Coinbase to pay $100 million over failure to scale AML as business boomed

Coinbase reached a $100 million settlement with the New York Department of Financial Services following investigations into failures in its compliance program.

The NYDFS fined Coinbase $50 million and required the company to invest another $50 million into its compliance program following a settlement with the regulator, which found gaping holes in the crypto exchange's review of customer identities and alerts on transactions. Particularly, it noted that the exchange failed to keep up with the growth in its customer base from 2020 through 2021. 

"Coinbase lacked sufficient personnel, resources, and tools needed to keep up with these alerts, and backlogs rapidly grew to unmanageable levels," the settlement reads. "By the end of 2021, Coinbase had a backlog of unreviewed transaction monitoring alerts grew to more than 100,000 (many of which were months old), and the backlog of customers requiring enhanced due diligence ('EDD') exceeded 14,000."

Coinbase has had a digital asset business license with the NYDFS — more commonly called a BitLicense — since 2017. By reputation the most rigorous regulatory regime in U.S. crypto, the BitLicense entails ongoing examinations, including one in 2020 that kicked off its issues with Coinbase.

The settlement includes details of an early 2021 incident in which a user stole $150 million from an unnamed company by opening an account on behalf of the company at Coinbase, by pretending to be an employee despite not providing appropriate documentation. The individual expanded the company’s daily withdrawal limit by a factor of 50 and subsequently accessed the company's bank account, from which they transferred $150 million to Coinbase. 

The thief then converted the fiat deposit into crypto and moved it off-platform onto a separate wallet. Coinbase was unaware of the activity for six days, until the corporation's bank contacted the crypto exchange. Law enforcement was eventually able to track down the crypto in question and return it to its rightful owner.

In February 2022, the company hired an independent monitor in an effort to resolve these concerns, but their initial efforts did not fully appease the NYDFS. 

Noting that the NYDFS investigation was initially revealed on a filing with the Securities and Exchange Commission, Chief Legal Officer Paul Grewal said in a statement that "Coinbase has taken substantial measures to address these historical shortcomings and remains committed to being a leader and role model in the crypto space, including partnering with regulators when it comes to compliance. We believe our investment in compliance outpaces every other crypto exchange anywhere in the world, and that our customers can feel safe and protected while using our platforms."

Coinbase shares gained 6% in early trading. 

Updated with details of the $150 million theft described in the settlement.