Fintech in South Korea 2024

Fintech in South Korea 2024

Fintech in South Korea 2024

FINTECH 2024

SOUTH KOREA

Juho Yoon, Young Ju Park, Se Yeong Im, Jinhee Rhew

(Bae, Kim & Lee LLC)

FINTECH LANDSCAPE AND INITIATIVES

General innovation climate

  1. What is the general state of fintech innovation in your jurisdiction?

In South Korea, various fintech companies are actively engaged in promoting and operating their business, and many traditional financial companies are striving to expand their business presence within the fintech industry.

To create momentum for fintech innovation, the South Korean government operates a regulatory sandbox program pursuant to the Special Act on Support for Financial Innovation, which took effect on 1 April 2019. As of May 2023, a total of 292 projects have been designated to benefit from regulatory exemptions.

Recently, the virtual asset industry has been undergoing meaningful changes at a rapid pace. For example, a bill on the Act on the Protection of Virtual Asset Investors is expected to be passed in the National Assembly soon. The bill focuses on enhancing the protection of virtual asset investors by introducing certain obligations of virtual asset service providers and prohibiting unfair practices related to cryptoasset transactions.

In addition, in February 2023, the Financial Services Commission (FSC) introduced policies and guidelines on the issuance and circulation of security tokens to permit security token offerings. According to the policies and guidelines:

  • distributed ledger technology will be legally recognized as a method of registering official records of information regarding the occurrence, change and expiration or termination of rights pertaining to a security; and
  • a new license for over-the-counter trading platforms for securities tokens (more specifically, investment contract securities and certificates on non-money trusts) will be introduced in due course.

Government and regulatory support

  1. Do government bodies or regulators provide any support specific to financial innovation? If so, what are the key benefits of such support?

To support financial innovation, the regulatory sandbox program was introduced in 2019, which exempts, either fully or partially, eligible fintech companies from various restrictions under financial-related laws (including permits and approval requirements). This exemption will be granted for up to two years as a general rule and may be extended once for another two years.

Additionally, in 2018, the Special Act on the Establishment and Operation of Internet-only Banks was passed to make it possible to run an online banking business without any offline (physical) branch. The same Act also relaxed regulations on IT companies’ acquisition of equity shares in internet-only banks. As of the date of this submission, three internet-only banks are operating in South Korea.

FINANCIAL REGULATION

Regulatory bodies

  1. Which bodies regulate the provision of fintech products and services?

The FSC and the Financial Supervisory Service (FSS) are the two primary institutions in charge of regulatory enforcement over fintech products and services.

The FSC is a government institution mainly responsible for creating financial policies. The FSS is responsible for supervising and inspecting financial companies as the enforcement arm of the FSC.

Regulated activities

  1. Which activities trigger a licensing requirement in your jurisdiction?

Generally, an entity that intends to engage in any of the following businesses involving financial investment instruments must obtain licenses and approvals required under the South Korean Financial Investment Services and Capital Markets Act (FSCMA). Under the FSCMA, a financial investment product is defined as a product acquired by an agreement to pay money or other assets at a specific point in the present or in the future, with the intent to earn a profit or avoid a loss, where there is a risk (namely, investment risk) that the total amount of such money or assets paid or payable, to acquire that product may exceed the total amount of money or other assets already recovered or recoverable from such product:

Classification of business

Description

Investment dealing business

Selling and purchasing financial investment instruments on its proprietary account

Investment brokerage business

Selling and purchasing financial investment instruments, broking thereof, on the account of others

Collective investment business

Pooling investment from two or more investors and managing the investment on behalf of the investors

Investment advisory business

Providing advice on the values of investable assets or on investment decisions

Discrete investment management business

Making partially or wholly discretionary investment decisions and managing the investments on behalf of customers

Trust business

Providing trust service

The deposit-taking business may only be conducted by banks (including internet-only banks) or saving banks under banking or savings banking licenses under South Korean laws.

Similarly, the lending business may only be carried out by registered money lenders under the Act on Registration of Money Lending Business and Protection of Finance Users (the Lending Business Act) or financial companies authorized to provide loans under the relevant regulations.

Most payment services are governed by the Electronic Financial Transactions Act (EFTA), and different licenses or registrations under EFTA may be required on a case-by-case basis, depending on their specific scope of business activity. For example, registration pursuant to EFTA may be required to issue electronic payment means, and transmission or receipt of payment information or mediation of settlement of proceeds requires a payment gateway license.

