Law Viewer

Back Home

ENFORCEMENT DECREE OF THE ELECTRONIC FINANCIAL TRANSACTIONS ACT

Presidential Decree No. 19783, Dec. 29, 2006

Amended by Presidential Decree No. 19958, Mar. 27, 2007

Presidential Decree No. 20112, jun. 28, 2007

Presidential Decree No. 20653, Feb. 29, 2008

Presidential Decree No. 20913, Jul. 9, 2008

Presidential Decree No. 20947, Jul. 29, 2008

Presidential Decree No. 21404, Mar. 31, 2009

Presidential Decree No. 21518, May 29, 2009

Presidential Decree No. 21590, jun. 30, 2009

Presidential Decree No. 21765, Oct. 1, 2009

Presidential Decree No. 22151, May 4, 2010

Presidential Decree No. 22467, Nov. 2, 2010

Presidential Decree No. 23488, Jan. 6, 2012

Presidential Decree No. 23776, May 7, 2012

Presidential Decree No. 24076, Aug. 31, 2012

Presidential Decree No. 24638, jun. 28, 2013

Presidential Decree No. 24880, Nov. 22, 2013

Presidential Decree No. 25279, Mar. 24, 2014

Presidential Decree No. 25532, Aug. 6, 2014

Presidential Decree No. 25840, Dec. 9, 2014

Presidential Decree No. 25945, Dec. 30, 2014

Presidential Decree No. 26199, Apr. 14, 2015

Presidential Decree No. 26817, Dec. 30, 2015

Presidential Decree No. 27205, May 31, 2016

Presidential Decree No. 27292, jun. 28, 2016

Presidential Decree No. 28218, Jul. 26, 2017

Presidential Decree No. 28238, Sep. 5, 2017

Presidential Decree No. 28388, Oct. 17, 2017

 Article 1 (Purpose)
The purpose of this Decree is to provide for matters delegated by the Electronic Financial Transactions Act and necessary matters concerning the enforcement thereof.
 Article 2 (Scope of Financial Companies)
"A person prescribed by Presidential Decree" under subparagraph 3 (e) of Article 2 of the Electronic Financial Transactions Act (hereinafter referred to as the "Act") means any of the following: <Amended by Presidential Decree No. 20947, Jul. 29, 2008; Presidential Decree No. 21518, May 29, 2009; Presidential Decree No. 21765, Oct. 1, 2009; Presidential Decree No. 24880, Nov. 22, 2013; Presidential Decree No. 27205, May 31, 2016>
1. Korea Development Bank under the Korea Development Bank Act;
1-2. Deleted; <Presidential Decree No.25945, Dec. 30, 2014>
2. Industrial Bank of Korea under the Industrial Bank of Korea Act;
3. Export-Import Bank of Korea under the Export-Import Bank of Korea Act;
4. Cooperatives under the Forestry Cooperatives Act and the credit business division of the federation of Forestry Cooperatives;
5. Cooperatives under the Agricultural Cooperatives Act;
6. Cooperatives under the Fisheries Cooperatives Act;
8. Korea Securities Depository under the Financial Investment Services and Capital Markets Act;
10. Insurance association and insurance premium rate calculation institution under the Insurance Business Act;
12. Korea Financial Investment Association under the Financial Investment Services and Capital Markets Act;
13. Deleted; <by Presidential Decree No. 20947, Jul. 29, 2008>
14. Credit information companies and comprehensive credit information collection agencies under the Credit Information Use and Protection Act;
16. Korea Housing Finance Corporation under the Korea Housing Finance Corporation Act;
17. Credit Guarantee Fund under the Credit Guarantee Fund Act;
18. Korea Technology Finance Corporation under the Korea Technology Finance Corporation Act.
 Article 3 (Requirements for Electronic Prepayment Means)
"Specially related persons prescribed by Presidential Decree" referred to in subparagraph 14 (a) of Article 2 of the Act means persons in a relationship falling under any of the following subparagraphs with the issuer:
1. A parent company or subsidiary company under Article 342-2 of the Commercial Act;
2. A holding company or subsidiary under subparagraph 1-2 or 1-3 of Article 2 of the Monopoly Regulation and Fair Trade Act;
3. A financial holding company under subparagraph 1 of paragraph (1) of Article 2 and subsidiary under subparagraph 2 of the same paragraph of the Financial Holding Companies Act.
 Article 4 (Requirements for Wide Use of Electronic Currency)
(1) "Areas and chain stores which meet the standards prescribed by Presidential Decree" in subparagraph 15 (a) of Article 2 of the Act means two or more metropolitan local governments (referring to the local governments under Article 2 (1) 1 of the Local Autonomy Act; hereinafter the same shall apply) and 500 or more chain stores.
(2) "Number of business categories prescribed by Presidential Decree" in subparagraph 15 (c) of Article 2 of the Act means five business categories.
 Article 5 (Exception to Scope of Application)
(1) "Electronic financial transactions prescribed by Presidential Decree" under the proviso to Article 3 (1) of the Act means any of the following cases:
1. Electronic financial transactions using the payment gateway system under subparagraph 6 of Article 2 of the Act;
2. Electronic financial transactions using the payment settlement system operated by the Bank of Korea under Article 81 (1) of the Bank of Korea Act.
(2) "Financial companies prescribed by Presidential Decree" in Article 3 (3) of the Act, with the exception of its subparagraphs, means any of the following financial companies that does not engage in electronic financial transactions under subparagraph 1 of Article 2 of the Act: <Newly Inserted by Presidential Decree No. 24880, Nov. 22, 2013>
1. Financial companies under subparagraph 3 (a) through (d) of Article 2 of the Act;
2. Financial companies under subparagraphs 4 through 6 of Article 2;
3. Credit information company under subparagraph 14 of Article 2.
 Article 6 (Renewal or Replacement of Means of Access)
Where a financial company or an electronic financial business entity falls under any of the following cases under the proviso to Article 6 (2) of the Act, with the exception of its subparagraphs, or under subparagraph 2 of the same paragraph, it or he/she may renew or replace a means of access even without the user's application or verification of his/her identity: <Amended by Presidential Decree No. 24880, Nov. 22, 2013>
1. Where the user's written consent [including consent obtained in the form of electronic documents bearing a certified digital signature under subparagraph 3 of Article 2 of the Digital Signature Act (hereinafter referred to as a "certified digital signature")] is obtained with respect to the renewal or replacement of a means of access that has not been used within six months before the expected date of renewal or replacement;
2. Where the user is informed at least one month before the expected date of the proposed replacement of a means of access that has been used within six months before the expected date of renewal or replacement and no objection is raised by the user within 20 days therefrom.
 Article 6-2 (Procedures for Raising Objection)
(1) Where a person to whom the provision of telecommunications services were suspended following a request made pursuant to Article 6-2 (1) of the Act intends to raise an objection, he/she shall submit to the institution that requested suspension of provision of telecommunications services pursuant to paragraph (1) of the same Article (hereafter referred to as “institution requesting suspension of provision” in this Article), within 30 days from the date of suspension of provision of telecommunications services, documents stating the following:
1. Title or name, address, and contact information of a person raising an objection;
2. Grounds for raising an objection;
3. Date of suspension of provision of telecommunications services.
(2) The institution requesting suspension of provision shall make a decision on the raised objection within 15 days from the date of receiving the objection, and inform the person who raised an objection of the result therof in writing: Provided, That where the decision cannot be made during the period due to any inevitable reason, the institution may extend the period by up to 15 days, and shall inform the person who raised an objection of the grounds for and period of extension.
(3) Where the documents submitted pursuant to paragraph (1) has any defect or further facts need to be verified, the institution requesting suspension of provision may request supplementation. In such cases, the period of supplementation shall not be included in the period referred to in the main sentence of paragraph (2).
(4) Where the institution requesting suspension of provision deems the objection raised under Article 6-2 (2) of the Act reasonable, it shall request, without delay, cancellation of suspension of provision of telecommunications services to the Minister of Science and ICT. <Amended by Act No. 28218, Jul. 26, 2017>
[This Article Newly Inserted by Presidential Decree No. 27292, Jun. 28, 2016]
 Article 7 (Confirmation, etc. of Transaction Details)
(1) Where a financial company or an electronic financial business entity enables any user to confirm transaction details through electronic apparatus under Article 7 (1) of the Act, if it or he/she prevents any user from confirming transaction details due to the operational failure of the electronic apparatus or other causes, it shall immediately notify the user of such fact through the Internet, etc. and enable the user to confirm transaction details from the date when such cause ceases to exist. <Amended by Presidential Decree No. 24880, Nov. 22, 2013>
(2) Upon receiving a user’s request for the issuance of transaction details in writing (excluding any electronic document; hereinafter the same shall apply) under Article 7 (2) of the Act, if an financial company or an electronic financial business entity is unable to provide such transaction details due to the operational failure of electronic apparatus or other causes, it or he/she shall immediately notify the user thereof. In such case, in calculating the period for the delivery of transaction details in writing under Article 7 (2) of the Act, the period during which the transaction details cannot be provided due to the operational failure of the electronic apparatus or other causes shall not be counted. <Amended by Presidential Decree No. 24880, Nov. 22, 2013>
