Archivos de la etiqueta: electronic financial business entity

11Nov/21

Act nº 7929, Apr. 28, 2006, Electronic Financial Transactions Act

Act nº 7929, Apr. 28, 2006, Electronic Financial Transactions Act. (Amended by Act nº 8387, Apr. 27, 2007, Act nº 8863, Feb. 29, 2008, Act nº 9325, Dec. 31, 2008, Act nº 10303, May 17, 2010, Act nº 11087, Nov. 14, 2011, Act nº 11407, Mar. 21, 2012, Act nº 11461, jun. 1, 2012, Act nº 11814, May 22, 2013, Act nº 12837, Oct. 15, 2014, Act nº 13929, Jan. 27, 2016, Act nº 14132, Mar. 29, 2016, Act nº 14828, Apr. 18, 2017, Act nº 14839, Jul. 26, 2017).

ELECTRONIC FINANCIAL TRANSACTIONS ACT

CHAPTER I.- GENERAL PROVISIONS

Article 1 (Purpose)

The purpose of this Act is to ensure the safety and reliability of electronic financial transactions by clarifying their legal relations and to promote financial conveniences for people and contribute to national economic development by creating a foundation for the sound development of the electronic financial industry.

Article 2 (Definitions)

The definitions of terms used in this Act shall be as follows: (Amended by Act nº 8387, Apr. 27, 2007; Act nº 8863; Feb. 29, 2008; Act nº 11407, Mar. 21, 2012; Act nº 11461, Jun. 1, 2012; Act nº 11814, May 22, 2013)

1. The term «electronic financial transaction» means any transaction whereby a financial company or an electronic financial business entity provides financial products and services through electronic apparatus (hereinafter referred to as «electronic financial business«) and users use them in a non-facing and automated manner without any direct contact with employees of the financial company or electronic financial business entity;

2. The term «electronic payment transaction» means any electronic financial transaction whereby a person providing a payment (hereinafter referred to as «payer«) requires a financial company or an electronic financial business entity to transfer money to another person receiving the payment (hereinafter referred to as «payee«) by electronic payment means;

3. The term «financial company» means any of the following institutions, organizations or business entities:

(a) An institution referred to in subparagraphs 1 through 5, 7 and 8 of Article 38 of the Act on the Establishment, etc. of Financial Services Commission;

(b) A specialized credit financial company established under the Specialized Credit Finance Business Act;

(c) A postal service agency under the Postal Savings and Insurance Act;

(d) A community credit cooperative and Korean Federation of Community Credit Cooperatives established under the Community Credit Cooperatives Act;

(e) Any other person prescribed by Presidential Decree, which is an institution, organization, or a business entity carrying on financial business and other finance-related business pursuant to Acts;

4. The term «electronic financial business entity» means any person who has obtained permission or whose business has been registered (excluding any financial company) pursuant to Article 28;

5. The term «subsidiary electronic financial business entity» means any person prescribed by the Financial Services Commission established under Article 3 of the Act on the Establishment, etc. of Financial Services Commission (hereinafter referred to as the «Financial Services Commission«), who assists in electronic financial transactions; or vicariously performs the part of such transactions for a financial company or an electronic financial business entity; or who operates a payment gateway system;

6. The term «payment gateway system» means any financial data processing system that deals with business affairs relating to the settlement of accounts and payments by transmitting electronic financial transaction information between a financial company and an electronic financial business entity;

7. The term «user» means any person who conducts an electronic financial transaction under a contract concluded with a financial company or an electronic financial business entity for facilitating electronic financial transactions (hereinafter referred to as «electronic financial transaction contract«);

8. The term «electronic apparatus» means any apparatus used to transmit or process electronic financial transaction information by electronic means, such as a cash dispenser, automatic teller machine, debit terminal, computer, telephone, or other devices that transmit or process information by electronic means;

9. The term «electronic document» means any information prepared, transmitted, received or stored pursuant to subparagraph 1 of Article 2 of the Framework Act on Electronic Documents and Transactions;

10. The term «means of access» means any of the following means or information which is used to issue a transaction request in electronic financial transactions or to secure the authenticity and accuracy of users and the details of such transaction:

(a) An electronic card or other electronic information equivalent thereto;

(b) An electronic signature creating key defined in subparagraph 4 of Article 2 of the Digital Signature Act and a certificate referred to in subparagraph 7 of the said Article;

(c) A user number registered with a financial company or an electronic financial business entity;

(d) Biological information of users;

(e) A password required to use the means or information referred to in item (a) or (b);

11. The term «electronic payment means» means an electronic funds transfer, electronic debit payment means, electronic prepayment means, electronic currency, a credit card, an electronic bond or other means of payment by electronic means;

12. The term «electronic funds transfer» means any transfer of funds by any of the following methods from an account opened with a financial company or an electronic financial business entity (limited to any account linked to a financial company; hereinafter the same shall apply) to another account through electronic apparatus for the purpose of transferring funds between a payer and a payee:

(a) A payment request made by a payer to a financial company or an electronic financial business entity;

(b) A collection request made by a payee (hereinafter referred to as «collection transfer«) to a financial company or an electronic financial business entity;

13. The term «electronic debit payment means» means any certificate (excluding any certificate available for loans), or information on such certificate, issued by a financial company or an electronic financial business entity to simultaneously supply goods or services and pay their prices by the method of transferring funds from the account of a financial company between a user and a chain store by electronic means;

14. The term «electronic prepayment means» means any certificate, or information on such certificate, issued with transferable monetary values stored by electronic means, which meets all of the following requirements: Provided, That this shall not include any electronic currency:

(a) It shall be used to purchase goods or services from a third person other than the issuer (including specially related persons prescribed by Presidential Decree) and pay their prices;

(b) It shall be able to purchase goods or services in at least two business categories (referring to mid-classification business categories in the Korean Standard Industrial Classification publicly announced by the Commissioner of the National Statistical Office pursuant to Article 22 (1) of the Statistics Act; hereafter the same shall apply in this Article);

15. The term «electronic currency» means any certificate, or information on such certificate, issued with transferable monetary values stored by electronic means, which meets all of the following requirements:

(a) It shall be used in the areas and chain stores which meet the standards prescribed by Presidential Decree;

(b) It shall meet the requirements referred to in subparagraph 14 (a);

(c) It shall be able to purchase goods or services in at least five business categories and the number of such business categories shall be at least that prescribed by Presidential Decree;

(d) It shall be issued in exchange for the same value of cash or deposits;

(e) It shall be exchangeable for cash or deposits under guarantee of the issuer;

16. The term «electronic bond» means any creditor’s monetary claims stated in an electronic document, which meets the following requirements:

(a) The debtor shall designate the creditor;

(b) It shall include the contents of debts;

(c) It shall include the certified digital signature defined in subparagraph 3 of Article 2 of the Digital Signature Act;

(d) It shall be registered with an electronic bond management agency under Article 29 (1) (hereinafter referred to as «electronic bond management agency«) via a financial company;

(e) The debtor shall transmit an electronic document which meets all requirements referred to in items (a) through (c) to the creditor pursuant to Article 6 (1) of the Framework Act on Electronic Documents and Transactions and the creditor shall receive it in accordance with Article 6 (2) of the said Act;

17. The term «transaction request» means any request whereby a user asks a financial company or an electronic financial business entity to process electronic financial transactions pursuant to the electronic financial transaction contract;

18. The term «error» means any case where an electronic financial transaction fails to be made pursuant to the electronic financial transaction contract or the user’s transaction request neither intentionally nor with negligence;

19. The term «electronic payment settlement agency service» means any service to transmit or receive payment settlement information in purchasing goods or using services by electronic means or to execute as an agent or mediate the settlement of prices thereof;

20. The term «chain store» means any person, other than a financial company or an electronic financial business entity, who supplies goods or services to users in transactions conducted by an electronic debit payment means, electronic prepayment means or electronic currency under a contract concluded with a financial company or an electronic financial business entity;

21. The term «electronic financial infrastructure» means any information processing system used in electronic financial transactions and information and communication network defined in Article 2 (1) 1 of the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc.;

22. The term “electronic infringement” means any attack on electronic financial infrastructure by means of hacking, computer virus, logic bomb, mail bomb, denial of service, high-powered electromagnetic wave, etc.

Article 3 (Scope of Application)

(1) Except as otherwise expressly provided for in other Acts, this Act shall apply to all electronic financial transactions: Provided, That this Act shall not apply to the electronic financial transactions prescribed by Presidential Decree among those conducted under a separate contract between a financial company and an electronic financial business entity. (Amended by Act nº 11814, May 22, 2013)

(2) The provisions of Chapter V shall not apply to the financial companies referred to in subparagraph 3 (c) and (d) of Article 2. (Amended by Act nº 11814, May 22, 2013)

(3) The following shall not apply to the financial companies prescribed by Presidential Decree, considering the frequency of electronic financial transactions, size of company, etc. among financial companies: (Inserted by Act nº 11814, May 22, 2013)

1. Meeting the standards set by the Financial Services Commission for the information technology sector, in terms of human resources, facilities, electronic apparatus, etc. and electronic financial business under Article 21 (2);

2. Establishing and submitting plans for the information technology sector under Article 21 (4);

3. Appointing the chief information security officer under Article 21-2;

4. Analyzing and assessing the vulnerability of electronic financial infrastructure under Article 21-3.

Article 4 (Reciprocity)

This Act shall also apply to a foreigner or foreign corporation: Provided, That with respect to any foreigner or foreign corporation of the State which fails to provide protections corresponding to this Act for any national or corporation of the Republic of Korea, any protection under this Act or the treaties acceded to or concluded by the Republic of Korea may be restricted commensurately therewith.

CHAPTER II.- RIGHTS AND DUTIES OF PARTIES TO ELECTRONIC FINANCIAL TRANSACTIONS

SECTION 1.- Common Provisions

Article 5 (Use of Electronic Documents)

(1) Articles 4 through 7, 9, and 10 of the Framework Act on Electronic Documents and Transactions shall apply to electronic documents used for electronic financial transactions. (Amended by Act nº 11461, Jun. 1, 2012)

(2) Each electronic document received by a financial company or an electronic financial business entity in relation to a transaction request shall be deemed independent, respectively: Provided, That where the financial company or electronic financial business entity and a user undergoes the procedures for confirmation on an electronic financial transaction contract concluded among them, such procedures shall prevail. (Amended by Act nº 11814, May 22, 2013)

Article 6 (Selection, Use and Management of Means of Access)

(1) A financial company or an electronic financial business entity shall select, use and manage the means of access necessary for electronic financial transactions and confirm the identity and authority of a user, the details of a transaction request, etc. (Amended by Act nº 11814, May 22, 2013)

(2) A financial company or an electronic financial business entity shall issue the means of access only if an application is made by the user after verifying the identity of such user: Provided, That it may be also issued without the user’s application nor the verification of the user’s identity in any of the following cases: (Amended by Act nº 11814, May 22, 2013)

1. In case of an electronic prepayment means or electronic currency referred to in the proviso to Article 16 (1);

2. Where a user’s consent is obtained for the renewal, replacement, etc. of the means of access, as prescribed by Presidential Decree.

