I OVERVIEW

Currently, there are no prohibitions or restrictions for certain types of fintech businesses in Korea, nor is there an existing regulatory regime that specifically regulates cryptocurrency or blockchain. However, fintech businesses are likely to be subject to existing Korean laws and regulations, depending on the specific nature of the business undertaken. For example, certain financial activities of fintech companies may be regulated under existing Korean financial laws such as the Electronic Financial Transaction Act (EFTA).

As to the Korean government's stance, financial regulators and policymakers are generally receptive to fintech innovations and technology driven new entrants to regulated financial services markets in Korea. The Korean government identified fintech as one of its 24 key areas to support innovation as a means to spur growth in the Korean financial industry. For example, the Korean government established the Fintech Support Centre that provides guidance on fintech-related projects and an opportunity for fintech start-ups to present their services to financial institutions. The Financial Services Commission (FSC) has announced 18 key projects for 'financial innovation' to be implemented as part of their 2018 business plan, and support for the fintech industry is one of FSC's key initiatives.

In terms of specific fintech-friendly policies, the Special Act on Support of Innovation of Finance (the Special Act), enacted in December 2018 and enforced from 1 April 2019, introduced the regulatory sandbox scheme in Korea. The new law introduces expedited confirmation on regulation and relaxed regulatory standards for those financial services designated as innovative financial service by the government.

Furthermore, the Korean government offers special incentive schemes mainly in the form of tax incentives for tech and fintech businesses or small- and medium-sized businesses in Korea. Notably, small- and medium-sized businesses established in certain areas of Korea that are not highly populated cities can receive 50 per cent corporate tax relief for up to five years on their business income. Also, those companies identified as a 'venture business' by the Korean government, by which many fintech companies may qualify, may receive 50 per cent corporate tax relief even if they are located in highly populated cities in Korea. For certain R&D costs (including labour costs and material costs), R&D tax deduction may be available as well.

Despite promoting policies conducive to fintech businesses, however, the Korean government has also shown concern for anti-money laundering and other consumer protection matters. The FSC amended the Anti-Money Laundering Guidelines for Cryptocurrencies (AMLC Guidelines) in June 2018, requiring, among other things, that financial institutions enhance monitoring for accounts of cryptocurrency companies used for operating expenses and share the list of foreign cryptocurrency companies. Also, the peer-to-peer (P2P) Loan Guidelines were amended in 2019 to expand the scope of disclosure for P2P lenders.

Currently, several P2P loan and cryptocurrency related bills are pending at the National Assembly. While it remains unclear when or if these pending bills will be enacted into law, if passed, they may provide a more coherent framework for the regulation of fintech-related issues in Korea.

II REGULATION

i Licensing and marketing

Currently, there are no prohibitions or restrictions for certain types of fintech businesses in Korea. However, fintech businesses providing certain financial services are required to obtain a licence under the relevant Korean financial laws and regulations.

Specifically, the EFTA is the law that regulates electronic financial transactions in Korea. The EFTA covers the:

  1. rights and obligations of the parties to an electronic financial transaction;
  2. provisions to ensure the safety of electronic financial transactions and protection of users; and
  3. authorisation, registration and specific scope of activities of electronic financial businesses.

Activities listed as 'electronic financial business' under the EFTA include the:

  1. issuance and management of electronic currency;
  2. electronic funds transfer services;
  3. issuance and management of electronic debit payment services;
  4. issuance and management of electronic prepayment services;
  5. electronic payment settlement agency services;
  6. depository service for settlement of transactions; and
  7. intermediary electronic collection and payment services between payors and payees.

Other than the issuance and management of electronic currency, which needs to be licensed by the FSC, the above types of electronic financial businesses must be registered with the FSC and are supervised by the FSC and the Financial Supervisory Service (FSS).

