Germany's financial watchdog ordered cryptocurrency exchange Coinbase's local unit to ensure it has effective risk management and internal controls in place after uncovering "organizational deficiencies" during an audit of the firm's financial statements, according to a statement published Tuesday.

The Federal Financial Supervisory Authority, known as BaFin, said Coinbase Germany was in violation of standards set by the German Banking Act. The announcement referenced Section 25a (1) of the Act, which lays out requirements for firms to maintain risk-bearing capacity, adequate staffing, emergency management mechanisms such as IT systems and transparent remuneration systems for employees – including management.

The requirements also include setting up "appropriate arrangements that allow the institution's financial position to be determined at all times with reasonable accuracy."

Crypto firms the world over are facing increased scrutiny from regulators after a turbulent year that has seen some big industry names go bankrupt, in part because of poor risk-management strategies. Even countries with comprehensive regimes in place to regulate crypto, like Germany and Singapore, are taking a closer look at service providers.

"An audit of the annual financial statements revealed organizational deficiencies at the institute. The regularity of the business organization was not given in all audited areas," BaFin said in its statement. The order to address the organizational issues has been in effect since Oct. 27.

Coinbase Germany received permission from BaFin to provide crypto custody services in the country last year.

"Coinbase is committed to providing customers in Germany and around the world with the most trusted and easy to use crypto services," the company said in a blog post at the time. "Becoming licensed in Germany marks an important milestone as we strive to enable economic freedom around the world."

In addition to internal controls, BaFin found Coinbase Germany lacking "appropriate and effective risk management" for when transactions or services that are typically conducted by the firm are outsourced to other parties. According to the portions of the Banking Act referenced in its statement, BaFin wants Coinbase to ensure maintenance of “an outsourcing register as part of its risk management."

Coinbase is "cooperating fully" to address the findings of the audit, a spokesperson said in an emailed statement to CoinDesk following the publication of this article.

"We have developed a remediation plan fully addressing each finding of the audit report to address BaFin’s concerns. To date, we have made substantial progress on this plan,” the statement said.

Read more: Coinbase Cuts Q3 Losses in Half, Sees Crypto Headwinds Continuing Into 2023

Update (13:18 UTC, Nov. 8, 2022): Adds comment from Coinbase.