TLDR: Coinbase Europe Limited (CBEL) has cooperated with the Central Bank of Ireland (CBI) to reach a settlement regarding coding errors that affected transaction monitoring in 2021 and 2022. These errors, which CBEL identified and quickly fixed, led us to only partially screen certain customer transactions. When we re-reviewed those customer transactions, we ultimately filed roughly 2,700 suspicious transaction reports with the Irish government.
Today’s Announcement
Today, the Central Bank of Ireland (CBI) announced a settlement with Coinbase Europe Limited (CBEL), our Irish affiliate that provided crypto services to European customers. This settlement is a result of certain technical coding errors that impacted how we monitored crypto transactions in 2021 and 2022. As a starting point for their fine, CBI looked at our average annual revenue over 2021 to 2024 of €417 million. As a result, in this settlement, CBEL will pay a fine of €21.5 million.
What Happened
As a registered crypto institution in Ireland, CBEL was required to monitor its customers’ transactions. To do this, Coinbase built a Transaction Monitoring System (TMS), which is software that analyzes financial transactions to detect suspicious patterns or anomalies that we may need to investigate. Specifically, Coinbase built TMS “scenarios,” which look for certain red flags or transaction patterns that could be suspicious. These scenarios generate alerts, which a team of compliance experts investigate further. In 2021 and 2022, CBEL used 21 TMS scenarios to help monitor its customers’ transactions.
In building this TMS system, Coinbase inadvertently made three coding errors that caused five of the 21 TMS scenarios to not fully screen all transactions in 2021 and 2022. For example, crypto addresses separated by special characters were overlooked by these scenarios. These coding errors did not impact the other TMS scenarios that screened transactions, or Coinbase’s complementary compliance controls.
Coinbase identified these coding errors as part of its efforts to monitor and test its compliance systems. Once detected, Coinbase fixed the coding errors within two to three weeks. CBEL then ran all of the impacted crypto transactions back through the now fixed five TMS scenarios—this took a longer period of time to complete. This review identified approximately 185k transactions that compliance needed to investigate further. During this time period, CBEL processed around 97 million crypto transactions.
From CBEL’s review of each of these 185k transactions, it ultimately filed roughly 2,700 Suspicious Transaction Reports (STRs) on transactions cumulatively valued at €13 million. Registered companies like CBEL are required to file STRs if they “suspect” or “have reasonable grounds to suspect” a party to the transaction is engaged in money laundering or other illicit activity. As part of this settlement, the CBI and CBEL cannot say that the transactions in these 2,700 reports actually resulted in criminal activity.
Coinbase’s Commitment to Compliance
In addition to fixing these coding errors, Coinbase and CBEL took steps to prevent these types of errors from happening again–enhancing testing and monitoring of TMS scenarios, including before any code changes are made to the system, to prevent inadvertent errors. CBEL also enhanced its oversight of Coinbase’s systems, allowing it to further monitor these technical processes. And Coinbase has continued to invest in TMS, building new scenarios to detect evolving high risk activity.
Coinbase recognizes the importance of effective AML procedures and takes our obligations under AML legislation and regulatory guidance very seriously. Our goal has always been and will always be to build the most trusted, compliant, and secure platform in the world.
International
Recent Stories
