Financial Services Commission (FSC) and Financial Supervisory Service (FSS) have started working on a comprehensive emergency plan that is so-called “contingency plan” for the IT sector in order to prepare for the spread of COVID-19. They are planning to prepare the first “COVID-19 emergency plan” for all financial companies such as banks, stock firms, credit card companies, insurance companies, and VAN (Value Added Network) companies that possess IT systems and IT personnel. In order to prepare for the worst, their plan also includes closure of IT processing centers.
According to the industry, financial authorities sent requests to all financial companies to submit what their plans and scenarios are for their IT departments in response to COVID-19. They finished investigating the status of financial companies on their emergency personnel and plans. Their plan is to receive contingency plans from financial companies and establish and implement countermeasures for the IT sector towards COVID-19. FSS and IT and FinTech Strategy Bureau’s Inspection Planning Team are in charge of analyzing materials requested and conducting complete enumeration.
Reason why government officials are establishing a contingency plan for COVID-19 is because they are felling a sense of danger that a possibility of an infected person within IT infrastructures that are seen as the heart of financial companies can paralyze South Korea’s financial networks and cause massive failures within financial services. As branches of financial companies in Daegu have recently closed their stores and the number of infected people surpassed 1,000, many have brought up the need to prepare actions for managing IT personal of financial companies. For now, financial companies’ administrative guidelines for COVID-19 are taking place sporadically.
According to an emergency plan for the IT sector obtained by the Electronic Times, financial authorities are currently investigating the status of financial companies on their emergency personnel and plans. The IT sector is divided into account group, information group, channel group, foreign group, infrastructure, information protection, and additional items. The government is also gathering the current state of personnel within each group and is establishing guidelines for emergency.
Financial companies gathered required information such as the current state of their personnel including their employees residing in foreign countries, the required number of employees needed for normal operation of IT systems, and the number of employees who can be substituted and submitted the numbers to financial authorities. Based on these numbers, FSC is going to create an emergency plan for each scenario and come up with comprehensive measures that can be implemented by entire industries.
Financial authorities are also going to prepare and implement step-by-step emergency response measures shortly.
In order to prepare for the worst, they have also included a scenario where data processing centers may be shut down.
The first phase is what is taking place at the moment. The second phase is when there is a self-isolated IT personnel due to a contact with a person who has COVID-19. Financial authorities are conducting investigations on what tasks financial companies can handle in each phase and how normal their systems will operate in each phase.
Last phase indicates a case when there is an infected person amongst IT personnel. Financial authorities may close down data processing centers if necessary and they have to establish main countermeasures per financial company for each phase.
In addition, financial authorities have included exceptions to Electronic Financial Supervisory Regulation so that they can provide remote access to IT personnel through no-action letters so that they can work out of their homes. No-action letter indicates temporarily allowing something under exceptions while it is not allowed under the current regulations and it basically eases Network Separation Regulation. Financial authorities asked financial companies to establish “alternate policies” depending on the nature of tasks. Also, they asked financial companies to submit their methods of remote working, number of employees who can work out of their homes, and their plans on how they are going to break up and place their employees.
Financial authorities also asked financial companies to apply security measures when an employee is working out of home through remote access.
Citi Bank looked into alternate workplaces and applied for a right to remote working. Its plan is to actively utilize working out of home and alternate workplaces.
KB Bank has divided its data processing center into two centers in Yeooui-do and Gimpo and it already separated its groups such as IT department and capital market headquarter. Shinhan Bank placed its key ICT personnel at its 11 alternate workplaces. Woori Bank has prepared two alternate workplaces in Namsan Tower and Seoul Training Center. Hana Bank has prepared alternate workplaces in Cheongna and Jung-gu and is contemplating on building additional alternate workplaces.
“Based on information gathered from financial companies, we are going to officially announce our comprehensive contingency plan for the IT sector.” said a representative for FSS and IT and FinTech Strategy Bureau.
Staff Reporter Gil, Jaesik | osolgil@etnews.com & Staff Reporter Kim, Jihye | jihye@etnews.com