US listed crypto exchange Coinbase has reached a $100mn settlement with New York regulators for anti money laundering failures including a backlog of more than 100,000 unreviewed transactions and a reliance on social media profiles to verify customers’ identities.
The New York State Department of Financial Services said on Wednesday that Coinbase would pay a $50mn fine for weak compliance measures and would spend a further $50mn on a two-year programme to improve its systems.
The DFS said Coinbase’s systems for enforcing anti money laundering rules had been “immature and inadequate”, leaving the exchange “vulnerable to serious criminal conduct” including “examples of fraud, possible money laundering, suspected child sexual abuse material-related activity, and potential narcotics trafficking”.
Issues around anti money laundering compliance have dogged the crypto industry since its inception, with critics arguing that the main use case for borderless digital tokens is to facilitate illicit activity. Despite the efforts of firms to convince policymakers of their credentials, Senator Elizabeth Warren last month doubled down on that message, warning that crypto had become “the preferred tool for terrorists, for ransomware gangs, for drug dealers, and for rogue states that want to launder funds”.
The settlement comes as regulators ramp up their scrutiny of crypto exchanges following November’s collapse of FTX, once one of the world’s largest crypto companies, and the arrest of its founder, Sam Bankman-Fried, last month.
Coinbase gained a licence from the New York DFS to allow customers to trade cryptocurrency on its platform in 2017, but the government department said on Wednesday it had since found that compliance measures were inadequate for an exchange of its size. Customer onboarding requirements at Coinbase were “a simple check-the-box exercise”, the DFS added.
Paul Grewal, chief legal officer at Coinbase, said the company “has taken substantial measures to address these historical shortcomings and remains committed to being a leader and role model in the crypto space”.
The regulator said Coinbase’s customer due diligence file from its retail customers historically consisted of “little more than a copy of a photo ID”, and that it “did the bare minimum” to verify due diligence information from retail customers, relying on self-reported social media profiles and overlooking information that was “clearly inaccurate, and/or incomplete”.
By the end of 2021, the backlog of Coinbase’s customers requiring enhanced due diligence exceeded 14,000, the New York DFS said. It described one case where a customer who was criminally charged with child sexual abuse crimes in the 1990s was able to open a Coinbase account.
“This publicly available information was not discovered by Coinbase at the time of onboarding, and thus the customer was not designated as high risk and no specially tailored controls or restrictions were imposed,” the regulator said, adding that the customer engaged in suspicious transactions for more than two years before Coinbase eventually noticed the activity.
Coinbase also was found to have poor transaction monitoring systems, where suspicious activities are flagged and investigated. By the end of 2021, Coinbase’s backlog of unreviewed transaction monitoring alerts reached more than 100,000, many of which were months old, the regulator found.
The implosion of FTX has rattled confidence in crypto companies, which have raced to soothe the nerves of their clients. Shares in Nasdaq-listed Coinbase have plunged 86 per cent over the past year, leaving it with a market capitalisation of $8.5bn.
Additional reporting by Scott Chipolina