Key Provisions of the Amended Foreign Exchange Transactions Act

• New Definition: The Amendment introduces definitions for “virtual assets,” “virtual asset service providers,” and “virtual asset transfer services” (Article 3 of the Amendment). Notably, “virtual asset transfer services” is defined — differently from the definition under the Act on the Protection of Virtual Asset Users — as the act of transferring virtual assets between Korea and a foreign country through sale, purchase, exchange, or similar transactions by a virtual asset service provider, or any act that produces substantially the same effect. This concept is regulated as a term unique to the Foreign Exchange Transactions Act, premised on cross-border transactions.
• Mandatory Registration and Requirements: Virtual asset service providers seeking to engage in virtual asset transfer services must register with the Minister of Economy and Finance in advance (Article 8-2 of the Amendment). Registration requires meeting all of the following conditions: ① completion of the reporting requirements for virtual asset service providers under the Act on Reporting and Using Specified Financial Transaction Information; ② connection to networks of institutions responsible for relaying, aggregating, or exchanging data related to foreign exchange transactions, payments, receipts, or virtual asset transfers; and ③ facilities and qualified personnel as prescribed by Presidential Decree. Prior notification is also required when changing registered matters designated by Presidential Decree or ceasing operations.
• Criminal Penalties and Monitoring Framework: Those who engage in virtual asset transfer services without registration or through fraudulent means may be subject to imprisonment of up to three years or a fine of up to KRW 300 million; where three times the value of the violation exceeds KRW 300 million, a fine of up to three times that value may be imposed (Article 27-2 of the Amendment). Virtual asset transfer service operators will be subject to reporting, inspection, and data submission requirements under the Foreign Exchange Transactions Act, and will fall under the supervision of the Ministry of Economy and Finance and the Financial Services Commission. Virtual assets acquired through violations such as unregistered operations may be subject to confiscation and collection (Article 30 of the Amendment).

• Restructuring of Specialized Foreign Exchange Business Scope: The scope of specialized foreign exchange businesses will be restructured from the existing categories of currency exchange, small-amount overseas remittance, and other specialized foreign exchange businesses to a framework centered on general currency exchange and overseas payment and settlement services (Article 8(3) of the Amendment). The grounds for revoking registration where a specialized foreign exchange business operator conducts foreign exchange activities in violation of its permitted scope have also been expressly stipulated (Article 12(1)(iv) of the Amendment). Additionally, new grounds have been established allowing the Minister of Economy and Finance to revoke the registration of currency exchange operators that have effectively ceased operations, based on information provided by the head of the competent tax office.
• Introduction of Criminal Penalties for Payment Procedure Violations: Previously, violations of payment procedures — including currency exchange, remittance, and capital outflow — were subject only to administrative fines of up to KRW 50 million. The Amendment now provides criminal penalty grounds — imprisonment of up to one year or a fine of up to KRW 100 million — for those who violate payment procedures in the course of making or receiving payments or transferring funds with the intent to unlawfully acquire property or financial benefits for themselves or a third party (Article 29(1)(vii) of the Amendment).
• Refinement of Capital Transaction Definitions and Macroprudential Stability Levy Procedures: The definition of capital transactions has been revised to ensure that expenses for maintaining overseas branches are not excluded from the scope of capital transactions (Article 3(1)(xix) of the Amendment). Procedures have also been codified to allow objections to be filed within 30 days of receiving a notice of macroprudential stability levy assessment (Article 11-3 of the Amendment). Furthermore, a new provision has been added requiring that the validity period of the macroprudential stability levy be set by Presidential Decree, not to exceed ten years (Article 11-4 of the Amendment).