(3) No one shall commit any of the following acts unless otherwise expressly provided for in other Acts with respect to the use and management of a means of access: Provided, That the same shall not apply to cases (excluding the act referred to in subparagraph 3 and other acts of assisting the said act) where it is necessary to transfer an electronic prepayment means or electronic currency, or to offer it as security under Article 18: (Amended by Act nº 9325, Dec. 31, 2008; Act nº 13069, Jan. 20, 2015; Act nº 13929, Jan. 27, 2016)

1. Transferring or taking over a means of access;

2. Borrowing or lending a means of access, or storing, delivering or distributing a means of access, accompanied by receipt, demand or promise of any compensation;

3. Borrowing or lending a means of access, or storing, delivering or distributing a means of access, for the purpose of using it for any crime or with the knowledge of the fact that it will be used for any crime;

4. Providing a means of access as the object of pledge;

5. Arranging or advertizing any act referred to in subparagraphs 1 through 4.

Article 6-2 (Suspension, etc. of Using Telephone Numbers Used in Illegal Advertisements)

(1) When the Prosecutor General, Commissioner of the National Police Agency, or Governor of the Financial Supervisory Service (referring to the Governor of the Financial Supervisory Service under Article 29 of the Act on the Establishment, etc. of Financial Services Commission; hereafter the same shall apply) identifies a telephone number used in illegal advertisements referred to in Article 6 (3) 5, he/she may request the Minister of Science and Information and Communications Technology (ICT) to suspend provision of telecommunications services related to the relevant telephone number. (Amended by Act nº 14839, Jul. 26, 2017)

(2) A person to whom provision of telecommunications services is suspended following a request made pursuant to paragraph (1) may raise an objection to the person who requested suspension of provision of telecommunications services.

(3) Matters necessary for the procedures, etc. regarding raising of an objection under paragraph (2) shall be prescribed by Presidential Decree.

(Article Inserted by Act nº 13929, Jan. 27, 2016)

Article 7 (Confirmation of Transaction Details)

(1) Any financial company or electronic financial business entity shall ensure that a user can confirm the transaction details through an electronic apparatus (including electronic apparatus, if any, stipulated in advance between the financial company or electronic financial business entity and the user) used for electronic financial transactions. (Amended by Act nº 11814, May 22, 2013)

(2) Any financial company or electronic financial business entity shall, upon a user’s request to deliver relevant transaction details in writing (excluding any electronic document; hereinafter the same shall apply), deliver to him/her a document stating the details of his/her transaction within two weeks after receipt of such request. (Amended by Act nº 11814, May 22, 2013)

(3) Matters concerning the coverage period, types and scope of the transaction details offered pursuant to paragraphs (1) and (2) and other matters shall be prescribed by Presidential Decree.

Article 8 (Correction, etc. of Errors)

(1) When a user recognizes the existence of any error in electronic financial transactions, he/she may request the relevant financial company or electronic financial business entity to correct such error. (Amended by Act nº 11814, May 22, 2013)

(2) Upon receipt of a request to correct an error under paragraph (1), any financial company or electronic financial business entity shall immediately investigate and effect appropriate corrections to the processed transaction, and inform the user of the causes of the error and the results of correction by the methods prescribed by Presidential Decree within two weeks after receipt of such request. (Amended by Act nº 9325, Dec. 31, 2008; Act nº 11814, May 22, 2013)

(3) When any financial company or electronic financial business entity recognizes the existence of any error in electronic financial transactions, it or he/she shall immediately investigate and effect appropriate corrections to the processed transaction, and inform the user of the causes of the error and the results of correction in the methods prescribed by Presidential Decree within two weeks after recognizing such error. (Amended by Act nº 9325, Dec. 31, 2008; Act nº 11814, May 22, 2013)

Article 9 (Liability of Financial Companies or Electronic Financial Business Entities)

(1) When a user suffers any loss due to any of the following incidents, the relevant financial company or electronic financial business entity shall be liable for indemnifying him/her for the loss: (Amended by Act nº 11814, May 22, 2013)

1. An incident caused by the forgery or alteration of the means of access;

2. An incident caused in the course of electronically transmitting or processing the conclusion of a contract or a transaction request;

3. An incident caused by the use of a means of access acquired by fraudulent or other illegal means by invading electronic apparatus for electronic financial transactions or an information and communication network defined in Article 2 (1) 1 of the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc.

(2) Notwithstanding paragraph (1), a financial company or an electronic financial business entity may require a user to fully or partially bear the liability for any loss in any of the following cases: (Amended by Act nº 11814, May 22, 2013)

1. Where, with respect to any incident caused by the intention or gross negligence of the user, a prior agreement is made with the user to the effect that all or part of the loss may be borne by the user;

2. Where a corporate user (excluding any small enterprise defined in Article 2 (2) of the Framework Act on Small and Medium Enterprises) suffers any loss although the financial company or electronic financial business entity fulfills the duty of due care reasonably required to prevent incidents, such as the establishment and strict observance of security procedures.

(3) The intention or gross negligence of the user referred to in paragraph (2) 1 shall be limited to that stipulated in the terms and conditions of electronic financial transactions (hereinafter referred to as «terms and conditions«) within the limits prescribed by Presidential Decree.

(4) Every financial company or electronic financial business entity shall take measures necessary to discharge the liability provided for in paragraph (1), such as purchasing insurance, joining a mutual aid society or accumulating reserves, pursuant to the standards determined by the Financial Services Commission. (Amended by Act nº 8863, Feb. 29, 2008; Act nº 11814, May 22, 2013)

Article 10 (Liability for Loss or Theft of Means of Access)

(1) Upon receipt of a user’s notification of the loss or theft of the means of access, the relevant financial company or electronic financial business entity shall be liable for compensating the user for any loss he/she might suffer due to the use of such means of access by a third party from the time such notification is received: Provided, That the same shall not apply to cases prescribed by Presidential Decree where any damage is caused by the loss, theft, etc. of electronic prepayment means or electronic currency. (Amended by Act nº 11814, May 22, 2013)

(2) Notwithstanding paragraph (1) of this Article and Article 9, if any provision of other Acts and subordinate statutes applicable favorably to the user exists, such provision shall prevail.

Article 11 (Status of Subsidiary Electronic Financial Business Entities)

(1) The intention or negligence of a subsidiary electronic financial business entity (including any electronic bond management agency; hereafter the same shall apply in this Chapter) in relation to electronic financial transactions shall be deemed the intention or negligence of the relevant financial company or electronic financial business entity. (Amended by Act nº 11814, May 22, 2013)

(2) When any financial company or electronic financial business entity compensates the user for any loss caused by the intention or negligence of its or his/her subsidiary electronic financial business entity, it or he/she may exercise the right of indemnity over the subsidiary electronic financial business entity. (Amended by Act nº 11814, May 22, 2013)

(3) Any user may give various notifications he/she is obligated to give to a financial company or an electronic financial business entity to its or his/her subsidiary electronic financial business entity pursuant to an agreement made with the financial company or electronic financial business entity. In such cases, a notification given to the subsidiary electronic financial business entity shall be deemed to have been given to the relevant financial company or electronic financial business entity. (Amended by Act nº 11814, May 22, 2013)

SECTION 2.- Electronic Payment Transactions, etc.

Article 12 (Validity of Electronic Payment Transaction Contracts)

(1) Any financial company or electronic financial business entity shall make a payment by transmitting the amount requested by a payer or payee on a transaction request to the payee or his/her financial company or electronic financial business entity, pursuant to an agreement made with the payer or payee to facilitate electronic payment transactions. (Amended by Act nº 11814, May 22, 2013)

(2) When any financial company or electronic financial business entity becomes unable to transmit the amount requested pursuant to paragraph (1), it or he/she shall return to the payer the amount received for electronic payment transactions. In such cases, when the failure to transmit the amount is caused by the negligence of the payer, the expenses incurred in relation to such transmission may be deducted. (Amended by Act nº 11814, May 22, 2013)

Article 13 (Time when Payment Takes Effect)

(1) Where a payment is made by electronic payment means, such payment shall take effect at the time set forth in the following: (Amended by Act nº 11814, May 22, 2013; Act nº 12837, Oct. 15, 2014)

1. For electronic funds transfers: When the information on the amount transferred on a transaction request is completely recorded on the ledger of the account of a financial company or an electronic financial business entity with which the payee’s account is opened;

2. For withdrawal of cash directly from electronic apparatus: When the payee receives such cash;

3. For payments made by an electronic prepayment means or electronic currency: When the information on the amount requested on a transaction request gets to the electronic apparatus designated by the payee;

4. For payments made by other electronic payment means: When the information on the amount requested on a transaction request is completely input in the electronic apparatus of a financial company or an electronic financial business entity with which the payee’s account is opened.

