Central Bank of Ireland Fines Coinbase Europe $24.8M for AML Failures

The Central Bank of Ireland (CBI) has imposed a $24.8 million (€21.5 million) fine on Coinbase Europe for breaching anti-money laundering (AML) and counter-terrorist financing obligations, marking Ireland’s first enforcement action against a cryptocurrency company.

“To be effective in combating financial crime, law enforcement agencies rely on regulated financial institutions to have systems in place to monitor transactions and report suspicions,” said Colm Kincaid, CBI’s deputy governor consumer and investor protection, in a statement on Thursday.

“The failure of such a system within any financial institution creates an opportunity for criminals to evade detection – and criminals will take that opportunity.”

The fine addresses breaches in its transaction monitoring obligations between 2021 and 2022 when more than 30 million transactions valued at over €176 billion, or around 31% of all Coinbase Europe transactions, were not properly monitored.

It took nearly three years for Coinbase Europe to complete retrospective monitoring, which led to 2,708 Suspicious Transaction Reports (STRs) being submitted to the Financial Intelligence Unit (FIU) for potential investigation. The reports included suspicions of money laundering, fraud, drug trafficking, cyber-attacks and child sexual exploitation.

Registered as a crypto institution in Ireland, Coinbase Europe was required to monitor its customers’ transactions using a Transaction Monitoring System (TMS). Coinbase said in a statement that coding errors in five out of 21 TMS scenarios in 2021-2022 caused certain transactions, including those with special character crypto addresses, to be overlooked.

The exchange said it corrected these errors and ran impacted transactions through the corrected TMS, leading to the detection of 185,000 transactions requiring further compliance investigation.

Of these, around 2,700 STRs were ultimately filed. While these STRs flagged potentially illicit activity, the CBI and Coinbase have declined to say whether criminal activity actually occurred. Coinbase has since enhanced TMS oversight, built new detection scenarios and strengthened its internal testing.

The settlement reduced the total sanction from almost €31 million under the CBI’s 30% discount scheme. The High Court must confirm the sanctions for them to take effect.

Coinbase said that it recognizes the importance of effective AML procedures and takes our obligations under AML legislation and regulatory guidance very seriously. “Our goal has always been and will always be to build the most trusted, compliant, and secure platform in the world,” it added.

Decrypt reached out to Coinbase for additional clarification on several points but a spokesperson redirected us back to the published statement without commenting further.

The CBI declined to comment further about whether it was pursuing action against other crypto companies.