Publication of the Manual
On February 17, 2021, the Korea Financial Intelligence Unit (the “KoFIU”) within the Financial Services Commission (the “FSC”) and the Financial Supervisory Service (the “FSS”) jointly published the “Manual for Reporting of Virtual Asset Service Providers (the “Manual”),” which provides for details of the reporting requirements and procedures under the Act on Reporting and Use of Specified Financial Transaction Information (the “Specified Financial Transaction Act”) and the Enforcement Decree of the Specified Financial Transaction Act (the “Enforcement Decree”).
The specific requirements and procedures provided in the Manual will provide guidelines to virtual asset service providers, and is expected to lessen legal uncertainty regarding the reporting obligation. In particular, the publication of the Manual is significant in that it provides for: (i) the refined scope of the definition of virtual asset service providers and exceptions; (ii) roles of KoFIU and the FSS in each step of the reporting process; (iii) detailed list and forms of documents required to be submitted for reporting; and (iv) additional list and forms of documents required to submitted by overseas virtual asset service providers.
Despite the publication of the Manual, virtual asset service providers who have various business models, including DeFi, or constantly deal with changing virtual assets may face practical uncertainties regarding filing of the report or whether reporting of changes is required. However, we expect such practical uncertainties to be resolved as the guidelines contained in the Manual are implemented.
Definition of Virtual Asset Service Provider
Article 2(1) 14 of the Specified Financial Transaction Act defines virtual asset service providers as entities engaged in the sale and purchase of virtual assets or exchange between virtual assets. The Enforcement Decree categorizes virtual asset service providers into: (i) virtual asset traders; (ii) virtual asset safekeeping and management service providers; and (iii) virtual asset wallet service providers.
Further, the Manual provides that the key elements of a virtual asset service provider under the international standards of the Financial Action Task Force (FATF) on Money Laundering are: (i) actively facilitating virtual asset related activities; (ii) on behalf of customers; (iii) as a business.
On the other hand, the Manual clarifies that the following entities do not fall under the definition of virtual asset service providers:
- Entities that solely provide a platform on which sale and purchase of virtual assets may be proposed (e.g., entities that manage and online bulletin boards where sale and purchase proposals are posted and transactions occur through individuals’ wallets or wallets of non-related entities);
- Entities that solely provide advice or technical services regarding virtual asset transactions;
- Entities that solely provide programs to store individual encryption keys without independent control rights and are not engaged in sale, purchase or exchange of virtual assets; and
- Manufacturers of hardware wallet services, including cold wallets.
Procedures for Virtual Asset Service Provider Reporting
The following detailed steps for the reporting are contained in the Manual. The same procedures apply to reporting of changes and renewal.
|1||Applicant submits reporting application to KoFIU|
|2||KoFIU requests that the FSS deliberate on the reporting application|
|3||FSS deliberates on whether reporting requirements are met|
|4||FSS notifies the KoFIU of the result of its deliberation|
|5||KoFIU notifies the applicant (whether reporting application accepted)|
KoFIU must notify whether a reporting application has been accepted within three months (45 days for application for reporting of changes) of the applicant’s date of submission. The actual processing time may take longer if additional materials or information are requested, in which case the period of time the applicant takes to supplement will be excluded from the three months (or 45 days).
Also, a virtual asset service provider reporting applicant must submit a copy of the application to the FSS for deliberation on whether the reporting requirements are met.
Separately, KoFIU will send an official letter to the FSS requesting deliberation of the application. Upon receipt of the official letter, the FSS will start to deliberate on whether the reporting requirements are met. Once deliberation is complete, the FSS will provide a written report on the deliberation results to KoFIU. Based on the written report, KoFIU will determine whether to accept the reporting application.
As an attachment to the reporting application, a “document providing for the business method of the virtual asset service provider” must be submitted, together with a “list of virtual assets relevant to the business” using a designated form. The Manual does not provide detailed instructions on how the “document providing for the business method of the virtual asset service provider” should be prepared. Applicants will need to submit sufficient materials on how business is conducted in compliance with the Specified Financial Transaction Act.
The “list of virtual assets relevant to the business” must provide the following details for each virtual asset managed by the applicant as of the reporting date: (i) product name; (ii) issuer; (iii) use (whether for customer transactions or other use; may provide for multiple uses); and (iv) whether the virtual asset is a dark coin. If any attachment submitted for the reporting application is a copy of an original, it must be certified as a true copy.
Foreign entity applicants, whose registered office or main office is located overseas, and who do not have an actual business location in Korea must also provide: (i) address and contact information of the Korean place of business; and (ii) the actual name and nationality of its representative residing in Korea. Also, a Korean translation of the summary for any documents in a non-Korean language must be submitted, and documents issued or drafted overseas must be locally notarized.
Grounds for Rejection of Reporting Application
Article 7(3) of the Specified Financial Transaction Act states the grounds under which an application for virtual asset service provider reporting may be rejected: (i) if the applicant has not obtained information security management system certification (“ISMS Certification”); (ii) if the applicant does not carry out financial transactions using bank accounts for which the real name of the accountholder may be authenticated; (iii) if the applicant has been subject to fines or harsher punishment, and five years have not yet lapsed since the date of execution or exemption from execution of the punishment; or (iv) if the applicant’s previous reporting of new asset service provider or reporting of changes in virtual asset service provider has been subject to ex officio cancellation, and five years have not yet lapsed from the date of cancellation.
In addition, the Manual specifies the detailed procedures on how the FSS will confirm whether any of the grounds for rejection exist.
First, for ISMS Certification, the FSS will confirm the details and period of validity of the ISMS Certification through the ISMS certificate issued by the Korea Internet & Security Agency (“KISA”) and verify the details by cross-checking KISA’s webpage.
And to confirm whether the applicant has made financial transactions using bank accounts for which the real name of the accountholder may be authenticated, the FSS will confirm the certificate of issuance of bank account issued by the relevant bank for details including period of validity.
Regarding grounds (iii) and (iv) above, if the applicant is an entity, it will be required to submit: (a) its corporate registry and documents providing for the name and location of the registered office; (b) if an agent submits the application on behalf of the applicant, documentation of the delegation of authority; and (c) notarized documentation of the resolution for incorporation or reporting. Also, any punishment or cancellation imposed on the entity’s representative and registered executives will also be considered for the purposes of grounds (iii) and (iv). Accordingly, not only the entity applicant, but also its representative and registered executives must each submit a letter of confirmation on any punishment or cancellation using a designated form.
Cancellation of the Reporting Application
The FSS will first confirm whether there have been violations of any financial laws and regulations, and if necessary, the FSS will also refer to background checks by relevant authorities. Moreover, even after KoFIU accepts a reporting application but later confirms a violation of financial laws and regulations, which had not been previously discovered through background checks, KoFIU may cancel the virtual asset service provider reporting.
Even after KoFIU accepts an application for virtual asset service provider reporting, where there are any grounds for rejection of the reporting application, KoFIU may cancel the report under Article 7(4) of the Specified Financial Transaction Act. Therefore, if there are changes to the status of the virtual asset service provider (including expiry of the ISMS Certification or certificate of issuance of bank account), the virtual asset service provider must: (i) renew the ISMS Certification and certificate of issuance of bank account; and (ii) file a reporting of changes in virtual asset service provider within 30 days. Renewal of the virtual asset service provider reporting must be filed at least 45 days prior to the date of expiration.
This article was produced by Shin & Kim LLC’s Digital Technology & Data Law Practice Group, which provided it to Capital Connect.