From now on, any lending specialty financial company with assets exceeding 2 trillion won and more than 300 full-time employees must establish a disaster recovery center. Additionally, if a technology credit evaluation company falsely assesses a corporation's credit rating, it will incur fines of 20 million won.
On the 5th, the Financial Services Commission held a regular meeting and approved partial amendments to the 'Electronic Financial Supervision Regulations' and 'Credit Information Business Supervision Regulations.'
According to the amendments, lending specialty financial companies (with total assets exceeding 2 trillion won and more than 300 full-time employees), savings banks (those with their own computing facilities), and electronic financial service providers (with total transaction amounts exceeding 2 trillion won) must also establish disaster recovery centers. Previously, only banks, financial investment companies, insurance companies, credit card companies, and savings banks (utilizing the central association's computing system) were required to do so.
This requirement arose after the 2022 Kakao data center fire, which highlighted the need to strengthen the financial system's resilience against disasters and electronic breaches.
To enhance consumer protection in financial transactions, the minimum compensation limits for responsibility insurance in electronic financial incidents will also be increased. Financial investment companies with assets exceeding 2 trillion won will see the limit raised from 500 million won to 1 billion won, while prepaid electronic finance providers will see an increase from 100 million won to 200 million won. This regulation will take effect on Feb. 5, 2026.
Furthermore, to establish a self-regulatory security system in the financial sector, financial security regulations will be improved from a 'rules' approach to a 'principles' approach. Previously, the Electronic Financial Supervision Regulations specified financial security standards in detail according to conduct rules, leading to criticisms that financial institutions could not flexibly respond to security situations.
If a corporate credit reporting company significantly violates its fundamental responsibilities in evaluation work, it may incur fines of up to 20 million won. Consequently, actions that involve using another person's certification or relying on unverified certification to assess the availability of technology financing will be classified as prohibited activities. Furthermore, actions that pressure assessors for specific ratings or results within company sales organizations will also be prohibited.