(2) The financial companies or electronic financial business entities prescribed by Presidential Decree in consideration of their total assets, etc. shall, upon their user’s request, ensure that payment of electronic funds transfer takes effect after a certain time has elapsed since such user makes such transaction request, in accordance with the procedures and methods prescribed by Presidential Decree. (Inserted by Act nº 12837, Oct. 15, 2014)

Article 14 (Withdrawal of Transaction Requests)

(1) Any user may withdraw his/her transaction request before the payment takes effect pursuant to each subparagraph of Article 13 (1). (Amended by Act nº 12837, Oct. 15, 2014)

(2) Notwithstanding paragraph (1), a financial company or an electronic financial business entity and its user may, pursuant to a prior agreement, determine differently the timing for withdrawing a transaction request with respect to any batch transaction, reserved transaction, etc. (Amended by Act nº 11814, May 22, 2013)

(3) Any financial company or electronic financial business entity shall include in its or his/her terms and conditions the matters relating to the methods and procedures for withdrawing a transaction request under paragraph (1) and the prior agreement under paragraph (2). (Amended by Act nº 11814, May 22, 2013)

Article 15 (Consent to Withdraw Deposits by Transfer)

(1) Any financial company or electronic financial business entity shall obtain consent from the payer in advance to the withdrawal of deposits to effect a collection transfer, as prescribed by Presidential Decree. (Amended by Act nº 11814, May 22, 2013)

(2) Any payer may request a financial company or an electronic financial business entity to revoke his/her consent to withdrawal under paragraph (1) before the withdrawal of deposits is completely recorded on the ledger of the payer’s account pursuant to a transaction request of the payee. (Amended by Act nº 11814, May 22, 2013)

(3) Notwithstanding paragraph (2), a financial company or an electronic financial business entity may, pursuant to a prior agreement made with the payer, determine differently the timing for revoking the consent with respect to any batch transaction, reserved transaction, etc. (Amended by Act nº 11814, May 22, 2013)

(4) Any financial company or electronic financial business entity shall include in its or his/her terms and conditions the matters relating to the methods and procedures for revoking the consent and the prior agreement under paragraphs (2) and (3). (Amended by Act nº 11814, May 22, 2013)

Article 16 (Issuance, Use and Exchange of Electronic Currencies)

(1) Any financial company or electronic financial business entity that issues an electronic currency (hereinafter referred to as «electronic currency issuer«) shall, in issuing the electronic currency, assign identifiable numbers to the means of access and manage it by linking the numbers to the user’s real name (hereinafter referred to as «real name«) defined in subparagraph 4 of Article 2 of the Act on Real Name Financial Transactions and Confidentiality or deposit account: Provided, That the same shall not apply to any electronic currency, the upper limit of whose face value does not exceed the amount prescribed by Presidential Decree. (Amended by Act nº 11814, May 22, 2013)

(2) The electronic currency issuer shall issue the electronic currency in exchange for the same value of cash or deposits.

(3) The electronic currency issuer shall take necessary measures to keep and use the issued electronic currency so that electronic currency holders can use it.

(4) The electronic currency issuer shall, upon a request by its holder, have the duty to exchange such electronic currency for cash or deposits.

(5) The methods and procedures for the issuance and exchange of electronic currency under paragraphs (1) through (4) shall be prescribed by Presidential Decree.

Article 17 (Validity of Payment by Electronic Currencies)

When an electronic currency holder pays the prices of goods or services by electronic currency pursuant to an agreement with the payee, the duty to pay such prices shall be deemed fulfilled.

Article 18 (Transferability of Electronic Currencies, etc.)

(1) The holder of an electronic prepayment means or electronic currency may transfer it to a third party or offer it as a security pursuant to an agreement with its issuer.

(2) When an electronic prepayment means or electronic currency is transferred to a third party or offered as a security under paragraph (1), it shall be necessarily done via the issuer’s central computer system: Provided, That the same shall not apply to any electronic prepayment means whose real name is not confirmed or the electronic currency referred to in the proviso to Article 16 (1).

Article 19 (Refund of Electronic Prepayment Means)

(1) Any financial company or electronic financial business entity that issues an electronic prepayment means shall, upon a request by its holder, refund the balance recorded on such electronic prepayment means pursuant to a prior agreement. (Amended by Act nº 11814, May 22, 2013)

(2) Any financial company or electronic financial business entity shall enter, in the terms and conditions, the agreement on the refund under paragraph (1) and the fact that it or he/she will fully pay the balance recorded on the electronic prepayment means in any of the following cases: (Amended by Act nº 11814, May 22, 2013)

1. Where the electronic prepayment means becomes unavailable because it is impracticable for a chain store to supply goods or services due to an act of God, etc.;

2. Where a chain store cannot supply goods or services due to any defect in the electronic prepayment means;

3. Where the balance recorded on the electronic prepayment means falls below a fixed rate. In such cases, the fixed rate shall be less than 20/100.

Article 20 (Requisite for Setting Up Transfer of Electronic Bonds)

(1) The transfer of electronic bonds shall be deemed to satisfy the requisite for setting up against the obligor referred to in Article 450 (1) of the Civil Act when meeting all the following requirements:

1. The notice made by the transferor to transfer the electronic bonds or the obligor’s consent thereto shall be given through an electronic document bearing the certified digital signature provided for in subparagraph 3 of Article 2 of the Digital Signature Act;

2. The electronic document stating the notice or consent referred to in subparagraph 1 shall be registered with an electronic bond management agency.

(2) The electronic document stating the notice or consent referred to in paragraph (1) shall be deemed to satisfy the requisite for setting up against the obligor referred to in Article 450 (2) of the Civil Act when completing the time-stamp stipulated in Article 20 of the Digital Signature Act and meeting all the requirements referred to in paragraph (1).

CHAPTER III.- ENSURING SAFETY OF ELECTRONIC FINANCIAL TRANSACTIONS AND PROTECTION OF USERS

Article 21 (Duty to Ensure Safety)

(1) A financial company or an electronic financial business entity and its or his/her subsidiary electronic financial business entity (hereinafter referred to as «financial company, etc.») shall perform its or his/her duties of a good manager to ensure the safe processing of electronic financial transactions. (Amended by Act nº 11814, May 22, 2013)

(2) In order to ensure the safety and reliability of electronic financial transactions, a financial company etc. shall comply with the standards determined by the Financial Services Commission with respect to the information technology sector, such as human resources, facilities, electronic apparatus, and expenses for conducting electronic transmissions or processing, the electronic financial affairs and certification methods including the use of certificates under the Digital Signature Act. (Amended by Act nº 8863, Feb. 29, 2008; Act nº 11814, May 22, 2013; Act nº 12837, Oct. 15, 2014)

(3) The Financial Services Commission shall not compel the use of any specific technology or service when determining the standards referred to in paragraph (2) and shall endeavor to promote the fair competition of security technologies and certification technologies. (Amended by Act nº 12837, Oct. 15, 2014)

(4) For safe electronic financial transactions, the financial companies or electronic financial business entities prescribed by Presidential Decree shall annually establish a plan for the information technology sector and submit it to the Financial Services Commission after obtaining confirmation and signature of its or his/her representative, as prescribed by Presidential Decree. (Inserted by Act nº 11814, May 22, 2013)

Article 21-2 (Appointment of Chief Information Security Officers)

(1) Any financial company or electronic financial business entity shall appoint a chief information security officer to be responsible for managing electronic financial business and information technology security which forms the basis of electronic financial business. (Amended by Act nº 11814, May 22, 2013)

(2) A financial company or an electronic financial business entity prescribed by Presidential Decree in consideration of its or his/her total assets, number of employees, etc. shall appoint one of the executives (including any person prescribed in Article 401-2 (1) 3 of the Commercial Act) as a chief information security officer. (Amended by Act nº 11814, May 22, 2013)

(3) The chief information security officer of the financial companies or electronic financial business entities prescribed by Presidential Decree in consideration of its or his/her total assets, number of employees, etc. shall not concurrently perform duties in the information technology sector other than those referred to in paragraph (4). (Inserted by Act nº 12837, Oct. 15, 2014)

(4) A chief information security officer under paragraph (1) shall perform the following duties: (Amended by Act nº 12837, Oct. 15, 2014)

1. Establishing strategies and plans for securing the stability of electronic financial transactions and protecting the users thereof;

2. Protecting the information technology sector;

3. Managing human resources and forming a budget, which are necessary for the security of the information technology sector;

4. Preventing electronic financial transaction accidents, and taking measures therefor;

5. Other matters prescribed by Presidential Decree for securing the stability of electronic financial transactions.

(5) Matters necessary for qualifications, etc. for a chief information security officer shall be prescribed by Presidential Decree. (Amended by Act nº 12837, Oct. 15, 2014)

(Article Inserted by Act nº 11087, Nov. 14, 2011)

Article 21-3 (Analyzing and Assessing Vulnerability of Electronic Financial Infrastructure)

(1) To ensure the safety and reliability of electronic financial transactions, a financial company and an electronic financial business entity shall analyze and assess the following matters with respect to its or his/her electronic financial infrastructure and report the findings therefrom (referring to the findings from analysis and assessment of vulnerability, where conducted under Article 9 of the Act on the Protection of Information and Communications Infrastructure) to the Financial Services Commission:

1. Matters relating to the organization, facilities, and internal control of the information technology sector;

2. Matters relating to electronic apparatus and the means of access of the information technology sector;

3. Matters relating to measures to respond to infringements in order to maintain electronic financial transactions;

4. Other matters prescribed by Presidential Decree.

(2) A financial company and an electronic financial business entity shall establish and implement a plan to take necessary complementary measures based on the findings from analysis and assessment of vulnerability in the electronic financial infrastructure under paragraph (1).

(3) The Financial Services Commission may require public officials under its control to inspect the findings from analysis and assessment of vulnerability in the electronic financial infrastructure under paragraph (1) and the actual status of implementing complementary measures pursuant to paragraph (2).

(4) Details of and procedures for analysis and assessment of vulnerability in the electronic financial infrastructure under paragraph (1) and the establishment and implementation of the plan under paragraph (2) and other necessary matters shall be prescribed by Presidential Decree.

(Article Inserted by Act nº 11814, May 22, 2013)

Article 21-4 (Prohibition against Electronic Infringement, etc.)

No person shall commit any of the following offences:

1. For anyone without access authority to access electronic financial infrastructure, or for anyone with access authority to fabricate, destroy, hide or lose the stored data beyond his/her authority;

2. Installing programs, such as computer virus, logic bomb, or mail bomb, for the purpose of destroying data of electronic financial infrastructure or obstructing the operation of electronic financial infrastructure;

3. Causing errors or hindrance to electronic financial infrastructure by methods, such as sending mass signal, high-powered electromagnetic wave or data simultaneously or having fraudulent commands be processed, for the purpose of obstructing the stable operation of electronic financial infrastructure.

(Article Inserted by Act nº 11814, May 22, 2013)

Article 21-5 (Notification, etc. of Infringement Incidents)

(1) If an incident, such as disturbance or paralysis of electronic financial infrastructure, occurs due to an electronic infringement (hereinafter referred to as “infringement incident”), the relevant financial company and electronic financial business entity shall, without delay, inform the Financial Services Commission thereof.

(2) If an infringement incident occurs, the relevant financial company and electronic financial business entity shall analyze the causes thereof and take necessary measures to prevent the spread of damage.

