Paxful Hit with $3.5 Million FinCEN Penalty After Facilitating Suspicious Transactions

Key Takeaways

• FinCEN Penalty: Paxful is fined $3.5 million for willful violations of the Bank Secrecy Act.
• Scale of Activity: The platform facilitated over $500 million in suspicious transactions tied to illicit actors and high-risk jurisdictions.
• Admitted Violations: Paxful acknowledged failures including not registering as an MSB, lacking an effective AML program, and failing to file SARs.
• Mitigating Factors: FinCEN considered leadership changes and Paxful’s review and reporting of previously unreported suspicious activity.
• Compliance Expectations: FinCEN reiterates the need for robust, risk-based AML programs, governance, geolocation controls, and timely remediation of deficiencies.

Deep Dive

FinCEN has handed down a $3.5 million civil money penalty to Paxful after the peer-to-peer crypto marketplace admitted it willfully violated the Bank Secrecy Act, enabling more than $500 million in suspicious transactions involving sanctioned jurisdictions and illicit actors.

The action, announced on 9 December 2025, marks one of the more pointed reminders this year that virtual asset firms remain squarely in the sights of U.S. anti-money laundering authorities. Investigators found that Paxful’s platform facilitated activity tied to countries such as Iran, North Korea, and Venezuela, as well as Backpage dot com, which the Justice Department seized in 2018 for facilitating prostitution and sex trafficking.

FinCEN Director Andrea Gacki said Paxful had ignored its AML duties for years and reinforced that the agency intends to safeguard the financial system while encouraging responsible innovation in the virtual asset ecosystem.

According to the consent order, Paxful admitted to multiple failures including operating without registering as a money services business, lacking an effective AML program, and failing to file suspicious activity reports. FinCEN noted that the company processed more than half a billion dollars in suspicious activity while these gaps persisted.

In assessing the penalty, FinCEN said it weighed several mitigating factors. Those included leadership changes that removed individuals responsible at the time of the violations, along with remediation efforts such as a retrospective review to identify and report suspicious transactions that had gone unfilled during the relevant period.

FinCEN also credited collaboration with the Department of Justice, the U.S. Attorney’s Office for the Eastern District of California, and Homeland Security Investigations, underscoring the increasingly coordinated approach across agencies when virtual asset abuse is involved.

The agency used the announcement to reiterate broader compliance expectations. AML programs need to be risk-based and aligned with the size, location, and nature of financial services offered, including virtual asset activity. FinCEN emphasized that suspicious activity obligations extend to transactions involving virtual assets and prepaid access, and urged firms to integrate IP address and geolocation monitoring to block exposure to high-risk jurisdictions and prohibited parties.

FinCEN also highlighted the importance of customer identity verification, the need to understand customers’ business models, and the role of strong governance and tone at the top. The Paxful case, the agency said, illustrates the value of early remediation and timely SAR reporting when deficiencies come to light.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.