The FCA has fined CB Payments Limited (CBPL), part of the Coinbase Group, just over £3.5 million, for breaching the terms of a voluntary requirement (VREQ) entered into in October 2020. CBPL agreed to an early settlement; the fine would have otherwise been over £5 million. The fine marks the FCA's first enforcement action using its powers under the Electronic Money Regulations 2011. In fining a cryptoasset trading platform, it is perhaps following in the footsteps of the SEC in the US, which has been increasingly pursuing digital asset firms in recent years.
The VREQ prevented CBPL from taking on new high-risk customers while it addressed FCA concerns regarding its financial crime control framework. However, the FCA found that breaches of the VREQ were caused by a failure on the part of the firm, in breach of Principle 2, to exercise due skill, care and diligence. In particular, the breach relates to the design, testing, implementation and monitoring of the controls put in place to comply with the VREQ.
The Coinbase Group is one of the world's biggest cryptoassets exchanges, which enables retail and institutional traders to buy and sell digital tokens. CBPL, its subsidiary, is an FCA-authorised e-money institution. The Final Notice notes that cryptoassets transfers can be "an attractive technological enabler for criminals seeking to launder funds", and that authorised firms are at risk of being abused by those seeking to launder money, with firms trading in cryptoassets at particular risk.
Comment
The Final Notice is an interesting case for Enforcement Watchers because it illustrates the different weapons in the FCA armoury to combat financial crime.
The FCA has a number of ways in which it can try to prevent financial crime. One way is raising standards for payment service providers seeking authorisation, which has led to an increase in refusals.
The FCA is also increasingly using supervision tools, rather than enforcement, as the principal means of imposing higher standards. This includes asking firms to agree VREQs, combined with remediation actions and the appointment of skilled persons. However, it is vital that where firms agree to the imposition of requirements, they are able to comply. CBPL agreed to a VREQ in circumstances where its existing systems and controls did not ensure compliance. The FCA therefore took enforcement action, not in relation to the underlying AML failures, but rather in respect of the failure to comply with requirements under the VREQ.