UK Coinbase unit CBPL fined $4.5M for lack of money laundering controls


UK financial regulators announced on Thursday the first-of-its-kind sanctions against CB Payments LTD. (CBPL) – part of the UK Coinbase Group – over failure to maintain appropriate financial crime controls and protect against money laundering schemes.

The UK Financial Conduct Authority (FCA) made its final ruling against the London-based cryptoasset trading platform on Tuesday, July 23rd, based on regulatory concerns dating back to 2020, that the FCA said CBPL never properly addressed.

“CBPL's controls had significant weaknesses and the FCA told it so, which is why the requirements were needed. CPBL, however, repeatedly breached those requirements,” said Therese Chambers, FCA joint Executive Director of Enforcement and Market Oversight.

ADVERTISEMENT

“We will not tolerate such laxity, which jeopardizes the integrity of our markets,' she said.

CBPL, which is not currently registered to undertake cryptoasset activities in the UK, instead, acts as a gateway for customers allowing them “to deposit fiat currency into e-money wallets which can then be used to purchase and exchange cryptoassets via other entities within the Coinbase Group,” the FCA notice states.

Even after CBPL voluntarily agreed to beef up its financial controls back in 2020, the FCA said the required measures were still missing years later.

Furthermore, the firm continued to take on new high-risk customers, which CBPL had been banned from doing until the new financial framework was in place.

“We've fined CB Payments Ltd £3,503,546 [about $4.5 million] for repeatedly breaching a requirement that prevented the firm from offering services to high-risk customers,” the FCA posted on social media platform X on Thursday.

"We welcome regulation and are dedicated to working proactively and closely with the most sophisticated financial regulators in the world, including the FCA, to ensure we offer the most compliant, trusted, and secure platform for our customers," Coinbase said in response to the FCA announcement on Thursday.

ADVERTISEMENT

CBPL software failed to flag suspicious transactions

The FCA blames CBPL for its lack of due skill, care, and diligence in the design, testing, implementation, and monitoring of the controls put in place to ensure that the VREQ (voluntary requirement) was effective.

The FCA said that between October 2020 and October 2023, CBPL onboarded and/or provided e-money services to 13,416 high-risk customers, depositing a total of roughly $24.9 million.

Those funds were then used to carry out subsequent crypto transactions via other Coinbase Group entities, worth approximately $226 million.

“CBPL filed Suspicious Activity Reports (SARs) in respect of 62 customers to alert law enforcement to potential money laundering,” the FCA said. The combined value of those ‘unflagged’ transactions was approximately $1.75 million.

Because of the failure of the Coinbase Product, Engineering, and Design team to properly monitor compliance and flag questionable transactions, the repeated and material breaches went undiscovered for almost two years, the regulators said.

Chambers said the lack of financial security measures left CBPL vulnerable to bad actors using the platform to launder proceeds from financial crimes.

“The money laundering risks associated with crypto are obvious and firms must take them seriously,” Chambers said. Companies, such as CB payments, that conduct payment services are at particular risk, the FCA final notice stated.

The firm also qualified for a 30% discount on the original £5,003,646 (about $6.4 million) fine and further agreed to resolve the matter.

“It is imperative that such firms maintain robust systems and controls to identify and mitigate the risk of their businesses being used in this way,” it said.

ADVERTISEMENT

The first-of-its-kind FCA enforcement action was taken under the UK Electronic Money Regulations 2011.