London, United Kingdom – Coinbase's United Kingdom arm, CB Payments Limited (CBPL), has been fined £3,503,546 ($4.5 million) by the Financial Conduct Authority (FCA) for breaching a voluntary agreement related to user onboarding. This penalty marks a significant enforcement action by the British regulator under the Electronic Money Regulations 2011.
Violation of the FCA Agreement
In 2020, CBPL, a subsidiary of the Coinbase Group, entered a voluntary agreement with the FCA to prevent the onboarding of customers deemed "high risk" by the regulator. However, the FCA alleges that CBPL onboarded 13,416 such high-risk customers, in violation of the agreement, and provided them with cryptocurrency services.
Regulatory Concerns and Money Laundering Risks
The FCA highlighted that these breaches were not isolated incidents but represented repeated violations of the agreement. This lapse in control, according to Therese Chambers, joint executive director of enforcement and market oversight at the FCA, posed substantial money laundering risks. In a statement issued on July 25, Chambers said, "CBPL’s controls had significant weaknesses and the FCA told it so, which is why the requirements were needed. CPBL, however, repeatedly breached those requirements. This increased the risk that criminals could use CBPL to launder the proceeds of crime. We will not tolerate such laxity, which jeopardizes the integrity of our markets."
Implications for the Crypto Industry
The regulator’s decision could signal heightened scrutiny for other cryptocurrency exchanges operating in the UK and potentially prompt platforms to seek more favorable regulatory environments. This action is the first instance of the FCA imposing penalties based on the Electronic Money Regulations 2011, underscoring the seriousness with which it views these breaches.
Coinbase’s Response
Coinbase acknowledged the breaches but emphasized that they were unintentional and represented a small fraction of their customer base. In a statement, Coinbase noted, "CBPL unintentionally onboarded some customers between October 30, 2020, and October 1, 2023, (representing 0.34% of customers onboarded) who were classified as high-risk under the terms of the VREQ (Voluntary Application for Imposition of Requirements). This led to the FCA’s investigation and subsequent action."
Focus on E-Money Transmitter Services
Coinbase also clarified that the FCA’s investigation did not focus on crypto asset transactions but rather on the firm’s e-money transmitter services. "CBPL has been authorized by the FCA since 2017 as an e-money institution and provides e-money and payment services to customers located in certain jurisdictions. As a result, CBPL is not authorised by the FCA to conduct cryptoasset transactions for customers and the FCA’s investigation did not look at any cryptoasset transactions," the statement added.
Monitoring Failures and Resolution
The FCA indicated that the breaches had gone undetected for two years due to inadequate initial monitoring practices for the firm’s voluntary agreement. As part of the resolution, CBPL received a 30% discount on the fine by agreeing to settle the matter promptly.
Future Regulatory Landscape
This incident might mean a broader crackdown on cryptocurrency services providers in the UK. The regulator’s stringent stance on compliance and risk management highlights the increasing regulatory challenges that crypto firms may face. As the landscape evolves, firms operating within the sector will need to enhance their compliance frameworks to mitigate regulatory risks and align with stringent oversight requirements.
The enforcement action against CBPL serves as a stark reminder of the importance of robust controls and adherence to regulatory agreements, especially in the rapidly evolving and highly scrutinized cryptocurrency industry. As the FCA continues to monitor and enforce compliance, the future of crypto operations in the UK may witness significant regulatory shifts aimed at ensuring market integrity and mitigating financial crime risks.