👋 Welcome back to CryptoCubed! In this CryptoCubed January 2026 Newsletter: Bithumb Fine and OECD’s CARF edition, we see regulators’ efforts to tear down the wild crypto scene. From Anti-Money Laundering (AML) to Customer Due Diligence (CDD) lapses, we explore the massive mistakes made by leading firms, such as Bithumb, Saxo Bank, and Cetera.
Additionally, we also cover massive regulatory shifts, including the UK’s enforcement of the latest OECD crypto framework, and a note from our Chief Product Officer (CPO), Harry V., on how crypto companies can stay ahead of these merciless enforcement penalties.
Cetera Hit With $1.1M Fine After Monitoring Gaps Exposed
USA, January 16, 2026 🇺🇸 — Cetera has been fined $1.1 million by the Financial Industry Regulatory Authority (FINRA) for gaps in its AML systems. Based in the US, Cetera is a financial services provider with the largest number of registered investment advisers and broker-dealers.
FINRA found that Cetera’s three subsidiaries (Cetera Advisors, Cetera Wealth Services, and Cetera Investment Services) had lapses in complying with the US Bank Secrecy Act. In 2019, the firm failed to report suspicious transactions involving “low-price securities,” even though the situation warranted it. This enabled Cetera users to sell 800 million shares of penny stocks.
Despite remediation through daily reviews of reports, FINRA deemed the report inadequate as it did not include past audits, rendering it ineffective for monitoring suspicious activity. This oversight meant Cetera was unable to detect risky AML violations. In one example, three customers opened accounts, deposited 100M+ shares, and liquidated them, with proceeds totaling $375,000.
For more on this story, click here.
South Korea’s Rampant Crypto Hunt Targets Upbit, Korbit, and Bithumb
South Korea, January 21, 2026 🇰🇷 — Last year, South Korea’s Financial Intelligence Unit (FIU) launched a hunt for crypto firms that failed to comply with the country’s AML law. In its on-site AML inspections, the FIU uncovered thousands of AML violations at leading crypto exchanges in the country.
Last year, top crypto exchange Upbit was penalized up to $25 million. In January this year, Korbit, South Korea’s first cryptocurrency exchange, was hit with a $1.9 million fine. The FIU stated that Korbit committed over 22,000 violations. This includes over 12,800 cases in which staff accepted blurry ID documents or sign-ups without a residential address.
Furthermore, Korbit failed to perform full KYC checks on its customers and enabled transfers with overseas crypto providers that were not registered under South Korean law. A spokesperson for Korbit said, “We respectfully and humbly accept the Financial Intelligence Unit’s decision to impose a fine.”
Now, regulators are setting their sights on Bithumb, the second-largest crypto exchange in the country by trading volume. Predictions indicate a similar penalty amount of over $25 million, like Upbit, due to market share size and systematic customer due diligence failures.
For more information, click here.
Saxo Bank’s AML Breaches Lead to Monumental $50M Fine
Denmark, January 23, 2026 🇩🇰 — Saxo Bank was fined $46,100,000 by the Danish Financial Supervisory Authority for systematic AML deficiencies found between 2021 and 2023. The company failed to implement sufficient CDD and ongoing monitoring in line with Danish Money Laundering Laws.
Namely, the firm had not gathered information on the purpose and nature of its customer relationships, including those with white-label partners who used the platform for their end clients. Despite no actual money laundering, Danish regulators emphasized structural control weakness in complex third-party models, which threatens risk assessment frameworks.
Earlier this month, the Securities and Futures Commission (SFC) penalized the Hong Kong unit of Saxo Bank HK$4 million (nearly US$514,000) for listing unauthorized virtual asset products on its platform. These sweeping fines signal regulators’ growing efforts to tighten oversight within the crypto sector.
For more on this, click here.
OECD’s CARF Aims to Combat Tax Evasion in Crypto Companies
United Kingdom, January 1, 2026 🇬🇧 — Developed by the Organisation for Economic Co-operation and Development (OECD), the CARF is a new framework designed to increase global tax transparency. This month, new rules, including requirements to report and collect detailed information on customers of Crypto-Asset Service Providers (CASPs), take effect in the UK, with many jurisdictions following suit.
UK CASPs must declare information collected to HM Revenue and Customs (HMRC). In practice, any user information is exchanged with other tax jurisdictions that have also implemented the CARF. Over 67 jurisdictions, including Singapore, will commit to full CARF implementation by 27/28 with data collection beginning this year.
Unlike the Common Reporting Standard (CRS), the CARF commits to transaction granularity and standardized global due diligence. For CASPs, this means additional reporting requirements for individual crypto transactions, including type, volume, dates, and market value.
Find more on this story here.
Top 5 AML Crypto Fines from 2025 — Lessons with Harry V., AML Specialist and ComplyCube’s CPO
Global, 2025 🌍 — Last year, total AML fines in the crypto sector skyrocketed above 1 billion, with multi-million dollar fines faced by OKX ($505M), KuCoin ($300M), Cryptomus ($127M), and BitMEX ($100M). AML Specialist Harry V., breaks down the biggest red flags in the top 5 AML crypto cases in 2025, including weak governance and gaps in ongoing monitoring:
Weak Governance
“Across the board, governance failed terribly. The lack of senior oversight left teams blind,” mentioned Harry. Strong governance is the foundation for robust AML and KYC frameworks. Businesses are encouraged to appoint senior executives, train staff regularly, and maintain clear documentation of internal procedures.
Inadequate Ongoing Monitoring
Real-time monitoring is a non-negotiable for crypto firms. Harry states, “OKX and KuCoin were crushed by ongoing monitoring gaps.” Companies must deploy a dynamic Risk-Based Approach scoring into monitoring and run alert recalibration after Suspicious Activity Reporting (SAR) to remove blind spots.
Late and Incomplete Reports
To provide a strong regulatory report, crypto firms must invest in robust case management with clear audit trails to track compliance activities. “BitMEX had ignored its SAR accountability,” Harry said. He adds, “SARs must be standardized to local jurisdictions, turning reactive filings into proactive shields.”
Lax Due Diligence
“There is higher scrutiny on implementing due diligence on partnerships, not just end customers,” noted Harry. Full verification, including Enhanced Due Diligence for high-risk scenarios, must cover all business relationships. Utilize a risk scoring engine and real-time dashboards to prevent penalty flare-ups.
Learn more about the top 5 AML Crypto Fines here.
Time for Some Light-Hearted Creative Criticism?
So you’ve made it to the end of our newsletter. It’s time to enjoy a little satire, worthy reader, you’ve earned it.
🔥THE CRYPTO CUBED POEM: JANUARY🔥
Welcome back to CryptoCubed, our January newsletter lights the stage anew,
Where regulators rise, intent on cutting chaos all the way through.
From AML alarms to CDD found weak,
The cracks in crypto giants Bithumb, Saxo, and Cetera speak.
The UK now moves beneath the OECD’s command,
Enforcing clarity where grey once ruled the land.
And ComplyCube writes, as a guiding flame,
To help firms stand tall in this unforgiving game.
Stay tuned for our Feb newsletter, and have a great month!