(Article Inserted by Act nº 11814, May 22, 2013)

Article 21-6 (Response to Infringement Incidents)

(1) The Financial Services Commission shall perform the following duties to respond to infringement incidents:

1. Collecting and disseminating information on infringement incidents;

2. Issuing preannouncements and warnings about infringement incidents;

3. Taking emergency measures against infringement incidents;

4. Other matters prescribed by Presidential Decree for responding to infringement incidents.

(2) Procedures and methods necessary for performing the duties referred to in paragraph (1) and other matters shall be prescribed by Presidential Decree.

(Article Inserted by Act nº 11814, May 22, 2013)

Article 22 (Creation, Preservation and Destruction of Electronic Financial Transaction Records)

(1) A financial company, etc. shall create the records (hereafter referred to as “electronic financial transaction records” in this Article) necessary to trace and search the details of electronic financial transactions or to verify or correct any error in such details and shall preserve them for a period prescribed by Presidential Decree within up to five years. (Amended by Act nº 11814, May 22, 2013; Act nº 12837, Oct. 15, 2014)

(2) If the preservation period under paragraph (1) elapses and any commercial transaction relation, including financial transactions, is terminated, a financial company, etc. shall, within five years, destroy the relevant electronic financial transaction records (excluding credit information under the Credit Information Use and Protection Act; hereafter the same shall apply in this paragraph): Provided, That this shall not apply in any of the following cases: (Inserted by Act nº 12837, Oct. 15, 2014)

1. Where it is inevitable to meet any obligation under other Acts;

2. Other cases determined by the Financial Services Commission, where it is necessary to preserve electronic financial transaction records.

(3) The types, preservation methods, destruction procedures and methods of electronic financial transaction records to be preserved by financial companies, etc. in accordance with paragraphs (1) and (2), and the standards for determining the day when a commercial transaction relation is terminated shall be prescribed by Presidential Decree. (Amended by Act nº 11814, May 22, 2013; Act nº 12837, Oct. 15, 2014)

Article 23 (Issuance and Limit of Use of Electronic Payment Means, etc.)

(1) The Financial Services Commission may require a financial company or an electronic financial business entity to set the following limits or take other necessary measures, in consideration of the characteristics of electronic payment means, as prescribed by Presidential Decree: (Amended by Act nº 8863, Feb. 29, 2008; Act nº 11814, May 22, 2013)

1. The upper limit of the face value of an electronic currency and electronic prepayment means to be issued;

2. The limit of use of electronic funds transfer;

3. The limit of use of electronic debit payment means.

(2) The Financial Services Commission may require a financial company or an electronic financial business entity to set the upper limit of cash withdrawal from electronic apparatus or may take other necessary measures, as prescribed by Presidential Decree. (Inserted by Act nº 11814, May 22, 2013)

Article 24 (Clarification of Terms and Conditions and Notification of Alterations thereof)

(1) Any financial company or electronic financial business entity shall clarify the terms and conditions in concluding a contract for electronic financial transactions with a user, and, at the request of a user, deliver a copy of the terms and conditions to the user, along with explaining the details thereof, in the manner prescribed by the Financial Services Commission. (Amended by Act nº 8863, Feb. 29, 2008; Act nº 11814, May 22, 2013)

(2) No financial company or electronic financial business entity shall, if it or he/she has concluded a contract in violation of paragraph (1), assert that the details of the terms and conditions are included in the relevant contract. (Amended by Act nº 11814, May 22, 2013)

(3) Any financial company or electronic financial business entity shall, if it or he/she has altered the terms and conditions, publish the altered terms and conditions and inform the users thereof by one month prior to the enforcement of the altered terms and conditions, in the manner prescribed by the Financial Services Commission: Provided, That if the terms and conditions are urgently altered due to any amendment to Acts and subordinate statutes, it or he/she shall promptly publish the terms and conditions so altered and inform the users thereof in such manner prescribed by the Financial Services Commission. (Amended by Act nº 8863, Feb. 29, 2008; Act nº 11814, May 22, 2013)

(4) Any user may terminate a contract for electronic financial transactions by no later than the business day immediately preceding the enforcement date of the altered terms and conditions after the details of the altered terms and conditions are published or informed pursuant to paragraph (3). When the user fails to raise an objection against the details of the altered terms and conditions within the period referred to in the first sentence, he/she shall be deemed to have approved the altered terms and conditions.

Article 25 (Preparation and Alteration of Terms and Conditions)

(1) When a financial company or an electronic financial business entity intends to prepare or alter the terms and conditions for electronic financial transactions, it or he/she shall in advance report thereon to the Financial Services Commission: Provided, That in cases determined by the Financial Services Commission which do not adversely affect the rights, interests or duties of users, a report may be file to the Financial Services Commission within ten days after the terms and conditions is prepared or altered. (Amended by Act nº 8863, Feb. 29, 2008; Act nº 11814, May 22, 2013)

(2) The Financial Services Commission may recommend a financial company or an electronic financial business entity to alter the terms and conditions under paragraph (1) if necessary to maintain orderly electronic financial transactions. (Amended by Act nº 8863, Feb. 29, 2008; Act nº 11814, May 22, 2013)

(3) The Financial Services Commission may determine the period and procedures for reporting the preparation or alteration of the terms and conditions under paragraph (1) and other necessary matters. (Amended by Act nº 8863, Feb. 29, 2008)

(4) Paragraphs (1) through (3) shall not apply to the financial companies defined in subparagraph 3 (c) and (d) of Article 2. (Amended by Act nº 11814, May 22, 2013)

Article 26 (Provision, etc. of Electronic Financial Transaction Information)

No one who recognizes the existence of any of the following matters in the course of performing duties relating to electronic financial transactions shall provide or disclose such information to any third party or use it for any purpose other than his/her duties without the consent of the relevant user: Provided, That the same shall not apply to cases provided for in the proviso to Article 4 (1) of the Act on Real Name Financial Transactions and Confidentiality or in any other Act:

1. The matters relating to the identity of the user;

2. The information or materials relating to the accounts, the means of access, and the details and results of electronic financial transactions of the user.

Article 27 (Settlement and Mediation of Disputes)

(1) Any financial company or electronic financial business entity shall prepare procedures to reflect reasonable opinions or complaints presented by users in relation to electronic financial transactions and to compensate for any loss sustained by users in the course of conducting electronic financial transactions, as prescribed by Presidential Decree. (Amended by Act nº 11814, May 22, 2013)

(2) When a user has an objection to the processing of electronic financial transactions, he/she may demand the settlement of dispute, such as compensation for losses, pursuant to the procedures determined under paragraph (1) or file an application for mediation of dispute with the Financial Supervisory Service, the Korea Consumer Agency, etc. (Amended by Act nº 11814, May 22, 2013)

(3) Detailed procedures and methods for the settlement of disputes and the application for mediation of disputes under paragraphs (1) and (2) and other matters shall be prescribed by Presidential Decree.

(4) Any financial company or electronic financial business entity shall clarify the procedures referred to in paragraphs (1) through (3) in concluding a contract for electronic financial transactions. (Amended by Act nº 11814, May 22, 2013)

CHAPTER IV.- PERMISSION, REGISTRATION AND FUNCTIONS OF ELECTRONIC FINANCIAL BUSINESS

Article 28 (Permission and Registration of Electronic Financial Business)

(1) Any person who intends to engage in a business issuing and managing electronic currencies shall obtain permission therefor from the Financial Services Commission: Provided, That the same shall not apply to the banks provided for in the Banking Act and other financial companies prescribed by Presidential Decree. (Amended by Act nº 8863, Feb. 29, 2008; Act nº 10303, May 17, 2010; Act nº 11814, May 22, 2013)

(2) Any person who intends to provide any of the following services shall register himself/herself with the Financial Services Commission: Provided, That the same shall not apply to the banks provided for in the Banking Act and other financial companies prescribed by Presidential Decree: (Amended by Act nº 8863, Feb. 29, 2008; Act nº 10303, May 17, 2010; Act nº 11814, May 22, 2013)

1. Electronic funds transfer services;

2. Issuance and management of electronic debit payment means;

3. Issuance and management of electronic prepayment means;

4. Electronic payment settlement agency services;

5. Other electronic financial services prescribed by Presidential Decree.

(3) Notwithstanding paragraph (2), any of the following persons may provide the services referred to in each subparagraph of the said paragraph without registering himself/herself with the Financial Services Commission: (Amended by Act nº 8863, Feb. 29, 2008)

1. Any person who issues an electronic prepayment means falling under any of the following cases:

(a) Where it is only used at chain stores meeting the standards prescribed by Presidential Decree, such as the chain stores located within specially designated buildings;

(b) Where the total balance of its issued amount does not exceed the amount prescribed by Presidential Decree;

(c) Where it is an electronic prepayment means, the price of which has not been pre-paid directly by a user and is covered by a refund guarantee insurance, etc. as prescribed by Presidential Decree to discharge the liability for monetary values stored by the user;

2. Any person who performs the electronic payment settlement agency services prescribed by Presidential Decree, such as delivering information only for the electronic processing of electronic payment transactions without direct involvement in the transfer of funds.

(4) Article 4, Chapters II (excluding Article 19) and III (excluding Articles 21 (4), 21-2, 21-3, 23 and 25), and Articles 37, 38, 39 (1) and (6), 41 (1), 43 (2) and (3), 46, 46-2, and 47 concerning electronic financial business entities shall apply mutatis mutandis to the persons who issue electronic prepayment means exempted from registration under paragraph (3) 1 (c): Provided, That Articles 25, 39 (2) through (5), and 40 (2) and (3) shall apply mutatis mutandis where the financial incidents prescribed by Presidential Decree occur, such as insolvency due to any illegal or unjust act committed by the relevant employees or officers. (Amended by Act nº 11814, May 22, 2013; Act nº 12837, Oct. 15, 2014)

(5) The Financial Services Commission may attach a condition to the permission granted under paragraph (1). (Amended by Act nº 8863, Feb. 29, 2008)

Article 29 (Registration of Electronic Bond Management Agencies)

(1) Any person who intends to engage in a business registering and managing electronic bonds shall register himself/herself with the Financial Services Commission. (Amended by Act nº 8863, Feb. 29, 2008)

(2) Articles 21, 22, 39, 41, and 43 shall apply mutatis mutandis to the electronic bond management agencies which are registered to carry out the business of registering and managing electronic bonds pursuant to paragraph (1).

(3) The procedures and methods for the registration of electronic bonds by electronic bond management agencies and other necessary matters shall be prescribed by Presidential Decree.

