Financial Services Commission headquarters in central Seoul (Yonhap)
South Korea’s Financial Services Commission on Monday announced that it will mandate big tech companies with financial services to establish disaster recovery centers.
The new regulation plan came in the wake of Kakao’s extensive internet, banking and messenger service disruption caused by a fire at SK C&C’s data center in October.
During the FSC’s fifth financial regulatory innovation meeting, it decided to establish a new task force during the first half of next year to make changes to security regulations.
The FSC stressed that the Kakao incident shed light on how current security regulations are only centered around traditional financial industries, while big tech companies’ influence in the market has grown dramatically over the recent years.
The new team will include an IT security expert, a financial security expert and an official from the Financial Supervisory Service.
The team also plans to make changes through three different stages.
Mandating big tech companies with financial services to establish a disaster recovery center will be part of the team’s first-stage project.
As part of the second stage, the team will mainly work on making changes to overly detailed regulations.
The FSC sees that the current security regulations are overly focused on providing detailed guidelines such as mandating financial firms to install portable flashlights, pressure gauges and thermometers on-site. It plans to revise these regulations to present principles and goals instead, and provide detailed case guidelines separately.
In addition to this change, the FSC is planning to shift its current system which is centered on supervising violations to providing support for financial firms’ implementation of autonomous security systems.
To do this, it will review expanding the authority of financial firms’ chief information security officers and make it mandatory to report important security matters to the board.
While providing support to financial firms’ implementation of autonomous security systems, if a problem occurs and the financial firms are found to be responsible, the regulator will apply strict penalties and ask the firms to provide compensation for losses.
In the third stage, the FSC’s goal is to switch from the current security regulations which provide guidelines for what firms are allowed to do to ones that present what firms are not allowed to do, as it is considered more appropriate for the fast-changing financial industry.
By Song Seung-hyun (firstname.lastname@example.org)