This country-specific Q&A provides an overview of Fintech laws and regulations applicable in South Korea.
What are the sources of payments law in your jurisdiction?
In the Republic of Korea (“Korea”), there are various payment methods available to which various laws apply. With regard to payments made using credit cards, debit cards and prepaid cards, the Specialized Credit Finance Business Act (“CFBA”) would apply. Payment methods using electronic means such as electronic fund transfer, electronic debit payment means, electronic prepayment means, electronic currency and electronic receivables would be subject to regulation under the Electronic Financial Transactions Act (“EFTA”); most of the business operators who engage in payment settlement service such as payment gateway business operators are also subject to the regulation under the EFTA.
On July 27, 2020, the Financial Services Commission (FSC) announced a full restructuring of the EFTA, announcing its plans to submit an amendment to the EFTA to the National Assembly in the third quarter of 2020. The reorganization will focus on fostering an innovative digital finance industry, establishing a digital finance user protection system, establishing a foundation for digital financial transactions, and strengthening digital finance security.
In particular, the amended EFTA introduces MyPayment (payment order transmission services) and a comprehensive payment service provider system and streamlines market entry regulations while consolidating and simplifying the electronic finance industry into business types: money transfer, payment settlement, and electronic payment settlement agency service. It also expands the scope of business activities by allowing for deferred payment of small sums and increasing the recharge limit for electronic prepayment means.
Also, tasks that can be implemented before the EFTA takes effect such as increasing the recharge limit of electronic prepayment means and the diversification of the method of consent for withdrawals and transfers will be implemented first through amendments of the enforcement decree and supervisory regulations, administrative guidance, the financial regulatory sandbox, etc.
In addition, payment using foreign currency or payment transactions between Korea and foreign countries and activities relating thereto are subject to the Foreign Exchange Transactions Act (“FETA”), including licensing requirements thereunder in addition to the requirements under the EFTA.
Can payment services be provided by non-banks, and if so on what conditions?
Other than the conventional payment method via the bank, there are other payment methods using different types of payment services, such as the payment gateway business, electronic prepayment means issuance and management business, debit electronic payment means issuance and management business, small amounts overseas remittance business and small amounts foreign currency transfer business. To perform such services, the business operator would be required to obtain a license with the relevant authorities such as the FSC/FSS or the Ministry of Strategy and Finance and have an entity in Korea which satisfies certain personnel/equipment requirements as well as minimum capital requirement.
Under the current EFTA, payment services are divided into seven categories: electronic money transfer service, electronic currency service, electronic prepayment means issuance and management service, debit electronic payment means issuance and management service, electronic payment settlement agency service, payment deposit service, and electronic bill presentment and payment service. As mentioned in the above restructuring of the EFTA, payment services will be consolidated into three simpler categories: money transfer, payment settlement, and electronic payment settlement agency.
This reflects the increasing convergence between services in the financial environment, with the hope that this reorganization by function will differentiate the level of risk by industry and facilitate the reasonable design of regulations relating to market entry and operations. Furthermore, the burden of market entry will be reduced by reasonable adjustments to the minimum capital requirement so that innovative start-ups can enter the electronic finance industry, and depending on the size of the business, special exemptions on capital and registration requirements will also be considered.
What are the most popular payment methods and payment instruments in your jurisdiction?
In Korea, the most commonly used payment method by individual customers for purchase of products and services is the credit card. This is mostly due to the regulation under the CFBA which stipulates that request for credit card transactions cannot be refused in Korea and tax benefits. However, recently the financial authorities are making efforts to diversify the payment settlement market with various payment methods such as QR settlement by utilizing Fintech technologies.
What is the status of open banking in your jurisdiction (i.e. access to banks’ transaction data and push-payment functionality by third party service providers)? Is it mandated by law, if so to which entities, and what is state of implementation in practice?
The Korean financial authorities have announced their plan to introduce the open banking policy that would enable access to the transaction data and payment accounts held by the financial institutions including banks, payment according to payment instructions by the user, and access to information and account held by financial institutions through the open API method. In addition, the open banking system, in which banks and fintech companies both participate, was fully implemented as of December 18, 2019.
While the open banking currently operates pursuant to an agreement among institutions, the amended EFTA will establish a legal basis for it. The act will outline the scope and qualifications for participation in open banking to encourage non-bank financial institutions (mutual finance, savings banks, card companies, etc.) to participate in the open banking system in addition to banks and fintech companies. To promote the stability of the open banking infrastructure, the amended EFTA will include standards for security, certification, standardization, data protection, etc. that participants must comply with and impose various duties upon the participants.
