Cryptocurrency exchanges: a regulatory challenge
IFLR is part of the Delinian Group, Delinian Limited, 4 Bouverie Street, London, EC4Y 8AX, Registered in England & Wales, Company number 00954730
Copyright © Delinian Limited and its affiliated companies 2023

Accessibility | Terms of Use | Privacy Policy | Modern Slavery Statement

Cryptocurrency exchanges: a regulatory challenge

Sponsored by

Lab Partners

Korea’s regulatory vacuum on cryptocurrencies starts to shift as the new crypto-economy continues to thrive. Young Hee Jo and Seungmin Jasmine Jung of LAB Partners

Korea’s regulatory vacuum on cryptocurrencies starts to shift as the new crypto-economy continues to thrive. Young Hee Jo and Seungmin Jasmine Jung of LAB Partners


It has been a decade since the first Bitcoin was launched in 2009. The Bitcoin whitepaper, 'Bitcoin: A Peer-to-Peer Electronic Cash System', was published in 2008 amidst the financial crisis and expressed aspirations of building a new 'electronic payment system based on cryptographic proof instead of trust'. The cryptographic proof would enable parties to transact directly with each other without an intermediary third party supplying the element of trust. In other words, Bitcoin purported to be an autonomous payment network that would eliminate the need for credible financial institutions that had, until then, been at the centre of financial transactions.

Numerous types of cryptocurrencies have appeared during the past decade, shaping a turbulent yet growing crypto-market. Following Bitcoin's initiative, these cryptocurrencies relied on direct transactions between the parties without a central authority, creating a decentralised regime. While the circulation of a single cryptocurrency could rely on the peer-to-peer network and cryptographic proof, transactions between different types of cryptocurrencies or transactions between cryptocurrency and fiat money required a platform that could enable trading. Hence, the birth of the cryptocurrency exchange.

Cryptocurrency exchanges facilitate the trading of cryptocurrencies with other cryptocurrencies or with fiat money, in a manner akin to traditional stock exchanges. It provides a central platform for exchange and the credibility of the exchange is crucial to attract customers. The centralised aspect of cryptocurrency exchanges has often been criticised as going against the decentralised notion of cryptocurrencies and as a result, the number of decentralised exchanges has surged in recent years. Nonetheless, cryptocurrency exchanges play an integral role in the crypto-economy not only by providing functions essential for the development and circulation of cryptocurrencies but also by providing easier access to cryptocurrencies for the general public.

Lack of a licensing regime

Korea has been the birthplace of some of the largest and oldest cryptocurrency exchanges in the world.

Initially, cryptocurrency exchanges were established as an online selling business by filing an online selling business report with the relevant municipality pursuant to the Electronic Commerce Act. However, in 2018, the Fair Trade Commission determined that cryptocurrency exchanges would not fall under the definition of an 'online selling business' under the Electronic Commerce Act and cryptocurrency exchanges were requested to cancel their online selling business status. Currently, there is a lack of explicit regulations governing the establishment and operation of cryptocurrency exchanges, although several legislative proposals have been announced. As of mid-2019 these legislative proposals are pending before the National Assembly. They mainly propose capital requirements, approval or registration regimes and adequate human and physical resources for the establishment of a cryptocurrency exchange.

Although the requirements for establishing a cryptocurrency exchange are unclear, once established, cryptocurrency exchanges become subject to data privacy regulations and anti-money laundering guidelines.

Anti-money laundering

Anti-money laundering is one of the first areas where cryptocurrency exchanges have become subject to the purview of the Korean government. In January 2018, the Korea Financial Intelligence Unit (KoFIU), a sub-organisation of the Financial Services Commission (FSC), which is the financial regulatory authority in Korea, issued the Anti-money Laundering Guidelines regarding Cryptocurrencies (KoFIU Guidelines). Additionally, as Korea is a member of the Financial Action Task Force (FATF), Korean cryptocurrency exchanges are likely to become subject to the FATF Recommendations revised in June 2019 (FATF Recommendations). There is also a legislative proposal made in March 2018 amending the Act on Report on and the Use of Specific Financial Transaction Information ('Amendment Proposal to the Specific Financial Transaction Information Act') pending in the National Assembly. We take a deep dive into these three anti-money laundering frameworks.

