FinTech & Financial Data Security

“Quick response with detailed explanation.”

- IFLR1000

Overview

As financial transactions through the Internet or by use of smartphones become more common, financial data security has become more important than ever before. With extensive experience and expertise in this area, BKL is well equipped to provide a variety of legal advisory services on financial data security.

In the past, it was common for financial companies to establish their own computer centers and operate all IT equipment in a centralized computing system, but new concepts of service, such as cloud-based services, including Software as a Service (SaaS), big data, and generative AI, have been emerging, and new forms of financial services using digital technology have been launched. These new services have continued to change the financial data security landscape.

BKL has provided various practical day-to-day advice on financial data security-related issues that may arise in introducing/implementing new technology, working in collaboration with experts who have extensive experience in IT-related work and senior advisors and consultants with expertise gained from working in regulatory authorities such as the Financial Supervisory Service.

In particular, BKL maintains dedicated teams that are on permanent standby to respond to any financial data security system inspection on financial companies or any Financial Supervisory Service’s IT inspection and provides a hotline in preparation for any unexpected situation through its dedicated teams, diagnosing one-to-one customized compliance issues for new senior executives. 
 

Key Services

Provide legal advice on fintech and financial data security
Advise financial companies and electronic financial businesses on various legal issues relating to digital finance that may be encountered in providing digital finance-related services
Advise on the obligation to ensure safety under the Electronic Financial Transactions Act
Advising on financial data security, including regulation on cloud and network separation
Advise on personal (credit) data protection for digital finance
Advise on entrustment of information processing and reporting on use of cloud technology
Advise on regulatory issues that may arise out of or in connection with the entrustment by financial companies or electronic financial businesses of information processing services, such as IT-related facilities, within or outside Korea
Advise on relevant regulations, such as reporting to financial supervisory authorities, and assist in the application for Innovative Financial Services, when using a cloud service
Advise on the establishment of physical facilities, etc. in obtaining or registering permits and licenses
Provide comprehensive legal advice on obtaining new licenses or acquiring registered licenses under the Banking Act, the Financial Investment Services and Capital Markets Act, the Electronic Financial Transactions Act, etc.
Review the adequacy of IT equipment under the physical facility requirements and respond to on-site investigation by financial regulators
Analyze and advise on compliance with fintech and financial data security requirements
Respond to financial regulators’ inspection or sanction in relation to fintech or financial data security, and conduct mock inspection in advance in preparation thereof
Analyze and advise on compliance by a financial company or an electronic financial business with the Electronic Financial Transactions Act, the Electronic Financial Supervisory Regulations and other laws and regulations on financial data security
Assist in, and provide comprehensive advice on, responding to hacking or other financial data security incidents

Representative Cases

Advised several financial companies and electronic financial businesses on various issues under the Electronic Financial Transactions Act, such as the separation of networks, the use of cloud technology for the use of generative AI
Advised foreign financial institutions in establishing physical facilities for incorporation of their Korean operation and obtaining license for the financial business, including conducting mock inspection in preparation for the due diligence inspection by the financial authorities
Advised financial companies on, and analyzed, compliance with IT and information protection requirements
Providing legal advice on fintech and financial data security
Advised several financial companies and electronic financial businesses on various issues under the Electronic Financial Transactions Act, such as the separation of networks, the use of cloud technology for the use of generative AI
Advised credit card companies on launch of new payment methods using smartphones and on responding to financial authorities
Advised electronic financial businesses on authentication methods using new technologies, such as biometric authentication
Reviewed the legality of the launch of new electronic financial services by financial companies, etc.
Advising on entrustment of information processing and reporting on use of cloud technology
Advised financial companies on reporting on the use of cloud technology
Advised domestic banks, insurance companies, etc. on entrustment of information processing services
Advised electronic financial businesses on entrustment and sub-entrustment of information processing
Advised financial companies on the subject, scope, and procedures for reporting the use of overseas cloud technology
Advising on establishment of physical facilities, etc. in obtaining and registering permits and licenses
Advised foreign financial institutions in establishing physical facilities for incorporation of their Korean operation and obtaining license for the financial business, including conducting mock inspection in preparation for the due diligence inspection by the financial authorities
Advised foreign companies on the establishment of a local branch and the registration of pay gate (PG) business
Advised on the registration of electronic financial business for issuance and management of prepayment means
Advised domestic companies, and discussed with financial authorities, on financial data security regulation and establishment of related systems for registration of electronic financial business
Analyzing and advising on compliance with fintech and financial data security requirements
Advised financial companies on, and analyzed, compliance with IT and information protection requirements
Advised financial companies on, and analyzed, compliance with IT and information protection requirements
Advised electronic financial business entities on responding to FSS inspection
Advised financial companies on technical protection measures for personal (credit) information and provide analysis on the adequacy of such measures from a legal perspective