Article 30 (Capital)

(1) Any person who intends to obtain permission pursuant to Article 28 (1) shall be a stock company with a capital of at least five billion won.

(2) Either of the following entities is eligible for registration pursuant to Article 28 (2) 1 through 3, and its capital or total investment shall exceed the amount prescribed by Presidential Decree, which is at least two billion won for each category of business: (Amended by Act nº 11814, May 22, 2013)

1. A company provided for in Article 170 of the Commercial Act;

2. A corporation incorporated under a special Act (limited to the issuance and management of electronic prepayment means under Article 28 (2) 3 to perform the duties provided for in the relevant Act).

(3) An entity eligible for registration pursuant to Article 28 (2) 4 and 5 and Article 29 shall be a company provided for in Article 170 of the Commercial Act or a corporation stipulated in Article 32 of the Civil Act, the capital, total investments or fundamental property of which exceeds the amount prescribed by Presidential Decree, which is at least the amount referred to in the following subparagraphs for each category of business: (Amended by Act nº 14132, Mar. 29, 2016)

1. A person who intends to operate below the standard defined by the Financial Services Commission, within the scope in which the total amount of electronic financial transactions per quarter does not exceed three billion won (excluding a person who intends to register pursuant to Article 29): An amount prescribed by Presidential Decree of at least 300 million won;

2. A person not falling under subparagraph 1: An amount prescribed by Presidential Decree of at least 500 million won.

(4) Where a person falling under paragraph (3) 1 registers pursuant to Article 28 and continues to exceed the standard defined by the Financial Services Commission under paragraph (3) 1 for at least two consecutive quarters, he/she shall report the relevant details to the Financial Services Commission, and shall satisfy the requirements for capital under paragraph (3) 2 within the period set by the Financial Services Commission. (Inserted by Act nº 14132, Mar. 29, 2016)

Article 31 (Requirements for Permission and Registration)

(1) Any person who intends to obtain permission or file for registration pursuant to Articles 28 and 29 shall meet all of the following requirements. Subparagraphs 4 and 5 shall only apply to permission:

1. He/she shall hold the capital or fundamental property referred to in Article 30;

2. He/she shall be equipped with professional human resources and physical installations, such as computer equipment, sufficient to protect users and carry out the intended business;

3. He/she shall meet the standards of financial soundness prescribed by Presidential Decree;

4. He/she shall have a proper and sound plan necessary to execute the business concerned;

5. He/she shall secure the major investors prescribed by Presidential Decree, with sufficient investment capability, sound financial state and social credit.

(2) Matters necessary for the detailed requirements for permission and registration under paragraph (1) shall be determined by the Financial Services Commission. (Amended by Act nº 8863, Feb. 29, 2008)

Article 32 (Disqualification for Permission and Registration)

None of the following persons are entitled to permission or registration under Articles 28 and 29: (Amended by Act nº 8863, Feb. 29, 2008)

1. A corporation for which one year has not yet passed since its registration was cancelled pursuant to Article 34, and a person who was a large stockholder (referring to any such investor prescribed by Presidential Decree; hereinafter the same shall apply) of the corporation at the time of cancellation of such registration and for whom one year has not yet passed since the registration was cancelled;

2. A corporation for which three years have not yet passed since its permission or registration was revoked pursuant to Article 43 (1), and a person who was a large stockholder of the corporation at the time of such revocation and for whom three years have not yet passed since such revocation;

3. A company which is in process of the rehabilitation procedure pursuant to the Debtor Rehabilitation and Bankruptcy Act and the large stockholders of such company;

4. Any person who has failed to pay a debt within an agreed period in financial transactions and other commercial transactions and who is determined by the Financial Services Commission;

5. Any person who has been punished by a fine or heavier punishment for violating the finance-related Acts or subordinate statutes prescribed by Presidential Decree within the three years preceding the date of application for permission or registration;

6. A corporation whose large stockholder falls under any of subparagraphs 1 through 5.

Article 33 (Applications, etc. for Permission, Registration and Authorization)

(1) Any person who intends to obtain permission or authorization or file for registration pursuant to Article 28, 29, or 45 shall submit an application therefor to the Financial Services Commission, as prescribed by Presidential Decree. (Amended by Act nº 8863, Feb. 29, 2008; Act nº 11814, May 22, 2013)

(2) Upon receipt of an application under paragraph (1), the Financial Services Commission shall grant permission, registration, or authorization and notify the applicant of the results, as prescribed by Presidential Decree. (Amended by Act nº 8863, Feb. 29, 2008; Act nº 11814, May 22, 2013)

(3) When the Financial Services Commission grants permission, registration or authorization pursuant to Articles 28, 29, and 45, it shall, without delay, publish the details thereof in the Official Gazette and inform the general public thereof through computer communications, etc. (Amended by Act nº 8863, Feb. 29, 2008; Act nº 11814, May 22, 2013)

Article 33-2 (Preliminary Permission)

(1) Any person who intends to obtain permission under Article 28 (1) (hereafter referred to as “final permission” in this Article) may, in advance, file an application for preliminary permission with the Financial Services Commission.

(2) When the Financial Services Commission decides whether to grant preliminary permission under paragraph (1), it shall verify that the person who intends to obtain preliminary permission meets all requirements for final permission.

(3) The Financial Services Commission may attach a condition to preliminary permission under paragraph (2).

(4) When any person who obtained preliminary permission files an application for final permission, the Financial Services Commission shall verify whether he/she has fulfilled the condition to preliminary permission under paragraph (3) and has met all requirements for final permission, before it decides whether to grant final permission.

(5) Article 33 (1) and (2) shall apply mutatis mutandis to preliminary permission.

(Article Inserted by Act nº 11814, May 22, 2013)

Article 34 (Cancellation of Registration Subject to Application)

(1) Any person who has been granted registration pursuant to Articles 28 (2) and 29 may file an application for the cancellation of such registration, as prescribed by Presidential Decree.

(2) The Financial Services Commission shall, upon receipt of an application under paragraph (1), cancel the registration without delay. (Amended by Act nº 8863, Feb. 29, 2008)

(3) When the Financial Services Commission has cancelled registration pursuant to paragraph (2), it shall, without delay, publish the details thereof in the Official Gazette and inform the general public thereof through computer communications, etc. (Amended by Act nº 8863, Feb. 29, 2008)

Article 35 (Restriction on Concurrent Businesses)

(1) Any electronic financial business entity who has obtained permission pursuant to Article 28 (1) shall be prohibited from concurrently engaging in any business other than the following:

1. Services provided for in the subparagraphs of Article 28 (2) (limited to registered ones);

2. Business permitted pursuant to Article 28 (1) and other business prescribed by Presidential Decree and necessary to provide the services referred to in subparagraph 1.

(2) Notwithstanding paragraph (1), any electronic financial business entity who has obtained permission pursuant to Article 28 (1) may engage in the business other than those referred to in the subparagraphs of paragraph (1), if it or he/she is provided with payment guarantee by the financial companies prescribed by Presidential Decree or purchase refund guarantee insurance for all of the non-refunded portions of electronic currency. (Amended by Act nº 11814, May 22, 2013)

Article 36 (Prohibition against Use of Similar Names)

(1) The name ‘electronic currency’ shall be used only for the electronic currency referred to in subparagraph 15 of Article 2.

(2) Any person who has failed to obtain permission pursuant to Article 28 (1) may not use the phrase ‘electronic currency’ in his/her trade name.

Article 37 (Matters to be Observed by Chain Stores)

(1) No chain store shall refuse to provide goods or services, or treat any user unfavorably, on the grounds that transactions are conducted by electronic debit payment means, electronic prepayment means or electronic currency (hereinafter referred to as «electronic currency, etc.»).

(2) No chain store shall charge users a merchant fee to be borne by such store.

(3) No chain store shall commit any of the following offences:

1. Pretending that a transaction is conducted by electronic currency, etc. without providing goods or services;

2. Conducting transactions by electronic currency, etc. in excess of actual turnover;

3. Conducting transactions by electronic currency, etc. under the name of another chain store;

4. Lending the name of the chain store to a third party;

5. Conducting, as an agent, transactions by electronic currency, etc.

(4) A person other than a chain store shall not conduct any transaction by electronic currency, etc. under the name of a chain store.

Article 38 (Recruitment, etc. of Chain Stores)

(1) In recruiting a chain store, any financial company or electronic financial business entity shall confirm whether the store seeking membership actually carries on its own business: Provided, That the same shall not apply to a chain store which has already been confirmed pursuant to Article 16-2 of the Specialized Credit Finance Business Act. (Amended by Act nº 11814, May 22, 2013)

(2) No financial company or electronic financial business entity shall have its or his/her chain store bear a loss incurred by either of the following transactions: Provided, That the same shall not apply where a financial company or an electronic financial business entity concludes a contract with its or his/her chain store to the effect that such loss shall be fully or partially borne by the chain store when the financial company or electronic financial business entity proves the intention or gross negligence of the chain store in connection with the transaction: (Amended by Act nº 11814, May 22, 2013)

1. A transaction conducted using a lost or stolen electronic currency, etc.;

2. A transaction conducted using a forged or altered electronic currency, etc.

(3) Any financial company or electronic financial business entity shall inform its or his/her chain stores of the following matters, in the manner prescribed by the Financial Services Commission: (Amended by Act nº 8863, Feb. 29, 2008; Act nº 11814, May 22, 2013)

1. A merchant fee to be borne by chain stores;

2. Liability for chain stores under paragraph (2);

3. Matters to be observed by chain stores under Article 37.

(4) When a chain store is sentenced to a punishment for violating Article 37 or receives a written notification of such violation from the relevant administrative agency, and thus falls under the grounds prescribed by Presidential Decree, the relevant financial company or electronic financial business entity shall, without delay, terminate the contract with the said chain store unless any special ground exists to the contrary. (Amended by Act nº 11814, May 22, 2013)

CHAPTER V.- SUPERVISION OF ELECTRONIC FINANCIAL BUSINESS

Article 39 (Supervision and Inspection)

(1) The Financial Supervisory Service (referring to the Financial Supervisory Service established under Article 24 (1) of the Act on the Establishment, etc. of Financial Services Commission; hereinafter the same shall apply) shall supervise whether financial companies and electronic financial business entities abide by this Act or orders issued under this Act, following instructions from the Financial Services Commission. (Amended by Act nº 8863, Feb. 29, 2008; Act nº 11814, May 22, 2013)

(2) The Governor of the Financial Supervisory Service may require a financial company or an electronic financial business entity to report on its or his/her business operations and financial conditions if necessary to conduct supervision under paragraph (1). (Amended by Act nº 8863, Feb. 29, 2008; Act nº 11814, May 22, 2013; Act nº 13929, Jan. 27, 2016)

(3) The Governor of the Financial Supervisory Service may inspect the electronic financial business and other related financial conditions of a financial company and an electronic financial business entity and, if deemed necessary to conduct such inspection, ask the financial company and the electronic financial business entity to submit data relating to its or his/her business operations and financial conditions or to order the attendance of all relevant persons. (Amended by Act nº 11814, May 22, 2013)

(4) Any person who conducts an inspection pursuant to paragraph (3) shall carry an identification indicating his/her authority and present it to relevant persons.

