On January 4, 2023, the New York State Department of Financial Services ("DFS") announced that it reached a $100 million settlement with Coinbase, Inc. ("Coinbase") following an investigation that revealed "significant failings" in the company's anti-money laundering ("AML") compliance program. As part of the settlement, Coinbase is required to pay a $50 million fine, invest an additional $50 million over the next two years to enhance and improve its compliance program, and have a DFS appointed Independent Monitor work with Coinbase to enhance its AML compliance program for at least an additional year, extendable at DFS's sole discretion.

A Consent Order issued alongside the announcement highlights a number of significant shortcomings in Coinbase's AML compliance procedures. These shortcomings include a failure to conduct appropriate know your customer ("KYC") due diligence at customer onboarding, a failure to timely review transaction monitoring alerts, and a failure to timely file suspicious activity reports ("SARs").

DFS noted that Coinbase's KYC program was "immature and inadequate" and that it "treated customer onboarding requirements as a simple check-the-box exercise." Moreover, Coinbase was unable to handle its transaction monitoring alerts and in late 2021 had a growing backlog of more than 100,000 unreviewed alerts. Finally, the inability to review transaction alerts resulted in a failure to timely investigate and file SARs as required by law. DFS's investigation found numerous examples of SARs filed months after the suspicious activity was first known to Coinbase.

DFS Superintendent Adrienne Harris stated that Coinbase "failed to build and maintain a functional compliance program that could keep pace with its growth." Superintendent Harris continued that the company's compliance failures ultimately exposed it to "potential criminal activity" requiring "immediate action including the installation of an Independent Monitor."

DFS's settlement with Coinbase comes as state and federal regulators continue to search for the best ways to regulate the digital asset industry. In the absence of a comprehensive federal regulatory scheme, New York has taken a proactive approach in regard to its state-level regulation, including the adoption of its touted BitLicense framework, as well as its recent two-year moratorium on in-state crypto mining activities. While some have criticized these measures as growth inhibitive, others have argued that they are necessary in light of recent events that have upended the digital asset industry. Indeed, even despite its $100 million penalty, Coinbase emphasized in a statement the importance of working alongside regulators, and the need for "more crypto players committed to compliance."

DFS's recent settlement with Coinbase highlights the need for firms operating in the digital asset space to implement and maintain strict compliance programs, including AML programs. Though these programs are sometimes either overlooked or under-funded, their importance is paramount in an industry that is still largely unregulated. Stricter AML compliance programs have the ability to add legitimacy to the digital asset industry at a time when the industry faces a heightened degree of uncertainty.

Companies in the digital asset industry should view this consent decree as a warning sign and take steps to review their AML compliance programs to ensure they are appropriately mitigating money laundering and terrorist financing risks.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.