SOUTH KOREA: An Introduction to South Korea
Introduction
In 2023, there have been a number of regulatory changes in South Korea in the fintech, digital asset and AI areas.
In the fintech arena, as a result of the business stoppage of unregistered prepaid service providers, significant losses had been incurred by their users. As a result, the Electronic Financial Transaction Act is scheduled to be amended on 15 September 2024 to reinforce the requirements applicable to prepaid service providers by, among other things, expanding the scope of prepaid service providers who must be registered and requiring prepaid service providers to provide safe custody for users’ funds. In addition, the Financial Services Commission (FSC) announced that it would allow financial and electronic financial companies to use software as a service (SaaS) on a stage-by-stage basis through a regulatory sandbox. As a result, certain financial companies have already received permission to use SaaS through such regulatory sandbox.
Regarding digital assets, the Korean government has announced that it will regulate digital assets by distinguishing between security and non-security type assets, and is in the process of preparing new legislation for this purpose. As a result, there should be more clarity on how virtual assets and token securities will be regulated in Korea in 2024.
Non-security type: As a first step to regulate various aspects of virtual assets, the Act for Protection of Virtual Asset Users (the “Virtual Asset User Protection Act”) was enacted on 18 July 2023. The Virtual Asset User Protection Act, which is scheduled to take effect from 19 July 2024, is mainly designed to regulate unfair trading and virtual asset user protection. As a second step, the Korean government is planning to enact a digital asset framework act to comprehensively regulate all aspects of the virtual asset service and industry.
Security type: The FSC made it clear that, to the extent a virtual asset has the characteristics of a security, such virtual asset would be subject to the Financial Investment Services and Capital Markets Act (the “FSCMA”) and it released guidelines on which token may be classified as a security and how the issuance and trading of security-type tokens should be regulated. A legislative bill incorporating such guidelines is currently pending in the National Assembly of Korea.
Furthermore, the Bank of Korea (BOK) has announced its plan to introduce central bank digital coins (CBDCs) and Korean financial regulators are known to be in the process of introducing financial AI guidelines.
Payment/Cybersecurity
Amendment to the Electronic Financial Transactions Act
The amendment to the Electronic Financial Transactions Act (the “EFTA Amendment”) expanding the scope of prepaid service providers to be registered, was passed in the National Assembly on 24 August 2023. The EFTA Amendment, which is scheduled to take effect on 15 September 2024, is mainly designed to protect users of prepaid services in response to the significant losses incurred as a result of the business stoppage of unregistered prepaid service providers in 2021.
Prior to this amendment, the EFTA required any person who issued electronic prepayment means for purchasing two or more types of products to be registered as a prepayment service provider. Under the EFTA Amendment, the definition of the term “electronic prepayment means” was changed to regulate electronic prepayment means for even a single type of product. Any business operator that becomes subject to the prepaid service registration requirement because of changes to the definition of “electronic prepayment means” must meet the new registration requirement within a grace period of 18 months from the promulgation date of the EFTA Amendment.
The EFTA Amendment has also reinforced the overall regulations regarding the issuance and administration of electronic prepayment means by, among other things, (i) the introduction of certain provisions to strengthen the merchant store management obligation of prepayment service providers; and (ii) the protection of users’ prepaid funds. In addition, the EFTA Amendment introduced buy now, pay later (BNPL) services by prepaid service providers (tested through a regulatory sandbox) with the prior approval of the FSC.
Financial regulators introduce a sandbox for the use of software as a service (SaaS)
Under the Regulation on Supervision of Electronic Financial Activities, a financial or electronic financial company is, in principle, required to segregate its internal network from the internet for the purpose of protecting its information processing system. Due to this regulatory requirement, financial and electronic financial companies are not allowed to utilise SaaS offered by cloud service providers (CSPs) on their internal networks. On 28 June 2023, the FSC and the Financial Security Institute (FSI) announced their plan to allow financial and electronic financial companies to use SaaS offered by CSPs on their internal networks through a regulatory sandbox. On 13 September 2023, the FSC designated a few financial companies to rely on such regulatory sandbox with certain restrictions on the permitted scope of work for using SaaS and certain requirements to implement security measures. The Korean financial regulators are planning to further relax the network segregation requirement through this regulatory sandbox or the amendment of the Regulation on the Supervision of Electronic Financial Activities, after evaluating any risks identified through the regulatory sandbox.