How does the regulation of data in your jurisdiction impact on the provision of financial services to consumers and businesses?
The legal system personal information protection in Korea is structured based on opt-in prior consent by the user, which has posed considerable obstacles to providing the relevant business structure in practice.
On August 5, 2020, the amendments of the three major data-related statutes, the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc., and the Credit Information Use and Protection Act (“Credit Information Act”), entered into effect. In particular, the amendment to the Credit Information Act, which is highly relevant to the fintech field, clarified the legal basis for analysis and use of big data and strengthened safety measures to prevent the negative side effects of big data use. Additionally, the regulatory system for the credit information industry was renovated through the introduction of the personal credit information management business (MyData), specialized credit bureau business, and more. We expect the utilization of data to grow with the above changes.
What are regulators in your jurisdiction doing to encourage innovation in the financial sector? Are there any initiatives such as sandboxes, or special regulatory conditions for fintechs?
The Korean government is making various efforts to develop the Fintech industry including by alleviating the regulation so as to allow Fintech companies with the relevant technology to access the financial market which was permitted only to incumbent financial institutions. In line with such efforts, the Special Law to Support Financial Innovation, the purpose of which is to facilitate the development and improvement of innovative financial service was enacted on December 31, 2018 and enforced as of April 1, 2019. According to this law, not only financial companies but also non-financial companies may apply for being designated as innovative financial service, which is a type of sand box; if designated, the applying company may be exempt from the relevant regulation for 2 years (maximum 4 years if extended) during which period it may develop and sell innovative financial products without concern for obtaining license or permit or being subject to regulation. Also, the Korean government provides financial support for such innovative financial service tests and promotes various new attempts. For your information, Lee & Ko has been providing consulting services for the legislature at the time of enactment of the said Special Law to Support Financial Innovation. In addition to the above, Fintech companies can benefit from the “designated agent” system, which allows financial companies to consign their core work to certain companies designated by the financial authorities to develop and sell new financial products.
Furthermore, in accordance with the recently amended Credit Information Act and its enforcement decree, the MyData industry (personal credit information management businesses) can be operated with a permit from the FSC. Companies with the permit may provide an integrated lookup service for personal data, credit and asset management services, etc., and we expect many finance and fintech companies to apply for this permit.
Do you foresee any imminent risks to the growth of the fintech market in your jurisdiction?
The Korean government has been promoting strong industry-enhancement policy, due to its concern that the development level of the Fintech industry in Korea is behind that of other countries. Therefore, there is a small risk that the regulation or government actions may hamper the development of Fintech market. However, despite the efforts by the government, as there still are areas where legislative support and improvement are still lacking, there is concern that stringent legal restrictions may be applied if damage to customers occurs in such areas. For instance, if a large scale leakage of personal information occurs in the Fintech industry, such accident may trigger the strengthening of restrictions and hamper the development of the Fintech market. Therefore, for a company intending to enter the Fintech market in Korea, it would be necessary to take caution not only to rely on the Korean government’s strong policy to promote the Fintech industry but also to structure its business to comply with the existing legal regulations.
What tax incentives exist in your jurisdiction to encourage fintech investment?
For small or medium enterprises founded before December 31, 2021 as a business that provides financial services utilizing information and communication, a new provision of Article 6 of the Restriction of Special Taxation Act established on December 31, 2019 allows a certain percentage (50% or 100%) of corporate tax to be reduced or exempted for the tax year in which the initial income occurred and from the following tax year to the tax year ending within four years from the start of the following tax year.
Which areas of fintech are attracting investment in your jurisdiction, and at what level (Series A, Series B etc)?
It seems that investment in the P2P lending business is greater in volume compared to other Fintech areas.
In relation to this, the Online Investment-Linked Finance Business and User Protection Act was enacted to regulate P2P finance and has been in effect since August 27, 2020. Under this act, a person who intends to conduct an online investment-linked finance business must register with the Financial Services Commission after meeting requirements such as having equity of at least 500 million won, etc.
Additionally, in exchange for being able to invest their own funds to a certain extent, online investment finance businesses’ activities are regulated. For example, they cannot make linked loans to themselves or their major shareholders. Various mechanisms are also in place to protect investors as lenders, such as the imposition of disclosure obligations regarding matters such as transaction structure, financial and business condition, loan size, and delinquency rate.