First, the KoFIU Guidelines do not apply directly to cryptocurrency exchanges but are enforced against the financial institutions where cryptocurrency exchanges have accounts. The KoFIU Guidelines only allows banks to open accounts associated with cryptocurrency exchanges if the accounts have been real-name-verified. As a result, cryptocurrency exchange users can only transfer funds through an account opened at the same bank in which the cryptocurrency exchange has an account to enable real name verification (real name verified account services) and the use of beehive accounts or virtual accounts is prohibited.

Amendment Proposal […] requires cryptocurrency exchanges to conduct KYC checks and report suspicious transactions to the KoFIU

To prevent money laundering, financial institutions are also required to report suspicious activities. Examples of suspicious activities includes: withdrawal of funds from a cryptocurrency exchange in the absence of records showing prior remittance of funds to the cryptocurrency exchange; multiple remittance of funds from various sources to a certain foreign company's account purporting to import IT facilities; daily financial transactions of KRW10 million (approximately $8.5 million) or more; financial transactions whose aggregate amount during seven days is KRW20 million or more; five or more financial transactions per day or seven or more financial transactions during a seven-day period by a single customer; and transactions with a cryptocurrency exchange by a corporate customer. In the event a financial transaction is deemed highly suspicious, a financial institution has the right to decline it.

Second, to combat the use of cryptocurrencies for money laundering and terrorist financing, the FATF has strengthened its standards to make anti-money laundering and counter-terrorist financing requirements applicable to virtual assets and virtual asset service providers (VASPs). VASPs include not only cryptocurrency exchanges but also other platforms and businesses that provide cryptocurrency related services and ICO issuers. Under the FATF Recommendations, the 'travel rule', which traditionally requires financial institutions to transfer information about related customers when making fund remittance, will become applicable to VASPs. Specifically, VASPs will be required to pass the following information when transferring funds or virtual assets: (i) originator's name (the sender); (ii) originator's account number (for example, the cryptocurrency wallet); (iii) originator's address, national identity number, customer identification number, or date and place of birth; (iv) beneficiary's name (the recipient); and (v) beneficiary account number. The FATF Recommendations also require its member states to have mandatory licensing or registration schemes for VASPs and to monitor and supervise the activities of VASPs. The FATF gives its member states 12 months to adopt the FATF Recommendations. Since the FATF Recommendations are not automatically binding on its member states, it is likely that the member states, including Korea, will pass legislation to adopt these measures included in the FATF Recommendations to avoid any disadvantages related to foreign investment.

Third, the Amendment Proposal to the Specific Financial Transaction Information Act, once effective, will impose similar requirements to the FATF Recommendations. The Amendment Proposal to the Specific Financial Transaction Information Act includes cryptocurrency exchanges within the scope of financial institutions and only allows cryptocurrency exchanges that have registered with the KoFIU to conduct business. The KoFIU will be entitled to decline the registration of any cryptocurrency exchange that has not obtained Information Security Management System (ISMS) certification and that does not use real-name-verified accounts. Further, the Amendment Proposal to the Specific Financial Transaction Information Act requires cryptocurrency exchanges to conduct know your customer (KYC) checks and report suspicious transactions to the KoFIU. While it is unclear whether the Amendment Proposal to the Specific Financial Transaction Information Act will be adopted in its proposed state, it is fairly certain that the Korean government will adopt regulations in line with the FATF Recommendations within the following year.


Seoul, Republic of Korea


T: +82 2 6956 0250


LAB Partners is a premier boutique law firm in Korea established by former partners from the leading law firms in Korea.

LAB Partners provides a one-stop service in all major practice areas. These range from traditional practices, including: general corporate; finance; M&A; private equity; litigation; labour and employment law; compliance and risk management; internal investigations; trade secrets; Japan practice; TMT; and data privacy, to newly emerging practice areas such as shareholder activism and blockchain/cryptocurrencies. Such full range of services is made possible by the diverse expertise and high calibre of the partners at LAB Partners who all have over decades of experience and are regarded as the top experts in their fields.

