South Korea’s crypto regulation is now expanding to foreign businesses

Published at: Aug. 13, 2021

Due to their anonymity or pseudonymity, digital assets are perceived as entailing the risks of money laundering and financing terrorism. In October 2018, the Financial Action Task Force (FATF) adopted changes to its recommendations on financial activities involving digital assets, adding the definitions “virtual asset” (VA) and “virtual asset service provider” (VASP). 

Since then, the FATF has adopted a risk-based approach to VA activities or operations and VASPs. This new approach includes the supervision of VASPs to ensure compliance in the areas of licensing and registration and preventive measures such as customer due diligence, transaction reporting and record-keeping. It also includes monitoring VASPs to combat money laundering and the financing of terrorism. Doing so enhances the effectiveness of sanctions and other enforcement measures, as well as international cooperation. VASPs, therefore, have the same full set of obligations as financial institutions.

Related: FATF draft guidance targets DeFi with compliance

VASP regulation in South Korea

In line with the guidance issued by the FATF recommending a risk-based approach toward the regulation of virtual assets and VASPs, Korea’s Anti-Money Laundering-related law, the Act on Reporting and Using Specified Financial Transaction Information, was recently amended and went into effect on March 25, 2021. Under the amended act, VASPs are required to register their business with the Korea Financial Intelligence Unit (KoFIU) prior to the commencement of their business operations, and existing businesses that qualify as VASPs are required to complete such registration within six months — i.e., by Sept. 24, 2021.

Also, upon registration, VASPs will be subject to various AML obligations, such as verifying the identity of their customers and filing reports on suspicious transactions. The financial authorities will conduct inspections of VASPs and supervise their compliance with AML obligations from the time of their business registration.

Related: South Korea faces strict crypto regulation and fears of centralization

Under the act, VASPs are defined as virtual asset trading service providers, virtual asset safekeeping and administration service providers and virtual asset digital wallet service providers that are engaged in the purchase/sale, exchange or transfer, or safekeeping/administration of virtual assets, or intermediation and brokerage of some virtual asset transactions.

Korea Financial Intelligence Unit

The amended act also provides that any offshore activity outside South Korea that has domestic effects or consequences shall be subject to the act. Accordingly, the KoFIU has sent out notices to 27 offshore VASPs with business operations “targeting users in Korea” regarding their obligation to register with the KoFIU by Sept. 24. Whether the business operations of non-Korean VASPs are regarded as “targeting users in Korea” is likely to be a fact-specific determination based on factors such as whether they provide Korean-language translation service on their platforms, whether they perform advertising and marketing activities targeting Koreans, and whether they provide transactions and payment services in the Korean won.

What is notable is that offshore VASPs that have not received any notice from the KoFIU but have business operations targeting users in Korea are also required to register with the KoFIU or otherwise suspend their business operations targeting users in Korea starting Sept. 25.

If the offshore VASPs that are subject to the registration requirement fail to register with the KoFIU, their operation will be regarded as illegal business activities effective Sept. 25. The KoFIU announced that it would take action, such as blocking access to such VASPs’ websites, and those VASPs shall cease their business operations targeting users in Korea effective Sept. 25.

If they continue to operate their business without registering, exchange operators will be subject to up to five years of imprisonment or a maximum fine of approximately $43,500, as prescribed by the act. The KoFIU stated that they would also file charges with investigative authorities, including prosecutors and the police, against unregistered offshore VASPs and actively seek other ways, such as close cooperation with non-domestic financial intelligence units and international judicial mutual assistance, in criminal matters.

Related: South Koreans flock to crypto amid a heavy-handed regulation approach

In this case, there is a possibility that users will incur damages by using services provided by unregistered VASPs because they may not be able to withdraw their funds or virtual assets. Hence, users are advised to check the business registration status of the relevant VASPs (that target users in Korea), request information about their resident registration numbers and take proactive actions, such as withdrawal of their funds or virtual assets, if necessary, to prevent any possible damages.

What foreign VASPs should consider

Then, what requirements should VASPs meet when they register with the KoFIU? Among other requirements, they need to obtain an Information Security Management Systems (ISMS) certification from the Korea Internet and Security Agency (KISA), and they should also use real-name accounts opened at a bank for money remittance between the VASPs and their users unless the VASPs do not receive money from their users and there’s no exchange of money for virtual assets. As of July 22, the Financial Services Commission — the financial authority in Korea — has confirmed that no offshore VASPs have, as yet, obtained an ISMS certification.

Separately, the FSC announced on July 28 the result of comprehensive inspections conducted on the legitimacy of deposit accounts held by VASPs. As of the end of June, it was found that 79 VASPs had 94 deposit accounts, 14 of which were found to be linked to fraudulent or fictitious account activities. Financial institutions are expected to suspend the accounts linked to fraudulent or fictitious activities.