(3) The coverage period for the transaction details under Article 7 (3) of the Act shall be the period for which the electronic financial transaction records are preserved under each subparagraph of Article 12 (1). <Amended by Presidential Decree No. 26199, Apr. 14, 2015>
(4) The types (excluding inquiry transactions; hereafter the same shall apply in this Article) and scope of the transaction details under Article 7 (3) of the Act shall be as follows: <Amended by Presidential Decree No. 20653, Feb. 29, 2008; Presidential Decree No. 24880, Nov. 22, 2013>
1. The type (in cases of insurance policy contracts, referring to the type of insurance contract) and amount of an electronic financial transaction and information on the other party to an electronic financial transaction;
2. The date and time of an electronic financial transaction, and types of the electronic apparatus, and the information to help identify the type of electronic apparatus;
3. Where an electronic financial transaction is made through a bank account, the title or number of the account (in cases of insurance contracts, referring to the insurance policy number);
4. Fees received by a financial company or an electronic financial business entity in exchange for an electronic financial transaction;
5. Matters concerning the consent of a payer to withdrawal under Article 15 (1) of the Act;
6. Other matters necessary for the confirmation of the user's electronic financial transaction details, which are determined and publicly announced by the Financial Services Commission.
(5) With respect to the provision of transaction details in writing under Article 7 (2) of the Act, a financial company or an electronic financial business entity shall prescribe the methods and procedures for making such a request, the address and telephone number of reception counter (including electronic mailing address), etc. in the standardized contract relating to an electronic financial transaction (hereinafter referred to as a "standardized contract"). <Amended by Presidential Decree No. 24880, Nov. 22, 2013>
 Article 7-2 (Method of Notifying Correction of Errors)
"Methods prescribed by Presidential Decree" in Article 8 (2) and (3) of the Act means a written notice or a notice given by phone or email: Provided, That the notice shall be given in writing, if a user requests a written notice. <Amended by Presidential Decree No. 24880, Nov. 22, 2013>
[This Article Newly Inserted by Presidential Decree No. 21404, Mar. 31, 2009]
 Article 8 (Scope of Intention or Gross Negligence)
The scope of intention or gross negligence under Article 9 (3) of the Act means any of the following cases: <Amended by Presidential Decree No. 24880, Nov. 22, 2013>
1. Where the user has rented a means of access or delegated the use thereof to a third person, or has offered the means of access as an object of transfer or security (excluding cases where an electronic prepayment means or electronic currency is transferred or offered as security under Article 18 of the Act);
2. Where a means of access is divulged or exposed, or left neglected despite knowing or being able to easily access the information that a third person is able to make an electronic financial transaction using the user’s means of access without authorization;
3. Where an incident under Article 9 (1) 3 of the Act occurs because the user refuses, without any good cause, to take additional security measures which, in addition to the confirmation under Article 6 (1) of the Act, a financial company or an electronic financial business entity requests to enhance security in electronic financial transactions;
4. Where an accident under Article 9 (1) 3 of the Act occurs because the user performs any of the following acts with regard to the medium, means, or information used for additional security measures referred to in subparagraph 3:
(a) Divulging, exposing, or leaving it neglected;
(b) Renting it or delegating the use thereof to a third person, or offering it as an object of transfer or security.
 Article 9 (Liability for Loss or Theft of Electronic Prepayment Means or Electronic Currency)
"Cases prescribed by Presidential Decree" in the proviso to Article 10 (1) of the Act means a case where a prior agreement has been reached between a financial company or an electronic financial business entity and users, which stipulates that liability for any loss of the amount saved before a notification of the loss or theft of an electronic prepayment means or electronic currency is given may be borne by the user. <Amended by Presidential Decree No. 24880, Nov. 22, 2013>
 Article 9-2 (Delay of Time when Payment of Electronic Funds Transfer Takes Effect)
(1) “Financial companies or electronic financial business entities prescribed by Presidential Decree” in Article 13 (2) of the Act refers to financial companies or electronic financial business entities which, in accordance with Article 28 (2) of the Act, provide electronic fund transfer services under Article 28 (2) 1 of the Act.
(2) Financial companies or electronic financial business entities under paragraph (1) shall ensure that users who desire to have the payment of electronic funds transfer take effect (hereafter referred to as “delay transfer” in this paragraph) after a certain time has elapsed since they made a transaction request in accordance with Article 13 (2) of the Act can make a transaction request allowing a delay transfer, by computer, telephone, and other electronic means determined and publicly announced by the Financial Services Commission.
[This Article Newly Inserted by Presidential Decree No. 26199, Apr. 14, 2015]
 Article 10 (Method of Consent to Withdrawal of Deposits)
Methods to obtain the consent of a payer to the withdrawal of a deposit under Article 15 (1) of the Act shall be as follows: <Amended by Presidential Decree No. 20913, Jul. 9, 2008; Presidential Decree No. 23776, May 7, 2012; Presidential Decree No. 24880, Nov. 22, 2013>
1. The method by which a financial company or an electronic financial business entity obtains the consent of a payer to the withdrawal of a deposit using the methods determined by the Financial Services Commission, such as writing (including the electronic documents determined and publicly announced by the Financial Services Commission; hereafter the same shall apply in this Article) or tape recording;
2. The method by which a payee obtains the consent of a payer to the withdrawal of a deposit using the methods determined by the Financial Services Commission, such as writing or tape recording, and delivers it to a financial company or an electronic financial business entity (including transmitting the details of the consent to the withdrawal of a deposit by electronic means).
 Article 11 (Method of Issuance and Exchange of Electronic Currency)
(1) "Amount prescribed by Presidential Decree" in the proviso to Article 16 (1) of the Act means 50,000 won.
(2) Where the electronic currency issuer issues or exchanges electronic currency with cash or deposits under Article 16 (1), (2), and (4) of the Act, it shall do so by passing through the central computer system of the electronic currency issuer, and record and manage following matters: Provided, That in cases of electronic currency under the proviso to Article 16 (1) of the Act, it may not pass through the central computer system of the electronic currency issuer and may not record and mange matters under subparagraph 2:
1. Date and time, and amount of issuance or exchange of electronic currency;
2. Applicant for the issuance or exchange of electronic currency;
3. Identification number of the means of access of electronic currency;
4. Other matters concerning the issuance or exchange of electronic currency.
(3) The electronic currency issuer shall, upon the request from an electronic currency holder to exchange electronic currency with cash or deposits, comply with such request for exchange in every place where it is issued: Provided, That in cases of electronic currency under the proviso to Article 16 (1) of the Act, if the electronic currency issuer has determined a separate place of exchange and notified the user thereof within the scope not to impair the convenience of exchange, the electronic currency issuer may comply with such request for exchange only at such place.
(4) The electronic currency issuer shall, when an electronic currency holder demands an exchange, immediately pay the whole amount demanded for exchange in cash or pay it to the bank account of the electronic currency holder: Provided, That if the electronic currency issuer is unable to confirm the amount demanded for exchange due to damage, etc. to electronic currency, the electronic currency issuer shall pay such amount immediately after confirming the request for payment of price by the chain store of the relevant electronic currency and details of settlement, etc. resulting therefrom within 15 days from the date when the exchange is demanded.
 Article 11-2 (Financial Companies, etc. Required to Establish Plans for Information Technology Sector)
(1) "Financial companies and electronic financial business entities prescribed by Presidential Decree" under Article 21 (4) of the Act means any of the following:
1. Financial companies under subparagraph 3 (a), (b) and (e) of Article 2 of the Act;
2. Electronic financial business entities.
(2) A plan for the information technology sector under Article 21 (4) of the Act shall include the following:
1. Implementation goals and strategies for the information technology sector;
2. Performance of the information technology sector in the immediately preceding business year and implementation plans for the relevant business year;
3. The current state of operation, including organization of the information technology sector;
4. Budgets in the information technology sector for the immediately preceding business year and the relevant business year;
5. Other matters determined and publicly announced by the Financial Services Commission which are necessary for the information technology sector to ensure safe electronic financial transactions.
(3) The plan for the information technology sector under Article 21 (4) of the Act shall be submitted to the Financial Services Commission within three months from the first day of each business year.
(4) Details of the matters to be included in the plan for the information technology sector pursuant to paragraph (2) or necessary matters concerning the method of submission, etc. shall be determined and publicly announced by the Financial Services Commission.
[This Article Newly Inserted by Presidential Decree No. 24880, Nov. 22, 2013]
 Article 11-3 (Financial Companies, etc. Required to Designate Chief Information Security Officers)
(1) "Financial company or electronic financial business entity prescribed by Presidential Decree" in Article 21-2 (2) of the Act means any financial company or electronic financial business entity that employs at least 300 full-time employees, with a total assets of at least two trillion won as of the last day of the immediately preceding business year. In such cases, the method of calculating the number of full-time employees shall be determined and publicly announced by the Financial Services Commission. <Amended by Presidential Decree No. 24880, Nov. 22, 2013>
(2) “Financial companies or electronic financial business entities prescribed by Presidential Decree” in Article 21-2 (3) means any financial company that employs at least 1,000 full-time employees, with a total assets of at least ten trillion won. In this case, the latter part of paragraph (1) shall apply mutatis mutandis to the method for calculating the number of full-time employees. <Newly Inserted by Presidential Decree No. 26199, Apr. 14, 2015>
(3) "Matters prescribed by Presidential Decree" under Article 21-2 (4) 5 of the Act means the following matters: <Newly Inserted by Presidential Decree No. 24880, Nov. 22, 2013; Presidential Decree No. 26199, Apr. 14, 2015>
1. Matters concerning internal deliberation for security of electronic financial business and the information technology sector on which such business is based;
2. Matters concerning education of executive officers and employees on security of the information technology sector.
(4) Qualifications for a chief information security officer prescribed in Article 21-2 (5) of the Act are as specified in attached Table 1. <Amended by Presidential Decree No. 26199, Apr. 14, 2015>
[This Article Newly Inserted by Presidential Decree No. 23776, May 7, 2012]
 Article 11-4 (Details of Analysis and Assessment of Vulnerability of Electronic Financial Infrastructure)
"Matters prescribed by Presidential Decree" in Article 21-3 (1) 4 of the Act means either of the following matters:
1. Matters concerning the data processing system, etc. of subsidiary electronic financial business entities linked to the information technology sector;
2. Other matters necessary for securing stability and reliability of electronic financial transactions, which are determined and publicly announced by the Financial Services Commission.
[This Article Newly Inserted by Presidential Decree No. 24880, Nov. 22, 2013]
 Article 11-5 (Procedure, Method, etc. for Analysis and Assessment of Vulnerability of Electronic Financial Infrastructure)
(1) Where a financial company or an electronic financial business entity intends to analyze or assess the vulnerability of electronic financial infrastructure pursuant to Article 21-3 (1) of the Act, it or he/she shall do so by organizing an internal team or by entrusting such duties to an external institution with expertise. In such cases, the standards for organizing the internal team and for the external institution to which such duties may be entrusted shall be determined and publicly announced by the Financial Services Commission.
(2) The analysis and assessment of the vulnerability of electronic financial infrastructure under Article 21-3 (1) of the Act shall be conducted at least once each business year: Provided, That the analysis and assessment of vulnerability shall be conducted without delay in any of the following cases:
1. Where an infringement incident under Article 21-5 (1) of the Act occurs, requiring urgent measures to be taken in order to prevent any damage therefrom and the spread of the damage;
2. Where information technology-related affairs, such as the establishment of a data processing system and Internet site, have been carried out, or where the functions of information technology have been improved or modified.
(3) Where a financial company or an electronic financial business entity has analyzed and assessed the vulnerability of electronic financial infrastructure pursuant to Article 21-3 (1) of the Act, it or he/she shall submit to the Financial Services Commission a report on results thereof containing the following matters and an implementation plan for complementary measures within 30 days after the analysis and assessment of vulnerability are completed:
1. Overview of the analysis and assessment of vulnerability, such as grounds therefor, targets and periods thereof;
2. Detailed methods for conducting the analysis and assessment of vulnerability;
3. Results of the analysis and assessment of vulnerability;
4. Implementation plans for necessary complementary measures following the results of the analysis and assessment of vulnerability;
5. Other matters necessary for securing propriety of analysis and assessment of vulnerability, which are determined and publicly announced by the Financial Services Commission.
(4) Notwithstanding paragraphs (1) through (3), the Financial Services Commission may determine and publicly announce applicable standards established after relaxing the following matters, for financial companies and electronic financial business entities failing to satisfy the standards determined and publicly announced by the Financial Services Commission, taking into account the frequency of electronic financial transactions, the total assets, the number of full-time employees, etc.:
1. Methods of analysis and assessment of vulnerability under paragraph (1);
2. The cycle of analysis and assessment of vulnerability under the main body of paragraph (2), with the exception of its subparagraph;
3. The deadline for submission of a report on the results of analysis and assessment and an implementation plan for complementary measures under paragraph (3) and matters to be included when they are submitted.
[This Article Newly Inserted by Presidential Decree No. 24880, Nov. 22, 2013]
 Article 11-6 (Duties, etc. of Financial Services Commission for Response to Infringement Incidents)
(1) "Matters prescribed by Presidential Decree" in Article 21-6 (1) 4 of the Act means any of the following:
1. Matters concerning the operation of a headquarter for countermeasures against infringement incidents that controls and manages responses to infringement incidents and the designation of an institution for responding to infringement incidents to urgently cope therewith;
2. Matters concerning the establishment of contingency plans, training, etc. to cope with infringement incidents;
3. Investigation of infringement incidents and matters concerning requests for the provision, etc. of information on a relevant financial company, electronic financial business entity, subsidiary electronic financial business entity, etc.;
4. Matters concerning notification, etc. of security vulnerability to a person that has manufactured infringement incident-related software used by financial companies or electronic financial business entities, and to relevant administrative agencies, etc.
(2) Where necessary to carry out duties referred to in Article 21-6 (1) of the Act, the Financial Services Commission may request the cooperation of relevant administrative agencies, etc., such as the provision of relevant information.
[This Article Newly Inserted by Presidential Decree No. 24880, Nov. 22, 2013]
 Article 12 (Preservation Period and Method, Destruction Procedure and Method, etc. of Electronic Financial Transaction Records)
(1) The preservation period of electronic financial transaction records by type under Article 22 (1) and (3) of the Act shall be as follows: <Amended by Presidential Decree No. 20653, Feb. 29, 2008; Presidential Decree No. 26199, Apr. 14, 2015>
1. The electronic financial transaction records in each of the following shall be preserved for five years:
(a) Matters under Article 7 (4) 1 through 5;
(b) Connection records of electronic apparatus related to the relevant electronic financial transaction;
(c) Matters concerning the request for and changes in the conditions of an electronic financial transaction;
(d) Records of electronic financial transactions the transaction amount of which per case exceeds 10,000 won;
2. The electronic financial transaction records in each of the following shall be preserved for one year:
(a) Records of electronic financial transactions the transaction amount of which per case is 10,000 won or less;
(b) Records of the approval for transactions related to the use of an electronic payment means;
(c) Other electronic financial transaction records determined and publicly announced by the Financial Services Commission.
