Malta Regulator Fines OKX $1.2M for Past AML Compliance Failures

TLDR

• Malta’s Financial Intelligence Analysis Unit (FIAU) fined OKX’s European arm $1.2 million for AML violations
• Issues included inadequate risk assessment for cryptocurrency mixers, privacy coins, and other high-risk activities
• OKX received a MiCA license in January 2025 despite past compliance issues
• The exchange has reportedly improved its AML policies over the past 18 months
• OKX faces separate allegations regarding potential involvement in laundering funds from a Bybit hack

Malta’s financial regulator has imposed a significant fine on cryptocurrency exchange OKX for failing to comply with anti-money laundering regulations. The Financial Intelligence Analysis Unit (FIAU) of Malta announced on April 3 that it had fined Okcoin Europe, OKX’s European subsidiary, 1.1 million euros ($1.2 million) after finding multiple AML failures during a 2023 compliance examination.

The penalty comes despite OKX being among the first crypto exchanges to receive a license under Europe’s new Markets in Crypto-Assets (MiCA) regulation through its Malta hub in January 2025. This development shows that receiving a MiCA license does not protect companies from accountability for past compliance failures.

Compliance Failures Identified

According to the FIAU, OKX attempted to identify threats and vulnerabilities by creating a business risk assessment (BRA). However, regulators found multiple deficiencies in the BRA’s methodology, making OKX unable to properly assess the money laundering risks it faced.

These risks included potential threats from cryptocurrency mixers or tumblers, privacy coins, stablecoins, and tokens on decentralized exchanges. The FIAU stated that these failures prevented OKX from taking necessary measures to manage these risks.

The FIAU also raised concerns about OKX’s exposure to other jurisdictions despite its pledge to only serve European customers. The regulator emphasized the need to consider potential money laundering risks from the sources of customer funding, not just the location of customers.

In one case, the FIAU identified a customer whose large unusual bank deposits exceeded their reported expected operations. The regulator also found that OKX had neglected to evaluate more than $20 million worth of financial transactions.

Recent Improvements Acknowledged

The FIAU acknowledged that OKX has made progress in improving its AML policies over the past 18 months. However, the regulator stated it “could not ignore” the company’s compliance failures from 2023, “some of which were deemed to be serious and systematic.”

An OKX spokesperson did not respond to requests to comment on whether the exchange admitted to past wrongdoing. The spokesperson stated, “With this chapter behind us, OKX remains focused on the future — continuing to build a secure, transparent, and compliant platform for our users worldwide.”

The Bloomberg article is misleading. Like all other major crypto exchanges, OKX provides a self-custody wallet service/swap feature that serves as an aggregator to create efficiency for the users. When Bybit got hacked, we reacted in two ways. (1) We froze associated funds moving… https://t.co/HUUmA8W2eq

— OKX (@okx) March 11, 2025

Additional Regulatory Challenges

The fine from Malta comes amid other regulatory challenges for OKX. In March, Bloomberg reported that European Union regulators were investigating OKX over its potential role in facilitating the laundering of $100 million in funds from a Bybit hack.

Bybit CEO Ben Zhou previously claimed that OKX’s Web3 proxy allowed hackers to launder roughly $100 million (40,233 Ether) from a $1.5 billion hack that occurred in February 2025. OKX denied these claims, stating that “Bybit’s statements are spreading misinformation” and that there were no ongoing investigations by EU authorities.

In a separate development, OKX reportedly hired former New York Governor Andrew Cuomo to advise it over a federal criminal investigation that led to a $505 million penalty payment in the US.

Additionally, in January 2024, OKCoin Europe reached a settlement with the Malta Financial Services Authority (MFSA), resulting in a separate fine of €304,000. As part of this settlement, the company agreed to appoint an independent third-party service provider to evaluate its governance and compliance arrangements.

The recent actions by Malta’s FIAU highlight the increasing regulatory pressures that cryptocurrency exchanges face in Europe. They underscore the importance of maintaining comprehensive AML processes to prevent financial crime as the industry matures.