Information Security Industry Act to Take Effect Next Month
Payment Service Providers "Already Submitted to FSC"
Authorities "Different Roles" Disagree
Yeouido National Assembly Building.
[Asia Economy Reporter Kiho Sung] With less than a month remaining before the enforcement of the "Act on the Promotion of the Information Security Industry (Information Security Industry Act)" there is controversy over overlapping regulations on electronic financial service providers. Although the authorities have stated that they will resolve the controversy through enforcement ordinances when the related bill is reviewed by the National Assembly, criticism has arisen that the parts pointed out as overlapping regulations have been left unchanged. The industry is expressing concerns, anticipating that additional costs and time investments will be inevitable. On the other hand, the authorities maintain that after various legal reviews, these are not overlapping regulations, so the controversy is expected to continue for the time being.
According to the National Assembly and political circles on the 15th, the Information Security Industry Act will take effect from July 9. The bill passed the plenary session of the National Assembly on May 21 and was approved at the Cabinet meeting on June 1. The core of the Information Security Industry Act is to promote information security disclosure for companies above a certain scale to ensure safe internet use by information and communication service users and to encourage corporate investment in information security. Companies above a certain scale must disclose information security, and failure to comply will result in a fine of up to 10 million KRW.
The problem is that the exemption clause for electronic financial service providers, which the authorities initially promised, has been omitted from the enforcement ordinance. Electronic financial service providers already submit related information annually to the Financial Services Commission under the current Electronic Financial Transactions Act. This issue was also controversial during the National Assembly review. When lawmakers Seongjoong Park and Eunah Heo of the People Power Party pointed out the overlapping regulation issue at the Science, Technology, Information and Communications Committee’s bill review subcommittee on March 23, Deputy Minister Seokyoung Jang of the Ministry of Science and ICT stated, "We plan to exclude those subject to the Electronic Financial Transactions Act when revising the enforcement ordinance." When Subcommittee Chair Park questioned again whether exclusion would be difficult with only an enforcement ordinance revision, Deputy Minister Jang promised to reflect the related content by adding wording to the enforcement ordinance. However, the industry views the enforcement ordinance published by the Ministry of Science and ICT as mandating disclosure under this law even for electronic financial service providers.
The industry points out that additional costs and considerable time will be required. Besides the problem of overlapping regulations, additional personnel, time, and costs will inevitably be invested for pre- and post-verification of disclosure content, as well as the burden of data submission and disclosure. They also criticize the Ministry of Science and ICT for not actively collecting opinions when preparing the bill or enforcement ordinance. A fintech industry official said, "Electronic financial service providers are already required to perform information security activities beyond the disclosure system, such as vulnerability analysis, evaluation, and breach response training under the Electronic Financial Transactions Act," adding, "If the Ministry of Science and ICT’s enforcement ordinance amendment passes as is, it will clearly be overlapping and excessive regulation."
On the other hand, the Ministry of Science and ICT states that industry opinions were sufficiently reflected when preparing the related bill and enforcement ordinance, and that disclosure and data submission to the Financial Services Commission serve different roles, so it is not overlapping regulation. They also revealed that a total of 18 people, including representatives from domestic fintech companies, academia, associations, and legal and accounting firms, participated in the research group for creating the enforcement ordinance.
A Ministry of Science and ICT official explained, "There was a clear legal judgment that the disclosure by electronic financial service providers under this amendment and the data submission conducted by the Financial Services Commission for supervision are distinctly different in nature," adding, "Also, the data submitted to the Financial Services Commission is not disclosed to the public, so it cannot be considered overlapping regulation compared to the publicly disclosed disclosure."
He continued, "During the enforcement ordinance legislative notice period, review opinions were received from a total of five places, and many parts were reflected in the enforcement ordinance and notification content through consultations with the relevant institutions," adding, "We collected opinions from three law firms that submitting data to the Financial Services Commission by electronic financial service providers is different in purpose and intent from the disclosure for users’ right to know under this bill, and therefore does not constitute overlapping regulation."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
