Riigikogu discussed curbing cybercrime in the financial sector as a matter of significant national importance

At today’s plenary sitting, the Riigikogu deliberated “How to curb cybercrime in the financial sector. Balancing security and fundamental rights” as a matter of significant national importance, initiated by the Finance Committee.

Presentations were made by Chair of the Finance Committee Annely Akkermann; Head of the Anti-Financial Crime Division at Swedbank Ltd Raul Vahtra; Adviser at Widen Legal Siim Tammer, and Director of the School of Law at the University of Tartu Priit Pikamäe.

Chair of the Finance Committee Annely Akkermann stressed in her presentation that the success story of the digital state had also brought about rapidly growing cybercrime, to which Estonia had to respond with new rules and more efficient solutions.

“Estonia is a digital state. We are satisfied with it, and proud of it,” she said, referring to the broad use of both public and private sector digital services. Akkermann also pointed out that increasing trust was accompanied by the risk of its abuse.

She noted that, based on the data of the Information System Authority, the previous year had been a year of fraud in cyberspace. “The total losses from fraud crimes registered in 2025 amount to 29 million euros,” Akkermann said, adding that criminals were increasingly using artificial intelligence to commit fraud.

According to her, raising public awareness alone is no longer sufficient to prevent fraud, as criminal technology is developing very rapidly. “Fraud technology is also developing at an astonishing pace, and even top finance specialists and university lecturers fall prey to it,” she noted.

Akkermann stressed that financial crime and cybercrime had become extremely profitable and low-risk activities for criminals. “Looking at the ranges used to estimate the scale of financial crime, the risk of losing profit is relatively low for criminals – between 1% and 4%,” she said, noting that the previous year the state had managed to confiscate only 4 million euros.

According to the Chair of the Finance Committee, the problem is not so much in the lack of penal provisions, but in the capacity of law enforcement agencies. “The question is whether our law enforcement agencies are capable of bringing cybercriminals to court and recovering what they have acquired through crime,” Akkermann said, adding that current practice offered little hope.

She stressed the need to provide law enforcement agencies with more efficient instruments and rights in the digital environment. “We must give law enforcement agencies similar capabilities for investigation as cybercriminals have for getting away with the money,” Akkermann said, stressing that this required a new and proportional review of infringement of fundamental rights. “We have to counter the artificial intelligence used by criminals with the artificial intelligence of law enforcement,” she said.

In conclusion, Akkermann pointed out that, as a digital state, Estonia was on the frontline of combating cybercrime and had to be prepared to protect its digital infrastructure as well.

Raul Vahtra, Head of the Anti-Financial Crime Division at Swedbank Ltd, warned in his presentation that Estonia was facing a massive fraud attack, and that the security of the digital environment was under serious pressure.

“We no longer feel safe in the digital environment, we are under a massive fraud attack,” he said, stressing that the problem was global, not just limited to Estonia. He noted that throughout his extensive career, he had never witnessed anything like this before. Vahtra added that fraud had turned into a global pandemic, having caused losses amounting to trillions of dollars.

He also pointed out that Estonia’s statistics did not reflect the true situation. “Official losses have amounted to 29 million euros but this does not reflect the actual situation,” he said, referring to the fact that many victims refrain from reporting to the police out of shame or despair.

According to him, the reason of the explosive rise in fraud was simple: along with society, criminals had moved into the digital environment. “A criminal is interested in profit, and when committing a crime, they consider the potential gain and the risk of getting caught,” Vahtra said, stressing that, in cybercrime, the risk was low while the profit was many times higher than in traditional kinds of crime.

Vahtra said that the adoption of artificial intelligence by criminal organisations was particularly alarming. “This situation is not going to get better, it is only going to get worse,” he said, warning that in the future it would be increasingly difficult to distinguish fraud from genuine communication. According to him, deepfake technology had already been used to imitate the President of Estonia in fraudulent advertisements.

Vahtra explained that fraud operated as a chain, with many parties playing a role. “Preventing fraud is not just a problem for the police or banks; the fraud chain is much longer,” he said, describing the collection of data, fraud traps, influencing victims, and the swift movement of money out of Estonia.

He stressed the need of making principled choices between fundamental rights, convenience, and security, and called for a discussion on whether Estonia’s open data bases and unlimited platforms still served the public interests in today’s circumstances.

Vahtra also highlighted the role of telecom enterprises and banks in preventing fraud. “Last year, Estonia’s three largest telecom enterprises blocked a total of 35 million fraudulent calls,” he said, adding, that at present it was done on a voluntary basis, without any legal obligation. He also pointed out that currently banks had no right to block transactions where fraud was suspected, even if it was clear that a person was a victim of fraud.

In conclusion, Vahtra stressed that combating fraud required a comprehensive approach, a national strategy, and consistent raising of public awareness. “If we really want to prevent fraud, this has to be done at every stage of committing a fraud,” he said, calling upon Riigikogu to review the existing regulatory framework.

He said that urgent action was needed. “Every day dozens of people fall victim to fraud,” Vahtra said, adding that only coordinated and resolute action could make Estonia one of the safest countries in the world once again, including in the digital environment.

Siim Tammer, Adviser at Widen Legal, stressed in his presentation, that while combating fraud, a conscious and measured choice had to be made between citizens’ freedoms and state intervention.

According to Tammer, fraud is not a new phenomenon in society. “Fraud has, in fact, always existed in society,” he said, giving examples from both ancient times and recent history. According to him, today’s problem has become acute primarily because Estonia is technologically advanced and has an open digital governance.

Tammer pointed out that Estonia’s strength as an e‑governance was also its weakness. “Scammers have easily found Estonia on the world map,” he said, adding that the fact that fraud was committed in pure Estonian language demonstrated the high profitability of their activity, and the low risk of getting caught.