Consumer lending

  1. Is consumer lending regulated in your jurisdiction?

Under the Lending Business Act, registration as a moneylender is required to conduct lending business. For loan brokers, additional registration in accordance with the Financial Consumer Protection Act (FCPA) is also required. However, credit finance companies such as banks under the Banking Act and credit specialized companies under the Credit Specialized Financial Business Act are authorized to conduct lending business without separate money lender registration.

The Lending Business Act also regulates the maximum interest rate. The maximum interest rate for consumer lending is limited to 20 percent per annum as of the date of this submission.

When soliciting consumers or advertising, credit finance companies and moneylenders shall comply with the standards set forth in the FCPA, which was enacted on 25 March 2021 to provide consumer protection standards for all financial products, including loans.

Secondary market loan trading

  1. Are there restrictions on trading loans in the secondary market in your jurisdiction?

Loan claims may only be acquired by entities specifically listed under the Lending Business Act, such as registered loan collection business entities, banks and credit-specialized companies.

Collective investment schemes

  1. Describe the regulatory regime for collective investment schemes and whether fintech companies providing alternative finance products or services would fall within its scope.

The collective investment business and collective investment schemes are regulated under the FSCMA. Assuming that alternative finance products or services are categorized as collective investment schemes under the FSCMA, a fintech company should obtain the relevant license and comply with the regulations under the FSCMA.

Alternative investment funds

  1. Are managers of alternative investment funds regulated?

The collective investment schemes and their managers are regulated under the FSCMA. Assuming that alternative investment funds are categorized as collective investment funds, to manage the alternative investment funds in South Korea, the fintech company should obtain the required license and comply with the regulations under the FSCMA.

Peer-to-peer and marketplace lending

  1. Describe any specific regulation of peer-to-peer or marketplace lending in your jurisdiction.

Peer-to-peer (P2P) lending platforms should complete registration and comply with various regulations under the Online Investment-Linked Finance Act, including disclosure of financial status and business structure and prohibition from engaging in high-risk practices. In addition, P2P lending investors are subject to investment caps that are determined in proportion to their incomes.

Crowdfunding

  1. Describe any specific regulation of crowdfunding in your jurisdiction.

Equity-based crowdfunding is governed by the FSCMA. Fintech companies that wish to provide equity-based crowdfunding services need to register with the FSC. While subject to more lenient regulations than traditional financial services, relevant regulations for promoting the crowdfunding business is also subject to several restrictions. For example, the maximum amount of investment that each company may raise through crowdfunding is 1.5 billion won per year.

Reward-based crowdfunding and donation-based crowdfunding are not subject to special restrictions. However, depending on the specifics of their business model, reward-based crowdfunding business entities may be required to register as mail-order distributors under the Act on the Consumer Protection in Electronic Commerce.

Invoice trading

  1. Describe any specific regulation of invoice trading in your jurisdiction.

Invoice trading is not subject to any specific regulation in South Korea.

Payment services

  1. Are payment services regulated in your jurisdiction?

Payment services are mainly governed by EFTA, and any entity wishing to engage in such business should register with the FSC and comply with relevant obligations unless exempted under EFTA.

Open banking

  1. Are there any laws or regulations introduced to promote competition that require financial institutions to make customer or product data available to third parties?

Currently, open banking is not subject to any specific regulation in South Korea. As a general practice, financial institutions and electronic financial business entities rely on private arrangements for open banking services in cooperation with financial regulators.

For reference, there is an amendment bill for EFTA currently pending, which includes the legal grounds and requirements for open banking.

Robo-advice

  1. Describe any specific regulation of robo-advisers or other companies that provide retail customers with automated access to investment products in your jurisdiction.

Under the FSCMA, robo-adviser services are treated as the provision of ‘investment advice’ subject to registration as an investment advisory service provider in principle.

In an exceptional case where another investment advisory service provider registered under the FSCMA commits to bear direct responsibilities against investors, a robo-adviser company is allowed to provide advisory services under entrustment by such investment advisory service provider without separate registration.

