Notable Issues in 2020
In the absence of a designated licensing regime for P2P lending platforms, these were not directly regulated or supervised but were indirectly regulated under the Guidelines on P2P Lending.
Discussions for legislation to regulate P2P lending to protect investors took place and in August 2020, the Online Investment-Linked Financial Business Act was enacted.
This Act requires P2P lending platforms to register with the Financial Services Commission (FSC), which protects both investors and borrowers.
“My Data” service
In August 2020, the amendment to the Act on Use and Protection of Credit Information (“Credit Information Act”) came into effect, introducing the new “My Data” service, which compiles financial transaction data and allows users to view their financial information in one place.
As of January 2021, 28 businesses had obtained approval to provide the “My Data” service as it is prescribed under the Credit Information Act.
Notable Issues in 2021
Further to the two existing internet-only banks, a third internet-only bank was granted preliminary approval in December 2019 and is in the process of receiving final approval in 2021. The emergence of the third internet-only bank is expected to increase competition in the market.
Virtual asset business
When the amendment to the Act on Reporting and Using Specified Financial Transaction Information (“Specified Financial Transaction Information Act”) takes effect in March 2021, registration as a virtual asset business will be mandatory.
With regard to the amendment, however, the FSC declared that “the enforcement of the law does not mean institutionalising virtual asset transactions”, and therefore, the FSC is expected to maintain a negative attitude regarding virtual asset transactions for the time being.
Amendment to the Electronic Financial Transactions Act and the Introduction of a One-Stop Payment Service
In July 2020, the FSC called for a major overhaul of digital finance regulations, with the so-called "Comprehensive Innovation Plan for Digital Finance" and, subsequently, on 27 November 2020, proposed revisions to the Electronic Financial Transactions Act (EFTA). These reorganise the seven types of digital finance licences into three types (remittance business, payment business, and payment agency business); and introduce a payment instruction delivery service (“My Payment” business) along with the concept of a “Comprehensive Payment Business”, which describes a one-stop payment service that enables fintech companies to issue payment accounts without teaming up with banks (similar to the EU’s Electronic Money Institution and Singapore’s Payment Institution).
In addition to the introduction of the “My Payment” service and the “Comprehensive Payment Business”, the proposed amendments to the EFTA also introduce and implement:
The predominant fintech verticals in South Korea are as follows:
Fintech business has so far been regulated by the pre-existing financial regulations, and the regulatory regime applicable to industry participants in the main verticals is being constructed by amending relevant pre-existing regulations and enacting/implementing new legislation to address a niche fintech industry:
Under this regulatory regime, the Special Act on Support for Financial Innovation (“Financial Innovation Act”) has been enacted to support innovative fintech solutions and ideas to promote growth in fintech sectors in which, if a financial services provider is designated as an "innovative financial service", certain requirements for approvals/licences or restrictions are suspended or exempted.
There are no specific regulations targeting fintech companies in respect of their compensation models. Most fintech companies charge lower fees to customers to compete against legacy financial institutions. Some fintech businesses serve in-application advertising on their apps as an indirect compensation model. Another source of compensation is a commission for the sale of financial products or a fee for licensing out intellectual property rights, such as those in connection with robo-advisers.
There have been some loopholes in fintech regulation, since the emergence of ever-expanding fintech business models was not anticipated when the existing regulatory framework was established.
As the Korean legal system is based on civil law, the authority granted to Korean financial regulators is very limited.
In other words, since financial regulations are based on the principle that “everything which is not expressly allowed is forbidden", discretionary decisions to the effect of supporting new fintech business models are not easily given.
In order to overcome these restrictions, the Financial Innovation Act came into force in 2019 and a regulatory sandbox was implemented. The regulatory sandbox establishes a system in which new technology-driven services can grow, and a number of companies have, in fact, been taking advantage of this regime to launch new business models.
Under the Financial Innovation Act that came into effect on 1 April 2019, the regulatory sandbox allows certain financial services which are novel and innovative to be exempted from current financial regulations, including regulatory oversight or permit requirements, for up to four years (initial two-year term and another two-year extended term). Fintech companies and financial institutions may apply to the Innovative Financial Services Examination Committee established by the FSC, as an “innovative financial service provider” and such innovative financial service providers need to differentiate themselves from existing financial services in terms of content, methods and forms in providing services.
Once designated as an innovative financial services provider, exemptions for applicable regulations will be granted until the designation period expires.
The innovative financial service provider can request exclusive rights to provide financial services for another two years after the expiration of the original designation period.
For the official launch of the service, if any regulatory improvement is required, such as enactment of or revision to applicable regulations, the Innovative Financial Services Examination Committee may propose such legislation.
According to the FSC, from the launch of the regulatory sandbox in April 2019 until December 2020, a total of 135 services were designated as innovative financial services.
As explained in 2.2 Regulatory Regime, financial regulations in relation to fintech are carried out by the FSC. The following is a list of legislations within the purview of the FSC:
Some fintech businesses might be subject to the legislations of government agencies other than the FSC, for example:
In the past, pursuant to the Rules on Outsourcing by Financial Institutions, any core business functions of financial institutions were not permitted to be outsourced to a third party.