In his presentation, Tamme discussed the constitutional dilemma arising while combating fraud. “Inevitably, today’s choices in the fight against fraud raise questions about what exactly we are going to regulate and at whose expense this will actually be,” he said. According to him, a decision needs to be made whether the state places greater emphasis on preventive protection, which could entail restricting fundamental rights, or focuses primarily on the fast and severe punishment of offenders.

Tammer warned against making hasty decisions. “The thing about freedoms is that they may be quite easy to give up, but much harder to regain,” he said, stressing that citizens’ rights should not be restricted based on emotions in a situation where not all existing measures had yet been fully implemented.

Commenting on the citizen’s perspective, Tammer noted that a person who had fallen victim to fraud had limited options. “Recovering one’s money through civil proceedings is neither practical nor relevant; it has to take place within criminal proceedings,” he said, stressing that the real hope of damage compensation started from reporting the crime and the state’s action.

At the same time, Tammer also admitted that in practice, a lot of fraud cases remained unresolved. “Most of such criminal reports end with no perpetrator found or held accountable,” he said, referring to public statistics that reflect large amounts of losses, but few fraudsters being caught.

Tammer stressed that, from the state’s perspective, a legal framework for dealing with fraudsters was already in place. “My answer to the question of whether we have a legal environment for dealing with fraudsters is: yes, we do,” he said, citing the penalties provided in the Penal Code for fraud, investment fraud, and money laundering. According to him, however, this required actually catching the perpetrators.

Tammer pointed out three main challenges: evolving crime, technological vulnerability, and the limited impact of financial education. “Crime has changed, and our capacity to punish it may not match the changes,” he said. He also questioned the ability of financial education to prevent complex and long-term fraud schemes.

Concluding his presentation, Tammer called for caution in restricting fundamental rights and drew attention to the role of service providers. “The fact that they don’t allow the assets to be physically taken from the bank should also mean that they do not allow taking these assets from the bank electronically either,” he said, referring to banks and technological enterprises.

According to him, the focus should be on the source of the problems, and strengthening both the responsibility of market actors, and the capacity of law enforcement agencies. “The organisers simply have to be captured, they must be brouht to Estonia, and given swift and severe punishment,” Tammer stressed.

Priit Pikamäe, Director of the School of Law and visiting professor at the University of Tartu, emphasised in the Riigikogu that cybercrime in the financial sector constituted an attack against the internal peace of society and, according to the Constitution, required decisive action from the state.

According to Pikamäe, the obligation of the state to intervene stems directly from the preamble of the Constitution. “The preamble to the Constitution imposes on the state the obligation to intervene to secure internal peace,” he said, noting that internal peace should also include any criminal activity that threatened society from within, including cybercrime.

He also emphasised that the Constitution imposed on the state a special duty to protect people’s lives and property. “The Constitution demands that the state take normative and practical measures, which allow to protect individuals against various attacks,” he said.

According to Pikamäe, cybercrime in the financial sphere is an extremely complex phenomenon, and combating it inevitably raises the question about the restriction of fundamental rights. “The implementation of measures aimed to combat this threat inevitably creates the need to limit fundamental rights,” he said.

Pikamäe explained that, according to the Constitution, the restriction of fundamental rights was permissible only under certain conditions.  “Restricting fundamental freedoms requires a legitimate objective, and the chosen measure must be appropriate, necessary and proportional,” he stressed, adding that the proportionality principle applied to both the legislator, and all other bearers of public authority.

According to him, proportionality was the central issue when it came to measures against cybercrime in the financial sphere.

Pikamäe highlighted the particular danger of cybercrime from the criminological perspective. “The organised nature and extreme scope of such criminal activity means that no-one is safe from it,” he said, stressing that cybercrime threatened society as a whole, not just individual groups.

He also drew attention to the extent of the damage caused. “The damages caused by cybercrime in Estonia reach tens of millions of euros, and victims are often left without any livelihood,” the speaker said, linking this to the broader issue of society’s economic security.

He stressed that, from a penal law perspective, there was no gap in punishability of cybercrime in Estonia. He pointed out that fraud, computer crime, and money laundering had long been criminalised. According to him, the core of the problem did not lie in the lack of penal provisions, but the pandemic-like spread of crime, and its international nature. “Since cybercrime does not respect national borders, catching offenders is an extremely complex and lengthy process,” he said.

To conclude his presentation, Pikamäe highlighted the key role of the Riigikogu. “When addressing cybercrime in the financial sphere, the Parliament cannot delegate these issues to the executive power; it must make the decisions itself at the legislative level,” he said, referring to the constitutional principle of significance. In conclusion, he called on the Parliament to show decisiveness. “We are clearly facing an attack on the internal peace of society, which requires decisive intervention by the state under the Constitution,” he said, adding that each day of delay increased the number of cybercrime victims and the damage caused to society.

Lea Danilson-Järg from Isamaa Parliamentary Group; Diana Ingerainen from Eesti 200 Parliamentary Group; Maris Lauri from the Reform Party Group; Varro Vooglaid from the Estonian Conservative People’s Party Group, and Riina Sikkut from the Social Democratic Party Parliamentary Group took the floor during the debate that followed the reports. Maria Jufereva-Skuratovski and Peeter Ernits also presented comments.

The sitting ended at 1.12 p.m.

Photos (Erik Peinar / Chancellery of the Riigikogu)

Verbatim record of the sitting (in Estonian)

Video recording of the sitting will be available on the Riigikogu YouTube channel.

Riigikogu Press Service
Maiki Vaikla
+372 631 6456, +372 5666 9508
[email protected]
Questions: [email protected]