- Most violations involved failures in customer status checks and identity verification processes.
- The action coincided with reports of a potential acquisition of Korbit by Mirae Asset.
- The case underscores tightening regulatory expectations for South Korea’s crypto sector.
South Korea’s year-end enforcement action against Korbit represents a pivotal moment for the country’s digital asset industry, as regulators signaled that compliance gaps will carry real consequences.
On December 31, the Financial Intelligence Unit (FIU) concluded an on-site investigation of one of the nation’s longest-running cryptocurrency exchanges, imposing a significant financial penalty and sanctions targeting senior management.
The enforcement followed an October inspection focused on how the exchange verified users, managed risk and expanded services.
The timing heightened sensitivity around Korbit’s operations and emphasized that regulatory discipline is increasingly shaping the future of South Korea’s crypto market.
The FIU announced a fine of 2.73 billion won (approximately $1.88 million) after identifying nearly 22,000 breaches related to anti‑money laundering (AML) obligations and customer due diligence requirements.
The violations were uncovered during an on-site review conducted from October 16 to 29, 2024. A sanctions review committee will examine the findings and determine any further measures.
Beyond the monetary penalty, regulators issued an institutional warning to Korbit and imposed personal responsibility measures on senior executives.
Inspection Findings
The majority of violations stemmed from failures in customer status verification.
The FIU found roughly 12,800 instances where identity checks were improperly conducted.
Inspectors also noted incomplete address information and redundant verification processes.
In numerous cases, users continued trading after their risk profiles had increased without undergoing additional, strengthened scrutiny.
Such practices violated rules requiring enhanced due diligence for high‑risk customers rather than standard checks.
The review also identified about 9,100 cases in which customers were allowed to trade before identity verification was fully completed.
South Korean rules restrict transactions by unverified users, making these cases direct breaches of core compliance standards.
Accountability at the Top
Enforcement action extended beyond operational failures to hold leadership accountable.
The FIU issued an institutional admonition to Korbit, a formal warning to the exchange CEO, and reprimanded other reported officers.
This approach reflects a broader regulatory emphasis on governance and internal controls, where responsibility does not rest solely with automated systems or compliance teams.
Senior management is expected to ensure regulatory requirements are embedded in daily operations and decision‑making processes.
Cross‑Border Transfers and New Services
Regulators highlighted weaknesses beyond initial customer onboarding.
Inspectors flagged 19 virtual asset transfers involving three foreign virtual asset service providers that were not properly reported.
South Korean rules require exchanges to disclose interactions with foreign entities and restrict transactions with unregistered overseas providers.
The FIU also identified 655 instances where Korbit failed to assess AML risks before launching new types of transactions or services.
These included services tied to non‑fungible tokens (NFTs), a rapidly growing area that remains subject to the same compliance obligations as other digital asset products.
Timing and Sector Impact
The enforcement came days after reports that Mirae Asset was considering acquiring a 92% stake in Korbit for up to 140 billion won (about $97 million).
Korbit is currently ranked as the fourth‑largest exchange among South Korea’s six major crypto platforms and has been under close regulatory scrutiny.
The FIU said it will publish full details of the sanctions after allowing a minimum 10‑day period for the exchange to submit comments.