Since 2017, however, financial companies(including fintech companies) have been allowed to designate an agent to outsource core business functions. An exception to this was financial investment businesses which were still prohibited under the FSCMA from delegating their core business functions.
However, since the introduction of the Financial Innovation Act on 1 April 2019, all financial institutions, including financial investment businesses, have been able to take advantage of the designated agent system to outsource their core business functions.
In relation to the scope of responsibility of the designated agent, the financial institution will be held jointly liable with the agent for damages arising from the violation of financial regulations under the Rules on Outsourcing by Financial Institutions.
A simple advertisement business model which does not involve solicitation or brokerage for the sale of financial products, such as a banner advertisement, has not been regulated until today, but if the proposed amendment to the EFTA comes into effect, a new set of regulations for platforms will be introduced.
A financial platform refers to an electronic system, such as a mobile application, which offers proxy, brokerage, arrangement, advertisement, provision of information, comparative analysis and recommendation of financial products and services. The proposed amendment to the EFTA introduces a set of rules for financial platform businesses to conduct their business fairly. For instance, a financial platform company shall not (i) mislead users to believe that the financial products are provided by the platform company when such products are instead provided by the participating financial companies; or (ii) abuse its superior position towards the participating financial companies. In the event of violations, penalties will be imposed on the financial platform company.
Virtual asset service providers are required to register with the Korea Financial Intelligence Unit (KOFIU) and any type of initial coin offering (ICO) is prohibited. Please refer to 7.3 Impact of the Emergence of Cryptocurrency Exchanges for further details.
Further to the enactment of the Online Investment-Linked Financial Business Act in August 2020, companies currently engaging in the P2P financing business are required to complete registration.
As data is at the core of fintech business, regulations in relation to privacy and cybersecurity are important.
Any collection, use and transfer of personal data shall be governed by the PIPA and the Credit Information Act.
Financial companies and electronic financial business entities are required to ensure that electronic financial transactions are safely handled, including taking the necessary technical, administrative and physical security measures provided under the relevant laws and regulations; and this applies equally to fintech business operators who intend to run an electronic financial business.
Besides the regulators and auditors for accounting purposes, no other actors are authorised to review the activities of industry participants. Market participants self-regulate through organising associations.
Each association issues standard terms and conditions and a code for the best practices to help the industry participants comply with laws and regulations. It also prepares self-regulatory proposals to prevent any accidents from occurring during the period before the new laws and regulations take effect.
Such associations include, for example, the “Fintech Industry Association” and the “Online Investment-Linked Finance Association” for P2P finance companies, and the “Korea Blockchain Association” for virtual asset businesses.
Mobile payment and money transfer providers, such as Toss, Finnq and Kakao Pay, usually require their users to top up their prepaid accounts in advance to use the systems.
Recently, Toss, one of the largest mobile payment and money transfer service providers in Korea, started to offer interest on prepaid amounts that was higher than that of financial institutions, to attract more users. This was criticised as a pseudo-deposit service in which collecting deposits or funding takes place without the requisite licence or registration, which is restricted under finance-related laws. Toss stopped paying interest on the prepaid amounts after the government issued a warning.
Since then, mobile payment and money transfer systems have come up with other incentives, for example, giving out points that can be used in the mobile payment and money transfer system. As illustrated in the Toss case, the government seems to prefer to regulate through expansion of existing laws, rather than adopting new laws, when it comes to industry participants offering unregulated products and services in conjunction with regulated products and services.
The FSCMA does not classify robo-advisers by asset type, however, it does require them to pass the "Robo-Adviser Test Bed" to verify effectiveness and stability in order to manage collective investment property, or conduct investment advisory business or discretionary investment business.
The algorithm participating in the test bed must be managed as a fund (including ETF), derivative-linked securities (ELS, ETN, DLS, etc), and shares, and a portfolio may consist of one or more asset classes.
A non-face-to-face discretionary investment contract was permitted in June 2018 in order to revitalise robo-advisers; and since July 2019, robo-advisory firms have been allowed to manage funds and entrusted assets commissioned by asset management firms, all of which has led to active competition, as well as collaboration between existing legacy players and fintech companies.
According to the FSC, the robo-advisory services available in South Korea are provided by nine banks, 19 securities companies, two asset management companies and five investment advisers, as of the end of June 2019.
One of the issues relating to the best execution of customer trades is a robo-adviser’s safety and reliability. These have been a concern in the market and, consequently, the FSC has provided a general operation plan for the robo-adviser test bed.
Through the test bed, the rationality of investor algorithms, personal customisation, diversified investment, regulatory compliance, as well as system stability and security, are reviewed.
Only robo-advisers which have passed the test bed are allowed to service and market to customers, and even after the service is launched, investment portfolios are under continuous scrutiny through the test bed.
In South Korea, online lenders consist of internet-only banks and P2P lenders.
Under the Act on Special Cases Concerning Establishment and Operation of Internet-Only Banks, loans can be made to individuals or small and medium-sized enterprises only. In respect of corporate loans, unlike individual loans, separate corporate credit evaluation and due diligence are required. Due to the nature of non-face-to-face transactions and the limited capability of internet-only banks to carry out the required checks for corporate loans, loans are predominantly being made to individuals or individual business owners.
