Coinbase faces €21.5m AML fine as Irish watchdog flags ‘ineffective’ TMS

Ireland fined Coinbase Europe €21.5m after data issues left €173b in transactions unmonitored, with failures undisclosed during its VASP registration and now forcing an exit to Luxembourg.

The Central Bank of Ireland fined Coinbase Europe €21.5 million ($25 million) for failures in transaction monitoring systems that left approximately 30 million transactions unmonitored between 2021 and 2022, according to settlement documents released in November 2025.

The fine represents the fourth-largest penalty ever issued by Ireland’s financial regulator. Coinbase Europe’s registration as a Virtual Asset Service Provider (VASP) with the Central Bank will lapse at the end of 2025, with the company ceasing operations in Ireland and relocating to Luxembourg, according to the settlement.

The enforcement action centered on what regulators described as a breakdown in Coinbase Europe’s anti-money laundering compliance systems. The unmonitored transactions represented 31% of the company’s business volume during the affected period, totaling approximately €173 billion, according to the Central Bank.

Coinbase Europe had outsourced transaction monitoring to its U.S. parent company, Coinbase Inc., which operated a transaction monitoring system (TMS) designed to flag suspicious activity. Due to data configuration issues, five of 21 high-risk monitoring scenarios failed to operate as intended from April 23, 2021, until April 29, 2022, according to the settlement document.

The failures went undetected by Coinbase Europe for an extended period. The European subsidiary was first provided information about the TMS issues in February 2023, according to the settlement. Senior managers at Coinbase Europe became aware of the problem’s potential material impact only in May 2023, when Coinbase Inc. provided additional details about remediation efforts, the document stated.

The rescreening process for the affected transactions took nearly three years to complete, according to the Central Bank, which stated this delay “undermined the efficacy” of suspicious transaction reports ultimately submitted.

The timing of the disclosure raised additional regulatory concerns. Coinbase Europe’s VASP registration was finalized in December 2022, but the company was unaware of the monitoring issues during the application process and therefore did not disclose them, according to the settlement.

In September 2022, Coinbase Europe met with Central Bank representatives to discuss its VASP application and advised that plans were in place to resolve a backlog of compliance issues. In November 2022, the company provided additional assurances in response to queries about progress. The Central Bank stated these assurances were “relevant” to its decision to grant the VASP registration in December 2022.

Following notification of the problems, the Central Bank initiated enhanced supervisory scrutiny and required Coinbase Europe to make significant improvements to its anti-money laundering framework and compliance function, according to the settlement.

The settlement document noted that Coinbase Europe’s systems and controls were “ineffective to oversee the work of Coinbase Inc.” during the period in question.

One of the contraventions to which Coinbase admitted extended through March 19, 2025, involving failure to conduct additional monitoring on 184,790 transactions, according to the settlement terms.

The enforcement action occurred during the same period that Coinbase submitted comments to the U.S. Treasury Department regarding cryptocurrency regulation. In those comments, dated 2025, the company requested that Treasury publish supervisory guidance explicitly recognizing Know Your Transaction (KYT) screening and blockchain analytics as effective means of enhancing anti-money laundering and counter-terrorism financing compliance.

In the Treasury comment, Coinbase described its use of application programming interfaces (APIs) for “real-time transaction monitoring, dynamic risk scoring, secure data sharing, and integration with advanced analytics solutions,” stating these tools ensure the company “remains at the forefront of compliance innovation.”

The company’s chief legal officer signed the Treasury comment, according to the document.

Coinbase Europe has since obtained licensing in Luxembourg through a separate regulatory process, according to the settlement. The company did not immediately respond to requests for comment on the Irish enforcement action.

The Central Bank of Ireland declined to comment beyond the published settlement document.