The Korea Financial Intelligence Unit finalized a decision on December 31, 2025, to impose a fine of KRW 2.73 billion on Korbit for extensive failures in its anti-money laundering protocols. This regulatory action follows an intensive on-site inspection conducted in late 2024, which revealed systemic lapses in customer due diligence and transaction monitoring. Alongside the significant financial penalty, the regulator issued an institutional warning and sanctioned senior leadership, including a warning for the chief executive officer. These measures reflect a rigorous enforcement period aimed at ensuring virtual asset service providers adhere strictly to the Specific Financial Information Act.
Table of Contents
Korbit Financial Intelligence Unit Compliance Lapses
The regulatory scrutiny of Korbit intensified after an inspection period from October 16 to October 29, 2024, which uncovered approximately 22,000 instances of non-compliance. A primary area of concern involved the violation of customer verification obligations where the exchange failed to properly identify users. Inspectors found that the firm accepted blurred or out-of-focus identification documents, collected photocopies instead of original records, and permitted accounts with missing or incorrect residential addresses. Furthermore, the exchange did not re-verify customers at required intervals and allowed individuals with elevated money laundering risk profiles to continue trading without enhanced due diligence measures. These failures created substantial vulnerabilities, as approximately 12,800 cases directly involved inadequate identification procedures that undermined the integrity of the financial platform. To ensure compliance, businesses must maintain rigorous standards when verifying the identity of their users. The failure to do so allows bad actors to exploit gaps in the financial system. In this specific instance, the lack of oversight was not a minor error but a widespread systemic issue affecting thousands of individual accounts. The regulator noted that even when the risk rating of a customer was raised due to suspicious activity, the exchange often failed to implement the necessary additional measures to mitigate that risk. This lack of responsiveness is a direct violation of the standards expected of modern virtual asset operators.
Systematic Violations of Transaction Restrictions
Beyond identification failures, the regulatory body identified nearly 9,100 cases where the exchange permitted transactions for customers who had not yet completed the mandatory verification process. Under the Specific Financial Information Act, virtual asset operators are strictly required to restrict trading activities until identity checks are finalized. The investigation also revealed that the exchange facilitated 19 virtual asset transfer transactions with three overseas entities that had not fulfilled their reporting obligations in South Korea. By interacting with these unreported virtual asset service providers, the firm breached fundamental rules designed to prevent cross-border illicit financial flows. These actions demonstrated a lack of robust internal controls to prevent unauthorized movement of assets through unvetted international channels. The movement of funds between regulated and unregulated entities is a primary concern for global financial watchdogs. When a domestic exchange interacts with an entity that has not registered with local authorities, it creates a blind spot for law enforcement. This specific violation highlights the importance of the reporting obligations set forth in the legislation. Without proper reporting, the flow of virtual assets becomes difficult to track, increasing the likelihood of funds being used for illegal activities. The firm was found to have supported these transfers despite the clear legal prohibition against dealing with entities that ignore domestic registration requirements.
Failure to Perform Asset Risk Assessments
The inspection also highlighted a lack of foresight regarding emerging digital products, specifically non-fungible tokens. Regulators confirmed 655 cases where the exchange failed to conduct mandatory money laundering risk assessments before supporting new transaction types. These obligations require operators to evaluate potential criminal risks associated with new assets or services prior to their public launch. By bypassing these risk evaluations, the exchange essentially integrated new financial products into its ecosystem without understanding how they might be exploited for money laundering. This oversight was particularly noted in relation to non-fungible token services, where the absence of a preliminary risk review violated Article 5 of the governing legislation and associated enforcement decrees. The introduction of new financial technology requires a proactive approach to risk management. As the market evolves, the potential for misuse of new technologies like non-fungible tokens grows. Regulators expect that before any such product is made available to the public, a thorough analysis of its potential for facilitating financial crimes is conducted. The exchange failed to meet this expectation, launching services without the required safety checks. This lack of due diligence suggests a priority on market expansion over regulatory safety. The findings from the inspection serve as a reminder that innovation must not come at the expense of financial security and legal compliance.
Regulatory Sanctions and Compliance Future
The final determination by the Sanctions Review Committee resulted in a multi-layered approach to institutional and individual accountability. In addition to the KRW 2.73 billion administrative fine, the institutional warning serves as a severe mark against the operational standing of the firm within the South Korean financial market. The personal sanctions against the chief executive officer and the compliance reporting officer emphasize that leadership is held directly responsible for the health of anti-money laundering systems. The Financial Intelligence Unit has stated that it will provide a period for the firm to submit opinions before the final collection of the fine, maintaining transparency in the enforcement process. Moving forward, the regulator intends to conduct sequential follow-up inspections on other market participants to ensure the entire virtual asset sector maintains public trust through total legal compliance. The severity of these sanctions reflects the government’s commitment to cleaning up the virtual asset industry. By holding both the institution and its individual leaders accountable, the regulator sends a clear message to all other participants in the market. Compliance is not an optional set of guidelines but a mandatory framework that must be integrated into the core operations of every financial business. The future of the industry depends on the ability of operators to foster trust with the public and regulators alike. This case will likely serve as a benchmark for future enforcement actions and as a guide for other firms looking to improve their internal controls.
Key points
- Korbit faced a KRW 2.73 billion fine and institutional warning on December 31, 2025, for widespread AML failures.
- Regulators identified 22,000 breaches, including the use of blurred ID documents and incomplete address records.
- The exchange facilitated unauthorized transactions with three unregistered overseas virtual asset service providers.
- Sanctions included a formal warning to the CEO and a reprimand for the officer responsible for compliance reporting.
Related Links
- Financial Services Commission Press Release on VASP Sanctions
- Korea Financial Intelligence Unit Official Sanctions Disclosure
- Specific Financial Information Act via Korea Law Information Center
- FATF Guidance on Virtual Assets and Red Flag Indicators
Other FinCrime Central Articles About South Korean Relentless Actions
- Korea Financial Intelligence Unit (KoFIU) Revamps Regulatory Compliance Standards
- Major Blow to Crypto Market as Korea’s FIU (KOFIU) Imposes Heavy Penalties on Exchanges
- How South Korea’s Hwanchigi Is Driving a Wave of VASP SARs in 2025
Source: KoFIU
Some of FinCrime Central’s articles may have been enriched or edited with the help of AI tools. It may contain unintentional errors.
Want to promote your brand, or need some help selecting the right solution or the right advisory firm? Email us at info@fincrimecentral.com; we probably have the right contact for you.