As P2P loans are not subject to regulations by type of borrower, loans can be made to both individuals and corporations. In terms of the number of loans, 73% of the loans are personal credit loans, according to data published by the FSC.
In terms of the size of the loans, according to data from the Korea P2P Finance Association, real estate project financing or real estate mortgages accounted for 68% of the total amount of P2P loans as at the end of 2019, 13% for credit loans to individuals, and 8% for movable asset-based mortgages. It appears that some corporate credit loans, albeit insignificant, also exist.
Internet banks were established in 2017 with the aim of revitalising the mid-interest rate loan market that traditional banks did not deal with much, and they were expected to utilise various data and fintech technologies in the review process of mid-interest rate loans.
In the case of internet-only banks, as loan screening is conducted on a non-face-to-face basis due to the absence of physical branches, the technology for receiving data and verifying identity is currently being used, but other technologies related to credit evaluation and collateral evaluation are barely being used.
Internet-only banks are preparing to deploy fintech in loan screening, such as introducing artificial intelligence (AI) in the automatic screening of mortgage evaluations or document submissions related to real estate mortgage loans.
P2P loans are predominantly in relation to real estate-related loans, and fintech is not used much in loan screening. Some companies that mainly deal with individual credit loans have devised and implemented a separate rating system of their own, having utilised financial information provided by credit rating agencies as well as other information such as the borrowers’ profession and loan repayment history through their own big data analysis system.
The main source of funds for internet-only banks is deposits, just like traditional banks.
For P2P lenders, the main funds source is the investment of individual investors. Since the enactment of the Online Investment Finance Business Act, P2P lenders have also been able to use their own funds and funds from financial institutions, within a certain limit, for their lending business.
It appears that internet-only banks do not offer syndicated loans, given that the majority of loans provided by internet-only banks are to individuals. A small proportion of P2P lenders appear to have participated in syndicated loans in respect of real estate project financing, although this rarely happens.
MST (Magnetic Secure Transmission), NFC (Near Field Communication) and QR code are all being used for simple payment services.
The FSC has been supporting simple payment services, eg, introducing the “QR code payment standard” in November 2018.
In the past, foreign currency or credit cards which could be used overseas, like Visa or Mastercard, were required to make a payment overseas. The amendment to the Enforcement Decree of the Foreign Exchange Transactions Act on 28 May 2019 enabled electronic financial business entities to offer cross-border payment services by using a mobile payment.
A small amount overseas remittance service was introduced to support fintech technologies and dissolve the monopoly of commercial banks in overseas remittances through the amendment to the Enforcement Decree of the Foreign Exchange Transactions Act in July 2017. This Act allows an individual to make cross-border remittances of up to USD5,000 per transaction and up to USD50,000 per year.
Pursuant to the FSCMA, an investment company is obliged to delegate the following affairs to a fund administrator:
In order to be qualified to undertake the affairs stipulated above, fund administrators must be registered with the FSC. Requirements for registration are stipulated under the FSCMA, and include, among others, the need to maintain equity capital of over KRW2 billion.
To protect investors, the FSC may supervise fund administrators in connection with matters concerning, among others, conflicts of interests and delegation of affairs, and subsequently issue appropriate orders thereto.
A typical fund administration agreement executed by and between the investment company and the fund administrator customarily imposes liability on the fund administrator for damages arising from the fund administrator's fraud and/or intentional or negligent misrepresentation.
The FSCMA lays the legal groundwork for the operation of a securities market, bond market, or derivatives market established by the Korea Exchange, and further permits the operation of an over-the-counter market established by the Korea Financial Investment Association (“K-OTC”) and an Alternative Trading System (ATS).
However, an ATS had not been established as of January 2021, and most trading activities therefore take place in one of the marketplaces operated by the Korea Exchange.
While there are currently no laws or regulations directly targeting cryptocurrency transactions, the amendment to the Specified Financial Transaction Information Act, which will require the registration of cryptocurrency business operators for the purpose of preventing money-laundering, is set to come into effect in 2021.
As explained in 7.1 Permissible Trading Platforms, most transactions involving financial investment products are executed through one of the marketplaces established and operated by the Korea Exchange and are regulated under the FSCMA.
Transactions involving cryptocurrencies are regulated under the Specified Financial Transaction Information Act for the purpose of preventing money-laundering, and there are no separate laws or regulations targeting such transactions.
In order to suppress the speculative fervour in connection with cryptocurrency transactions, the FSC implemented a cryptocurrency real-name verification service and issued the Anti-money Laundering Guidelines for Cryptocurrencies in 2018 (AMLC Guidelines). Further to this, the FSC also amended the Specified Financial Transaction Information Act in 2020, to mandate the registration of cryptocurrency trading platforms in accordance with the standards of the Financial Action Task Force on Money Laundering (FATF) for the prevention of money-laundering activities.
In light of the above, a cryptocurrency business operator must
A duty to prevent money-laundering activities, including a duty to report high-risk transactions, is imposed on registered cryptocurrency business operators in a manner identical to the existing financial companies.
Listing standards for exchange marketplaces (eg, stock exchange markets) managed and operated by the Korea Exchange are stipulated under relevant regulations.