(5) Upon conducting an inspection pursuant to paragraph (3), the Governor of the Financial Supervisory Service shall report the findings therefrom to the Financial Services Commission, as determined by the Financial Services Commission. (Amended by Act nº 8863, Feb. 29, 2008)

(6) When a financial company or an electronic financial business entity is deemed likely to undermine the sound operation of the financial company or electronic financial business entity in violation of any provision of this Act or any order issued under this Act, the Financial Services Commission may, upon recommendation of the Governor of the Financial Supervisory Service, take any of the following measures or authorize the Governor of the Financial Supervisory Service to take any measure referred to in subparagraphs 1 through 3: (Amended by Act nº 8863, Feb. 29, 2008; Act nº 11814, May 22, 2013; Act nº 14828, Apr. 18, 2017)

1. Issuing an order to correct the relevant offence;

2. Issuing a caution or warning against a financial company or an electronic financial business entity;

3. Demanding caution, warning or reprimand against an executive officer or employee;

4. Recommending dismissal of an executive officer (excluding an operating officer under subparagraph 5 of Article 2 of the Act on Corporate Governance of Financial Companies; hereafter the same shall apply in Article 39-2) or suspending performance of his/her duties.

Article 39-2 (Notification of Details of Measures against Retired Executive Officer, etc.)

(1) Where, if a retired executive officer or employee (including an operating officer under subparagraph 5 of Article 2 of the Act on Corporate Governance of Financial Companies) of a financial company or electronic financial business entity held office as such, he/she would be deemed to be subject to any measure falling under Article 39 (6) 3 or 4, the Financial Services Commission (including the Governor of the Financial Supervisory Service authorized to take measures pursuant to Article 39 (6)) may notify the head of such financial company or electronic financial business entity of the details of such measure.

(2) The head of a financial company or electronic financial business entity in receipt of a notification under paragraph (1) shall notify the retired executive officer or employee of such fact, and keep and maintain the content of such notification.

(Article Inserted by Act nº 14828, Apr. 18, 2017)

Article 40 (Supervision and Inspection of Outside Orders, etc.)

(1) Where a financial company or an electronic financial business entity concludes or alters a contract with its or his/her subsidiary electronic financial business entity for affiliation, entrustment or outside orders (hereafter referred to as “outside order, etc.” in this Article) in relation to electronic financial transactions (including where a subsidiary electronic financial business entity concludes or alters a contract with another subsidiary electronic financial business entity for outside orders, etc.), it or he/she shall meet the standards determined by the Financial Services Commission to ensure the safety and reliability of electronic financial transactions and the soundness of the financial company and electronic financial business entity. (Amended by Act nº 8863, Feb. 29, 2008; Act nº 11814, May 22, 2013)

(2) Where the contents of a contract under paragraph (1) are deemed likely to undermine the operational soundness of a financial company or an electronic financial business entity and the rights and interests of users, the Financial Services Commission may direct the financial company or electronic financial business entity to correct or supplement the relevant contents of the contract. (Amended by Act nº 8863, Feb. 29, 2008; Act nº 11814, May 22, 2013)

(3) When the Governor of the Financial Supervisory Service conducts an inspection of a financial company or an electronic financial business entity in relation to outside orders, etc. under paragraph (1), he/she may request its or his/her subsidiary electronic financial business entity to submit data pursuant to the standards determined by the Financial Services Commission. (Amended by Act nº 8863, Feb. 29. 2008; Act nº 11814, May 22, 2013)

(4) When a subsidiary electronic financial business entity fails to submit data under paragraph (3) or submit insufficient data, the Governor of the Financial Supervisory Service may investigate the relevant subsidiary electronic financial business entity. (Inserted by Act nº 11814, May 22, 2013)

(5) The Governor of the Financial Supervisory Service may request the following from a subsidiary electronic financial business entity, if deemed necessary for conducting an investigation under paragraph (4): (Inserted by Act nº 11814, May 22, 2013)

1. Submitting a written statement relating to matters subject to such investigation;

2. Submitting a ledger, document or other articles necessary for such investigation;

3. Attendance of a relevant person.

(6) A subsidiary electronic financial business entity entrusted with any duties related to the data protection of the information technology sector shall not re-entrust such duties to a third party: Provided, That this shall not apply to cases recognized by the Financial Services Commission within the extent not impairing the protection and safe processing of electronic financial transaction information. (Inserted by Act nº 12837, Oct. 15, 2014)

(7) Article 39 (4) shall apply mutatis mutandis to investigations conducted under paragraph (4). (Inserted by Act nº 11814, May 22, 2013; Act nº 12837, Oct. 15, 2014)

Article 41 (Requests, etc. for Submission of Data by Bank of Korea)

(1) When the Monetary Policy Committee deems it necessary for implementing monetary credit policies and facilitating the smooth operation of payment and settlement systems in relation to electronic payment transactions, the Bank of Korea may request a financial company or an electronic financial business entity to submit data. In such cases, the scope of data so requested shall be limited to a necessary minimum in consideration of the work burden of the relevant financial company and electronic financial business entity. (Amended by Act nº 11814, May 22, 2013)

(2) When the Monetary Policy Committee deems it necessary for implementing monetary credit policies, the Bank of Korea may request the Financial Supervisory Service to inspect the electronic currency issuer and the financial company and electronic financial business entity registered to provide the service referred to in Article 28 (2) 1 or to conduct a joint inspection thereof with the Bank of Korea. (Amended by Act nº 11814, May 22, 2013)

(3) Articles 87 and 88 of the Bank of Korea Act and Article 62 of the Act on the Establishment, etc. of Financial Services Commission shall apply mutatis mutandis to the methods and procedures for making requests under paragraphs (1) and (2). (Amended by Act nº 8863, Feb. 29, 2008)

Article 42 (Keeping Separate Accounts and Guidance for Sound Management)

(1) A financial company and an electronic financial business entity shall keep separate accounts by the category of business provided for in Article 28 (1) and (2) to analyze the performance of business relating to fund management and electronic financial transactions, and prepare a report on the business relating to electronic financial transactions and the outcomes of management and submit it to the Financial Services Commission, as determined by the Financial Services Commission. (Amended by Act nº 8863, Feb. 29, 2008; Act nº 11814, May 22, 2013; Act nº 12837, Oct. 15, 2014)

(2) The Financial Services Commission may set the standards for management guidance for the following matters to direct the sound management of a financial company or an electronic financial business entity that performs the business relating to electronic financial transactions and to prevent electronic financial incidents, as prescribed by Presidential Decree: (Amended by Act nº 8863, Feb. 29, 2008; Act nº 11814, May 22, 2013)

1. Matters relating to the appropriateness of capital;

2. Matters relating to the soundness of assets;

3. Matters relating to liquidity;

4. Other matters necessary to ensure the soundness of management.

(3) Where any financial company or electronic financial business entity that has obtained permission under Article 28 (1) is deemed likely to severely undermine the soundness of its or his/her own management, such as failing to meet the standards for management guidance under paragraph (2), the Financial Services Commission may request it or him/her to take necessary measures to improve its or his/her own management, such as increasing capital and limiting dividends. (Amended by Act nº 8863, Feb. 29, 2008; Act nº 11814, May 22, 2013)

(4) Articles 10, 11 (1), (4) and (5), 13-2, 14, 14-2 through 14-4, 14-7, 15 through 19, 27, and 28 of the Act on the Structural Improvement of the Financial Industry shall apply mutatis mutandis to the measures, etc. necessary to be taken when the financial standing of the financial company or electronic financial business entity that has obtained permission under Article 28 (1) falls short of the standards for management guidance under paragraph (2) or is evidently deemed to fall short of the said standards due to any serious financial incident or insolvency claims. (Amended by Act nº 11814, May 22, 2013)

Article 43 (Revocation, etc. of Permission or Registration)

(1) When a financial company or an electronic financial business entity falls under any of the following cases, the Financial Services Commission may revoke permission or registration under Article 28: (Amended by Act nº 8863, Feb. 29, 2008; Act nº 11814, May 22, 2013)

1. Where it or he/she has obtained permission or registration under Article 28 by fraudulent or other illegal means;

2. Where it or he/she falls under any of subparagraphs 1 through 5 of Article 32;

3. Where it or he/she has violated an order to suspend business issued under paragraph (2);

4. Where it or he/she has failed to run a business for one or more consecutive years without any just ground;

5. Where it or he/she has virtually closed its or his/her business due to the merger, bankruptcy or business closure of the relevant corporation or on other grounds.

(2) When a financial company or an electronic financial business entity falls under any of the following cases, the Financial Services Commission may order it or him/her to wholly or partially suspend the relevant business with a given period of up to six months: (Amended by Act nº 8863, Feb. 29, 2008; Act nº 11814, May 22, 2013; Act nº 14132, Mar. 29, 2016)

1. Where it or he/she has violated Article 6 (1) or (2), 16 (1) through (4), 19 (1), 21 (1) or (2), 21-5 (2), 35, 36, or 38 (3) or (4);

2. Where it or he/she has failed to investigate an error and effect appropriate corrections, in violation of Article 8 (2) and (3);

3. Where it or he/she has failed to comply with any measure, direction or order taken or issued by the Financial Services Commission under Article 23, 39 (6), 40 (2) or 42 (3).

4. Where it or he/she fails to file a report under Article 30 (4) or fails to satisfy the requirements within the period.

