South Korea FIU Fines Korbit ₩2.73B for AML Rule Breaches

• FIU fined Korbit ₩2.73B after inspectors found broad AML, KYC, and trade control breaches.
• Korbit logged 22k due diligence failures and 19 transfers to unreported overseas platforms.
• The FIU sanctioned Korbit’s CEO and reporting officer, and plans stricter AML oversight.

South Korea’s Financial Intelligence Unit has sanctioned crypto exchange Korbit after an anti-money laundering inspection found breaches of local rules. The FIU issued an institutional warning, imposed a monetary fine, and disciplined two senior compliance roles. The agency said the case followed findings on customer checks, trade restrictions, overseas transfers, and risk controls for newer products.

Sanctions Set Under the Specific Financial Information Act

The FIU said it confirmed Korbit violated obligations under the Specific Financial Information Act during a comprehensive AML review. The regulator convened a Sanctions Review Committee on December 31, 2025. It considered statutory penalty provisions and past enforcement precedents.

The committee discussed similar sanctions cases and methods for calculating fines. It solicited comments on the proposed measures and reviewed Korbit’s voluntary remediation submitted during the process thereafter.

Following the review, the FIU decided on an institutional warning and an administrative fine totaling KRW 2.73 billion ($1.9 million). It also issued a caution to Korbit’s chief executive and a reprimand to the reporting officer, citing accountability for compliance oversight.

The FIU said it will publish sanction details through its public disclosure process. It stated that the fine will be imposed after a prior notice step and an opinion submission period of at least 10 days.

Customer Due Diligence Failures and Missing Transaction Blocks

Inspectors ran an on-site AML inspection from October 16 to 29, 2024, the FIU said. The agency confirmed about 22,000 cases tied to customer due diligence and required transaction restrictions.

The FIU noted Korbit recorded about 12,800 customer verification breaches. It cited identity records that did not allow clear identification, including out-of-focus images and partially obscured information. It also cited printed, copied, or re-photographed submissions used instead of original certificates.

The notice also cited incomplete address data in customer records. In addition, the FIU said Korbit completed re-verification without collecting updated identity certificates. It said the platform missed re-verification cycles after scheduled renewal dates.

The FIU said Korbit also allowed activity for customers whose money laundering risk rating rose. The regulator said Korbit did not add verification steps before it allowed trades for those higher-risk users.

In a separate set of cases, the FIU said Korbit violated transaction restriction rules in about 9,100 instances. Under the enforcement decree, exchanges must restrict trading until customer verification finishes. The FIU said Korbit allowed transactions despite unfinished verification status.

Related: Korea’s FIU Advances Enforcement Actions on Major Exchanges

Overseas VASP Transactions and NFT-Related Risk Assessment Gaps

The FIU said Korbit supported 19 virtual asset transfer transactions involving three overseas virtual asset service providers. The notice said those firms had not fulfilled South Korea’s reporting requirement, so Korbit should have blocked the transfers.

The agency linked the finding to the rule that bans dealings with unreported overseas VASPs. It said the transfers breached the obligation to prohibit transactions with unreported operators and the related enforcement provisions.

The FIU also cited failures in money laundering risk assessment controls for new services. It said Korbit did not complete the required risk assessments before supporting new transaction types, including non-fungible token activity. The regulator counted 655 cases tied to missing pre-assessment steps.

The FIU said it will continue follow-up measures from remaining on-site inspections across the sector. It said it aims to strengthen AML capability and legal compliance systems. The FIU said the virtual asset market should grow with public trust over time.