Further, fintech businesses that do not engage in electronic financial business activities under the EFTA but intend to undertake regulated activities in Korea, such as banking or credit card businesses, should review whether it is required to obtain appropriate authorisation (licence or registration) from the relevant Korean regulatory authorities such as the FSC or the FSS.

ii Cross-border issues

Where a fintech business established out of Korea wishes to access new customers in Korea, it will need to consider whether it requires authorisation from a Korean regulatory authority. A fintech business established outside of Korea may be subject to Korean laws and regulations if it carries out regulated activities in Korea. Where an overseas fintech business performs regulated activities in Korea, it will need to obtain authorisation from the relevant Korean financial regulatory authority, as discussed in Section II(i) above. Generally, the standard to determine the applicability of Korean laws to foreign fintech businesses is whether the foreign fintech businesses targeted Korean customers (e.g., Korean website) or allowed payment in Korean won.

Regarding foreign exchange, the Foreign Exchange Transaction Act regulates foreign exchange businesses including the issuance or dealing of foreign exchange and payment, and collection and receipt thereof between Korea and a foreign country. The Foreign Exchange Transaction Rule (the FX Rule) is a subordinate regulation of the Foreign Exchange Transaction Act. The FX Rule was most recently amended in December 2018, and went into force as of 1 January 2019. The current FX Rule increased the annual limit for overseas remittance by institutions registered as small-amount remittance operators from US$20,000 to US$30,000. Also, since 2019, securities companies and credit card companies may remit funds overseas as long as the amount does not exceed US$3,000 per remittance and US$30,000 per year. In addition, electronic currencies and prepaid electronic payment means issued in Korea may now be used in foreign jurisdictions to pay for goods or services or be exchanged to foreign currencies.

III DIGITAL IDENTITY AND ONBOARDING

There is no digital identity that is generally recognised in Korea. However, a certificate of authentication used for the purpose of self-authentication does exist. Certificates of authentication can be issued by an authentication certification institution designated by the government (such as the Korea Financial Telecommunications and Clearing Institute), and such certificates of authentication are typically used for when self-authenticating online. Under the Real Name Financial Transaction Law, verification of real name is necessary in order to conduct financial transactions. Therefore, in principle, financial institutions must onboard by undertaking customer verification procedures offline through a face-to-face method. However, there are exceptions where undertaking customer verification procedures through a non-face-to-face method is permitted. Where customer verification procedures are undertaken through a non-face-to-face method, two of the methods from among (a) to (d) below need to be selected, and it is recommended that the financial company select on its own an additional verification method (either (e) or (f)).

  1. present a copy of identification card (e.g., submit online a photo or scanned copy of one's identification card);
  2. video call (e.g., an employee of the financial company compares the picture on the identification card with the customer's face);
  3. verify upon receiving delivery of credit card (e.g., an employee of the delivery company verifies real name through a voucher);
  4. use of existing account (e.g., verify the customer's transaction authority for a given account through transfer of small amounts, etc., from an account opened at another financial company);
  5. use of the verification results of another institution (e.g., verify identity at another institution such as a certification institution, and then use the issued certification of authentication, IPIN, cell phone number, etc.); and
  6. verify through other sources of personal information (e.g., compare personal information provided by the customer with information possessed by a credit information agency).

IV DIGITAL MARKETS, FUNDING AND PAYMENT SERVICES

Under Korean laws, businesses related to financial investment products such as collective investment businesses are fundamentally regulated by the Financial Investment Services and Capital Markets Act (FSCMA), with regulations differing for each specific type of business.

i Crowdfunding

The FSCMA regulates securities-type crowdfunding, and in order to conduct securities-type crowd funding, registration needs to be made as an 'online small-sized investment broker' with the FSC in accordance with the FSCMA.

Crowdfunding was introduced in 2016 for the financing of start-ups and venture businesses. There are, however, certain restrictions in the issuance of equity for crowdfunding under the FSCMA. Namely, a single company can raise funds up to 1.5 billion won per year through crowdfunding. To raise funds that exceed 1.5 billion won, conventional means of financing should be utilised. Moreover, under the FSCMA, the issuance of equity for crowdfunding is permitted for non-listed small- to mid-sized companies with less than seven years of business operations.

