KYC and KYB Requirements in South Korea: A 2026 Compliance Guide
TL;DR
- South Korea’s KYC and KYB framework is primarily governed by the Financial Transaction Reports Act (FTRA), supported by the Real Name Act and anti-terrorism financing legislation.
- KoFIU is the main AML regulator, while the FSC and FSS establish, supervise, and enforce KYC and KYB compliance requirements.
- Businesses must perform Customer Due Diligence (CDD), apply Enhanced Due Diligence (EDD) for high-risk customers, retain records for at least five years, and report suspicious or large transactions.
- KYB compliance requires verifying a company’s legal registration, ownership structure, and Ultimate Beneficial Owners (UBOs) holding 25% or more ownership.
- Since South Korea’s public registry does not disclose UBO information, organizations must conduct independent verification, making automated KYB and AML screening solutions valuable for faster, compliant onboarding.
In October 2024, the Financial Action Task Force (FATF) upgraded South Korea to “regular follow-up” status, its highest compliance tier, after a decade of sustained anti-money laundering reform. For compliance officers at banks, fintechs, and virtual asset service providers entering the Korean market, that upgrade sends a clear signal. Enforcement scrutiny is rising, not plateauing. South Korea’s regulators now hold broader legal authority and stronger data-sharing tools than at any point in the country’s financial compliance history.
This guide covers the KYC and KYB requirements in South Korea. It explains which laws apply, who enforces them, what businesses must collect at onboarding, and where the verification process tends to stall in practice.
Know Your Customer (KYC) requires financial institutions to verify the identity of individuals before providing financial services. Know Your Business (KYB) extends that requirement to legal entities, including verifying company registration, ownership structure, and ultimate beneficial owners (UBOs). Both are mandated under South Korea’s core financial crime prevention statutes.
What laws govern KYC and AML in South Korea?
South Korea’s KYC and AML framework rests on three primary statutes, each addressing a distinct layer of financial crime risk. The Act on Reporting and Using Specified Financial Transaction Information, widely known as the Financial Transaction Reports Act (FTRA), is the central law. Two companion statutes address real-name account verification and terrorism financing risk respectively.
The Financial Transaction Reports Act (FTRA)
The FTRA forms the backbone of South Korea KYC compliance for financial institutions. It requires banks, insurers, securities firms, credit card companies, and virtual asset service providers (VASPs) to verify customer identities at onboarding, maintain transaction records for at least five years, and file Currency Transaction Reports (CTRs) for domestic transactions above KRW 10 million. The act also mandates Suspicious Transaction Reports (STRs) whenever a transaction raises a reasonable suspicion of money laundering or terrorist financing, regardless of the transaction size involved.
The Act on Real Name Financial Transactions and Confidentiality
The Real Name Act prohibits anonymous financial accounts in South Korea. No financial institution may open or maintain an account that is not linked to the verified legal name of an individual or entity. For fintech companies and neobanks building products on Korean banking infrastructure, this law makes real-name account verification a mandatory prerequisite before processing any transaction. VASPs registered with Korea Financial Intelligence Unit (KoFIU) are also required to establish real-name bank accounts with a licensed partner financial institution as an added layer of KYC control.
The Act on Prohibition Against the Financing of Terrorism
The Act on Prohibition Against the Financing of Terrorism and Proliferation of Weapons of Mass Destruction extends customer due diligence obligations beyond standard AML risk. In December 2024, the Korean National Assembly amended the act to expand KoFIU’s authority to block suspicious fund transfers linked to terrorism financing. The amendment also moved professional gatekeepers, including lawyers and accountants, closer to mandatory suspicious transaction reporting, aligning South Korea more closely with FATF Recommendation 23 on designated non-financial businesses and professions.

Who regulates AML and KYC in South Korea?
Three bodies share responsibility for KYC and AML compliance oversight in South Korea, each with a distinct mandate. The Korea Financial Intelligence Unit sits at the centre of the framework as the primary AML regulator. The Financial Services Commission (FSC) and the Financial Supervisory Service (FSS) operate alongside it to license, supervise, and inspect financial institutions across the sector.
Korea Financial Intelligence Unit (KoFIU)
KoFIU is an affiliate of the Financial Services Commission and functions as South Korea’s central financial intelligence unit. It receives and analyses Currency Transaction Reports and Suspicious Transaction Reports from financial institutions, oversees VASP registration and compliance, and administers the AML/CFT framework applied across the regulated sector. The December 2024 legislative amendments strengthened KoFIU’s enforcement toolkit, including the authority to suspend account activity during active financial crime investigations.
Financial Services Commission (FSC) and Financial Supervisory Service (FSS)
The FSC sets overall financial regulation policy in South Korea, including the standards for KYC, customer due diligence, and beneficial ownership disclosure that financial institutions must follow. The FSS executes supervisory duties on the FSC’s behalf, conducting on-site inspections and AML compliance reviews. South Korea KYC compliance is assessed against FSC-issued standards during FSS examination cycles, meaning institutions need documented, consistent processes rather than ad hoc verification approaches.
What are the KYC requirements in South Korea?
