BASIS ID is set for South Korea’s new AML rules for cryptocurrency

The new rules came into force on April 25, 2021. They have imposed harder and stricter conditions on Virtual Asset Service Providers (VASPs) in managing risks of money laundering and other crimes related to it. These measures are the latest example of South Korea working hard to comply with new Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) directives in the virtual asset space.

What are South Korean AML regulation updates and what are they bringing to the FinTech companies? Continue reading to know more.


South Korea has shown remarkable economic growth over the past forty years. In the 1960s, the country’s GDP per capita was as low as that of the poorest lands of Africa and Asia. In 2004, South Korea entered the trillion-dollar club of the world’s economies. Though, this financial “phoenix rise” and growing wealth of the Korean companies could not but contributed to the increase and development of criminal activity in the country.

Roughly, half of money laundering activity is linked to organised crime, represented by Japanese yakuza, Chinese triads and Nigerian gangs. Another half is associated with local criminals, official corruption, and ethnic Koreans living abroad. Numerous underground banking systems function in the country. They are mostly used by South Korean nationals, North Korean defectors and foreign workers from China, Southeast Asia and the Middle East. Several reports show that North Korean renegades only remit more than $10 million per year to family members in their home country through illegal banking systems between South Korea and China.

South Korea has been a member of the Asia/Pacific Group on Money Laundering (APG) and an observer member of the Financial Action Task Force (FATF) since 2009. According to the latest follow-up Mutual Assessment Report (2020), the Republic has been deemed compliant for 12 out of 40 FATF recommendations and largely compliant for 20 of them. It has also been deemed Highly Effective for 0 and Substantially Effective for 5 out of the 11 areas of Effectiveness of its AML/CFT Regime.


“Bad news for scammy ICOs and exchanges. Good news for blockchain professionals in Korea”

-tweeted Doo Wan Nam, the Korea Lead & Asia Partnership at MakerDAO.

DAO is a stablecoin cryptocurrency that aims to keep its value as close to one United States dollar as possible through an automated system of smart contracts on the Ethereum blockchain.

According to CoinDesk Korea, the new legislation is a sort of revision of the existing Financial Information Act and focuses mainly on South Korea’s AML and CFT framework for virtual asset service providers.
The act regulates selling, buying, exchanging, transferring, storing, and managing virtual assets as a business.

The amendment places new duties on VASPs that include data maintenance, internal controls, and some other particular obligations, such as keeping separate records of clients’ activity; reporting suspicious transactions and performing KYC to verify customer identities.

Previously such obligations were given only to physical financial institutions like, for example, banks.

The policy also obliges all VASPs to register with the FSC and partner with a one, single bank for deposits and withdrawals.
This affiliation of virtual wallets and physical bank accounts is meant to ease the regulators’ task of tracking the movement of illicit funds.

Looking at the contents of the law, not only cryptocurrency exchanges, trustees, e-wallet firms, but also ICO companies issuing cryptocurrencies are considered to be virtual asset providers and must be registered to a owners’ actual name.

The amendment will take full effect in 2022, yet certain sanctions for non-compliance are coming into force from September 2021. This means virtual asset businesses which are being active now have less than six months to register with the named regulators and get ISMS certification to be able to continue to function further.

ISMS certification is a system used by the Korea Internet & Security Agency (KISA) to certify whether a company can safely protect its data assets. Depending on the size of the company, it is expected to take more than six months to obtain this certification and will cost the company several hundred million won. At the moment, only four major exchanges have the ISMS certification plus Gopax, Hanbitco, and Jetfinex (formerly BTCC KOREA).

The Financial Services Commission, which is the top supervisor of financial companies in South Korea, has suggested a new structure of penalties for businesses that fail to properly implement anti-money laundering measures.

The penalties are based on a legal maximum amount and include fines varying from 30 to 60% of this legally approved maximum.
The FSC has also proposed a penalty reduction scheme, enabling reducing fines up to 50% for larger companies and more than 50% for smaller businesses.

The fact of the new legislation likely reveals true reasons for forthright steps from Bithumb, the second-largest crypto exchange in South Korea. As a reminder, Bithump tightened up its provisions around Anti-Money Laundering and Know Your Customer measures just the day before the FSC introduced the new regulation policy.

Therefore, the exchange started to ban accounts from the countries being on the regulator’s watch list or getting identified as posing high risks. These countries include Myanmar, Iceland, Iran and North Korea.


The new measures have met a lot of critics from industry experts. They claim gaps in the rules put domestic digital currency companies at a competitive disadvantage and could squeeze out Korea’s smaller players who cannot afford to take on the regulatory burden.

Local AML Regulations in South Korea

Getting certification by the Korean Internet Security Agency is a costly and quite lengthy process that only seven companies have succeeded so far.
Summarising those concerns, the CEO at TEK & LAW, Koo Tae-eon said that establishing banking relationships, as a result of the incoming measures was hard for smaller digital currency companies.

“Many crypto exchanges have tried to abide by the new law by getting real-name accounts from the local banks, but it didn‘t work. Even those that are equipped with an information security management system and have CEOs with no criminal records were not able to forge a partnership with banks”

-he commented

As a part of the solution, South Korean exchanges may try to consolidate, raise funds and band together to meet the new requirements. It could put an end to grey-area projects that try to take advantage of investors. Particularly, it concerns initial coin offerings (ICO), which must follow the registration requirements under the new law.


Despite critics among FinTech experts, the measures are already being in effect. South Korea is working hard to comply with new global AML and CFT directives. Not only companies in the virtual asset space but any institutions at risk of money laundering (such as casinos, insurance companies, mutual savings banks, financial companies, credit cooperatives, credit unions, trust companies, etc) — must take various precautions and comply with AML / CTF regulations along with the Customer Due Diligence(CDD) policy.

These organisations should vigorously address the compliance process to prevent possible risk situations, otherwise they may have to pay large fines or be forced to stop their business activity.

BASIS ID helps companies of all sizes to manage their AML, KYC, and CDD processes.
BASIS ID is proud that all of its clients are satisfied and all audits and control institutions, including BIG4 auditors, are always being passed with the highest score. This allows BASIS ID to guarantee the best level of service while having sufficient flexibility to provide an extra smooth experience to the end customers.

BASIS ID is a member of ZignSec group company and provides KYC and AML verification, along with risk and fraud management services worldwide. A distinctive feature of BASIS ID is the flexibility in providing solutions and integrating within various services and industry-specific solutions. BASIS ID is an innovator in the field of data analysis and personal data verification.

The company follows every local and international regulatory obligation. This includes strong reporting, corporate governance, licensing, and compliance with international laws such as GPDR, data localisation laws, and FATF.

Protect your company from legal penalties with the most robust AML compliance solutions ever. Don’t hesitate to contact BASIS ID for more information or additional questions.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store



The best solution to business tasks of KYC, AML and verification procedure.