British regulators fined Coinbase’s UK arm £3.5 million ($4.5 million) on Thursday for violating a voluntary agreement intended to prevent the cryptocurrency exchange from onboarding “high-risk customers.”

Coinbase Global shares were down nearly 2% in U.S. premarket trading.

CB Payments Limited (CBPL), part of the Coinbase Group, operates a global crypto trading platform. In October 2020, CBPL entered into a voluntary agreement with the UK’s Financial Conduct Authority (FCA), accepting restrictions that prohibited it from taking on new customers considered high-risk by the regulator. The agreement also barred CBPL from offering services to these customers.

However, the FCA reported that CBPL breached the agreement by onboarding and serving 13,416 high-risk customers. Approximately 31% of these customers deposited around $24.9 million, which was then used to make withdrawals and execute crypto transactions via other Coinbase entities, totaling approximately $226 million.

“CBPL’s controls had significant weaknesses, and the FCA told it so, which is why the requirements were needed. CBPL, however, repeatedly breached those requirements,” said Therese Chambers, joint executive director of enforcement and market oversight at the FCA. “This increased the risk that criminals could use CBPL to launder the proceeds of crime. We will not tolerate such laxity, which jeopardizes the integrity of our markets.”

Coinbase stated that it takes the FCA’s findings and its “broader regulatory compliance very seriously.” The company added, “CBPL continues to proactively enhance its controls to ensure compliance with its regulatory obligations. In its notice, the FCA acknowledged this as well as CBPL’s cooperation with its investigation.”

CBPL explained that it “unintentionally onboarded” some high-risk customers between Oct. 30, 2020, and Oct. 1, 2023, representing 0.34% of overall new customers that the unit signed up.