South Korea does not have any laws or regulations which are explicitly designed to regulate distributed ledger technology (DLT), blockchain, or smart contracts. As a result, the existing regulatory framework has been applied to these new technologies.
Due to the recent development and popularisation of blockchain technology and digital assets, as well as their increasing social impact, the South Korean regulators have begun discussing the introduction of a new set of laws mainly designed to regulate digital assets.
In particular, the new government (since May 2022) has stated that it plans to create a policy environment in which the virtual asset market can grow responsibly by enacting the Framework Act on Digital Assets (the ‘Framework Act’).
The legislation is being discussed in various spheres including the National Assembly, different regulatory agencies and the market. A general direction for the Framework Act is expected to take shape either in 2022 or 2023. However, since no details about the Framework Act have been determined, this article will focus on past discussions about digital assets, decentralised finance (DeFi), and other services based on DLT, blockchain, and smart contracts.
Although there has been much debate on whether financial regulations can apply to cryptocurrency, the South Korean regulatory authorities have not provided clear insight on the classification of cryptocurrencies under the South Korean law.
The discussion of whether the current financial regulations in South Korea may apply to cryptocurrency centres around whether a cryptocurrency may be classified as security, in which case the Financial Investment Services and Capital Markets Act (FSCMA) would apply.
If a cryptocurrency is classified as security, any activities associated with issuing/offering/selling and distributing such cryptocurrency will be subject to different requirements/restrictions under the FSCMA.
The South Korean regulatory authorities have not provided clear insight on the classification of cryptocurrencies under South Korean law
The FSCMA defines securities as “financial investment products for which investors do not owe any obligation to pay anything in addition to the money or any other valuables paid at the time of acquiring such financial investment products.”
The FSCMA specifies only six types of securities: debt securities, equity securities, beneficiary certificates, investment contract securities, derivatives-linked securities and depository receipts. The question of whether cryptocurrency can be considered a security is centred around whether cryptocurrency may be considered an investment contract security.
Investment contract securities are similar to investment contracts under the US Securities Act, and are defined according to a set of criteria similar to those used in the Howey Test in the US.
The FSCMA defines investment contract securities as “instruments bearing the indication of a contractual right under which a specific investor is entitled to receive the profits or losses from a common enterprise between the investor and a third party (including other investors) in which the specific investor invests money, etc., and which is predominantly operated by the third party.”
The Howey Test’s standard for an investment contract is “a contract, transaction or scheme with the expectation of profits that involves an investment of money in a common enterprise solely from the efforts of the promoter or a third party.” By contrast, the defining standard for an investment contract security under the FSCMA is a “contractual right … entitled to receive the profits.”
Due to the decentralised nature of cryptocurrency that makes it difficult to identify the subject of such right, cryptocurrency is unlikely to constitute an investment contract security under the FSCMA.
However, the Financial Services Commission (FSC) recently announced that fractional investment using NFTs or tokens, etc. could constitute an investment contract security, and published the ‘Guideline on New Securities Businesses such as Fractional Investment’ on the subject.
The Guideline stated that a fractional investment in a business is likely to be recognised as a security when expertise or business activity of a person engaging such business (‘business operator’) is important to the investor’s income and when (i) it is difficult to allocate profits or avoid losses without the business operator; (ii) the success of the distribution market operated by the business operator has a significant impact on profits; or (iii) the business operator creates a reasonable expectation during investor recruitment that the value of the fractional investment product linked to the business can be increased through the business operator’s efforts and abilities.
By contrast, if the fractional investment product does not meet the above criteria and an ownership thereof can be directly divided or used, profited from, or disposed of individually, the fractional investment product is less likely to be considered an investment contract security for the purpose of the FSCMA.
Furthermore, if a fractional investment product is deemed a security, the business operator must issue and distribute the fractional investment securities in compliance with the FSCMA. However, if issuance and distribution within the existing legal system is difficult, the Guideline states that the business operator can temporarily issue and distribute the securities by obtaining an innovative financial service designation through the financial regulatory sandbox, pursuant to the Special Act on Financial Innovation Support.
When applying for the financial regulatory sandbox, the business entity must establish an investor protection system that includes preparation of explanatory materials and advertisement standards/procedures and issuance of terms and conditions, such that investors may gain an accurate understanding of matters that are important for making investment decisions.
Meanwhile, the Act on Reporting and Use of Certain Financial Transaction Information (AML Act) is the first South Korean law to explicitly define digital assets (virtual assets) and introduce regulations for virtual asset service providers (VASP).
The AML Act is an anti-money laundering law that was amended in accordance with the Financial Action Task Force (FATF)’s guideline to establish AML/CFT controls for VASPs as well as financial companies. As of March 25 2021, the amended AML Act became effective, imposing anti-money laundering requirements for cryptocurrency exchanges and other VASPs.
The AML Act defines virtual assets broadly as (i) electronic certificates (including any and all related rights); (ii) with economic value; and (iii) that can be traded or transferred electronically.