However, there are no separate laws or regulations prescribing the listing standards for cryptocurrency exchanges. Rather, each cryptocurrency exchange has established and implemented its own listing standards, and utilises such standards in making listing decisions.
As for listing standards above, while order handling rules for exchange marketplaces managed and operated by the Korea Exchange are stipulated under relevant regulations, there are no separate regulations with respect to order handing rules for cryptocurrency exchanges.
However, most cryptocurrency exchanges seem to operate in accordance with the typical rules on the execution of trade contracts, as applied in the securities market.
In Korea, P2P trading platforms have shown exceptional growth in connection with P2P lending.
As of June 2020, there were 238 companies providing P2P lending services with a total outstanding balance of loans of approximately KRW2.4 trillion. Compared to 2016, this was a twofold growth in terms of the number of companies, and a six-fold growth in terms of the total outstanding balance of loans.
Despite such growth, the P2P lending market has suffered from problems resulting from lack of sufficient/comprehensive legal guidance. Delinquency rates snowballed to a rate of 16.7% in June 2020, and investors were harmed as the market was permeated with illegal business activities.
In response to the growing concern over the P2P lending market, the FSC introduced the Online Investment-Linked Financial Business Act, which, among other things:
In addition, to deal with the tendency for P2P loans to be prevalent in the real-estate loan market, an effort is being made to alleviate any resulting distortion on the P2P finance market by applying various restrictions on P2P loans and investments made in connection with the real estate market.
Once the P2P lending market stabilises, positive effects are expected, including the revitalisation of the market for medium/low credit borrowers, and the diversification of methods for the evaluation of such medium/low credit borrowers.
The FSCMA requires operators of investment trading businesses or operators of investment brokerage businesses to establish and publicly disclose methods used to optimally administer and execute transactions at a price most favourable to the investor through comprehensively taking into consideration the price of the financial investment products, relevant costs including certain fees, the size of the order, and the possibility of successful execution of trade contracts (“Best Execution Rule”).
While the Best Execution Rule was introduced to the FSCMA in 2013, alongside and in connection with the introduction of Alternative Trading Systems, due to the fact that an ATS has not yet been established, the Best Execution Rule has not attracted much attention thus far.
There are no other regulations similar in effect to the Best Execution Rule with respect to cryptocurrency transactions.
While the FSCMA remains silent with respect to payment for order flow, this silence seems to be due to the lack of ATS in the market, and the resulting concentration of any and all transactions into a single, unitary market.
Under the current regulatory scheme, determination on whether payment for order flow should be permitted or prohibited is likely to be made in connection with the Best Execution Rule.
There are no other regulations in connection with payment for order flow with respect to cryptocurrency transactions.
Regulation of the Market
For the maintenance of market soundness and the protection of investors, the FSCMA prohibits the use of material non-public information, manipulation of market price, and other fraudulent or illicit trading activities.
Also, to further regulate unfair trading activities, the FSCMA was amended to prohibit incitement of market disturbances through the use of non-public information, and/or through manipulation of market price. Such regulation is being actively enforced.
Applicability of Market Regulations to Cryptocurrency Exchanges
However, it is worth noting that with respect to cryptocurrency transactions, the applicability of the above regulatory measures is yet to be determined. Upbit, a Korean cryptocurrency exchange, was indicted on charges including manipulation of market price through fake virtual currency transactions in 2018, but was subsequently found not guilty pursuant to the trial court’s determination that a cryptocurrency exchange is different from a traditional securities exchange, and that, accordingly, there are no regulations directly applicable to the case.
An appeal on the same case is currently pending. While the amendment to the Specified Financial Transaction Information Act established a registration system for cryptocurrency exchanges, the same act, without further amendments, fails to specifically and clearly regulate the activities of cryptocurrency exchanges. As such, regulatory uncertainty is likely to persist.
While there is currently no law or regulation directly or specifically regulating high-frequency trading (HFT), the restrictions under the FSCMA related to unfair trading and market disturbances, and the provisions under the Business Regulations of Securities Market, the Business Regulations of the KOSDAQ Market and the Business Regulations of the Derivatives Market regarding algorithmic trading, would generally apply.
In 2014, the Market Oversight Commission of the Korea Exchange issued the "Guidelines on the Management of Risks of Algorithmic Trading" to prevent accidents in connection with market orders, and thereby contribute to the safety of the market.
Recently, the Korea Exchange announced that it will establish measures to comprehensively manage and supervise algorithmic trading and procure an efficient means to oversee the market.
As explained in 8.1 Creation and Usage Regulations, there is currently no law or regulation directly or specifically regulating HFT or algorithmic trading.
As explained in 8.1 Creation and Usage Regulations, there is currently no law or regulation directly or specifically regulating HFT or algorithmic trading.
Since algorithmic trading is not being directly regulated, there are no specific regulations on either the programmers who develop and create trading algorithms, or the trading algorithms themselves.
The Korea Exchange’s "Algorithmic Trading Guideline" suggests that an error test be undertaken upon the development of trading algorithm software, that an input-error prevention function be implemented, and that the relevant trader should know how to operate the system and understand the logic behind such system. However, as the name suggests, the guidelines are not legally enforceable.
There is no law or regulation directly or specifically regulating the act of providing information that analyses and investigates matters in connection with fintech businesses.
