The UK’s Financial Conduct Authority said on 25 July it had fined CB Payments Limited (CBPL) £3,503,546 for “repeatedly breaching a requirement that prevented the firm from offering services to high-risk customers”.
The regulator’s action was taken under the Electronic Money Regulations 2011 in what is the first time the FCA has taken enforcement action using these powers.
CBPL is part of the Coinbase Group, which operates a prominent cryptoasset trading platform that is accessible globally.
CBPL does not undertake cryptoasset transactions for customers but it acts as a gateway for customers to trade cryptoassets via other entities within the Coinbase Group. CBPL is not currently registered to undertake cryptoasset activities in the UK.
The firm entered into a voluntary requirement (the VREQ) in October 2020, which followed significant engagement with the FCA relating to concerns about the effectiveness of CBPL’s financial crime control framework. The VREQ prevented CBPL from taking on new high-risk customers while it addressed issues with its framework.
Despite the restrictions in place, CBPL onboarded and/or provided e-money services to 13,416 high-risk customers. Approximately 31 per cent of these customers deposited around USD $24.9 million. These funds were used to make withdrawals and then execute multiple cryptoasset transactions via other Coinbase Group entities, totalling approximately USD $226 million.
The breaches were the result of CBPL’s lack of due skill, care and diligence in the design, testing, implementation and monitoring of the controls put in place to ensure that the VREQ was effective. This included failing to consider all of the various ways in which customers might be onboarded when designing the controls. Because of inadequacies in the initial monitoring of compliance with the VREQ, repeated and material breaches went undiscovered for almost two years.
Therese Chambers, joint executive director of enforcement and market oversight at the FCA said: ‘The money laundering risks associated with crypto are obvious and firms must take them seriously.
“Firms like CBPL that enable crypto trading need to have strong financial crime controls. CBPL’s controls had significant weaknesses and the FCA told it so, which is why the requirements were needed. CPBL, however, repeatedly breached those requirements.
‘This increased the risk that criminals could use CBPL to launder the proceeds of crime. We will not tolerate such laxity, which jeopardises the integrity of our markets.”
The FCA said “the firm agreed to resolve the matter and qualified for a 30% discount on its fine”.