Photo courtesy of the author
At a time when the United States Government has been demonstrating its general commitment to decreasing oversight of and enforcement against cryptocurrency entities[1], crypto firms that operate transnationally need to remember that other countries are likely to remain more vigilant in ensuring that such firms remain compliant with national legal regimes. Those legal regimes include laws requiring their compliance with anti-money laundering and counter terrorist financing (AML/CTF).
On November 6, 2025, the Central Bank of Ireland (Central Bank) announced that it had fined Coinbase Europe Limited €21,464,734 for breaching its AML/CTF transaction monitoring obligations between 2021 and 2025.[2] This post will summarize and comment on the Central Bank’s action.
Background
Coinbase International describes itself as “the world’s largest digital asset custodian”, with a license that enables it to offer a “full suite of crypto products to all 27 EU [European Union] member states.”[3] According to the Central Bank, Coinbase Europe Limited (Coinbase Europe), as part of the Coinbase Group, “provides crypto asset and wallet services to customers globally to facilitate their use of the Coinbase Group’s trading platform to buy and sell crypto assets.”[4]
Crypto firms that provide such services to EU nations, like other financial services companies, are subject to the requirements of the EU Anti-Money Laundering Directives and national legislation transposing those requirements, as well as complementary regulations such as the Markets in Crypto-Assets Regulation and the new Regulation on the Traceability of Transfers of Funds.[5]
The Central Bank’s Action
The Central Bank reported that it fined Coinbase Europe €21,464,734 for breaching its AML/CTF obligations with respect to transaction monitoring, as required by the Irish Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (CJA 2010) between April 23, 2021 and March 19, 2025. It explained that “[a]s a virtual asset service provider, Coinbase Europe is required to monitor customer transactions on an ongoing basis” and when it “suspects that a transaction is facilitating money laundering or terrorist financing it is required to file a Suspicious Transaction Report (STR) with the national Financial Intelligence Unit (FIU) and Revenue Commissioners as soon as possible.”
The Central Bank, however, found faults in Coinbase Europe’s configuration of its transaction monitoring system, “which resulted in more than 30 million transactions not being properly monitored over a 12-month period. The value of these transactions amounted to over €176 billion, and accounted for approximately 31% of all Coinbase Europe transactions conducted in the period when the faults existed.” Moreover, the Central Bank found that “it took Coinbase Europe almost three years to fully complete the monitoring of the impacted transactions. This subsequent monitoring led to the reporting of 2,708 STRs to the FIU for further analysis and potential investigation.”
Finally, the Central Bank found that the STRs submitted in respect of Coinbase Europe’s late monitoring of the transactions “contained suspicions associated with serious criminal activities including: money laundering; fraud/scams; drug trafficking; cyber-attacks (malware/ransomware); and child sexual exploitation.”
Accordingly, Coinbase Europe accepted that it breached its transaction monitoring obligations under the CJA 2010 by failing to (1) “[f]ully and properly monitor 30,442,437 transactions”; (2) “[a]dopt internal policies, controls and procedures to prevent and detect the commission of money laundering and terrorist financing”; and (3) “[c]onduct additional monitoring in respect of 184,790 transactions.” It further admitted the specified contraventions under the CJA 2010 and agreed to the undisputed facts set out in a highly detailed settlement notice.[6] While the Central Bank determined that financial sanctions comprising a reprimand and monetary penalty in the amount of €30,663,906 were warranted, it applied a 30 percent settlement discount, resulting in a final amount of €21,464,734, which Coinbase Europe accepted. The sanctions are not yet final, as they are subject to confirmation by the Irish High Court and will take effect once confirmed.[7]
Comments
Other crypto firms conducting business in the European Union should take note of this Central Bank action, not only because Ireland, as an EU Member State, has taken such action, but because it provides a precedent for any other Member States with similar domestic legislation to undertake investigations with respect to crypto firms’ AML/CTF compliance. Attorneys advising such firms, as well as internal compliance officers, should provide prompt guidance to their clients about this Central Bank action, and advise that they conduct a thorough review of their own transaction-monitoring policies and processes (including STR reporting) to identify and conduct prompt remediation of any deficiencies therein.
Footnotes
[1] See, e.g., Executive Order 14,178, Strengthening American Leadership in Digital Financial Technology, 90 Fed. Reg. 2125 (January 23, 2025), https://www.federalregister.gov/documents/2025/01/31/2025-02123/strengthening-american-leadership-in-digital-financial-technology; Executive Grant of Clemency to Changpeng Zhao, October 21, 2025, https://www.justice.gov/pardon/media/1416576/dl?inline; Douglas Gillison, Wall Street regulator drops emphasis on crypto sector exams for 2026, Reuters, November 18, 2025, https://www.reuters.com/sustainability/boards-policy-regulation/wall-street-regulator-drops-emphasis-crypto-sector-exams-2026-2025-11-17/. But see Financial Crimes Enforcement Network, FinCEN Issues Notice on the Use of Convertible Virtual Currency Kiosks for Scam Payments and Other Illicit Activity, August 4, 2025, https://www.fincen.gov/news/news-releases/fincen-issues-notice-use-convertible-virtual-currency-kiosks-scam-payments-and.
[2] See Central Bank of Ireland, The Central Bank takes enforcement action against Coinbase Europe Limited for anti-money laundering failures, November 6, 2025, https://www.centralbank.ie/news/article/press-release-enforcement-action-against-coinbase-europe-limited-6-November-2025.
[3] Lauren Abendschein, Updating the Treasury Management Playbook: Why Corporates Are Embracing Crypto, Coinbase, July 21, 2025, https://www.coinbase.com/blog/updating-the-treasury-management-playbook-why-corporates-are.
[4] Central Bank of Ireland, supra note 2.
[5] See European Commission, Anti-money laundering and countering the financing of terrorism at EU level, https://finance.ec.europa.eu/financial-crime/anti-money-laundering-and-countering-financing-terrorism-eu-level_en.
[6] See Central Bank of Ireland, Administrative Settlement Procedure (ASP): Settlement Notice, November 5, 2025, https://www.centralbank.ie/docs/default-source/news-and-media/legal-notices/settlement-agreements/settlement-notice-coinbase-europe-limited.pdf.
[7] Central Bank of Ireland, supra note 2.
Jonathan J. Rusch is Director of the U.S. and International Anti-Corruption Law Program and Adjunct Professor at American University Washington College of Law and a Senior Fellow with the NYU Program on Corporate Compliance and Enforcement at New York University Law School.
The views, opinions and positions expressed within all posts are those of the author(s) alone and do not represent those of the Program on Corporate Compliance and Enforcement (PCCE) or of the New York University School of Law. PCCE makes no representations as to the accuracy, completeness and validity or any statements made on this site and will not be liable any errors, omissions or representations. The copyright of this content belongs to the author(s) and any liability with regards to infringement of intellectual property rights remains with the author(s).