Insurance products

  1. Do fintech companies that sell or market insurance products in your jurisdiction need to be regulated?

Any person who wishes to sell insurance products is required to be registered as an insurance agent, insurance solicitor or insurance broker under the Insurance Business Act. Further, the sale of insurance products is governed by the FCPA.

Credit references

  1. Are there any restrictions on providing credit references or credit information services in your jurisdiction?

Under the Credit Information Use and Protection Act, any entity that wishes to provide credit reference or information to a third party shall obtain an appropriate license depending on the specifics of the entity’s business.

To obtain such license, applicants must satisfy complicated requirements. For example, in most cases, licenses are granted only to those entities whose 50 percent or greater ownership is held by financial institutions (e.g, banks or financial holding companies).

CROSS-BORDER REGULATION

Passporting

  1. Can regulated activities be passported into your jurisdiction?

The Financial Investment Services and Capital Markets Act. was amended in 2020 to implement the Asia Region Funds Passport (ARFP). Under the ARFP, foreign passport funds registered at another ARFP member state will be available for sale in South Korea through a simplified process.

Requirement for a local presence

  1. Can fintech companies obtain a license to provide financial services in your jurisdiction without establishing a local presence?

Generally speaking, it is difficult for offshore entities to obtain a license for financial services. However, there are exceptional cases where a local presence is not required.

For example, conducting a virtual asset-related business within South Korea requires a virtual asset service provider (VASP) registration, and this VASP registration may be filed without a local entity.

Foreign investment advisory business entities or foreign discretionary investment management business entities that provide relevant services via telecommunication may also obtain an appropriate license without a local presence.

SALES AND MARKETING

Restrictions

  1. What restrictions apply to the sales and marketing of financial services and products in your jurisdiction?

Financial products and services are generally regulated by the Financial Consumer Protection Act (FCPA).

In the past, sales and marketing activities used to be regulated by different laws (e.g, the Banking Act and the FCPA) according to the type of business for which the sales and marketing activities are conducted. However, taking effect on 25 March 2021, the FCPA provides a uniform regulatory framework for all financial products and services.

More specifically, the FCPA applies the ‘six major sales principles’ to all financial products, as listed below:

Sales principle

Details

Principle of suitability

Identify a customer’s information, and refrain from recommending inappropriate products

Principle of adequacy

Identify a customer’s information, and if a financial product is deemed inappropriate to the customer, inform the customer of such fact and then receive the customer’s confirmation of the inappropriateness

Duty to explain

Explain important matters concerning financial products to ordinary (non – professional) customers in an easily understandable manner

Prohibition of unfair practices

Refrain from performing any act infringing on a customer’s rights and interests by, e.g, coercing the customer to enter into an agreement for a financial product against the intent of such customer by abusing a superior position

Prohibition of misleading recommendations

Refrain from performing certain acts, such as providing assertive judgment on uncertain matters or falsely informing customers of the content of a financial product

Prohibition of false or exaggerated advertisements

Refrain from making false or exaggerated advertisements

In addition, the FCPA allows ordinary customers to revoke their subscription for a financial product (with the exception of savings) within a designated time period specified for each product type, without restrictions.

If a seller of a financial product has violated any of the said principles except for the prohibition on false or exaggerated advertisements, financial customers may unilaterally terminate the sales agreement for the financial product.

CRYPTOASSETS AND TOKENS

Distributed ledger technology

  1. Are there rules or regulations governing the use of distributed ledger technology or blockchains?

There are no laws or regulations specifically governing the use of blockchain for financial transactions.

However, certain restrictions may apply depending on the field of application of the distributed ledger technology or blockchains.

For example, the matters relating to the operation of computing systems by financial companies are prescribed in the Electronic Financial Transactions Act (EFTA) in great detail. Therefore, any system configuration, including the use of distributed ledger technology or blockchains is likely to be permitted only if it complies with EFTA.

Cryptoassets

  1. Are there rules or regulations governing the promotion or use of cryptoassets, including digital currencies, stablecoins, utility tokens and non-fungible tokens (NFTs)?

The regulations governing virtual assets or virtual asset service providers are prescribed in the Financial Transaction Reports Act (FTRA). Under the FTRA, virtual asset service providers, such as virtual asset exchanges and digital wallet service providers, shall register with the South Korea Financial Intelligence Unit.

