OKX Fined €1.054M by Malta for Compliance Failures

Malta's Financial Intelligence Analysis Unit (FIAU) has imposed a fine of €1.054 million ($1.155 million) on the crypto exchange OKX for multiple compliance violations. The regulatory body found that OKX failed to adequately assess the risks associated with money laundering and terrorism financing related to its products. The FIAU's investigation, conducted in 2023, revealed that OKX did not perform reliable customer risk assessments (CRAs) for a substantial portion of its customer files. Specifically, the regulator noted that around 50% of the customer files reviewed did not undergo a CRA upon establishing a business relationship. This oversight allowed customers to deposit thousands of dollars before a CRA was completed, with assessments often conducted several months after onboarding.

Despite these serious shortcomings, the FIAU acknowledged the significant improvements OKX has made over the past 18 months. However, the regulator deemed an administrative penalty necessary due to the exchange's past failures, which were described as both serious and systematic. OKX had received its EU Markets in Crypto Assets (MiCA) license in Malta earlier this year. MiCA is a new EU legislation that establishes rules for the supervision, consumer protection, and environmental safeguards of crypto assets. The framework, which took effect in December, includes measures to reduce financial crimes such as market manipulation, money laundering, and terrorist financing. It also places stablecoin issuers under the European Banking Authority and requires them to hold sufficient liquid reserves.

In addition to the fine from the FIAU, OKX has faced regulatory scrutiny from other authorities regarding its decentralized exchange (DEX) aggregator. Traders use DEXDEXC-- aggregators to find the best-priced trades across various decentralized exchanges. In February, hackers stole a substantial amount of Ethereum (ETH) and Lido Staked Ether (stETH) from the crypto exchange Bybit. The exploit was linked to the Lazarus Group, a notorious cybercriminal outfit. Ben Zhao, Bybit’s chief executive, revealed in March that $100 million worth of the stolen ETH was moved through OKX’s web3 proxy. OKX responded by detecting a coordinated effort by the Lazarus Group to misuse its decentralized finance (DeFi) services and temporarily suspending its DEX aggregator services after consulting with regulators.