In April 2018, the Enforcement Decree of the FSCMA was amended to increase the limit for an ordinary investor to invest in crowdfunding from 5 million won to 10 million won per year with an issuer of equity. In addition, the amended Enforcement Decree of the FSCMA allowed social enterprises, which are companies certified by the Ministry of Employment and Labour that seek to improve financial, social and environmental well-being through commercial activities (e.g., providing employment opportunities to disadvantaged groups or making contributions to the local society) to raise funds through crowdfunding.

ii Crowd-lending and P2P lending

There are currently no laws or licences that directly regulate regarding P2P, but there is a plan by the Korean authorities to push forward with P2P loan legislation in 2019. Currently, regulations are based on the Act on Registration of Credit Business and Protection of Finance Users (the Credit Business Act), which applies to general lending businesses, and the P2P Loan Guidelines announced by the FSC in February 2017. Thus, typically, in order to run a lending business, a credit business registration (licence) is necessary in accordance with the Credit Business Act. However, in the case of running a P2P lending business in accordance with the P2P Loan Guidelines, the supervising authority's position is that it shall not take issue with whether a P2P business or P2P lending investor owns a Credit Business Act licence.

P2P lending that is in accordance with the P2P Lending Guidelines takes place by a method wherein the investor and the borrower do not enter into a direct agreement. Because P2P broker businesses do not have Credit Business Act licences, a liaison financial business operator that has completed registration in accordance with the Credit Business Act enters into a lending agreement with the borrower, and the P2P broker business acts as an intermediary in this arrangement. The investor is not party to the lending agreement with the borrower, but obtains the right to acquire principal and interest that result from the loan bond against the borrower.

The main contents of the P2P Guidelines are as follows:

  1. investment limits:
    • for an individual investor, 10 million won per one P2P business (5 million won for an equivalent borrower), provided that an additional 10 million won is permitted for credit loans;
    • an individual investor who has satisfied income requirements:
    • no credit limit for corporate investors and individual professional investors;
  2. regulation of advertisements and regulation of mandatory disclosure items; and
  3. regulation of business activities. The P2P lending business cannot participate in P2P lending as the investor, etc.

iii Loans or financings on a secondary market

In the case of securities acquired through crowdfunding, it is obligatory to deposit at a securities depository or make a safety deposit, and for a period of six months, transfer cannot be made other than to professional investors and persons specified under certain laws (Article 117-10, Item 7 of the FSCMA).

For rights to acquire principal and interest obtained through P2P lending, in principle, transfer is possible depending on the method of bond transfer. However, there are cases where a P2P lending business restricts transfer through its terms and conditions.

If a right that is acquired through investment is deemed a security under the FSCMA owing to the possibility of transfer, risk of loss of principal, etc., the issuer of such bond and the broker business must obtain financial investment business licences in accordance with the FSMCA and will be strictly regulated with regards to issuance and distribution of securities. Therefore, caution needs to be exercised to prevent being deemed a security.

iv Payment licence

In order to run a payment service, registration needs to be made as a payment gateway (PG) with the FSC.

Upon registering as a PG, obligations under the EFTA are applied, and the PG is subject to supervision and inspection by the FSS.

V CRYPTOCURRENCIES AND INITIAL COIN OFFERINGS

There is no existing regulatory regime or statute that specifically regulates cryptocurrency or blockchain businesses in Korea. However, the Korean regulators are likely to apply or enforce existing Korean laws and regulations for cryptocurrencies.

For example, in an initial coin offering (ICO), if tokens are classified as 'securities' under Korean law, the tokens will then be subject to the offering restrictions in Korea under the FSCMA. Or, even if tokens are not classified as securities, if the marketing of the tokens in an ICO raises funds from the public with a promise to return the original investment amount, or an amount exceeding such investment in the future, the ICO could be regulated by the Act on the Regulation of Conducting Fundraising Business without Permission.

The Korean government has taken steps towards introducing potential cryptocurrency and ICO regulations, key developments of which are discussed below.

i Cryptocurrencies

In 2017, Korea experienced a dramatic increase in the volume of cryptocurrency trading where the trading volume for a 24-hour period in the Korean cryptocurrency exchanges averaged up to 8 trillion won.

In response to this high volume of cryptocurrency trading, in September 2017, the Korean government formed an intergovernmental task force to create and implement cryptocurrency regulations. The government agencies that participated in this task force were the Ministry of Strategy and Finance, the Ministry of Justice, the FSC and other relevant regulatory authorities. In the Government Announcement on Cryptocurrency released in December 2017, the Korean government announced that it will take measures to curb the recent speculation in the cryptocurrency market.

