In a significant regulatory action, Block Inc., the parent company of Cash App, has agreed to pay a $40 million civil penalty following allegations by the Financial Crimes Enforcement Network (FinCEN) that the company neglected critical anti-money laundering (AML) obligations across several years. The fine stems from persistent and systemic shortcomings in the company’s compliance framework, especially relating to its popular peer-to-peer payments platform, Cash App.
According to FinCEN’s detailed report, Block failed to maintain an effective AML program from October 2016 through November 2021. The platform reportedly operated with critical gaps in compliance controls, particularly within its Bitcoin services. The agency stated that Cash App’s Bitcoin offerings operated for years without a fully functioning AML program in place, directly violating the Bank Secrecy Act.
The investigation revealed that Cash App did not establish clear internal controls or effective customer due diligence processes for high-risk transactions. Moreover, there was an absence of timely and adequate suspicious activity reporting — a cornerstone of financial crime prevention. FinCEN also pointed out that Block continued expanding its services despite known compliance issues, which raised additional concerns about the firm’s risk appetite and internal governance.
This settlement underscores the growing regulatory scrutiny surrounding fintechs and digital payments platforms, especially as their influence in the financial system continues to expand. It also reflects FinCEN’s commitment to holding companies accountable regardless of their market stature.
A spokesperson from Block acknowledged the regulatory resolution and stated that the company has since taken “substantial steps” to enhance its AML policies and strengthen its compliance infrastructure. The spokesperson added that Block is “fully committed to maintaining a rigorous and effective AML program.”
This case serves as a cautionary tale for financial service providers navigating the increasingly complex intersection of innovation and regulatory responsibility. As regulators sharpen their focus on compliance, especially in the rapidly evolving crypto and digital finance space, companies must ensure their risk management frameworks are not only reactive but also forward-looking.
FinCEN’s $40 million fine sends a clear message: compliance failures — especially those tied to emerging financial technologies — will not be tolerated
