South Korea's Financial Services Commission announced at the end of June 2016 that the country's Regulation on Supervision of Electronic Finance Business will be amended to allow financial institutions to use cloud computing for “non-critical information processing systems.” This means that going forward there will be a basis for financial institutions to use cloud computing to process and store information that does not include personal identifiers (i.e non-critical information). The new provisions will become effective in September 2016.
Indications are that the purpose of the new provision is to bring the South Korean regime more into line with the regimes in many other countries in the Asia-Pacific region. In particular, the changes will benefit domestic financial institutions in South Korea and create a more level playing field with foreign based banks which currently operate in South Korea—foreign based banks currently can use cloud computing, provided that they are not set up as subsidiary in South Korea, while domestic banks are expressly restricted from doing so. Another important implication is that there will not be restrictions on the nationality of third party providers of cloud computing services, which will make the major multi-national providers accessible to South Korean banks.
Tip: The South Korean government has stated that using and developing cloud computing is a key priority for both business and government in South Korea. Prior to using cloud computing, banks operating in South Korea should check whether any further details are introduced regarding what constitutes "non-critical information" and "personally identifiable information."