newsio aggregates and links to original sources. We do not own the original images or content. If you believe content infringes on intellectual property rights, contact us — it will be removed at first notice.
web3/news//CryptoSlate
The Act on Reporting and Using Specified Financial Transaction Information is South Korea’s core anti-money laundering and counter-terrorist financing statute.
South Korea's 2024 update now requires VASPs to report major-shareholder status and compliance-system information.
KEY POINTS
Act No. 21358, effective August 20, 2026, extends disqualification checks to major shareholders of VASPs.
The 2026 amendment allows KoFIU to impose conditions when accepting VASP registration reports.
Existing registered VASPs must re-report under amended rules within three months after the new law takes effect.
Foreign VASPs serving Korean users are subject to South Korea's AML registration if their services impact Korea.
The Act on Reporting and Using Specified Financial Transaction Information is South Korea’s core anti-money laundering and counter-terrorist financing statute for specified financial transaction information and a key legal basis for the Korea Financial Intelligence Unit. For crypto, the Act’s virtual asset service provider registration regime was added through the 2020 amendment, Act No. 17113, and became operative on March 25, 2021. As of June 6, 2026, the core VASP AML registration regime is in force, while a later 2026 amendment is scheduled to tighten entry rules from August 20, 2026.
Key provisions of the VASP AML registration regime
The regime places virtual asset service providers inside South Korea’s AML/CFT reporting framework. The Act treats a VASP as a covered financial company category and connects virtual asset transactions to the statute’s reporting, customer due diligence, recordkeeping, and supervisory architecture. Its purpose is not to create a general crypto market conduct code; it is primarily an AML/CFT statute designed to support reporting and use of specified financial transaction information.
KoFIU reporting before operation: A VASP, including a person intending to operate the business, must report company identity and prescribed business details to the Commissioner of the Korea Financial Intelligence Unit. Material changes also require a change report.
Registration gatekeepers: KoFIU may refuse to accept a report where a VASP lacks information security management system certification, does not use a real-name verified deposit and withdrawal account where required, has specified disqualifying convictions, or has had a report cancelled within the statutory lookback period.
AML duties after registration: Registered VASPs are subject to AML duties that include customer identification, suspicious transaction reporting, travel-rule obligations, and supervisory inspection. Article 8 also requires customer transaction details to be managed separately for reporting purposes.
Foreign VASP reach: Chapter III applies to VASP financial transactions outside Korea where the activity has a domestic impact, making foreign services targeting Korean users part of the registration analysis.
Jurisdictional impact in South Korea
The regime reshaped market access for Korean-facing crypto exchanges, wallet providers, custody providers, and other covered virtual asset businesses. Existing VASPs were given a six-month transition period after the March 25, 2021 effective date, ending September 24, 2021. The FSC later reported that 42 VASPs filed registration reports by the deadline, with KoFIU and the Financial Supervisory Service reviewing whether applicants were prepared to comply with AML duties.
For Korean users and counterparties, the regime created a public-law distinction between registered and unregistered VASPs. The FSC and KoFIU have stated that VASPs operating without filing after the deadline may be treated as illegal operators, and the statute provides criminal penalties for operating virtual asset transactions without filing a report. The regime should be read together with South Korea’s separate Act on the Protection of Virtual Asset Users, which took effect in 2024 and added user-asset protection, unfair-trading, inspection, and sanctions powers beyond the AML-centered framework.
Status, 2024 updates, and 2026 amendments
The operative text remains in force as a non-U.S. national statute. A 2024 subordinate-rule update strengthened reporting by requiring VASPs to report compliance-system details and major-shareholder status, introduced differentiated change-reporting periods, and added grounds for suspending registration review when related criminal, inspection, or investigative matters are pending.
Act No. 21358, promulgated on February 19, 2026 and scheduled to take effect on August 20, 2026, will further expand entry screening. The amendment adds a statutory definition of major shareholders, extends disqualification checks to major shareholders, adds financial condition, social credibility, organizational, staffing, IT, and internal-control review factors, and authorizes KoFIU to attach conditions when accepting a VASP report. Existing registered VASPs must re-report under the amended Article 7 within three months after the amendment takes effect.
Editor note
This profile summarizes the legal-reference status of the South Korean VASP AML registration regime and should not be read as legal, tax, investment, or compliance advice. Editors should verify the post again around August 20, 2026, when Act No. 21358 is scheduled to enter into force.