Unlock the Editor’s Digest for free
Roula Khalaf, Editor of the FT, selects her favourite stories in this weekly newsletter.
The Central Bank of Ireland has fined cryptocurrency exchange Coinbase €21.5mn for failing to properly monitor transactions, some of which were potentially associated with child sexual exploitation, drug trafficking, money laundering and other criminal activities.
The US crypto exchange failed to monitor more than 30mn transactions worth over €176bn, the central bank said on Thursday. These accounted for about 31 per cent of all transactions that went through its European entity over the period when the monitoring faults existed.
About €13mn of the non-monitored transactions were suspected to be related to money laundering, scams, child sexual exploitation and other criminal activity, the central bank said, adding that it “cannot say” whether any of these transactions resulted in a criminal offence.
The fine, which was reduced from an initial €30.7mn following a settlement reached on November 5, is a blow to Coinbase, which has tried to position itself as a compliant, transparent and trusted crypto exchange. It is also likely to add to long-standing concerns about cryptocurrencies being used as a payment for criminal activities.
Coinbase has pushed to expand its footprint in recent years and spent millions of dollars lobbying in the US and elsewhere. Former UK chancellor George Osborne is a senior adviser to the exchange.
The central bank said it took Coinbase’s European entity “almost three years to fully complete the monitoring of the impacted transactions”.
“Crypto has particular technological features which, together with its anonymity-enhancing capabilities and cross-border nature, makes it especially attractive to criminals looking to move their funds,” said Colm Kincaid, deputy governor of consumer and investor protection at the Central Bank of Ireland.
The sanctions refer to a failure to comply with transaction monitoring obligations between April 23 2021 and March 19 this year.
Coinbase said in a statement that it “inadvertently made three coding errors” when building its transaction monitoring system that meant it did “not fully screen all transactions in 2021 and 2022”. In one error, the system could not properly identify special characters such as “&” in crypto wallet addresses.
According to the central bank, in addition to breaching its transaction monitoring obligations, Coinbase failed to adopt internal policies, controls and procedures to prevent and detect money laundering and terrorist financing. It also failed to “conduct additional monitoring in respect of 184,790 transactions”.
Coinbase removed some customers involved in suspicious transactions but “the failure to fully and properly monitor those customers’ transactions in the first instance meant that they remained customers of Coinbase Europe with access to its services for longer than they should have”, the central bank said.
The company said it had fixed the errors and taken steps to “prevent these types of errors from happening again”.
The central bank said Coinbase intended to transfer the business of Coinbase Europe to a group entity in Luxembourg, meaning Coinbase Europe will cease conducting business in Ireland at the end of this year.