(2) The period for which a subsidiary electronic financial business entity that creates and preserves the same electronic financial transaction records as those of a financial company or an electronic financial business entity is required to preserve electronic financial transaction records referred to in each item of paragraph (1) 1 shall be three years, notwithstanding the same subparagraph. <Amended by Presidential Decree No. 24880, Nov. 22, 2013; Presidential Decree No. 26199, Apr. 14, 2015>
(3) A financial company, an electronic financial business entity, and a subsidiary electronic financial business entity (hereinafter referred to as "financial company, etc.") shall preserve the electronic financial transaction records under paragraphs (1) and (2) in the form of documents, microfilms, disks or magnetic tapes and other electronic data processing medium. <Amended by Presidential Decree No. 24880, Nov. 22, 2013; Presidential Decree No. 26199, Apr. 14, 2015>
(4) Where a financial company, etc. preserves electronic financial transaction records in the form of disks, magnetic tapes and other electronic data processing medium under paragraph (3), it shall satisfy all the requirements referred to in each subparagraph of Article 5 (1) of the Framework Act on Electronic Documents and Transactions. <Amended by Presidential Decree No. 24076, Aug. 31, 2012; Presidential Decree No. 24880, Nov. 22, 2013; Presidential Decree No. 26199, Apr. 14, 2015>
(5) Where a financial company, etc. destroys electronic financial transaction records in accordance with Article 22 (2), Article 16 of the Enforcement Decree of the Personal Information Protection Act shall apply mutatis mutandis to the procedures and methods of such destruction. <Newly Inserted by Presidential Decree No. 26199, Apr. 14, 2015>
(6) The date when a commercial transaction relation is terminated under Article 22 (3) shall be determined on the basis of the date when the commercial transaction relations between a financial company, etc. and the other party to a transaction is terminated in accordance with any relevant Act and subordinate statute, contractual terms and conditions or mutual agreement, due to the extinguishment of claims which results from the expiration of a contact, the exercise of a termination right, a rescission right or a cancellation right, the completion of extinctive prescription, or the repayment of claims, or due to any other cause. <Newly Inserted by Presidential Decree No. 26199, Apr. 14, 2015>
 Article 13 (Limit, etc. on Use)
(1) The upper limit of the face value of issued electronic currency and electronic prepayment means under Article 23 (1) 1 of the Act shall be two million won and 500,000 won, respectively: Provided, That the upper limit of the face value of electronic prepayment means issued in real name under subparagraph 4 of Article 2 of the Act on Real Name Financial Transactions and Confidentiality shall be two million won. <Amended by Presidential Decree No. 20913, Jul. 9, 2008; Presidential Decree No. 24880, Nov. 22, 2013>
(2) The limit of use of electronic funds transfer under Article 23 (1) 2 of the Act shall be determined and publicly announced by the Financial Services Commission: Provided, That where a separate contract has been concluded between a financial company or an electronic financial business entity and a user, such limit may be determined otherwise. <Amended by Presidential Decree No. 20653, Feb. 29, 2008; Presidential Decree No. 20913, Jul. 9, 2008; Presidential Decree No. 24880, Nov. 22, 2013>
(3) The limit of use of electronic debit payment means under Article 23 (1) 3 of the Act not exceeding 100 million won shall be determined and publicly announced by the Financial Services Commission: Provided, That where a separate contract has been concluded between a financial company or an electronic financial business entity and a user, such limit may be determined otherwise. <Amended by Presidential Decree No. 20653, Feb. 29, 2008; Presidential Decree No. 20913, Jul. 9, 2008; Presidential Decree No. 24880, Nov. 22, 2013>
(4) The upper limit of cash withdrawal from electronic apparatus under Article 23 (2) of the Act not exceeding ten million won shall be determined and publicly announced by the Financial Services Commission : Provided, That such limit may be determined otherwise, if a separate contract has been concluded between a financial company or an electronic financial business entity and a user. <Newly Inserted by Presidential Decree No. 24880, Nov. 22, 2013>
(5) Detailed matters on the limit of use under the main bodies of paragraphs (2) and (3) and the upper limit under the main sentence of paragraph (4) shall be determined and publicly announced by the Financial Services Commission, with regard for the method, frequency, period, etc. of electronic funds transfer. <Amended by Presidential Decree No. 20653, Feb. 29, 2008; Presidential Decree No. 20913, Jul. 9, 2008; Presidential Decree No. 24880, Nov. 22, 2013>
 Article 14 (Procedures, etc. for Applying for Settlement and Mediation of Disputes)
(1) Any financial company or electronic financial business entity shall designate a person in charge of the settlement of disputes and its or his/her subordinate for the purpose of settling disputes, such as compensation for damage, under Article 27 (1) of the Act, and notify any user of their contact details (referring to telephone number, facsimile telegraphy number, electronic mailing address, etc.) through the Internet, etc. <Amended by Presidential Decree No. 24880, Nov. 22, 2013>
(2) Where a user demands the settlement of a dispute, such as compensation for damage, under Article 27 (2) of the Act, he/she may file an application for the settlement of a dispute with the main office or business office of a financial company or an electronic financial business entity in writing (including any electronic document) or by using electronic apparatus. In such cases, such financial company or electronic financial business entity shall inform the user of the results of investigation or settlement of disputes, such as compensation for damage, within 15 days after the application is filed. <Amended by Presidential Decree No. 24880, Nov. 22, 2013>
(3) Any user may, in accordance with Article 27 (2) of the Act, apply for dispute resolution to the Financial Disputes Mediation Committee of the Financial Supervisory Service established under the Act on the Establishment, etc. of Financial Services Commission or Consumers Dispute Settlement Commission of the Korea Consumer Agency established under the Framework Act on Consumers. <Amended by Presidential Decree No. 19958, Mar. 27, 2007; Presidential Decree No. 20653, Feb. 29, 2008>
 Article 15 (Exemption, etc. from Permission or Registration)
(1) "Financial companies prescribed by Presidential Decree" in the proviso to Article 28 (1) of the Act means any of the following financial companies: <Amended by Presidential Decree No. 20653, Feb. 29, 2008; Presidential Decree No. 21518, May 29, 2009; Presidential Decree No. 24880, Nov. 22, 2013>
1. A financial company under subparagraph 3 (c) and (d) of Article 2 of the Act;
2. An institution under subparagraphs 4, 5, 7, and 8 of Article 38 of the Act on the Establishment, etc. of Financial Services Commission;
3. A credit card business entity among the specialized credit financial business companies under the Specialized Credit Finance Business Act;
4. Institutions under subparagraphs 1, 1-2, 2 through 6 of Article 2;
5. Deleted. <by Presidential Decree No. 21518, May 29, 2009>
(2) "Financial companies prescribed by Presidential Decree" in the proviso to Article 28 (2) of the Act, with the exception of its subparagraphs, means any of the following financial companies: <Amended by Presidential Decree No. 20112, Jun. 28, 2007; Presidential Decree No. 20653, Feb. 29, 2008; Presidential Decree No. 20913, Jul. 9, 2008; Presidential Decree No. 20947, Jul. 29, 2008; Presidential Decree No. 21404, Mar. 31, 2009; Presidential Decree No. 24880, Nov. 22, 2013>
1. A financial company falling under any of the subparagraphs of paragraph (1): Provided, That a person referred to in paragraph (1) 3 shall be excluded from the list of financial companies allowed to provide electronic funds transfer services under Article 28 (2) 1 of the Act without being registered with the Financial Services Commission;
2. Any of the following financial companies (limited to electronic funds transfer services under Article 28 (2) 1 of the Act):
(a) Investment dealing companies, investment brokerage companies, and securities finance companies under the Financial Investment Services and Capital Markets Act;
(b) Deleted; <by Presidential Decree No. 20947, Jul. 29, 2008>
(d) Insurance companies under the Insurance Business Act.
(3) "Electronic financial services prescribed by Presidential Decree" in Article 28 (2) 5 of the Act means any electronic financial service which provides or receives funds in connection with electronic financial transactions or provide or receive funds on behalf of others and which fall under any of the following subparagraphs:
1. Receiving deposits for settlement of the price of the goods, etc. under Article 13 (2) 10 of the Act on the Consumer Protection in Electronic Commerce, Etc.;
2. Notifying the payer of the details of the funds to be paid by the payer to the payee on behalf of the payee by electronic means, issuing or receiving the funds directly and executing the settlement of such funds on behalf of others.
(4) "Standards prescribed by Presidential Decree" in Article 28 (3) 1 (a) of the Act means any of the following: <Amended by Presidential Decree No. 24638, Jun. 28, 2013>
