- Most violations involve failures in customer due diligence and identity verification processes.
- The move is consistent with reports of a potential majority acquisition by Mirae Asset.
- This incident reinforces expectations of stricter regulation across the cryptocurrency sector in South Korea.
South Korea’s year-end move on Korbit marks a defining moment for the country’s digital asset industry. Because regulators have signaled that gaps in compliance will have real consequences.
On December 31, the Financial Intelligence Unit ended an on-site investigation into one of the country’s longest-running exchanges with a hefty financial fine and sanctions on its executives.
The move, which builds on findings from an October survey, refocuses how exchanges verify users, manage risk and scale services.
This is also a sensitive time for Korbit, highlighting how regulatory discipline is shaping the future of the Korean cryptocurrency market.
The FIU announced a fine of 2.73 billion won ($1.88 million) after identifying 22,000 violations related to anti-money laundering and customer due diligence obligations.
The violations were uncovered during an investigation conducted from October 16 to 29, 2024, the results of which were later reviewed by the Sanctions Review Committee.
Along with the fines, regulators issued institutional warnings and imposed individual liability measures on senior executives.
test results
A significant portion of the breaches were due to customer due diligence failures.
The FIU found approximately 12,800 cases where identity verification was not performed properly.
This includes unclear or unverifiable identification documents, incomplete address information, or omission of required re-verification procedures.
In several cases, users were able to continue trading without applying additional confirmations even after their risk profile increased.
This practice runs counter to the requirement that high-risk customers receive enhanced scrutiny beyond standard monitoring.
The review also identified approximately 9,100 instances in which customers permitted transactions before identity verification was complete.
Since Korean regulations restrict transactions by unverified users, these instances are a direct violation of core compliance standards.
responsibility at the top
Beyond operational failures, executive actions extended responsibility to leadership.
The FIU issued an institutional warning to Korbit, the exchange representative received a caution, and the rapporteur received a reprimand.
This approach reflects a broader regulatory emphasis on governance and internal controls where responsibility does not end with automated systems or compliance teams.
Instead, senior management must ensure that regulatory requirements are embedded into daily operations and decision-making processes.
Overseas remittance and new services
Regulators also highlighted weaknesses beyond customer onboarding.
Investigators discovered 19 cases of underreported virtual asset transfers involving three overseas virtual asset service providers.
South Korean regulations require exchanges to disclose transactions with foreign entities and limit transactions with unregistered suppliers.
The FIU also identified 655 instances where Korbit failed to carry out mandatory money laundering risk assessments before introducing new transaction types.
This included services linked to non-fungible tokens, a fast-growing area subject to the same compliance obligations as other digital asset products.
Timing and sector impact
The enforcement action comes just days after reports emerged that Mirae Asset was considering acquiring a 92% stake in Korbit for up to 140 billion won ($97 million).
Korbit is currently ranked as the fourth largest exchange among Korea’s six integrated cryptocurrency platforms, placing it firmly within the scrutiny of regulators.
The FIU said further details on the sanctions would be made public following a comment period of at least 10 days.