Danish Regulator Censures 'Security And Compliance' Focused Crypto Firm

October 24, 2024
<
Back
Coinify, a company that enables merchants to accept crypto payments, has been reprimanded by the Danish Financial Supervisory Authority over compliance failures related to money laundering controls.

Coinify, a company that enables merchants to accept crypto payments, has been reprimanded by the Danish Financial Supervisory Authority (DFSA) over compliance failures related to money laundering controls. 

The DFSA has ordered Coinify, a provider of cryptocurrency services, to improve its anti-money laundering (AML) practices following an inspection in September 2023 that focused on Coinify's adherence to money laundering regulations.

The regulator examined the firm’s customer knowledge procedures and its compliance with its investigation, transaction monitoring and record-keeping obligations.

Coinify, which is headquartered in Denmark and has been in operation since 2014, credits itself on its website in being “financially compliant in 180 markets”, stating that “security and compliance is in our DNA”.

It touts its work alongside national and international regulatory bodies — for example, as a founding member of the European Commission’s Blockchain and Virtual Currencies Working Group — and markets itself as allowing its customers to “accept the future of finance”.

Risky simplicity 

The DFSA’s inspection identified several shortcomings in Coinify’s AML procedures, leading to a series of corrective orders.

In particular, it criticised the company’s simplified customer risk scoring model, stating that it had failed to account for all relevant risk factors. 

The regulator mandated the company to strengthen its risk classification process for both private and business customers, requiring it to ensure that each customer is assessed based on documented and comprehensive criteria.

Unsatisfactory due diligence

Coinify has also come under fire for its customer due diligence (CDD), as it had been carrying this out on the assumption that its customers conduct one-off transactions. 

The DFSA determined, however, that Coinify’s customer relationships are ongoing, requiring the company to conduct more thorough CDD measures, including regular assessments of the business relationship’s purpose and continuous monitoring of customer transactions.

During the inspection, the DFSA also found that high-risk customers were being treated similarly to low-risk ones, with inadequate documentation and insufficient enhanced CDD measures.

It ordered Coinify to apply stricter due diligence for high-risk customers, ensuring a deeper understanding of their activities to detect suspicious behaviour.

Poor record-keeping

The DFSA criticised Coinify’s compliance with record-keeping obligations, having discovered that it was not adequately documenting investigations into suspicious transactions. 

In some cases, the steps taken were either poorly recorded or were stored across different systems, and the regulator stressed the importance of detailed record-keeping to support effective investigations and reporting to authorities. 

Coinify has been ordered to improve its documentation processes to ensure that all investigations are properly recorded and stored.

Vixio has approached Coinify for comment, but they had not responded by the time of publication.

Jimmie Franklin

Our premium content is available to users of our services.

To view articles, please Log-in to your account, or sign up today for full access:

To read more articles like this, along with gaining access to the tools that will help you navigate compliance risk with confidence, request a demo of our RegTech platform today.

Related articles

March 14, 2025

Regulatory Influencer: European Union's Approach to ICT Incident Reporting

In recent weeks, the European Commission has published two significant regulations under the Digital Operational Resilience Act (DORA) which will contribute towards firms’ compliance efforts, standardising reporting of major ICT-related incidents and cyber threats. The first, Commission Delegated Regulation (EU) 2025/301, sets out technical standards for the content and timing of mandatory incident reports and voluntary cyber threat notifications. It sets out classification criteria, reporting deadlines and required details, such as impact assessments, remediation efforts and communication with authorities. Meanwhile, Commission Implementing Regulation (EU) 2025/302 provides standardised templates, forms and procedures for reporting. This regulation mandates uniform reporting formats, secure submission channels and requirements for complete and updated information. Both regulations, published in the Official Journal of the EU, took effect on March 11, 2025, 20 days after entering the statute book.
Read article
March 14, 2025

Week In Crypto: US Stablecoin Battle Heats Up As House, Senate Reintroduce Bills

Although US lawmakers appear to be aligned on the need for federal stablecoin legislation, they are no closer to an agreement on which bill should prevail and what provisions it should include.
Read article

Opt in to hear about webinars, events, industry and product news

Gambling Compliance

Learn more

Payments Compliance

Learn more
Still can’t find what you’re looking for? Get in touch to speak to a member of our team, and we’ll do our best to answer.
Contact us
No items found.
Crypto-Assets
Denmark

Please choose your preferred
service to log in to.

GamblingCompliance
PaymentsCompliance
Don’t have an account?