Concerns are growing in the digital asset industry over planned amendments to the enforcement decree and supervisory regulations under the Special Financial Information Act, ahead of their implementation in August. The amendments strengthen screening requirements for reports by digital asset service providers and expand anti-money laundering (AML) obligations for digital asset transfer transactions.

According to financial authorities and the industry on May 12, the Financial Services Commission gave legislative notice of the amendments from March 30 to May 11.

The amendments set out details delegated by law, in line with the revised act promulgated on Feb. 19 taking effect on Aug. 20. The commission plans to complete the revisions in July after reviews by the Regulatory Reform Committee and the Ministry of Government Legislation, and after approval at vice ministerial and Cabinet meetings.

A key issue is the reporting duty for transfer transactions and the expanded scope of the travel rule. The amendments extend the information provision duty, known as the travel rule, to transactions under 1 million won. It currently applies to digital asset transfers of 1 million won or more between domestic digital asset service providers.

The commission cited that 60 percent of domestic digital asset transfer transactions between domestic digital asset service providers are for less than 1 million won. It judged that small-value transactions could be abused to evade the travel rule or for money laundering.

Under the amendments, information collection duties would be imposed on receiving digital asset service providers as well as sending providers. If the receiving provider cannot obtain information from the sending provider, it must request the information and, if necessary, refuse the transaction.

The industry sees a risk of increased operational burdens, as virtually all transfer transactions between domestic providers would fall under travel rule management.

There are also concerns that applying information verification procedures to small-value transfers could increase user inconvenience, including deposit and withdrawal waiting times, additional checks and transaction delays.

The biggest controversy is the reporting duty for transfer transactions involving overseas digital asset service providers and private wallets. The amendments would allow domestic digital asset service providers to conduct transfer transactions with overseas providers or private wallets on a limited basis, but require transactions of 10 million won or more to be treated as suspicious transactions and reported to the Financial Intelligence Unit (FIU) regardless of risk level.

This does not mean that all transactions of 10 million won or more between domestic providers would uniformly be subject to suspicious transaction reports (STR). The commission assumes that overseas digital asset service providers and private wallets are not subject to AML compliance obligations under the act.

It explains that, unlike domestic digital asset service providers where AML measures can be carried out relatively thoroughly, oversight blind spots can arise for overseas providers and private wallets.

The amendments propose a structure that allows transfers to low-risk overseas digital asset service providers, allows other overseas providers and private wallets only when the sender and receiver are the same person, and restricts transactions with high-risk providers.

The industry worries that if this clause is implemented as drafted, the number of reports could surge. The Digital Asset Exchange Alliance (DAXA) submitted an opinion letter to the commission last month based on views from 27 domestic digital asset service providers that have had their reports accepted.

The industry said that once the amendments take effect, the number of suspicious transaction reports by the five major digital asset exchanges could rise 85-fold from the level as of last year. Some have called for a separate reporting system, saying an STR is not a simple administrative report but a process that involves transaction analysis and customer review.

They argue that, like the banking sector's large cash transaction reports (CTR), transactions above a certain amount should be reported through a separate system, while genuinely suspicious money-laundering transactions should be managed through the existing STR system.

Strengthening customer due diligence is also a key part of the amendments. The draft makes clear that customer due diligence under the act includes not only confirming a customer's identity but also an obligation to verify the accuracy of confirmed information.

It also includes a requirement to conduct enhanced due diligence (EDD) when risk assessment results by financial firms or the government evaluate a customer as having a high risk of money laundering, or when the customer uses high-risk products and services.

The industry believes that if the obligation to verify customer due diligence information is strengthened, requests for additional materials could increase, including income information, employment information, sources of funds and transaction purposes.

Concerns have been raised that if transactions by corporate customers and institutional investors expand, repeated large-value transfers involving overseas providers or private wallets could occur, and reporting and verification procedures could become an operational burden.

The draft enforcement decree also tightens entry regulations for digital asset service providers. It expands the scope of major shareholders subject to screening to include not only the largest shareholder, but also any shareholder who appoints the chief executive or a majority of directors, and, when the largest shareholder is a corporation, the largest shareholder and representative of that corporation.

It also specifies financial condition and social credit requirements. Digital asset service providers must have a debt ratio of 200 percent or less based on financial statements as of the latest quarter-end, and must not have undermined sound credit order in the past 3 years due to defaults. Executives and the chief executive must meet qualification requirements under the Act on Corporate Governance of Financial Companies.

Digital asset service providers must have an organization for AML and user protection and appoint a reporting officer and a compliance officer who meet certain requirements. Computer systems and internal control systems are also included in reporting requirements.

This expands screening of digital asset service providers from a focus on the chief executive to major shareholders and overall governance. Financial authorities say the move is aimed at preventing unqualified operators from entering the market and reorganising the AML framework.

The industry, however, believes that the broader the scope of screening, the more difficult procedures could become for new entrants and for governance changes by existing operators.

The FIU will meet DAXA and officials from won-based digital asset exchanges on May 13 to hear views on the draft enforcement decree amendments. The industry agrees with the direction of strengthening the AML framework, but says some clauses need to be reviewed.

An industry official said, "We are not opposed to strengthening the AML framework itself." The official added, "But if suspicious transaction reporting is required solely based on an amount threshold regardless of risk level, only the number of reports may surge and the function of identifying truly suspicious transactions could weaken."