South Korea’s Financial Services Commission (FSC) has eased network separation rules for financial institutions, opening the door to wider use of cloud-based software-as-a-service (SaaS) for internal operations.
The FSC confirmed that financial companies and electronic financial service providers will be able to introduce certain SaaS tools for administrative and back-office functions without going through the financial regulatory sandbox programme.
Go deeper with GlobalData
Access deeper industry intelligence
Experience unmatched clarity with a single platform that combines unique data, AI, and human expertise.
Under the change, SaaS solutions specified under the Enforcement Decree of the Act on the Development of Cloud Computing and Protection of Its Users are exempted from network separation rules under the Electronic Financial Transactions Act and related supervisory regulations.
The easing is not comprehensive. To limit risks around data exposure, the exemption does not extend to activities involving “personal identification information or personal credit information”.
Financial operators will still need to secure approval via the financial regulatory sandbox programme where pseudonymised personal data is used through SaaS.
Alongside the relaxation, the FSC is tightening security obligations for companies that make use of the new flexibility.
Financial institutions must ensure their SaaS applications are “pre-screened by the Financial Security Institute (FSI)”.
They are also required to maintain strict IT security protocols for access devices and have their compliance controls reviewed every six months. The findings will be then reported to their chief information security officers.
To help companies adjust to the revised regime, the FSI has published an information booklet on financial IT security, covering SaaS usage, key security risks and corresponding mitigation measures.
Regulators expect the softer network separation stance on SaaS to improve coordination between departments and overseas branches by making internal collaboration more seamless.
They also foresee reduced reliance on in-house servers and on-premise infrastructure, potentially lowering IT management costs and administrative workload.
The authorities also indicated that broader SaaS deployment in areas such as “performance management, collaboration tracking, and so on” may encourage more data-driven decision making and bring greater uniformity to internal management processes.
