In South Korea, the Financial Services Commission (FSC) serves as the primary regulatory authority, overseeing the sector and ensuring compliance with anti-money laundering (AML) and combating the financing of terrorism (CFT) obligations.
In this article, we will delve into the specifics behind the regulations, starting with the background of the FATF Travel Rule in South Korea.
In 2021, South Korea’s Financial Services Commission revised its AML-related law to align with the guidance of the international financial watchdog, the Financial Action Task Force (FATF). With the amendments to the Act on Reporting and Using Specified Financial Transaction Information Requirements of VASPs, the Crypto Travel Rule went into effect in South Korea in March 2022.
Next year, in June 2023, the FSC passed a new law aimed at enhancing transaction transparency, market discipline, and protection for cryptocurrency users. Under this law, the regulator has been granted the authority to supervise and inspect VASPs as well as to impose penalties. This legislative move targets the regulation of unfair trade practices and the protection of assets.
Under the country’s mandated AML law, both domestic and foreign VASPs are required to register with the Korea Financial Intelligence Unit (KoFIU) before commencing business operations.
To register, VASPs must obtain an Information Security Management Systems (ISMS) certification from the Korea Internet and Security Agency (KISA).
Further amendments to the AML-related law mandate the implementation of the Crypto Travel Rule for international virtual asset transfers over 1 million won (approximately $740 or €687). Any transfers above this threshold are limited to wallets verified by users and must be flagged by exchanges. Additionally, VASPs are required to verify customers' identities and report any suspicious actions to the authorities.
To register with the Korea Financial Intelligence Unit (KoFIU) and report their business activity, VASPs have to submit their registered company name, their representative's details, the location of the business contact information, and bank account details. Moreover, VASPs must adhere to all measures prescribed by the Presidential Decree.
VASPs must also comply with AML regulations, which include the collection and sharing of information regarding customers’ virtual asset transfers exceeding KRW 1 million:
- Name of the originator and beneficiary
- Wallet address of originator and beneficiary
Should the beneficiary VASP or authorities request further information, the following must be provided within three working days of the request:
- Originator's customer identification number, personal document identity number, or foreigner registration number In addition to Crypto Travel Rule compliance, AML regulations require VASPs to appoint a money laundering reporting officer (MLRO) and develop and implement comprehensive internal AML policies and procedures.
These procedures necessitate conducting a company-wide risk assessment and performing Customer Due Diligence (CDD), along with Simplified Due Diligence and Enhanced Due Diligence, depending on the specific situation.
Moreover, AML obligations involve rigorous transaction monitoring, sanctions screening, record keeping, and reporting suspicious activity and transactions.
When it comes to crypto exchanges, they are defined as business entities that engage in the purchase, sale, transfer, exchange, storage, or management of crypto, as well as the intermediation or brokerage of virtual asset transactions. Thus, South Korean VASPs cover exchanges, custodians, brokerages, and digital wallet service providers, and they all must comply with the Crypto Travel Rules.
According to South Korea’s Crypto Travel Rule, transactions among individuals are regulated, and there are no rules regarding moving funds to and from self-hosted or non-custodial wallets. Local exchanges, however, have introduced varying rules for users when transacting with foreign exchanges, leading to confusion among users.
As per the new 2023 regulations that have yet to go into effect, VASPs are required to create real-name accounts with financial institutions and separate their customers' deposits from their own to provide better user and asset protection. They are further required to have an insurance plan or reserves, maintain crypto records for fifteen years, keep records for five years, and be assessed for AML compliance with a financial institution.
According to FATF’s latest report, less than 30% of surveyed jurisdictions worldwide have started regulating the cryptocurrency industry.
Of 58 jurisdictions, 33% (19), which includes the likes of Australia, China, Russian Federation, Saudi Arabia, South Africa, Ukraine, and Vietnam, have not yet passed or enacted the Travel Rule for VASPs. In contrast, jurisdictions such as Argentina, Brazil, Colombia, Malta, Mexico, Norway, New Zealand, Türkiye, Thailand, and Seychelles are currently making progress in this area.The report emphasizes the need for jurisdictions to license VASPs, scrutinize their products, technology, and business practices, and improve oversight to mitigate the risks of money laundering and terrorist financing risks.
While not mandatory, jurisdictions that do not abide by the FATF recommendations may have to face consequences, including being placed on the FATF's watchlist, which can result in a significant drop in their credibility ratings.
Notably, South Korea, along with a select group of countries like the US, Canada, Singapore, and the UK, has successfully implemented the FATF Travel Rule. This includes mandating compliance for all transactions exceeding the threshold of million Korean won, which is pretty much in line with the watchdog’s US$1,000 threshold.
South Korea has actively embraced blockchain and cryptocurrencies, responding to the growing popularity of virtual assets. To ensure the market operates safely and securely, the country’s regulators have implemented a series of laws and regulations, including the stringent AML requirements.
Q1: What is the minimum threshold for the Crypto Travel Rule in South Korea?
South Korea has set a 1 million won minimum threshold for the Crypto Travel Rule.
Q2: Who needs to register with KoFIU in South Korea?
Virtual Asset Service Providers (VASPs) must register with the Korea Financial Intelligence Unit (KoFIU) to legally operate in the country.
Q3: How does South Korea enforce crypto transaction transparency and asset protection?
South Korea enforces crypto transaction transparency and asset protection through a combination of the Crypto Travel Rule, AML compliance requirements for VASPs, and laws targeting the regulation of unfair trade practices and the protection of assets.
___________________________________
Veriscope, the compliance infrastructure on Shyft Network, empowers Virtual Asset Service Providers (VASPs) with the only frictionless solution for complying with the FATF Travel Rule. Enhanced by User Signing, it enables VASPs to directly request cryptographic proof from users’ non-custodial wallets, streamlining the compliance process.
For more information, visit our website and contact our team for a discussion.To keep up-to-date on all things crypto regulations, sign up for our newsletter, and follow us on X (Formerly Twitter), LinkedIn, Telegram, and Medium.