LAB Partners has been praised by clients for its ability to provide expert advice in an agile and efficient manner, without dwelling on factors extrinsic to clients interest. As a testament to such efforts, in the first quarter of 2019 LAB Partners was ranked sixth among all Korean law firms for M&A by Invest Chosun. The Law Times also named LAB Partners as the 'Avengers' of the Korean legal market.

Recently, LAB Partners established an 'AI & Blockchain LAB' to focus on providing advice to blockchain, cryptocurrency and fintech businesses.

Data protection

Since cryptocurrency exchanges process personal information and use information communication networks as part of their business, they are subject to both the Personal Information Protection Act (PIPA) and the Act on Promotion of Information and Communications Network Utilisation and Information Protection, Etc. (Network Act). In particular, cryptocurrency exchanges fall under the scope of 'network service providers' under the Network Act and therefore their data processing activities and network security must comply with the strict requirements under the Network Act.

Accordingly, technical and organisational measures such as implementing access controls, preventing falsification and alteration of access records and adopting encryption methods to ensure safe retention and transmission of personal information, apply to cryptocurrency exchanges. Moreover, as network service providers, cryptocurrency exchanges must appoint a chief information protection officer (CIPO) and obtain ISMS certification.

Compliance with data protection rules under the PIPA and the Network Act is viewed seriously by the government and violations have resulted in sanctions. For example, in January 2018, eight cryptocurrency exchanges were subject to sanctions levied by the Korea Communications Commission for not complying with the technical and organisational measures under the Network Act and for retaining personal information beyond the statutory period.

Certain cryptocurrency exchanges have already subscribed to cybersecurity or data protection liability insurance to mitigate risk

Data privacy and network security is also taken seriously by the cryptocurrency exchanges themselves, due to the hacking attacks and data leakage incidents that have occurred during the past years. If a cryptocurrency exchange has complied with all its legal obligations regarding data privacy and network security, it is less likely to become liable for damages. Once a hacking or data leakage incident occurs, the cryptocurrency exchange must report the incident immediately to the Minister of Science and ICT or to the Korea Internet Security Agency (KISA) and take all possible measures to minimise any further damage. In practice, cryptocurrency exchanges tend to take preventive measures in order to procure that the network systems and internal controls comply with the statutory requirements under the PIPA and the Network Act. Further, as certain data leakage incidents occur from within, many cryptocurrency exchanges require employees to sign a confidentiality undertaking regarding their compliance with data protection measures.

Under the Credit Information Use And Protection Act (Credit Information Act), companies that conduct credit information related business (credit information companies) are required to purchase insurance, join a cooperative or set aside reserves in order to secure funds to pay for damages resulting from the violation of the Credit Information Act. As of now, a cryptocurrency exchange does not fall under the scope of a credit information company and therefore, is not subject to the above mandatory requirements. However, if the aforementioned Amendment Proposal to the Specific Financial Transaction Information Act becomes effective, cryptocurrency exchanges could be included in the scope of financial institutions and required to comply with the Credit Information Act's mandatory requirements. Although not mandatory at this point, certain cryptocurrency exchanges have already subscribed to cybersecurity or data protection liability insurance to mitigate risk.

ICOs and IEOs

The role of cryptocurrency exchanges is an integral part of the ICO process as they list the tokens that have been newly issued in the ICO which then enables trading and further circulation of the token. Recently, cryptocurrency exchanges have expanded this role through initial exchange offerings (IEOs), where a cryptocurrency exchange takes on a certain token issuance as its project, supports the issuer in the sales process and ultimately, lists the tokens on its exchange. However, the role of cryptocurrency exchanges in IEOs could give rise to the conflict of interest and compliance issues that have haunted financial institutions in the financial crisis. The Korean government has not officially expressed its position on IEOs as yet. However, at a blockchain academic conference held in May 2019, the fintech innovation team manager of the Financial Supervisory Service (FSS) announced plans to discuss the legal implications of IEOs.

