The Financial Services Commission held a meeting with relevant authorities and financial companies on February 1 and announced plans to bolster cyber and information security capacity and resilience of the financial industry. At the meeting, authorities also unveiled and discussed key details of the revision proposal for the supervisory regulation on electronic financial services, which is put up for public comment until March 12.

Vice Chairman Kim Soyoung of the FSC delivered opening remarks at the meeting, emphasizing on the need to establish a forward-looking cyber and information security system in the financial industry amid rapid changes taking place in digital sphere, such as cloud computing and artificial intelligence, and the evolving nature of cybersecurity threats. In this regard, Vice Chairman Kim said that it is necessary to focus on making financial industry’s cybersecurity system more adaptable and resilient. To this end, the FSC will make the cyber and information security system more goal- and principle-oriented and encourage financial companies to boost their own cybersecurity capacity and bolster resilience to cyberthreats.

With the revision of the supervisory regulation being proposed today, Vice Chairman Kim said that the approach to cyber and information security will shift from a narrow and compliance-focused practice of the past to a more comprehensive, proactive and self-driven one. Beginning with this rules change, the FSC will seek to revise the Electronic Financial Transactions Act in the future to strengthen financial companies’ self-governance responsibility over cyber and information security.

Some of the key details of the revision proposal for the supervisory regulation on electronic financial service include (a) making rules simpler and allowing more room to make autonomous decisions for financial companies by reducing the number of rules to 166 from 293 previously, (b) requiring certain types of small- and medium-sized financial companies and electronic financial service providers to set up disaster response centers and establish specific goals regarding service restoration time, (c) enhancing the role of chief executives and board of directors in the process of decision-making over their companies’ cyber and information security matters, and (d) increasing the minimum insurance level financial companies need to sign up for in order to be prepared for cybersecurity incidents and compensation of damages to consumers.

The revision proposal for the supervisory regulation on electronic financial services will be put up for public comment from February 1 to March 12, and take effect after a final deliberation process by the FSC.

Vice Chairman Kim also visited the Information Sharing & Analysis Center (ISAC) run by the Financial Security Institute and had a pep talk with the employees working there round the clock to keep the country’s financial system safe from cybersecurity threats. Especially with the Lunar New Year holiday around the corner, Vice Chairman Kim asked the ISAC employees to take particular care in monitoring for cyberattacks or other emergency situations to make sure that there are no damages inflicted to financial consumers.

* Please refer to the attached PDF for details.