Soonghee Lee, Bo Hyun Lee and Jae Ryun Cho of Yoon & Yang discuss the consequences of imposing costly AML and CDD obligations on fintech companies
The development of technology has led to the emergence of a number of fintech companies that provide simple fund payment or transfer services (simple payment service). In Korea, ever since Toss launched its simple payment service in 2015, various fintech services –Kakaopay, Naver Pay, Payco and others – have taken root and grown consistently in popularity.
Although the simple payment service is convenient for users paying or transferring funds via their smartphones, there is a risk of it being used for money laundering as it constitutes a money or value transfer service (MVTS).
The Act of Reporting and Using Specified Financial Information in Korea (Financial Transactions Reporting Act – FTRA) only imposes customer due diligence (CDD) obligations on "financial institutions", statutorily defined as banks, securities companies and insurance companies, and not on fintech companies. As such, anti-money laundering (AML) obligations, including CDD requirements, are not imposed on fintech companies under the FTRA. As money laundering using simple payment services does not fall under the purview of current AML regulations, an amendment to the FTRA that will impose AML obligations, including CDD requirements, on fintech companies is currently under discussion. If the current AML regime is reformed to impose AML obligations on fintech companies, it is expected to have a favourable impact on Financial Action Task Force (FATF) mutual evaluations.
The Korean government currently plans to pass the amendment to the FTRA so that electronic financial business entities using electronic financial transactions would fall under the statutory definition of "financial institutions", which are responsible for the prevention of money laundering pursuant to the FTRA. Following such an amendment to the FTRA, fintech companies will be obliged to conduct CDD.
The imposition of AML obligations, including CDD requirements, on fintech companies has the advantage of establishing an AML regime that complies with international standards by incorporating the FATF recommendations (FATF recommends that AML obligations are also imposed on MVTS businesses). On the other hand, there is a concern that these AML requirements would force fintech companies to discontinue the simple payment service, as they cannot afford the significant cost burden involved in establishing an AML regime.
As such, it is imperative to consider a lighter-tough AML obligation regime on fintech companies.
Customer due diligence (CDD)
CDD is a regime that requires financial institutions to identify the customer, the purpose of the transaction and the source of funds in a financial transaction. CDD, also known as the know-your-customer policy (KYC), requires financial institutions to identify their customers in order to safeguard financial institutions from providing any financial services to criminals.
In 1993, Korea banned all financial transactions under anonymous or fictitious names and only allowed financial transactions under customers' real names. It introduced the "real-name financial transactions system" that required all financial institutions to verify the real names of their customers (Article 3 of the Act on Real Name Financial Transactions and Confidentiality (Real Name Financial Transaction Act)). The real-name financial transactions system served as the cornerstone of CDD and in 2006, the CDD measure was officially implemented to prevent financial transactions from being taken advantage of for money laundering and other illegal activities (FTRA Article 5.2).
Real name financial transactions system vs customer due diligence
Although both the real-name financial transactions system and CDD promote transparency in financial transactions, there are some differences in the objectives of the two measures. Specifically, the real-name financial transactions system has the comprehensive purpose of realising economic justice through a ban on financial transactions under anonymous or fictitious names and/or normalised financial transactions. On the contrary, the purpose of the CDD regime is to prevent illegal activity that uses financial transactions, such as money laundering. In addition, the sanctions for violating the two respective obligations are different. For example, under the Financial Real Name Act, a fine not exceeding KRW30 million (approximately $26,000) will be imposed upon the violation of real name verification obligation (Article 7 of Real Name Financial Transaction Act). On the other hand, under the FTRA, an administrative fine not exceeding KRW100 million will be imposed upon the violation of CDD obligations (FTRA Article 17).
Real name verification and CDD
In the event that a customer opens an account or transfers funds exceeding KRW1 million, a financial institution must verify the identity of the customer by comparing the name of customer with the name of the account holder through the verification of the customer's real name (name and resident registration number) and the photo on a real name certificate (Article 4-2 of Enforcement Decree of Real Name Financial Transaction Act).
Although both the real-name financial transactions system and CDD promote transparency in financial transactions, there are some differences
Under the CDD regime, if a customer opens a new account or engages in a one-time financial transaction exceeding a certain value (for example KRW3 million for a casino chip transaction, KRW1 million for a wire transfer, $10,000 for a foreign exchange transaction, or KRW15 million for other financial transactions), the natural person who ultimately governs or controls the customer must be verified as well as the customer's real name, address and contact number (the Basic CDD). Here, "opening a new account" refers to entering into a contract with a financial institution with the purpose of initiating a financial transaction, for example: (i) the opening of a new account, such as a deposit account and brokerage account; (ii) the execution of insurance, contract of mutual benefit, loan, guarantee and factoring contracts; (iii) the issuance of transferable deposit certificate and cover bill; (iv) the registration of funds; (v) and the arrangement of safe-deposit rentals and (vi) the receipt of reserve note, etc. (Article 22 of Regulations on Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT Regulation)). Additionally, "one-time financial transaction" refers to a financial transaction not involving an account opened with a financial institution, for example, a bank transfer (remittance), foreign currency remittance and exchange, issuance and payment of cashier's check, stock lock-up, and the sale of prepaid cards (Article 23 of AML/CFC Regulation).
Financial institutions can verify the customer's identification by checking certain forms, such as customer transaction confirmation document, or questioning the customer. Furthermore, financial institutions must verify the accuracy of the information through reliable documents, data and information (Article 37 of AML/CFC Regulation).