However, “electronic certificates or information about such certificates that cannot be traded for currency, products, or services, whose location and purpose of use have been limited by the issuer,” results of the use of game products, prepaid electronic payment means, digital currencies, digitally registered stocks, electronic bills, electronic bills of landing, electronic bonds, and “gift certificates on which the issuer has specified a monetary value or quantity of products/services, that are stored and used on mobile devices such as mobile phones” are not considered virtual assets.
Although cryptocurrency is quite clearly a virtual asset, the same cannot be said for non-fungible tokens (NFTs), as each token has unique data and properties (uniqueness), and the tokens change completely after being issued due to tracking information such as the unique name for the product for which the NFT was issued, a unique symbol, the owner, and metadata. As such, NFTs differ from cryptocurrency in value despite being visually identical, and have therefore been understood generally not to constitute virtual assets.
However, as mentioned, the definition of virtual assets under the AML Act is very broad. It is possible that NFTs may be deemed virtual assets according to the definition, since they (i) are electronic certificates; (ii) have economic value; and (iii) can be traded or transferred electronically. The FSC has also stated that NFTs may be considered virtual assets when they are used for investment or payment purpose, which is the same position as the FATF’s guideline.
IT and security regulations under the Electronic Financial Transactions Act can pose an obstacle to financial companies seeking to adopt DLT or blockchain
As with other financial companies, VASPs are subject to various AML requirements, including those involving suspicious transaction report and customer due diligence. VASPs are also required to set up in good faith an internal control system to fulfil such AML requirements and to separately manage transaction details of its customers.
Moreover, VASPs must file VASP reports to the Financial Intelligence Unit (FIU) after satisfying prescribed requirements (including obtaining of certified information security management system (ISMS) and engaging in fiat transactions with a bank deposit account which confirms the identity of the account holder), and the FIU with full discretions may refuse to accept such VASP reports if there are grounds for non-acceptance.
The AML Act defines VASP as “a person who engages in the business of preserving/managing, transferring, or buying/selling virtual assets, exchanging virtual assets for different virtual assets, or mediating, arranging, or acting as an agent in the sale, purchase, or trading of virtual assets.”
The VASP Reporting Manual by the FIU and FSC (the ‘Manual’) designates virtual asset exchanges, virtual asset custody service providers, and virtual asset wallet service providers as ‘major VASPs’ who must be subject to VASP reporting requirement under the AML Act. The Manual also states that virtual asset trading for an individual (e.g. P2P), one-time acts, and providing a platform without any fees need not be reported.
Since the AML Act mostly concerns obligations to prevent money laundering, its capacity to regulate the general activities of virtual asset businesses is limited. For this reason, the government intends to introduce comprehensive regulations of digital assets through the aforementioned Framework Act on Digital Assets.
The Bank of Korea (BOK), the central bank of South Korea, is also reviewing the introduction of the central-bank digital currency (CBDC). The BOK engaged Ground X, the operator of the blockchain platform ‘Klaytn’, via a public bid process, to establish a trial environment based on DLT in cooperation with the BOK and test whether development, issuance and redemption of CBDC would be feasible.
DeFi appears in various forms, including deposit services, loan services, and a decentralised exchange (DEX). The South Korean regulators have not yet taken an explicit position on DeFi.
For deposit services, the issue may arise on whether they constitute an act of unauthorised fundraising prohibited in the Act on the Regulation of Conducting Fund-Raising Business without Permission, and for loan services, whether they constitute loan business that require a license under the Credit Business Act. However, because these laws currently apply to fiat money, they cannot easily be applied to deposit or loan services that use cryptocurrency, which has led to the proposal of a bill to the National Assembly that would extend to virtual assets.
As for DEX, there is a room for debate on whether the VASP regulations under the AML Act are applicable, due to the decentralised nature of DEX complicating the question of whether a person who led the development of a DEX can be considered a VASP. The South Korean regulators have not yet rendered an explicit decision on whether DEX constitute VASP.
It is yet unknown whether the Framework Act on Digital Assets to be enacted by the new administration will extend to DeFi services. However, as a result of significant damages suffered by investors to DeFi services becoming a social issue, there is a growing need to regulate DeFi. As such, it will be necessary to monitor relevant legislative developments and evaluate who will be regulated under the DeFi regulations, whether South Korean laws can be applied to DeFi services being offered from abroad, and how DeFi may be effectively regulated.
South Korean financial companies rarely create financial products linked to virtual assets, due to the negative stance that South Korean financial regulators have towards virtual assets. Instead, South Korean financial companies have focused on developing services that utilise DLT and blockchain technology, such as authentication services and trade finance services. However, these services have not had meaningful market attention.
IT and security regulations under the Electronic Financial Transactions Act can pose an obstacle to financial companies seeking to adopt DLT or blockchain. The network separation requirements may be especially obstructive, as they limit communication between nodes.