- The law enters into force on March 25, 2021.
- It sets new AML requirements on virtual asset service providers including real-name verification, customer due diligence, reporting requirements, travel rule, etc.
- Concerned entities are granted a 6-month grace period to fully comply by September 24, 2021.
On March 5, 2020, the National Assembly of the Republic of Korea ratified the amendment to the “Act on Reporting and Using Specified Financial Transaction Information”1. The law sets anti-money laundering (AML) standards in line with the Financial Action Task Force (FATF) recommendations. The reporting authority is the Korean Financial Intelligence Unit (KoFIU).
The law defines a virtual asset (VA) as an electronic certificate that can be traded or transferred electronically as having economic value.
The scope of the law is extended to cover virtual asset service providers (VASPs) activities which are now considered financial institutions. VASPs that conduct the following activities are concerned by the law:
- “purchase and sales of virtual assets;
- exchanges between virtual assets;
- transfer of virtual assets;
- safekeeping and administration of virtual assets;
- intermediation or brokerages of virtual asset transactions; exchange of virtual assets; and
- other activities specified by the enforcement decree”2
However the following activities are excluded from the scope of the law: “digital tokens that cannot be exchangeable for fiat currencies, commodities and services and whose purpose of use is limited by the issuer; prepaid electronic payment methods or e-money; electronically registered stocks; electronic notes; electronic B/L; and others specified by the enforcement decree given the formats and features of transactions.“
Real-name verification requirements
VASPs must now implement real-name verification partnerships with a government-approved Korean bank. With this verification procedure, a verified user is assigned a bank account. This will allow fiat currency withdrawals and deposits to be tracked and prevent money laundering (ML). Until now VASPs were advised to have such a partnership but only the largest VASPs applied the recommendation.
VASPs must also get an information security management system (ISMS) certification from the Korea Internet Security Agency (KISA); this certification is required to put in place real-name verification.
Customer due diligence requirements
Under the law, customer identity verification is also required by VASPs for:
- New customers or customers conducting one-time financial transactions;
- Customers suspected to be engaging in ML by checking the purpose of the transaction or the source of funds
VA businesses have new reporting requirements to fulfill. They should file reports in the following cases:
- Suspicion the received property is illegal
- Suspicion the counterparty of financial transaction is engaged in ML
Furthermore, the new act also requires VASPs to apply the Financial Task Action Force’s (FATF) “travel rule”; the originating VASP must provide information about the transfer to the beneficiary. Transactions of more than 1 million Korean Won are subject to this rule.
On March 10, 2021, the SFC released a proposition3 aimed at strengthening the penalty regime for VASPs that fail to meet due diligence requirements. The proposition is available for public notice from March 11 to April 10, 2021.
The law enters into force today, March 25, 2021, and grants a 6-month grace period for companies to comply with the new requirements. All the concerned companies must be fully compliant by September 24, 2021. Failure to do so could result in an imprisonment sentence or fines of up to 50 million Korean won (around $44,000).
Besides, a new tax code including cryptocurrencies earnings was also expected to come into force in South Korea in October 2021 but was delayed to January 2022 instead.
Today, governments tend to regulate virtual assets and more and more countries are transposing the FATF’s recommendations into national laws. You are a VASP and you need to comply with AML/CTF regulations? Discover how Scorechain solution can help. Contact us for a free demo: email@example.com
Scorechain is a Risk-AML software provider for cryptocurrencies and digital assets. As a European leader in crypto compliance since 2015, the Luxembourgish company serves worldwide customers in 33 different countries with more than 150 licenses established, ranging from cryptocurrency businesses to financial institutions with crypto trading, custody branch, digital assets customers onboarding, audit and law firms and some LEAs.
Scorechain solution supports Bitcoin analytics with Lightning Network, Ethereum analytics with all ERC20 tokens and stablecoins, Litecoin, Bitcoin Cash, Dash, XRP Ledger and Tezos. The software can de-anonymize the Blockchain data and connect with sanction lists to provide a risk scoring on digital assets transactions, addresses and entities. The risk assessment methodology applied by Scorechain has been verified and can be fully customizable to fit all jurisdictions. 300+ risk-AML scenarios are provided to its customers with a wide range of risk indicators so businesses under the scope of the crypto regulation can report suspicious activity to authorities with enhanced due diligence.