UK subsidiary Coinbase fined $4.5 million for high-risk data breaches

• CB Payments Limited (CBPL), a subsidiary of Coinbase Group, has been fined $4.5 million by the FCA for onboarding high-risk customers.
• Violations occurred despite a 2020 agreement to end the onboarding of high-risk customers.
• This is the FCA’s first action under the Electronic Money Regulations 2011 against a crypto firm.

In a landmark decision, the Financial Conduct Authority (FCA) has fined Coinbase’s UK subsidiary, CB Payments Limited (CBPL), £3.5 million ($4.5 million) for repeated breaches of anti-money laundering regulations.

This action marks the first time the FCA has taken action under the Electronic Money Regulations 2011 against a cryptocurrency company.

CBPL had agreed with FCA not to onboard high-risk customers

In October 2020, CB Payments Limited (CBPL), part of the Coinbase Group, entered into a voluntary agreement with the FCA to stop onboarding high-risk customers.

The deal was aimed at strengthening the company’s financial crime controls, which the FCA assessed as having significant weaknesses.

Despite these restrictions, CBPL onboarded 13,416 high-risk customers. These customers deposited approximately $24.9 million, which was used for crypto withdrawals and transactions worth $226 million through other Coinbase entities.

The FCA’s investigation found that CBPL failed to exercise due skill, care and diligence in designing, testing, implementing and monitoring controls to comply with the voluntary requirement (VREQ).

The company failed to adequately consider all potential customer onboarding methods, leading to significant breaches that went unnoticed for nearly two years.

FCA Deputy Executive Director of Enforcement and Market Oversight Therese Chambers in a statement released on July 25highlighted the seriousness of the situation by stating that CBPL’s controls had significant weaknesses, and the FCA told him so, which is why the requirements were necessary.

According to the statement, the CBPL has, however, repeatedly violated these requirements, increasing the risk that criminals could use the CBPL to launder the proceeds of their crime. We will not tolerate such laxity, which jeopardizes the integrity of our markets.

Coinbase Subsidiary Received 30% Reduction in Fine

Coinbase responded to the FCA’s findings, stating that it takes regulatory compliance very seriously and is actively improving its controls to ensure compliance with regulatory obligations.

The FCA acknowledged CBPL’s cooperation in the investigation and noted that the company received a 30% reduction in the fine for agreeing to resolve the matter more quickly.

Warning to Cryptocurrency Companies That Fail to Control Financial Crime

The FCA’s action reflects a broader intention to hold cryptocurrency businesses accountable for their anti-money laundering obligations.

Kate Gee, partner and cryptocurrency litigation specialist at Signature Litigation in London, said…