By South Korean cryptocurrency exchange Korbit has been hit with a 2.73 billion won ($1.9 million) fine and an institutional warning by the Financial Intelligence Unit (FIU) for multiple breaches of anti-money laundering (AML) regulations.
Alongside the financial penalty, the FIU issued disciplinary actions against the exchange’s top compliance personnel, including a caution to the CEO and a reprimand to the AML officer.
Lapses in Korbit’s AML compliance framework
The sanctions follow a comprehensive on-site inspection conducted between October 16 and 29, 2024, during which regulators identified significant lapses in Korbit’s AML compliance framework.
The review was carried out under the Specific Financial Information Act, which governs AML obligations for virtual asset service providers in South Korea.
The findings highlight a growing emphasis on rigorous enforcement in the country’s cryptocurrency sector, signalling that regulatory oversight will not tolerate gaps in compliance or risk management.
The FIU’s investigation revealed that Korbit had committed roughly 22,000 violations related to customer due diligence and transaction restrictions.
Many accounts were opened or allowed to trade despite having unclear or incomplete identity verification documents, demonstrating weaknesses in the exchange’s verification procedures.
These failures in standard customer due diligence not only breached Korean law but also exposed the exchange to potential misuse by illicit actors.
Another critical violation involved the lack of AML risk assessments before the listing or activation of 655 new digital assets, including non-fungible tokens (NFTs).
Regulators stressed that exchanges are required to evaluate and mitigate potential AML risks before enabling trading for new assets.
This lapse demonstrated shortcomings in Korbit’s internal processes for assessing emerging products, reflecting broader challenges in applying regulatory standards to NFTs and other novel digital assets.
Undisclosed overseas transactions
Regulators also discovered 19 asset transfer transactions involving three undisclosed overseas virtual asset service providers, which had not met South Korea’s reporting and registration requirements.
Under domestic law, all transfers with foreign virtual asset service providers must be documented and monitored to prevent illicit finance flows.
The oversight suggests that Korbit’s cross-border compliance systems were insufficiently robust, raising alarms about transparency and accountability in international transfers.
As South Korea’s cryptocurrency ecosystem continues to expand, exchanges must adopt stricter AML controls, strengthen Know Your Customer (KYC) processes, and implement thorough risk assessments for all new assets.
The FIU’s sanctions underscore the growing focus on individual accountability within cryptocurrency exchanges.
The FIU formally warned Korbit’s chief executive and reprimanded the officer in charge of regulatory reporting, citing the severity of the breaches and management accountability following a sanctions review meeting on December 31.
By issuing reprimands to the CEO and AML officer, regulators are sending a clear message that both corporate leadership and compliance teams bear responsibility for lapses.
The penalty also aligns with South Korea’s broader regulatory trend, as seen earlier in 2025 when the FIU fined Dunamu’s Upbit over systemic verification failures, emphasising the need for robust compliance infrastructures across the industry.
The post South Korea’s FIU fines Korbit $1.9M for AML lapses and undisclosed transfers appeared first on Invezz
