers have the right to freely choose among banks and bank services offered to them.

Providing information to customers

Banks shall ensure that customers have continuous access to information on the primary bank services, service charges and deposit interest rates offered to them. This information must be presented clearly and understandably in each bank office and branch and on the banks’ websites. Information on the terms and conditions of other bank services shall be provided by banks upon request.

For their part, banks shall make efforts to ensure that information on the fees charged for bank services and interest rates on deposits are available in a manner ensuring that customers have an opportunity to compare similar services offered by different banks.

In communicating this information, banks shall conform to requirements of law as well as additional instructions established by competent authorities.

Advising customers

Banks shall advise their customers based on each specific case, the needs of the customer and the customer’s financial situation. Banks shall give their customers sufficient and professional information, including outlining the risks related to use of a specific bank service.

With regard to lending activities, banks shall act in a responsible manner, contributing to establishing conditions where customers can assess whether a given loan or credit product is compatible with their personal interest as a borrower and their financial situation and which allows to assess the risks related to borrowing.

Resolution of complaints

In interacting with customers, banks shall attempt to avoid and prevent conflict situations. If differences do arise, banks shall prefer extrajudicial avenues of resolution, in a constructive atmosphere of mutual understanding.

Banks shall establish internal rules regarding the lodging of complaints by customers, procedures for reviewing complaints and deadlines for doing so. The terms for reviewing and replying to complaints must be reasonable. Banks shall ensure that all bank employees who have contact with customers are aware of the said rules.

Banks shall ensure that the principles for resolving complaints are available for customers. Bank employees shall provide all manner of assistance to customers in resolving complaints.

Banks shall ensure that customers have access to information regarding whom to contact for extrajudicial solutions, if a customer finds that the outcome of an in-house proceedings at the bank is unsatisfactory.

The Banking Association shall not resolve disagreements between banks and customers.

Banking secrecy

All information and opinions that were learned regarding a customer – either its own customer or that of another bank – shall be treated as banking secrets. Banks shall implement effective measures for protection of banking secrets based on the strictest principles of confidentiality.

Banks shall ensure that information subject to banking secrecy is available within the bank only to bank employees who need the information in an official capacity.

Banks shall disclose banking secrets to third parties only with the customer’s permission or in cases provided by law.

IV Approval of Good Banking Practice

Good Banking Practice was approved by the Board of the Banking Association in 1996, updated in 2011 and 2017.

XML B2C & C2B communication messages

Pursuant to Regulation No 260/2012 of the European Parliament and of the Council, which establishes new pan-European payment conditions, all bank-to-customer and customer-to-bank communication messages must be in XML format and be presented in the ISO 20022 standard from 1 February 2014 onwards. The banks will start supporting XML-format communication messages by 1 February 2014 at the latest.

To make the transition as smooth as possible for companies and customers, the regulation allows for exceptions that make it possible for banks to offer their customers account number and message format conversion services until 1 February 2016. The Ministry of Finance, Eesti Pank and the Estonian Banking Association have resolved to inform the European Commission of Estonia’s decision to exercise use of the exceptions, with the exact volumes and terms to be separately agreed and decided on the basis of actual need. The payment environment forum decided on 05.06.2013 meeting to extend the support of legacy formats till 1 February 2015.

The payment standards working group of the Estonian Banking Association has worked out the following bank-to-customer and customer-to-bank communication messages:

Initiation of payment: Payment Standards for Customer to Bank ver 1.1 (Ver 1.0) (Ver 0.9)

XSD schema file

  • Customer Credit Transfer Initiation pain.001.001.03; (customer-to-bank communication messages, which has considered the elements of domestic payment orders, SEPA credit orders and cross-border payment orders)
  • Payment Status Report pain.002.001.03; (bank-to-customer payment status overview form)

Account statement: Account Reporting Standards for Bank to Customer 1.01 (Ver 1.0) (Ver 0.9)

  • Account Statement camt.053.001.02; (overview of the transactions conducted on the account)
  • Account Report camt.052.001.02; (overview of account balance(s))
  • Debit Credit Notification camt.054.001.02.(notice of an account transaction, together with the transaction information)

The messages have been introduced at the Estonian payment environment forum, submitted to market participants for consultation, and were approved by the payment standards working group of the Estonian Banking Association on 31 January 2013.

XML B2C & C2B messages


According to the REGULATION (EU) No 260/2012 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 March 2012 (SEPA regulation) establishing technical and business requirements for credit transfers and direct debits in euro the bank to customer and customer to bank messages used have to be grounded on XML format and presented according to the ISO 20022 standard as of 1st of February 2014..

The banks are allowed to offer conversion services of legacy messages to XML format and can convert the messages on behalf of customers till 1st of February 2015.

Payment standards working group of Estonian Banking Association has issued following bank to customer and customer to bank messages:

Payment initiation: Payment Standards for Customer to Bank Ver 1.2  (Ver 1.1) (Ver 1.0) (Ver 0.9)

XSD schema file

$1·         Customer Credit Transfer Initiation pain.001.001.03;

$1·         Payment Status Report pain.002.001.03.

Account statement: Account Reporting Standards for Bank to Customer Ver 1.02 (Ver 1.01) (Ver 1.0) (Ver 0.9)

$1·         Account Statement camt.053.001.02;

$1·         Account Report camt.052.001.02;

$1·         Debit Credit Notification camt.054.001.02.