Supervisor Adrienne A. Harris announces $100 million settlement with Coinbase, Inc. after DFS investigation uncovers significant deficiencies in the company’s compliance program

DFS investigation finds widespread and long-standing failures in Coinbase, Inc.’s anti-money laundering program, including know-your-customer/customer due diligence, transaction monitoring, and suspicious activity reporting systems.

The settlement requires Coinbase to pay a $50 million fine and invest an additional $50 million in its compliance program.

Superintendent of Financial Services Adrienne A. Harris announced today that Coinbase, Inc. (“Coinbase”) will pay a $50 million fine to the State of New York for material failures in its compliance program that violated New York banking law and the New York State Department of Financial Services (DFS) virtual currency, money transmitter, transaction monitoring, and cybersecurity regulations. These failures left the Coinbase platform vulnerable to serious criminal conduct, including, but not limited to, fraud, possible money laundering, suspected activity related to child sexual abuse material, and potential drug trafficking. In addition to the fine,

“It is critical that all financial institutions protect their systems from bad actors, and the department’s expectations for consumer protection, cybersecurity, and anti-money laundering programs are as rigorous for cryptocurrency companies as they are for traditional financial services institutions,” said Superintendent Harris. “Coinbase failed to establish and maintain a functional compliance program that could keep pace with its growth. This failure exposed the Coinbase platform to potential criminal activity and required immediate action by the department, including the installation of independent monitors.”

Coinbase has been licensed by the Department to conduct virtual currency business and money transmitting business in New York State since 2017. Following an examination and subsequent enforcement investigation, the Department found that Coinbase’s BSA/AML program—including its Know Your Customer/Customer Due Diligence (“KYC/CDD”), Transaction Monitoring System (“TMS”), Suspicious Activity Reporting, and Sanctions Compliance systems—was inadequate for a financial services provider of the size and sophistication of Coinbase.

• During much of the relevant period, Coinbase’s KYC/CDD program, both as written and implemented, was immature and inadequate. Coinbase treated customer onboarding requirements as simple check-box exercises and failed to conduct appropriate due diligence.

• Coinbase Could Not Keep Up with the Growth in the Volume of Alerts Generated by its TMS. By the end of 2021, Coinbase had failed to keep pace with its alerts, resulting in a massive and growing backlog of over 100,000 unreviewed transaction monitoring alerts.

• One consequence of Coinbase’s failed TMS was that Coinbase routinely failed to investigate and report suspicious activity in a timely manner as required by law because uninvestigated TMS alerts sat in a backlog for months. The Division’s investigation found numerous examples of SARs being filed months after the suspicious activity was first known to Coinbase.

Given the condition of Coinbase’s compliance systems, in early 2022, during the course of its investigation, the Department took the unusual step of installing an independent monitor to immediately assess the situation and began working with Coinbase to resolve outstanding issues. Under the terms of the consent order, the independent monitor will continue to work with Coinbase for one year, which may be extended at the Department’s discretion. In direct response to the Department’s findings and swift actions, Coinbase has begun to remediate many of the issues noted and establish a more effective and robust compliance program under the oversight of DFS and the DFS-appointed independent monitor.

Today, New York continues to set the standard for the prudential regulation of virtual currencies. DFS deploys a wide range of tools to regulate the industry, including licensing, supervision, examination, and enforcement. Together, these tools protect consumers; maintain the safety and soundness of firms; ensure cybersecurity compliance; and help root out financial crimes such as money laundering and terrorist financing.