Coinbaseβs UK Arm Fined Β£3.5 Million for Lax Anti-Money Laundering Controls
A Watershed Moment for Cryptocurrency Regulation
The FCAβs action marks a watershed moment in the regulation of cryptocurrencies. It signals a growing determination by regulators worldwide to impose stringent controls on the industry to combat financial crime. CBPL, which acted as a gateway for customers to access Coinbaseβs crypto trading platform, was under a strict order to improve its financial crime controls since 2020. Yet the company continued to onboard high-risk customers and failed to effectively monitor for suspicious transactions.
The findings from FCA are damning. Between 2020 and 2023, CBPL processed approximately Β£19.6 million in deposits from 13,416 high-risk customers, which were then used to execute crypto transactions worth around Β£178 million. Despite flagging just 62 suspicious transactions, the company allowed millions more in potentially illicit funds to slip through its net. The regulator contends that CBPLβs failures created a significant opportunity for criminals to launder money.
"Combating the laundering of funds through the financial services sector is an issue of international importance, and forms part of the Authorityβs operational objective of protecting and enhancing the integrity of the UK financial system," FCA said.
Authorised firms are at risk of being abused by those seeking to launder money and firms that conduct payment services and/or those which facilitate trading in cryptoassets may be at particular risk. As a result, it is imperative that such firms maintain robust systems and controls to identify and mitigate the risk of their businesses being used in this way."
Coinbase clarified that the investigation only focused on unintentional breaches of a voluntary agreement (VREQ) between the FCA and CBPL in late 2020.
"In the VREQ, CBPL agreed to restrictions in the onboarding of certain high-risk customers to CBPL, where we provide e-money and payment services," Coinbase said. However, CBPL unintentionally onboarded some customers (representing 0.34% of customers on-boarded) who were classified as "high-risk" under the terms of the VREQ, which led to the FCA's investigation and subsequent action.
The initial monitoring of compliance by the product, engineering and design team within the Coinbase Group, was "inadequate" and the probable cause of this shortcoming, the FCA noted. "This meant that repeated and material breaches of the CBPL VREQ went undiscovered for almost 2 years," the financial regulator said.
Response from Coinbase
"We take the FCAβs findings and our broader regulatory compliance very seriously and CBPL continues to proactively enhance its controls to ensure compliance with its regulatory obligations," the crypto trading platform said in response. "Coinbase remains committed to high standards of regulatory compliance, and this means partnering with regulators when it comes to compliance and other areas. We are always willing to acknowledge when we fall short, and to make improvements β which is what we have done here."
The firm qualified for a 30% discount on the original Β£5,003,646 (about $6.4 million) fine, the FCA said. Coinbase has agreed to resolve the matter. This action marks the first-of-its-kind FCA enforcement taken under the UK Electronic Money Regulations 2011.