Key Takeaways
-
South Korea’s FIU fined Korbit $1.9 million for weak AML and KYC rules on December 31, 2025.
-
Main issues: 22,000 unverified users, deals with unregistered foreign platforms, and poor risk checks.
-
Penalties include a fine, a warning to exchange, and the CEO, following Upbit’s earlier larger fine.
South Korea’s Financial Intelligence Unit (FIU) found the Korbit crypto exchange in violation of the Specific Financial Information Act.
The latest finding comes just months after South Korea’s largest exchange, Upbit, was found guilty of similar AML and user verification violations.
The FIU imposed an institutional warning and a KRW 2.73 billion (about $1.88 million) fine on the Korbit exchange for its operational violations.
The regulator issued a caution to the CEO and a reprimand to the reporting officer.
The FIU highlighted several failures in customer due diligence, transaction restrictions, dealings with unreported overseas VASPs, and AML risk assessments for NFTs.
The FIU identified multiple breaches of AML/KYC rules and the Specific Financial Information Act:
-
Approximately 22,000 cases where trading was allowed without completing the required customer identification procedures.
-
Improper handling of transaction limits and dealings with unregistered overseas virtual asset service providers (VASPs). This included 19 cryptocurrency transactions with three unreported foreign VASPs.
-
655 violations related to inadequate money laundering risk assessments, particularly for new business areas such as non-fungible tokens (NFTs).
South Korea’s FIU, part of the Financial Services Commission, has been conducting on-site inspections of major cryptocurrency exchanges to enforce anti-money laundering (AML) and know-your-customer (KYC) regulations.
Korbit was given more than 10 days to respond before the fines were finalized.
These inspections follow a “first-in, first-out” order based on the exchanges’ registration dates, beginning with Upbit’s operator Dunamu in August 2024, followed by Korbit in October 2024, GOPAX in December 2024, Bithumb in March 2025, and Coinone in April 2025.
The latest enforcement action follows the regulator’s November fines and enforcement action on the country’s leading crypto exchange.
The FIU imposed a fine of 35.2 billion KRW (approximately $25 million) for widespread AML and KYC breaches.
Specific issues included approximately 5.3 million instances of failing to verify customer identities properly and 15 cases of unreported suspicious transactions.
As part of the penalty, Upbit faced a three-month suspension of virtual asset transfers for new consumers, as well as warnings to management.
Dunamu, the operator of Upbit, responded that it was internally analysing the FIU’s findings for accuracy and exploring an appeal, citing a previous case in which a similar FIU fine against another exchange (Hanbitco) was overturned by a Seoul court for not directly causing money laundering.
Following Upbit, Korbit, South Korea’s fourth-largest exchange by trading volume, came under FIU inspection. The examination began in October 2024 and culminated in a preliminary punishment notification on Dec. 18, 2025, followed by the multi-million fine on the final day of the year.
The post Korbit Joins Upbit Under Fire as South Korea Hands Down $1.9M AML Penalty appeared first on ccn.com.