On Jan 4th, Superintendent Adrienne A. Harris of the New York Department of Financial Services (DFS) announced a settlement of $100 million with Coinbase Inc. following investigations into the company’s compliance program. The investigations revealed significant, long-standing failures in Coinbase’s compliance program, including shortcomings in its cybersecurity regulations, anti-money laundering measures, transaction monitoring, and more.
The DFS found that Coinbase’s platform was vulnerable to “serious criminal conduct,” including money laundering, fraud, and sex and drug trafficking. In addition, Coinbase was found to have failed in due diligence with customer onboarding and keeping up with compliance regulations, as well as failing to investigate and report suspicious activity within its systems as required by law.
Coinbase also failed to maintain a functional compliance program that could keep pace with its growth and failed to implement appropriate cybersecurity measures to protect consumers’ sensitive information.
The $100 million settlement with the DFS is divided into two parts: a $50 million penalty for violating DFS cybersecurity laws and New York Banking law, and a $50 million investment in a new compliance program. The DFS has been working with Coinbase during the investigation to address the issues and will continue to monitor the company for an additional year. The DFS will also directly supervise the compliance investment and the creation of best cybersecurity and law practices.
One of the key laws enforced by the DFS is the 23 NYCRR 500 regulation, which requires financial institutions to establish and maintain a cybersecurity program to protect consumers’ sensitive information and ensure the safety and soundness of the financial services industry. The regulation covers a wide range of requirements, including risk assessments, incident response plans, and regular employee training.
The New York Banking Law also requires financial institutions to implement robust compliance programs, including measures to prevent money laundering and other financial crimes.
“It is critical that all financial institutions safeguard their systems from bad actors, and the Department’s expectations with respect to consumer protection, cybersecurity, and anti-money laundering programs are just as stringent for cryptocurrency companies as they are for traditional financial services institutions. Coinbase failed to build and maintain a functional compliance program that could keep pace with its growth. That failure exposed the Coinbase platform to potential criminal activity requiring the Department to take immediate action including the installation of an Independent Monitor.” – Superintendent Harris.
Enforcement Actions – January 4,2023: Consent Order Issued to Coinbase, Inc. (ny.gov)
We at Motiva Networks can help prepare your company to be DFS Compliant. We are the only IT Firm that can assure compliance with both Insurance and State Department Cybersecurity Regulations. Our Compliance as a Service is a “Done For You” compliance assurance where we hit every bullet point the law requires, and we monitor your systems for cyberattacks 24/7/365.
Claim your FREE Cybersecurity Risk Assessment today or schedule a quick 10 minute phone call so we can answer any questions directly: 646-374-1820.