South Korea Crypto and Travel Rule Regulations—All You Need to Know in 2024

On June 30, 2023, the Financial Services Commission (FSC) of South Korea passed a new Act aimed to ensure crypto user protections, transaction transparency, and market discipline, which will be implemented in 2024. This is a key step in the government’s policy agenda to establish infrastructure and a regulatory framework for digital assets. 

 At the moment, Virtual Asset Service Providers (VASPs), have been regulated under the Act on Reporting and Using Specified Financial Transaction Information in South Korea since March 2021. However, existing law does nor cover regulation of unfair trade practices and protection of assets/users. Additionally, the FSC specified this Act does not allow authorities to more effectively supervise and sanction VASPs and assist victims with relief measures. The latest Act, passed in 2023, intends to fill these gaps. 

We at Sumsub have prepared this guide to help companies dealing in virtual assets in South Korea adjust to the new regulatory framework. 

Who is affected?

Virtual Asset Service Providers must comply with crypto regulations in South Korea. This includes entities providing the following: 

• Selling or buying virtual assets
• Exchanging virtual assets with other virtual assets
• Transferring of virtual assets for purchase, exchange, storage or management of virtual assets upon request
• Storing or managing virtual assets
• Acting as an intermediary, mediating, or acting on behalf of sellers and exchange providers
• Other acts prescribed by Presidential Decree as being highly likely to be used for money laundering and public intimidation financing in relation to virtual assets

Who is the regulator?

The Financial Services Commission (FSC) is the main regulatory body responsible for formulating policies. Under the 2023 Act, the FSC has the authority to supervise and inspect VASPs and impose penalties.

Another important institution is the Korea Financial Intelligence Unit (KoFIU), which was created under the Financial Transaction Reports Act. The KoFIU serves as an institutional link between financial institutions and law enforcement agencies. Its duties include receiving Suspicious Transaction Reports (STRs) from financial institutions, analyzing them, and sending them to the respective law enforcement agencies. 

VASPs doing business with Koreans must file a report with KoFIU in order to carry out legal activities in the country (i.e., register). 

What are the regulations?

The Act on Reporting and Using Specified Financial Transaction Information is the primary act regulating VASP activity, which includes VASPs within the scope of regulated entities that have to comply with tAML regulations. This means that all VASPs, including foreign ones, are required to report their business activity to the KoFIU prior to the commencement of their business operations. 

When it comes to reporting (registration), the following information should be submitted to the KoFIU:

• The name of the company and its representative
• Matters prescribed by Presidential Decree, such as the location of a place of business and contact information

The Commissioner of the KoFIU may not register a VASP for any of the following reasons:

• The entity fails to obtain certification from an information security management system (ISMS)
• The entity does not conduct financial transactions through a deposit and withdrawal account in which a real name can be verified
• A person opening the VASP company who has been prosecuted by a court under finance-related statues during the last five years 

VASPs shall take measures prescribed by Presidential Decree, such as managing each customer’s transaction details separately to comply with the duty to file a report. 

VASPs should also comply with AML requirements, which include the following:

• Appointing a money laundering reporting officer (MLRO)
• Development and implementation of internal AML policies and procedures
• Conducting wide company risk assessment
• Conducting Customer Due Diligence (including Simplified Due Diligence and Enhanced Due Diligence, where applicable)
• Conducting sanctions screening 
• Carrying out transaction monitoring
• Complying with the Travel Rule
• Keeping records
• Reporting suspicious activity and transactions.

Travel Rule

According to the Travel Rule, the following information should be sent from an originating VASP to the beneficiary VASP in relation to the originator and beneficiary of a transaction:

• Name 
• Wallet address

The originator VASP may also be asked to provide the following information if requested by the beneficiary VASP or the KoFIU:

• Customer’s resident registration number or passport number/foreigner registration number

This should be sent within three working days from the date of the request.

Suggested read: What is the FATF Travel Rule? The Ultimate Guide to Compliance (2023)

Suggested read: Travel Rule in South Korea

The future of cryptocurrency in South Korea

Now it’s time to talk about the new regulation that was introduced in South Korea in June 2023, which is expected to go into effect in one year. The Act mainly targets the three following areas:

• Protection of virtual assets
• Regulation of unfair trade practices in the virtual asset market
• Financial authorities’ authority to supervise and impose sanctions on the virtual asset market and business operators

When it comes to protection of virtual users, companies have to: 

• “Manage their customers’ virtual asset transaction deposits separately from their own assets
• Keep virtual assets owned by their customers separately from the virtual assets in their possession
• Actually hold the types and quantities of virtual assets entrusted by the users of virtual assets while maintaining a certain proportion of virtual assets (to be determined by a presidential decree) in cold wallet storage
• Have an insurance plan or set aside reserves to comply with the responsibility in the event of computer hacking or network crash
• Maintain records of virtual asset transactions for fifteen years to enable tracking and verification of transaction history”

Regarding the regulation of unfair trade, VASPs are prohibited from: 

• Improper use of undisclosed material information
• Manipulating market prices
• Fraudulent transaction activities (e.g., false reporting, internal omission)
• Making self-issued virtual asset transactions

VASPs also have to monitor abnormal activity (e.g., transaction volatility in prices and volumes). In case such activity is detected, companies have to immediately send a report to the financial and investigative authorities.

If unfair transaction activities are performed by VASPs, staff members are subject to minimum imprisonment of one year or a fine of at least 3-5 times the unfairly gained profits. All gains from such activities will be confiscated by government authorities. 

To conclude, it’s clear that South Korea is actively developing a more comprehensive legal framework for virtual asset service providers. These include not only the aforementioned changes, but a myriad of other regulations, such as theFSC plan to permit issuance and circulation of security tokens,

This material will be updated when new regulations go into effect.

FAQ

• Is crypto legal in South Korea?

  Yes, it is legal. Anyone in South Korea can own and use cryptocurrency. The government of South Korea ensures that virtual asset service providers make the transaction process safe through several guidelines and acts. Companies have to follow them and report all suspicious actions to government institutions in order to minimize the spread of criminal activity.

• Is crypto banned in South Korea?

  No, crypto is permitted and regulated by the South Korean government.