South Korea - FSC, FSS, KoFIU and BOK perimeter

South Korea financial permissions and regulator dossier

The Financial Services Commission sets policy and grants financial permissions, the Financial Supervisory Service examines and supervises, KoFIU administers AML registration for virtual-asset service providers, and the Bank of Korea oversees payment-system stability.

Sealed licence document in an open folder before a columned building

Route facts

Jurisdiction facts

Regulator map

FSC is the policy and licensing authority; FSS conducts examination and supervision under the integrated financial-supervision framework.

Specialist functions

KoFIU receives VASP business registrations and supervises AML duties. The Bank of Korea oversees payment and settlement stability and operates core infrastructure.

VASP legal status

A virtual-asset service provider registers with KoFIU. Registration is not a generic crypto licence and does not approve each token or promise a bank relationship.

Permission coverage

Banking, electronic payments, e-money, remittance, securities, funds, custody, insurance, credit, P2P, crowdfunding, trusts, pensions and VASP registration.

Territorial reach

Korean permissions are domestic and activity-specific. Foreign operators targeting Korea can still enter the Korean perimeter, including VASP registration rules.

Review date

Regulatory summary reviewed as of 11 July 2026.

Read the perimeter first

Authorisation, permission, registration and reporting are different legal gates

The Financial Services Commission has statutory authority over financial policy and the licensing, permission and registration of financial businesses. The Financial Supervisory Service supports application review and carries out examination and supervision. Banking requires FSC authorisation under the Banking Act. Investment dealing, brokerage, collective investment, discretionary management and trust business use the authorisation or registration categories of the Financial Investment Services and Capital Markets Act. Electronic financial business under the Electronic Financial Transactions Act includes category-specific permission or registration routes for electronic currency, prepaid value, payment gateways, transfers and related services. Insurance, credit-card, specialised credit and online investment-linked finance activities each use their own statute. Foreign-exchange banking and small overseas remittance also engage the Foreign Exchange Transactions Act and Ministry of Economy and Finance, while the Bank of Korea has payment-system and monetary functions. Virtual-asset operators do not receive a generic FSC crypto licence: they file a VASP business registration with KoFIU under the Specified Financial Information Act and then comply with AML duties and the separate Virtual Asset User Protection Act. The FSC's 30 March 2026 proposal to strengthen VASP registration and AML requirements was planned for 20 August 2026 and was not yet effective on 11 July 2026.