Key Practical Issues

• Interpretation of the Scope of Virtual Asset Transfer Services: The Amendment defines virtual asset transfer services as the “transfer of virtual assets between Korea and a foreign country” and “acts that produce substantially the same effect, as prescribed by Presidential Decree.” Given the inherently cross-border nature of virtual asset transactions, the specific transactions subject to registration are expected to be determined through the implementing Presidential Decree. Virtual asset service providers should review their service structures and carefully assess whether registration is required.
• Distinction Between Virtual Asset Transfers and Payments/Receipts: Article 25 of the Amendment expressly distinguishes virtual asset transfers from “payments and receipts” under the Foreign Exchange Transactions Act. As a result, virtual asset transfer activities themselves are unlikely to be subject to the criminal penalty provisions applicable to payment procedure violations. However, as the specific scope of application is expected to be defined in the Presidential Decree and foreign exchange transaction regulations, it will be necessary to monitor developments in subordinate legislation.
• Differentiated Sanctions for Registration and Notification Violations: Failure to register or registration by fraudulent means is subject to criminal penalties, whereas failure to file a change notification or cessation notification for registered matters is subject to an administrative fine of up to KRW 100 million (Article 32(1)(i-2) of the Amendment). As the boundary between the two types of sanctions may give rise to practical disputes, it is advisable to establish a systematic approach to managing post-registration changes.

Implications and Recommended Actions

• Multi-layered Compliance for Virtual Asset Service Providers: Service providers engaged in cross-border virtual asset transfer activities will now be subject to registration, reporting, and data submission obligations under the Foreign Exchange Transactions Act, in addition to their existing obligations under the Act on Reporting and Using Specified Financial Transaction Information (reporting and anti-money laundering requirements) and the Act on the Protection of Virtual Asset Users (user asset protection and abnormal transaction monitoring requirements). A comprehensive redesign of compliance frameworks across multiple regulatory layers will be necessary.
• Managing Interpretation Risks related to the “Improper Purpose” Requirement: The scope of the “intent to unlawfully acquire financial benefits” — a prerequisite for criminal liability for payment procedure violations — is expected to be contested, particularly as to whether it encompasses conduct such as securing ordinary investment returns, minimizing tax burdens, or reducing transaction costs by avoiding reporting obligations. Those engaging in foreign exchange arbitrage transactions or roundabout remittance arrangements involving virtual assets should seek advance legal review of the legality of their transaction structures.
• Engaging in Subordinate Legislation Rulemaking: Key matters — including the detailed scope of virtual asset transfer services, registration requirements, data submission obligations, and transitional measures for existing operators — are to be further specified in the Presidential Decree and subordinate regulations. It is advisable to actively submit comments during the legislative notice period and to assess in advance the impact on business operations.

Key Features of the Amendments and Institutional Framework

Public Prosecution Office (under the Ministry of Justice) – Prosecution and Trial Functions

Serious Crimes Investigation Agency (under the Ministry of the Interior and Safety) – Investigation of Major Crimes

Key Practical Considerations

Implications and Recommended Actions

Mandatory Cancellation of Treasury Shares and Enhanced Restrictions on Their Use

Principle of Cancellation Within One Year: Where a company acquires treasury shares, it is required to cancel such shares within one year from the date of acquisition. However, for treasury shares acquired prior to the enforcement of the amended law, the following grace periods apply:

Enhanced Restrictions on the Use of Treasury Shares: The amendment clarifies that treasury shares are to be treated as “unissued shares” without rights. Accordingly, treasury shares are explicitly excluded from voting rights, pre-emptive rights, and dividend rights. In addition, the use of treasury shares for issuing bonds (including exchangeable bonds), the creation of security interests (e.g., pledges) over treasury shares, and the allocation of new shares in connection with mergers or spin-offs involving treasury shares are all prohibited.

