Fintech firms are setting up disaster preparedness centers
Financial Services Commission headquarters in central Seoul (Yonhap) |
South Korea’s Financial Commission announced Monday that it will mandate major financial services technology companies to establish disaster recovery centers.
The new regulatory plan came in the wake of Kakao’s extensive internet, banking and messenger outages caused by a fire in SK C&C’s data center in October.
During the FSC’s fifth financial innovation meeting, it decided to establish a new working group during the first half of next year to make changes to the security regulations.
The FSC emphasized that the Kakao incident shed light on how current security regulations are only centered around traditional financial industries, while large technology companies’ influence in the market has grown dramatically in recent years.
The new team will include an IT security expert, a financial security expert and an official from the Norwegian Financial Supervisory Authority.
The team also plans to make changes through three different stages.
Mandating large financial services technology companies to establish a disaster recovery center will be part of the team’s first phase project.
As part of the second stage, the team will mainly work on making changes to overly detailed regulations.
The FSC sees current security regulations as overly focused on providing detailed guidelines such as mandating financial firms to install portable flashlights, pressure gauges and thermometers on site. It plans to revise this regulation to present principles and objectives instead, and provide detailed case guidelines separately.
In addition to this change, the FSC plans to change its current system centered on monitoring breaches to support financial firms’ implementation of autonomous security systems.
To do this, it will review the extension of the authority of financial institutions’ chief information security officers and make it mandatory to report important security matters to the board.
While it supports the financial institutions’ implementation of autonomous security systems, if a problem occurs and the financial institutions are found to be responsible, the regulator will impose severe penalties and ask the firms to provide compensation for losses.
In the third phase, FSC’s aim is to switch from current security regulations that provide guidelines for what firms are allowed to do to those that present what firms are not allowed to do, as it is considered more appropriate for the rapidly changing financial sectors. industry.
By Song Seung-hyun ([email protected])