In response to the "service interruption" incident that occurred with Kakao [035720] two years ago due to a fire at the SK C&C Pangyo Data Center, financial authorities have mandated the installation of disaster recovery centers for card, capital, and electronic finance companies to prevent similar disruptions in financial services.

The minimum coverage for liability insurance in the event of an electronic financial accident will also be doubled.

The Financial Services Commission announced on the 5th that it had passed an amendment to the Electronic Financial Supervision Regulations in a regular meeting and that it would take effect immediately.

However, the regulations regarding the installation of disaster recovery centers and the increase in the limit of liability insurance will be applied one year later, taking into account the insurance subscription period and equipment construction period of financial companies. The regulations related to the protection of major deliberation and resolution matters of the Information Protection Committee will be implemented six months later, on August 5.

After one year, card and capital companies with total assets of 2 trillion won or more, savings banks with their own electronic facilities, and electronic finance companies with total transaction amounts of 3 trillion won or more will be required to install disaster recovery centers. Currently, only banks, financial investment companies, and insurance companies are required to install disaster recovery centers.

In order to strengthen consumer protection against damages, the minimum compensation limit for liability insurance in the event of an electronic financial accident will also be doubled. For financial investment companies with assets of 2 trillion won or more, it will increase from 500 million won to 1 billion won, and for prepaid electronic financial companies, etc., it will increase from 100 million won to 200 million won.

This is a result of the need to strengthen the resilience of financial computer systems and to provide rapid consumer relief in the event of a disaster or electronic intrusion since the Kakao data center fire.

On October 15, 2022, at around 3:19 pm, a fire broke out in the electrical room on the third basement floor of building A of the SK C&C Pangyo Campus in Sampyeong-dong, Bundang-gu, Seongnam-si, Gyeonggi-do, where data management facilities such as Kakao were located. As the power to the server service was cut off, services of Kakao, Naver, SK affiliates, etc., caused large and small failures.

There were no casualties in the fire, but a situation occurred in which Kakao services and functions were not properly provided for 127 hours and 30 minutes after the fire.

The amendment also reorganized the Financial Security Standards, which were excessively detailed and centered on conduct rules, into principle-centered standards, and reorganized the number of conduct rules from 293 to 166. It has greatly expanded the autonomy of financial companies in relation to the management of buildings, facilities, computer rooms, and various internal controls and business operations, and improved the relevant internal decision-making system by allowing the Chief Information Security Officer (CISO) to report major deliberation and resolution matters of the Information Protection Committee to the board of directors.

The financial authorities expect that "with this revision of the regulations, the public will be able to use the services with peace of mind without worrying about service interruption even in the event of a disaster, and will be able to receive substantial damage relief in the event of an electronic financial accident."