Korbit Faces KRW 2.73B Penalty as South Korea Intensifies AML Crackdown

South Korea’s Financial Intelligence Unit (FIU) has imposed strict sanctions on crypto exchange Korbit following a compliance audit that uncovered thousands of anti-money laundering (AML) violations. The enforcement action signals deepening regulatory pressure on virtual asset platforms to tighten their Know Your Customer (KYC) and transaction monitoring systems.

The Scope of Compliance Failures

The FIU’s investigation, conducted from October 16-29, 2024, documented approximately 22,000 instances where Korbit failed to properly implement mandatory customer verification protocols. The violations fell into multiple categories that collectively demonstrate systemic control gaps.

The most prevalent issue involved incomplete customer identification procedures. Around 12,800 cases showed customers submitted insufficient documentation—including blurry identity materials, missing residential addresses, and expired verification records. Beyond document deficiencies, roughly 9,100 transactions proceeded without customers completing required verification checks entirely. This directly contradicted the Specific Financial Information Act’s core provisions requiring full KYC completion before any trading activity.

Risk management also fell short. Korbit permitted trades from customers whose risk profiles had been upgraded—typically indicating higher suspicious activity potential—without applying enhanced due diligence measures. This represented a critical failure in tiered compliance procedures.

International and Emerging Asset Gaps

The audit revealed additional regulatory blind spots. Korbit processed 19 transfers involving three foreign virtual asset service providers (VASPs) that had not filed required registration disclosures. By conducting business with unregistered overseas operators, the exchange violated explicit prohibitions against dealing with unvetted platforms.

NFT-related activities presented another compliance weakness. The FIU identified 655 NFT transactions where Korbit failed to execute mandatory money laundering risk assessments. Since NFTs increasingly serve as vehicles for value transfer and potential illicit activity, regulators now expect platform operators to apply equivalent scrutiny to digital collectibles as they do traditional cryptocurrency trades.

Penalties and Regulatory Message

The FIU imposed multiple remedial measures: an organizational warning, a KRW 2.73 billion fine (approximately $1.88 million USD), and a caution directed at the company’s CEO. A separate reprimand targeted the responsible compliance officer. The penalty structure reflected the violation’s scale, management accountability, and whether Korbit had demonstrated corrective commitments.

This enforcement action underscores South Korea’s evolving approach to virtual asset regulation. Rather than limiting oversight to large-scale market manipulation, authorities now scrutinize granular compliance infrastructure—customer onboarding workflows, transaction-by-transaction controls, and emerging asset categories.

The FIU has indicated that similar inspections and enforcement activities will intensify across the sector, signaling that AML compliance costs and operational complexity will likely increase for all Korean cryptocurrency platforms.