Fast-track push for the 'Digital Finance Safety Act' amid a string of financial-sector hacks... crypto exchanges also required to invest in security

GA and crypto exchanges also required to invest in security

Corporate insurance agencies (GAs), cryptocurrency exchanges and loan companies—previously in financial security blind spots—could as early as next year be subject to regulations on par with those applied to financial institutions. The move comes as financial authorities begin drafting and revising relevant laws following a series of hacking incidents across the financial sector.

According to the financial industry on the 13th, the Financial Services Commission and the Financial Supervisory Service are working on enacting a “Digital Finance Safety Act” to spur security investment across the sector and strengthen risk management. The act would be a separate, overarching legal framework specialized in financial security. Discussions have been gaining pace after a succession of hacking incidents and personal data leaks at financial firms including Lotte Card, SGI Seoul Guarantee Insurance and Upbit last year.

The Digital Finance Safety Act is expected to take the form of a sweeping overhaul of the current Electronic Financial Transactions Act. An official at the financial authorities said, “Financial security-related provisions in the Electronic Financial Transactions Act will be transferred to the Digital Finance Safety Act,” adding, “The Electronic Financial Transactions Act is likely to be revised into a law that contains only the regulatory framework for electronic financial businesses such as simple payment services.”

The authorities’ plan is to eliminate blind spots in financial security through the new act. To that end, they have decided to include sectors such as GAs and cryptocurrency exchanges—which have not been covered by the Electronic Financial Transactions Act—within the scope of the Digital Finance Safety Act.

This is expected to enable the authorities to impose sanctions such as business suspensions as well as administrative fines and penalty surcharges on GAs and exchanges when security incidents occur. In addition, Article 21 of the Electronic Financial Transactions Act, the key clause on the “duty to ensure safety,” would be expanded to cover currently excluded entities such as asset management firms.

The authorities are also pursuing a plan to impose punitive penalty surcharges on financial firms when hacking incidents cause consumer harm. Under the current Electronic Financial Transactions Act, even if consumer damage occurs due to a hacking incident, the legal basis for sanctions has not been clear.

An official at the financial authorities said, “Measures such as introducing punitive penalty surcharges or coercive fines for noncompliance will be pushed swiftly through revisions to the Electronic Financial Transactions Act,” adding, “In addition, we plan to include in the Digital Finance Safety Act an incentive structure to encourage security investment and accident prevention by financial institutions.” Recently, Rep. Yoo Dong-soo of the Democratic Party of Korea introduced an amendment to the Electronic Financial Transactions Act that would impose penalty surcharges of up to 3% of revenue on financial firms in the event of incidents—such as hacks—that cause serious harm to users.

Reporter Seo Hyeong-gyo seogyo@hankyung.com