2026. 5. 18.·8 min read

Korea Introduces VASP Cross-Border Transfer Registration Under Foreign Exchange Act

Korea's National Assembly passed an amendment to the Foreign Exchange Transactions Act on May 7, 2026, creating a new registration regime for VASP cross-border transfer services. Here is what compliance teams must prepare for.

#korea#vasp#foreign-exchange-act#cross-border#stablecoin#registration#travel-rule

Korea Introduces VASP Cross-Border Transfer Registration Under Foreign Exchange Act

On May 7, 2026, Korea's National Assembly passed an amendment to the Foreign Exchange Transactions Act ("FETA") that creates an entirely new license category: the "Virtual Asset Transfer Business" registration. For Virtual Asset Service Providers ("VASPs") already operating in Korea under the Act on Reporting and Use of Specific Financial Transaction Information (the "Specific Financial Information Act," or "FTRA"), this is not a cosmetic change. It introduces a parallel registration regime, a new supervisor, and criminal penalties of up to three years imprisonment or KRW 300 million in fines for unregistered operations.

The amendment takes effect six months after promulgation. Compliance teams supporting Korea-facing services should treat that window as the deadline to confirm scope, prepare documentation, and assess infrastructure obligations.

Why Korea Is Acting Now

The legislative motivation is straightforward. The growth of stablecoins and the maturation of blockchain payment rails have created a new channel for cross-border value transfer that the existing foreign exchange framework cannot adequately supervise.

Under the prior regime, fiat-denominated cross-border transfers were captured through banking intermediaries, money services businesses, and the small-amount overseas remittance license. Virtual asset transfers, by contrast, can move across borders on permissionless networks without ever passing through a regulated foreign exchange channel. Korean authorities flagged this gap repeatedly through 2024–2025, and the May 2026 amendment is the first comprehensive legislative response.

Importantly, the amendment does not classify virtual assets as a "means of payment" under FETA. Instead, it creates a distinct regulatory category for the act of cross-border virtual asset transfer, while leaving the underlying classification of the asset itself untouched.

Change 1: The Definition of "Virtual Asset Transfer Business" Is Broad

The amendment inserts new paragraphs 21 through 23 of Article 3(1) defining "virtual asset," "virtual asset service provider," and—most consequentially—"virtual asset transfer business."

The definition has two prongs:

  1. Direct transfers: A VASP transferring virtual assets between Korea and a foreign jurisdiction through sale, purchase, exchange, or other acts prescribed by Presidential Decree.
  2. Substantially equivalent effects: Acts that produce a result substantially equivalent to a direct cross-border transfer, as further specified by Presidential Decree.

The second prong is the one that should worry product and legal teams. A service does not need to be branded as "cross-border transfer" to fall in scope. If the structural outcome of a flow—matching, routing, settlement—is functionally equivalent to moving virtual assets between Korea and a foreign jurisdiction, the registration obligation can attach.

This puts the following service models squarely in the analysis zone:

  • Stablecoin-denominated remittance and payment rails
  • Cross-border on/off-ramp services using purchase-and-redeem mechanics
  • Custodial transfer services between domestic and offshore counterparties
  • Exchange products that effectively net cross-border positions

Notably, the amendment's supplementary opinion calls out that the term "transfer" is used inconsistently across Korean virtual asset legislation—sometimes in a broad sense covering sale, exchange, custody, and intermediation, and sometimes narrowly limited to on-chain transmission. The legislature has asked the government to clean this up, which means the precise perimeter of "virtual asset transfer business" may shift further once the Presidential Decree and subordinate regulations are issued.

Change 2: Three Registration Requirements—And They Are Not Trivial

To operate a virtual asset transfer business, a VASP must satisfy three cumulative conditions under new Article 8-2 and Article 27-2(1)(2):

  1. Prior FTRA reporting. The applicant must already be a reported VASP under the Specific Financial Information Act.
  2. Foreign exchange information network connectivity. The applicant must be connected to the system used by the institutions that aggregate, mediate, and exchange foreign exchange transaction data, payment data, and virtual asset transfer data.
  3. Operational and personnel requirements. Facilities, qualified staff, and other criteria to be specified by Presidential Decree.

Requirement (2) is the implementation bottleneck. The existing foreign exchange information aggregators—primarily the Bank of Korea and the Korea Financial Intelligence Unit's affiliated bodies—were designed around fiat data structures. Whether the Decree will require integration with those legacy pipes, or whether a virtual asset–native channel will be designated, is one of the most important open questions. Either path likely means a multi-month integration effort.

The penalty structure underlines the seriousness of the regime:

  • Operating without registration, or registering through false or improper means: up to three years imprisonment or KRW 300 million in fines.
  • Procedural payment-related violations: up to one year imprisonment or KRW 100 million in fines.