As a part of such measures, on 30 January 2018, the Korean Financial Intelligence Unit announced the AMLC Guidelines, enforceable for financial institutions that transact with cryptocurrency companies. Notable requirements of the AMLC Guidelines are as follows:

  1. real-name verification is required for payment and receipt to cryptocurrency companies:
    • users are only allowed to make payment to and receive payment from a cryptocurrency company's bank account using their own real-name verified account that has been opened under the same bank as the cryptocurrency company; and
    • financial institutions may decline transactions with cryptocurrency companies that make payments to or receive payments from its users that do not use real-name verified bank accounts;
  2. customer due diligence:
    • financial institutions must put in place a process to check whether a customer is a cryptocurrency company; and
    • financial institutions must verify, through on-site due diligence, certain additional information pertaining to cryptocurrency companies (including whether the cryptocurrency company is maintaining separate transaction records for each customer) at least every six months; and
  3. suspicious activity reports:
    • financial institutions must appoint dedicated staff for monitoring suspicious transactions of cryptocurrency companies and their users; and
    • financial institutions must establish stronger transaction monitoring rules for suspicious activities of cryptocurrency companies.

In April 2018, the FSC conducted a monitoring of compliance with the AMLC Guidelines. Based on the monitoring, the FSC amended the AMLC Guidelines in June 2018, which took into effect in July 2018 and will remain effective for a year. The key requirements of the amended AMLC Guidelines are as follows:

  1. financial institutions shall enhance monitoring for accounts of cryptocurrency companies that are used for operating expenses, and conduct enhanced customer due diligence in case it identifies a suspicious transaction;
  2. financial institutions shall share the list of foreign cryptocurrency companies; and
  3. if a financial institution refuses to transact with a certain cryptocurrency company, the financial institution shall specify the timing and grounds for its refusal.

Currently, there are several cryptocurrency bills proposed at the National Assembly. These bills generally cover, among other things, licensing requirements for cryptocurrency businesses, anti-money laundering requirements, consumer protection, cybersecurity requirements for cryptocurrency exchanges and damage compensation for consumer losses. It is unclear when or if these pending bills, in their current form, will be enacted into law in Korea.

ii Initial coin offerings

In September 2017, the FSC issued a press release prohibiting ICOs in Korea, but no laws or regulations have yet to been enacted to enforce this prohibition of ICOs. Subsequently, on 31 January 2019, the Korean government announced the result of its monitoring of the ICO practice in Korea and its proposed approach in regulating ICOs. In this announcement, the Korean government stated that they identified companies bypassing the government's prohibition on ICOs by performing ICOs through paper companies in foreign jurisdictions (such as Singapore) while raising funds from domestic investors. The Korean government announced that such practice substantively constitutes domestic ICOs albeit in the form of a foreign ICO. Moreover, the Korean government stated that domestic investors were at significant risk due to such practice because the companies performing the ICOs did not disclose substantial information for the investors to make an informed decision.

In addition, the Korean government also deemed that certain ICO projects may violate the FSCMA if an ICO project involves issuance and transaction of P2P collateralised loan tokens; sale of cryptocurrencies investment funds; or operation of unauthorised financial investment business by providing investment services with ICO tokens.

Considering that ICO poses high investment risks and lacks a global regulatory framework, the Korean government announced that it will take a conservative approach in legalising ICOs. In the same vein, the Korean government maintained an equivocal position as to whether it will publish an ICO guideline, saying that the government's issuance of such guideline may give the market a wrong impression that the government officially approved domestic ICOs.

VI OTHER NEW BUSINESS MODELS

i Robo-adviser

'Robo-adviser' is a derivation of the words robot and adviser, is an automated online asset management service that uses IT technologies such as AI to provide appropriate personalised portfolios for investors. It provides services at substantially lower fees than that of existing asset management services, and future development is anticipated in terms of convenience and low cost. Financial institutions in Korea have, in some respects, either implemented robo-advisers or are preparing to do so.

