Yeon Soo Jung and Chan Moon Park of Kim & Chang provide an overview of Korea’s KYC, due diligence and anti-money laundering procedures and requirements

Know Your Customer (KYC) regulations require financial institutions and other regulated companies to identify, document and validate the authenticity of the customer before undertaking any service for them. Comprehensive KYC policies, including customer due diligence (CDD) requirements, serve as a risk mitigant and surveillance control to safeguard financial institutions, their systems and platforms, from being taken advantage of by money launderers.

Korea is no exception. The KYC/CDD requirements form an important part of the anti-money laundering regime in Korea and it is generally imposed and governed by the Act on Reporting and Use of Information Concerning Certain Financial Transactions (the Financial Transactions Reporting Act or FTRA). The FTRA, however, only applies to those financial institutions that are duly licensed under the relevant provisions of the Korean financial regulations, and therefore any fintech companies that are not within the realm of the regulated financial industry would not be subject to these KYC/CDD requirements.

Financial institutions are required to conduct CDD and establish business protocols to confirm the personal information of a customer who opens a new account or carries out a one-time transaction of over $10,000 or over KRW20 million. They are also required to authenticate the identity of a customer and confirm the purpose of the transaction if they have any reason to suspect potential money laundering activities. There is a separate set of CDD requirements for casino operators designed to prevent such operations from being taken advantage of for money laundering purposes. For those services and industries with little-to-low risk of money laundering, simplified CDD can suffice. For the high risk industries, on the other hand, the enhanced CDD would apply.

Starting in 2016, Korean financial institutions are required to identify the 'beneficial owner' of each customer and take reasonable steps to verify the identity of that person as part of their CDD. This applies to both individual customers acting on behalf of another individual, or corporate institutional clients that are controlled by a natural person or another institution with a large ownership stake in the institution.

Anti-money laundering risks

Since the 1990s, the Korean government has been making all-out efforts to root out the country's underground economy and crack down on financial transactions using borrowed names. This government drive turned out to be a success story and Korea now boasts one of the most transparent and well-advanced retail and institutional banking and consumer credit markets, almost to the point of market saturation. As most of the financial transactions are conducted through banks and credit card companies (some of which are affiliated with banks, while others are not) that are subject to the strict KYC/CDD requirements, it is understood that the prevailing status quo in terms of anti-money laundering (AML) compliance in Korea is not inconsistent with the international standards. That said, Korea being one of the most wired countries in the world, there are hundreds of start-ups in Korea with a lot of brains and money working on various alternatives to traditional banking, just like in Silicon Valley. Similar to the US and elsewhere, Korean financial regulation has not quite caught up with this reality, although it goes without saying that it will be just a matter of time. It is incumbent upon these fintech companies to be aware of their anti-money laundering obligations and the challenges that they may face in designing a sufficiently robust AML compliance programme to satisfy regulators. While nothing specific has surfaced to date, we expect there would be some form of regulatory reaction to the rise of the fintech industry, whether it be the legislature/regulars expanding the scope of the FTRA to cover fintech companies, or the legislature introducing an entirely new set of laws to address various fintech-related issues.

Another key consideration in the region is the unprecedented economic sanctions recently imposed by the US and the UN on North Korea. These economic sanctions essentially designate North Korea as a jurisdiction of primary money laundering concern and impose the most severe restrictions with vary narrow exceptions. One of the unintended consequences of this is that a lot of South Korean nationals with the same names as North Koreans – for example, Kim Jong-Un is a very common South Korean name as well – find themselves on the Specially Designated Nationals and Blocked Persons list and have to experience disruptions in their financial activities.

Demonstrate a robust AML compliance framework

Financial institutions that are subject to the FTRA and its detailed regulations are required to put in place robust AML internal control and monitoring systems that meet the AML requirements under the FTRA. Given the importance of the AML issues, the Korea Financial Intelligence Unit (KoFIU) and the Financial Supervisory Service (FSS) regularly conduct their AML audits and inspections on financial institutions' operation in Korea.

The sure-fire way to demonstrate that your institution has a robust AML compliance framework is to proactively seek independent third-party assessment on how well your internal AML compliance system is functioning in comparison to the industry best practices. If any problems or issues are identified, your firm should demonstrate that you have the requisite manpower and corporate governance infrastructure to deal with them. It is very important to have an independent internal auditor who is empowered to monitor the firm's AML compliance on a continuous basis. This audit function can also be outsourced to a third-party expert, such as an external legal advisor.


  First published by our sister publication IFLR magazine. Take your free trial today.


Yeon Soo Jung
Kim & Chang

About the author
Yeon Soo Jung is an attorney at Kim & Chang. He practices primarily in corporate investigations and white collar defence, securities regulation, capital markets, investment management and Japanese practice.

Jung has a track record of public service of more than 26 years at the Prosecutors' Office, the Ministry of Justice, the Korea Financial Intelligence Unit (KoFIU) and the Financial Supervisory Service. As a government prosecutor for 21 years at the Prosecutor's Office, he handled criminal cases with a particular emphasis on economic and financial fraud cases. During his tenure as the head of review and analysis office at the Financial Intelligence Unit of Korea Financial Services Commission, he helped to establish the KoFIU as a nationally as well as a globally recognised anti-money laundering authority by setting up a computer system to improve financial transparency and better identify criminal money sources. As deputy governor of the Financial Supervisory Service from June 2008 to May 2013, he assumed the responsibility of presiding over business regarding capital market investigations, corporate disclosure and examinations of financial investment companies.

Chan Moon Park
Kim & Chang

About the author
Chan Moon Park is an attorney at Kim & Chang. He practices primarily in banking, capital markets, project finance, securities regulations, structured finance, human resources, insolvency and restructuring, and litigation.

Since joining the firm in 1998, Park has worked in diverse areas, including mergers and acquisitions in the financial industry, banking and securities regulations, asset-backed securitisation, project financing, international capital markets, and tax. In the banking practice group, Park assists clients on a broad range of matters, including the establishment of domestic branches and subsidiaries, as well as assisting the foregoing institutions with regulatory compliance issues, including regulatory audit and investigation.

Park also worked as a foreign temporary associate at Davis Polk & Wardwell, New York office from 2004 to 2005.