As the Democratic Party of Korea moves to push a bill to mandate reporting to the financial authorities of security incidents in e-commerce, prompted by the Coupang personal data leak, the Financial Services Commission and industry are expressing reluctance. The Financial Supervisory Service said it plans to strengthen oversight of big tech–affiliated electronic financial businesses, but the related bill is expected to face difficulties passing the National Assembly.
According to the financial sector on the 16th, the Financial Services Commission (FSC) recently conveyed to the National Policy Committee its view that "careful review is necessary" regarding the "Partial Amendment to the Electronic Financial Transactions Act" proposed in Jan. by Democratic Party lawmaker Kim Hyun-jung. The FSC explained the reason, saying "practical constraints and effectiveness need to be considered."
The FSC is said to be concerned that expanding the reporting scope to include e-commerce operators, given the limited personnel of the financial authorities, could lead to an increased practical workload.
The amendment was prepared to block problems in which personal information leaks at shopping malls lead to financial account theft or fraudulent payments in a structure where a shopping mall and a simple payment service, like Coupang and Coupang Pay, share a single account (One-ID). Its core is that, if a security incident such as a personal information leak occurs at an e-commerce company and there is concern it could escalate into an electronic financial incident, it must be reported immediately to the FSC.
Currently, the notification obligation is limited to "financial companies or electronic financial businesses," making it difficult for the financial authorities to immediately grasp incidents that occur at e-commerce companies like Coupang, critics have noted.
The Korea Online Shopping Association, representing e-commerce companies, also conveyed its opposition to the amendment. The association explained its grounds for opposition, saying, "Imposing obligations such as notification and cause analysis for breaches at an affiliate that is a separate corporation runs counter to the principle of responsibility, so careful review is needed." Both the e-commerce industry that would report and the FSC that would receive the reports have conveyed opposition to the amendment.
By contrast, the Financial Supervisory Service (FSS) plans this year to examine risk management and internal controls of big tech–affiliated electronic financial businesses such as NAVER, Kakao, and Coupang. With concerns raised about information leaks involving Coupang's subsidiary Coupang Pay, the authorities are moving to conduct a preemptive inspection to prevent a recurrence of similar cases.
Lee Chan-jin, the FSS governor, has repeatedly said the watchdog will tighten monitoring of nonfinancial companies that have electronic financial firms like Coupang as affiliates.