Exceptions to the Cancellation Obligation and Related Procedures

In order for a company to retain or dispose of treasury shares without cancelling them, the following requirements must be satisfied:

• Approval of Treasury Share Retention and Disposal Plan: A plan signed by all directors must be prepared and approved at the annual general meeting of shareholders each year. During March 2026—the first regular shareholders’ meeting season following the enforcement of the amended Commercial Act (March 6, 2026)—many listed companies submitted agenda items concerning treasury share cancellation, while, in exceptional cases, agenda items seeking approval to retain treasury shares were also presented. Based on currently observed practices, such retention plans generally fall into the following categories:
  (i) compensation purposes, such as employee incentives and equity-based compensation;
  (ii) business purposes, including strategic alliances, M&A, adoption of new technologies, and capital expenditures; and
  (iii) hybrid structures combining both (i) and (ii). While retention for compensation purposes—an explicitly recognized statutory exception—remains the most common, there is also a noticeable trend toward articulating broader business purposes to secure greater flexibility in the use of treasury shares. However, caution is warranted, as there have been cases where institutional investors have expressed opposition on the grounds that the original purpose of acquiring treasury shares is inconsistent with their subsequent use.
• Application of New Share Issuance Rules to Disposal: Where treasury shares are disposed of to third parties, procedures equivalent to those applicable to the issuance of new shares—including stringent procedural requirements and shareholder protection measures—will apply.

Key Practical Changes

• Simplification of Cancellation Procedures: Regardless of whether treasury shares were acquired out of distributable profits, all treasury shares may now be cancelled solely by a resolution of the board of directors, without undergoing capital reduction procedures (i.e., a special resolution of the shareholders’ meeting and creditor protection procedures).
• Sanctions for Non-Compliance: Where a listed company fails to cancel treasury shares within the prescribed period without shareholder approval, or violates its approved retention/disposal plan, directors and other responsible officers may be subject to an administrative fine of up to KRW 50 million. In addition, it is important to note that directors may also incur civil liability for damages suffered by the company arising from such violations.

Implications

• Amendment of Articles of Incorporation: Companies intending to utilize treasury shares for purposes such as management control defense or business objectives (including M&A) should establish the relevant enabling provisions in their articles of incorporation at the 2026 annual general meeting of shareholders or at an extraordinary general meeting.
• Comprehensive Review of Treasury Share Holdings: Companies should assess treasury shares by acquisition timing and structure (direct or indirect), calculate applicable cancellation grace periods, and establish a clear roadmap for compliance within the relevant timelines.
• Reassessment of Financing Strategies: As the use of treasury shares for financing structures such as exchangeable bonds (EBs) is no longer permitted, companies should proactively consider alternative financing options.

Key Amendments

• Elevation of the CISO Role and Board-Level Oversight: Information and communications service providers (excluding certain mid-sized enterprises) are required to designate a Chief Information Security Officer (CISO) at the executive level. The statutory scope of the CISO’s responsibilities has been expanded to include oversight of information security personnel, budgeting, and mandatory reporting to the board of directors.
• Mandatory Establishment of Information Security Committees: Companies meeting certain size thresholds (as prescribed by presidential decree) must establish and operate an Information Security Committee, chaired by the CISO, to deliberate on key security matters.

• Annual Security Assessments and Public Disclosure: The Ministry of Science and ICT will annually assess compliance with information security obligations and overall security posture of major service providers. Assessment results may be publicly disclosed, and recommendations for corrective action may be issued.
• Differentiated ISMS Certification Requirements: Stricter certification standards and procedures will apply to high-risk entities whose security breaches may pose significant risks to public safety or property.

• Expanded Reporting and Notification Obligations: Companies must report security incidents to the relevant authorities within 24 hours of becoming aware of such incidents. A new obligation requires prompt notification to affected users without undue delay.
• Enhanced Investigative Authority and Enforcement: Authorities may investigate not only the causes of incidents but also whether an incident has occurred. Failure to cooperate, including obstruction of investigations or refusal to submit required materials, may result in administrative monetary penalties.

• Administrative Fines for Repeated Security Incidents: In cases of repeated incidents (two or more within five years) caused by willful misconduct or gross negligence, administrative fines of up to 3% of annual revenue may be imposed.
• Strengthened Regulation of Unlawful Spam: Businesses are required to outsource the transmission of commercial messages only to certified senders. Violations of spam regulations may result in administrative fines of up to 6% of relevant revenue.

