Virtual currency brokerage firm Genesis Global Trading agreed to pay an $8 million penalty levied by the New York State Department of Financial Services (NYDFS) for alleged compliance failures that left it vulnerable to illicit activity and cybersecurity threats.

Genesis Global Trading is in the process of winding down operations, said the NYDFS in its press release Friday, a year after other Genesis businesses filed for bankruptcy as part of a restructuring plan.

The settlement requires Genesis Global Trading to surrender its BitLicense allowing it to conduct virtual currency business activity in New York.

The details: Genesis was licensed by the NYDFS in 2018. Between 2018 and 2019, the agency conducted a full-scope examination of the firm and found deficiencies in its overall compliance function, the NYDFS stated in its order. A second examination covering 2019-22 found “little effort or resources had been directed to addressing the deficiencies identified in the first exam,” despite the firm’s growth during that period, according to the agency.

The NYDFS then initiated an enforcement investigation, through which it found Genesis failed to meet required standards in Bank Secrecy Act/anti-money laundering (BSA/AML) compliance, transaction monitoring, suspicious activity report filings, Office of Foreign Assets Control screening, and cybersecurity.

“Genesis Global Trading’s failure to maintain a functional compliance program demonstrated a disregard for the department’s regulatory requirements and exposed the company and its customers to potential threats,” said NYDFS Superintendent Adrienne Harris in the agency’s release.

Compliance considerations: Specific issues at Genesis cited by the NYDFS in its order included:

  • Policies, procedures, and processes not keeping pace with the company’s growth;
  • Failure to conduct a firm-wide risk assessment until 2022;
  • The appointment of a BSA/AML officer being done informally via email and not adequately resourcing that individual;
  • Not conducting enhanced screening of employees and third-party service providers for potential sanctions violations; and
  • Cybersecurity risk assessments that did not include identification of areas, systems, or processes that required material improvement, updating, or redesign.

The NYDFS acknowledged the firm’s cooperation and remedial efforts to update its BSA/AML and cybersecurity programs.