Deregulation of Korean Cloud Computing and Network Separation in the Korean Financial Sector in South Korea

Deregulation of Cloud Computing and Network Separation in the Financial Sector in Korea explained by lawyers at a leading law firm in Korea.

Korean Cloud Computing and Network Separation Rules: Improvements in the Korean Financial Sector.

The Korean Financial Services Commission presented its intentions to enhance the rules governing cloud computing and network separation in the Korean financial industry on April 14, 2022.

This Korean government plan was created in response to the financial industry’s worries about the challenges associated with adopting and implementing new digital technologies as a result of too restrictive rules on cloud computing and network isolation in Korea. Seemingly, these liberalizations were a reaction to issues noted by leading SaaS and Cloud Computing companies in Korea.

Improved Regulations for the Use of Cloud Computing in Korea

The news rules, according to the Korean Financial Services Commission are to:

Clearly and concisely state the rules for assessing the importance of the task when using cloud computing.
Reduce the number from 141 assessment criteria for cloud service providers (CSPs) to 54 assessment criteria.
Differentiate cloud computing procedures based on the amount of work to be done.
Establish a consistent CSP assessment mechanism to ease companies’ financial responsibilities.
Create a unique set of SaaS assessment criteria.
Make submission/application paperwork simpler, such as the “work consignment operational standards.”
Replace the current ex post facto cloud computing reporting requirement with a prior reporting obligation.

Network Separation Regulatory Improvements in Korea:

Development and test servers are exempt from network separation restrictions, as are non-electronic financial activity and SaaS. Additionally, network separation rules in Korea are to be gradually relaxed over the course of a medium-to long-term period.

Additional Plans and Business Repercussions for Companies Doing Business in Korea

With a view to starting the enforcement of the modified rules, the financial authorities in Korea will, likely, update Korea’s Electronic Financial Transactions Act’s regulations and Enforcement Decree. The authorities will also be working on a change to the guidance on using cloud computing services in the financial sector, which will take effect in 2023.

Korean government will conduct inspections on financial companies’ internal control systems, such as the establishment and operation of an internal data protection deliberation body, in the latter part of this year. This is because the voluntary internal control measures taken by financial companies in Korea are crucial for the proposed change in the regulatory requirements on cloud computing and network separation. We shall update the reader when more becomes available.

Accordingly, we believe that financial companies or electronic financial business operators, such as big tech and fintech companies, should begin preparations such as changing the network separation structure in development and test fields and excluding network separation for non-financial businesses and SaaS in accordance with improvements to cloud computing and network separation rules in the financial sector.

If you would like a consultation with an attorney : Please Schedule a Call with an Attorney.

by Sarah Khan