Prominent cryptocurrency exchange company Coinbase settled to pay a $50 million penalty and will invest an additional $50 million in its compliance function over the next two years.
 
Below mentioned compliance deficiencies at Coinbase lead to the fine and subsequent actions:
 
Know Your Customer/Customer Due Diligence: Customer account was opened with a copy of a photo ID and self-reported social media profiles; Annual expected activity and account purposes not captured before July 2021
 
Enhance Due Diligence (EDD): Requested for the bare minimum of identity documents; failure to conduct an on-time EDD, resulting in a 14,000+ backlog by December 2021
 
Transaction Monitoring: Lack of resources and huge backlog resulted in complete failure of the transaction monitoring processes
 
Third-Party Vendor/Contractor: Insufficient oversight over the third-party contractors’ transaction monitoring processes; Coinbase identified 96% and 73% failure/error rates for two such contractors
 
Unauthorized Transactions: An account was opened by a corporation employee without authorization documents, resulting in illegal transactions of over $150 million from the company account
 
Anti-Money Laundering Risk Assessments: No AML risk assessment conducted since 2017; No risk rating assigned to customers before September 2021.
 
Screening: ~1,600 institutional customers were not subject to ongoing sanctions or PEP screening until 20 December 2020; No adverse media check on customers. 
 
Compliance Team: Insufficient personnel, resources, and tools to ensure compliances