(3) A financial company or an electronic financial business entity, whose business is wholly or partially suspended or permission or registration is revoked under paragraphs (1) and (2), may even so continue to perform the payment and settlement business of electronic financial transactions conducted prior to such disposition. (Amended by Act nº 11814, May 22, 2013)

(4) When the Financial Services Commission revokes permission or registration under paragraph (1), it shall, without delay, publish the details thereof in the Official Gazette and inform the general public thereof through computer communications, etc. (Amended by Act nº 8863, Feb. 29, 2008)

Article 44 (Hearings)

When the Financial Services Commission intends to revoke permission or registration under Article 43 (1), it shall hold a hearing thereon. (Amended by Act nº 8863, Feb. 29, 2008)

Article 45 (Authorization for Merger, Dissolution, Business Closure, etc.)

(1) When any electronic financial business entity who has obtained permission pursuant to Article 28 (1) intends to engage in any of the following activities, he/she shall obtain authorization therefor from the Financial Services Commission, as prescribed by Presidential Decree: (Amended by Act nº 8863, Feb. 29, 2008; Act nº 11814, May 22, 2013)

1. A merger with another financial company or electronic financial business entity;

2. Dissolution or the closure of electronic financial business;

3. Transfer and takeover all or part of business.

(2) The Financial Services Commission may attach a condition to authorization under paragraph (1). (Amended by Act nº 8863, Feb. 29, 2008)

Article 45-2 (Preliminary Authorization)

(1) Any person who intends to obtain authorization under Article 45 (1) (hereafter referred to as “final authorization” in this Article) may, in advance, file an application for preliminary authorization with the Financial Services Commission.

(2) When the Financial Services Commission decides whether to grant preliminary authorization under paragraph (1), it shall verify whether the person who intends to obtain preliminary authorization meets all requirements for final authorization.

(3) The Financial Services Commission may attach a condition to preliminary authorization under paragraph (2).

(4) When any person who obtained preliminary authorization files an application for final authorization, the Financial Services Commission shall verify whether he/she has fulfilled the condition to preliminary authorization under paragraph (3) and has met all requirements for final authorization before it decides whether to grant final authorization to him/her.

(5) Article 33 (1) and (2) shall apply mutatis mutandis to preliminary authorization.

(Article Inserted by Act nº 11814, May 22, 2013)

Article 46 (Penalty Surcharges)

(1) Where a financial company or an electronic financial business entity provides or discloses any electronic financial transaction information to any other person, or uses it for any purpose other than its duties in violation of Article 21 (1) or (2), the Financial Services Commission may impose a penalty surcharge not exceeding five billion won. (Inserted by Act nº 12837, Oct. 15, 2014)

(2) Where a financial company or an electronic financial business entity comes to fall under any of the subparagraphs of Article 43 (2) (excluding cases where a penalty surcharge is imposed under paragraph (1)), the Financial Services Commission may, as prescribed by Presidential Decree, impose a penalty surcharge not exceeding 50 million won in lieu of an order to suspend business. (Amended by Act nº 8863, Feb. 29, 2008; Act nº 11814, May 22, 2013; Act nº 12837, Oct. 15, 2014)

(3) The amount of a penalty surcharge for each type, severity, etc. of violations subject to the imposition of a penalty surcharge under paragraph (1) or (2) and other necessary matters shall be prescribed by Presidential Decree. (Amended by Act nº 12837, Oct. 15, 2014)

(4) Where a penalty surcharge under paragraph (1) or (2) is not paid within a prescribed period, the Financial Services Commission shall collect it in the same manner as delinquent national taxes are collected. (Amended by Act nº 8863, Feb. 29, 2008; Act nº 12837, Oct. 15, 2014)

(5) The Financial Services Commission may entrust duties concerning both collection of penalty surcharges and dispositions on default to the Commissioner of the National Tax Service, as prescribed by Presidential Decree. (Amended by Act nº 8863, Feb. 29, 2008; Act nº 12837, Oct. 15, 2014)

Article 46-2 (Refund of Overpayments or Erroneous Payments)

(1) Where a person obliged to pay a penalty surcharge requests a refund of the overpaid or erroneously paid penalty surcharge on grounds of adjudication on the objection or a court ruling, the Financial Services Commission shall, without delay, make a refund thereof, and shall refund the overpaid or erroneously paid penalty surcharge confirmed by the Financial Services Commission, even without a request from the person obliged to pay such penalty surcharge.

(2) If a person entitled to a refund has to pay other penalty surcharges to the Financial Services Commission, the Financial Services Commission may appropriate the refund for such penalty surcharges when making a refund of overpayments or erroneous payments under paragraph (1).

(3) When making a refund of overpayments or erroneous payments under paragraph (1), the Financial Services Commission shall refund additional money calculated by applying the interest rate on additional money prescribed by Presidential Decree, for the period from the day following the payment date of the penalty surcharge to the date of refund.

(Article Inserted by Act nº 11814, May 22, 2013)

CHAPTER VI.- SUPPLEMENTARY PROVISIONS

Article 47 (Statistical Surveys of Electronic Financial Transactions)

(1) The Bank of Korea may conduct a statistical survey of electronic financial businesses and electronic financial transactions to apprehend the current status of electronic financial transactions and to establish and implement effective monetary credit policies. In such cases, it may request necessary data from a government agency, financial company, etc., and a corporation and organization related to electronic financial transactions. (Amended by Act nº 11814, May 22, 2013)

(2) Upon receipt of a request for data under paragraph (1), a government agency, financial company, etc., and a corporation and organization related to electronic financial transactions shall comply with such request unless any just ground exists to the contrary. (Amended by Act nº 11814, May 22, 2013)

(3) Matters necessary for the subject matter, methods and procedures of the statistical survey under paragraph (1) shall be prescribed by Presidential Decree.

Article 48 (Entrustment of Authority)

The Financial Services Commission may entrust the Governor of the Financial Supervisory Service with part of its authority under this Act, as prescribed by Presidential Decree. (Amended by Act nº 8863, Feb. 29, 2008)

CHAPTER VII.- PENALTY PROVISIONS

Article 49 (Penalty Provisions)

(1) Any of the following persons shall be punished by imprisonment with labor for not more than ten years, or by a fine not exceeding 100 million won: (Inserted by Act nº 12837, Oct. 15, 2014)

1. A person who accesses any electronic financial infrastructure or fabricate, destroy, conceal, or leak any stored data, in violation of subparagraph 1 of Article 21-4;

2. A person who destroys any data or installs programs, such as a computer virus, a logic bomb, a mail bomb, in violation of subparagraph 2 of Article 21-4;

3. A person who sends mass signal, high-powered electromagnetic wave or data simultaneously or causes errors or hindrance to electronic financial infrastructure, in violation of subparagraph 3 of Article 21-4;

4. A person who provides or leaks any electronic financial transaction information to any other person or uses such information for any purpose other than his/her duties (including a person issuing an electronic prepayment means applicable mutatis mutandis pursuant to Article 28 (4)), in violation of Article 26.

(2) Any of the following persons shall be punished by imprisonment with labor for not more than seven years, or by a fine not exceeding 50 million won: (Amended by Act nº 11814, May 22, 2013; Act nº 12837, Oct. 15, 2014)

1. A person who forges or alters a means of access;

2. A person who intermediates the sale of, sells, exports, imports, or uses a forged or altered means of access;

3. A person who intermediates the sale of, sells, exports, imports, or uses a lost or stolen means of access;

4. A person who intrudes into any electronic financial infrastructure or any electronic apparatus for electronic financial transactions to acquire a means of access by fraud or other unjustifiable means, or conducts electronic financial transactions by using the means of access so acquired;

5. A person who intermediates the sale of, sells, exports, imports or uses a means of access which was extorted, embezzled, or acquired by deceiving or blackmailing other person;

6. Deleted (By Act nº 12837, Oct. 15, 2014)

(3) Electronic currencies shall be deemed valuable securities with respect to which a person might be charged with any of the crimes prescribed in Articles 214 through 217 of the Criminal Act, and a crime involving with electronic currencies shall be subject to the punishment provided for in each of such Articles, correspondingly. (Amended by Act nº 12837, Oct. 15, 2014)

(4) Any of the following persons shall be punished by imprisonment with labor for not more than three years, or by a fine not exceeding 20 million won: (Amended by Act nº 9325, Dec. 31, 2008; Act nº 13069, Jan. 20, 2015; Act nº 13929, Jan. 27, 2016)

1. Any person who acquires or transfers a means of access in violation of Article 6 (3) 1;

2. Any person who borrows or lends a means of access, or storing, delivering or distributing a means of access, in violation of Article 6 (3) 2 or 3;

3. Any pledger or pledgee who violates Article 6 (3) 4;

4. Any person who arranges or advertises any act in violation of Article 6 (3) 5;

5. Any person who performs the duties without permission or registration under Article 28 or 29;

6. Any person who obtains permission or registration under Article 28 or 29 by fraudulent or other illegal means;

7. Any person who conducts a transaction by electronic currency, etc. under the name of another chain store in violation of Article 37 (3) 3;

8. Any person who has conducted, as an agent, transactions by electronic currency, etc. in violation of Article 37 (3) 5;

9. Any person who conducts a transaction by electronic currency, etc. under the name of another chain store in violation of Article 37 (4);

10. Any person who peruses or is provided with electronic financial transaction information by fraudulent or other illegal means.

(5) Any of the following persons shall be punished by imprisonment with labor for not more than one year, or by a fine not exceeding ten million won:

1. Deleted (By Act nº 9325, Dec. 31, 2008)

2. Deleted; (By Act nº 11814, May 22, 2013)

3. Any person who refuses to provide goods or services, or treats any user unfavorably, on grounds of transaction by electronic currency, etc. in violation of Article 37 (1);

4. Any person who charges a user a merchant fee to be borne by the relevant chain store in violation of Article 37 (2);

5. Any person who lend the name of a chain store to a third party in violation of Article 37 (3) 4;

6. Any person who engages in an activity falling under any subparagraph of Article 45 (1) without authorization under Article 45 (1).

(6) An attempt to commit the crimes referred to in paragraphs (1) 1, 2, and 3 and (2) 1, 2, and 4 shall be subject to punishment. (Amended by Act nº 12837, Oct. 15, 2014)

(7) The imprisonment with labor and fines referred to in paragraphs (1) through (6) may be concurrently imposed.

