What To Know:
- The Central Bank of Ireland fined Coinbase Europe Limited €21.5 million after discovering coding errors in its transaction monitoring system that left some transactions unscreened between 2021 and 2022.
- Coinbase identified and fixed the issue internally, and later filed around 2,700 suspicious transaction reports worth €13 million and strengthened its AML monitoring controls.
- The regulator said the penalty reflects the severity of compliance gaps, marking one of Ireland’s largest fines against a crypto firm under its AML framework.
The Central Bank of Ireland (CBI) has fined Coinbase Europe Limited €21.5 million post a settlement over coding errors in its transaction monitoring system. The issue, which occurred between 2021 and 2022, left a portion of customer transactions only partially screened for suspicious activity. Coinbase said the problem was identified internally, fixed within weeks, and later followed by improvements in anti-money laundering (AML) controls.
Ireland Clamps Down on Coinbase For Flouting AML Norms
The CBI’s decision typifies one of the largest fines imposed on a crypto service provider under Ireland’s AML framework. The regulator concluded that Coinbase Europe, known as CBEL, had failed to fully comply with transaction monitoring requirements during the affected period. The lapse was linked to three separate coding errors in Coinbase’s Transaction Monitoring System (TMS), which is used to identify and flag suspicious activity across millions of crypto transactions.
The monitoring system, as per Coinbase, relied on 21 programmed “scenarios” created to detect red flags like unusual trading patterns or transactions tied to risky jurisdictions. Five of these scenarios were compromised by the coding errors, resulting in certain types of data, such as crypto addresses separated by special characters, being excluded from screening.
After discovering the issue, Coinbase said it reran the affected data through the corrected system. The review covered around 185,000 transactions, drawn from approximately 97 million processed during the period in question. This secondary review led to the filing of about 2,700 Suspicious Transaction Reports (STRs) involving transactions valued at roughly €13 million.
The CBI stated that the fine reflects the seriousness of compliance gaps in institutions handling customer assets. Under Ireland’s AML laws, registered crypto service providers are required to maintain continuous monitoring systems capable of identifying and reporting suspicious transactions promptly. While Coinbase and the regulator have agreed not to assert that any of the reported transactions were criminal in nature, the control exposed a structural weakness in automated compliance monitoring.
Coinbase has said it accepted the regulator’s findings and worked closely with the CBI throughout the investigation. The company emphasized that its controls remained effective in other areas and that the issue was limited to a subset of automated scenarios.
It’s notable that after the incident, Coinbase implemented extra security checks to avoid committing such errors in the future. These have included: stepping up pre-deployment testing, independent verification of monitoring code and more stringent supervision from its European compliance teams. The firm has also beefed up its TMS with new monitoring scenarios to help counter the developing threat of financial crime.
A Coinbase spokesperson said the company “takes its obligations under AML legislation and regulatory guidance very seriously” and continues to prioritize compliance across all jurisdictions where it operates.
The Irish regulator noted that its penalty took into account Coinbase Europe’s average annual revenue between 2021 and 2024, estimated at €417 million. The CBI also considered Coinbase’s cooperation and the steps it took to remediate the issue as mitigating factors in the final fine.
Ireland has become one of the European Union’s main regulatory hubs for crypto firms, with several global exchanges operating from Dublin under the country’s registration regime. Regulators have increased scrutiny of AML compliance amid the EU’s push to strengthen control through the Markets in Crypto-Assets (MiCA) framework, which will come into full effect in 2025.
Analysts say the case reflects the challenges facing large crypto platforms in aligning automated compliance systems with fast-changing regulatory expectations. Unintentional technical mistakes can expose companies to major penalties if they result in missed alerts or delayed suspicious transaction reports.
Also Read: Japan’s FSA Officially Supports Multi-Bank Stablecoin Pilot Project
