South Korea: unpacking the sandbox
IFLR is part of the Delinian Group, Delinian Limited, 4 Bouverie Street, London, EC4Y 8AX, Registered in England & Wales, Company number 00954730
Copyright © Delinian Limited and its affiliated companies 2024

Accessibility | Terms of Use | Privacy Policy | Modern Slavery Statement

South Korea: unpacking the sandbox

Sponsored by

fintech icon  on abstract financial technology background .

Chan Sik Ahn, Dongjin Lee and Sunmin Choi from HMP Law evaluate Korea’s new regulatory sandbox and the SAAFI law that underpins it

Chan Sik Ahn, Dongjin Lee and Sunmin Choi from HMP Law evaluate Korea’s new regulatory sandbox and the SAAFI law that underpins it


As fintech-related financial innovations, such as branchless banking, online payments and international remittances continuously improve all over the world, associated industries are growing rapidly. Accordingly, major developed countries have already recognised the importance of fintech and have rolled up their sleeves to improve infrastructure and regulations in order to promote competition and innovation.

However, it is no easy task to improve existing regulations while simultaneously protecting consumers. The purpose of existing regulations is to set restrictions with which service providers must comply so that consumers can use financial services safely. Because new types of financial crime arising alongside newly created services have the potential to cause serious damage to the financial industry, measures to reform current regulations and restrictions should always be taken with care.

Under these circumstances, the UK's Financial Conduct Authority (FCA) introduced a regulatory sandbox in May 2016, suspending for a limited period any relevant restrictions that apply to operators that intend to launch new businesses in the finance industry.

A regulatory sandbox is a framework set up by a regulator that allows fintech start-ups and other innovators to conduct live experiments in a controlled environment under a regulator's supervision and with fewer restrictions. It helps technological innovation lead to creative new products and services and helps bring these more easily into the market.

Likewise, Korea has also made various efforts to reform regulations to encourage financial innovation. The National Assembly of Korea enacted the Internet Primary Bank Act on October 16 2018, which enables banks without branch offices to provide services to customers online. In addition, government authorities such as the Financial Services Commission (FSC) and the Financial Supervisory Service (FSS) have held several public hearings on peer-to-peer financing in order to prepare a new legal system.

Recently, as the burden of legal compliance with complex financial restrictions has increased, the FSS has launched a RegTech Development Committee for the purposes of making reasonable improvements to financial regulations. With the use of regtech (regulatory technology), finance companies can increase their compliance ability, and the concomitant compliance costs and expenses to the entire financial market are reduced.

Regulatory sandbox and the SAAFI law

The National Assembly of Korea enacted the Special Act on Assistance to Financial Innovation (the SAAFI) in order to support the development of financial services and increase benefits to consumers. The SAAFI has been in force since April 1 2019, and mandates the formation of the Commission of Financial Innovation (Commission) to oversee the regulatory sandbox.

For a service provider who intends to apply to enter the regulatory sandbox, the service must be designated as an innovative financial service (innovative service) by the FSC after review by the Commission. The FSC may give such a designation, subject to the consent of the relevant government authorities, for a maximum period of two years (service period). In addition, the FSC may extend the service period at the written request of the innovative service operator (operator) after review by the Commission, provided that a reason for the extension is given and that the request is submitted at least three months before the expiration date of the service period. In such case, the period may be extended only once, and the extension of the service period can be no longer than two years (Article 10 of the SAAFI).

When the service period has expired, the legal status of the operator will be voided, and the operator will immediately terminate the innovative service (Article 9 of the SAAFI). If, even after the service period's expiration, the FSS and other government authorities need to review the innovative service, the operator must observe its original obligations to the extent necessary to facilitate such review.

Under the SAAFI, prospective applicants to the regulatory sandbox must be finance companies operating under Korean laws or companies under the Korean Commercial Code which have a business presence in Korea. The Commission will consist of 25 members, including one chairperson (this position is reserved for the chairperson of the FSC). The 25 members will include: one public official (equivalent to a vice minister of a government ministry); university professors; professionals with at least seven years of experience at an institute related to finance and technology; professionals who have worked or who currently work as executive officers in industries related to finance and technology; professionals who have at least seven years of experience in the legal field; professionals who have at least seven years of experience with regard to consumer protection; or other professionals who are determined by the presidential decree of the SAAFI (Article 13 of the SAAFI).

The Commission will examine whether the innovative service: mainly targets the Korean financial market; is sufficiently innovative in comparison to existing services; promotes the benefits and interests of consumers; or constitutes regulatory evasion due to its designation. It will also examine whether the operator has the ability and capacity to operate the innovative service sustainably and has risk management plans for consumers while operating the innovative service, as well as whether the operator or innovative service is likely to undermine the purposes of the relevant act (Article 13(4) of the SAAFI).

