Banks and fintechs got a stern reminder last month that European regulators are intensifying enforcement of financial crime rules. In just one week, huge fines were levied against Wall Street banking giant JPMorgan and San Francisco-headquartered Coinbase, one of the world’s largest cryptocurrency exchanges.
In Germany, BaFin, the country’s federal financial supervisory authority, imposed its largest ever fine of €45 million on JPMorgan’s Frankfurt-based subsidiary for what they described as systematic failures in money-laundering prevention. The investigation into JPMorgan’s ALM practices stemmed from a late filing of suspicious activity reports (SARs) between October 2021 and September 2022.
While the sanction centered on JPMorgan’s slowness to report potentially illicit transactions that it had already flagged internally, its magnitude reflected the bank’s influence on the German market. In its defense, JPMorgan acknowledged the findings but asserted that the issues were historical and didn’t impede any regulatory investigations and that it had already implemented improved ALM processes. However, the severe public rebuke still goes to show that even top-tier banks aren’t offered any slack when it comes to ALM duties.
On the same day, the Central Bank of Ireland announced a €21.5 million fine on Coinbase Europe, the EU arm of the US cryptocurrency exchange giant, citing ALM and counter-terrorist financing failures. The fine is one of the largest ever levied against a crypto company in Europe. In their investigation, the regulator determined that the fintech had failed to properly monitor over 30 million transactions worth around €150 million between July 2019 and June 2020 due to coding errors in the company’s transaction monitoring system at the time.
Coinbase admitted inadvertently introducing these errors, which led to over 2,700 suspicious transactions slipping through the cracks, but explained that they fixed them within weeks of their discovery. While Coinbase didn’t admit to any wrongdoing, the size of the fine demonstrates the reality that EU regulators are taking a zero-tolerance approach to crypto-related crime, highlighting the fact that anonymity and cross-border reach make stringent security controls all the more crucial.
By contrast, financial regulatory oversight in the US has been widely characterized as more lax under the Trump administration, which has consistently pushed for deregulatory efforts at the federal level, such as by weakening the powers of the Consumer Financial Protection Bureau (CFPB). However, as the latest round of fines suggest, the same certainly can’t be said of Europe, where the need for robust ALM and KYC (Know Your Customer) programs aren’t just mandatory—they’re strictly enforced too.