So far, the most extensive announcement that the Korean government has made on the subject of ICOs is the FSC press release on September 4 2017, where the FSC distinguished between ICOs of security tokens and utility tokens.

The past decade has proved that cryptocurrencies are not just a phase but here to stay

The FSC defines ICOs of security tokens as the issuance of tokens that share in the profit of, or are entitled to distributions from, the company, adopting criteria similar to the Howey test in the US. In contrast, ICOs of utility tokens are not clearly defined but are merely referred to as the issuance of new cryptocurrencies to be used on a platform. Based on the September 4 2017 press release, it seems clear that security tokens would fall under the definition of an investment contract security under the Financial Investment Services and Capital Markets Act, while it is unclear whether utility tokens would also be captured by this definition.

An investment contract security under the Financial Investment Services and Capital Markets Act is a type of security where investors invest funds in a common enterprise and share the profits and losses as a result of the common enterprise which is operated by a third party. If a token is deemed an investment contract security, it would be subject to the requirements of filing a prospectus and securities report under the Financial Investment Services and Capital Markets Act. According to the press release, any ICO that does not comply with the securities filing requirements under the Financial Investment Services and Capital Markets Act would be found in violation subjecting it to penalties.

In practice, ICO issuers in Korea take care to issue utility tokens with features that do not fall under the investment contract security definition. Until recently, Korean issuers have refrained from issuing security tokens. With the global rise of security token offerings (STOs), however, Korean issuers also consider security tokens as an option, although such tokens would be issued in another jurisdiction and generally not sold to Korean investors. Even for utility tokens, forum shopping for issuance outside Korea has become common practice due to the Korean government's reluctance to legitimise ICOs.

In addition to the government's negative stance on ICOs, IEOs may face challenges including potential conflicts of interest. In particular, if an IEO involves a security token, an argument could be raised that the conflict of interest rules under the Financial Investment Services and Capital Markets Act, such as blocking the flow of information between the investment and sales sectors, are applicable. Accordingly, certain Korean cryptocurrency exchanges have adopted internal control policies to prevent conflicts of interest. As a means to strengthen compliance and ensure transparency, one cryptocurrency exchange has announced plans to start disclosure postings regarding token listing reviews and business updates on ICO projects, mimicking the disclosure filings required for publicly traded securities.

OTC and other platforms

Such disclosure postings are not the only concept being used that derives from traditional financial regulations. Cryptocurrencies are being traded and structured in a way that is reminiscent of derivatives and structured financial products. For example, the Chicago Mercantile Exchange Group launched Bitcoin futures in December 2017 whose trade volumes have been increasing ever since, hitting record highs in June 2019. Over the counter (OTC) trades of cryptocurrencies have also increased significantly, posing a new challenge for regulatory authorities.

The Korean government has not officially expressed its position on initial exchange offerings (IEOs)

As of mid-2019, the Korean government has not expressed official views on these types of cryptocurrency transactions. It is noteworthy that the Financial Supervisory Service has announced, in June 2017, that cryptocurrencies are not legal currencies nor financial products, specifying that: (i) cryptocurrencies are not electronic money under the Electronic Financial Transactions Act, since the issuer does not refund nor exchange the balance; and (ii) cryptocurrencies are not financial investment products (such as securities or derivatives) under the Financial Investment Services and Capital Markets Act and therefore, transactions cannot be suspended due to extraordinary price increases or decreases under current laws.

In its announcements in September 2017, the FSC also expressed that cryptocurrency transactions are not financial transactions and do not fall within the current financial regime because neither the government nor financial institutions can guarantee the value of cryptocurrencies. The FSC went on to state that cryptocurrency transactions should rather be viewed as pseudo-financial transactions because they could negatively impact financial transactions. Most notably, the FSC has prohibited cryptocurrency short transactions (leveraging the purchase of cryptocurrency with funds borrowed from the cryptocurrency exchange) and financial institutions' participation in a cryptocurrency business.