However, if a financial investment company publishes certain data and information with respect to certain financial investment products, such data and information is regulated under the FSC’s "Guidelines on the Operation and Business of a Financial Investment Company".
The FSCMA prohibits certain activities that may result in market disturbance through manipulation of the market price or through the undermining of an investor’s reasonable judgment, or apprehension on the listed securities or exchange-traded derivatives. Such activities include the spreading of false information.
The FSCMA prohibits the direct and indirect use of material non-public information. However, there is no law or regulation directly or specifically regulating financial research platforms.
Insurance companies are continuously developing measures to utilise big data. An example of this is insurance companies’ use of big data to acquire low-risk insurance contracts upon risk assessment through analysis of the relevant customer, agent and attributes of the contract involved.
Automated Screening System
In February 2020, Dongbu (DB) Insurance Co Ltd, a Korean insurance company, launched an automated disease screening system which instantly provides information on the type of insurance that a certain customer may need/be able to purchase upon request through assessment of DB Insurance Co’s exiting database, along with the data provided by the relevant customer.
Use of Artificial Intelligence
While there is currently no law or regulation directly or specifically regulating the use of insurtech, the Insurance Business Act stipulates that only insurance solicitors, insurance agencies, certified insurance brokers, and officers/employees of insurance companies may solicit an insurance contract on behalf of an insurance company. In May 2019, however, through the regulatory sandbox initiative, the act of solicitation through the use of AI was temporarily granted exemption from the Insurance Business Act, allowing AI to broker or conclude an insurance contract on behalf of an insurance company.
The Insurance Business Act of Korea broadly categorises insurance products into life insurance products (eg, life insurance and pension insurance), non-life insurance products (eg, fire insurance, maritime insurance, and automobile insurance), and a third type that has the characteristics of both of the foregoing types of insurance products (eg, injury insurance, disease insurance, and nursing insurance). Each category of insurance products outlined above is subject to different regulatory standards and obligations.
Insurance companies are prohibited under the Insurance Business Act from engaging in life insurance business and non-life insurance business at the same time.
Since, as stipulated in 10.1 Underwriting Processes, there is currently no law or regulation directly or specifically regulating the use of insurtech, businesses that make use of insurtech are not subject to any additional regulations on top of the Insurance Business Act.
There is currently no law or regulation directly or specifically regulating regtech providers. However, since financial investment companies are prohibited from delegating responsibility with respect to internal controls, compliance, and risk assessment to third parties, financial investment companies delegating work in connection with internal controls, compliance, or risk assessment activities to regtech providers will ultimately bear responsibility for such work.
Meanwhile, the FSC is currently looking to undertake a pilot project in connection with Machine Readable Regulations (MRRs), while providing open application programming interfaces (APIs) capable of processing MRRs to facilitate regulatory compliance by financial investment companies.
Provided that investors (financial consumers) are sufficiently protected, and further provided that the use of regtech does not endanger sound trading practices, there is no separate restriction on utilising regtech services.
However, as the FSCMA, the Rules on Outsourcing by Financial Institutions, and other laws and regulations prohibit the delegation of core decision-making powers with respect to work related to internal controls, compliance and monitoring to a third-party provider (eg, a regtech provider), financial investment companies remain liable for financial accidents caused by errors in the regtech service.
In 2016, the FSC launched the blockchain council, presented a road map for the blockchain consortium of the financial industry, and announced its plans to reinforce and promote the use of blockchain throughout the financial industry.
Research and Development
Despite the government’s scrutiny over cryptocurrencies, it recognises the importance of blockchain and the underpinning technology behind cryptocurrencies, and continues its support of the research and development of blockchain technology.
Accordingly, many financial institutions are using their resources to research and develop the use of blockchain for real-name verification, review of loan applications, filing of insurance claims, evaluation of security interests, and foreign exchange/remittance services.
Other than the obligation to register cryptocurrency exchanges for the purpose of preventing money-laundering activities (see 7.3 Impact of the Emergence of Cryptocurrency Exchanges), there are no separate provisions regulating blockchains.
In its announcement of the anti-money laundering regulation, the FSC announced that it will restrict ICOs and mandate the registration of cryptocurrency exchanges, all the while supporting and fostering the research and development of blockchains.
Pilot Tests for a Central Bank Digital Currency
Meanwhile, in April 2020, the Bank of Korea announced its plans to establish a pilot programme, and to undertake pilot tests for a Central Bank Digital Currency (CBDC), and also announced its plans to pre-emptively evaluate the technological and legal adjustments necessary to proactively respond to the changes to the payment environment likely to occur upon the full implementation of the CBDC.
In 2017, the FSC announced that cryptocurrencies are not financial investment products (like securities or derivatives) under the FSCMA, nor are they electronic currency or money under the EFTA, and further noted that neither the government nor financial institutions can guarantee the value of cryptocurrencies.
Definition and Categories of ICOs
The FSC defines ICOs to be the procurement of investment in the form of cryptocurrencies through the issuance of digital tokens, and categorises ICOs into security-type ICOs (which are defined as the issuance of tokens that share in the profit of the project or are entitled to certain rights in, and distributions from, the company) and coin-type ICOs (which are defined to be the issuance of new cryptocurrencies on a platform). However, the FSC announced that it will prohibit all forms of ICOs, a regulatory stance maintained until now.