If a fintech entrepreneur was looking for a jurisdiction in which to begin operations, why would it choose yours?
As discussed, the Korean government is promoting various Fintech areas by implementing supportive policies and creating a favourable environment for Fintech entrepreneurs. Especially, if nominated as an innovative financial service under the Special Law to Support Financial Innovation, the Fintech entrepreneur may enjoy various benefits for 2 years (maximum 4 years if extended) and use it as an opportunity to test the marketability of its Fintech technology by applying to be designated as a designated agent to handle works that conventionally belong to financial companies thereby expanding its business scope. Also, the Korean government provides financial support for testing new technologies to promising Fintech companies up to KRW100 million. As such policy support helps to reduce the costs and risks involved in realizing new ideas and commercializing technologies, it can also be an attractive feature for Fintech entrepreneurs to operate their business in Korea.
Access to talent is often cited as a key issue for fintechs – are there any immigration rules in your jurisdiction which would help or hinder that access, whether in force now or imminently? For instance, are quotas systems/immigration caps in place in your jurisdiction and how are they determined?
We do not believe that there are such quotas systems/immigration caps in Korea yet.
If there are gaps in access to talent, are regulators looking to fill these and if so how? How much impact does the fintech industry have on influencing immigration policy in your jurisdiction?
We do not believe that there are such quotas systems/immigration caps in Korea yet.
What protections can a fintech use in your jurisdiction to protect its intellectual property?
While there is no special IP law that applies specifically to Fintech, IP protection is provided via other existing laws such as the Patent Act in the case of invention (highly advanced creation of technical ideas), Utility Model Act for device (creation of technical ideas), Trademark Act for brand and mark, Copyright Act for creative work/products of authors, and Unfair Competition Prevention and Trade Secret Protection Act for unfair competition and trade secrets.
How are cryptocurrencies treated under the regulatory framework in your jurisdiction?
The amended Act on Reporting and Using Specified Financial Transaction Information (“Specified Financial Information Act”), which regulates virtual assets and virtual assets service providers (“VASP” as defined below), will enter into force on March 25, 2021. The amended act defines cryptocurrency as a “virtual asset” and imposes various obligations related to anti-money laundering and countering the financing of terrorism (AML/CFT), including the obligation of VASPs to report to Korea’s Financial Intelligence Unit (FIU).
The amended Specified Financial Information Act defines “virtual assets” as “electronic certificates of economic value (with the exception of electronic currency, etc. as defined under the Electronic Financial Transactions Act) that can be traded or transferred electronically.” A “virtual assets service provider” is defined as a person who conducts the business of trading virtual assets or exchanging them for other virtual assets, brokering, intermediating or acting as an agent with regard to such transactions, or storing or managing virtual assets. Regarding a VASP’s obligation to report to the FIU, for the report to be accepted, the VASP must (i) obtain the Information Security Management System (ISMS) certification under the Act on Promotion of Information and Communications Network Utilization and Information Protection and (ii) use a real-name verifiable checking account.
How are initial coin offerings treated in your jurisdiction? Do you foresee any change in this over the next 12-24 months?
On Sept. 29, 2017, the Korean authorities concerning the regulation of cryptocurrency including the FSC, Ministry of Strategy and Finance and Ministry of Justice have announced a comprehensive ban on all forms of ICOs, regardless of technology and/or terminology. As no law has been enacted to support such policy yet, however, it is difficult to conclude that ICOs are legally prohibited. Korean companies are taking a very cautious position regarding ICOs in Korea, considering the government’s negative stance on ICOs. That said, it should be noted that there is still a possibility that the Korean government may take a more lenient approach as they seem to under the technical and economical utility and impact of the cryptocurrency—in such case, the Korean government may positively consider allowing security type tokens via security token offering with certain limitations. According to the amended Specified Financial Information Act to take effect on March 25, 2021, a person selling a virtual asset or exchanging it for another virtual asset will be recognized as a VASP, obligating such person to report to the FIU. There is uncertainty surrounding whether this can be applied to businesses making ICOs.
Are you aware of any live blockchain projects (beyond proof of concept) in your jurisdiction and if so in what areas?