Making use of the suspicious transaction reports, the KoFIU will relay any cases connected to money laundering or other illicit activities to the appropriate law enforcement agencies. The FSC also said that financial authorities will continue to closely monitor deposit accounts held by VASPs until the registration deadline of Sept. 24.

Related: South Korea’s small crypto exchanges face increasing regulatory heat

Offshore VASPs should consider whether they fall within the scope of the offshore VASPs subject to the registration requirement under the amended act (i.e., whether they may be deemed to be targeting users in Korea) by checking their current marketing and distribution channels, settlement currencies and translation service, etc. Also, offshore VASPs that intend to actively market their service to users in Korea after Sept. 24 should, among other things, consider their business structure and check the requirements for registration with the KoFIU.

This article does not contain investment advice or recommendations. Every investment and trading move involves risk, and readers should conduct their own research when making a decision. The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

Chloe Lee is a lawyer qualified to practice law in Korea. She is a partner at the Banking and Finance Group and Digital Finance Team of Lee & Ko, one of Korea’s premier law firms, with over 780 professionals. Chloe graduated from Seoul National University School of Law and earned an LL.M. in law and technology at UC Berkeley School of Law.
Tags
Regulation
Business
Bitcoin Regulation
Cryptocurrency Exchange
Cryptocurrencies
South Korea
Aml
Kyc
Counter Terrorism Financing
Fatf
Related Posts
DeFi regulation must not kill the values behind decentralization
Cryptocurrency brought us peer-to-peer payments that continue to elevate participation in the global economy for millions of people without access to traditional banking services. The rise of decentralized finance (DeFi) promises to further expand access to financial services, including savings, lending, derivatives, asset management and insurance products. This innovation, which empowers financial inclusion, should be allowed to flourish in a regulated environment where individuals and institutions are protected and suspicious activity is identified and reported. But how do you regulate these decentralized products without completely removing the core attributes of financial inclusion and decentralization? Know Your Customer (KYC) procedures are …
Technology / Aug. 22, 2021
France moves to ban anonymous crypto accounts to prevent money laundering
French financial authorities are strengthening the country’s cryptocurrency regulations in a move to prevent illicit activities like money laundering and terrorism financing. On Dec. 9, several ministries in France jointly introduced an order aiming to prevent anonymous digital asset transactions by banning anonymous crypto accounts. The new regulatory effort is backed by French finance minister Bruno Le Maire, overseas minister Sébastien Lecornu and junior economy minister Olivier Dussopt. The order is pursuant to Article 203 of France’s PACTE law, which stands for the Action Plan for Business Growth and Transformation. In the document, the ministries have admitted that digital assets …
Bitcoin / Dec. 10, 2020
Korean crypto exchange Bithumb toughens up its Anti-Money Laundering measures
South Korean cryptocurrency exchange Bithumb is toughening its approach to Anti-Money Laundering enforcement with a series of new measures that include trading restrictions, stronger Know Your Customer checks, and specialized blockchain intelligence solutions. The popular exchange, which has an estimated average of 1 million daily users and a daily transaction volume worth 5–7 billion ($4.4–6.2 million), had a troubled 2020 beset by police investigations over allegations of fraud. After a series of reported negotiations with various firms for a potential acquisition, major gaming conglomerate Nexon denied it was planning to acquire Bithumb earlier this year. The Korean Herald today cites …
Regulation / March 9, 2021
Binance Turkey fined 8M lira for non-compliance against money laundering
The Financial Crimes Investigation Board (MASAK), which serves as Turkey’s financial intelligence unit under the Ministry of Finance and Treasury, found crypto exchange Binance’s Turkey operations guilty of violating laws that intend to prevent the laundering of money acquired through criminal means. According to local news media Anadolu Agency, MASAK carried out an audit of Law No. 5549 on Prevention of Laundering Proceeds of Crime, also known as the AML Law. The AML Law in Turkey requires companies to identify and verify the personal identification information of the customers on the platform, which includes details such as surname, date of …
Bitcoin / Dec. 26, 2021
Coinone will stop withdrawals to unverified external wallets
South Korean crypto exchange Coinone has announced it plans to no longer allow withdrawals of tokens to unverified external wallets starting in January. In a Wednesday announcement, Coinone said users would have from Dec. 30 to Jan. 23 to register their external wallets at the exchange, after which time it would restrict withdrawals. The exchange specified that crypto users could only register their own wallets, and the verification process “may take some time” and could change in the future. According to Coinone, it planned to verify users’ names and resident registration numbers — issued to all residents of South Korea …
Business / Dec. 29, 2021