The ‘virtual asset’ under the FTRA means ‘electronically tradable or transferable electronic tokens having an economic value’, and may capture stable coins, utility tokens, and NFTs if they are deemed to have a nature of securities or payment means. For NFTs, the regulators aim to promote their growth as digital assets, mainly within the framework of the regulation for virtual assets.

In addition, a bill on the Act on the Protection of Virtual Asset Investors is expected to be passed in the National Assembly soon. The bill focuses on the protection of virtual asset investors by:

  • introducing certain obligations of virtual asset service providers; and
  • prohibiting unfair practices related to cryptoasset transactions.

Token issuance

  1. Are there rules or regulations governing the issuance of tokens, including security token offerings (STOs), initial coin offerings (ICOs) and other token generation events?

There are no laws or regulations specifically governing the issuance of tokens in South Korea.

The South Korean government’s past position prohibited ICOs and there have been no ICOs taking place in South Korea.

In May 2022, the new administration announced its plan to permit ICOs in South Korea, with the details of the roadmap under development. Under the framework currently contemplated, the permission is likely to be granted in a limited scope for IEOs first and then gradually expanded to other types of ICOs.

In addition, in February 2023, the FSC introduced policies and guidelines on the issuance and circulation of security tokens to permit security token offerings. According to the policies and guidelines:

  • distributed ledger technology will be legally recognized as a method of registering official records of information regarding the occurrence, change and expiration or termination of rights pertaining to a security; and
  • a new license for an OTC trading platform for securities tokens (more specifically, investment contract securities and certificates on non-money trusts) will be introduced in due course.

ARTIFICIAL INTELLIGENCE

Artificial intelligence

  1. Are there rules or regulations governing the use of artificial intelligence, including in relation to robo-advice?

There are no laws or regulations specifically addressing the use of artificial intelligence (AI). However, the FSC released guidelines for the use and role of AI in the financial sector in July 2021 to vitalize the use of AI in the sector and enhance the credibility in respect of AI-based financial services.

According to the guidelines, any financial companies intending to apply AI to financial transactions and customer services are required to establish an AI code of ethics, organize a body capable of assessing and managing the potential risks of AI, and implement risk management policies.

In August 2022, the FSC announced an initiative to promote the use of AI and ensure its credibility. According to the initiative, the FSC will:

  • take measures to build an AI data library for the training of AI used in the financial sector;
  • build an AI testbed to support data and computing resources for the testing of AI; and
  • establish an AI-based credit evaluation model and a process for verifying the security of AI-based services.

In April 2023, as a follow-up measure for the plan announced in August 2022, the FSC introduced a verification system for an AI-driven credit scoring model and an AI security guideline.

In addition, an entity that provides robo-advice services shall comply with relevant regulations under the Financial Investment Services and Capital Markets Act.

CHANGE OF CONTROL

Notification and consent

  1. Describe any rules relating to notification or consent requirements if a regulated business changes control.

Generally, any person or entity intending to become the major shareholder of a financial company is required to obtain the Financial Services Commission’s prior approval in accordance with the Act on Corporate Governance of Financial Companies or other applicable laws.

However, certain entities, such as investment advisers and discretionary investment management service providers, do not require such prior approval for the change in control concerning their shareholders. For such companies, the change in their major shareholder can be made after the change takes place.

FINANCIAL CRIME

Anti-bribery and anti-money laundering procedures

  1. Are fintech companies required by law or regulation to have procedures to combat bribery or money laundering?

Anti-money laundering-related matters are mainly governed by the Financial Transaction Reports Act. It applies to not only traditional financial companies but also to electronic financial business operators and virtual assets service providers.

Anti-bribery matters are regulated under various statutes, including the Criminal Act (the main criminal code of South Korea) and the Anti-Graft Act. As such, all the companies (including fintech start-ups) operating their business in South Korea must comply with such laws.

Guidance

  1. Is there regulatory or industry anti-financial crime guidance for fintech companies?

There is no such anti-financial crime guidance for fintech companies in South Korea.

DATA PROTECTION AND CYBERSECURITY

Data protection

  1. What rules and regulations govern the processing and transfer (domestic and cross-border) of data relating to fintech products and services?

The Credit Information Use and Protection Act (the Credit Information Act) and its subordinate regulations apply to the processing and transfer of personal credit data by fintech companies. Concurrently, the Personal Information Protection Act (PIPA) and its subordinate regulations apply.