As noted in 12.3 Classification of Blockchain Assets, the government currently prohibits all forms of ICOs. Notwithstanding the amendments made to the anti-money laundering regime and the related amendment to the Specified Financial Transaction Information Act in 2020, the government has explicitly expressed that it does not intend to facilitate cryptocurrency trading through the exchanges, allow ICOs, or formally institutionalise cryptocurrencies.
As mentioned in 7.3 Impact of the Emergence of Cryptocurrency Exchanges, the Korean government mandates the registration of all cryptocurrency business operators for the prevention of money-laundering activities.
While the mere acts of transmission and receipt of cryptocurrencies between individuals is not subject to regulation under the Specified Financial Transaction Information Act, if an entity or an individual trades cryptocurrencies “for business”, this act would render such entity or individual a cryptocurrency business operator, and bring such entity/individual within the scope of regulations under the same Act.
In October 2018, the FSC issued a warning to the public through a note titled "Notice to investors with respect to crypto-funds", stating that the name, along with crypto-funds’ structural similarity to mutual funds might mislead common investors to mistakenly believe such funds to be legal investment tools in compliance with the FSCMA, and further emphasised that crypto-funds have never been approved by, or registered with, the FSC, and are thus in violation of the FSCMA.
In light of the above, funds investing in cryptocurrencies or funds consisting of cryptocurrencies are still considered to be prohibited in Korea.
In the regulation on the duty of cryptocurrency exchanges to prevent anti-money laundering activities, the FSC defines cryptocurrencies as "a digital denomination of value that may be electronically traded or transferred".
The FSC further distinguishes electronic prepayment means and electronic currency, as defined under the EFTA, from cryptocurrencies, differentiating between electronic/virtual currencies and cryptocurrencies.
There is yet to be a definition of or regulation on, or in relation to, "DeFi" (decentralised finance) platforms.
Summary of the Open Banking System
In February 2019, the FSC announced the "Measures for Innovation in Financial Payment Infrastructure", pursuant to which, in October 2019, certain banks commenced open banking services on a trial basis.
In December 2019, the open banking service became fully operational, with 16 banks and 31 fintech companies starting to offer the service to customers.
Commercial banks, local banks, internet-only banks, and even fintech companies, are able to participate in the open banking system in Korea, unlike in the UK or Australia, where open banking was primarily rolled out to "large" banks.
Also, the Korean open banking system’s APIs allow not only perusal of information, but also wire transfer functions, thus facilitating wire transfer services.
How to apply
To participate in open banking, the relevant applicant must first submit an application to the Korea Financial Telecommunications & Clearings Institute (KFTC), receive approval, develop fintech services, test such services for viability, and pass a security check and vulnerability inspection prior to signing a service agreement with the KFTC.
The FSC’s Plans for Open Banking
In July 2020, the FSC held a seminar on the achievements and the future of open banking, where it announced its plans to expand the scope and functions of open banking services to enable “My Payment” business and “My Data” businesses to participate.
The FSC also plans to extend the scope of financial institutions participating in open banking to include non-banks (eg, savings banks and financial investment companies).
Finally, the amendments to the EFTA establish a legal ground for open banking, while stipulating that providers of electronic payment clearing systems may not discriminate against, or refuse to provide services to, a user without a valid reason.
A distinct feature of the open banking system in Korea is that the KFTC operates open banking and acts as an intermediary between users and providers, whereas other countries that operate open banking systems do so through separate agreements between the different financial institutions participating in the system.
To prevent financial accidents and to provide redress for any damages incurred by users, the following measures have been implemented.
Recent Developments in Korea’s Fintech Industry
Korea’s fourth industrial revolution will now be characterised by the recently announced deregulation of the fintech sector.
In 2020, financial authorities in Korea declared that innovation in the fintech sector through, among other things, reform of financial regulations, promotion of the data economy, and the elevation of digital finance, would be one of their main policy initiatives for the year. Through this declaration, financial authorities appeared to signal their willingness to overhaul the existing financial regulatory framework, to strengthen the infrastructure for fintech innovation, and to create an environment which will allow financial innovation to take place continuously and progressively across a wide range of applications, such as data processing and payment settlement.
Against this backdrop, various fintech enterprises and financial companies in Korea have been offering a diverse array of services by actively utilising “financial regulatory sandboxes” – which temporarily exempt or suspend the application of existing financial regulations in certain areas upon their designation as an innovative financial service – under the Special Act on Support for Financial Innovation (“Financial Innovation Act”) which came into force on 1 April 2019.
In addition, with the recent passage and expected passage of a number of bills amending various fintech-related legislation, Korea’s fintech industry is poised to experience even greater levels of growth in the future. Notable examples of such legislation include recent amendments to the Credit Information Use and Protection Act (“Credit Information Act”), the Digital Signature Act, the Act on Reporting and Use of Certain Financial Transaction Information (“Certain Financial Information Act”), and the Electronic Financial Transactions Act. We discuss these developments in greater detail below.
