The Coinbase settlement and the slow death of crypto

The crypto currency market soundly collapsed in 2022, but crypto currencies linger on. FTX, once valued at $32 billion, went bankrupt as its founder was arrested for perpetrating one of the biggest frauds in history. 

The market began to take a nosedive after Celsius Network, a former cryptocurrency lending company, announced it was pausing all withdrawals and transfers between accounts in order to “honor, over time, withdrawal obligations.” Celsius has nearly 2 million customers and held more than $10 billion in assets.

Stablecoins, a more recent crypto innovation which was backed by another currency or commodity like the dollar or gold, also took a hit. The TerraUSD stablecoin fell from $116 in April to a fraction of a penny in 2022, despite it once having a market capitalisation of over $40 billion. 

Core Scientific, one of the largest publicly traded crypto mining companies in the U.S., which primarily mints bitcoin, filed for bankruptcy on Dec. 21, citing falling crypto prices and rising energy costs.

BlockFi, a cryptocurrency lender, filed for Chapter 11 bankruptcy protection in November, itself a casualty of the collapse of FTX.

Overall, the crypto market has lost over $2 trillion in 2022, as the popular digital coins fall by huge percentages and the NFT market has been rendered all but worthless. 

All this comes as regulators seek to tighten their grip on the wild west of crypto currency. US regulators are working to better regulate crypto asset activities, with stronger consumer protection rules. A new EU supervisory authority, the Anti-Money Laundering Authority (AMLA), is also touted to become operational in 2023.

The body of crypto may be legless, armless, and claiming it is just a scratch, but coming AML regulation and recent enforcement actions look set to lance the crypto body in 2023, and leave the carcass for the crows. 

Try our online customisable AML training now

What is the Coinbase settlement?

Coinbase, a well-known crypto exchange, was fined $50 million by the New York state financial regulator and will invest an additional $50 million in its compliance function over the next two years. Coinbase violated the New York Banking law and the New York State Department of Financial Services (DFS) regulations. Coming hot on the heels of the November bankruptcy of FTX and subsequent arrest of its founder, Sam Bankman-Fried. 

The Coinbase settlement also comes a day after the Federal Reserve, the Office of the Comptroller of the Currency and the Federal Deposit Insurance Corporation released a joint statement on the impact the agencies believe that crypto could have on the financial sector. 

“Given the significant risks highlighted by recent failures of several large crypto-asset companies, the agencies continue to take a careful and cautious approach related to current or proposed crypto-asset-related activities and exposures at each banking organization.”

New York regulators said cryptocurrency exchange’s compliance programme made it “vulnerable to serious criminal conduct, including, among other things, examples of fraud, possible money laundering, suspected child sexual abuse material-related activity, and potential narcotics trafficking.”

What went wrong at Coinbase?

Given the size and scale of Coinbase’s operations, regulators found that it had failed to build and maintain a functional, risk-based compliance programme that could keep pace with its growth. Essentially it failed to consider compliance in the context of the business, what it was aiming for, and in particular, when it came to growth and expansion.

As a result of this lack of risk-based due diligence, Coinbase didn’t have sufficient procedures or staff to conduct enhanced due diligence on the over 14 thousand high risk customers who required it. In general they treated customer onboarding as a simple tick-box exercise, broadly failing to consider risk.

Their transaction monitoring systems were unable to keep up with their growth either, and couldn’t handle the volume of alerts generated by their systems. This left upwards of a 100 thousand potentially suspicious transactions unreviewed for months. Given the huge backlog monitoring transactions, there was a knock-on effect on suspicious activity reporting. Suspicions routinely failed to be investigated and reported, and some SARs were only filed many months after the first suspicion.

The tick-box approach to onboarding led to an absence of sanctions compliance systems and PEP checks, there was no firm-wide annual risk assessment, failure to report cybersecurity incidents, and customers were routinely able to use VPNs and other tools to hide their true location. 

All in all, a catastrophic failure of compliance. One that is particularly concerning for a regulated industry like crypto currency providers. 

What does the Coinbase settlement mean for crypto?

With the collapse of FTX and the Coinbase settlement, it’s clear regulators are coming after crypto currency. Whatever its initial designs and supposed benefits, the reality is crypto is a volatile financial product that is increasingly being relied upon by criminals to facilitate money laundering, terrorist financing, and proliferation financing. 

Beyond that, as the collapse of FTX has shown, it is rather irrelevant that crypto is the method by which some very bad actors are scamming and cheating investors. 

David Yermack, a professor of finance at NYU, said of FTX:

“The fact that they were trading crypto is a little bit beside the point. They could have been trading real estate or stocks and bonds, or whatever. They had no accounting, no internal controls, they were very irresponsible with the money that was entrusted to them by their customers.”

The fundamental problem with crypto currency is that no real wealth is created by the people who buy and sell it. Even something like NFT’s, which supposedly have correlations with the art market, have very low barriers to entry. No great skill or technique is required to create an NFT, so the value is not related to something tangible like a traditional art market. 

As the crypto market continues to experience great volatility, those who are still invested in it will become increasingly desperate to offload their falling assets, and the entire industry becomes an even greater target for nefarious actors. They can buy up crypto assets with sellers who are desperate for hard cash, then launder these assets around the world.

The Australian regulator AUSTRAC have already come out and said traditional forms of money laundering have been displaced by crypto currencies. Head of Intelligence John Moss raised concerns about the growing use of even regulated crypto-ATMs and vulnerable people being used as mules to put a large amount of cash into them, which is then quickly moved around the world. 

Given that these ATMs are also key points of integration for criminal gangs in Venezuela and El Salvador, this year is perhaps the time to properly consider the use of crypto currency as a major red flag. 

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.