News and developments
Deregulation of the Financial Sector’s Cloud Computing and Network Separation
Improvements to Cloud Computing and Network Separation Rules in Financial Sector
On April 14, 2022, the Financial Services Commission unveiled its plans to improve regulations on cloud computing and network separation in the financial sector. This improvement plan aims to support the financial sector’s efforts for digital transformation in a stable manner, in response to the financial industry’s concerns about the difficulties in adopting and using new digital technologies because of excessive regulations on cloud computing and network separation.
The main contents of the improvement plan are as follows.
Regulatory Improvements on the use of Cloud Computing:
Regulatory Improvements on Network Separation:
Further Plans and Business Implications
The financial authorities will soon work to revise the Enforcement Decree of the Electronic Financial Transactions Act and its supervisory regulation with an aim to begin the enforcement of the changed rules. At the same time, the authorities will also prepare a revision to the guideline on the use of cloud computing service in the financial sector to be effective in 2023. In particular, since financial companies’ internal control measures on a voluntary basis are crucial for the proposed change in the regulatory requirements on cloud computing and network separation, the authorities will carry out inspections on their internal control system such as the establishment and operation of an internal data protection deliberation body in the second half of this year.
Therefore, in accordance with the improvements to cloud computing and network separation rules in the financial sector, we think that financial companies or electronic financial business operators such as big tech and fintech companies that wish to expand the use of cloud, engage in the usage of SaaS, change the network separation structure in development/test fields, and exclude network separation for non-financial businesses and SaaS, should start preparations such as maintenance of the internal control system, substantialization of the personal information protection commission, and application for regulatory sandboxes for non-financial business and SaaS sectors.
If you have any questions regarding this article, please contact below:
Hyunkoo KANG ([email protected])
Hwan Kyoung KO ([email protected])
Chloe Jung-Myung LEE ([email protected])
Sungin CHO ([email protected])
For more information, please visit our website: www.leeko.com