Article 50 (Joint Penalty Provisions)

(1) If the representative of a corporation, or any agent, employee or other employed persons of a corporation or individual has committed any offence falling under Article 49 (1), (2), (3) (limited to where any person is subject to the punishment prescribed in Article 216 of the Criminal Act) and (4) through (6) in connection with the duties of such corporation or individual, not only shall such offender be punished, but also such corporation or individual shall be punished by the fines prescribed in the relevant Article: Provided, That where such corporation or individual has not been negligent in giving due attention and supervision concerning the relevant duties to prevent such offense, this shall not apply. (Amended by Act nº 12837, Oct. 15, 2014)

(2) If the representative of a corporation, or any agent, employee or other employed persons of a corporation or individual has committed any offense falling under Article 49 (3) (limited to where any person is subject to the punishment prescribed in Article 214, 215, or 217 of the Criminal Act) in connection with the duties of such corporation or individual, not only shall such offender be punished, but also such corporation or individual shall be punished by a fine not exceeding 50 million won: Provided, That where such corporation or individual has not been negligent in giving due attention and supervision concerning the relevant duties to prevent such offense, this shall not apply. (Amended by Act nº 12837, Oct. 15, 2014)

(Article Amended by Act nº 11087, Nov. 14, 2011)

Article 51 (Administrative Fines)

(1) Any of the following persons (in cases falling under subparagraph 3, including persons who issue electronic prepayment means to which the relevant provisions apply mutatis mutandis pursuant to the proviso to Article 28 (4)) shall be subject to an administrative fine not exceeding 50 million won: (Amended by Act nº 12837, Oct. 15, 2014; Act nº 14828, Apr. 18, 2017)

1. A person who fails to either perform his/her duties with the due care of a good manager or comply with the standards determined by the Financial Services Commission, in violation of Article 21 (1) or (2);

2. A person who uses the name ‘electronic currency’, in violation of Article 36;

3. A person who refuses, obstructs or evades an inspection, data submission, a request for attendance and an investigation under Article 39 (3) (including cases where Article 39 (3) applies mutatis mutandis in Article 29 (2)) or Article 40 (3) and (4);

4. A person who fails to submit a report or submits a false report, in violation of Article 42 (1).

(2) Any of following persons (including a person issuing an electronic prepayment means applicable mutatis mutandis pursuant to Article 28 (4), in cases falling under subparagraph 2) shall be subject to an administrative fine not exceeding 20 million won: (Amended by Act nº 12837, Oct. 15, 2014; Act nº 14828, Apr. 18, 2017)

1. A person who fails to have the payment of electronic funds transfer take effect, in violation of Article 13 (2);

2. A person who fails to appoint the chief information security officer or appoint an executive officer as the chief information security officer, in violation of Article 21-2 (1) or (2);

3. A person who has the chief information security officer concurrently perform duties in the information technology sector other than those under Article 21-2 (4) or himself/herself concurrently performs duties in such sector, in violation of paragraph (3) of that Article;

4. A person who fails to analyze and assess the vulnerabilities of the electronic financial infrastructure, in violation of Article 21-3 (1);

5. A person who fails to formulate and implement a plan for complying with complementary measures, in violation Article 21-3 (2);

6. A person who fails to destroy any record of electronic financial transactions, in violation of Article 22 (2);

7. A person who makes a re-entrustment to a third party, in violation of Article 40 (6).

(3) Any of the following persons (including any person issuing an electronic prepayment means applicable mutatis mutandis pursuant to Article 28 (4), in cases falling under subparagraphs 1, 6 through 8, and 10) shall be punished by an administrative fine not exceeding ten million won: (Amended by Act nº 14828, Apr. 18, 2017)

1. Any person who fails to deliver a document stating the details of a transaction, in violation of Article 7 (2);

2. Any person who fails to inform the relevant user of the causes of an error and results of correction, in violation of Article 8 (2) and (3);

3. Any person who transfers an electronic prepayment means or electronic currency to a third party or provides it as a security, in violation of Article 18 (2);

4. Any person who fails to submit a plan for the information technology sector, in violation of Article 21 (4);

5. Any person who fails to report the findings from analysis and assessment of vulnerability in electronic financial infrastructure, in violation of Article 21-3 (1);

6. Any person who fails to inform the Financial Services Commission of an infringement incident, in violation of Article 21-5 (1);

7. Any person who fails to create or keep records in violation of Article 22 (1) (including where it is applicable mutatis mutandis under Article 29 (2));

8. Any person who fails to clarify, explain, deliver, publish or notify the terms and conditions, in violation of Article 24 (1) or (3);

9. Any person who fails to report to the Financial Services Commission, in violation of Article 25 (1);

10. Any person who fails to prepare the procedures for the settlement of disputes, in violation of Article 27 (1);

11. Deleted (By Act nº 14828, Apr. 18, 2017)

12. Any person who fails to keep separate accounts by the category of business provided for in Article 28 (1) and (2), in violation of Article 42 (1).

(4) The administrative fines under paragraphs (1) through (3) shall be imposed and collected by the Financial Services Commission, as prescribed by Presidential Decree. (Amended by Act nº 14828, Apr. 18, 2017)

(Article Amended by Act nº 11814, May 22, 2013)

ADDENDA

Article 1 (Enforcement Date)

This Act shall enter into force on January 1, 2007.

Article 2 (Transitional Measures concerning Means of Access, etc.)

The means of access and electronic payment means issued as at the time this Act enters into force shall be deemed to have been issued pursuant to this Act.

Article 3 (Transitional Measures concerning Permission and Registration)

(1) Any person who is engaged in issuing or managing electronic currency as at the time this Act enters into force shall obtain permission therefor from the Financial Supervisory Commission pursuant to Article 28 (1) within three months from the date when this Act takes effect.

(2) Any person who is engaged in performing electronic funds transfer services, the issuance and management business of electronic debit payment means or electronic prepayment means or electronic payment settlement agency services, etc. as at the time this Act enters into force shall file a registration with the Financial Supervisory Commission pursuant to Article 28 (2) within six months from the date when this Act takes effect.

(3) Any person who is engaged in the business of electronic bond management agency as at the time this Act enters into force shall file a registration with the Financial Supervisory Commission pursuant to Article 29 within three months from the date when this Act takes effect.

Article 4 Omitted.

ADDENDA (Act nº 8387, Apr. 27, 2007)

Article 1 (Enforcement Date)

This Act shall enter into force six months after the date of its promulgation.

Articles 2 through 9 Omitted.

ADDENDA (Act nº 8863, Feb. 29, 2008)

Article 1 (Enforcement Date)

This Act shall enter into force on the date of its promulgation.

Articles 2 though 5 Omitted.

ADDENDUM (Act nº 9325, Dec. 31, 2008)

This Act shall enter into force three months after the date of its promulgation.

ADDENDA (Act nº 10303, May 17, 2010)

Article 1 (Enforcement Date)

This Act shall enter into force six months after the date of its promulgation. (Proviso Omitted.)

Articles 2 though 10 Omitted.

ADDENDUM (Act nº 11087, Nov. 14, 2011)

This Act shall enter into force six months after the date of its promulgation.

ADDENDA (Act nº 11407, Mar. 21, 2012)

Article 1 (Enforcement Date)

This Act shall enter into force on the date of its promulgation. (Proviso Omitted.)

Articles 2 and 3 Omitted.

ADDENDA (Act nº 11461, Jun. 1, 2012)

Article 1 (Enforcement Date)

This Act shall enter into force three months after the date of its promulgation.

Articles 2 through 10 Omitted.

ADDENDA (Act nº 11814, May 22, 2013)

Article 1 (Enforcement Date)

This Act shall enter into force six months after the date of its promulgation.

Article 2 (Applicability to Submission of Plans for Information Technology Sector)

The submission of a plan for the information technology sector under the amended provisions of Article 21 (4) shall begin to apply from the business year beginning after this Act enters into force.

Article 3 (Transitional Measures concerning Penalty Provisions and Administrative Fines)

The application of penalty provisions and the imposition of administrative fines for violations committed before this Act enters into force shall be governed by the former provisions.

ADDENDA (Act nº 12837, Oct. 15, 2014)

Article 1 (Enforcement Date)

This Act shall enter into force six months after the date of its promulgation: Provided, That the amended provisions of Articles 13 (2) and 21 (2) and (3) shall enter into force one year after the date of its promulgation.

Article 2 (Applicability to Prohibition against Concurrent Position of Chief Information Security Officers)

The amended provisions of Article 21-2 (3) shall apply beginning with the first chief information security officer appointed (including cases where he/she is reappointed) after this Act enters into force.

Article 3 (Applicability to Prohibition against Re-Entrustment of Duties Related to Information Protection)

The amended provisions of Article 40 (6) shall apply beginning with the first case where any duty is re-entrusted or a re-entrustment period is extended after this Act enters into force.

Article 4 (Applicability to Imposition of Penalty Surcharges)

The amended provisions of Article 46 (1) shall apply beginning with the first financial company or electronic financial business entity who commits any violation after this Act enters into force.

Article 5 (Transitional Measures concerning Penalty Provisions and Administrative Fines)

The application of penalty provisions and the imposition of an administrative fine for any violation committed before this Act enters into force shall be governed by the former provisions of this Act.

ADDENDA (Act nº 13069, Jan. 20, 2015)

Article 1 (Enforcement Date)

This Act shall enter into force on the date of its promulgation.

Article 2 (Transitional Measures concerning Penalty Provisions)

The application of penalty provisions to any violation committed before this Act enters into force shall be governed by the former provisions of this Act.

ADDENDUM (Act nº 13929, Jan. 27, 2016)

This Act shall enter into force on the date of its promulgation: Provided, That the amended provisions of Article 6-2 shall enter into force six months after the date of its promulgation.

ADDENDUM (Act nº 14132, Mar. 29, 2016)

This Act shall enter into force three months after the date of its promulgation.

ADDENDA (Act nº 14828, Apr. 18, 2017)

Article 1 (Enforcement Date)

This Act shall enter into force six months after the date of its promulgation.

Article 2 (Applicability to Notification of Details of Measures against Retired Executive Officer)

The amended provisions of Article 39-2 shall also apply to the executive officers and employees who have committed an violation before this Act enters into force, but resign or retire thereafter.

Article 3 (Transitional Measures concerning Demand for Suspension of Performance of Duties)

Notwithstanding the amended provisions of Article 39 (6) 4 (limited to the suspension of performance of duties), the former provision shall apply to the violations committed before this Act enters into force.

ADDENDA (Act nº 14839, Jul. 26, 2017)

Article 1 (Enforcement Date)

This Act shall enter into force on the date of its promulgation: Provided, That among the Acts amended pursuant to Article 5 of the Addenda, amendments to the Acts which have been promulgated before this Act enters into force, but the enforcement dates of which have not yet arrive, shall enter into force on the enforcement dates of the relevant Acts, respectively.

Articles 2 through 6 Omitted.