Global financial institutions actively utilize specialized cloud-based services for the operation of key IT infrastructures, core analytical processes as well as client interfacing platforms. In contrast, financial institutions in Korea face regulatory challenges in integrating such public cloud-based services due to the prohibitive effects of the Regulations on E-Finance which govern the use of public cloud services by financial institutions in Korea. Under the current regulatory regime, financial institutions are only permitted to process “non-critical” information via public cloud servers – and the Regulations on E-Finance expressly exclude personal credit information and/or unique identification information from the scope of “non-critical information”. Consequently, financial institutions have only been able to use cloud services for a narrow scope of purposes, mostly for functions which do not pertain to the essential features of the financial business and are of limited use for global financial institutions. The FSC now proposes to amend the Regulations on E-Finance to permit financial institutions in Korea to process personal credit information and unique identification information on public cloud servers located in Korea. Although the contents of the amendments remain to be seen and the existing data protection laws and regulations of Korea will continue to apply, the financial institutions in Korea may soon be able to enjoy the benefits of cloud services in its core operations, including: - Utilization of high-capacity cloud servers to run big data and artificial intelligence (AI) based systems for core financial analysis and related client interfacing (e.g., credit analysis, underwriting, etc.).
- Conversion of transactional services to cloud-based models with the ability to process key personal identification information such as resident registration number via cloud services.
The FSC has reserved that any measures for cloud computing deregulation will be guided by the publication of a new set of compliance requirements and guidelines, including specific reporting requirements for financial institutions; and that the FSC will have the express authority to supervise and audit any cloud-based service providers in Korea. The FSC will elaborate on the details of the deregulation over the course of the next six months. |