South Korea -- AML/CFT Compliance Regulatory Overview

Published: 2026-04-26 Updated: 2026-04-18 Author: Perplexity Sonar Version 1 Sources cited in: Korean (3)

Note: This article cites primary sources in languages other than English. Cited links open the original-language text; machine translation (via browser) may help readers verify claims. See the badge next to each source for its language.

Methodology

AI-generated synthesis from web search results.

Limitations

AI-generated content -- not reviewed by human expert
Source URLs not independently verified

South Korea regulates cryptocurrency/virtual asset service providers (VASPs) through strict AML/CFT requirements under key laws including the Act on Reporting and Use of Specific Financial Transaction Information (since 2021) and the Act on the Protection of Virtual Asset Users (effective July 2024), with additional measures from the Digital Asset Basic Act. These frameworks mandate VASP registration with the Korea Financial Intelligence Unit (KoFIU), real-name accounts, insurance against hacks, and alignment with FATF standards for market integrity and investor protection.[3][4][5]

Key AML/CFT Legislation

Act on Reporting and Use of Specific Financial Transaction Information: Requires VASPs to register with KoFIU and comply with AML/CTF standards.[3][5]
Act on the Protection of Virtual Asset Users (2024): Focuses on user protection, prohibits unfair practices like market manipulation, and enforces AML protocols.[4][5]
Digital Asset Basic Act: Imposes ownership caps (e.g., 20% max per shareholder) and governance rules to enhance transparency and AML.[2]

Customer Due Diligence (CDD) Requirements

VASPs must conduct Customer Due Diligence (CDD), including simplified and enhanced due diligence where applicable, alongside sanctions screening.[5] This applies to services like buying/selling virtual assets, exchanges, transfers, storage, and intermediation.[5] The Travel Rule mandates sharing sender/receiver details (names, IDs, accounts) for transactions over KRW 1 million (~USD 800).[3]

Suspicious Transaction Reporting

VASPs are required to monitor transactions, track suspicious activities, and report them, with appointment of a money laundering reporting officer (MLRO) and internal AML policies.[1][5] This includes company-wide risk assessments and ongoing transaction monitoring.[5]

Record-Keeping Obligations

VASPs must maintain records of transactions and compliance activities, supporting suspicious transaction tracking and regulatory audits, in line with KoFIU guidelines.[1][2]

Oversight Authority

Compliance is overseen by:

Financial Services Commission (FSC): Primary regulator for VASPs, enforces consumer protection and investigates unfair practices. (Official site: fsc.go.kr)
Korea Financial Intelligence Unit (KoFIU): Handles VASP registration, AML reporting, and guidelines. (Official site: kofiu.go.kr)
Financial Supervisory Service (FSS): Investigates abnormal transactions and develops guidelines. (Official site: fss.or.kr)[1][2][3][4]

Source Data

60%

**Financial Services Commission (FSC)**: Oversees VASPs, enforces consumer protection, investigates unfair practices, and issues guidelines; gained expanded supervisory powers under recent acts.[2][4][6]

[primary] www.fsc.go.kr [primary] www.kofiu.go.kr [primary] www.law.go.kr

60%

**Financial Supervisory Service (FSS)**: Supports FSC by probing abnormal transactions and clarifying rules (e.g., on NFTs).[2]

[primary] www.fsc.go.kr [primary] www.kofiu.go.kr [primary] www.law.go.kr

60%

**Korea Financial Intelligence Unit (KoFIU)**: Manages VASP registrations, enforces KYC/AML, and handles suspicious transaction reports.[1][2][5]

[primary] www.fsc.go.kr [primary] www.kofiu.go.kr [primary] www.law.go.kr

60%

**Korea Internet & Security Agency (KISA)**: Issues mandatory Information Security Management System (ISMS) certifications for exchanges.[1][2]

[primary] www.fsc.go.kr [primary] www.kofiu.go.kr [primary] www.law.go.kr

60%

**Act on the Reporting and Use of Specific Financial Transaction Information (March 2020 Amendment)**: Effective March 2021; legalized crypto, mandated VASP registration, real-name accounts, ISMS certification, and AML/KYC.[1][5]

[primary] www.fsc.go.kr [primary] www.kofiu.go.kr [primary] www.law.go.kr

60%

**Act on the Protection of Virtual Asset Users (Virtual Asset User Protection Act)**: Enacted July 18, 2023; effective July 19, 2024; prohibits market manipulation, insider trading, and unfair practices with severe penalties (e.g., life imprisonment for gains over 5 billion won); enhances FSC oversight.[2][4][6]

[primary] www.fsc.go.kr [primary] www.kofiu.go.kr [primary] www.law.go.kr

60%

**Upcoming Digital Asset Basic Act**: Proposed for early 2026 by National Assembly to consolidate regulations on exchanges, token issuance, custody, stablecoins, and ETFs.[3]

[primary] www.fsc.go.kr [primary] www.kofiu.go.kr [primary] www.law.go.kr

60%

FSC site: https://www.fsc.go.kr/eng (Virtual Asset User Protection Act details)

[primary] www.fsc.go.kr [primary] www.kofiu.go.kr [primary] www.law.go.kr

60%

Full laws via National Law Information Center: https://www.law.go.kr/eng

[primary] www.fsc.go.kr [primary] www.kofiu.go.kr [primary] www.law.go.kr

7 fact(s) collected but awaiting source verification. View in explorer →