A significant regulatory shift in South Korea underscores the evolving threat landscape where financial fraud and money laundering intersect. The recent government approval of an amendment to the Enforcement Decree under the Financial Services Commission (FSC) unveils how lenders such as specialised credit finance entities and consumer credit firms are now required to implement robust customer-due-diligence (CDD) measures when managing loan services. This change reflects increasing concern that voice-phishing (“vishing”) fraud, identity hijacking, and the unmonitored extension of credit can serve as hidden conduits for money-laundering activities. While the reform is framed as protection against fraud losses, it carries deeper AML/CFT implications for loan lenders, compliance teams and the broader financial ecosystem.

Strengthened CDD requirements for loan providers

Under the newly approved revision to the Enforcement Decree of the Special Act on the Prevention of Loss Caused by Telecommunications-based Financial Fraud and Refund for Loss (hereafter “the Act”), specialised credit finance businesses with assets of KRW 50 billion or more, as well as consumer-credit businesses meeting that threshold, will become subject to customer-due-diligence obligations when extending loans through any channel (telephone, mobile, face-to-face or video call). The revised rule excludes lenders specialising exclusively in “new-tech financing”. This extension of CDD obligations follows earlier measures introduced in March this year to counter vishing scams. The revised decree will take effect six months after its promulgation.

The risk addressed by the amendment is that stolen personal information is regularly used by scammers to obtain loans or credit in the victim’s name, thereby immediately creating debt liabilities and triggering fraudulent financial flows. Financial institutions are already required under South Korea’s AML regime to identify and verify customers, assess beneficial ownership, source of funds and purpose of transactions. Extending those duties to non-bank loan providers closes a potential AML gap.

Money-laundering vectors behind the scenes

When a consumer’s identity is stolen and used to obtain unsecured consumer credit, multiple laundering risks emerge. First, the loan proceeds—often delivered into an account controlled by the fraudster—may be spent, transferred abroad or come back into the system appearing as legitimate repayments or deposits. Second, the fraudster may default on the loan, leaving the victim unknowingly indebted and the lender carrying a charge-off. That default can mask the true origin of the funds used to service the debt. Third, unscrupulous loan providers may facilitate layering by ignoring weak identification or source-of-fund checks, thereby serving as unwitting “money-laundering factories.”

In this Korean case, vishing fraud induces victims to install spyware apps, surrender account credentials and thereby offer the fraudster a ready channel to apply for and receive loans in the victim’s name. According to a report, voice-phishing crimes in South Korea resulted in over USD 146 million in damage in 2023, a 35 per cent increase from 2022. These schemes increasingly exploit non-bank lending to convert stolen identities into monetary value. Unless CDD is enforced across the credit-market ecosystem, fraud-derived funds may permeate the system, eventually entering legitimate channels or crossing borders.

Regulatory and compliance implications for AML teams

For AML specialists, the implications are multifaceted. The inclusion of specialised credit finance firms and consumer credit businesses under CDD obligations expands the perimeter of entities that must implement AML controls. These institutions will henceforth need to adapt their risk-assessment frameworks, enhance identity verification technological capabilities (especially for remote channels), and implement ongoing monitoring of borrower behaviour. The penalty for non-compliance is non-trivial: an administrative fine of up to KRW 10 million and potential compensation to loss victims may be imposed.

This introduces a strategic opportunity for compliance functions to map new onboarding flows, strengthen remote verification controls, and update transaction-monitoring scenarios to capture anomalous loan-origination behaviour. Firms must refine their customer-risk scores, incorporate red-flag criteria triggered by identity anomalies, rapid loan disbursement following spoofed calls, or multiple loans to the same natural person under slightly varied identifiers. Compliance professionals should coordinate with IT and fraud-prevention teams to integrate behavioural analytics and real-time alerting.

Furthermore, the link between vishing fraud and money-laundering underscores that loan origination is not only credit-risk territory but also AML territory. Institutions may need to assess the loan portfolio not only for credit metrics but for laundering typologies: sudden large unsecured loans, loans originated after an initial account compromise, or loans repaid through third-party accounts could signal layering risk. AML frameworks should treat consumer-credit flows as potential entry points for illicit funds, especially when linked to fraud-derived assets.