As a general rule, fintech companies can process and (or) transfer personal (credit) data to the minimum and necessary extent upon receiving consent from a user, unless otherwise specified in other laws and regulations such as PIPA, and in the course of such processing and transfer, fintech companies need to take technical and managerial protective measures and disclose matters relevant matters in their privacy policies.

However:

  • ‘pseudonymized data’, which makes it impossible to directly identify a data subject without using additional information can be processed without consent from the data subject, if the personal information of that data subject is collected for the purposes of preparing statistics, research or recordkeeping for public interest; and
  • ‘anonymized data’, in which personally identifiable information is removed from data sets, is not subject to the application of regulations pursuant to the Credit Information Act and PIPA.

With respect to the foregoing, in January 2022, the Financial Services Commission (FSC) released the guidelines to be used as a reference by fintech companies in pseudonymizing and anonymizing personal credit data.

In addition, the amended PIPA, to take effect on 15 September 2023, will substantially modify the current framework under PIPA on transfers of personal data overseas, adding several bases for transfers that would not require data subjects’ consent. Where the current PIPA allows data controllers to transfer personal data overseas with the opt-in consent of data subjects based on detailed disclosures, the amended PIPA permits overseas transfers, without the need of obtaining the data subjects’ consent, in any of the following situations:

  • the transfer is by way of entrustment and details (such as the description of data transferred, country, date and method of transfer, transferee name, purpose of transfer, retention period and methods, procedures and effects of refusal to transfer) are disclosed in the privacy policy;
  • the transferee has obtained an ISMS or other suitable type of certification as designated by the PIPC;
  • the transfer is to a country deemed by the PIPC to satisfy PIPA levels of data protection, including as to data subjects’ rights and remedy; or
  • there is a treaty or agreement between the governments of South Korea and the destination country that specifically addresses personal data transfers between them.

However, note that despite the amended PIPA, financial companies are still subject to localization regulations (prohibiting the cross-border transfer of certain information, including uniquely identifiable information).

Cybersecurity

  1. What cybersecurity regulations or standards apply to fintech businesses?

The IT Network Act requires online service providers to implement a set of technical and administrative measures to ensure information security. These measures include specific requirements on formulating and operating an information security body within the company, internally establishing and complying with information security and incident response plans, making necessary investments in information security, monitoring networks and servers, and controlling online and on-site facilities access. Because fintech businesses are online service providers, they should also implement such technical and administrative measures to ensure information security.

In addition, fintech businesses are required to implement specific security arrangements and (or) technological measures under PIPA and the Credit Information Act.

Under PIPA, fintech businesses as data controllers are required to implement security arrangements including:

  • to formulate and implement an internal management plan for the safe processing of personal data;
  • to control access to personal information and restrict the authority to access personal data (including password protection);
  • to adopt encryption technology to safely store and transmit personal data and other equivalent measures;
  • to retain login records to respond to incidents of infringement with respect to personal data and to take measures to prevent the forgery and falsification thereof;
  • to install and upgrade security computer programs to protect personal data; and
  • to take physical measures, such as a storage or locking system, to keep personal data safe.

The Credit Information Act requires similar or potentially even higher levels of security arrangements including encryption and password protection.

Further, fintech businesses that provide specific types of services (e.g, electronic fund transfer services, issuance and management of electronic debit payment and electronic prepayment and electronic payment settlement agency services) are subject to the application of the Electronic Financial Transactions Act and related requirements prescribed by the FSC with respect to:

  • workforce, organization and budget;
  • facilities such as buildings, equipment, computer room, et cetera;
  • information and technology such as terminals, electronic data, information processing systems and information and communications networks, et cetera; and
  • other matters necessary to secure the safety of electronic financial services to ensure safety and reliability for electronic financial transactions.

OUTSOURCING AND CLOUD COMPUTING

Outsourcing

  1. Are there legal requirements or regulatory guidance with respect to the outsourcing by a financial services company of a material aspect of its business?

Under the Regulations on Outsourcing of Business of Financial Institutions (Business Outsourcing Regulations), certain types of financial companies such as banks, insurance companies and credit card companies (collectively defined as ‘financial institutions’ for the purpose of this regulation), are permitted to outsource their business operations including data processing, except for instances:

  • where the work includes ‘essential elements’ of the financial institution’s business for which licensing is required (such ‘essential elements’ being exhaustively listed under the Business Outsourcing Regulations);
  • where the relevant laws and regulations require the work to be performed by such financial institution; or
  • where the outsourcing may significantly undermine the soundness or credibility of such financial institutions or cause extreme concerns of disorder in the financial system or damage to financial users.

