Crypto exchange Coinbase has been fined $100million by the State of New York for significant failures in its compliance programme.
The settlement follows an investigation by the New York Department of Financial Services (DFS) into Coinbase and its anti-money laundering (AML) and compliance programmes.
The failures brought to light in this investigation incurred the exchange’s customer due diligence (CDD) and transaction monitoring procedures. Its AML programme was largely found to be in violation of the New York Banking Law and the DFS’ virtual currency, money transmitter, transaction monitoring and cybersecurity regulations.
Negligence was also evident in its reporting of suspicious activity and sanctions compliance systems, something the DFS deems to be inadequate for a financial services provider of Coinbase’s size and complexity.
Coinbase has held a DFS licence since 2017. The accreditation allows it to act as a virtual currency and money-transmitting business in the state of New York.
The investigation’s findings
The investigation highlights Coinbase’s CDD programme to be both immature and inadequate in its coding and implementation. The regulator describes Coinbase treating onboarding as ‘a simple check-box exercise. Above all, it failed to implement due diligence appropriate to its platform.
This immaturity was most pronounced in its management of TMS alerts. Accordingly, this failure accumulated in a 100,000 backlog of alerts by late 2021. It appears Coinbase failed to ensure the development of these procedures in line with its own growth.
There’s a lot to miss in in-tray 100,000 deep, and indeed the timely investigation of such alerts remains integral to the legal requirement of the DFS licence. Time is of the essence in such circumstances, yet Coinbase seemingly let these alerts languish in the backlog for months.
A demonstrated consequence of Coinbase’s negligence resulted in numerous examples of SARs filed months after the suspicious activity was first known to Coinbase.
These inadequacies resulted in multiple allegations of serious criminal misconduct. These include the suspected trafficking of narcotics and underage sexual material, in addition to possible examples of fraud and money laundering.
Taking immediate action
As a penalty for this, DFS has ordered Coinbase to pay a penalty of $50million. Subsequently, the DFS has taken its investigation one step further by installing an independent monitor. The monitor pursues the full severity of the situation and aims to rectify outstanding issues alongside Coinbase.
As per the terms of the resulting consent order, the monitor will continue to work with Coinbase for an additional year; although this period could be extended by the DFS.
The exchange agrees to invest an additional $50million over the course of two years to rectify its AML and compliance procedures.
“It is critical that all financial institutions safeguard their systems from bad actors, and the department’s expectations with respect to consumer protection, cybersecurity and AML programmes are just as stringent for cryptocurrency companies as they are for traditional financial services institutions,” comments Adrienne Harris, superintendent of the NY DFS.
She explains how Coinbase failed to “build and maintain a functional compliance programme that could keep pace with its growth.”
Harris confirms the DFS’ need to take “immediate action”, including the installation of an independent monitor.
Concurrently, Coinbase has flung into action to expedite its recovery. This reportedly includes constructing a more effective compliance programme under the supervision of DFS and its appointed independent monitor.
This headline confirms New York’s hard line on virtual currency crime. This marks another success story in the industry’s regulation and the protection of consumers.