Crypto-assets
Different set(s) of Korean laws and regulations apply to particular crypto-assets depending on whether such crypto-assets are treated as, for example, financial investment products such as securities, virtual assets, electronic currency or prepaid means based on their characteristics. There have been numerous discussions on how crypto-assets should be characterised and classified among law makers and industry players in Korea and certain recent regulatory developments through new legislation and regulatory guidelines have provided more clarity on such issues. In particular, the Virtual Asset User Protection Act was enacted to provide more protection to users of and investors in virtual assets and virtual asset services. In addition, Korean financial regulators have released a guideline (the “Token Security Guideline”) on the issuance and distribution of certain types of security-type tokens (token security) and the legislative bills to amend the FSCMA and the Act on Electronic Registration of Stocks and Bonds (the “ESA”) reflecting such guidelines are currently pending in the National Assembly of Korea.
Virtual Asset User Protection Act
The Virtual Asset User Protection Act, which is designed to regulate the virtual asset market primarily from a consumer/investor protection perspective, was enacted on 18 July 2023 and is scheduled to take effect from 19 July 2024. The Virtual Asset User Protection Act is the first Korean law which is solely designed to regulate the virtual asset service business/industry. The existing Act on Reporting and Use of Certain Financial Transaction Information, under which virtual asset service providers must be registered and comply with certain anti-money laundering (AML) requirements, was enacted mainly for AML purposes and does not cover complex legal issues related to virtual assets in a comprehensive manner. However, the Virtual Asset User Protection Act introduced a regulation that is urgently needed, from the perspective of regulating virtual assets and virtual asset service providers in terms of unfair trading and user protection measures. The Korean government is currently in the process of preparing enforcement decrees in line with the Virtual Asset User Protection Act and is collecting opinions from various stakeholders.
Pursuant to the Virtual Asset User Protection Act, a virtual asset service provider (VASP) must implement certain consumer protection measures including: (i) segregating users’ deposited assets from their own assets by depositing them with or entrusting them to a custodian such as a bank; (ii) segregating their virtual assets from users’ virtual assets and, in effect, holding the same types and quantities of virtual assets entrusted by users; and (iii) taking the necessary measures to be able to fulfil their liabilities/obligations in the event of setbacks caused by hacking and computer failures.
The Virtual Asset User Protection Act broadly covers unfair trade practices involving virtual assets and violation of such may result in a criminal punishment or an administrative fine. In particular, the law prohibits:
(i) the use of any material non-public information regarding a virtual asset by VASPs, the issuer of such virtual asset and any of their respective officers, employees, agents and major shareholders and any other person who obtains such material non-public information from any of the aforementioned persons;
(ii) certain unfair trading activities (eg, false trading, changing or fixing prices); and
(iii) fraudulent trade practices.
VASPs are also prohibited from trading or engaging in certain transactions involving virtual assets issued by themselves or any of their related parties.
In addition, the Korean government and the National Assembly are presently preparing the second stage of legislation for the Virtual Asset User Protection Act. According to the Virtual Asset User Protection Act’s supplementary opinion, financial authorities are required to act or assist market players to adopt certain measures related to VASP business activities including the listing process, the integrated information disclosure system, regulations on the real name verification deposit and withdrawal account system provided by banks (required for the fiat-to-crypto or crypto-to-fiat service), and certain issues related to the conflict of interests between an issuer and a VASP.
Security token offerings
An adoption of regulatory framework for security token offerings (STOs) has been one of the current Korean government’s tasks. On 3 May 2022, the Korean government announced its plan to regulate “security-type tokens” based on the FSCMA.
As a part of such plan, on 6 February 2023, the FSC announced the “Token Security Guideline” on the issuance and distribution of token security, under which certain existing laws and regulations would be amended to regulate token security in the form of electronic securities based on distributed ledger technology. The FSC also announced that certain legislative actions would be followed, including amendments to the FSCMA and the ESA to introduce a new licensing framework for managing token security issuers’ accounts and token security over-the-counter brokerage service providers. As a result, proposed amendments to the FSCMA and the ESA are currently pending in the National Assembly.
As the FSC has announced that it plans to test out innovative products and services through a regulatory sandbox, a number of platform business operators (wishing to issue token security with various tangible assets as underlying assets) and securities companies (wishing to provide brokerage services for token security) have applied for such regulatory sandbox. However, the FSC has not approved any of these applications to date.
