Block Inc., owner of Square and Cash App, will pay $40 million in penalties after a New York State probe revealed serious anti-money laundering failures and compliance gaps in its Bitcoin and fiat currency transactions.
Why Block Was Fined: DFS Investigation Uncovers Compliance Lapses
New York’s Department of Financial Services (DFS) found that Block’s Cash App platform failed to implement proper anti-money laundering (AML) procedures, particularly in its handling of virtual currency transactions. The investigation highlighted:
- Inadequate Know Your Customer (KYC) practices
- Delayed Suspicious Activity Reports (SARs)
- Failure to monitor high-risk transactions, including those involving Bitcoin mixers
- Insufficient OFAC screening and alert thresholds
Between 2018 and 2021, Block let a backlog of SAR alerts grow from 18,000 to over 169,000, delaying critical reports of potentially illicit activity.
Cash App’s Bitcoin Exposure: High-Risk Transactions Went Unchecked
DFS concluded that Cash App’s Bitcoin transactions posed a particular risk. The platform did not treat anonymized transactions — such as those routed through mixers — as high risk, and even allowed transfers to wallets with known links to terrorism until those wallets had at least 10% exposure.
Moreover, Block’s system failed to monitor updated sanctions lists or restrict repeat offenders from opening new accounts using alternate credentials, allowing Russian criminal networks to register over 8,000 fraudulent accounts.
Cybersecurity and Consumer Protection Violations Added to the Fine
In addition to AML failures, DFS cited cybersecurity gaps, including:
- Cybersecurity policies not reviewed by Block’s board
- Incomplete Business Continuity and Disaster Recovery (BCDR) plans
- Lack of qualified third-party BCDR testing
Block was also found to violate consumer protection rules by failing to deliver transaction disclosures in a clear and visible format, especially for Bitcoin transactions.
Consent Order Terms: Independent Monitor to Oversee Remediation
As part of the settlement, Block must:
- Pay a $40 million civil monetary penalty
- Hire an independent monitor for 12 months, extendable at DFS’s discretion
- Undergo a full compliance audit, covering AML, OFAC, and transaction monitoring programs
- Demonstrate improvements in risk controls, staffing, and alert management
The monitor will also assess whether past illicit activity was properly identified and reported, with access to all Block data since January 2021.
Block’s Response and Future Outlook
While acknowledging the violations, DFS noted that Block cooperated fully during the investigation and has committed “significant financial and human resources” to remediate issues. These include:
- Reducing SAR backlogs
- Hiring more compliance staff
- Limiting account creation to prevent evasion
- Updating Bitcoin monitoring practices
Block CEO Jack Dorsey signed the consent order, which also prevents the company from writing off the penalty as a tax deduction.
What This Means for Crypto Platforms and Cash App Users
This enforcement sends a clear signal: crypto platforms and fintech firms must meet the same regulatory standards as traditional banks, especially when operating in New York. For Cash App users, this means tighter compliance measures, stricter transaction monitoring, and potentially longer processing times for certain activities.
Industry analysts say this action could trigger similar reviews of other crypto-enabled payment platforms nationwide.
This content is brought to you by the FingerLakes1.com Team. Support our mission by visiting www.patreon.com/fl1 or learn how you send us your local content here.