Coinbase reached a settlement with the New York State Department of Financial services amounting $100 million

Coinbase yesterday, January 4th 2023, reached a settlement with the New York State Department of Financial services amounting $100 million.

The amount involves:
– $50 million penalty
– $50 million for investment in its compliance function

👉 Coinbase’s Compliance Deficiencies:

🚩 Not compliant with Bank Secrecy Act and AML obligations, reporting requirements and record keeping

🚩 Despite the identification of weaknesses by internal assessments and external reviews, Coinbase made a slow progress

👉 Coinbase’s KYC/CDD deficiencies:

🚩 Failed to truly know their clients by understanding the nature and purpose of their customers’ businesses, source of funds and the customer’s true identity or ownership

🚩 Treated customer onboarding as a simple “check-the-box” exercise

🚩 Before December 2020, no informed “risk rating” was assigned to individual retail customers

🚩 Did not obtain sufficient documentation from their clients to effectively identify and verify its clients

🚩 No timely EDD on high-risk customers and, when conducted only asked for the minimum documents

👉 Transaction monitoring systems (TMS) deficiencies

🚩 Coinbase failed to keep pace with its alerts. The company had more than 100,000 unreviewed transaction monitoring alerts

🚩 Had insufficient oversight over the third-party contractors it hired for TM

👉 Suspicious Activity Reporting (SAR) deficiencies:

🚩 Failed to timely investigate and report suspicious activity. Some SARs were filed in some cases more than six months from the date of the transaction

🚩 Record keeping for SARs were insufficient

👉 KYC and PEP Screening

🚩 The customers of Coinbase were not subject to ongoing PEP and sanctions screening

👉 Cybersecurity Event Reporting

🚩 Coinbase failed to timely report to the relevant authority a cybersecurity incident. The incident was reported five months after the event

The example highlights the importance of having a robust AML compliance program which must be risk-based and includes:
🔹  KYC/CDD procedures
🔹  PEP and Sanctions Screening systems
🔹  Transaction monitoring systems
🔹  Suspicious activity reporting procedures
🔹  Record keeping procedures

Artboard 1

Related Articles