Some Recent Developments
Changes in the data industry following the amendment to the Credit Information Act
Big data, MyData, data portability
The amended Credit Information Act, which came into effect on 5 August 2020, not only provides the statutory basis for the analysis and utilisation of big data but also strengthens safety measures to prevent the adverse effects associated with its use. In addition, the concept of credit information self-management (“MyData”) has been introduced and the existing system for regulating credit bureaus which carry out credit evaluations of individuals (“CBs”) has been revamped. Furthermore, the amended Credit Information Act also contains features which expand the informational self-determination rights of individuals by providing the right to request transmission of one’s personal credit information (ie, right to data portability) and the right to challenge decisions based on automated decision-making.
Pseudonymised and anonymised information
Under the amended Credit Information Act, financial companies and the like are permitted to use “pseudonymised information” without the consent of data subjects for purposes including statistical compiling (including market surveys and other statistical compiling for commercial purposes), research (including research for industrial purposes) and record preservation for the public interest. Also, “anonymised information” may be used freely, without limitation, as it is no longer deemed personal information, and the statutory basis for the combination of data has been established to facilitate the commercial use of pseudonymised information. Thus, it would be advisable for companies to familiarise themselves with the scope of data which may be processed without the consent of data subjects, as well as the safety measures and ex-post controls for the utilisation and combination of pseudonymised information.
Subject to compliance with applicable licensing requirements (eg, minimum capital, sufficient data processing capability), companies may now provide MyData services, which will enable individuals to conduct integrated searches of their personal credit information, self-manage their credit/asset portfolios, and receive offers for customised products/services. To date, the Financial Services Commission (FSC), which is responsible for reviewing and approving licences, has received a large number of MyData licence applications from various banks, credit financing companies, financial investment companies, mutual savings banks, and fintech companies, and has granted preliminary approval in several cases.
Changes in the certification market following the amendment to the Digital Signature Act
End of official certificate authentication system
Following the coming into force of the amended Digital Signature Act on 10 December 2020, the official certificate authentication system (which had existed since 1999) was formally dismantled. Although the official certificate authentication system was widely used in the early stages of Korea’s electronic signature system and contributed to the development of e-commerce, the system (adopted and maintained by the Korean government) has also been criticised in recent years for hindering the development of digital signature technology/innovation and for restricting consumer choice due to its monopolistic status in the certification market.
Evaluation/accreditation of digital certification services
Under the amended Digital Signature Act, certified digital signatures based on the official certificate authentication system are no longer accorded superior legal status, thereby paving the way for competing digital signature solutions from the private sector to enter the certification market. Also, measures have been introduced for the evaluation/accreditation of digital certification services (based on widely accepted international standards) and to strengthen safety measures for digital signature users/subscribers, such as subjecting digital signature service providers to (i) enhanced disclosure obligations regarding various aspects of their digital signature services, and (ii) a presumption of liability for damages arising from their digital signature services.
Development of digital certification services
These latest amendments are expected to serve as a catalyst for the development of innovative and more convenient digital certification services in the private sector, based on new technologies such as blockchain and biometric certification. Also, the advent of such new technologies is expected to lead to the creation of new digital certification services which will, among other things, enable certification between internet of things (IoT) devices and other objects.
Changes in the virtual assets market following the amendment to the Certain Financial Information Act
VASP reporting obligations
The amended Certain Financial Information Act, which defines “virtual assets” and creates certain reporting obligations for virtual asset service providers (VASPs), is expected to come into force on 25 March 2021. Additionally, amendments to the Enforcement Decree of the Certain Financial Information Act, which will contain specifics that were not set forth in the statute, are expected to come into effect around the same time. The amended Certain Financial Information Act imposes various anti-money laundering/combating the financing of terrorism (AML/CFT)-related obligations on VASPs, including the obligation to report certain information regarding its operations to Korea’s Financial Intelligence Unit (FIU). In particular, a VASP must obtain information security management system (ISMS) certification, segregate each user’s deposited funds, and comply with other stringent requirements.
Definition of a VASP
The Certain Financial Information Act defines a VASP as a person who conducts the business of:
The draft-amended Enforcement Decree of the Certain Financial Information Act does not add other types of activities to such definition of a VASP. Instead, the financial regulator has stated that the application of the Certain Financial Information Act will be limited to major VASPs. In particular, the FSC has explained that a business operator who (i) simply provides a market on which trade offers can be posted; (ii) does not have independent control over personal encryption keys; and (iii) is a provider of hardware wallet services such as cold wallets, is not considered a VASP. The FSC’s position seems to reflect its intention of limiting the scope of VASPs by accepting the international standards of the Financial Action Task Force (FATF). However, because the FATF international standards are only general principles of interpretation, we expect that even after the amended Certain Financial Information Act and its Enforcement Decree come into effect, companies will still be faced for a while with the question of whether their various business models will qualify them as VASPs.
Requirements of VASPs
Additionally, the Certain Financial Information Act requires a VASP to conduct financial transactions using real-name verifiable accounts. However, the FSC announced its intention to exempt certain VASPs from this requirement in cases where real-name verifiable accounts are unnecessary, such as, where no deposits are made because no exchange of fiat currency and virtual assets occurs. This appears to take into account the fact that if there is no exchange of fiat currency and virtual assets, a linkage with a bank account is unnecessary.