Depending on the type of service provided, registration needs to be made as an investment advisory business or a discretionary investment management service in accordance with the FSCMA.

To promote the robo-adviser industry, the FSC recently announced a proposed amendment relating to robo-advisers that would:

  1. lower the shareholders' equity needed for non-face-to-face discretionary investment management services that utilise robo-advisers from 4 billion won to 1.5 billion won in order to facilitate the entry of fintech businesses other than existing financial institutions into the robo-advisory industry;
  2. allow robo-advisers to manage fund assets; and
  3. allow not only asset managers but also robo-advisers to be consigned with and manage funds and discretionary assets.

ii My Data business

The FSC announced its plan to introduce Own Credit Information Management Businesses (known as 'My Data') through amendment of the Electronic Financial Transactions Act in order to foster industries for promotion of data payments and to innovate data usage-related regulations.

My Data businesses are businesses that provide professional support for the individual that is the information principal to efficiently manage and use his or her own information. My Data businesses integrate and search one's credit information, analyse financial statuses, and provide personalised financial consulting.

Furthermore, My Data businesses can provide services that present a list of accessible financial products for each individual consumer given his or her credit situation, financial status, etc., and compare in detail prices and benefits of each product to recommend financial products optimised for each individual.

In case of providing such financial product comparison services, it is necessary to receive consent from each consumer regarding provision of information on his or her financial situation.

VII INTELLECTUAL PROPERTY AND DATA PROTECTION

i Intellectual property

In Korea, innovations and inventions can be protected by IP rights such as patents, utility models, designs, copyrights, and trade secrets. Korean law explicitly provides for the protection of patents under the Patent Act, utility models under the Utility Model Act, designs under the Design Protection Act, copyrights including copyrights in computer software under the Copyright Act and trade secrets under the Unfair Competition Prevention Act (UCPA).

Under the Patent Act, fintech inventions relating to software or business methods are generally patentable if they meet the statutory requirements such as subject matter, novelty, and inventiveness. If an invention is not sufficiently creative or inventive to meet the standards of patentability, protection may be available under the Utility Model Act. The basic difference between a utility model and a patent is that a utility model requires a lower technical content. However, fintech inventions that are mainly software or business methods may not be eligible for utility models.

Graphical user interfaces of fintech software may be protected by design registrations under the Design Protection Act. For example, images represented on a display portion of a product such as a display panel can be registered and protected as a design. Copyright protection is also possible upon creation of an original computer program without any formality. Although a copyright registration is not a prerequisite for copyright protection or enforcement, it provides certain advantageous statutory presumptions in enforcing the copyright. The source code of fintech software may be protected as a trade secret under the UCPA. The UCPA defines a 'trade secret' to mean information of a technical or managerial nature that:

  1. is useful for business activities;
  2. is generally unknown to the public;
  3. possesses independent economic value; and
  4. whose secrecy is maintained through reasonable effort.

Ownership of IP rights such as patents, utility models, and designs initially belong to the person who created such rights. Such person may transfer his or her IP ownership right to another party through an agreement. However, transfer of an IP right, other than through inheritance or other general succession, is not effective in Korea against third parties unless it is recorded at the Korean Intellectual Property Office.

In the context of an employer-employee relationship, there are two ways for the employer to obtain ownership rights to in-service inventions of its employees. First, the employer may enter into a pre-invention assignment agreement with an employee with a provision that the employee agrees to assign any and all future in-service inventions to the employer. Second, the employer may adopt an employment rule such as an invention remuneration policy that expressly provides for employee-inventors to assign any and all future in-service inventions to the employer and the employer to provide remuneration to such employee-inventors. In either case, if the employer chooses to acquire the ownership right to an in-service invention pursuant to the agreement or employment rule, the employee is entitled to reasonable compensation from the employer.

Ownership of copyright initially belongs to the actual author or authors of a given work. In the context of an employer-employee or work-for-hire relationship, however, an employing legal entity, organisation, or person may be deemed to be the author of a work with ownership of copyright in the work. Under the Copyright Act, such employer is deemed to have copyright ownership of a work if:

  1. the work is created by an employee within the scope of employment and made public (computer program works do not need to be made public), subject to the employer's supervision; and
  2. there is no separate or particular contract or employment regulation providing that the status of the author of, or ownership of copyright in, the work-for-hire should belong to the employee.