Upon deciding to outsource work to a third party, these financial institutions must report this fact to the regulator at least seven business days before the outsourcing commences, unless exemptions under the Business Outsourcing Regulations apply.

Further, in the case of outsourcing data processing, specifically, the Regulations on Outsourcing of Data Processing of Financial Companies apply as special provisions over the Business Outsourcing Regulations. The Data Processing Outsourcing Regulations apply to ‘financial companies’ whose scope is more broadly defined than ‘financial institutions’ under the Business Outsourcing Regulations to include other types of financial service providers such as electronic financial businesses and financial product advisory companies. These financial companies are permitted to outsource their data processing, except for instances where:

  • relevant laws and regulations prescribe otherwise;
  • the financial company has received a warning or a regulatory sanction with respect to user information in the past three years; or
  • the outsourcing may significantly undermine the soundness or credibility of the financial company or cause extreme concerns of disorder in the financial system or damage to financial users.

In addition, financial companies may not outsource the processing of ‘uniquely identifiable information’ (namely, resident registration numbers, driver’s license numbers, passport numbers and alien registration numbers) to third parties located outside of South Korea. Upon deciding to outsource data processing to a third party, a financial company must report this fact to the regulator at least seven days before the outsourcing commences if the third party is a domestic company, or at least 30 days before the outsourcing commences if it is an offshore company.

Cloud computing

  1. Are there legal requirements or regulatory guidance with respect to the use of cloud computing in the financial services industry?

If a financial company processes a user’s unique identification information or personal credit information through cloud computing services, the financial company’s physical data processing system (namely, server) must be located in South Korea. However, if the financial company is a branch of a foreign financial company, such financial company may use a data processing system located outside of South Korea.

Additionally, financial companies are required to isolate and keep separate their internal work system connected to internal communication networks from external communication networks such as the internet or wireless network to prevent electronic intervention into their information processing system and information and communication network (the network separation rule). For financial companies using cloud computing services, it is necessary to have internal network separation functionality (e.g, virtual private cloud or virtual network) in place to allocate a private internet protocol address and establish a logical network that is separate and isolated from the external communication network. If financial companies intend to use public web servers, they must be established in an independent cloud network that is separate from a cloud network dedicated to an internal work system.

Other measures that financial companies are required to implement to use cloud computing services include:

  • to assess the soundness and stability of the information processing system based on internal criteria;
  • to assess the soundness and stability of the cloud computing service provider (CSP);
  • to establish and operate a work contingency plan and security-ensuring measures for the use of cloud computing services; and
  • make periodical reporting about the use of cloud computing services in use to the Financial Supervisory Service.

Regulations for using a cloud system are being eased due to the recent revisions of the Financial Supervisory Regulations (1 January 2023) and the guidelines for cloud computing services in the financial sector (2 February 2023). The number of CSP evaluation items was reduced from 141 to 54. CSP evaluation standards suitable for SaaS were established. Financial companies that desire to use cloud computing services are now required to make regulatory reporting about the use of cloud computing services after adopting them (previously, pre-adoption reporting was required). In addition, the financial authorities announced that they will adopt exceptions to the network separation rule for the use of SaaS-type software through the sandbox system if the cloud computing service is not related to financial transactions and does not deal with customer transaction information.

INTELLECTUAL PROPERTY RIGHTS

IP protection for software

  1. Which intellectual property rights are available to protect software, and how do you obtain those rights?

The source code of software is protected as copyrighted work under the Copyright Act if the creativity of expression is recognized and also as a trade secret under the Unfair Competition Prevention and Trade Secret Protection Act if it has been managed as a secret without being disclosed to the public and has an independent economic value. While registration is not necessary to have a copyright, without registration as copyright, it is not possible to assert copyright of a source code against a third party with regard to the transfer of the author’s property right associated with the source code.

Meanwhile, an invention of a computer program method or business method can be protected as a patented invention if information processing by software on the computer is specifically realized by using hardware (Supreme Court Decision 2007Hu256 rendered on 24 December 2008).

