On January 4, 2023, Superintendent Adrienne Harris of the New York State Department of Financial Services (NYDFS) announced a $100 million settlement with crypto exchange Coinbase Inc.
The agreement follows the finding of flaws in Coinbase’s compliance program, including its know-your-customer (KYC) and due diligence (CDD) procedures. The company agreed to pay $50 million in fines to the NYDFS and spend another $50 million on improvements to its compliance program. It will also extend the work of the Independent Monitor, who was appointed as a result of the April 2022 Memorandum of Understanding (MOU) with the NYDFS, for another 12 months.
This settlement stems from an earlier review covering the period from July 1, 2018 to December 31, 2019. Following that review, Coinbase committed to improving its AML and Office of Foreign Assets Control (OFAC) compliance programs by engaging independent consultant and working to develop appropriate remediation plans and compliance program improvements.
The most significant aspect of this settlement is apparently the $50 million that must be dedicated to improving compliance programs and systemic remediation over the next two years. This investment – along with the continuation of the Independent Monitor – makes it clear that the NYDFS action is not only designed to punish defaulters, but also to promote a safer crypto ecosystem that will ultimately reduce the incidence of potential financial crime events.
Ahead of the pack
For its part, Coinbase has long been a leader in promoting the need for well-regulated crypto markets and was actually one of the first institutions to receive a NYDFS BitLicense in March 2017. Some of the facts outlined in the Order indicate that the Coinbase Compliance Program has historically struggled to keep up with the rapid growth of the industry and user base.
The NYDFS stated: “By the end of 2021, Coinbase had a backlog of unreviewed transaction monitoring alerts that had grown to more than 100,000 (many of which were months old), and a backlog of customers requiring enhanced due diligence (“EDD”) exceeded 14,000.”
The NYDFS’ request that Coinbase devote significant resources to improving its compliance program is consistent with regulatory expectations at the national level, including those expressed by the US Treasury Department’s Office of Foreign Assets Control, which last year required crypto exchange Kraken to “spend additional $100,000 to invest in certain additional sanctions compliance controls, including training and technical measures to assist in sanctions screening”.
Similarly, the primary US federal banking regulator – the Office of the Comptroller of the Currency (OCC) – recently issued a consent order to Anchorage Digital Bank, requiring it to retain “an independent third-party consultant to review and submit a written report monitoring the Bank’s suspicious activities[.]” These actions demonstrate that the US regulatory commitment to ensuring adequate implementation of compliance programs in the crypto sector is strong at both the state and federal levels.
The message from the regulatory world—and NYDFS in particular—is clear: Investments in compliance must grow as businesses continue to scale.
Crypto crime in America