The Financial Intelligence Unit (FIU) under the Financial Services Commission (FSC) announced on the 25th that it has imposed a three-month partial business suspension on Dunamu, the operator of South Korea’s largest cryptocurrency exchange, Upbit. The regulatory body also issued a reprimand warning to Upbit’s CEO, Lee Seok-woo.
This decision comes after FIU discovered that Upbit had facilitated transactions with unregistered overseas virtual asset service providers (VASPs) and violated Know Your Customer (KYC) obligations in hundreds of thousands of cases. As a result, from March 7 to June 6, new Upbit users will be restricted from transferring virtual assets, while existing customers can continue trading without disruption.
Following an anti-money laundering (AML) on-site inspection conducted between August and October 2023, FIU found that Dunamu had supported 44,948 virtual asset transfer transactions with 19 unregistered foreign VASPs. FIU had previously warned Dunamu multiple times, including in August 2022 and July 2023, about prohibiting transactions with unregistered entities, but Upbit continued to ignore these directives. Consequently, FIU has imposed a three-month suspension on virtual asset transfers for new customers, issued a reprimand warning to CEO Lee Seok-woo, and sanctioned nine compliance officers, including an order for the dismissal of the compliance officer.
FIU also cited widespread KYC violations, including:
- Failure to verify identity documents properly:
- Accepted blurred, out-of-focus, or overexposed images that made identity verification impossible (34,477 cases).
- Accepted printed copies, scanned versions, or image files instead of original ID documents (34,477 cases).
- Errors in address and personal information:
- Approved customer registrations with missing, incorrect, or unrelated address entries (5,785 cases).
- Violation of customer verification regulations:
- Failed to adhere to the required KYC renewal cycle and allowed transactions to proceed (354 cases).
- Allowed transactions without proper verification despite identified money laundering risks (226,558 cases).
- Failed to verify encrypted serial numbers when using driver’s licenses for KYC checks (189,504 cases).
- Permitted transactions without re-verifying identity documents during KYC renewals (9,066,244 cases).
Additionally, Upbit failed to report suspicious transactions for 15 users who were subject to investigative warrants. It also neglected to conduct a money laundering risk assessment before supporting new NFT (non-fungible token) transactions in 2,552 cases.
Dunamu stated, “This regulatory action only imposes partial restrictions on services for new customers. Existing users and new registrants can still trade virtual assets on Upbit without interruption.” The company further emphasized, “For a certain period, new users will only be restricted from transferring virtual assets to other exchanges, but KRW deposits and withdrawals, as well as virtual asset trading and exchanges, will continue to operate normally.”
