The amendment to the Act on Reporting and Using Specified Financial Transaction Information (hereinafter, the “Specified Financial Information Act”), which defines cryptocurrency as a “virtual asset” and focuses on a reporting system for cryptocurrency exchanges, was ratified in the National Assembly’s plenary session on March 5, 2020.

This amendment to the Specified Financial Information Act primarily creates an obligation for “virtual assets service providers,” including cryptocurrency exchanges, to report to Korea’s Financial Intelligence Unit (“FIU”) and adds anti-money laundering obligations with regard to virtual assets services.

Under this amendment, cryptocurrency exchanges now have a legal basis for their operations, provided that they report to the FIU. The amendment thus removes some of the legal uncertainty that existed due to the fact that such exchanges have been operating in a legal blind spot prior to the amendment. As the amendment applies not only to cryptocurrency exchanges but also to transactions relating to virtual assets in general, any person looking to pursue businesses relating to virtual assets should also take note.

The amendment to the Specified Financial Information Act is expected to enter into force 1 year after its promulgation. Existing cryptocurrency exchanges must carry out their reporting obligation within 6 months of the amended statute’s effective date.

Please refer to the following for the main points of the amendment to the Specified Financial Information Act.

1. Definition of Virtual Assets and Virtual Assets Service Provider

The amended act defines “virtual assets” as “electronic certificates of economic value (with the exception of electronic currency, etc. as defined under the Electronic Financial Transactions Act) that can be traded or transferred electronically.” Additionally, a “virtual assets service provider” (“VASP”) is defined as a person who conducts the business of i) trading virtual assets or exchanging them for other virtual assets, ii) brokering, intermediating or acting as an agent with regard to such transactions, or iii) storing or managing virtual assets. Accordingly, not only are those who trade virtual assets through fiat currency considered VASPs, but cryptocurrency exchanges that exchange virtual assets or transact in them in various other forms are also viewed as VASPs.

2. ISMS authentication and verifiable name account required for VASP reporting obligations

A VASP must report to Korea’s FIU. The following describes the important specifics of this reporting obligation.

▣ If a VASP fails to obtain an information security management system (“ISMS”) certification under the Act on Promotion of Information and Communications Network Utilization and Information Protection, its report may be rejected. While some existing cryptocurrency exchanges are operating after having obtained the ISMS certification voluntarily, making the ISMS certification mandatory through the amended statute will further strengthen the protection of data by cryptocurrency exchanges.

▣ Additionally, if a VASP does not use a real-name verifiable account (“Real-name Account”), the report may be rejected. However, the criteria and conditions for opening the Real-name Accounts will be determined in a future amendment of the Specified Financial Information Act’s enforcement decree. Considering that many of the domestic cryptocurrency exchanges have been unable to receive real-name checking and withdrawal account services from financial institutions, we expect this to become an area of high interest for cryptocurrency exchanges.

3. Obligation of Financial Institutions to Confirm

If a financial institution’s client is a VASP, in addition to confirmation of compliance with the VASP’s reporting requirements, the financial institution must also confirm whether the client manages its customer deposits and its own property separately in segregated accounts and whether the client obtained an ISMS certification. In addition, if a VASP breaches its reporting obligations or otherwise violates the amended Specified Financial Information Act, the financial institution must reject any new transactions with such VASP, or in the case of an already established transactional relationship, terminate such transactions.

4.Segregation and Storage of Transaction Information per Customer to Prevent Illegal Transactions such as Money Laundering

A VASP must take measures such as segregating the transaction details for each customer in order to comply with its obligation to report suspected illegal property transactions and large cash transactions. Detailed measures will be prepared as part of the amendment to the enforcement decree.

Through its continual work on various matters relating to the Specific Financial Information Act in addition to its in-depth research and work on virtual asset matters, Lee & Ko has developed a professional level of understanding and know-how to handle issues regarding the Specific Financial Information Act. If you have any questions about the amendment to the Specific Financial Information Act or need assistance from a legal expert, please do not hesitate to contact the attorneys listed to the right.


If you have any questions regarding this article, please contact below:

Jongsoo (Jay) YOON (

Hyun Koo KANG (

You Chull JUNG (

For more information, please visit our website:

More from Lee & Ko