Skip Navigation

Proposed AML Requirements for Cryptocurrency Exchanges and Virtual Asset Service Providers


On November 21, 2019, a subcommittee of the National Assembly’s National Policy Committee passed a resolution on the Proposed Partial Amendment to the Act on Reporting and Using Specified Financial Transaction Information (the “Proposed Partial Amendment”).  The major changes included in the Proposed Partial Amendment are anti-money laundering (“AML”) requirements for cryptocurrency exchanges and other virtual asset service providers.  The National Policy Committee itself subsequently passed the Proposed Partial Amendment on November 25, 2019.  The Legislation and Judiciary Committee will review the Proposed Partial Amendment for its structure and wording and send it to the plenary session of the National Assembly for resolution.  If the political parties come to an agreement relatively quickly at the Legislation and Judiciary Committee, the National Assembly may possibly pass the Proposed Partial Amendment on November 29, 2019, but we would need to continuously monitor the plenary session of the National Assembly.  If the National Assembly passes the Proposed Partial Amendment at the plenary session, it will then be transferred to the Executive Branch within two weeks, and the Executive Branch will promulgate the Proposed Partial Amendment within 15 days after the transfer date unless the Executive Branch raises any objections.  The details of the Proposed Partial Amendment are provided below.1 

  • Reporting Requirements for Virtual Asset Service Providers

Those professionally engaged in (i) sale and purchase of virtual assets; (ii) exchange of virtual assets2; (iii) mediation or arrangement of (i) and (ii); and (iv) storage or management of virtual assets (“Virtual Asset Service Providers”) must report the company name, the representative’s name, the location of the business place, and contact information to the Commissioner of the Korea Financial Intelligence Unit (“FIU”) in advance and have the report accepted by the FIU3.  Failure to report will result in criminal punishment of imprisonment of up to five years or a fine of up to KRW 50 million (app. USD 43,000). 

Meanwhile, the FIU may refuse to accept reports from the following persons: 

A.    A person who has failed to be certified by the Information Security Management System (“ISMS”);
B.    A person who has not engaged in financial transactions using a verified real name deposit4 and withdrawal account5
C.    A person for whom five years have not elapsed since being sentenced to punishment of not less severe than a fine and the completion or expiration of the term of said sentence pursuant to the Act on Reporting and Using Specified Financial Transaction Information, the Act on Prohibition against the Financing of Terrorism and Proliferation of Weapons of Mass Destruction, and other finance laws and regulations set forth by the presidential decree (including representatives and executives); and 
D.    A person for whom five years have not elapsed since the report was cancelled ex officio for failing to meet the requirements specified in A, B, and C above. 

In addition, the FIU may cancel reports that have been accepted ex officio when there are grounds for non-acceptance above.6 

  • AML Requirements for “Virtual Asset Service Providers”

As with other financial institutions, “Virtual Asset Service Providers” will be subject to various AML requirements, including suspicious transaction report (“STR”), currency transaction report (“CTR”), and customer due diligence (“CDD”), and will be required to set up an internal control system to fulfill such requirements in good faith and to separately manage transaction details by customer. 

  • Expanded CDD on Financial Companies

In addition to the existing CDD items, a financial company must ensure that a Virtual Asset Service Provider has satisfied requirements for acceptance of report and the requirement to separately manage deposits from customers and its own property, among others.  Furthermore, a financial company must refuse or terminate transactions with the Virtual Asset Service Provider if it does not have a valid report, an ISMS certification, a real name deposit and withdrawal account, or is otherwise unqualified.   

The Proposed Partial Amendment is significant in that it would bring the domestic cryptocurrency market, which has not been regulated, into the regulatory framework and promote sound market order.  However, as the Proposed Partial Amendment subjects cryptocurrency service providers to the full AML requirements, the service providers would have to be prepared to implement an AML system as required by the Proposed Partial Amendment while, at the same time, strengthening efforts to monitor progress in the subsequent amendment of the laws and the presidential decrees (including terms of opening real name account). 


1 The Financial Action Task Force (“FATF”) and other global organizations established international standards for AML and combating the financing of terrorism (“CFT”) and require their member states to comply with such standards.  Following a plenary meeting held in February 2018 where the FATF discussed the risk of money laundering and financing of terrorism using virtual assets and countermeasures, in October 2018, the FATF resolved on the FATF Recommendation containing AML and CFT requirements for Virtual Asset Service Providers.  The FATF presented the Interpretive Note with details in June 2019 and plans to monitor the implementation status of member states around June 2020. 
2 Virtual asset is a digital representation of value that can be digitally traded or transferred.
3 The maximum period of effectiveness of the report after acceptance is five years. 
4  A Virtual Asset Service Provider’s account whereby a Virtual Asset Service Provider’s account and its customer’s account are opened in the same financial institution and transactions between the Virtual Asset Service Provider and its customer are permitted solely between the two accounts. 
5 The Proposed Partial Amendment mandates the presidential decree to set forth eligibility for verified real name deposit and withdrawal accounts.  It is our understanding that the position of the financial authority regarding this matter is to amend the presidential decree to require banks to provide relevant services to all Virtual Asset Service Providers meeting certain requirements. 
6 However, the Proposed Partial Amendment mandates the presidential decree to grant a grace period when grounds for non-acceptance have been caused by the expiration of the period of certification by an ISMS.