IP developed by employees and contractors

  1. Who owns new intellectual property developed by an employee during the course of employment? Do the same rules apply to new intellectual property developed by contractors or consultants?

Under the Copyright Act, the employer acquires copyright as an author of the work made for hire (namely, a work made by an employee within the scope of his or her work duties) if it is published under the name of the employer, unless otherwise provided in the contract or employment rules. However, in the case of a computer program developed by an employee, the employer becomes an author regardless of whether the computer program is published under the name of the employer.

Meanwhile, under the Invention Promotion Act, if an invention of an employee, executive of a corporation or a public official created with respect to his or her duties has a nature of belonging to the scope of work of the corporation, state or local government employing the inventor and the act that led to the creation of the invention belongs to the present or previous work duties of an inventor, the inventor would acquire a patent, model utility and design rights for the invention. However, the employer may succeed in the rights granted to the inventors by way of the contract or employment regulations as long as it pays fair compensation to the inventor.

Joint ownership

  1. Are there any restrictions on a joint owner of intellectual property’s right to use, license, charge or assign its right in intellectual property?

Except as otherwise agreed in writing, each joint owner of a patent may independently practice the patented invention without the consent of all other joint owners pursuant to the Patent Act. However, no joint owner may, without the consent of all other joint owners, assign his or her share of the patent or establish any pledge right over it, or grant a license of the patent to a third party. This rule applies the same to design rights and trademark rights. Similarly, with respect to copyrights, an author’s economic right to a joint work may not be licensed to a third party without the unanimous agreement of all the holders of the author’s economic right, and no holder of the author’s economic right shall be entitled to transfer by assignment or pledge his or her share of author’s economic right without the consent of the other authors.

Trade secrets

  1. How are trade secrets protected? Are trade secrets kept confidential during court proceedings?

For information to be protected as a trade secret, such information shall not be known publicly, have independent economic value and be managed as a secret.

The court may limit the access to parts of litigation records that contain secrets to the parties to protect trade secrets even during the course of litigation.

Branding

  1. What intellectual property rights are available to protect branding and how do you obtain those rights? How can fintech businesses ensure they do not infringe existing brands?

Branding can be protected under the Trademark Act. Trademark rights are established with registration with the South Korean Intellectual Property Office. A trademark holder holds the exclusive right to use his or her registered trademark in relation to designated goods.

The branding can also be protected without trademark registration if its emblem is widely known in South Korea. Therefore, if there is a branding intended to be used by fintech companies, they are advised to review whether the branding is identical or similar to another branding that is already a registered trademark in South Korea, or another person’s name, trade name, trademark, container or package of goods, or any other mark indicating another person’s goods or business, to the extent to cause confusion with another person’s goods, commercial facilities or activities.

Remedies for infringement of IP

  1. What remedies are available to individuals or companies whose intellectual property rights have been infringed?

The holder of the infringed intellectual property rights may seek compensatory damage and injunctive relief (such as destruction of infringing objects or removal of facilities provided for infringement) as well as criminal punishment by filing a criminal complaint against the infringer.

COMPETITION 

Sector-specific issues

  1. Are there any specific competition issues that exist with respect to fintech companies in your jurisdiction?

No. However, imposing less strict regulations on fintech companies compared to traditional financial institutions (e.g, banks) subject to relatively stringent regulations under the existing laws has sparked a controversy over reverse discrimination against financial institutions amid the growing market presence of fintech companies.

TAX

Incentives

  1. Are there any tax incentives available for fintech companies and investors to encourage innovation and investment in the fintech sector in your jurisdiction?

The South Korean government offers tax incentives for fintech companies and small- and medium-sized companies in South Korea. The tax incentives will apply to fintech businesses established in and after 2020.

In February 2020, the amended Enforcement Decree of the Special Tax Treatment Control Law included the following types of fintech companies as small- and medium-sized start-ups or venture companies entitled to receive 50 percent income tax and corporate income tax relief for up to five years:

  • electronic financial service providers under the Electronic Financial Transaction Act;
  • online small-sized investment brokers under the Financial Investment Services and Capital Markets Act; and
  • small-amount overseas remittance service providers under the Enforcement Decree of the Foreign Exchange Transactions Act.

