Recent regulatory action against U.S.-based Coinbase underscores that crypto is reaching a post-FTX inflection point.
The pressure is on for the business-as-usual attitude to button itself up and for industry actors to proactively show regulators they are operating transparently and in good faith.
Even those purportedly mature and regulated businesses can run into trouble, as evidenced by the $100 million settlement Coinbase agreed with this Wednesday (Jan. 4) from the New York Department of Financial Services (DFS) relating to a string of compliance failures dating back to 2018.
That an actor like Coinbase, which offers more transparency into its operations than the majority of its peers, and regularly works with Big Four auditor Deloitte’s Blockchain and Digital Assets team, can still come up short of regulatory requirements shows just far the rest of the crypto industry has to go to prove it represents a legitimate marketplace for interested users to park their assets.
As reported by PYMNTS last year, the DFS is among the country’s toughest and most well-regarded digital currency regulators, serving as a watchdog for the world’s largest financial actors.
“It’s definitely a different time for crypto,” Mary Ruppert, chief compliance officer of Zero Hash told PYMNTS in an earlier discussion. “The enthusiasm is still there, but recent events have made people cautious about things like internal controls, governance and making sure your business is functioning as a mature business.”
The settlement could potentially bring worse news for Coinbase in the future, as the company is presently in the middle of a class action lawsuit alleging it “misled investors regarding material risks attendant to Coinbase’s operations.”
Crypto Compliance Under a Microscope
Compared to other jurisdictions more favorable to the crypto industry’s fast-moving “innovations,” the U.S. maintains relatively stringent regulatory controls and consumer protection laws to keep organizations operating on domestic soil and transacting with U.S. citizens in check.
These regulatory frameworks do their job well when appropriately and consistently applied.
“If they’re in U.S. markets, they need to come into compliance,” Securities and Exchange Commission Chairman Gary Gensler said about the crypto industry.
The investigation by the DFS into Coinbase, led by Superintendent Adrienne Harris, found “wide-ranging and long-standing failures” in Coinbase’s anti-money laundering program (AML), know your customer (KYC) due diligence, transaction monitoring process and suspicious activity reporting (SAR) systems, among other failures that violate New York Banking Law and DFS virtual currency, money transmitter, transaction monitoring and cybersecurity regulations.
Keeping a tight ship is more important than ever for an emergent industry hoping to win back both consumer and regulatory trust after a string of much-publicized failures and fraudulent implosions.
“We’re seeing financial services in places where we’ve not been not used to seeing financial services,” DFS’ Harris told PYMNTS in an interview last May. She added, “So let’s think about regulation — not just from how do we prevent bad things from happening — that’s important — but also how do we start to shepherd the space?”
Coinbase has been ordered to pay a $50 million penalty and is being required to invest an additional $50 million into its compliance program over the next two years to address the gaps highlighted by the DFS.
The investigation comes on the heels of a “safety and soundness examination” conducted by DFS from July 1, 2018 through Dec. 31, 2019, that found “serious deficiencies” in Coinbase’s compliance functions.
“We view this resolution as a critical step in our commitment to continuous improvement, our engagement with key regulators, and our push for greater compliance in the crypto space — for ourselves and others,” Coinbase said in a statement. The company went on to state that it believes its “crypto-focused AML and sanctions compliance tools” will “become industry standard in the coming years,” as it invests further into ensuring its processes are fully compliant.
Industry peers hoping to do business in the U.S. would be wise to take note and follow suit.
The Cost of Growth at All Costs
According to the public settlement, Coinbase’s compliance system “failed to keep up with” the company’s dramatic and unexpected growth during the crypto boom that saw customer sign-ups and transaction levels grow to double-digit multiples in 2021 compared to 2020.
This rapid growth left Coinbase with a KYC program that was “immature and inadequate,” treating customer onboarding requirements as “check-the-box” exercises rather than conducting “appropriate due diligence.”
“It is critical that all financial institutions safeguard their systems from bad actors, and the Department’s expectations with respect to consumer protection, cybersecurity, and anti-money laundering programs are just as stringent for cryptocurrency companies as they are for traditional financial services institutions,” Harris said in a public statement.
“Coinbase failed to build and maintain a functional compliance program that could keep pace with its growth. That failure exposed the Coinbase platform to potential criminal activity requiring the Department to take immediate action.”
The DFS investigation found that by the end of 2021, Coinbase had a backlog of unreviewed transaction monitoring alerts of “more than 100,000,” and that the company’s backlog of customers requiring enhanced due diligence (EDD) exceeded 14,000.
The DFS consent order separately flagged Coinbase’s reliance “in 2019 through November 2021 on an inadequate case management system for dispositioning alerts and filing,” noting that the company “lacked sufficient personnel, resources, and tools needed to keep up with these alerts and backlogs.” It added that the investigation found “numerous examples of SARs filed months after the suspicious activity was first known” to Coinbase.
New York State continues to set the bar for virtual currency regulations and enforcement. Coinbase stated in its acceptance of the settlement that “we believe our investment in compliance outpaces every other crypto exchange anywhere in the world.”
Yet even those industry-leading investments couldn’t bring the company into full compliance with regulations meant to protect American consumers.
For all PYMNTS crypto coverage, subscribe to the daily Crypto Newsletter.
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More