For IP rights such as patents, utility models, and designs, the party enforcing an IP right should own the registered rights in Korea. For copyrights, works by foreigners, such as the source code of fintech software, are entitled to protection under treaties to which Korea has acceded. However, the Copyright Act provides exceptions to favourable treatment of foreigners' copyrights under such treaties. In particular, the Copyright Act provides that even if the copyright protection period for foreigners' copyrights may be in force and entitled to protection under the Copyright Act, if the copyright protection period granted in the country of their origin has already expired, Korea will not recognise the copyright protection period.

IP rights including patents, utility models, and designs are a type of property right and thus, owners of IP rights may exploit or monetise them for their benefit. For example, an IP owner may assign or sell his or her IP right to another person or entity and receive payment in return. An IP right may also be pledged as collateral for a loan or investment from another person or entity. Further, an IP right may be licensed through an exclusive or non-exclusive agreement for royalties or may be licensed to another party in a cross-licence agreement. If an IP right is jointly owned, a joint owner may license the IP right only with the consent of all the other joint owners, but each owner may still freely practise the jointly owned IP.

IP-related licences may be subject to governmental review under certain circumstances. For example, under the Fair Trade Law, the Fair Trade Commission has released the Guidelines on the Unfair Exercise of IP Rights (the IP Guidelines), for examining licence agreements. If a provision of a licence agreement violates one of the standards set forth in the IP Guidelines, a court may find such provision to be null and void as being contrary to Korean public policy. As for licence terms, there are no statutory or regulatory restrictions on a maximum royalty rate or payment terms. Further, Korean courts have not issued a ruling on a maximum royalty rate. Thus, the parties may agree on royalty rates and payment terms based on the facts in individual cases.

ii Personal data

In Korea, the protection and regulation of personal data is primarily governed by the Personal Information Protection Act (PIPA). The PIPA is the overarching personal data protection law in Korea that may apply to fintech businesses operating in Korea. The PIPA prescribes detailed measures for each of the stages involved in the processing of personal data such as collection and use, provision to a third party, outsourcing and destruction. The PIPA must be followed by all personal information processing entities, which are defined as all persons, organisations, corporations and governmental agencies that process personal data for business purposes. Under the PIPA, data subjects must be informed of, and provide their consent to the following matters before their personal data is collected or used:

  1. the purpose of the collection and use;
  2. the items of personal information that will be collected;
  3. the duration of the possession and use of the personal information; and
  4. disclosure that the data subject has a right to refuse to give consent and the negative consequences or disadvantages that may result from such refusal.

In addition, there are various sector-specific privacy laws such as the Act on the Promotion of IT Network Use and Information Protection (the Network Act) and the Use and Protection of Credit Information Act (the Credit Information Act) that complements the PIPA. The Network Act regulates the processing of personal information in the context of services provided by online service providers (e.g., personal information collected through a website). The Credit Information Act regulates and protects financial transaction information and credit information of individuals and entities. Both the Network Act and the Credit Information Act can apply to fintech businesses operating in Korea.

The Ministry of the Interior and Safety is responsible for enforcing the PIPA. The Korean Communications Commission and the Ministry of Science and ICT are responsible for enforcing the Network Act. The FSC and the FSS are responsible for enforcing the Credit Information Act. Each of these regulatory agencies can make requests for information and conduct inspections at the premises of data controllers to ensure they are compliant with the respective privacy laws. In addition, once a violation of a relevant privacy law is confirmed, each of these respective regulatory agencies can impose administrative penalties, such as corrective orders and fines, and, as necessary, refer the case for criminal prosecution. Criminal sanctions can be imposed following an investigation by the police or prosecutor's office, either on its own initiative or upon a referral by the relevant regulatory authority.

