Korea: the current regulatory landscape for crypto assets
IFLR is part of Legal Benchmarking Limited, 4 Bouverie Street, London, EC4Y 8AX
Copyright © Legal Benchmarking Limited and its affiliated companies 2024

Accessibility | Terms of Use | Privacy Policy | Modern Slavery Statement

Korea: the current regulatory landscape for crypto assets

Sponsored by


Seung Jae Yoo, Gye-Jeong Kim and Sung Yun Kang of Kim & Chang review the ever-evolving regulatory landscape for crypto assets in Korea

The Korean government, in its announcement on May 3, 2022, revealed its plan to regulate “security-type tokens” based on the Financial Investment Services and Capital Markets Act (FSCMA). It would regulate other virtual/digital assets, which are non-security-type tokens, through enactment of a Digital Asset Framework Act, which is intended to comprehensively regulate all aspects of virtual/digital asset related matters.

As a part the plan, the Financial Services Commission (FSC) announced a guideline (the Token Security Guideline) on the issuance and distribution of certain types of security-type tokens (the token security). Under this guideline, certain existing laws and regulations would be amended so that the token security in the form of electronic securities based on distributed ledger technology may be issued and distributed. Certain legal systems would also be newly established for, among other things, managing token security issuers’ accounts and over-the-counter brokerage service providers. As a result, certain proposed amendments to the FSCMA and the Act on Electronic Registration of Stocks and Bonds (ESA) for the above purpose are currently pending at the National Assembly.

Separately, the Act for Protection of Virtual Asset Users (Virtual Asset User Protection Act), which is designed to regulate the virtual asset market primarily from consumer/investor protection perspectives, was enacted on July 18, 2023 and is scheduled to take effect from July 19, 2024. The Virtual Asset User Protection Act, which was enacted in the process of preparing the Digital Asset Framework Act, is the first Korean law which is solely designed to regulate the virtual asset service business. Both the Virtual Asset User Protection Act and the Act on Reporting and Use of Certain Financial Transaction Information (AML Act), which requires a virtual asset service provider to be reported with the FSC, have provisions which explicitly allow said laws to apply on extra-territorial basis. Accordingly, both laws would apply not only to virtual asset service participants onshore but also to those who reside outside Korea, to the extent their actions/inactions have an impact to Korean market.

Classification of crypto assets

Depending on how a crypto asset is characterised and treated, different set(s) of Korean laws and regulations would apply. For example, to the extent such a crypto asset is treated as “securities” (as defined under the FSCMA), it would be subject to the FSCMA. If the crypto asset is considered as a “virtual asset” (as defined under the AML Act), it would be subject to the AML Act and the Virtual Asset User Protection Act. Once the Virtual Asset User Protection Act takes effect, however, the AML Act will be amended, so that the definitions of “virtual assets” and “virtual asset service providers” (VASPs) under the AML Act follow the definitions under the Virtual Asset User Protection Act.

Crypto assets that fall under the definition of electronic currency or pre-paid electronic payment means (PEPM) under the Electronic Financial Transactions Act (EFTA) would be subject to the EFTA, which is intended to regulate electronic payments and settlements. In particular, an issuer or payment service provider of any crypto assets which function as a payment means for goods and services or otherwise to settle payments may be required to obtain a licence or register its business under the EFTA.

Regulation on trading of security-type crypto assets

The AML Act defines “virtual assets” as an electronically transferrable certificate or information that can be recognised by transaction counterparties as a medium of exchange or storable economic value. However, the AML Act also explicitly excludes several asset types in electronic forms including “electronically registered securities” (as defined under the ESA) from the definition of “virtual assets.” Whether a crypto asset will be treated as an electronic security or a virtual asset will depend on its characteristics, transaction terms, and how the electronic security will be defined once the ESA is amended. If such a crypto asset falls within the scope of electronic securities (and therefore not a virtual asset), then the regulations on virtual assets and VASPs under the AML Act will not apply to such a crypto asset.

To the extent a crypto asset is considered as securities, trading of such a crypto asset would be subject to the unfair trading related rules and regulations under the FSCMA. The Virtual Asset User Protection Act contains provisions similar to unfair trading related rules and regulations of the FSCMA. However, we anticipate grey areas in applying such provisions under the Virtual Asset User Protection Act, considering practical difficulties in directly relying on court rulings made based on the FSCMA (due to, among others things, discrepancies between provisions under the Virtual Asset User Protection Act and the FSCMA as well as different characteristics between crypto assets and conventional securities).

Token security framework

In February 2023, the FSC released its “plan to improve regulations regarding issuance and distribution of token securities” (the Plan), which is applicable to the onshore issuance and distribution of “token securities” (the FSC has not officially shared its views on its applicability to such issuance/distribution with cross-border elements). The FSC had intentionally used the term “token securities” (as opposed to security tokens) in the Plan to emphasise tokens being classified as securities.

The Plan was announced as part of the FSC’s effort to allow certain security-type crypto assets that satisfy certain requirements (referred to as “token securities” below) to be issued and regulated under the FSCMA, the ESA and other related laws and regulations. The Plan defines a “token security”, which is a new term introduced by the FSC, as a form of security that is digitised using distributed ledger technology. The FSC has stated that it is not introducing a new type of security or adjusting the existing scope of “securities” under the FSCMA.

The Plan further introduces:

  • The Token Security Guidelines which further clarifies certain principles for determining whether a token would be a security and the concept of token securities; and

  • How the regulators intend to amend the FSCMA and the ESA so that the issuance and distribution of token securities would become subject to such laws (including via electronic securities issuance systems, issuer account management agencies and over-the-counter brokerage).