Permission families

South Korea authorisation, permission and registration routes

Family Official instrument and authority Activities and exclusions Entry, capital and reach
Family Nationwide, regional, internet-only and specialist banking Official instrument and authority FSC authorisation under Article 8 of the Banking Act for the relevant bank type, with FSS examination and continuing supervision Activities and exclusions Accept deposits, lend and conduct only authorised banking activities. An electronic-finance registration, specialised credit business or VASP registration cannot assume bank scope. Entry, capital and reach FSC and FSS assess legal form, ownership and major shareholders, capital, governance, executives, risk, liquidity, AML/CFT, systems, business plan and public-interest criteria.
Family Electronic payments, prepaid value and electronic currency Official instrument and authority FSC permission or registration for the exact electronic financial business under the Electronic Financial Transactions Act, with FSS review and supervision Activities and exclusions Issue or manage electronic currency or prepaid value, transfer funds, process payment gateways or provide another listed electronic-finance function only within the recorded category. Entry, capital and reach The statute and rules set category-specific capital, owners, financial condition, personnel, facilities, security, user-fund protection, AML/CFT and reporting criteria.
Family Payment and settlement infrastructure Official instrument and authority FSC or statutory status for the operator where required, alongside Bank of Korea oversight, designation or operational rules for important payment and settlement systems Activities and exclusions Operate clearing, settlement or core payment infrastructure only under the applicable legal and BOK framework. End-user payment registration does not confer infrastructure authority. Entry, capital and reach Governance, access, settlement finality, collateral, liquidity, operational resilience, cyber security, recovery, data and incident-reporting expectations depend on systemic role.
Family Foreign exchange and cross-border remittance Official instrument and authority Authorised foreign-exchange bank status or Ministry of Economy and Finance registration for qualifying small overseas remittance under the Foreign Exchange Transactions Act Activities and exclusions Conduct only the recorded FX or remittance function and observe transaction, reporting and settlement rules. An electronic-payment or KoFIU VASP registration is not a general FX permission. Entry, capital and reach The applicant maps transaction size, customer, corridor, settlement, guarantees or insurance, systems, AML/CFT and data reporting. FSC-regulated status may still be required for an adjacent financial service.
Family Investment dealing, brokerage, advice, custody and venues Official instrument and authority FSC authorisation or registration under the Financial Investment Services and Capital Markets Act for dealing, brokerage, advisory, discretionary management, custody-related or market activity Activities and exclusions Serve only approved product, customer and business categories. Dealing, brokerage, advice, discretionary management and trust are distinct regulated functions. Entry, capital and reach Category-specific capital, major-shareholder, executive, professional-staff, governance, client-assets, conduct, market-abuse, systems and reporting criteria apply.
Family Collective investment, fund administration and depositary functions Official instrument and authority FSC authorisation for collective investment business or trust business and the applicable registration for fund distribution, general administration and the collective scheme Activities and exclusions Establish, manage, administer, distribute or safeguard a collective investment vehicle only in the recorded role. Scheme registration does not replace operator authorisation. Entry, capital and reach The manager, trustee or custodian, administrator and distributor must align capital, personnel, valuation, segregation, delegation, disclosure, investment, audit and reporting controls.
Family Insurance, reinsurance, agencies and brokers Official instrument and authority FSC permission under the Insurance Business Act for the insurer or reinsurer and the applicable registration for insurance agencies, solicitors and brokers Activities and exclusions Underwrite only permitted classes or intermediate insurance in the registered capacity. A platform or agency cannot bear underwriting risk without insurer permission. Entry, capital and reach FSC and FSS examine capital and solvency, major shareholders, governance, executives, actuarial and risk functions, products, reinsurance, policyholder protection, conduct and reporting.
Family Consumer credit, cards, leasing, instalment and factoring Official instrument and authority FSC permission for credit-card business or registration of the relevant specialised credit financial business under the Specialized Credit Finance Business Act Activities and exclusions Issue cards, provide instalment finance, facility leasing, venture finance or other recorded credit functions only within the statutory category. Deposit taking remains banking. Entry, capital and reach Capital, ownership, executives, credit and operational risk, merchant and customer controls, pricing, data, collections, complaints, outsourcing and reporting apply by activity.
Family P2P lending and securities crowdfunding Official instrument and authority FSC registration under the Online Investment-linked Finance Act for P2P lending; separate FSCMA registration for an online small-investment intermediary facilitating securities crowdfunding Activities and exclusions P2P platforms intermediate linked loans; securities crowdfunding intermediaries arrange eligible securities offers. Neither route permits deposits or unrestricted brokerage. Entry, capital and reach The platform must meet capital, owner, executive, systems, segregation, disclosure, investor or lending limits, credit assessment, complaints, data and wind-down requirements.
Family Virtual-asset services Official instrument and authority KoFIU business registration under the Act on Reporting and Using Specified Financial Transaction Information, with FSS support and separate compliance under the Virtual Asset User Protection Act Activities and exclusions Registered exchange, transfer, custody, administration, brokerage or wallet services only as reported. Registration is not a generic crypto licence, token approval or permission for securities or payments. Entry, capital and reach Current requirements include AML systems, KoFIU review, information-security certification and, for KRW exchange services, the applicable real-name bank-account condition. Verify the live registration and scope.
Family Trust, fiduciary and company administration Official instrument and authority FSC authorisation for regulated trust business under the FSCMA; general company-secretarial and administrative services under corporate and professional law Activities and exclusions Manage or safeguard entrusted financial assets only under the authorised trust scope. Incorporation, bookkeeping or nominee work does not create custody or investment authority. Entry, capital and reach Regulated trust applicants meet capital, owners, executives, fiduciary governance, segregation, conflicts, valuation, AML/CFT, systems and reporting criteria. General services require a separate perimeter analysis.
Family Retirement pensions and public pension arrangements Official instrument and authority Registration with the Ministry of Employment and Labor for an eligible retirement-pension business operator, alongside its FSC-regulated bank, insurer, securities or trust status; National Pension Service for the public scheme Activities and exclusions Operate only approved retirement-pension functions and products. A financial licence alone does not substitute for retirement-pension registration, and the public NPS scheme is separate. Entry, capital and reach Confirm eligible institution, capital and financial condition, personnel, recordkeeping, investment options, custody, member disclosure, fees, audit and employment-law duties.
Family Casino, betting, lottery and other special activities Official instrument and authority No casino, betting or lottery permission is contained in FSC, FSS, KoFIU or BOK financial permissions; specialist national and local laws and authorities apply Activities and exclusions A bank, payment, securities, P2P or VASP status does not authorise gaming. Payment processing or a wallet does not legalise the underlying chance-based activity. Entry, capital and reach Confirm the competent specialist authority, customer eligibility, location, advertising, AML, tax and consumer rules before any casino, sports, racing or lottery feature.

Entry conditions

The filing must identify both the statute and the legal status

A South Korean market-entry file begins with a Korean-law perimeter memorandum for every customer journey, product, asset and funds flow. It identifies whether the activity requires FSC authorisation, permission or registration, a KoFIU business registration, Ministry of Economy and Finance or Employment and Labor status, a product filing or a BOK system arrangement. The applicant must use the eligible Korean legal form, disclose ultimate owners, major shareholders and controllers and appoint directors, executives, compliance, risk, AML and information-security officers appropriate to the category. The business plan connects the service scope to forecasts, category-specific capital, liquidity or solvency, customer-fund protection, custody, reconciliation, market conduct, complaints, cyber security, outsourcing, continuity and wind-down. VASP applicants must separate AML registration from the Virtual Asset User Protection Act and from any securities, payment or FX permission. The proposed VASP rules announced on 30 March 2026 cannot be treated as effective before their enactment; the official plan cited 20 August 2026, after this page's review date. Current Korean forms, fees, capital calculations, language and electronic-filing requirements control. Application acceptance or a supervisory consultation does not promise approval or a launch date.