As for the applicability of these laws to overseas entities, the PIPA applies to all personal information processing entities regardless of whether they are located overseas. In addition, sector-specific privacy laws such as the Network Act would apply to overseas online service providers collecting personal information in Korea. Further, the Credit Information Act would also apply to overseas entities handling financial transaction information and credit information of individuals or entities in Korea. Although the PIPA, the Credit Information Act, and the Network Act do not specifically address their jurisdictional scope for overseas entities, the Korean regulatory authorities have measures to ensure compliance by overseas entities with these laws.

iii Cybersecurity

The main statutes in the context of cybersecurity that apply to fintech businesses are the PIPA and the Network Act. The PIPA and the Network Act prescribe detailed technical security and administrative requirements for cyber security such as:

  1. the establishment and implementation of an internal management plan for the secure processing of personal information;
  2. installation and operation of an access restriction system for preventing illegal access to and leakage of personal information; and
  3. the application of encryption technology to enable secure storage and transfer of personal information.

Further, the EFTA criminalises certain types of cyber activities that may apply to fintech businesses operating in Korea. The EFTA criminalises cyber activities that:

  1. intrude on electronic financial infrastructures without proper access rights or by surpassing the scope of permitted access rights or altering, destroying, concealing or leaking data that is saved in such infrastructures; and
  2. destroy data, or deploy a computer virus, logic bomb or programme such as an email bomb for the purpose of disrupting the safe operation of electronic financial infrastructures.

VIII YEAR IN REVIEW

Over the past 18 months, notable amendments were made to financial laws that may impact fintech businesses operating in Korea. Specifically, in April 2018, the Enforcement Decree of the FSCMA was amended to increase the limit for ordinary investor's investment in crowdfunding by 100,000 won. As a result, an ordinary investor may now invest 5 million won per year for an issuer of equity. Also, the Foreign Exchange Transaction Rule (the FX Rule), a subordinate regulation of the Foreign Exchange Transaction Act, was most recently amended in December 2018 and took into force as of 1 January 2019. The current FX Rule increased the annual limit for overseas remittance by institutions registered as small-amount remittance operators from US$20,000 to US$30,000. Further, since 2019, securities companies and credit card companies may remit funds overseas as long as the amount does not exceed US$3,000 per remittance and US$30,000 per year. In addition, electronic currencies and prepaid electronic payment means issued in Korea may now be used in foreign jurisdictions to pay for goods or services or be exchanged to foreign currencies.

Along with changes to financial laws, amendments were also made to guidelines concerning cryptocurrency and P2P loans. The FSC amended the AMLC Guidelines in June 2018, which took into effect in July 2018 and will remain effective for a year. Among other requirements, the AMLC Guidelines mandated enhanced monitoring by financial institutions for accounts of cryptocurrency companies used for operating expenses and sharing of the list of foreign cryptocurrency companies among financial institutions. The P2P Loan Guidelines were also amended in 2019 to expand the scope of disclosure for P2P lenders. In particular, the 2019 P2P Loan Guidelines recommend that P2P lenders disclose outside expert's review of key features of PF loans and disclose real estate P2P loan products for two days prior to sale. In addition, the 2019 P2P Loan Guidelines recommends P2P lenders to hire third-party experts to audit the P2P lender's protection of online personal information at least once a year and disclose the result of the audit.

Furthermore, there are currently several cryptocurrency and P2P loan-related bills proposed at the National Assembly. Specifically, the FSC announced in 2019 that they will recommend a comprehensive bill regulating P2P loans to the National Assembly based on the five current bills related to P2P loans that are pending at the National Assembly. Cryptocurrency bills have also been proposed at the National Assembly, generally covering, among others, licensing requirements for cryptocurrency businesses, anti-money laundering requirements, consumer protection, cybersecurity requirements for cryptocurrency exchanges and damage compensation for consumer losses. However, it is unclear when or if these pending bills, in their current form, will be enacted into law in Korea.

As for its position on ICOs, on 31 January 2019, the Korean government announced the result of its monitoring of the ICO practice in Korea and its proposed approach in regulating ICOs. In this announcement, the government stated that they identified companies bypassing the prohibition on ICOs by performing ICOs through paper companies in foreign jurisdictions (such as Singapore) while raising funds from domestic investors. The government also deemed that certain ICO projects may violate the FSCMA. Considering that ICO poses high investment risks and lacks global regulatory framework, the Korean government announced that it will take a conservative approach in legalising ICOs. In the same vein, the Korean government maintained an equivocal position as to whether it will publish an ICO guideline, saying that the government's issuance of such guideline may give the market a wrong impression that the government officially approved domestic ICOs.

