- FIU found about 22,000 AML breaches at Korbit, including incomplete KYC and allowing trades before required verification.
- Regulators flagged 19 transfers with unreported overseas VASPs and 655 NFT cases lacking money laundering risk checks.
- Korbit received an institutional warning, CEO caution, and a KRW 2.73B fine as South Korea tightened crypto AML oversight.
South Korea’s Financial Intelligence Unit said it sanctioned crypto exchange Korbit after an AML inspection found multiple legal breaches. The review followed an on-site inspection conducted in South Korea from October 16 to 29, 2024. On December 31, 2025, the FIU imposed fines and warnings after confirming violations of the Specific Financial Information Act.
Customer Due Diligence and Transaction Control Breaches
According to the FIU, Korbit failed to meet customer verification and transaction restriction requirements in about 22,000 cases. Notably, roughly 12,800 cases involved incomplete or improper customer identification. These included unclear identity documents, missing address details, and outdated verification records.
However, Korbit also allowed transactions without completing required verification steps. The FIU identified about 9,100 cases where customers traded despite incomplete checks. In addition, Korbit permitted transactions for customers whose risk ratings had increased without enhanced due diligence.
As the inspection continued, regulators linked these failures directly to obligations under Articles 5-2 and 8 of the law. These provisions require strict verification before transactions proceed.
Unreported Overseas VASPs and NFT Risk Gaps
Beyond customer checks, the FIU found Korbit conducted transactions with unreported overseas virtual asset service providers. Specifically, Korbit supported 19 transfers involving three foreign VASPs lacking required registration. According to the FIU, this violated restrictions on dealing with unreported operators.
At the same time, the inspection identified weaknesses tied to NFTs. The FIU confirmed 655 cases where Korbit failed to conduct required money laundering risk assessments before supporting NFT-related transactions. These omissions breached risk evaluation obligations under the law.
Together, these findings broadened the scope of violations beyond routine compliance gaps. Consequently, regulators assessed both operational controls and emerging asset oversight.
Sanctions, Fines, and Regulatory Follow-Up
After reviewing the violations, the FIU imposed an institutional warning on Korbit. It also levied a KRW 2.73 billion fine, equal to about $1.88 million. Additionally, regulators issued a caution to Korbit’s CEO and a reprimand to the reporting officer.
According to the FIU, sanctions considered violation scale, responsibility, and corrective actions. Details will appear on the FIU sanctions disclosure website after public comment. The FIU said it will continue inspections and enforce penalties to strengthen AML compliance across the virtual asset market.