Regulator-facing process

A South Korea regulatory mandate, stage by stage

The process distinguishes the permission-granting authority, supervisory reviewer and specialist registration from the outset.

Stage 01 - Statute

Classify every regulated function

Separate deposits, electronic payments, FX, securities, funds, insurance, credit, P2P, crowdfunding, virtual assets, trusts and pensions.

Record whether each gate is FSC authorisation, permission or registration, KoFIU business registration, another ministry's registration or product approval.

Stage 02 - Applicant

Build the Korean entity, owners and responsible functions

Evidence capital, major shareholders, executives, professional staff, governance, AML/CFT, customer assets, technology, outsourcing and local operations.

For VASPs, document information-security certification, AML systems, service scope and any real-name bank-account requirement without describing the filing as a generic licence.

Stage 03 - Review

Complete FSC, FSS or KoFIU assessment

Use the current statutory forms and answer ownership, financial-condition, conduct, technology, custody, consumer and operational-readiness questions.

Apply only rules effective on the decision date. The March 2026 VASP proposal remains a proposal as of this review and must not be backdated.

Stage 04 - Activation

Launch within the recorded categories

Confirm capital, people, customer-fund protection, systems, policies, reporting accounts, complaints and counterparties before serving customers.

New products, branches, material outsourcing, foreign targeting and a change of control require a fresh notification or approval analysis.

After entry

Ongoing supervision follows the exact statute and status

South Korean financial firms maintain the capital or solvency, governance, major-shareholder, AML/CFT, sanctions, customer-fund or asset protection, conduct, complaints, cyber security, outsourcing, audit and regulatory reporting duties of their category. Banks, electronic-finance companies, investment businesses, insurers, specialised credit companies and P2P firms have distinct prudential and conduct frameworks, with FSS examination under FSC authority. KoFIU-registered VASPs maintain AML duties, registration conditions and information-security controls and separately comply with user-asset protection and unfair-trading rules. A future proposal does not alter those duties until legally effective. New products, tokens, client classes, real-name account arrangements, branches, overseas targeting and key service providers require fresh review. A direct or indirect change of control, acquisition, merger, incoming controller or major-shareholder change can require approval or notification. Buying shares leaves the authorisation or registration with the Korean legal entity and imports its entire supervisory and customer-asset history. Diligence must verify the live FSC, FSS and KoFIU records, restrictions, capital, customer assets, enforcement, cyber incidents, reporting and counterparties.

Verify it yourself

Primary official sources

  • Financial Services Commission authority and licensing releases

    Official FSC pages explain its licensing role and banking, investment, insurance, credit and fintech decisions - fsc.go.kr.

  • Official Korean financial statutes

    The National Law Information Center and official English law service publish the Banking Act, Electronic Financial Transactions Act and FSCMA - law.go.kr and elaw.klri.re.kr.

  • KoFIU VASP registration guidance

    Official FSC and KoFIU releases state that VASPs register their business and then remain subject to AML supervision - fsc.go.kr.

  • Virtual Asset User Protection Act guidance

    Official FSC material explains the user-asset safeguarding and unfair-trading regime effective from 19 July 2024 - fsc.go.kr.

  • FSC March 2026 VASP proposal

    The official release labels the enhanced entry and AML rules as proposed, with a planned 20 August 2026 effective date after this review - fsc.go.kr.

  • Bank of Korea payment-system material

    Official BOK pages explain payment and settlement oversight, operation and financial-stability functions - bok.or.kr.

FAQ

South Korea regulator dossier questions

Straight answers to permission and market-entry questions. Ask us directly

01 Is KoFIU VASP registration a crypto licence?

No. It is a business registration tied to AML requirements. It does not approve each token, authorise securities or payments, or guarantee access to a real-name bank account.

02 Were the March 2026 enhanced VASP rules effective on 11 July 2026?

No. The FSC described them as a proposal and gave a planned effective date of 20 August 2026. Their final enactment and text must be checked after that date.

03 Who grants a Korean bank authorisation?

The FSC grants banking authorisation under the Banking Act, with the FSS performing review, examination and ongoing supervision functions.

04 Are P2P lending and securities crowdfunding one registration?

No. P2P lending uses the Online Investment-linked Finance Act. Securities crowdfunding uses the FSCMA online small-investment intermediary route.

05 Can an overseas VASP ignore Korea if it has no Korean company?

Not necessarily. Official KoFIU guidance applies the registration duty to foreign VASPs whose overseas operations target Koreans or have domestic consequences.

Tell us what you need

Scope a regulated route in South Korea

Bring the products, Korean structure, controllers, customer locations and complete funds and asset flow. SKY7 will map FSC, FSS, KoFIU, BOK and specialist-ministry evidence. Advisory fees and entity prices are on request.