Coinbase, a publicly traded cryptocurrency trading exchange based in the United States, agreed to pay a $50 million fine after financial regulators found that it let customers open accounts without conducting sufficient background checks, in violation of anti-money-laundering laws.
The settlement with the New York State Department of Financial Services, announced Wednesday, will also require Coinbase to invest $50 million to bolster its compliance program, which is supposed to prevent drug traffickers, sellers of child pornography and other potential lawbreakers from opening accounts with the exchange.
It’s the latest hit to the once-highflying global cryptocurrency trading business. Several cryptocurrency firms have filed for bankruptcy over the past year — most notably FTX, which was the world’s second-largest crypto exchange before it collapsed in November. Sam Bankman-Fried, the founder, and other top FTX executives now face federal criminal charges.
The compliance problems at Coinbase were first detected during a routine examination in 2020 after the exchange secured a license to operate in New York in 2017, regulators said. They found problems with the exchange’s anti-money-laundering controls going as far back as 2018.
Coinbase initially agreed to hire an independent consultant to help overhaul its day-to-day operations so that they met requirements set by anti-money-laundering laws to know the identities of customers and monitor their behavior for suspicious activity.
But that did not fix the company’s problems, and regulators opened a formal investigation in 2021. The exchange had fallen behind on two key operations: digging deeper into the backgrounds of customers whose identities seemed murky at first glance and following up on the suspicious-activity alerts that its internal monitoring system generated.
By late 2021, Coinbase had a backlog of more than 100,000 alerts about potential suspicious customer transactions that were not being properly examined, according to the Department of Financial Services. Regulators also found that Coinbase performed only the most rudimentary “know your customer” checks on people before letting them open accounts. The exchange treated customer background checks as a “simple check-the-box exercise,” they said.
In one instance, Coinbase unwittingly helped a digital thief steal $150 million from an unnamed company by claiming to be an employee of that company when opening a Coinbase account.
The company’s procedures in vetting the backgrounds of customers were so inadequate that early last year, regulators ordered Coinbase to hire an outside monitor — separate from the independent consultant the firm had previously agreed to hire — to oversee its compliance, even as the formal investigation was underway.
“We found failures that really warranted putting in place an independent monitor rather than wait for a settlement,” Adrienne A. Harris, New York State’s superintendent of financial services, said in an interview. “We have been very outspoken about illicit financing concerns in the space. It is why our framework holds crypto companies to the same standard as for banks.”
“Coinbase remains committed to being a leader and role model in the crypto space, and this means partnering with regulators when it comes to compliance and other areas,” the company’s chief legal officer, Paul Grewal, wrote in a blog post on its website on Wednesday.
The settlement, which says Coinbase is still moving too slowly in its efforts to review its older accounts for suspicious features, will require the exchange to work with the monitor for at least another year as it puts in place systems to improve its compliance operation. New York regulators did not identify the monitor.
Ms. Harris said Coinbase’s compliance department had failed to keep up with the exchange’s rapid growth. Founded in San Francisco in 2012, Coinbase has a market capitalization of more than $7.6 billion and is the largest crypto trading platform based in the United States, with 100 million users worldwide. Most of its peers are based in jurisdictions where regulations are typically lighter. FTX, for example, was based in the Bahamas.
But the U.S. authorities have long worried about the cryptocurrency industry’s potential to weaken global anti-money-laundering protections because, for years, industry leaders prided themselves on their efforts to evade regulation.
The industry itself sprang into existence without the oversight and scrutiny that are routine for banks, brokerages, insurance firms and investment firms. Over the past decade, state and federal authorities have taken whatever steps they could to bring exchanges like Coinbase and its overseas peers into line.
New York was one of the first states to require crypto firms to obtain licenses before seeking business from state customers, known as BitLicenses. To date, the state has issued roughly 30.
In August, the Department of Financial Services fined the crypto trading arm of the financial brokerage Robinhood $30 million for violating a host of financial regulations, including anti-money-laundering laws. In November, the Treasury Department announced a settlement with another U.S.-based exchange, Kraken, over trading services it provided to customers in Iran that violated U.S. sanctions.
According to the Treasury’s Office of Foreign Assets Control, Kraken enabled around $1.7 million in transactions over four years. It agreed to pay over $360,000 to settle the matter.
Federal prosecutors have also been examining whether overseas firms are properly screening the backgrounds of customers. The authorities are investigating potential anti-money-laundering violations by Binance, the world’s largest crypto trading exchange, according to news reports and a person familiar with the matter.
Until the fall of 2021, Binance allowed customers making deposits under a certain amount to open accounts without being subjected to a rigorous identity-verification process. Binance’s erstwhile rival, FTX, was also being investigated for failing to follow anti-money-laundering rules.
Federal prosecutors in New York have charged Mr. Bankman-Fried with overseeing a scheme to misappropriate billions of dollars in customer deposits at FTX.
Coinbase recently sought to distinguish itself from FTX. In one television ad, the exchange said that customer deposits at its firm were safe and secure, and that crypto investors could take comfort in the fact that Coinbase was a U.S.-based, publicly traded company “with regular audits and transparent accounting.”
In a November regulatory filing with the Securities and Exchange Commission, Coinbase disclosed that it had been the subject of an investigation by New York financial regulators into its compliance with bank secrecy laws. The company said at the time that it was cooperating with the investigation.
In the same regulatory filing, Coinbase also said it had received “investigative subpoenas and requests” for documents from the S.E.C. about some of its customer programs and products.
“We have seen this argument that regulation and an innovation can’t live together,” Ms. Harris said. “But if you are a good, responsible actor, you should be able to still do business.”