Many virtual asset operators (VASPs) may disappear from South Korea by September 24. This is because virtual asset-related business are no longer allowed if VASP reports are not made by the expiration date of the grace period for the revised Specific Financial Transaction Information Act (Special Act).
Virtual asset business operators must file a VASP report before the expiration of the grace period of the Special Act
The most urgent problem is the issuance of real-name accounts
Under the Special Act amendment, virtual asset operators must be issued with real-name accounts through banks to file VASP reports.
Both ISMS (Information Protection Management System) certification and AML (Anti-money Laundering)/CFT (Combating the Financing of Terrorism) are conditions for issuing real-name accounts and VASP.
ISMS is the certification of information protection systems of companies and institutions. This means that an entity dealing with a virtual asset has proven to be well protective of important information, such as customer information or entity information.
AML/CFT is based on FATF's recommendations, and it is a system that must be built in order to prevent it from being used for crimes or inflow of terrorist funds due to the nature of virtual assets that are transacted on the network.
There are more requirements for issuing real-name accounts and variables at the discretion of banks, but the most time-consuming parts are ISMS and AML/CFT. Therefore, many virtual asset operators are rushing to prepare for these.
How virtual asset operators going?
The banking sector has begun reviewing real-name accounts of Bithumb, Coinone, Korbit and Upbit, four largest virtual asset exchanges in Korea. These exchanges are reportedly going through the "required requirements check" stage in accordance with the "risk assessment measures" guideline prepared by the banking sector, led by the Korea Federation of Banks.
In this stage, banks will verify ISMS certification, a breach of the law or bankruptcy, rehabilitation, suspension history, exchange representatives, embezzlement, fraud, and external hacking by documents or inspect.
The four major virtual asset exchanges have begun reviewing contracts for real-name accounts
The four major exchanges have begun reducing risks with the aim of reissuing real-name accounts and even reporting VASP. In the case of Upbit, it has started to delist large-scale coins, and Coinone has also started to secure transparency by disclosing detailed standards for listing and award screening. Bithumb has completed necessary measures such as withdrawing its account after receiving a pledge that prohibits executives and employees from investing in Bithumb.
They are likely to pass the renewal of their real-name accounts. However, the problem is virtual asset businesses that have not yet received a real-name account.
As of May 13, only 20 virtual asset businesses have obtained ISMS certification. Since it is so essential that it is called an "admission ticket to issue real-name accounts," many virtual asset businesses are putting their life and soul into it.
However, 381 items must be passed to acquire ISMS certification. To this end, there is a lot of work to be done, such as building information security infrastructure and putting in charge of personnel, and of course the cost is too high.
Billions of won will be spent on developing its own security systems and technologies.
In the case of Gopax, about 7 billion won was reportedly spent on ISMS and ISO27001 certification and operation
Therefore, most virtual asset operators prefer to purchase and apply external solutions that cost around KRW 50 million to KRW 100 million.
Foblgate announced that it has established an information protection system such as solving hacking problems by collaborating with 'Haechi Labs', a blockchain security authentication solution company, to verify smart contract technology. Foblgate plans to start ISMS certification through this.
Coco Entertainment Korea is preparing to obtain a real-name account and finally file a VASP report by establishing an
ISMS authentication and AML/CFT system through an external solution company
Coco Entertainment Korea, which is preparing for a virtual asset exchange, is receiving consulting on ISMS certification and AML/CFT system establishment to apply them until mid-September. In particular, the multi-sig wallet (Multi-signature: technology corresponding to the special electronic signature method, which prevents forgery and denial of data, checks the integrity of messages, and performs authentication) is required for ISMS authentication. The wallet solution 'Octet' of security company 'Hexlant' will be used. Coco plans to further strengthen data security through this solution.
Along with strengthening online security, Coco will also strengthen offline security. The central control security solution, CCTV, and access control system are provided through the security company 'ADT Caps'.
At the same time, Coco is spurring the establishment of the AML/CFT system. Through a contract with a digital security company ‘Okta Solution’, AML/CFT solutions such as anti-money laundering training for employees are provided and applied.
Coco Entertainment Korea is aiming to obtain a real-name account through ISMS authentication and AML/CFT solutions, and finally VASP report.