On April 20, 2026, an amendment to the Detailed Enforcement Rules of the Electronic Financial Supervisory Regulations (the "Amendment") became effective to allow financial companies and electronic financial business operators ("Financial Companies, etc.") to utilize cloud-based software as a service ("SaaS") in their internal business networks. The Amendment is intended to institutionalize the use of SaaS in the internal business network of Financial Companies, etc., which was previously permitted only through the designation of innovative financial services ("Innovative Financial Service(s)" or "Financial Regulatory Sandbox") in the past. It is expected that the Amendment will contribute to strengthening the work method and collaboration of Financial Companies, etc., improving productivity, alleviating the burden of IT operation, and systematizing the internal management system.
 
In this newsletter, we will cover four key areas: 1) the primary updates to the Amendment, 2) mandatory security management measures for Financial Companies, etc. utilizing SaaS within their internal business networks, 3) the key distinctions between these new rules and the existing exemption from the network separation requirement under the Financial Regulatory Sandbox framework, and 4) important implications and key considerations to note.

※ Please refer to the attached file for more details.
 

[Korean Version]