Impacts on the lending market and broader financial ecosystem

From a market-structure viewpoint, the revision in Korea signals that the AML regulatory regime is migrating beyond deposit-taking banks and major financial institutions into the broader credit-lending ecosystem. Consumer-credit firms and specialised credit finance firms that had previously flown below the AML radar are now squarely in focus. This evolution reflects the financial regulator’s recognition that illicit-fund flows adapt to regulatory blind spots – in this case, non-bank credit extensions powered by identity-fraud.

For the lending market, the drive to implement CDD may increase operational costs, cause extended onboarding timelines and elevate barriers for smaller lenders that lack strong compliance infrastructure. On the other hand, it may enhance market integrity, reduce fraud losses and raise consumer trust. From an AML-CFT perspective, this intervention raises the bar for the detectability of “fraud-facilitated laundering” within consumer finance.

Corporates operating in the fintech and new-tech financing arena are excluded under the statutory carve-out for now; this carve-out may represent a temporary reprieve. Nevertheless, AML practitioners should interpret this as a warning sign: as fraud and identity-theft techniques evolve, regulatory scope may expand further into entirely new finance models.

Strategic checklist for AML/CFT professionals

• Amend the onboarding procedures in specialised credit finance firms and consumer-credit businesses to include full CDD: identification, verification, beneficial-owner checks (where relevant), and source-of-fund/purpose of employment inquiries.
• Enhance remote-origination controls: steps for mobile, telephone, video-call loan applications must incorporate multi-factor authentication, device fingerprinting and documentation cross-checks against trusted databases.
• Develop monitoring rules for anomalous loan behaviour: including rapid multiple loans under one identity, repayment through unrelated accounts, cross-border fund transfers associated with newly originated credit or identity change requests shortly after origination.
• Coordinate between fraud-prevention units and AML functions: fraud teams detecting vishing or spyware infections should share patterns and triggers with AML teams so that origin-of-loan flows can be mapped against fraud vectors.
• Report and escalate suspicious activity stemming from identity theft used to obtain credit: consider the loan as the first step in a layering sequence and treat the associated repayments or transfers as part of the laundering typology.
• Update scenario-based training for relevant business lines (credit-issuance, call-centre operations, mobile origination workflows) to heighten awareness of how loan-disbursement processes may serve as “front door” laundering channels.

Ending thoughts on the evolving AML landscape

The Korean regulator’s reform marks a pivotal step in recognising that non-bank credit providers are not immune from money-laundering and fraud-facilitated laundering threats. AML frameworks must adapt swiftly and proactively to capture these evolving vectors. Complaints related to vishing and identity theft no longer represent only consumer-protection issues; they are intimately linked to the core AML mission of detecting, disrupting and tracing illicit-financial flows. For AML specialists operating globally, the takeaway is clear: when a borrower’s identity is compromised and credit is extended, it may be the beginning of a laundering process rather than simply a fraud matter. The convergence of fraud-prevention and AML deserves sharper attention in strategy and implementation.

---

Related Links

• AML Regime Customer Due Diligence – Korea Financial Intelligence Unit
• Enforcement Decree of the Act on Reporting and Using Specified Financial Transaction Information – Korea Legislation Research Institute
• Recent amendments to the Korean Credit Information Act

Other FinCrime Central Articles About South Korea

• Uzbek Student’s Crypto Donations Unmask South Korea’s Biggest Terrorism Financing Case
• How South Korea’s Hwanchigi Is Driving a Wave of VASP SARs in 2025
• South Korea’s Rapid Crypto Law Overhaul Driven by GENIUS Act and Soaring Adoption

Source: South Korea’s Financial Services Commission

Some of FinCrime Central’s articles may have been enriched or edited with the help of AI tools. It may contain unintentional errors.

Want to promote your brand, or need some help selecting the right solution or the right advisory firm? Email us at info@fincrimecentral.com; we probably have the right contact for you.