Further, the Joint Commission formed in 2017 by the Office for Government Policy Coordination Secretariat under the Prime Minister, with various government agencies has announced that minors and foreigners are prohibited from opening cryptocurrency exchange accounts and engaging in cryptocurrency transactions. Also, financial institutions are banned from possessing and purchasing cryptocurrencies and accepting of cryptocurrencies as collateral.

An institutional challenge

Despite short-term setbacks and price fluctuations, the past decade has proved that cryptocurrencies are not just a phase but here to stay. With several central banks considering the adoption of digital assets and the announcement by large institutions such as JP Morgan and Facebook of their plans to launch their own kinds of cryptocurrencies, the presence of cryptocurrencies in the global economy seems cemented.

Although the development of cryptocurrencies has somewhat varied from the initial aspiration of eliminating third party intermediaries altogether, the concept of cryptographic proof, distributed ledgers and peer-to-peer networks still survives. The question has shifted from whether we regulate to how we regulate these new institutional platforms and products and to what extent traditional financial regulations should be applied.

As a means of resolving these new challenges, the Korean government has recently launched the regulatory sandbox to assess the impact and feasibility of innovative businesses. Blockchain projects are one of the prominent areas where the regulatory sandbox will apply. Further, Busan, Korea's second largest city, has been designated as a 'regulatory-free blockchain zone'. Along with these government initiatives, institutional platforms such as cryptocurrency exchanges that have become the major force of the crypto-economy face the challenge of building a sustainable crypto-economy.

About the author



Young Hee Jo

Partner, LAB Partners

Seoul, Republic of Korea

T: +82 2 6956 0270



Young Hee Jo is the managing partner of LAB Partners. Her main areas of practice include structured finance, including domestic and cross-border asset-backed securitisation, project financing and regulation of financial institutions. She also specialises in regulations for financial institutions, including banking, securities, insurance and lending institutions.

Due to her regulatory and transactional expertise, Young Hee has in-depth knowledge in fintech regulations and is a member of the P2P lending committee of the FSS. Young Hee has been involved in many significant cross-border financings that were awarded as Deal of the Year by IFLR Awards.

Throughout her career, Young Hee has received many accolades and has been perennially recognised by media and peers. For seven consecutive years (2011-17), she has been named a 'Leading Lawyer' by IFLR1000 in banking and finance. From 2012-17 she was recognised as a 'Leading Individual' by Chambers Asia Capital Markets and a 'Recommended Individual' by Asialaw Profiles.

Young Hee was a partner at Shin & Kim for more than 10 years before joining LAB Partners, and she worked as an international associate at the New York office of Cleary Gottlieb Steen & Hamilton from 2003 to 2004. She is a member of the Korean Bar and has an LLB from Seoul National University, College of Law and an LLM from Harvard Law School.

About the author



Seungmin Jasmine Jung

Partner / senior foreign attorney, LAB Partners

Seoul, Republic of Korea

T: +82 2 6956 6121



Seungmin Jasmine Jung is considered one of the foremost experts on blockchain, cryptocurrency, cloud computing, data privacy and cybersecurity. She represents clients in the finance, fintech, energy, real estate and technology sectors and has expertise in: acquisition finance; project finance; structured finance; derivatives; energy; internal investigations and compliance; data privacy; private equity fund investments: and M&A transactions.

Prior to joining LAB Partners, Jasmine gained experience in both law firms and in multi-national corporations, including Amazon, where she was the head of legal for Amazon Web Services Korea and specialised in cloud computing and data privacy. Jasmine started her legal career as an associate at the NY office of Hughes Hubbard & Reed and subsequently worked at Shin & Kim, Franklin Templeton Investments and Amazon in Seoul, Korea. She is also an adjunct professor at Yonsei University, where she teaches legal issues surrounding the 4th Industrial Revolution.

Combining her law firm and in-house experience, Jasmine has an innate understanding of clients' needs and offers creative yet practical solutions to challenging legal issues. She is highly regarded by her clients for her transactional expertise and strong negotiation skills.

Jasmine is a member of the New York Bar. She has a JD from Columbia Law School and a BA in political science and international relations from Yonsei University.