Over the past few years, various types of fractional investment and services have become common in Korea. Fractional investment is an innovative financial investment methodology that broadens access to investment products by enabling investors to make small fractional investments in various assets or property rights, including real-world physical assets. Fractional investments are being offered in various industries, including investments in commercial real estate, IP rights on music, and other movable assets, including beef and artworks. In response, on 28 April 2022, the FSC announced the guideline for new securities business as the “Fractional Investment Guideline”, which would focus on the newly emerging fractional investment instruments. The Fractional Investment Guideline provides for the applicability of existing securities regulations or the regulatory sandbox, depending on the type/nature of underlying assets, the investment scheme and the rights to be granted in connection with fractional investments.
The Token Security Guideline is largely aligned to the regulatory interpretation of the FSC under the Fractional Investment Guideline to determine whether a token or an investment scheme should fall under “security” for the purpose of the FSCMA. However, while the guidelines under the Fractional Investment Guideline are limited to those relating to the classifying of tokens or investment schemes as security under the FSCMA and restriction of business structure for investor protection (such as asset segregation), the Token Security Guideline has proposed amending certain existing laws and regulations so that token securities may be issued in the form of electronic securities and any rights associated with such token securities may be transferred through transactions on a distributed ledger.
Establishment of a joint investigation unit to counter virtual asset crimes
A number of virtual asset trading incidents have caused losses to users, and local media companies in Korea have reported such incidents, making them social issues. While the Virtual Asset User Protection Act has been enacted to regulate unfair trading practices in the virtual asset market, such law will only finally become effective from July 2024.
To act on complex issues involving virtual assets, the joint investigation unit was launched on 26 July 2023 to enhance the soundness of the virtual asset ecosystem and to protect market participants. The joint investigation unit consists of about 30 experts from seven different national agencies, comprising the Prosecutors’ Office, the FSC, the Financial Supervisory Service (FSS), the Korean Financial Intelligence Unit (KoFIU), and a tax agency with several government-wide agencies’ participation. The joint investigation unit is expected to act on crimes involving virtual assets, including the issuance and sale of virtual assets, listing of virtual assets and brokerage activities for such listing, market making, unfair and fraudulent trading activities involving virtual assets, bribery, illegal political funds, tax evasion, illegal foreign exchange transactions and money laundering involving virtual assets.
CBDC
On 3 October 2023, the BOK, the FSC and the FSS announced their wholesale CBDC pilot test plan to explore stable and innovative digital payment means for dealing with the risks associated with stablecoins in the private sector. Under this plan, the BOK plans to establish a CBDC network that will enable financial institutions to issue digital currencies, including tokenised deposits and CBDC-backed tokenised e-money. Furthermore, the BOK intends to identify innovative use cases and to test them through distinct stages, each tailored to specific use cases. It is understood that the BOK will, for the time being, limit the scope of the pilot test by allowing only banks to participate in testing out tokenised deposits.
Financial AI
Currently, there are no existing Korean laws or regulations which are explicitly designed to regulate AI. In the absence of such laws and regulations, the FSC announced a guideline on the development of AI-based financial services on 8 July 2021 and a plan to support the use of AI in the financial industry in August 2022. The FSC also designated a financial AI data library as an innovative financial service on 21 June 2023 so that the procedure for reusing AI-related data may become more simplified. In addition, it is understood that the Korean financial regulators plan to provide policy support for financial AI areas by, for example, improving financial data-related regulations and establishing a test bed for financial AI services/business.
Conclusion
As discussed, there have been a number of regulatory and legislative developments in the fintech and crypto-asset industry in 2023, such as: (i) the EFTA Amendment; (ii) the announcement of a regulatory sandbox for SaaS; (iii) the enactment of the Virtual Asset User Protection Act; and (iv) the release of the Security Token Guideline (plus certain amendments to the FSCMA and ESA relating to token security, which are scheduled in 2024). The adoption of the CBDC is still in a testing phase, however, as it is expected that implementation of the CBDC will have a significant impact on the financial and payment industries in Korea. It is therefore necessary to monitor any development of the CBDC in its pilot test. In addition, as Korean financial regulators are currently reviewing the relaxation of regulations regarding data control and cloud usage for financial AI, once such relaxation is complete, it is expected that financial institutions in Korea will be able to utilise AI in more areas.