Coinbase agreed last week to pay nearly €21.5 million ($24.8 million) to the Central Bank of Ireland to settle allegations that the crypto firm’s Dublin-based subsidiary insufficiently monitored transactions between April 2021 and March of this year, with respect to anti-money laundering and counterterrorism financing rules.
Coinbase’s transaction monitoring system, at the time, used 21 scenarios to flag suspicious transactions or patterns, the company said in a blog post Thursday. But when building the system, Coinbase inadvertently made three coding errors that caused five of the scenarios to fail to fully screen all transactions in 2021 and 2022.
For example, Coinbase’s programming overlooked crypto wallet addresses containing special characters such as &.
That meant, however, that more than 30 million transactions over a 12-month period – worth more than €176 billion – had not been properly monitored, the central bank said.
Coinbase subsequently filed 2,708 suspicious transaction reports from the time frame, flagging suspicions associated with money laundering, fraud, scams, drug trafficking, cyberattacks and child sexual exploitation, the central bank said.
“Crypto has particular technological features which, together with its anonymity-enhancing capabilities and cross-border nature, makes it especially attractive to criminals looking to move their funds,” Colm Kincaid, the central bank’s deputy governor for consumer and investor protection, said in a statement Thursday. “This is why it is especially important that firms engaged in crypto services have robust controls in place to identify and report suspicious transactions.”
It is unclear, though, whether any of the transactions resulted in criminal activity, Coinbase noted.
Coinbase identified the coding errors when testing its compliance systems and fixed them within two to three weeks after detection, the company said.
The central bank reduced Coinbase’s initial €30,663,906 penalty by 30%, to €21,464,734.
Coinbase, for its part, enhanced the testing and monitoring of its transaction monitoring system scenarios to prevent similar errors from happening again, the company said.
But its European subsidiary is also leaving Ireland at the end of the year. The central bank said Coinbase intended to transfer the business of Coinbase Europe to a group entity in Luxembourg.
As part of the settlement, the central bank cited that Coinbase failed to “conduct additional monitoring in respect of 184,790 transactions.” Coinbase removed some customers involved in suspicious transactions but “the failure to fully and properly monitor those customers’ transactions in the first instance meant that they remained customers of Coinbase Europe with access to its services for longer than they should have,” the central bank said.
