AML/CFT Regime
In Korea, financial institutions are required to conduct customer due diligence (CDD) under the Act on Real Name Financial Transactions and Guarantee of Secrecy (the “Real Name Financial Transactions Act”) and the Financial Transaction Reports Act (FTRA). The Real Name Financial Transactions Act, which was enacted in 1993, establishes the framework for basic CDD measures. It effectively prohibits the opening or maintaining of anonymous accounts or accounts under fictitious names, and requires financial institutions to check and verify the real name of their customers.
An amendment of the FTRA, which was promulgated in January 2005 and came into force in January 2006, expanded the scope of the CDD requirements in terms of the variety of financial transactions subject to CDD requirements and customer identification information subject to verification.
Opening of New Accounts
Article 5-2(1)1 of the FTRA requires financial institutions to identify their customers when they open new accounts. Article 10-2(2) of the Enforcement Decree of the FTRA defines "opening a new account" as "entering into a contract with a financial institution to initiate a financial transaction". Article 2(2) of the FTRA comprehensively defines ‘'financial transactions’' thus requiring CDD whenever establishing business relations.
Occasional Financial Transactions Above the Designated Threshold
Article 8-2(1) of the Enforcement Decree of the FTRA requires customer identification and verification for occasional transactions of domestic currency that are above the designated threshold of KRW 20 million. An occasional transaction is a financial transaction carried out without an opened financial institution account (Article 10-2(2) of the Enforcement Decree of the FTRA).Occasional transactions Include receiving and paying cash without the use of an account (including remittances or deposits without a passbook), obtaining or cashing a cashier's check, purchasing or selling a traveler’s check, safeguard deposits, buying and selling prepaid cards, and wire transfers.
Violating the CDD Obligation
The Korean government amended the Financial Transaction Reports Act in March 2012 and the Act came into force in March 2013. Article 17 of the act stipulates an administrative fine of KRW 10 million (USD 9,000) or less for CDD or CDD obligation violators, imposing sanctions on financial institutions and their employees for violating customer due diligence obligations.
Customer Identification Information
Under Article 5-2(1)1 of the FTRA and Article 10-4 of the Enforcement Decree of the FTRA, financial institutions are required to identify and verify customer identification information. The customer identification information that financial institutions are required to check and verify for each category of customers is set out in the table below.
| Category of Customers | Customer identification information |
|---|---|
| Individuals | Real name(defined under Article 2(4) of the Real Name Financial Transaction Act), resident registration number, address, contact information |
| For-profit legal entities | Real Name as per the business registration certificate, business registration number, business type, locations of headquarters and offices, contact information, real name of the representative |
| Non-profit legal entities and other organizations | Real name, purpose of business establishment, locations of the main offices, contact information, real name of the representative |
| Foreigners and foreign organizations | Information specified in the corresponding category of the three categories above, nationality, location of local residence or office |
Verification of Authority
In accordance with Article 10-4(1) of the Enforcement Decree, financial institutions will check the authority of those who conduct financial transactions on behalf of natural and legal persons or organizations. These individuals will be referred to as “agents” and will undergo CDD (Article 38(3) of the AML/CFT Regulation).
Verification of Existence
Financial institutions shall verify the existence of a legal person or arrangement through documents that can prove the establishment of legal entities, such as a copy of a corporate register pursuant to Article 38(4) of the AML/CFT Regulation.
Verification of Ownership
Regardless of suspicion of money laundering or terrorist financing, when a customer opens a new account or engages in financial transactions in the amount or in excess of the threshold prescribed in the Presidential Decree, the natural person(s) who owns or controls the customer must be identified. The following is also the case for legal persons or arrangements, regardless of any suspicion of money laundering or terrorist financing (Article5-2(1)1 of the Financial Transaction Reporting Act).
Verification of Intent
In accordance with Article 37(2) of the AML/CFT Regulation, financial institutions shall obtain information on the purpose and intended nature of a business relationship when conducting financial transactions with customers.
Ongoing CDD
Financial institutions shall conduct ongoing CDD for customers as long as the business relationship continues and it shall cover the following in pursuant to Article 34(1): - Financial institutions shall thoroughly examine transactions to check if information they have on customers, businesses, risk-evaluation, and source of funds is consistent with transactions. - Financial institutions shall determine the frequency of CDD required based on the risk level of customer transactions. - Financial institutions will regularly review the existing CDD documents, data and information to ensure their accuracy and validity.
Customer Refusal to Provide Information
If reporting entities are unable to perform customer due diligence due to a customer’s refusal to provide information for identification purposes, they will not open new accounts or perform new transactions and will terminate existing business relationships related to that customer (Article 5-2(2)4 of the Financial Transaction Reporting Act). If financial institutions refuse to perform transactions or terminate transactions according to Article5-2(4), they should consider making a suspicious transaction report under Article 4 (Article 5-2(2)5 of the Financial Transaction Reporting Act).
