The financial authorities will strengthen security evaluations of financial companies and prepare measures to impose monetary penalties if results are insufficient. They will also establish a legal basis to sanction business suspensions and other penalties for financial accidents at non-financial companies, such as simple payment firms, in addition to virtual asset exchanges and lending businesses, which are considered blind spots in financial security.
On the 18th, according to the financial sector, the financial authorities prepared the Digital Financial Safety Act containing these measures and decided to submit it to the National Assembly within the year.
The Digital Financial Safety Act is being prepared to establish a financial security framework across all financial sectors. The financial authorities will conduct security status evaluations of financial companies and are reviewing measures to impose fines and enforcement charges on firms that receive low grades. They will also create grounds for the financial authorities to impose sanctions such as business suspension, fines, and a penalty surcharge on a financial company if a security incident such as hacking or a personal data leak occurs.
Currently, even if hacking incidents occur at virtual asset exchanges, lending businesses, or general agencies (GA), the financial authorities have no legal basis to impose sanctions. A representative case is Upbit. In Nov. last year, 24 types of virtual assets totaling 1,040,647,000-plus units (about 44.5 billion won) were leaked due to the Upbit hack, but controversy arose because the financial authorities lacked a legal basis to sanction security responsibility.
Virtual asset exchanges are not subject to the Electronic Financial Transactions Act and are supervised only for their anti-money-laundering obligations under the Act on Reporting and Using Specified Financial Transaction Information. When the bill takes effect, these sectors will also be required to establish security systems on par with financial companies.
The financial authorities are reportedly reviewing applying the Digital Financial Safety Act to financial accidents at non-financial companies such as simple payment firms and payment gateways (PG). They are coordinating related measures based on the Financial Supervisory Service's examination results on Coupang Pay and Coupang Financial.