1. A chain store shall be located in only one basic local government (referring to the local governments under Article 2 (1) 2 of the Local Autonomy Act, and in the case of the Jeju Special Self-Governing Province, referring to the administrative Si);
2. The number of chain stores shall be ten or less;
3. A chain store shall be located in only one building (referring to the buildings under Article 2 (1) 2 of the Building Act);
4. A chain store shall be located in only one business place (referring to the business places under Articles 8 and 10 of the Enforcement Decree of the Value-Added Tax Act).
(5) "Amount prescribed by Presidential Decree" in Article 28 (3) 1 (b) of the Act means three billion won. In such case, the detailed method of calculating the total balance of issued amount under Article 28 (3) 1 (b) of the Act shall be determined and publicly announced by the Financial Services Commission. <Amended by Presidential Decree No. 20653, Feb. 29, 2008>
(6) "Case covered by a refund guarantee insurance, etc. as prescribed by Presidential Decree" in Article 28 (3) 1 (c) of the Act means any case where the payment of the whole outstanding balance of an electronic prepayment means is guaranteed by a financial company falling under any of the subparagraphs of Article 22 (2) or covered by a refund guarantee insurance (including mutual aid corresponding thereto). <Amended by Presidential Decree No. 24880, Nov. 22, 2013>
(7) "Electronic payment settlement agency services prescribed by Presidential Decree" in Article 28 (3) 2 of the Act means any service which simply delivers information on electronic payment transactions without providing or receiving, or providing or receiving funds on behalf of others related to electronic financial transactions.
(8) "Financial incidents prescribed by Presidential Decree" in the proviso to Article 28 (4) of the Act means any of the following cases:
1. Where the refund to or settlement of account of any user or chain store has become practically impossible due to illegal or undue conduct committed by the executive officers or employees of the relevant corporation;
2. Where any user or chain store has sustained loss due to the falsification or alteration of a means of access relating to an electronic financial service concerned;
3. Where any user or chain store has sustained loss due to the operational failure of the data processing system for the management of the relevant payment means;
4. Where it is evident that the executive officers or employees of the corporation concerned or chain stores have disclosed information on electronic financial transactions of the user or violated the provisons concerning personal information or credit information protection under other statutes.
 Article 16 (Method and Procedure, etc. of Registration of Electronic Bonds)
(1) Any person that intends to register electronic bonds with an electronic bond management agency (referring to any person registered to carry out registration and management of electronic bonds under Article 29 (1) of the Act; hereafter the same shall apply in this Article) shall, in advance, enter into a contract with a financial company to open a bank account for the issuance of electronic bonds and performance of obligations. <Amended by Presidential Decree No. 24880, Nov. 22, 2013>
(2) Upon receipt of an application for registration of an electronic bond through a financial company, an electronic bond management agency shall verify whether any error exists in the details of such electronic bond issued, and if no error is found, it shall register it in the electronic bond registration ledger and notify the creditor thereof. <Amended by Presidential Decree No. 24880, Nov. 22, 2013>
(3) Where an electronic bond management agency registers an electronic bond under paragraph (2), such registered matters shall be as follows: <Amended by Presidential Decree No. 24880, Nov. 22, 2013>
1. Number and type (whether it is a guaranteed bond or non-guaranteed bond) of electronic bond;
2. Matters concerning the creditor, debtor, and financial company involved in such transaction;
3. Date of issuance and period of repayment of the electronic bond;
4. Limit on the amount of the electronic bonds and actual amount issued;
5. Other matters necessary for the registration of the electronic bond.
(4) An electronic bond management agency shall manage the following matters with respect to registered electronic bonds: <Amended by Presidential Decree No. 24880, Nov. 22, 2013>
1. Notification of matters concerning period of repayment of electronic bonds to the debtor;
2. Details of the amount of electronic bonds repaid and the amount of electronic bonds outstanding;
3. Details of transfer of electronic bonds;
4. Details of settlements between financial companies relating to electronic bonds;
5. Matters concerning the suspension of transactions relating to electronic bonds;
6. Other matters concerning the management of electronic bonds.
 Article 17 (Capital Requirements)
(1) "Amount prescribed by Presidential Decree" in Article 30 (2) of the Act, with the exception of its subparagraphs, means the amount under the following classifications: <Amended by Presidential Decree No. 24880, Nov. 22, 2013>
1. In cases of electronic funds transfer services under Article 28 (2) 1 of the Act: Three billion won;
2. In cases of the issuance and management of electronic debit payment means under Article 28 (2) 2 of the Act: Two billion won;
3. In cases of the issuance and management of electronic prepayment means under Article 28 (2) 3 of the Act: Two billion won.
(2) "Amount prescribed by Presidential Decree" in Article 30 (3) 1 of the Act shall be the amount as in the following: <Newly Inserted by Presidential Decree No. 27292, Jun. 28, 2016>
1. In cases of electronic payment settlement agency services under Article 28 (2) 4 of the Act: 300 million won;
2. In cases of the service under Article 15 (3) 1: 300 million won;
3. In cases of the service under Article 15 (3) 2: 300 million won.
(3) "Amount prescribed by Presidential Decree" in Article 30 (3) 2 of the Act shall be the amount as in the following: <Amended by Presidential Decree No. 27292, Jun. 28, 2016>
1. In cases of electronic payment settlement agency services under Article 28 (2) 4 of the Act: One billion won;
2. In cases of the service under Article 15 (3) 1: One billion won;
3. In cases of the service under Article 15 (3) 2: 500 million won;
4. In cases of the registration and management of electronic bonds under Article 29 of the Act: Three billion won.
(4) Where one intends to conduct two or more services under Articles 28 and 29 of the Act, the aggregate amount classified under each subparagraph of paragraphs (1) through (3) shall be considered capital, total investments or fundamental property: Provided, That where such aggregate amount exceeds five billion won, it shall be five billion won. <Amended by Presidential Decree No. 27292, Jun. 28, 2016>
 Article 18 (Financial Soundness Standards, etc.)
(1) Where any person who intends to obtain permission or make a registration under Articles 28 and 29 of the Act (hereafter referred to as "applicant" in this Article) is an institution subject to inspection by the Financial Services Commission under Article 38 of the Act on the Establishment, etc. of Financial Services Commission, such person shall meet the financial soundness standards that the Financial Services Commission determines and publicly announces, taking into account the management soundness standards, etc. determined by statutes pertaining to the establishment, operation, etc. of such institution. <Amended by Presidential Decree No. 20653, Feb. 29, 2008>
(2) Where any applicant is not an institution subject to inspection referred to in paragraph (1), the ratio of total debts to the equity capital, total investments or fundamental property of the applicant [Where the large stockholder of the applicant is an enterprise belonging to an enterprise group under subparagraph 2 of Article 2 of the Monopoly Regulation and Fair Trade Act (excluding enterprise groups falling under Article 17 (1) 1 and 2 of the Enforcement Decree of the same Act; hereafter referred to as "enterprise group" in this Article), including such enterprise group, with the exception of companies engaged in the business of finance or insurance] shall be equivalent to or less than the ratio determined and publicly announced by the Financial Services Commission to the extent not exceeding 200/100: Provided, That with respect to an applicant who satisfies all of the following requirements, the Financial Services Commission may otherwise determine and publicly announce such ratio: <Amended by Presidential Decree No. 20653, Feb. 29, 2008>
1. The government or a metropolitan local government (hereinafter referred to as "government, etc.") shall hold or invest at least 10/100 of the equity capital, total investments or fundamental property;
2. The government, etc. shall guarantee the continuity of such business, including cases where the government, etc. should, if it becomes impracticable for the applicant to carry out his/her business, promise to take over the relevant business;
3. A financial structure improvement plan shall be submitted in compliance with the requirements determined and publicly announced by the Financial Services Commission.
(3) "Major investors prescribed by Presidential Decree" in Article 31 (1) 5 of the Act are as specified in the following: <Amended by Presidential Decree No. 20913, Jul. 9, 2008; Presidential Decree No. 20947, Jul. 29, 2008; Presidential Decree No. 28283, Sep. 5, 2017>