KYC requirements in South Korea apply to all designated financial institutions under the FTRA. The act establishes two tiers of customer due diligence. Standard customer due diligence covers most onboarding scenarios, while enhanced due diligence applies to higher-risk customers. Both tiers carry specific documentation and verification obligations, and both fall under KoFIU oversight and FSS inspection.
Standard Customer Due Diligence (CDD)
Standard CDD under the FTRA requires financial institutions to collect a customer’s full name, date of birth, address, nationality, and identification number at onboarding. Acceptable identity documents include the Korean national ID card, Alien Registration Card, passport, and driver’s license. For virtual asset service providers, real-name bank account linkage with a partner institution adds a second layer of identity anchoring to the standard CDD process. All collected records must be retained for at least five years, and institutions may not maintain any account in an anonymous or fictitious name. For a broader cross-jurisdictional comparison, a KYC compliance guide covering 2025 frameworks maps how individual-verification obligations compare across key markets.
Enhanced Due Diligence (EDD) for high-risk customers
Enhanced due diligence is mandatory for politically exposed persons (PEPs), customers with connections to FATF-designated high-risk jurisdictions, and any customer whose transaction profile indicates elevated risk. EDD requires financial institutions to establish the source of funds, the purpose of the business relationship, and the identity of the ultimate beneficial owner where applicable. For South Korea AML compliance, EDD triggers are defined in KoFIU’s published guidance and align with FATF standards, ensuring institutions reference current international risk assessments when categorising customers.
KYB Requirements in South Korea
KYB requirements in South Korea obligate financial institutions and regulated businesses to verify the legal registration, ownership structure, and beneficial ownership of any legal entity they onboard as a client. South Korea KYB compliance sits within the FTRA’s customer due diligence framework but carries specific UBO disclosure obligations that practitioners consistently find more operationally demanding than individual KYC.
Business registration and UBO identification
Under the FTRA’s beneficial ownership provisions, any individual owning 25% or more of a company’s issued shares qualifies as a beneficial owner and must be identified and verified. Financial institutions must collect the UBO’s full name, nationality, and ownership percentage through independent verification. Any ownership changes must be disclosed to the institution within 14 calendar days of the change. For foreign-owned entities, this may require cross-border document verification and registry searches in the entity’s home jurisdiction, adding both time and procedural complexity to the onboarding workflow.
The public registry gap in South Korea KYB compliance
South Korea KYB compliance carries one friction point that businesses frequently underestimate. South Korea’s public business registry does not disclose beneficial ownership information. Registry searches return company name, registration number, directors, and issued capital, but not the identities of the individuals who ultimately own or control the entity. Financial institutions must fill that gap through direct client inquiry, reviewed legal documentation, and independent cross-border verification rather than relying on registry data alone. For institutions onboarding foreign-owned entities, this gap is compounded when ownership runs through jurisdictions where registry access is itself limited. This is why KYB as a managed service has become a practical option for compliance teams handling business client onboarding at scale.

How Shufti helps compliance teams meet South Korea’s KYC and KYB requirements
Compliance teams running manual verification workflows in Korea frequently describe the same bottleneck. Individual KYC is manageable, but KYB stalls on UBO tracing when the entity structure is complex and the local registry withholds ownership data. The practical consequence is that onboarding a single business client can take days rather than hours, creating both audit risk and operational drag.
Shufti’s know your business verification runs UBO traversal across 250+ countries, covering cases where the registry does not publish beneficial ownership data and flagging gaps that require manual follow-up rather than silently passing the check. Its AML screening cross-checks individuals and entities against 3,500+ global watchlists updated every 15 minutes, including the FATF-designated jurisdiction lists directly relevant to Korean EDD requirements. Together, these two capabilities address the verification points where South Korea KYB compliance most commonly stalls.
See Shufti’s UBO traversal handle the South Korea registry gap in a live KYB onboarding scenario Book a demo.
Frequently Asked Questions
What are KYC requirements in South Korea?
KYC in South Korea requires financial institutions to collect and verify full name, date of birth, address, nationality, and identification number at onboarding. Acceptable documents include Korean national ID cards, passports, and Alien Registration Cards. All records must be retained for at least five years under the FTRA.
What is KYB compliance in South Korea?
KYB compliance in South Korea requires financial institutions to verify the legal registration, ownership structure, and ultimate beneficial owners of any legal entity they onboard. Any individual owning 25% or more of a company's shares qualifies as a UBO and must be identified and verified under the FTRA.
Is KYC mandatory for financial institutions in Korea?
Yes. The Financial Transaction Reports Act (FTRA) makes KYC mandatory for all designated financial institutions in South Korea, including banks, insurers, securities firms, and virtual asset service providers. Violations can result in administrative fines from KoFIU under Article 17 of the act.
What laws govern KYC and AML in South Korea?
South Korea's KYC and AML framework is governed by the Financial Transaction Reports Act (FTRA), the Act on Real Name Financial Transactions and Confidentiality, and the Act on Prohibition Against the Financing of Terrorism. The FTRA sets the core customer due diligence, reporting, and record-keeping obligations.
Who regulates AML and KYC in South Korea?
KoFIU, an affiliate of the Financial Services Commission (FSC), is the primary AML and KYC regulator in South Korea. The Financial Supervisory Service (FSS) conducts AML inspections and supervises compliance at individual financial institutions on behalf of the FSC.
