Key Takeaways
- According to the FIAU, the exchange’s internal systems and controls were not adequately designed to identify or mitigate risks related to money laundering
- The agency also noted lapses in transaction monitoring and external reporting mechanisms, calling these failures “systematic” rather than isolated oversights
Leading crypto exchange OKX has been fined €1.1 million ($1.2 million) by Malta’s Financial Intelligence Analysis Unit (FIAU) for serious anti-money laundering (AML) compliance failures identified during a 2023 regulatory inspection. The penalty, disclosed by the FIAU this week, comes after the agency carried out an unannounced on-site examination of OKCoin Europe, OKX’s Malta-based entity, revealing shortcomings across multiple areas of its operations.
According to the FIAU, the exchange’s internal systems and controls were not adequately designed to identify or mitigate risks related to money laundering and the financing of terrorism. The agency found that OKX’s business risk assessment failed to properly account for vulnerabilities tied to the use of privacy coins, stablecoins, decentralized exchange tokens, and crypto mixers
Further scrutiny of client files showed that nearly half lacked proper risk assessments, pointing to broader problems in customer due diligence. The agency also noted lapses in transaction monitoring and external reporting mechanisms, calling these failures “systematic” rather than isolated oversights. “Despite the company’s strategy adopted to only service European-based customers, it was essential to also consider the potential exposure emanating from other jurisdictions,” the FIAU said in its notice.
The agency acknowledged that OKX has since taken steps to address the issues flagged during the inspection. In its response, OKX stated that over the past two years, it has made substantial investments in compliance infrastructure, including technology upgrades and enhanced monitoring capabilities. “Regulatory compliance is a top priority for OKX, and we remain committed to meeting and exceeding global regulatory standards,” the exchange said.
The FIAU confirmed that OKX had voluntarily implemented a series of remedial actions and noted “significant improvements” in its compliance framework since the 2023 audit. However, the agency maintained that the extent of the earlier failures warranted enforcement action, regardless of later progress.
This development adds to a string of regulatory challenges faced by the exchange in recent months. OKX’s parent company, based in Seychelles, agreed to pay over $500 million in February to resolve allegations in the United States relating to the firm’s unregistered operations as a money transmitter. Separately, Thailand’s Securities and Exchange Commission lodged a criminal complaint against the company for operating without the necessary local license.
Questions have also been raised about OKX’s role in facilitating illicit transactions following a major hack in February 2025. The CEO of rival exchange Bybit alleged that attackers used OKX’s infrastructure to launder approximately $100 million in stolen cryptocurrency. While media reports suggested that EU regulators were examining the matter, OKX has firmly denied any investigation is underway and has dismissed Bybit’s allegations as “misinformation.”
In response to regulatory concerns, the company recently paused its decentralized exchange aggregator, a product that had drawn attention in the wake of the Bybit incident. It has not been disclosed whether this suspension is permanent.