Practical Implications and Response Strategies

• Redesign of Information Security Governance Structure: As executive accountability is strengthened, companies should refine their internal decision-making framework by granting the CISO substantive authority over budget and personnel, and by institutionalizing regular reporting to the board of directors.
• Updating Incident Response Manuals: Organizations should revise their “Security Incident Management and Response Manual” to reflect the amended law’s requirements, including reporting within 24 hours and prompt notification to affected users, and should enhance simulation exercises to ensure preparedness for real-world scenarios.
• Compliance Record Management: Since security investments and operational efforts may be considered mitigating factors in the imposition of administrative fines, it is important to systematically document and manage ongoing information security activities.
• Monitoring Subordinate Legislation: As detailed standards for calculating administrative fines and the scope of enhanced ISMS requirements will be determined in forthcoming enforcement decrees and administrative rules, proactive review from the legislative notice stage is essential.

Additional Legislative Proposals and Follow-up Developments

Separate from the passage of the recent amendment, the National Assembly and the government are pursuing further legislative and institutional reforms to enhance the effectiveness of incident response, including the following measures:

• Surcharges for Delayed Reporting (Proposed by Rep. Sohee Kim) A proposal is under discussion to impose additional administrative fines where a security incident is not reported promptly. Under this approach, a surcharge calculated based on the number of days of delay—from the date the incident was recognized to the date of reporting—would be added to the base fine.
• Mandatory Notification to Investigative Authorities (Proposed by Rep. Yongman Kim) This proposal would require the Ministry of Science and ICT and the Korea Internet & Security Agency (KISA), upon becoming aware of a security incident, to notify the competent investigative authorities and other relevant administrative agencies without delay.

Key Provisions of the Amended Constitutional Court Act

• Permissibility of Judicial Constitutional Complaints (Article 68(1) and (3)): The phrase “excluding court judgments,” which had previously been expressly stipulated, has been deleted. As a result, “final and conclusive court judgments” are now subject to direct review through constitutional complaints.
• Strictly Limited Grounds for Filing: To prevent the system from being used as a means to re-litigate factual determinations or legal interpretations, the grounds for filing a complaint have been strictly limited to the following three cases:

Frequently Asked Questions on Key Practical Issues

Do all court judgments fall within the scope of a judicial constitutional complaint?

What is the filing deadline?

Can a complaint be filed without legal representation?

Does filing a judicial constitutional complaint automatically suspend enforcement of the judgment?

Implications

• Strategic Response at the Appellate and Supreme Court Stages: With the introduction of the judicial constitutional complaint system, proceedings are expected to function in effect as a “four-tier review system.” Accordingly, it is important from the lower court stage onward to go beyond ordinary legal arguments and systematically frame constitutional issues—such as violations of due process or inconsistency with Constitutional Court precedents—and ensure that these arguments are properly preserved in the record. In particular, taking into account comparable foreign systems such as Germany’s “Heck formula,” the Constitutional Court of Korea is also expected to apply this remedy strictly, limiting it to cases involving not mere legal error but “specific constitutional violations” or “overlooking of fundamental rights.” Therefore, a sophisticated litigation strategy focused on identifying and articulating constitutional issues, rather than disputing factual findings, will be required.
• Immediate Review Upon Final Judgment: Given the short 30-day filing deadline, where an adverse judgment becomes final, it is essential to immediately assess potential constitutional issues and seek legal advice to determine whether to file a complaint and/or request interim relief.
• Revising Dispute Management Strategies for Companies and Institutions: As final judgments may now potentially be reversed through a judicial constitutional complaint, uncertainty at the stage of dispute resolution and risks relating to suspension of enforcement should be incorporated into overall risk management frameworks.

Key Provisions of the Amended Attorneys Act (Article 26(2))

• Codification of the Client’s Right: Attorney–Client Privilege (ACP) is recognized not only as an obligation of attorneys but also as a legal right that may be asserted by both clients and prospective clients.

