Jailed crypto ATM operator known to UK authorities for years before conviction

UK authorities knew about unauthorised crypto automated teller machine (ATM) operator Olumide Osunkoya for years prior to his conviction in September 2023. 

Osunkoya was sentenced last week to four years’ imprisonment for running an illegal crypto ATM network. Through his company Gidiplus, Osunkoya operated some 28 crypto ATMs between December 30, 2021 and March 12, 2022, despite having failed to become FCA registered under the Money Laundering Regulations (MLR), the Financial Conduct Authority (FCA) said in a statement. 

According to the FCA release, in his sentencing remarks Judge Gregory Perrins told Osunkoya: “Your decision to continue to operate illegally was an act of deliberate and calculated defiance to the regulator. You knew full well that you were acting unlawfully. You went to great lengths to create a false identity to conceal your involvement. Your actions were deliberate and carefully planned. It cannot be said that it is a mere regulatory breach.” 

Osunkoya applied for FCA registration in 2020 and operated under the temporary registration regime for a time. 

During the application process, the regulator learned he had been interviewed by police in 2018 as part of a money laundering investigation and had misled banks about the nature of his business when applying for accounts. It rejected his application in November 2021. 

False name

Osunkoya appealed the decision to the Upper Tribunal in 2021, but lost it in February 2022.

He later transferred the machines from GidiPlus and personally operated a reduced network of up to 12 crypto ATMs under a false name and company, to evade detection.

The FCA, in partnership with law enforcement agencies, “disrupted” 30 crypto ATMs in 2023, and Osunkoya’s conviction followed that operation, the FCA said in a statement announcing the sentencing.

Besides the two charges relating to the crypto ATM, Osunkoya was convicted and sentenced on three further offences of forgery, using false identity documents, and possessing criminal property.

Temporary registration 

GidiPlus applied for FCA registration under the MLRs in June 2020, after the UK anti-money laundering rules were amended from January 10, 2020, requiring providers to be registered. 

At that time, there was a transitional period for registration of pre-existing crypto asset exchange providers, permitting them to continue to operate until January 10, 2021. That transitional period was later extended to March 31, 2022, providing certain conditions had been met. 

According to the tribunal, because Gidiplus’s application had not been determined by January 10, 2021, the company moved on to the FCA’s Temporary Registration Regime (TRR). The TRR applied to all crypto asset firms that had been active prior to January 10, 2020, and had outstanding applications as of December 16 2020. 

Once the FCA refused GidiPlus’s application in November 2021, citing financial crime risks, the firm was removed from the TRR.

Probity concerns

The FCA rejected GidiPlus’s 2021 application in 2021 partly because Osunkoya’s responses in his interview “in respect of Gidiplus’s banking arrangements also raised concerns regarding his probity”, said the tribunal’s judgment.

In a 2018 police interview investigating possible money laundering breaches, Osunkoya said he misled three banks about the true nature of Gidiplus’s business and deliberately did not inform two banks that it was a crypto ATM business because the accounts would have been shut down.

When he moved Gidiplus’s banking arrangements to another bank, the account was opened on the basis that Gidiplus was an events business, the judgment said.

“Osunkoya stated to the authority that certain payments had been mismarked as stock orders and events catering, in keeping with what he had told the banks about the nature of the business,” the judgment said. According to the FCA press release, Osunkoya created four bank statements to pass source of wealth checks with a crypto asset exchange provider. He also used false identity documents to create the company that ran the ATM network when GidiPlus was dissolved in June.

Current FCA approach

The FCA has taken a rigorous approach to approving crypto asset service providers’ registrations under the MLRs. It has received 368 applications since January 2020 but approved only 50. It has used its powers of direction given by regulation 74C of the MLRs 45 times since 2020. That regulation permits the FCA to give a direction, specifically to a crypto asset business before, on or after registration, to remedy a failure to comply with the MLRs; to prevent a failure to comply or continued non-compliance; or to prevent the business from being used for money laundering or to finance terrorism.

The FCA did not respond to a request for comment.