Coinbase fine: Ireland levies $21.3m over 30m unmonitored transactions

A fine of 21.3 million has been imposed to Coinbase after the Central Bank of Ireland found more than 30 million crypto transactions were not monitored, covering over $176 billion and about 31% of activity by Coinbase Europe.

Coinbase fine: what did the Central Bank of Ireland find?

In this context, the regulator concluded that configuration faults in transaction surveillance left more than 30 million transfers outside effective oversight. The unmonitored flows had a combined value exceeding $176 billion, equal to roughly 31% of the platform’s transactions during the period.

Evidence shows the breaches happened less than three years after authorisation, and the sanction is the first against the crypto sector by the Central Bank of Ireland. Moreover, it represents the fourth-biggest financial penalty ever imposed by the regulator.

How did the Coinbase transaction monitoring breach occur

However, the Central Bank found faults in the configuration of the firm9s monitoring systems and weaknesses in suspicious transaction reporting rules, which reduced the company’s ability to detect and escalate risky flows. Tests indicated the alerts and case-management processes did not operate as regulators require.

Colm Kincaid told inspectors that “Crypto has particular technological features which, together with its anonymity-enhancing capabilities and cross-border nature, makes it especially attractive to criminals looking to move their funds.” He added that “This is why it is especially important that firms engaged in crypto services have robust controls in place to identify and report suspicious transactions.”

The factual reporting on the enforcement action was published on 6 November 2025; Reuters also covered the fine.

What does this mean for Coinbase anti money laundering controls

As a result, the decision forces a sharp review of governance, remediation and suspicious transaction reporting rules across the sector. Firms will be expected to strengthen case triage, staffing and documented escalation routes to meet regulator expectations.

The penalty aims to be both corrective and deterrent. In practice, it should accelerate investment in surveillance software, data integrity processes and independent validation of alerting logic.

Reporting obligations

Firms must ensure timely suspicious activity reports and comprehensive audit trails. Regulators will scrutinise records and decision-making in follow-up inspections.

Operational fixes

Technical fixes include improved transaction surveillance, better alert triage and clearer governance. Compliance teams must align thresholds and resourcing with actual transaction volumes to make alerts actionable.

Investors and counterparties should note this case as a reminder that crypto platforms face comparable AML expectations to other financial firms. The Financial Action Task Force similarly urges a “risk-based approach” for virtual asset service providers.