1. Where a person and another person in a relationship falling under any of the subparagraphs of Article 3 (1) of the Enforcement Decree of the Act on Corporate Governance of Financial Companies (hereinafter referred to as "specially related persons") with him/her holding the largest number of stocks or investment shares on the basis of the total number of voting stocks issued or total investments, the former (hereinafter referred to as the "largest stockholder"): Provided, That where the largest stockholder is a corporation, any of the following persons shall be included:
(a) The largest stockholder of a corporation which is the largest stockholder (where a person who exercises actual control over a corporation which is the largest stockholder is not the largest stockholder of such corporation, including the person who exercises de facto control over the corporation);
(b) Representative of a corporation which is the largest stockholder;
2. Stockholders or investors who are specially related persons with the largest stockholder;
3. Any person whose total amount of stock and investment shares are equivalent to 10/100 or more of the total number of voting stocks issued or the total investment for his/her own account regardless of the title thereof;
4. Stockholders or investors who effectively exercise control over the major managerial matters of the relevant corporation, such as the appointment and dismissal of executive officers.
 Article 19 (Investors Who are Large Stockholders, etc.)
(1) "Investor prescribed by Presidential Decree" in subparagraph 1 of Article 32 of the Act means any major investor referred to in Article 18 (3). <Amended by Presidential Decree No. 20913, Jul. 9, 2008>
(2) "Finance-related Acts and subordinate statutes prescribed by Presidential Decree" in subparagraph 5 of Article 32 of the Act means the Acts and subordinate statutes under each subparagraph of attached Table 1-2. <Amended by Presidential Decree No. 23776, May 7, 2012>
 Article 20 (Application Method, etc. for Permission and Registration)
(1) Any person who intends to obtain permission or apply for registration under Articles 28 and 29 of the Act shall submit an application for permission or registration stating the following matters to the Financial Services Commission: <Amended by Presidential Decree No. 20653, Feb. 29, 2008>
1. Trade name and location of the main office;
2. Matters concerning executive officers;
3. Capital, and the name or title of investors (excluding small investors determined and publicly announced by the Financial Services Commission) and the ratio of interests therein;
4. Electronic financial business to be performed;
5. In cases of a person who is conducting or intends to conduct a business other than electronic financial business, the details of the relevant business (applicable only to permission).
(2) Any application prescribed in paragraph (1) shall be accompanied with the following documents. In such cases, the Financial Services Commission shall confirm a corporation registration certificate (limited to cases where the applicant is a corporation) through the joint use of administrative information under Article 36 (1) of the Electronic Government Act: <Amended by Presidential Decree No. 20653, Feb. 29, 2008; Presidential Decree No. 22151, May 4, 2010; Presidential Decree No. 22467, Nov. 2, 2010>
1. Articles of incorporation and evidential document of payment of capital;
2. Financial statements and all documents annexed thereto;
3. Composition of stockholders (applicable only to permission);
4. Business plans for three years since the commencement of business (including estimated financial statements and budget statements of revenues and expenses);
5. Document stating the status of professional human resources and facilities;
6. Document stating the business status (applicable only to permission);
7. Deleted; <by Presidential Decree No. 23776, May 7, 2012>
8. Other documents necessary for permission or registration, which are determined and publicly announced by the Financial Services Commission.
(3) The Financial Services Commission shall determine whether to grant permission within three months from the date when an application for permission under paragraph (1) is submitted and notify the applicant thereof. <Amended by Presidential Decree No. 20653, Feb. 29, 2008>
(4) When a person who has submitted an application for registration under paragraph (1) meets the requirements for registration referred to in Article 31 of the Act, the Financial Services Commission shall grant registration without delay and notify the applicant of such fact. <Amended by Presidential Decree No. 20653, Feb. 29, 2008>
(5) When the documents submitted under paragraphs (1) and (2) are insufficient, the Financial Services Commission may make a request for supplementation thereof within ten days from the date of submission of such documents. In such cases, a period spent on supplementation shall not be included in the period under paragraph (3). <Amended by Presidential Decree No. 20653, Feb. 29, 2008>
(6) The Financial Services Commission shall determine and publicly announce the form of any application prescribed in paragraph (1). <Newly Inserted by Presidential Decree No. 23776, May 7, 2012>
 Article 21 (Application for Cancellation of Registration)
(1) Any person who intends to apply for the cancellation of registration under Article 34 (1) of the Act shall submit an application for the cancellation of registration stating the following matters to the Financial Services Commission after completing user protection measures as determined and publicly announced by the Financial Services Commission. <Amended by Presidential Decree No. 20653, Feb. 29, 2008>
1. Trade name and location of the main office;
2. Type of electronic financial business for the cancellation of registration;
3. Grounds for the cancellation of registration;
4. Details of user protection measures following the cancellation of registration.
(2) The Financial Services Commission shall determine and publicly announce the form of any application for the cancellation of registration prescribed in paragraph (1). <Newly Inserted by Presidential Decree No. 23776, May 7, 2012>
 Article 22 (Concurrently Performable Business, etc.)
(1) "Business prescribed by Presidential Decree" in Article 35 (1) 2 of the Act means the any of the following: <Amended by Presidential Decree No. 20653, Feb. 29, 2008; Presidential Decree No. 24880, Nov. 22, 2013>
1. Development, sale, and lending of data processing systems and software relating to electronic financial services;
2. Execution, on behalf of others, of part of electronic financial business for financial companies and electronic financial business entities;
3. Other business necessary to carry out the business granted permission or registered under Article 28 or 29 of the Act, which is determined and publicly announced by the Financial Services Commission.
(2) "Financial companies prescribed by Presidential Decree" in Article 35 (2) of the Act means any of the following financial companies: <Amended by Presidential Decree No. 20653, Feb. 29, 2008; Presidential Decree No. 24880, Nov. 22, 2013; Presidential Decree No. 27205, May 31, 2016>
1. Institutions under subparagraphs 1, 2 (limited to merchant banks), 7 and 8 of Article 38 of the Act on the Establishment, etc. of Financial Services Commission;
2. Korea Credit Guarantee Fund under the Credit Guarantee Fund Act;
3. Korea Technology Finance Corporation under the Korea Technology Finance Corporation Act;
4. Insurance companies under the Insurance Business Act;
5. Financial companies under subparagraphs 1 and 2 of Article 2.
 Article 23 (Grounds for Termination of Contract of Electronic Financial Business Chain Store)
“Grounds prescribed by Presidential Decree" in Article 38 (4) of the Act means any of the following cases:
1. Where a chain store is sentenced to a punishment for violating Article 26 of the Act or Article 37 (3) 3 through 5 of the Act;
2. Where a written notice of the fact that a chain store violated Article 37 (1), (2) or (3) 3 through 5 of the Act is issued by a relevant administrative agency;
3. Where a written notice of the fact that a relevant chain store has ceased its business is issued by a relevant administrative agency.
 Article 24 (Standards for Management Guidance)
The standards for management guidance under Article 42 (2) of the Act shall include the following matters: <Amended by Presidential Decree No. 23776, May 7, 2012>
1. Matters concerning the maintenance of capital, which is a requirement for permission or registration under Article 28 or 29 of the Act;
2. Matters concerning the standard for holding equity capital;
3. Matters concerning the standards for holding current assets against current liabilities;
4. Matters concerning the ratio of assets that has a low investment risk to the total assets (excluding the issuers of electronic prepayment means and electronic currency issuers);
5. Matters concerning the ratio of equity capital to the balance of outstanding redemption (limited to the issuers of electronic prepayment means and electronic currency issuers).
 Article 25 (Authorization of Merger, Dissolution, Business Closure, etc.)
(1) When the Financial Services Commission authorizes a merger, dissolution or business closure under Article 45 (1) of the Act, it shall consider the following matters: <Amended by Presidential Decree No. 20653, Feb. 29, 2008; Presidential Decree No. 20947, Jul. 29, 2008; Presidential Decree No. 24880, Nov. 22, 2013>
1. In cases of merger under Article 45 (1) 1 of the Act:
(a) It shall not hamper the efficient operations of the electronic finance industry and maintenance of credit order;
(b) The operating plan and organizational management plan following a merger shall be appropriate;
(c) The company to be established as a result of merger or company surviving a merger, etc. shall not violate Articles 30 through 32 of the Act;