Financial institutions shall fulfill their CDD obligations without delay(Article 33(1) of the AML/CFT Regulation) if they conduct CDD after the completion of financial transactions in accordance to Article 10-5 of the Enforcement Decree and Article 23 of the Financial Transaction Reports and Supervisory Regulation.
Financial institutions shall establish AML/CFT risk management procedures for CDD under Article 33(1). (Article 33(2) of the AML/CFT Regulation).
Financial institutions shall conduct CDD at an appropriate time for customers with whom business relationships had been already established before the amendment of the Act was implemented on December 22, 2008. These customers will herein after be referred to as “existing customers” (Article 25(1) of the AML/CFT Regulation). An appropriate time is defined as one of the following: - When a transaction of significance takes place - When customer documentation standards change substantially - When there is a material change in the way the account is operated - When the financial institution becomes aware that it lacks sufficient information about an existing customer. Financial institutions shall perform CDD again on customers for whom CDD was conducted after the enforcement date of Article 25(1) in accordance to Article 25(2) and 25(3) of the AML/CFT Regulation.
If a financial institutions cannot conduct CDD with a business relationship already established, they may terminate the business relationship and consider filing an STR under Article 4 of the Act in accordance with Article 44(2) of the AML/CFT Regulation.
Based on an analysis conducted by the Korean government between March 2009 and March 2010 of ML and TF risks at financial institutions which were exempted from some of the AML/CFT Requirements, it was concluded that securities corporations and collective investment corporations that make direct financial transactions with the general public should not be exempted from these obligations. These findings will be reflected in related regulation amendments in due time.
Suspicious Transaction Reports (STRs)
A Suspicious Transaction Report (STR) is one of the core measures to fight money laundering and terrorist financing. Financial institutions and casinos are required to file STRs when they have reasonable grounds, based on their expertise and subjective judgment, to suspect that the funds that they have received are criminal proceeds or that the customer is engaged in money laundering or terrorist financing
What Must be Reported
Financial institutions and casinos are required to report to the KoFIU when they have "reasonable grounds" to suspect that the funds they received in relation to a financial transaction are illegal assets, or that the customer is engaged in money laundering or financing for offences of public intimidation. They are also required to report to the KoFIU when they have reported to a law enforcement agency funds that they have come to know are criminal proceeds or transaction that they have come to know is involved in money laundering. Failure to do so can result in sanctions, such as disciplinary action against employees at financial institutions and administrative fines for financial institutions themselves, all of which are implemented by the Korea Financial Intelligence Unit.
How to File an STR
If, based on his/her expertise, experience, and the usual transaction profile of a customer, a front desk teller suspects that a transaction or a movement of funds is related to money laundering or to terrorist financing, he/she will report it to the reporting officer in his or her organization. The reporting officer will review what was reported by the front desk teller and, if there are reasonable grounds for ML/TF suspicion, he/she will report the transaction using a standard STR form, which is part of the Financial Transaction Report and Supervision Regulation. An STR must include the name of the reporting entity, the ground for suspicion, information about the customer, a description of the transaction, and the list of data kept in relation to the reported transaction. The STR can be filed on-line, in hard copy, or as an electronic file contained on a disk. If a transaction must be reported urgently, it can be reported by fax or telephone, and supplemented afterward.
Dissemination of STRs
The KoFIU will conduct comprehensive analysis of all the STRs it receives based on the information contained in the STR, and on additional information that it obtains, such as foreign exchange transactions data, credit information, and information provided by foreign FIUs, etc. If it finds reasonable grounds to suspect that the reported transaction is related to money laundering or terrorist financing, it will pass on the STR to an appropriate law enforcement agency. The appropriate law enforcement agencies for STR dissemination include the Public Prosecutor's Office, the National Police Agency, the National Tax Service, the Korea Customs Service, the Financial Services Commission, and the National Intelligence Service. The law enforcement agencies will conduct further investigation into the case and take appropriate law enforcement actions, as needed.
On January 18, 2006, Korea implemented a new Currency Transaction Report (CTR) system, under which financial institutions and casinos ("reporting entities") are required to report to the KoFIU all cash transactions above a designated threshold. Under Article 4-2 of the FTRA and Article 8-2 of the Enforcement Decree of the FTRA, reporting entities are required to report to the KoFIU when the amount of cash paid or received in all transactions conducted with in one trading day under the same name is above a threshold, which is currently set at KRW 10 million. While the Suspicious Transaction Report (STR) relies on the expertise and subjective judgment of employees at reporting entities, CTRs are only reported when transactions meet certain objective criteria without any subjective judgment.
The CTR data are used in strategic analysis and as supplementary data for the individual analysis of STRs. The effectiveness of information analysis is expected to be enhanced when STR data are analyzed in conjunction with CTR data. This comprehensive analysis assists analysts in getting a better understanding of the flow of suspicious funds.