3 months ago 2 min read

AML Regulatory Vulnerability, Coinbase Pays $100M Fine to New York Regulator


The New York State Department of Financial Services, or NYDFS, reached an agreement with Coinbase after investigating the company's compliance program.

The NYDFS penalized Coinbase $50 million and ordered the business to put an additional $50 million into its compliance program after reaching a settlement with the regulator, which uncovered significant flaws in the cryptocurrency exchange's examination of customer IDs and alerts on transactions.

"Coinbase lacked sufficient personnel, resources, and tools needed to keep up with these alerts, and backlogs rapidly grew to unmanageable levels. By the end of 2021, Coinbase had a backlog of unreviewed transaction monitoring alerts grew to more than 100,000 (many of which were months old), and the backlog of customers requiring enhanced due diligence (‘EDD’) exceeded 14,000,” the settlement said.

A license to operate a virtual currency and money-transfer business in New York has been granted to Coinbase since 2017. When the NYDFS found holes in the exchange's Know Your Customer (KYC) and transaction monitoring policies in the early months of 2022, the regulator set up an unbiased monitor to assist the business in fixing the problems.

According to the financial regulator, the cryptocurrency exchange allegedly had multiple compliance "deficits" in connection to AML requirements. The NYDFS identified issues with the transaction monitoring and user onboarding processes.

The settlement includes information about an early 2021 incident in which a user stole $150 million from an unnamed corporation by opening an account at Coinbase on the company's behalf while pretending to be an employee despite providing insufficient documentation.

The individual acquired entry to the company's bank account, multiplied the daily withdrawal limit by 50, and then transferred $150 million to the exchange. He converted the fiat deposit to bitcoin and moved it to an off-platform wallet.

The exchange was unaware of the activity for six days until being contacted by the company's bank. Law police eventually found the questioned cryptocurrency and returned it to the owner.

Paul Grewal, the chief legal officer of Coinbase, commented on the information:

Great! You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to Coin Aquarium.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.