(d) No error shall be found with the implementation of the procedures under the Commercial Act, the Financial Investment Services and Capital Markets Act or other relevant statutes;
2. In cases of dissolution or closure under Article 45 (1) 2 of the Act:
(a) Any unavoidable ground shall exist in light of the management, financial standing, etc. of the relevant financial company;
(b) It shall not undermine the protection of users of electronic currency and chain stores and maintenance of credit order;
(c) No error shall be found with the implementation of the procedures under the Commercial Act, the Financial Investment Services and Capital Markets Act and other related statutes.
(2) Subparagraphs 1 and 2 of paragraph (1) shall apply mutatis mutandis to the authorization of total or partial takeover of business and authorization of total or partial transfer of business, respectively, under Article 45 (1) 3 of the Act.
(3) The Financial Services Commission may determine and publicly announce the detailed conditions of authorization under Article 45 (1) of the Act, documents for application and other necessary matters. <Amended by Presidential Decree No. 20653, Feb. 29, 2008>
 Article 26 (Standards, etc. for Suspension of Business and Imposition of Penalty Surcharges)
(1) Standards for imposing penalty surcharges under Article 46 (1) of the Act shall be as specified in attached Table 1-3. <Newly Inserted by Presidential Decree No. 28388, Oct. 17, 2017>
(2) The business suspension period and penalty surcharge amount by type of the violations for which an order of business suspension may be issued pursuant to Article 43 (2) of the Act or penalty surcharges may be imposed pursuant to Article 46 (2) of the Act shall be as specified in attached Table 2. <Amended by Presidential Decree No. 26199, Apr. 14, 2015; Presidential Decree No. 28388, Oct. 17, 2017>
(3) The Financial Services Commission may increase or reduce the business suspension period under paragraph (2) or the penalty surcharge amount imposed in lieu of an order of business suspension thereunder, by up to 1/2 of such period or amount, considering the seriousness and frequency, etc. of violations: Provided, That even in case of increasing the business suspension period or the penalty surcharge amount, the business suspension period shall not exceed six months and the total penalty surcharge amount imposed in lieu of an order of business suspension shall not exceed 50 million won. <Amended by Presidential Decree No. 20653, Feb. 29, 2008; Presidential Decree No. 26199, Apr. 14, 2015; Presidential Decree No. 28388, Oct. 17, 2017>
 Article 27 (Imposition and Payment of Penalty Surcharges)
(1) The Financial Services Commission shall, when it intends to impose a penalty surcharge under Article 46 (1) or (2) of the Act, issue a written notice of payment, stating the type of the relevant violation and the amount of the penalty surcharge imposed, etc. <Amended by Presidential Decree No. 20653, Feb. 29, 2008; Presidential Decree No. 26199, Apr. 14, 2015>
(2) Any person who has received a notice under paragraph (1) shall pay the penalty surcharge to a receiving agency determined and publicly announced by the Financial Services Commission within 20 days: Provided, That where he/she is unable to pay the penalty surcharge within such period due to an act of God or other inevitable causes, he/she shall pay it within seven days from the date when such ground ceases to exist. <Amended by Presidential Decree No. 20653, Feb. 29, 2008>
(3) Any receiving agency which has received payment of a penalty surcharge under paragraph (2) shall deliver a receipt to the payer and notify the Financial Services Commission of the receipt of the payment without delay. <Amended by Presidential Decree No. 20653, Feb. 29, 2008>
(4) Penalty surcharges may not be paid in installments.
 Article 28 (Entrustment of Disposition on Default)
(1) When the Financial Services Commission entrusts duties concerning the disposition on default to the Commissioner of the National Tax Service under Article 46 (5) of the Act, it shall do so in writing, accompanied by the following documents: <Amended by Presidential Decree No. 20653, Feb. 29, 2008; Presidential Decree No. 26199, Apr. 14, 2015>
1. A resolution of the Financial Services Commission;
2. A resolution and notice of collection of tax revenues;
3. Reminder for payment.
(2) The Commissioner of the National Tax Service shall, when he/she has completed the duties of disposition on default entrusted under paragraph (1), notify the Financial Services Commission of the date of completion of such duties and other necessary matters in writing within 30 days from the date of completion. <Amended by Presidential Decree No. 20653, Feb. 29, 2008>
 Article 28-2 (Interest Rates on Additional Charges for Refund)
"Interest rate on additional money prescribed by Presidential Decree" in Article 46-2 (3) of the Act means the interest rate determined and publicly announced by the Financial Services Commission with regard for interest rates on time deposits by banks (referring to banks authorized to carry out banking business under the Banking Act).
[This Article Newly Inserted by Presidential Decree No. 24880, Nov. 22, 2013]
 Article 29 (Subjects and Methods, etc. of Statistical Surveys)
The subjects of statistical survey carried out by the Bank of Korea under Article 47 (1) of the Act of electronic financial business and electronic financial transactions shall be as follows:
1. The assets, debts and capital of an institution or organization or business entity engaged in conducting or supporting electronic financial services, and sales, profits and losses concerning the electronic financial transactions;
2. Matters concerning the current status of the data processing system dealing with electronic financial transactions;
3. Matters concerning the current status of electronic financial transactions, such as the issuance and use of electronic payment means, electronic funds transfer, electronic payment settlement agency services, transactions of electronic bonds;
4. Other matters necessary to ascertain the current condition of the electronic financial industry and electronic financial transactions or to implement monetary credit policies.
 Article 30 (Entrustment of Authority)
(1) The Financial Services Commission shall entrust the following duties to the Governor of the Financial Supervisory Service under Article 48 of the Act: <Amended by Presidential Decree No. 20653, Feb. 29, 2008; Presidential Decree No. 20913, Jul. 9, 2008; Presidential Decree No. 23776, May 7, 2012; Presidential Decree No. 24880, Nov. 22, 2013; Presidential Decree No. 26199, Apr. 14, 2015; Presidential Decree No. 27292, Jun. 28, 2016>
1. Establishment of standards for certification methods under Article 21 (2) of the Act;
1-2. Receipt of plans for the information technology sector under Article 21 (4) of the Act;
1-3. Receipt of the findings from analysis and assessment of vulnerability under Article 21-3 (1) of the Act;
1-4. Receipt of reports on the preparation and alteration of the standardized contract and the recommendation for alteration of the standardized contract under Article 25 of the Act;
2. Registration and cancellation of registration under Articles 28, 29, 33 and 34 of the Act;
2-2. Receipt of a report on the details of exceeding the standard under Article 30 (4) of the Act;
2-3. Review designed to grant permission or authorization under Article 33 (2) of the Act;
2-4. Confirmation of whether the requirements for final permission and authorization under Articles 33-2 (2) and 45-2 (2) can be satisfied;
2-5. Confirmation of whether the conditions of preliminary permission and authorization under Articles 33-2 (4) and 45-2 (4) have been fulfilled and whether the requirements for final permission and authorization are satisfied;
3. Orders for correction or supplementation of a contract for affiliation, entrustment or outside order under Article 40 of the Act;
4. Determination of the methods and procedures for submitting a report on operations and business performance under Article 42 (1) of the Act, and receipt of the report;
5. Establishment of detailed methods for setting standards for management guidance under Article 42 (2) of the Act.
(2) The Governor of the Financial Supervisory Service shall report to the Financial Services Commission on the results of handling the duties entrusted under paragraph (1) as determined and publicly announced by the Financial Services Commission. <Amended by Presidential Decree No. 20653, Feb. 29, 2008>
 Article 31 (Handling Sensitive Information and Personally Identifiable Information)
(1) To conduct the following duties, the Financial Services Commission (including persons entrusted with authority of the Financial Services Commission pursuant to Article 30) may, if unavoidable, handle information that corresponds to any criminal history record prescribed in subparagraph 2 of Article 18 of the Enforcement Decree of the Personal Information Protection Act, and materials that include any resident registration number, passport number or alien registration number referred to in subparagraphs 1, 2 or 4 of Article 19 of the same Decree: <Amended by Presidential Decree No. 24880, Nov. 22, 2013>
1. Duties related to the preparation and alteration of any standardized contract prescribed in Article 25 of the Act;
2. Duties related to permission and registration, etc. prescribed in Articles 28, 29, and 33 of the Act;
2-2. Duties related to preliminary permission under Article 33-2 of the Act;
3. Duties related to the cancellation of registration prescribed in Article 34 of the Act;
4. Duties related to supervision and inspection, or submission of materials and measures subsequent thereto, etc., prescribed in Article 39 (1) through (5) or 40 of the Act;
