South Korea Softens Planned Crypto Reporting Rules For Large Cross-Border Transfers
South Korea’s top financial watchdog has scaled back a key part of its planned crackdown on large cryptocurrency transfers, signaling a more pragmatic approach to regulating the country’s fast‑growing digital asset sector.
The Financial Services Commission’s Financial Intelligence Unit (FIU) has revised its proposed amendments to the Specific Financial Information Act (SFIA), easing some of the strict reporting obligations that were set to apply to big overseas crypto transactions.
The SFIA is the core law that underpins South Korea’s rules on digital assets, anti‑money laundering (AML), and the oversight of virtual asset service providers (VASPs). The latest changes mark a notable shift from a one‑size‑fits‑all framework toward a more risk‑based, flexible regime.
Original Plan: Automatic Reports For Transfers Above 10 Million KRW
In March, the FIU unveiled draft amendments that would have required local crypto exchanges and other VASPs to flag as “suspicious” any transfer over 10 million Korean won (around 6,400 dollars) sent to or received from overseas platforms or private wallets.
Crucially, this reporting obligation would have applied regardless of the actual risk profile of the transaction. A simple large transfer to a user’s own hardware wallet or to a reputable foreign exchange would have been treated the same way as a transfer with clear red flags.
Industry participants warned that such a blanket threshold-based rule would overwhelm both companies and regulators with low‑risk or false‑positive reports, undermining the purpose of AML surveillance rather than strengthening it.
New Approach: Mandatory Risk Management Systems Instead Of Blanket Filing
In the revised version of the proposal, the FIU has backed away from mandatory reporting solely based on the 10 million won threshold. Instead, every crypto business will be required to design and operate its own AML risk management system.
An FIU official explained that if the law relied only on the monetary threshold as a reporting trigger, firms would simply submit reports mechanically, without any real assessment of whether a transaction is genuinely suspicious. To avoid that, the focus is shifting toward “qualitative” risk assessments performed by each operator.
In practice, this means exchanges will have to build internal models and procedures that consider multiple factors: user history, transaction patterns, geographic risk, and links to previously flagged addresses, among others. Large transfers may still be reported, but only when they fail these risk checks rather than automatically because of their size.
Industry Feedback Helped Shape The Changes
The decision to soften the proposed rules followed a round of consultations between regulators and representatives from major domestic exchanges earlier this week. Authorities sought detailed feedback on how the original draft would play out in day‑to‑day operations.
The Digital Asset Exchange Joint Council (DAXA), which represents the country’s largest crypto trading platforms, submitted a formal statement opposing the initial version of the AML amendments. Drawing input from 27 VASPs, the group warned that the threshold-based reporting rule would lead to severe confusion and operational bottlenecks.
Their analysis estimated that suspicious transaction reports filed by the country’s top five exchanges could balloon from around 63,408 cases last year to more than 5.4 million under the new regime. Handling that volume of filings, they argued, would be close to impossible, both for the industry and for the FIU itself.
Regulators appear to have accepted a large part of this argument, opting to move toward a system where firms are judged on the strength and effectiveness of their risk controls rather than on raw reporting volumes.
Customer Due Diligence Rules Also Relaxed
The revised package does not only touch reporting obligations. It also moderates some of the stricter customer due diligence (CDD) requirements that were initially proposed.
The original draft called for enhanced CDD for all transactions deemed high-risk or suspicious. This would have included in‑depth checks on the source of funds, verification of the economic purpose behind each transaction, and potentially more frequent updates of customer profiles.
Under the updated plan, enhanced CDD will be reserved for transactions categorized as particularly high-risk. Routine transfers that trigger some risk indicators but do not reach the highest risk tier will likely be subject to standard CDD procedures rather than the more intrusive enhanced checks.
For exchanges and other VASPs, this change should make compliance more manageable. It narrows the scope of cases where they must delve deeply into every single large or complex transaction, allowing them to focus resources on genuinely concerning activity.
Relief For Smaller Businesses: Grace Period For Financial Requirements
Another notable adjustment concerns the financial stability criteria for registering as a virtual asset business. The authorities had proposed a strict requirement related to the debt‑to‑equity ratio, setting a ceiling at 200%.
While the rule is meant to ensure that crypto companies maintain a sound capital structure and are less prone to collapse, smaller firms argued that immediately meeting such a standard would be difficult, especially in a volatile market.
To address these concerns, regulators will now offer a one‑year grace period for meeting the debt‑to‑equity ratio requirement. This gives smaller players extra time to shore up capital, reduce leverage, or restructure their balance sheets without facing an abrupt loss of their registration status.
