The UK's Financial Conduct Authority (FCA) has imposed a significant £3.5 million fine on CB Payments Ltd (CBPL), a subsidiary of cryptocurrency exchange giant Coinbase. This fine represents the FCA's first enforcement action under the Electronic Money Regulations 2011 (EMRs) against a company engaged in crypto asset trading.
The Breach and Its Consequences
CBPL's primary function is facilitating fiat currency exchange for crypto assets on the Coinbase platform. However, the FCA found serious shortcomings in CBPL's financial crime controls, resulting in the onboarding of over 13,000 high-risk customers. These customers subsequently engaged in transactions totalling a staggering $226 million, raising significant concerns about potential money laundering and other financial crimes.
The FCA's investigation revealed that these breaches stemmed from inadequate design, testing, and monitoring of CBPL's automated controls, particularly a "VREQ Flag" meant to identify and block high-risk customers. According to the FCA, this lapse significantly increased the risk of CBPL facilitating financial crime.
A Warning to the Crypto Sector
This landmark case sends a clear message to the burgeoning cryptoasset sector: robust financial crime controls are not optional. The FCA's decisive action underscores its commitment to protecting the integrity of the UK financial system and preventing illicit activities.
Even after a 30% settlement discount, the fine's size highlights the severity of CBPL's failings. It serves as a stark reminder to other firms operating in this space that they must prioritise compliance and invest in comprehensive risk management procedures to mitigate the potential for their platforms to be exploited for financial crime.
Looking Ahead: Increased Scrutiny and the Need for Robust Controls
The fallout from this case is likely to have far-reaching implications for the cryptoasset industry. Firms can expect increased regulatory scrutiny, with the FCA likely to focus on the effectiveness of their financial crime frameworks, especially those facilitating cryptoasset transactions.
The case also emphasises the need for firms to develop and maintain robust automated controls, conduct thorough testing, and implement continuous monitoring to ensure compliance with evolving regulatory requirements.
While CBPL has cooperated with the investigation and taken steps to enhance its controls, the FCA's decision highlights the importance of proactive compliance and the significant consequences of failing to prevent financial crime risks. As the crypto asset sector matures, robust regulatory compliance will be essential for building trust and ensuring long-term sustainability.