• Expanded Scope of Protection
  • Communications (Paragraph 1): All confidential communications made for the purpose of obtaining legal advice are covered.
  • Work Product Protection (Paragraph 2): Documents and materials prepared by attorneys for litigation, investigations, or regulatory proceedings—including interview summaries and legal memoranda—are also protected.
• Retroactive Application (Supplementary Provision): The amended law applies retroactively to communications and materials created prior to its effective date (i.e., those arising before the law enters into force, which is scheduled one year after promulgation).

Frequently Asked Questions on Key Practical Issues

Are communications at the pre-engagement (pre-mandate) stage protected under ACP?

Is ACP limited to criminal proceedings?

What is the treatment of pre-existing documents attached to emails sent to attorneys?

Does copying an attorney on an email (CC) automatically trigger ACP protection?

How should one respond if law enforcement attempts to seize materials during a search and seizure despite ACP claims?

Implications

• Strengthening Communication Security
  Communications with attorneys should be conducted through dedicated and confidential channels (e.g., emails clearly marked as confidential), and sharing with third parties should be minimized.
• Document Management and Labeling
  As a matter of best practice, legal memoranda and related documents should be clearly marked as “ACP (Attorney–Client Privilege) Protected Materials” to ensure proper internal handling and control.
• Review of Internal Guidelines
  The scope of whether communications with in-house counsel or work products prepared by in-house counsel are protected under ACP has not yet been definitively established in practice. However, considering the purpose of the relevant provision (Article 1), there is a substantial basis for arguing that such materials may fall within the scope of protection. Accordingly, companies should enhance the functional independence of in-house counsel and review internal policies and procedures to reinforce the likelihood that such communications and materials will be recognized as protected under ACP.

Performance-Based Bonuses Not Deemed “Wages” for Private-Sector Employees: Supreme Court Ruling

On January 29, 2026, the Supreme Court held, in cases involving Samsung Electronics and LG Display, that performance-based bonuses do not constitute “wages” included in the calculation of average wages. The Court reasoned that where such bonuses are linked to external indicators beyond employees’ control—such as net income—they are difficult to characterize as consideration for labor.

Introduction of “K-Discovery” and the Imperative of Robust Evidence Management

The introduction of “K-Discovery” under the amended Act on the Promotion of Mutually Beneficial Cooperation represents a powerful procedural shift in trade secret and technology misappropriation litigation, effectively placing the burden of proof on defendants in practice. Court-appointed experts may conduct on-site inspections of factories and offices and directly collect relevant technical materials.

Codification of Attorney–Client Privilege (ACP) and Compliance Considerations

With the introduction of Article 26-2 to the Attorney-at-Law Act, communications exchanged with legal counsel are now afforded protection from search and seizure under a formalized attorney–client privilege (ACP) framework. However, such protection does not extend to communications used in furtherance of unlawful conduct (the crime–fraud exception).

Strengthened AML Framework: Expansion of the Travel Rule and Stablecoin Oversight

The Financial Intelligence Unit (FIU) is set to expand the application of the Travel Rule to cover low-value transactions below KRW 1 million. In parallel, stablecoin issuers will be required to embed technical capabilities enabling “freezing” and “incineration” (burning) of assets.

Global Minimum Tax and U.S. Tariff Risk Management

With the further development of the Qualified Domestic Minimum Top-up Tax (QDMTT) regime, multinational groups will require increasingly granular tax adjustments and modeling. At the same time, renewed tariff pressures from the United States are accelerating the need for supply chain realignment and the reinforcement of contractual protections, including tariff-related indemnities and force majeure provisions.

Occupational Safety Governance and Emerging Digital Regulation

Serious Industrial Accidents: Recent case law suggests that a CEO may avoid criminal liability where a Chief Safety Officer (CSO) with substantive authority has been duly appointed. The decisive factor is not a nominal designation, but the delegation of real authority, including control over personnel and budget.

Digital Regulation: Enforcement is set to intensify with respect to disclosure obligations for probability-based (loot box) items, alongside the introduction of labeling requirements for AI-generated content.