- Most breaches involved failures in customer due diligence and identity verification processes, highlighting the need for stricter anti-money laundering (AML) and know-your-customer (KYC) protocols in South Korea’s crypto sector.
- The action coincides with reports of a potential majority acquisition by Mirae Asset, underscoring the significance of regulatory compliance in the country’s digital asset industry.
- The case reinforces stricter regulatory expectations across South Korea’s crypto sector, emphasizing the importance of robust compliance measures and effective risk management strategies.
South Korea’s year-end move against Korbit marks a decisive moment for the country’s digital asset industry, as regulators signal that gaps in compliance will carry real consequences, including financial penalties and management-level sanctions.
On December 31, the Financial Intelligence Unit (FIU) closed an on-site investigation into one of the country’s longest-operating exchanges with a significant financial penalty of 2.73 billion won ($1.88 million) and management-level sanctions, highlighting the regulator’s commitment to enforcing AML and KYC regulations.
The action, based on findings from an October inspection, places renewed focus on how exchanges verify users, manage risk, and expand services, emphasizing the need for robust compliance measures and effective risk management strategies in South Korea’s crypto market.
It also lands at a sensitive time for Korbit, underscoring how regulatory discipline is shaping the future of South Korea’s crypto market, with exchanges facing increasing scrutiny and stricter regulatory expectations.
The FIU announced the fine after identifying nearly 22,000 breaches linked to anti-money laundering and customer verification obligations, highlighting the need for stricter AML and KYC protocols in South Korea’s crypto sector.
The violations were uncovered during an inspection conducted between October 16 and 29, 2024, with the results later reviewed by the Sanctions Review Committee, emphasizing the regulator’s commitment to enforcing AML and KYC regulations.
Alongside the fine, the regulator issued an institutional warning and imposed individual accountability measures on senior executives, highlighting the importance of effective governance and internal controls in South Korea’s crypto sector.
Inspection findings
A large share of the violations stemmed from failures in customer due diligence, including the acceptance of unclear or unverifiable identification documents, incomplete address information, and lapses in mandatory re-verification processes, highlighting the need for stricter KYC protocols in South Korea’s crypto sector.
The FIU found roughly 12,800 cases where identity checks were not properly conducted, emphasizing the importance of robust KYC measures in preventing money laundering and terrorist financing.
These included the acceptance of unclear or unverifiable identification documents, incomplete address information, and lapses in mandatory re-verification processes, highlighting the need for stricter AML and KYC protocols in South Korea’s crypto sector.
In several instances, users were allowed to continue trading even after their risk profiles increased, without additional checks being applied, highlighting the importance of effective risk management strategies in South Korea’s crypto sector.
Such practices run counter to requirements that higher-risk customers be subject to enhanced scrutiny rather than standard monitoring, emphasizing the need for stricter AML and KYC protocols in South Korea’s crypto sector.
The review also identified about 9,100 cases where customers were permitted to trade before identity verification was fully completed, highlighting the need for stricter KYC protocols in South Korea’s crypto sector.
South Korean rules restrict transactions by unverified users, making these cases a direct breach of core compliance standards, emphasizing the importance of robust KYC measures in preventing money laundering and terrorist financing.
Accountability at the top
Beyond operational failures, the enforcement action extended responsibility to leadership, highlighting the importance of effective governance and internal controls in South Korea’s crypto sector.
The FIU issued an institutional warning to Korbit, while the exchange’s chief executive received a caution, and its reporting officer was reprimanded, emphasizing the regulator’s commitment to enforcing AML and KYC regulations.
This approach reflects a broader regulatory emphasis on governance and internal controls, where accountability does not stop at automated systems or compliance teams, highlighting the importance of effective leadership and oversight in South Korea’s crypto sector.
Instead, senior management is expected to ensure that regulatory requirements are embedded across day-to-day operations and decision-making processes, emphasizing the need for a culture of compliance in South Korea’s crypto sector.
Overseas transfers and new services
Regulators also highlighted weaknesses beyond customer onboarding, including 19 virtual asset transfers involving three overseas virtual asset service providers that were not properly reported, highlighting the need for stricter AML and KYC protocols in South Korea’s crypto sector.
Inspectors flagged these breaches, emphasizing the importance of effective risk management strategies and robust compliance measures in preventing money laundering and terrorist financing.
South Korean rules require exchanges to disclose dealings with foreign entities and restrict transactions with unregistered providers, highlighting the need for stricter AML and KYC protocols in South Korea’s crypto sector.
In addition, the FIU identified 655 cases where Korbit failed to carry out mandatory money laundering risk assessments before introducing new transaction types, including services linked to non-fungible tokens (NFTs), highlighting the need for stricter AML and KYC protocols in South Korea’s crypto sector.
These included services linked to non-fungible tokens, an area of rapid growth that remains subject to the same compliance obligations as other digital asset products, emphasizing the importance of effective risk management strategies and robust compliance measures.
Timing and sector impact
The enforcement action comes just days after reports that Mirae Asset is said to be considering acquiring 92% of Korbit for up to 140 billion won ($97 million), highlighting the significance of regulatory compliance in the country’s digital asset industry.
Korbit currently ranks as the fourth-largest exchange among South Korea’s six incorporated crypto platforms, placing it firmly within the regulator’s line of sight, emphasizing the need for stricter AML and KYC protocols in South Korea’s crypto sector.
The FIU said full details of the sanctions will be disclosed after a minimum 10-day period for opinion submissions, highlighting the regulator’s commitment to transparency and accountability in South Korea’s crypto sector.
