The Crypto.Com Dutch Compliance Penalty: Here's What Happened

To get started, let's begin by introducing the parties involved. 

Firstly, De Nederlandsche Bank (DNB) is the central bank of the Netherlands. It is responsible for regulating banks and financial institutions within the country. Secondly, Foris DAX MT Limited (DAX MT) is better known under its trading name, crypto.com.

On March 13, 2024, DNB announced that on October 2, 2023, it imposed a €2,850,000 penalty on crypto.com for compliance avoidance. The delay in public disclosure, spanning five months, is unclear. However, it was also revealed that the well-known cryptocurrency exchange is actively appealing the regulator's decision.

Recommended reading - Unpacking the Binance Sanctions Violations: Here Are Our Crucial Takeaways

Why Did Dutch Regulators Fine Crypto.Com Millions?

Let's now expand on what went wrong for the company that brands itself as the world's premier crypto trading platform.

The reason behind the penalty is surprisingly straightforward: DNB accuses DAX MT of offering cryptocurrency services from May 21, 2020, until at least November 8, 2022, without registering with them. You can read the full DNB press release regarding the case by clicking here

Under Dutch law - and all jurisdictions worldwide following FATF recommendations will have the same policy - failure to register with the Financial Intelligence Unit (FIU) when it's a legal requirement is a compliance breach. 

In this case, DAX MT (as a crypto service provider in the Netherlands) was required to register "because of the high risk of money laundering and terrorist financing associated with crypto services," DNB said. 

The reasons behind the substantial financial penalty, totaling almost €3 million, are revealing. Dutch regulators said that crypto.com's operations in the Netherlands had a significant competitive advantage. Why? According to DNB, they didn't have to pay:

  • Supervisory fees to DNB
  • Compliance costs
  • Costs incurred in DNB's regular supervision activities

The Dutch regulator also highlighted the seriousness of the case, deeming it 'severe' due to the prolonged period of non-compliance. As mentioned earlier, this period extended for more than two years.

A worrying concern for DNB is that a large number of unusual transactions occurring within crypto.com's platform may have gone unnoticed by the investigative authorities during this period.

Now we know what happened, let's examine some of the lessons compliance professionals can learn from the case.

1. Awareness of Compliance Obligations When Entering New Markets

The first lesson for the compliance community is the critical importance of thoroughly understanding and adhering to regulatory requirements when expanding into new markets.

For example, every jurisdiction has its own Financial Intelligence Unit (FIU) responsible for overseeing and regulating anti-money laundering (AML) and counter-terrorist financing (CTF) activities within that jurisdiction.

According to the Dutch Central Bank, an aggravating factor in the case was that its FIU did not have information (provided through Suspicious Activity Reports) because DAX MT didn't register with them. 

All compliance teams and individuals with a compliance remit operating in regulated financial service companies should register with their local FIU in a new jurisdiction and endeavor to build strong relationships with them.

2. Timely SAR Reporting Is Crucial 

The next lesson we can glean from the Netherlands' case concerns Suspicious Activity Reports (SARs). In layperson's terms, a SAR is like sending a tip-off to the police. 

Of course, it's more complicated than that because it involves filling out long forms that require precise information about suspicious financial activity (sent to the FIU in the jurisdiction where it occurred). 

In the crypto.com case, the significant financial penalty was exacerbated by the failure to submit SARs over an extended duration.

And the bottom line is this: Compliance teams must comprehensively understand the corresponding guidance from the FIUs they are subject to. Why? Because if errors occur, such as delays in submitting SARs after an event, regulatory enforcers may impose hefty financial penalties and inflict significant reputational damage.

Recommended reading: How to File a SAR/STR

3. Regulatory Pressure on Crypto Service Providers Is Ratcheting Up

The third lesson we can draw from the events in the Netherlands revolves around the escalating pressure that financial industry regulators globally are exerting on crypto firms.

The crypto.com case is only one of many dominating the crypto compliance headlines in 2024. For example, in January, the New York Department of Financial Services said Genesis Global Trading will pay an $8 million penalty, after an investigation found severe failings in the company's compliance program. 

Furthermore, in early 2024, Regulation Asia reported that crypto firms are leading the surge in AML fines. 

And let's not forget Binance. At the end of 2023, just months ago, one of the largest regulatory penalties ever - a historic $4.3 billion settlement - was dished out by US regulators. 

At the time the US Department of Justice (DOJ) said the historic punishment was an "unmistakable message" to crypto companies. And that they "must also play by the rules that keep us all safe from terrorists, foreign adversaries, and crime or face the consequences."

To conclude, whether your crypto business is in the Netherlands, the wider EU, the UK, the US, and other jurisdictions part of the Western financial system, now more than ever, you must make sure your AML and sanctions compliance house is in order.

Final Thoughts & How sanctions.io Supports AML Compliance

The crypto.com compliance penalty in the Netherlands is a stern reminder of the consequences of regulatory non-compliance in the cryptocurrency sector.

With AMLA, the EU's new anti-money laundering authority (AMLA), set to launch in 2025, all companies must prioritize AML and sanctions compliance from today, for example, through a robust screening program, to mitigate the risk of financial penalties and tremendous reputational damage. 

Need help with AML and sanctions compliance?

sanctions.io is a highly reliable and cost-effective solution for sanctions screening. AI-powered and with an enterprise-grade API with 99.995+% uptime are reasons why customers globally trust us with their sanctions screening needs. To learn more:

Book a free Discovery Call.

We also encourage you to take advantage of our free 7-day trial (no credit card is required).

This report is part of a series that examines AML and sanctions penalties, providing valuable insights for compliance professionals. Enjoyed this article? Our Binance sanctions penalty review, Unpacking the Binance Sanctions Violations: Here Are Our Crucial Takeaways, is a recommended read from the crypto sector.