In Korea recently there are many blockchain main-net development projects under way. A representative case is “Clayton”, a blockhain platform launched as of June 27, 2019 by Ground X, an affiliate blockchain developing company of KaKao. Also (while this is taking place outside of Korea), LINE, a Japanese subsidiary of the Korean mega-telecommunications service company, Naver, has launched a blockchain platform “Linkchain”.
Samsung Electronics plans to provide the “Samsung Blockchain Keystore Service,” through which users will be able to store virtual assets on Samsung Electronics terminal. By linking its blockchain-based mobile electronic authentication service, “Initial,” with Samsung Blockchain Keystore, it will provide a commercial decentralized identifier (DID) service applying hardware-based terminal security technology.
To what extent are you aware of artificial intelligence already being used in the financial sector in your jurisdiction, and do you think regulation will impede or encourage its further use?
Presently, artificial intelligence technology such as robo-advisor and chat-bot is being utilized in capital markets industry. The Korean government has designated AI as its main focus business and has announced that it would not spare any support in relation to the development and commercialization of AI. There are, however, claims that laws and regulations relating to personal information are hampering the development of AI—this is because development of AI through the use of deeplearning technology requires utilization of a large volume of big data, which can be restricted by the regulations relating to the use of personal information.
However, with the recent amendment of the three major data statutes, the range of data that can be collected has been expanded, and the data can be used for a wider variety of purposes as well. In this respect, the potential for AI utilizing big data has increased.
Insurtech is generally thought to be developing but some way behind other areas of fintech such as payments. Is there much insurtech business in your jurisdiction and if so what form does it generally take?
In Korea, various forms of insurtech are being tested and utilized. In the case of Internet of Things, various telematics and wearable devices with collect and transmit data from sensors attached to things are being used for various purposes such as calculate savings of insurance premiums; in the area of big data, a variety of large volume of data such as customer consultation data, online activity data, medical and credit level are collected, analysed with velocity to estimate the risk of accident, contract retaining rate and possibility of insurance fraud which are then utilized with regard to development of insurance products, marketing and risk management. With regard to AI, chat-bots are used for customer consulting and blockchain technology is being tested for application for identification and detection of insurance policy upon insurance payment request. Additionally, Korean insurers such as Kyobo Life have introduced a simple insurance claim service that the financial regulators also recommend. Under this service, policyholders can execute smart contracts through blockchain technology to receive hospital treatment, which will immediately cause an insurance claim to be made to the insurance company. As shown above, while insuretech is beginning to be used in various ways, full scale commercialization will take some more time.
Are there any areas of fintech that are particularly strong in your jurisdiction?
Various areas of Fintech are being developed in Korea, and especially the simple payment service area is developing rapidly with a fierce competition among the business operators, which has promoted commercialization of technology and system aimed at enhancing customers’ comfort. For instance, Samsung Pay, which can be used via Samsung mobile phones, uses MTS method which can be used with the conventional credit card readers which makes it easy for customers to use. Also, NaverPay, which is one of the simple payment services in Korea, can also be used in stores in Japan with QR code payment method without incurring currency exchange fees or overseas card usage fees. There are other innovative simple payment services being developed in Korea.
What is the status of collaboration vs disruption in your jurisdiction as between fintechs and incumbent financial institutions?
Despite the impression that Fintech may cause disruption in the existing financial market and conflict of interest between Fintech companies and incumbent financial institutions, that is not entirely true in Korea; many incumbent financial institutions are making various attempts to introduce Fintech to their business areas and are collaborating with Fintech companies. Especially, as mentioned earlier, the Korean government is promoting “designated agent” system under the Special Law to Support Financial Innovation which allows Fintech companies to be assigned the work of incumbent financial institutions. Through such arrangement, incumbent financial institutions with existing client base may be able to enhance their work efficiency while the Fintech companies may test their technology in the market and, if proven feasible, use it to expand the scope of their business even after the completion of such arrangement.
To what extent are the banks and other incumbent financial institutions in your jurisdiction carrying out their own fintech development / innovation programmes?
Banks and other incumbent financial institutions have not fully embraced Fintech in their business but are gradually introducing Fintech in various areas. However, rather than developing their own technology, they work in collaboration with IT companies who have the necessary technology primarily. Meanwhile, the Financial Services Commission has published the “Guidelines on Fintech Investment, etc. by Finance Companies” to allow finance companies to expand their investments in fintech companies while simultaneously recommending that they directly conduct fintech activities as ancillary businesses.
Estimated word count: 3638
Privacy & Cookies Policy
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.