Under regulations, Coinbase Europe is required to monitor customer transactions on an ongoing basis. Where the company suspects a transaction is facilitating money laundering or terrorist financing, it is required to file a Suspicious Transaction Report (STR) with the national Financial Intelligence Unit and Revenue Commissioners as soon as possible.

However, the Central Bank has fined Coinbase for “faults in the configuration of their transaction monitoring system”, which resulted in more than 30 million transactions “not being properly monitored over a 12-month period”.

“The value of these transactions amounted to over €176bn, and accounted for approximately 31% of all Coinbase Europe transactions conducted in the period when the faults existed,” the Central Bank said.

It subsequently took Coinbase Europe almost three years to “fully complete the monitoring of the impacted transactions”, the Central Bank said. 

After an initial review it narrowed the total number of transactions missed down to 184,790 that needed further review. This subsequent monitoring led to the reporting of 2,708 STRs with a combined value of €13m. 

These STRs contained suspicions associated with serious criminal activities including: money laundering; fraud/scams; drug trafficking; cyber-attacks; and child sexual exploitation.

The Central Bank “cannot say” if any of these transactions “resulted in a criminal offence” and therefore this was not taken into account as a sanctioning factor.

It said the monitoring of transactions in real time and the filing of STRs without delay is a cornerstone of the effectiveness and efficiency of the anti-money laundering and counter terrorist financing regulatory regime.

“Failure to do so can seriously hinder how the regulatory and criminal justice system can detect, report, disrupt, investigate and prosecute criminality,” the bank said.

Coinbase has accepted it had breached its transactions monitoring obligations. It accepted that it failed to fully and properly monitor more than 30 million transactions; failed to adopt internal policies, controls and procedures to prevent and detect the commission of money laundering and terrorist financing; and failed to conduct additional monitoring in respect of 184,790 transactions.

The Central Bank was allowed to impose a fine based on 10% of Coinbase Europe’s - the Irish subsidiary of the Coinbase company - annual turnover or €10m whichever is greater. As part of determining the size of the fine, it averaged out the company’s annual turnover between 2021 and 2024 which came to just over €417m.

The Central Bank said that it was notified by Coinbase on November 21, 2023 of the non-monitoring issue. It said the delay in notification has been “treated as an aggravating feature of this case”.

It originally fined the company €30,663,906, but a 30% discount was applied as Coinbase Europe admitted the prescribed contraventions and agreed to the undisputed facts as set out in the Settlement Notice.

In total, the Central Bank fined the company €21,464,734.

The sanctions are subject to confirmation by the High Court and will take effect once confirmed.

Central Bank deputy governor Colm Kincaid said crypto had particular “technological features which, together with its anonymity-enhancing capabilities and cross-border nature, makes it especially attractive to criminals looking to move their funds”.

“This is why it is especially important that firms engaged in crypto services have robust controls in place to identify and report suspicious transactions. Where system failures do occur, it is imperative that they are reported to the Central Bank without delay so that appropriate actions can be taken to manage and mitigate the risk,” he said.

In a statement, Coinbase said issues with their Transaction Monitoring System (TMS) -a software that analyzes financial transactions to detect suspicious patterns - meant that certain “scenarios”, which look for certain red flags or suspicious transaction patterns, were missed.

“Coinbase inadvertently made three coding errors that caused five of the 21 TMS scenarios to not fully screen all transactions in 2021 and 2022… These coding errors did not impact the other TMS scenarios that screened transactions, or Coinbase’s complementary compliance controls.” 

“As part of this settlement, the Central Bank and Coinbase Europe cannot say that the transactions in these 2,700 reports actually resulted in criminal activity.”