In addition, registered entities must give prior notice to the Minister of Economy and Finance for any change to matters prescribed by Presidential Decree or for any intention to discontinue the business. Registration is not a one-time gate—it carries ongoing reporting obligations.

Change 3: A Broader Supervisory and Data-Reporting Net

Beyond the registration regime itself, the amendment significantly expands government access to virtual asset transfer data:

  • Article 20–25 revisions. Virtual asset transfer business operators are added to the population subject to data and information requests by the Minister of Economy and Finance. The Financial Services Commission is also added as an entity that may receive transaction, payment, receipt, and fund movement data under FETA.
  • "Virtual asset transfer" is explicitly designated as a category of data subject to aggregation and exchange among foreign exchange information bodies.
  • Direct revocation power is granted to the Minister of Economy and Finance against money changers that have effectively ceased operations, signaling tougher supervision of the broader foreign exchange ecosystem.

For compliance teams, this means transaction monitoring obligations and data-retention standards for cross-border VASP flows are likely to converge with—or exceed—those applied to traditional foreign exchange intermediaries.

Who Needs to Run This Analysis Now

The amendment's reach is wider than a literal reading might suggest. The following operators should run a scope analysis before the six-month effective date:

  • Stablecoin payment and remittance services that route value between Korean users and offshore counterparties.
  • Cross-border on/off-ramps, especially those using buy-and-send or buy-and-redeem mechanics to bridge fiat and crypto across jurisdictions.
  • Custodial transfer products that move assets between domestic Korean wallets and offshore wallets or counterparties.
  • Exchange and brokerage services whose internal liquidity routing produces net cross-border virtual asset movement.

The form of the service is no longer protective. A platform that markets itself as a domestic spot exchange but operationally settles cross-border positions through inter-affiliate transfers may fall within scope under the "substantially equivalent effect" prong.

By contrast, ordinary transfers between general legal entities or individuals—where no VASP is acting as an intermediary in the cross-border leg—are not brought into the foreign exchange reporting regime by this amendment. The amendment focuses on the VASP-led conduit, not on end-user transfers.

A related ambiguity remains: when a general business user transfers virtual assets abroad through a registered VASP, it is not yet clear whether the user's own FETA reporting obligations are deemed satisfied by the VASP's registered status. This is one of the cleanest questions for the government to clarify through interpretive guidance or sub-regulation.

What to Watch Between Now and the Effective Date

The Act sets the skeleton. The Presidential Decree and subordinate rules will determine how much it actually weighs. Compliance and product teams should monitor three threads in particular:

  1. The scope of "substantially equivalent effect" acts. Any expansion or narrowing here directly changes which products require registration.
  2. The technical specification for foreign exchange information network connectivity. Format, frequency, data fields, and the designated aggregator will determine integration effort and timeline.
  3. The facilities and personnel criteria. Capital requirements, mandatory roles, internal-control standards, and audit obligations will materially shape the cost of compliance.

The six-month timeline is short. For services with complex cross-border architectures, decisions about service redesign, jurisdictional structuring, or product withdrawal may need to be made before the Decree is finalized. The cost of doing nothing is high: post-effective-date operation without registration is a criminal offense under the amendment.

The Bottom Line

Korea has formally pulled cross-border virtual asset movement into its foreign exchange supervisory perimeter. For VASPs serving the Korean market, the practical implication is a dual registration architecture—FTRA at the AML layer, FETA at the cross-border transfer layer—with criminal exposure attached to either gap.

The amendment is also a strong signal of regulatory direction across the broader APAC region. Singapore, Hong Kong, and Japan have all been refining their cross-border virtual asset frameworks in parallel, and Korea's move is consistent with a trend toward treating compliant cross-border crypto rails as a regulated licensed activity rather than a regulatory gray zone.

Compliance teams should treat the next six months as the planning window, not the buffer. Scope assessment, infrastructure design, and registration documentation can—and should—begin now.

This article is provided for informational purposes only and does not constitute legal advice. It is a re-analysis based on the legal newsletter "Implications of the Introduction of the Virtual Asset Transfer Business Registration System and the Amendment to the Foreign Exchange Transactions Act" published by Barun Law LLC's Digital Asset & IT Team on May 18, 2026. Always verify with official sources and qualified counsel before making compliance decisions.

Sources

  1. https://www.barunlaw.com/newsletter/digital-asset-it

Free Tools

Run a VASP screening yourself

Generate a free 7-criteria EDD report with automatic OFAC sanctions integration.

Run Free Screening →

This article is provided for informational purposes only and does not constitute legal advice. Always verify with official sources and professional counsel before making compliance decisions.