In a groundbreaking move that underscores the escalating scrutiny of cryptocurrency exchanges, UK financial regulators have slapped a first of its kind £3.5 million (approximately $4.5 million) fine on Coinbase’s UK arm, CB Payments Ltd., for egregious failures in anti-money laundering controls. The Financial Conduct Authority (FCA) found that CBPL, despite repeated warnings, allowed billions of dollars to flow through its platform with minimal oversight. "CBPL's controls had significant weaknesses and the FCA told it so, which is why the requirements were needed. CPBL, however, repeatedly breached those requirements," FCA said in a statement on Thursday. "This increased the risk that criminals could use CBPL to launder the proceeds of crime. We will not tolerate such laxity, which jeopardises the integrity of our markets."

A Watershed Moment for Cryptocurrency Regulation

The FCA’s action marks a watershed moment in the regulation of cryptocurrencies. It signals a growing determination by regulators worldwide to impose stringent controls on the industry to combat financial crime. CBPL, which acted as a gateway for customers to access Coinbase’s crypto trading platform, was under a strict order to improve its financial crime controls since 2020. Yet the company continued to onboard high-risk customers and failed to effectively monitor for suspicious transactions.

The findings from FCA are damning. Between 2020 and 2023, CBPL processed approximately £19.6 million in deposits from 13,416 high-risk customers, which were then used to execute crypto transactions worth around £178 million. Despite flagging just 62 suspicious transactions, the company allowed millions more in potentially illicit funds to slip through its net. The regulator contends that CBPL’s failures created a significant opportunity for criminals to launder money.

"Combating the laundering of funds through the financial services sector is an issue of international importance, and forms part of the Authority’s operational objective of protecting and enhancing the integrity of the UK financial system," FCA said.

Authorised firms are at risk of being abused by those seeking to launder money and firms that conduct payment services and/or those which facilitate trading in cryptoassets may be at particular risk. As a result, it is imperative that such firms maintain robust systems and controls to identify and mitigate the risk of their businesses being used in this way."

Coinbase clarified that the investigation only focused on unintentional breaches of a voluntary agreement (VREQ) between the FCA and CBPL in late 2020.

"In the VREQ, CBPL agreed to restrictions in the onboarding of certain high-risk customers to CBPL, where we provide e-money and payment services," Coinbase said. However, CBPL unintentionally onboarded some customers (representing 0.34% of customers on-boarded) who were classified as "high-risk" under the terms of the VREQ, which led to the FCA's investigation and subsequent action.

The initial monitoring of compliance by the product, engineering and design team within the Coinbase Group, was "inadequate" and the probable cause of this shortcoming, the FCA noted. "This meant that repeated and material breaches of the CBPL VREQ went undiscovered for almost 2 years," the financial regulator said.

Response from Coinbase

"We take the FCA’s findings and our broader regulatory compliance very seriously and CBPL continues to proactively enhance its controls to ensure compliance with its regulatory obligations," the crypto trading platform said in response. "Coinbase remains committed to high standards of regulatory compliance, and this means partnering with regulators when it comes to compliance and other areas. We are always willing to acknowledge when we fall short, and to make improvements – which is what we have done here."

The firm qualified for a 30% discount on the original £5,003,646 (about $6.4 million) fine, the FCA said. Coinbase has agreed to resolve the matter. This action marks the first-of-its-kind FCA enforcement taken under the UK Electronic Money Regulations 2011.

Uncover SCIM's architecture, detailed workflows, and seamless interaction with SSO. Learn how this powerful protocol standardizes and automates identity management across cloud applications, enhancing security and efficiency.

The post Securing Cloud Applications: SCIM’s Role in Modern Identity Management appeared first on Security Boulevard.

A global cryptocurrency derivatives exchange BitMEX (HDR Global Trading Limited) admitted guilt on Wednesday to violating the Bank Secrecy Act by "willfully" flouting U.S. anti-money laundering (AML) regulations. This admission, following previous actions against its founders, exposes significant vulnerabilities in cryptocurrency exchange oversight.

The Department of Justice (DoJ) accused BitMEX of operating from 2015 to 2020 as a "vehicle for large-scale money laundering and sanctions evasion schemes." The exchange allegedly failed to implement a "Know Your Customer" (KYC) program, a cornerstone of AML compliance that verifies user identities and helps prevent illicit activities.

"By only mandating lax service access credentials, BitMEX not only failed to comply with nationally required anti-money laundering procedures designed to protect the US financial markets from illicit actors and transactions, but knowingly did so to increase the business’s revenue," said FBI Assistant Director Christie M. Curtis, highlighting a deliberate effort to circumvent regulations. This raises concerns about the potential for other cryptocurrency exchanges to exploit similar loopholes.

The DoJ charges echo a 2022 guilty plea by Gregory Dwyer, BitMEX's first employee, for violating the Bank Secrecy Act. Prosecutors previously secured convictions against the exchange's founders for similar offenses. These actions demonstrate a coordinated effort to hold BitMEX and its leadership accountable.

BitMEX Founders Also Admitted Guilt and Received Sentences

In 2022, the three founders of BitMEX pleaded guilty to the same charges as Dwyer. Judge Koeltl took into account the exchange's belated efforts to implement AML and KYC controls during sentencing.

36-year-old Florida resident Hayes, the former CEO, received a six-month home detention sentence and two years of probation. 38-year-old Delo was sentenced to 30 months of probation and allowed to return to Hong Kong. The judge found Reed slightly less culpable than the other founders and sentenced the Massachusetts resident to 18 months of probation in July.

Both, Hayes and Delo agreed to pay a $10 million fine, at the time. All three founders – Hayes, Delo, and Reed – still own BitMEX.

The founders also reached a settlement agreement with the Department of Treasury. The agreement did not require them to admit or deny allegations that BitMEX "processed over $200 million in suspicious transactions and failed to report nearly 600 suspicious activities," according to the DOJ.

Cryptocurrency's Regulatory Struggles

The case also underscores the ongoing struggle to regulate the cryptocurrency space. While the Commodity Futures Trading Commission (CFTC) imposed a $100 million civil penalty on BitMEX in 2021 for related violations, the lack of a centralized authority creates challenges in enforcing AML and KYC requirements across the entire cryptocurrency ecosystem.

This incident serves as a wake-up call for regulatory bodies. It necessitates a collaborative effort to establish clear and comprehensive AML/KYC frameworks for cryptocurrency exchanges. Strengthening international cooperation and information sharing is also crucial to combatting money laundering and other illicit activities within the crypto sphere.

Recently, the FBI warned of the financial risks associated with using unregistered cryptocurrency transfer services, especially considering potential law enforcement actions against these platforms. The warning focussed on crypto transfer platforms that operate without proper registration as Money Services Businesses (MSB) and fail to comply with anti-money laundering regulations mandated by the U.S. federal law.

The future of BitMEX remains uncertain. The exchange faces potential financial penalties and could struggle to regain user trust. The DOJ had earlier noted that "due to the lack of KYC controls, the full extent of criminal activity on BitMEX may never be known."

This case sets a significant precedent and paves the way for stricter enforcement of AML regulations within the cryptocurrency industry.