The Financial Services Commission (FSC) proposed detailed rules under the Act on the Protection of Virtual Asset Users (“the Act” hereinafter), which is scheduled to take effect on July 19, 2024. Aimed at protecting virtual asset users and establishing a sound order in virtual asset transactions, the Act defines the scope of virtual assets subject to the law and requires virtual asset service providers (VASPs) to safely manage and store their customers’ deposits and virtual assets. It also provides statutory grounds for sanctions including criminal penalty and fines to punish unfair trading activities using virtual assets. The proposal is intended to specify details that the Act delegates to its subordinate enforcement decree and supervisory regulation.
First, the proposal specifies more types of tokens not covered by the Act. Under the Act, virtual assets are defined as electronic tokens with economic value which can be traded or transferred electronically. The Act excludes game money, electronic money, electronic stocks, electronic bills, electronic B/L and central bank digital currency (CBDC) from the coverage of the law. The proposal adds electronic bonds, mobile gift certificates, deposit tokens linked to CBDC, and non-fungible tokens (NFTs) to the list of excluded tokens.
Second, the proposal prescribes what kind of financial institutions should be a custodian for VASP customers’ money and how customers’ funds should be managed. The Act requires VASPs to keep customers’ money separate from their own funds and deposit or trust them to a credible financial institution. Taking account of credibility, stability and current systems of operating deposit, the Enforcement Decree chose banks as a custodian institution for VASP customers’ money. Custodian banks are allowed to invest VASP customers’ deposit or trusted funds, kept separately from VASPs’ own funds, only in safe assets such as government bonds. VASPs are required to pay fees to their customers for using their deposits, taking account of their operating profits and costs.
Third, VASPs are required to store 80% or more of their customers’ virtual assets in cold wallets. The proposal tightened the threshold to 80%, higher than the 70% requirement for VASPs to get a certificate of Information Security Management System (ISMS) under the Act on Reporting and Use of Certain Financial Transaction Information. The amount of cold wallet storages needs to be calculated based on the economic value of customers’ virtual assets, which is the total amount of each type of virtual assets multiplied by the average daily converted amount in KRW for the past year. VASPs are required to calculate the economic value of their customers’ virtual assets on a monthly basis and keep 80% or more of the amount in cold wallets.
Fourth, the proposal establishes criteria for insurance deductibles or reserves for VASPs to fulfill liability in the event of incidents such as hacking or computer failures. VASPs are required to purchase liability insurance with a compensation limit of at least 5% of customers’ virtual assets stored in hot wallets with or set aside the same amount as reserves. The amount of compensation limit or reserves should be calculated on a monthly basis, and VASPs should raise their compensation limit or accumulate more reserves in accordance with monthly calculations.
For cases in which 5% of the economic value of customers’ virtual assets is below a certain amount, however, the proposal also establishes minimum criteria for compensation limit or reserves. For VASPs operating exchanges between virtual assets KRW markets, the minimum criteria is set at KRW3 billion. Other VASPs including exchanges operating only in coin markets, wallet or custodian service providers are required to set aside at least KRW500 million for compensation or reserves.
Fifth, the proposal specifies the timing for material nonpublic information to be deemed public, since when insider trading is allowed in virtual asset markets. Regulatory frameworks on unfair trading activities under the Act on the Protection of Virtual Asset Users basically follow principles under the Financial Investment Services and Capital Markets Act (FSCMA). Under FSCMA, material nonpublic information is considered public after three hours have passed since such information was disclosed through the system of the FSS or KRX. Taking account of characteristics of virtual asset markets, the proposal establishes its own criteria for material nonpublic information to become public. For cases in which such material information is disclosed through virtual asset exchanges, the information is deemed public after six hours have passed since the disclosure. If material information is disclosed on the website of coin issuers with a White Paper, the information is deemed public after one day has passed since the disclosure.
Sixth, the proposal prohibits VASPs from arbitrarily blocking user's deposits and withdrawals in principle and provides exceptions. Under the Act, VASPs are prohibited from arbitrarily blocking their customers’ deposits and withdrawals without justifiable grounds. In the event of such violations, VASPs shall compensate users for their damages. Even if a justifiable cause arises, VASPs are required to notify users in advance of the reason for blocking services. The proposal stipulates that VASPs are allowed to block users’ deposit and withdrawals only when it is necessary to protect users. Such occasions include when (a) a computer failure occurs in the virtual assets-related information system; (b) a court, investigative agency, National Tax Service, or financial authorities request the blocking in accordance with relevant laws; or (c) an incident such as hacking has occurred or is clearly expected to occur.
Seventh, the proposal imposes the duty of monitoring abnormal transactions on VASPs and establishes a procedure for imposing fines for unfair trading activities. VASPs are required to regularly monitor abnormal activities such as transactions involving extreme volatility in prices and trading volumes and when detecting suspicious transaction activities, they need to immediately report to the financial and investigative authorities. The FSC and FSS will conduct an investigation into the reported abnormal transactions, and if charges of unfair trading practices are found, they will report or notify them to the investigative agency after an approval by the FSC. Basically, fines are imposed following the prosecutor's disposition on the case. However, fines may be imposed even before the prosecutor’s disposition if consultation with the prosecutor has been made or if one year has passed since the case was first reported or notified to the investigative agency.
The proposed rules are open for public comments from December 11, 2023 to January 22, 2024 and expected to be implemented from July 19, 2024 after going through legislative proceedings.
* Please refer to the attached PDF for details.