Travel Rule Expansion Remains Intact
Despite these concessions, one part of the regulatory package will remain untouched: the expansion of the “travel rule” to smaller transfers.
The travel rule requires VASPs involved in a transfer to exchange and store identifying information about the sender and recipient when a crypto transaction is made. Previously, this obligation applied only to transfers above 1 million won between domestic providers.
Under the amended SFIA, the scope of the travel rule will be widened to include transfers below that threshold as well. This means more transactions will be accompanied by customer identification data, closing a gap that authorities say could be exploited by money launderers and other illicit actors.
For users, this means that even moderately sized transfers between regulated platforms are more likely to involve collection and sharing of personal data, though the underlying goal is to increase traceability and reduce anonymity in potentially risky flows.
Timeline: Changes Could Take Effect In August
The revised bill is now moving through the final stages of the legislative process. If it passes scrutiny by the Ministry of Government Legislation and other relevant government bodies, the updated SFIA amendments are scheduled to come into force on August 20.
Crypto businesses will have to use the intervening months to prepare their internal systems. That includes building or refining AML risk‑scoring models, updating transaction monitoring software, training compliance staff, and aligning internal policies with the new risk‑based approach.
How The Easing Affects Exchanges And Other VASPs
For exchanges and custodians, the easing of blanket reporting rules is a mixed, but generally positive, development.
On one hand, they are no longer forced to treat every large overseas transfer as suspicious. This dramatically reduces the expected surge in mandatory filings and lowers the administrative burden. Staff can focus more on quality investigations rather than processing an avalanche of automated reports.
On the other, the responsibility now shifts more heavily onto each company. Regulators will expect them to prove that their risk management systems are robust, data‑driven, and updated regularly. Poorly designed systems could lead not only to enforcement action but also to missed detection of illicit flows.
Smaller VASPs, in particular, will have to invest in compliance technology or partner with third‑party providers to meet these expectations. While the grace period on the debt‑to‑equity ratio gives financial breathing room, there is still a non‑trivial cost to building a modern AML infrastructure.
What It Means For Ordinary Crypto Users In South Korea
For retail and professional users, the regulatory fine‑tuning may not be immediately visible, but it will shape their experience over time.
Large transfers to foreign exchanges or personal wallets are now less likely to be mechanically flagged and delayed solely due to a fixed threshold. However, if a transaction triggers risk indicators in the exchange’s internal system-such as links to blacklisted addresses or unusual patterns-it may still be scrutinized, delayed, or reported.
KYC (know‑your‑customer) procedures may feel slightly more targeted rather than universally strict. Truly high‑risk activity will face heavier checks, while regular users who trade, invest, or move assets within normal patterns could see fewer intrusive requests for documentation.
At the same time, the widened travel rule and the increased emphasis on risk‑based monitoring mean that user data will be more comprehensively collected and analyzed. Privacy‑minded users will need to recognize that transacting through regulated platforms comes with higher transparency to authorities.
Balancing Innovation, Compliance, And Taxation
The adjustments to the SFIA come as South Korea prepares for a much broader debate about how crypto should be treated in its legal and tax systems. A long‑planned crypto tax regime is slated to start in January 2027, but its details are increasingly contested.
Lawmakers are expected to reopen discussions around crypto taxation after a petition to scrap the existing framework gathered enough support to force a debate in the National Assembly. This creates a wider context in which the current regulatory softening can be seen as part of a balancing act: the state wants to tighten oversight of illicit flows while avoiding an exodus of legitimate crypto activity offshore.
For policymakers, the challenge is to develop a framework that meets international AML standards, offers investor protection, and still keeps South Korea attractive as a hub for digital asset innovation. The latest move by the FIU suggests that regulators are willing to revise rules when their practical impact appears disproportionate.
Global Context: South Korea Aligns With Risk‑Based Trends
South Korea’s shift from strict threshold‑based reporting to firm‑level risk management mirrors a broader trend in global financial regulation. International standards increasingly emphasize a risk‑based approach, where institutions are evaluated on how effectively they detect and manage risk, rather than how much raw data they dump on regulators.
By insisting on stronger internal AML systems while easing blanket reporting, the FIU is aligning more closely with this philosophy. If implemented well, such an approach can generate better intelligence on genuine threats, reduce unnecessary friction for users, and provide regulators with more meaningful signals.
However, the quality of execution will matter. Robust supervision and clear guidance will be needed so that risk‑based systems are not treated as a box‑ticking exercise, but as a living framework that evolves with new threats, technologies, and market behavior.
In sum, South Korea is not backing away from regulating crypto; it is recalibrating how it does so. The latest adjustments signal a move toward smarter, more targeted oversight that aims to protect the financial system without suffocating the country’s dynamic digital asset ecosystem.