5. Duties related to measures, hearings, etc. prescribed in Articles 39 (6) and 44 of the Act;
6. Duties related to a joint inspection prescribed in Article 41 (2) of the Act;
7. Duties related to the division of accounting and guidance for sound management prescribed in Article 42 of the Act;
8. Duties related to authorization prescribed in Article 45 of the Act;
9. Duties related to preliminary authorization under Article 45-2 of the Act.
(2) To conduct the following duties, the Governor of the Financial Supervisory Service or the Korea Consumer Agency (limited to the duties prescribed in subparagraph 1) may, if inevitable, handle materials which include personal information under paragraph (1) with the exception of its subparagraphs:
1. Duties related to the settlement and mediation of disputes prescribed in Article 27 of the Act;
2. Duties related to supervision and inspection, or submission of materials and measures subsequent thereto, etc. prescribed in Article 39 (1) through (5) or 40 of the Act;
3. Duties related to measures prescribed in Article 39 (6) of the Act.
(3) To conduct the following duties, Financial companies or electronic financial business entities may, if unavoidable, handle materials which contain any resident registration number, passport number or alien registration number under subparagraph 1, 2 or 4 of Article 19 of the Enforcement Decree of the Personal Information Protection Act: <Newly Inserted by Presidential Decree No. 25532, Aug. 6, 2014>
1. Duties regarding the issuance of the means of access under Article 6 (2) of the Act;
2. Duties regarding the issuance of electronic debit payment means under Article 28 (2) 2 of the Act;
3. Duties regarding the issuance of electronic prepayment means under Article 28 (2) 3 of the Act.
[This Article Newly Inserted by Presidential Decree No. 23488, Jan. 6, 2012]
 Article 32 (Re-Examination of Regulation)
(1) The Financial Services Commission shall examine the appropriateness of the scope of financial companies under Article 5 (2) every three years, counting from January 1, 2016 (referring to the period that ends on the day before January 1 of every third year) and shall take measures, such as making improvements. <Amended by Presidential Decree No. 26817, Dec. 30, 2015>
(2) The Financial Services Commission shall examine the appropriateness of the following matters every two years, counting from each base date specified in the following (referring to the period that ends on the day before the base date of every second year) and shall take measures, such as making improvements: <Newly Inserted by Presidential Decree No. 25840, Dec. 9, 2014; Presidential Decree No. 26199, Apr. 14, 2015>
1. Standards for financial companies, etc. required to appoint a chief information security officer under Article 11-3 (1): January 1, 2015;
2. Qualifications for a chief information security officer under Article 11-3 (4): January 1, 2015.
[This Article Newly Inserted by Presidential Decree No. 24880, Nov. 22, 2013]
 Article 33 (Standards for Imposing Penalty Surcharges)
Standards for imposing penalty surcharges under Article 51 (1) through (3) of the Act shall be as listed in attached Table 3.
[This Article Newly Inserted by Presidential Decree No. 28388, Oct. 17, 2017]
ADDENDA
(1) (Enforcement Date) This Decree shall enter into force on January 1, 2007.
(2) Omitted.
ADDENDA <Presidential Decree No. 19958, Mar. 27, 2007>
Article 1 (Enforcement Date)
This Decree shall enter into force on March 28, 2007. (Proviso Omitted.)
Articles 2 through 8 Omitted.
ADDENDUM <Presidential Decree No. 20112, Jun. 28, 2007>
This Decree shall enter into force on July 1, 2007.
ADDENDA <Presidential Decree No. 20653, Feb. 29, 2008>
Article 1 (Enforcement Date)
This Decree shall enter into force on the date of its promulgation. (Proviso Omitted.)
Article 2 Omitted.
ADDENDUM <Presidential Decree No. 20913, Jul. 9, 2008>
This Decree shall enter into force on the date of its promulgation.
ADDENDA <Presidential Decree No. 20947, Jul. 29, 2008>
Article 1 (Enforcement Date)
This Decree shall enter into force on February 4, 2009. (Proviso Omitted.)
Articles 2 through 28 Omitted.
ADDENDUM <Presidential Decree No. 21404, Mar. 31, 2009>
This Decree shall enter into force on April 1, 2009.
ADDENDA <Presidential Decree No. 21518, May 29, 2009>
Article 1 (Enforcement Date)
This Decree shall enter into force on June 1, 2009.
Articles 2 and 3 Omitted.
ADDENDA <Presidential Decree No. 21590, Jun. 30, 2009>
Article 1 (Enforcement Date)
This Decree shall enter into force on July 1, 2009. (Proviso Omitted.)
Articles 2 through 9 Omitted.
ADDENDA <Presidential Decree No. 21765, Oct. 1, 2009>
Article 1 (Enforcement Date)
This Decree shall enter into force on the date of its promulgation.
Articles 2 through 5 Omitted.
ADDENDA <Presidential Decree No. 22151, May 4, 2010>
Article 1 (Enforcement Date)
This Decree shall enter into force on May 5, 2010.
Articles 2 through 4 Omitted.
ADDENDUM <Presidential Decree No. 22467, Nov. 2, 2010>
This Decree shall enter into force on the date of its promulgation.
ADDENDA <Presidential Decree No. 23488, Jan. 6, 2012>
Article 1 (Enforcement Date)
This Decree shall enter into force on the date of its promulgation. (Proviso Omitted.)
Article 2 Omitted.
ADDENDUM <Presidential Decree No. 23776, May 7, 2012>
This Decree shall enter into force six months after the date of its promulgation: Provided, That the amended provisions of Articles 11-2 and 19, and those of attached Tables 1 and 1-2 shall enter into force on May 15, 2012.
ADDENDA <Presidential Decree No. 24076, Aug. 31, 2012>
Article 1 (Enforcement Date)
This Decree shall enter into force on September 2, 2012.
Articles 2 through 4 Omitted.
ADDENDA <Presidential Decree No. 24638, Jun. 28, 2013>
Article 1 (Enforcement Date)
This Decree shall enter into force on July 1, 2013. (Proviso Omitted.)
Articles 2 through 17 Omitted.
ADDENDA <Presidential Decree No. 24880, Nov. 22, 2013>
Article 1 (Enforcement Date)
This Decree shall enter into force on November 23, 2013.
Article 2 (Applicability concerning Analysis and Assessment of Vulnerability of Electronic Financial Infrastructure)
The amended provisions of the main sentence of Article 11-5 (2), with the exception of its subparagraphs, shall apply starting from the business year that begins after this Decree enters into force.
Article 3 (Special Cases concerning Qualifications for Chief Information Security Officers)
Notwithstanding the amended provisions of subparagraph 3 (b) of attached Table 1, the head of an association, credit cooperative or local cooperative or a person that is designated by any of their respective heads as at the time this Decree enters into force shall qualified as a chief information security officer even though he/she has not received education under the same amended provisions: Provided, That he/she shall receive education under the same amended provisions within one year after this Decree enters into force.
Article 4 (Transitional Measures concerning Method of Notice for Correction of Errors)
Where a request to correct an error is received or the existence of any error is recognized under Article 8 (2) or (3) of the Act as at the time this Decree enters into force, the former provisions shall apply, notwithstanding the amended provisions of Article 7-2.
ADDENDA <Presidential Decree No. 25279, Mar. 24, 2014>
Article 1 (Enforcement Date)
This Decree shall enter into force on the date of its promulgation.
Articles 2 and 3 Omitted.
ADDENDUM <Presidential Decree No. 25532, Aug. 6, 2014>
This Decree shall enter into force on August 7, 2014.
ADDENDA <Presidential Decree No. 25840, Dec. 9, 2014>
Article 1 (Enforcement Date)
This Decree shall enter into force on January 1, 2015.
Articles 2 through 16 Omitted.
ADDENDA <Presidential Decree No. 25945, Dec. 30, 2014>
Article 1 (Enforcement Date)
This Decree shall enter into force on the date when the registration of merger under Article 4 (6) of the Addenda of Act No. 12663, the Whole Amendment to the Korea Development Bank Act is completed.
Articles 2 through 5 Omitted.
ADDENDUM <Presidential Decree No. 26199, Apr. 14, 2015>
This Decree shall enter into force on April 16, 2015: Provided, That the amended provisions of Articles 9-2 and 30 (1) 1 shall enter into force on October 16, 2015.
ADDENDUM <Presidential Decree No. 26817, Dec. 30, 2015>
This Decree shall enter into force on the date of its promulgation.
ADDENDA <Presidential Decree No. 27205, May 31, 2016>
Article 1 (Enforcement Date)
This Decree shall enter into force on September 30, 2016. (Proviso Omitted.)
Articles 2 and 3 Omitted.
ADDENDUM <Presidential Decree No. 27292, Jun. 28, 2016>
This Decree shall enter into force on June 30, 2016: Provided, That the amended provisions of Article 6-2 shall enter into force on July 28, 2016.
ADDENDA <Presidential Decree No. 28218, Jul. 26, 2017>
Article 1 (Enforcement Date)
This Decree shall enter into force on the date of its promulgation.
Articles 2 and 3 Omitted.
ADDENDA <Presidential Decree No. 28283, Sep. 5, 2017>
Article 1 (Enforcement Date)
This Decree shall enter into force three months after the date of its promulgation: Provided, That ...... <omitted>...... Article 6 of the Addenda shall enter into force on the date of its promulgation.
Articles 2 and 6 Omitted.
ADDENDA <Presidential Decree No. 28388, Oct. 17, 2017>
Article 1 (Enforcement Date)
This Decree shall enter into force on October 19, 2017.
Article 2 (Transitional Measures concerning Standards for Imposing Penalty Surcharges)
Notwithstanding the amended provisions of Article 26, and attached Tables 1-3 and 2, the former Article 26 and attached Table 2 shall govern when applying standards for imposing penalty surcharges to the violations committed before this Decree enters into force.