Enhanced CDD and transaction rejection
If a customer is suspected of committing money laundering or financing terrorism, including if there are suspicions as to whether the customer is the real account holder, a financial institution must further identify the purpose of the financial transaction and the source of the transaction funds in addition to CDD (Enhanced Customer Due Diligence – EDD) (FTRA Article 5-2(1)).
If it is not possible to verify the identity of a customer because he or she refuses to provide information, a financial institution must reject any new transaction with that customer, such as opening a new bank account, and in the event that the customer has any pre-existing transaction, the financial institution must terminate it (FTRA Article 5-2 (4)). Further, if the transaction has been terminated or rejected, the financial institution must decide whether to report it as a suspicious transaction (FTRA Article 5-2 (5)).
Identifying owners of a corporate or entity customer
In compliance with the international standards of the FATF, Korea included the identification of a natural person ultimately governing or controlling a customer ("actual owner") as part of its CDD requirements in 2016 (FTRA Sub-Section 1(b) of Article 5-2(1)).
In accordance with the verification procedure for an actual owner under the FTRA, if a customer is a corporation or an organisation, a financial institution must identify the following persons as the actual owner: (i) any person who owns at least 25% of total issued and voting share or any other equity interests; or, if that is not possible, (ii) any person who owns the most shares or equities, a shareholder appointed by the representative or by the majority of executive members, or a person who actually governs or controls the corporation or organisation; and if that is not possible then (iii) the representative of the corporation or organisation (FTRA Sub-Section 1(b) of Article 5-2(1) and Article 10-5(2) of the FTRA Enforcement Decree). In addition, where the shareholder of at least 25% or the majority owner of the issued and outstanding shares or equity of a corporation or entity is another corporation or organisation, the financial institution may verify the actual owner as the person who may exercise a dominant influence over important managerial matters of other corporations or organisations and concurrently falls under (i), (ii) or (iii) as outlined above (FTRA Enforcement Decree Article 10-5(3)).
Enhancing sanctions for CDD violations
Although the FTRA imposes an administrative fine for violations of CDD obligations (and supervisory authorities have imposed sanctions on domestic financial institutions for violation of CDD obligations), there have been only few instances where serious sanctions were imposed in connection with the non-compliance of CDD obligations. In particular, in the case of actual owner verification, sanctions on past financial institutions were imposed mainly in the form of guidance, given that it is still the early stage of introducing the system,
However, since the FATF mutual evaluation on Korea is scheduled to take place from January 2019 to February 2020 and the FATF may impose sanctions on member countries depending on FATF mutual evaluation result, supervisory authorities have recently strengthened their supervision, regulation and sanctions for compliance with AML and CDD obligations. Furthermore, there have been legal amendments in compliance with the FATF's international standards, such as the January 15 2019 amendment to the FTRA (effective as of July 1 2019) that raised the ceiling on fines for CDD violations to KRW100 million from KRW10 million. Accordingly, compliance with AML obligations and/or the strengthening of internal control standards have recently become significant issues for domestic financial institutions.
Indirect impact on fintech companies
Although fintech companies constitute electronic financial service providers under the Electronic Financial Transactions Act and MVTS based on the FATF recommendations, they would still not be able to afford to establish a full-scale AML regime.
Therefore, even if there is a need to impose AML obligations on fintech companies, the imposition of a full-scale AML obligations could lead to the abandonment of entire businesses and hinder the launch of innovative financial services by fintech companies.
In light of the aforementioned issues, while it is imperative to prevent the risk of money laundering via simple payment services, a debate is needed on how to ease AML obligations for fintech companies to cate for their unique nature.
|About the author|
As a head of the banking and finance practice group, Soonghee Lee mainly focuses on finance and securities-related work. Soonghee is highly experienced in advising on financial regulations, cryptocurrencies, anti-money laundering, capital markets litigation and dispute resolution, and various transactions involving financial institutions, financial investment companies, cryptocurrency exchanges and listed companies in Korea. His expertise includes advising on financial investment instruments, including structured securities, such as foreign exchange derivatives, ELS and other financial derivatives, ISDA contracts, and the investigation and inspection of financial supervisory institutions. He also provides legal advice to cryptocurrency exchanges and financial institutions in Korea on issues such as cryptocurrency and anti-money laundering.
|About the author|
Bo Hyun Lee
Bo Hyun Lee is a partner in the banking and finance practice group at Yoon & Yang. His main practice areas include corporate law, M&A, finance, foreign inbound/outbound investment, capital markets, project finance, private equity, anti-money laundering, IPOs and asset management. Bo Hyun has recently contributed to an "On the Bar" column of The Korea Herald, a major Korean English language newspaper, on virtual currencies and their anti-money laundering obligations in Korea.
|About the author|
Jae Ryun Cho
Jae Ryun Cho is a partner in Yoon & Yang who focuses on securities, private equity, funds, corporate law, M&A, finance, financial regulation, commerce, fintech and corporate litigation. He provides legal advisory services to many companies and financial firms regarding a wide range of issues, including corporate governance, finance, AML, anti-dumping, listing, IPOs, venture capital, derivatives and foreign exchange matters. He has handled disputes regarding corporate control and litigation on finance, securities and funds. He also provides legal advice to fintech companies, cryptocurrency exchanges and financial institutions in Korea on issues such as cryptocurrency and anti-money laundering.