Ireland has fined Coinbase Europe €21.5 million after data problems left €173 billion in transactions unaudited, with errors not disclosed during VASP registration and now forcing a move to Luxembourg.
Summary
- The Central Bank of Ireland has fined Coinbase Europe €21.5 million after data configuration errors in an outsourced TMS left around 30 million transactions, worth around €173 billion, unaudited between 2021 and 2022.
- Coinbase Europe did not discover or disclose the issues during the 2022 VASP filing, with management not being fully informed until 2023, causing the regulator to lose its oversight of Coinbase Inc. labeled as ineffective.
- The VASP registration will expire at the end of 2025 when Coinbase Europe moves to Luxembourg, even as the company lobbies the US Treasury Department to recognize KYT and blockchain analytics as advanced AML tools.
The Central Bank of Ireland has fined Coinbase Europe €21.5 million ($25 million) over flaws in transaction monitoring systems that left around 30 million transactions unattended between 2021 and 2022, according to settlement documents released in November 2025.
The fine represents the fourth highest fine ever imposed by the Irish financial regulator. Coinbase Europe’s registration as a Virtual Asset Service Provider (VASP) with the Central Bank will expire at the end of 2025, with the company ceasing operations in Ireland and moving to Luxembourg, the settlement said.
The enforcement action focused on what regulators described as a failure in Coinbase Europe’s anti-money laundering systems. According to the Central Bank, the unaudited transactions represented 31% of the company’s business volume during the affected period, totaling approximately €173 billion.
Coinbase Europe had outsourced transaction monitoring to U.S. parent company Coinbase Inc., which operated a transaction monitoring system (TMS) designed to flag suspicious activity. Due to data configuration issues, five of 21 high-risk monitoring scenarios did not function as intended between April 23, 2021 and April 29, 2022, the settlement document said.
The failures went unnoticed by Coinbase Europe for a long time. According to the settlement, the European subsidiary first received information about the TMS issue in February 2023. Senior managers at Coinbase Europe only became aware of the potential material impact of the issue in May 2023, when Coinbase Inc. provided additional details on recovery efforts, the document said.
The rescreening process for the affected transactions took almost three years, the Central Bank said, saying this delay “undermined the effectiveness” of the suspicious transaction reports ultimately submitted.
The timing of the disclosure raised additional regulatory concerns. Coinbase Europe’s VASP registration was completed in December 2022, but the company was unaware of the monitoring issues during the application process and therefore did not disclose them, the settlement said.
In September 2022, Coinbase Europe met with Central Bank representatives to discuss the VASP application and advised that plans were in place to resolve a backlog of compliance issues. In November 2022, the company provided additional guarantees in response to questions about progress. The Central Bank stated that these guarantees were “relevant” to its decision to grant VASP registration in December 2022.
After reporting the problems, the Central Bank initiated an enhanced supervisory investigation and required Coinbase Europe to make significant improvements to its anti-money laundering framework and compliance function, according to the settlement.
The settlement document noted that Coinbase Europe’s systems and controls were “ineffective in overseeing the work of Coinbase Inc.” during the relevant period.
One of the violations Coinbase admitted lasted until March 19, 2025, with no additional monitoring on 184,790 transactions, according to the settlement terms.
The enforcement action occurred during the same period as Coinbase submitted comments to the U.S. Treasury Department regarding cryptocurrency regulation. In those comments, dated 2025, the company requested that the Treasury Department publish supervisory guidance that explicitly recognizes Know Your Transaction (KYT) screening and blockchain analytics as effective tools to improve compliance with anti-money laundering and anti-terrorist financing laws.
In the Treasury Department commentary, Coinbase described its use of application programming interfaces (APIs) for “real-time transaction monitoring, dynamic risk scoring, secure data sharing, and integration with advanced analytics solutions,” saying these tools will keep the company “at the forefront of compliance innovation.”
According to the document, the company’s Chief Legal Officer signed the Treasury Department’s comments.
Under the settlement, Coinbase Europe has since obtained licenses in Luxembourg through a separate regulatory process. The company did not immediately respond to requests for comment on the Irish enforcement action.
The Central Bank of Ireland declined to comment on the published settlement document.