Meanwhile, measures have been taken to promote fintech innovations in the financial services market in Korea. Notably, the Special Act, enacted in December 2018 and enforced from 1 April 2019, introduced the regulatory sandbox scheme in Korea. The new law introduces the following two policies.

i Expedited confirmation on regulation

Under this scheme, a financial company that plans to start a new type of financial business may deem that no regulation on the new business exists if the company does not receive a response from the FSC within 30 days after filing an inquiry to the FSC as to the existence of a regulation on the new business. The FSC may forward the inquiry to other relevant government agencies if they think necessary, but in any case they must provide a response within 30 days.

ii Designation of innovative financial service

A financial service that is designated as an innovative financial service by the government may operate free of regulation or without legal grounds for operation during the designated period (less than two years and may be renewed once for less than two years). Financial service providers who believe that their service is clearly distinguished from pre-existing service in terms of contents and methods may ask the government to designate such service as an innovative financial service. Upon receiving an application, the Innovative Financial Services Examination Committee, which consists of public of officials from the FSC and other relevant government agencies and private experts, will assess various factors, such as:

  1. whether the proposed innovative financial services are provided in Korea;
  2. whether the the proposed financial services is truly innovative; and
  3. whether the proposed financial service will likely increase the customers' interests.

In addition, if a designated innovative financial service is being operated under a licence required by other financial laws and regulations, such designated innovative financial service shall be afforded an exclusive right of operation for two years after designation as an innovative financial service. This means that during the two-year period, no other service provider may provide the same type of financial service.

IX OUTLOOK AND CONCLUSIONS

Recently in Korea's fintech environment, a variety of industries have been established, and the related market is developing explosively. Korea's financial supervisory authorities have recently announced various policies to promote fintech. Also, the Special Act, which institutionalises the 'sandbox policy' to promote development and advancement of innovative financial services was enforced from 1 April 2019. Under the Special Act, the 'expedited confirmation on regulation policy' is introduced, wherein a financial company that plans to start a new type of financial business may deem that no regulation on the new business exists if the company does not receive a response from the FSC within 30 days after filing an inquiry to the FSC as to the existence of a regulation on the new business. The Special Act also introduces the 'designation of innovative financial service policy', wherein a financial service that is designated as an innovative financial service by the government may operate free of regulation or without legal grounds for operation during the designated period (less than two years and may be renewed once for less than two years).

Furthermore, there are currently two internet-only banks in Korea, K-Bank and Kakao Bank, that have received authorisation and are in operation. Around late March, the FSC plans to solicit pre-authorisation applications for new internet-only banks and authorise up to two internet-only banks.

Separately, the government conceptually differentiates cryptocurrency from blockchain technology. The government recognises the innovative nature of blockchain technology and its potential impact on the Korean economy. Although it has shown hesitance in endorsing or institutionalising cryptocurrencies and has repeatedly warned investors about the potential dangers of investing in them, it has expressed interest in fostering, promoting and investing in blockchain technology as part of its strategic and economic plans. Furthermore, while the central government appears to be uneasy about cryptocurrencies, some local governments have shown interest in issuing their own cryptocurrencies.

A number of proposed pieces of legislation covering cryptocurrencies are pending at the National Assembly. These bills generally cover licensing requirements, anti-money laundering requirements, consumer protection, cybersecurity requirements and compensation for consumer losses. For example, a bill entitled the Special Act on Cryptocurrency Business seeks to, inter alia:

  1. impose a requirement that a licence be obtained for cryptocurrency exchanges and cryptocurrency-related businesses;
  2. impose record-keeping obligations;
  3. explicitly incorporate cryptocurrency businesses into the AML Act and other laws regulating financial institutions; and
  4. mandate the adoption of cybersecurity measures, among other things.

If passed, these bills may provide a more coherent framework for the regulation of cryptocurrencies and other related issues.


Footnotes

1 Jung Min Lee and Joon Young Kim are senior attorneys and Samuel Yim is a senior foreign attorney at Kim & Chang.