The Certain Financial Information Act introduces the so-called “travel rule", which requires VASPs transferring virtual assets to disclose and provide relevant information to the recipient. This rule applies to transfers of virtual assets worth KRW1 million or more, and even where such virtual assets are transferred to an individual, the VASP must confirm the identity of the recipient, since transfers to an unidentified individual’s wallet are prohibited. Also, even in cases where an individual makes a transfer to a VASP (ie, an individual user registered therewith), the VASP must determine whether it is a suspicious transaction by requesting information on the sender from the customer.
The FSC has explained that the enactment of the amended Certain Financial Information Act does not signal the institutionalisation of virtual assets, and that the FSC will work closely with the relevant government agencies and regulatory authorities regarding overspeculation and illegal activities related to virtual assets. However, from the perspective of users of virtual assets, the fact that they will be able to utilise the services of VASPs, which have satisfied various reporting requirements, is likely to have a significant impact on the industry as a whole.
The expected impact of the amended Electronic Financial Transactions Act
Digital finance in Korea is growing rapidly due to the expansion of mobile payment and remittances, advancements in authentication technology, and the launch of various related platforms. On the other hand, the Electronic Financial Transactions Act (EFTA), which governs domestic digital finance, was considered by some to have failed to reflect recent changes in the financial environment in the wake of the fourth industrial revolution. Accordingly, the FSC announced its “Comprehensive Digital Finance Innovation Plan” on 27 July 2020, which proposed amendments to the EFTA aimed at fostering an innovative digital finance industry, establishing a user protection system, creating a foundation for digital finance transactions, and strengthening digital finance security. A legislative bill to this effect was submitted to the National Assembly on 27 November 2020.
Reclassification of electronic financial services
In light of the recent changes to the financial landscape where more and more services are being combined together, the draft amendment of the EFTA re-classifies electronic financial services into four categories based on function. The existing seven categories (ie, electronic fund transfer services, electronic currency issuance services, electronic prepayment means issuance services, electronic debit payment means issuance services, payment gateway services, payment deposit services, and electronic bill presentation and payment services) will be consolidated and simplified into three (ie, fund transfer services, payment settlement services, and payment gateway services), while a new category for payment initiation services will be added. It is expected that this re-classification will make it easier to structure regulations – including those related to market entry and business operations – in a more reasonable manner by allowing for the differentiation of risk levels by each industry. In addition, the minimum capital requirements for entry into the electronic finance industry will be adjusted to lessen the burden on innovative start-ups and others wishing to enter the industry. In particular, it is possible that the draft amendment of the EFTA may recognise exceptions for certain requirements (eg, minimum capital, registration) based on the scale of a company’s business operations and thus, start-ups and other potential entrants to the electronic finance industry are advised to monitor legislative/regulatory developments in this regard to determine if they will qualify for such exceptions.
Payment initiation services
The draft amendment of the EFTA also introduces payment initiation services, ie, services which allow a third-party service provider to deliver payment instructions to a financial company controlling a payer’s bank account to execute transactions on behalf of such payer, thereby facilitating the electronic transfer of funds. Furthermore, financial companies and the like which receive payment instructions from payment initiation service providers will, subject to the prior consent of payers, be required to treat payment instructions as if they were issued directly by such payers, and financial companies and the like which have received payment instructions will be prohibited from discriminating against certain payment initiation service providers or refusing to process certain payment instructions. It is expected that this development, which enables direct remittances and settlements between financial companies, will reduce fees and transactional risks, and when utilised together with MyData services under the Credit Information Act, will lead to the creation of various innovative services.
One-stop digital finance service solution
A comprehensive payment and settlement service provider system will be created to provide a one-stop digital finance service solution capable of directly issuing and managing customers’ payment accounts, handling payments and transfers, and providing other digital financial services. A comprehensive payment and settlement service provider will be permitted to operate all categories of electronic financial services based on a single licence and provide account-related services (eg, transfer of wages, payment of credit card bills/insurance premiums/utility bills) by exercising direct control over customers’ payment accounts.
User protection system
In addition, the draft amendment of the EFTA establishes a user protection system by strengthening the protection of the funds of digital finance users as well as increasing the potential liability of financial companies and electronic financial service providers for damages related to financial accidents. In particular, the draft amendment (i) requires the fund transfer service provider or payment service provider for electronic prepayment means to separate customer deposits (received from customers in connection with electronic payment transactions) from their own assets by depositing such customer deposits with and/or entrusting the management of such deposits to other fiduciaries such as banks; and (ii) guarantees the customer’s right to be reimbursed over other creditors in the case of bankruptcy of the fund transfer service provider or certain other parties holding his or her funds.
In addition, the draft amendment of the EFTA also includes various other features such as the creation of a user protection system for financial platforms, increased potential liability of financial companies for unauthorised transactions, and the institutionalisation of open banking and e-payment transaction clearing services. As such, financial companies, electronic financial services providers, and other potential entrants to the financial industry are advised to monitor legislative and regulatory developments in this regard.
For the past two to three years, the Korean government has actively promoted the fintech industry and established laws in various fields to lay the foundation for the fintech industry to grow. It is expected that these latest developments will serve to enhance the synergy between new technology and finance, bringing innovation and change to the entire financial industry.