Coinbase Group Entity Fined in the U.K. for Onboarding High-Risk Customers
'Gentle' investigation and a discounted penalty in exchange for cooperation and commitment to compliance.
CB Payments Limited, a Coinbase subsidiary, was fined $4.5 million by the U.K. Financial Conduct Authority for onboarding high-risk customers. Although CBPL does not operate crypto transactions itself (and is not licensed to do so), it serves as a gateway for customers to trade crypto assets via other entities within the Coinbase Group.
Four years ago, CBPL entered into a voluntary agreement with the FCA. The agreement was concluded due to some concerns over CBPL’s financial crime framework and included several temporary restrictions on the company’s business. CBPL had designed several automated controls to comply with the requirements and identify high-risk customers who met specific (undisclosed) criteria.
During the investigation, which concluded yesterday, the FCA found out that the controls’ design, testing, implementation, and monitoring failed because of the company’s lack of skill and diligence. As a result, some of the original provisions, namely the onboarding of new high-risk customers, were repeatedly breached in 2020-2023:
“CBPL onboarded and/or provided e-money services to 13,416 high-risk customers. Approximately 31 per cent of these customers deposited around USD $24.9 million. These funds were used to make withdrawals and then execute multiple crypto asset transactions via other Coinbase Group entities, totalling approximately USD $226 million,” - claims the regulator.
Tiny Benefits, Large Fines
The regulator considered that the financial benefit derived from these customers totaled a tiny $4,000, which is the basis for calculating the penalty size. As the total sum of the penalty was too small ($480), the authority made an 'adjustment for deterrence' of $6.4 million. This fee was determind by taking into account the company's significant size and financial resources.
Coinbase accepted the findings but argued that the breach was unintentional and that high-risk customers represent only 0.34% of all customers onboarded within the given period. The company agreed to resolve the issues and thus qualified for a discount on the penalty imposed by the FCA: instead of paying over $6.4 million, it will pay around $4.5 million. The penalty is to be paid by August 6.
This is not the first time Coinbase has agreed to pay a fine for similar accusations. We saw a similar pattern in 2023: the company agreed to pay a $50 million fine after New York financial regulators found that it had allowed new users to open accounts without sufficient background checks. Back then, the company was also obliged to invest another $50 million in its compliance program.
Financial Conduct Authority On Guard
For the FCA, the process is somehow new: this is the first time the regulator has taken enforcement action under the Electronic Money Regulations 2011, and it is apparently the first penalty the regulator has imposed on a crypto-related company.
Still, this doesn’t mean that the FCA neglects its duties. The regulator’s warning list of unregistered companies is constantly updated with new names, often crypto-related. Earlier, the regulator almost kicked Binance out of the country. Its British subsidiary can no longer provide services, and certain services offered on the global platform are not accessible to retail clients based in the U.K. This summer, the regulator arrested two people allegedly operating an illegal $1.3 billion crypto business. The FCA stated then, “We will do everything in our power to stop crypto firms from operating illegally in the UK.”
Not many global crypto companies are registered within the country. One of the companies authorised to conduct specific crypto asset activities is Revolut, one of the most valuable FinTech startups in the world. Recently, it received a banking license in the U.K., its homeland, and entered the mobilization stage, which is intended for new banks.
Over the last couple of years, the U.K. has been working on creating a comprehensive crypto regulation framework. In 2023, the country passed the Financial Services and Markets Act, which enabled cryptocurrencies to be treated as regulated financial activities. Since then, the U.K. government has been on a legislation spree, introducing a crypto promotion regime, and implementing the Travel Rule, among other new regulations. New crypto and stablecoin rules are expected to be presented this month, and the FCA also plans to deliver a market abuse regime for crypto this year.
It's clear, however, that there was a very ‘mature’ and respectful dialogue between the exchange and regulators this time around. Coinbase cooperated with the authority throughout the course of its investigation and acknowledged its alleged mistakes instead of objecting to the penalty. The other side was polite in its accusations, outlining the company’s commitment to compliance and even expressing its respect in financial terms. The outcome might be mutually beneficial if the FCA findings help Coinbase recalibrate its onboarding procedure controls.
Members Discussion