ESG Enforcement Tracker

The NYSDFS announced that cryptocurrency trading platform Coinbase will pay a penalty of US$50 million to New York State for “significant failures” in its compliance programme. These failures made its platform vulnerable to serious criminal conduct, including potentially, fraud, money laundering, child sexual abuse material-related activity, and narcotics trafficking.

Coinbase also agreed to invest a further US$50 million in its compliance function in the following two years to remediate the failings and to enhance the function under a plan approved by the NYSDFS.

Coinbase was first licenced in the State of New York as a virtual currency business and money transmitter in 2017.

In 2020, the NYSDFS undertook a safety and soundness examination of Coinbase for the period of 1 July 2018 to 31 December 2019. In 2021, it also started an enforcement investigation.

The NYSDFS found that Coinbase’s Bank Secrecy Act/Anti-Money Laundering programme, including its know your customer/customer due diligence, transaction monitoring system, suspicious activity reporting, and sanctions compliance systems, were inadequate for a financial services provider of its size and complexity.

The NYSDFS found:

• Coinbase’s know your customer/customer due diligence programme, as written and implemented, was immature and inadequate. Customer onboarding requirements were a check-the-box exercise and there was no appropriate due diligence.
• Coinbase could not keep pace with the volume of alerts generated by its transaction monitoring system. By late 2021, this had resulted in a backlog of over 100,000 unreviewed transaction monitoring alerts.
• One consequence of Coinbase’s failed transaction monitoring system was that as its uninvestigated transaction monitoring alerts languished for months in the backlog, and Coinbase routinely failed to timely investigate and report suspicious activity as required by law. The NYSDFS’s investigation found numerous examples of SARs filed months after the suspicious activity had first become known.

In February 2022, the NYSDFS “took the extraordinary step” of installing an independent monitor to evaluate the situation and work with Coinbase to fix the issues.

This independent monitor will continue to work with Coinbase for a further year, which the NYSDFS can extend.

Coinbase has begun to remediate many of the issues and to build a more effective and robust compliance programme under the supervision of NYSDFS and the independent monitor.