Coinbase Europe Fined $24.6M for Anti-Money Laundering Failures by Irish Regulator

The Central Bank of Ireland imposed a €21.5 million ($24.6 million) fine on Coinbase Europe. This marks Ireland’s first major enforcement action against a cryptocurrency exchange. The penalty addresses breaches of anti-money laundering and counter-terrorist financing transaction monitoring obligations that occurred between 2021 and 2025.

Configuration faults in the transaction monitoring system resulted in approximately 30.5 million transactions remaining unmonitored over 12 months from April 2021 to April 2022. These unmonitored transactions accounted for roughly 31% of all Coinbase Europe activity during that timeframe and totaled more than €176 billion ($203 billion).

How Coinbase Europe Failed AML Monitoring Requirements

The issues stemmed from Coinbase Europe outsourcing significant aspects of its transaction monitoring to its US-based sister company. Data configuration problems between the two entities meant that suspicious transactions were not properly monitored for an entire year.

Coinbase characterized the problem as a coding error that prevented five of its 21 automated transaction monitoring scenarios from fully screening customer activity. The exchange acknowledged that it lacked adequate internal policies, procedures, and controls to manage its regulatory obligations during this period.

Suspicious Transactions Linked to Serious Criminal Activities

Coinbase Europe took nearly three years to complete the monitoring of impacted transactions. The delayed review resulted in 2,708 Suspicious Transaction Reports being submitted to Ireland’s Financial Intelligence Unit.

These reports contained suspicions associated with money laundering, fraud and scams, drug trafficking, cyber-attacks involving malware and ransomware, and child sexual exploitation. The Central Bank emphasized that while these activities were flagged as suspicious, it cannot confirm whether actual criminal offenses occurred.

Regulatory Response to Coinbase AML Compliance Breach

Central Bank of Ireland deputy governor Colm Kincaid stated that law enforcement agencies depend on regulated financial institutions having proper systems to monitor transactions and report suspicions. He warned that system failures create opportunities for criminals to evade detection.

Kincaid further noted that crypto possesses particular technological features that, combined with anonymity-enhancing capabilities and cross-border nature, make it especially attractive to criminals moving funds. This makes robust controls particularly important for firms engaged in crypto services.

The original penalty stood at €30.7 million but was reduced to €21.5 million after Coinbase Europe agreed to an early settlement, receiving a 30% discount under the settlement scheme. The sanction awaits High Court confirmation.

Coinbase Response and Remediation Efforts

The cryptocurrency exchange cooperated fully with regulators throughout the investigation. Coinbase stated that once it discovered the coding errors, the company fixed them within two to three weeks, then re-reviewed all affected transactions.

The company has since enhanced its transaction monitoring system oversight, built new detection scenarios, and strengthened internal testing procedures. Coinbase emphasized its commitment to building the most trusted, compliant, and secure platform.

Earlier this year, Coinbase moved its European regulatory base from Ireland to Luxembourg, where it now holds a license under Europe’s Markets in Crypto Assets regime. The timing of this move raised questions about tensions with Irish regulators, though company representatives cited Luxembourg’s mature regulatory framework as a key factor.

Conclusion

The €21.5 million penalty serves as a clear warning to cryptocurrency platforms operating in Europe. Regulators are tightening oversight of digital asset firms, demanding the same rigorous compliance standards applied to traditional financial institutions. This enforcement action demonstrates that technical failures and outsourcing arrangements do not excuse regulatory breaches.