Small- and medium-sized companies established in certain designated areas in South Korea, which are typically not located in highly populated cities, can receive a 50 percent corporate income tax relief for up to five years on their business income.

Companies identified as ‘venture businesses’ by the South Korean government, which many fintech companies may qualify to be, may receive a 50 percent corporate income tax relief for up to five years on their business income even if they are located in highly populated cities in South Korea.

Research and development (R&D) tax credits may also be available for specified R&D costs (including labor costs and material costs) that satisfy certain legal requirements, which may be relevant to fintech companies or small- and medium-sized companies with R&D activities.

Increased tax burden

  1. Are there any new or proposed tax laws or guidance that could significantly increase tax or administrative costs for fintech companies in your jurisdiction?

There are no recent tax law changes that could increase the tax burden on companies in the fintech industry.

IMMIGRATION

Sector-specific schemes

  1. What immigration schemes are available for fintech businesses to recruit skilled staff from abroad? Are there any special regimes specific to the technology or financial sectors?

The Ministry of Justice has improved the system by establishing a new visa type to address labor shortages in high-tech industries.

Previously, foreign specialty worker visas were issued for only 93 occupations, but to proactively address new industries and occupations, a negative type of visa (E-7-S) was created, which may be issued to all high-tech professionals and high-income earners other than those that engage in designated industries relating to which issuance of the E-7-S visa is prohibited.

The E-7-S visa may be issued to:

  • prospective workers in high-tech industries who meet certain score requirements; and
  • high-income earners (GNI per capita of more than three times the previous year’s GNI).

Regarding (1), the list of high-tech industries is determined and announced by the government and currently includes technology fields such as smart services, basic software computing, convergence software, and embedded software.

In addition, the number of skilled worker visas to be issued annually to alleviate labor shortages in the industry has been expanded, the requirements for specialized worker visas (E-7) have been relaxed, and the wage threshold for issuing visas to foreigners employed by small and medium-sized enterprises, ventures and non-metropolitan areas has also been relaxed.

There are also discussions about establishing an immigration agency that serves as a control tower to lead immigration policy work that is spread across various ministries to expand the economically active population.

UPDATE AND TRENDS IN FINTECH IN SOUTH KOREA

Current developments

  1. Are there any other current developments or emerging trends to note?

The proposed amendment to Electronic Financial Transactions Act (EFTA) passed the plenary meeting of the National Policy Committee of the National Assembly on 11 May 2023.

The proposal was brought to the table after the Merger Point incident of August 2021 and the increasing use of electronic payment means make it necessary to provide greater protection to the users of electronic prepayment means offered by Prepayment Service Providers. The proposal, among others, aims to expand the scope of electronic prepayment means (by abolishing the requirement that the scope of goods or services that can be purchased by ‘two or more industries’) and reduce the exemption from the registration requirement. It should be noted that a person who becomes subject to the registration due to the enforcement of the proposed amendments shall register within six months from the enforcement date (namely, one year after the promulgation).

Other key points of the proposal are as follows:

  • to introduce rules of conduct to be complied with by any person who has its business registered to issue and manage electronic prepayment means (Prepayment Service Provider);
  • to expand the scope of electronic prepayment means and strengthen the requirements for registration exemption;
  • to manage prepaid charge amounts separately in a safe manner through the use of trust accounts or deposit accounts; and
  • to designate a buy now, pay later (BNPL) service as a concurrent business under EFTA, instead of allowing an exception through the regulatory sandbox.

Further, the proposed amendments will impose restrictions on discount issuance creating refund obligations for refunds, businesses should prepare to take measures for compliance with the regulations, such as preparation of internal control standards and amendment of their service terms.

Last, BNPL service providers will need to obtain service approval from the FSC. Also, since most of the details regarding the provision of the BNPL service to users, such as its scope, usage limit, total credit limit, management soundness control, credit information management, debt collection management plan and user protection plan, will be later set forth through the revised EFTA enforcement decree.

* The information in this chapter was accurate as of June 2023.

If you need more consulting, please Contact Us at TNHH NT International Law Firm (ntpartnerlawfirm.com)

You can also download the .docx version here.

Rate this post

“The article’s content refers to the regulations that were applicable at the time of its creation and is intended solely for reference purposes. To obtain accurate information, it is advisable to seek the guidance of a consulting lawyer.”

NT INTERNATIONAL LAW FIRM