Under the Plan, for a person to provide brokerage services for the trading of token securities, such person would need to obtain the over-the-counter brokerage licence under the FSCMA to be amended pursuant to the Plan. Such licence may only be obtained by financial institutions or a new entity which meets certain strict requirements for such licence. Prior to the FSC’s announcement of the Plan, Korean financial institutions have been effectively restricted from participating in the virtual asset service business (other than the bank’s provision of real name verification services to local cryptocurrency exchanges). In this sense, allowing financial institutions to seek and obtain an over-the-counter brokerage licence for trading token securities under the Plan appears to be a significant development made by the Korean financial regulators.

In addition, the Plan stipulates that:

  • More than 51% of the nodes should be operated by multiple participants, including the electronic registries, financial institutions and account management agencies that are not related parties to the issuer; and

  • Recording any rights holder and transaction information must not require a separate virtual asset (i.e., transaction fees may not be settled using crypto assets on the blockchain). Considering such technical/practical restrictions and requirements, we anticipate some practical difficulties in issuing token securities on public blockchain on an international or cross-border basis pursuant to the Plan.

Virtual Asset User Protection Act

Pursuant to the newly enacted Virtual Asset User Protection Act, a VASP must implement certain consumer protection measures, including:

  • Segregating users’ deposited assets from their own assets by depositing or entrusting them to a custodian such as a bank;

  • Segregating their virtual assets from users’ virtual assets and, in effect, holding the same types and quantities of virtual assets entrusted by users; and

  • Taking necessary measures to fulfill their liabilities/obligations in the event of setbacks caused by hacking and computer failures.

The Virtual Asset User Protection Act broadly covers unfair trade practices involving virtual assets, and violation of such may result in a criminal punishment or an administrative fine. In particular, the law prohibits:

  • The use of any material non-public information regarding a virtual asset by VASPs, issuers of virtual assets and any of their respective officers, employees, agents and major shareholders and any other person who obtains such material non-public information from any of the aforementioned persons;

  • Certain unfair trading activities (e.g., false trading, changing or fixing prices); and

  • Fraudulent trade practices.

In addition, VASPs are prohibited from trading or engaging in certain transactions involving virtual assets issued by themselves or any of their related parties. 

According to the Virtual Asset User Protection Act’s supplementary opinion, a wider scope of legislative improvements is being discussed by the National Assembly and the government. The supplementary opinion requires financial authorities to act on certain measures or assist market players before the enforcement of the Virtual Asset User Protection Act addressing:

  • Conflicts of interest that may arise in the process of issuing and distributing virtual assets;

  • Regulations on stablecoins;

  • Regulations on business activities of VASPs;

  • Regulations on the banking sector’s real name verification deposit and withdrawal account system (an account issued by a local bank whereby the identity of the account holder has been verified);

  • Listing or information disclosure systems in the market; and

  • Regulations on transactions involving virtual assets issued by a VASP or its related parties.

Since the Virtual Asset User Protection Act only covers certain VASP activities and unfair trading activities and carries the same definition of VASP under the AML Act, there are regulatory uncertainties on other innovative types of crypto business such as decentralised finance (DeFi) services.

Crypto assets for payment and cross border remittances


As the Virtual Asset User Protection Act explicitly excludes central bank digital currency (CBDC) from the definition of virtual asset, if CBDC is introduced in Korea, we anticipate issuance/distribution of such CBDC will be regulated under separate laws and regulations. As the Bank for International Settlement appears to be looking into implementing a CBDC ecosystem involving tokenised deposits, unified ledger and singleness of money, the Bank of Korea and commercial banks in Korea are understood to be in extensive discussions on introducing CBDC. Therefore, it is expected that the Bank of Korea will disclose its plan for CBDC soon.


As the Token Security Guidelines stipulate that a crypto asset is unlikely to be considered as securities if it is issued for consuming goods or services, or for maintaining stable value as a payment or exchange means without any promise for redemption, stablecoins do not appear to be subject to the Token Security Guidelines. While legal classification of a stablecoin should be determined on a case-by-case basis, a stablecoin may be viewed as a virtual asset unless it falls under any of the exclusions from the definition of virtual asset. On September 18, 2023, the FSC also issued a regulatory interpretation that a stablecoin may be deemed a virtual asset under certain circumstances and it should be determined on a case-by-case basis. In addition, such stablecoin may be viewed as securities under the FSCMA despite the Token Security Guidelines or foreign exchange under the Korean foreign exchange (FX) laws and regulations. While the Korean FX regulators have not shared their views on whether any crypto asset with foreign currency as underlying asset would be subject to any Korean FX laws and regulations, such crypto asset may, in theory, be subject to such Korean FX laws and regulations.

Payment and cross border remittances

If any cross-border remittance, payment or settlement services using crypto assets are provided to Korean users, such services may be subject to Korean laws and regulations relating to payment, settlement and FX. In which case, depending on the roles of involved parties and transaction structure, certain licence requirements may be triggered (although there has not been any cases where any Korean regulators have determined that such licence requirements would be triggered for such services).


While there have been some significant new developments in the Korean regulatory landscape on virtual assets, there is still several issues and questions to be addressed and resolved by both government and private entities. For example, the FSC does not appear to have considered the decentralised nature of blockchain ecosystems when preparing the Token Security Guidelines. In addition, the Virtual Asset User Protection Act appears to be focused only on VASPs’ asset segregation and prohibition of unfair trading activities, not contemplating regulating smart contract-based services such as those based on DeFi, Decentralised Autonomous Organisation and Web3.0. To address and resolve such issues, the Korean government, but also virtual asset industry players, must actively participate in further developing and promoting the virtual asset industry, while ensuring that virtual asset service users’ interests are sufficiently protected.

Gift this article