Once an operator's service is designated as an innovative service it will be exempt from the application of all relevant laws designated by the FSC with regard to registration with authorities, corporate governance, financing business activities, and the supervision or examination of relevant authorities. These relevant laws (dubbed the Exclusion Laws) are listed in Article 2 of the SAAFI and they consist of 34 finance related laws, such as the Financial Investment Service and Capital Markets Act, and the Personal Information Protection Act. Of these laws, only those designated by the FSC will not apply to the operator.

Even if a financial service is designated as an innovative service, if that service is likely to cause irreparable damage to personal information or to undermine the financial market and its good order, then the Exclusion Laws will still apply to the innovative service. In this regard, the operator shall provide a plan for consumer protection and risk management, and adhere to that plan (Article 13 and 19 of the SAAFI). In addition, if the user of the innovative service suffers loss or damages during its use, the operator will be responsible for compensation and will be obliged to prepare legal procedures to ensure this takes place (Article 15 of the SAAFI).

Unlike many Korean laws, the SAAFI affords numerous benefits to business operators. Those who want to know which laws and regulations will apply to their financial services can ask the FSC, which will provide an answer within 90 days (Article 24 of the SAAFI). At the same time, the operator can be guided by the FSC through the conditions and procedures of registration for their finance services. Although the service period is limited to a maximum of four years, the operator will be able to apply to the relevant authorities for full authorisation even before the expiration of the service period. Once authorised, the operator will obtain exclusive rights to provide the innovative service for a period of two years after the end of the service period (Article 23 of the SAAFI). When such exclusive rights are authorised by the FSC, the operator may request it to issue warning orders to other operators of financial services which are similar to the innovative service in terms of content, methods and form, and which are operated, directly or indirectly, for commercial purposes. This is to protect small and medium-sized financial enterprises from large capital businesses after the four year service period. Big business dominance is otherwise a chronic problem for Korea's start-ups.

However, operators should act with caution even after receiving an innovative service designation. If the service causes loss to consumers or confusion in the financial market, and if that loss or confusion was unpredictable at the time of designation, the FSC may issue an order to rectify the situation (Article 11 of the SAAFI). Furthermore, the FSC has the power to revoke the innovative service designation, if that service is deemed to harm the good order of the financial market or hurt financial consumers (Article 7 of the SAAFI). Operators should make their best efforts to preserve the good order and environment of the financial market and protect consumers in order to maintain their designation.

In addition, if the Commission determines that there should be a regulatory amendment to launch the innovative service in the financial market, the Commission has the right to recommend such an amendment to the relevant authorities (Article 13(5) of the SAAFI). Also, the FSC may appoint the operator as an agent of the FSC to test the operation of the innovative service (Article 25 of the SAAFI).

A closer look at the SAAFI

Commission's discretion regarding requirements

In order to be designated as an innovative service, a service must meet certain requirements, such as being sufficiently innovative, or its operator having appropriate capability. However, specific criteria regarding how to meet these requirements have not yet been released. Therefore, as of now the Commission has substantially wide discretion in examining prospective innovative services. The disadvantage of this is that the procedures are currently unpredictable and create the risk that a service provider can fail to obtain the innovative service designation, despite having submitted documents that reveal trade secrets. Furthermore, applicants for the innovative service designation should note that the legal status of the operator is unstable, because the designation may be cancelled even after it has been granted by the Commission, according to the above-mentioned vague requirements.

Risks regarding delay in innovative service designation

Under the current provisions of the SAAFI, the innovative service designation requires the consent of agencies that have administrative authority. In this regard, the SAAFI stipulates that the FSC must notify the authorities of an application for innovative service designation, who will reply in writing within 30 days. However, the SAAFI does not detail what will happen if the authorities fail to reply. Because of this, the process for obtaining an innovative service designation may be delayed indefinitely. Such a problem is also likely to occur when the FSC seeks consent from the authorities to extend the term of the service period.

The SAAFI continues positive regulatory tradition

There are other Korean laws which provide regulatory sandboxes, such as the Information Communication Convergence Act, the Industrial Convergence Promotion Act, the Framework Act on Administrative Regulations and the Act on Special Cases Concerning the Regulation of Special Economic Zones for Specialised Regional Development. These laws are cases of negative regulation: they only specifically forbid things enumerated in the text of their Acts. Unlike those laws, however, the SAAFI forbids any activity which is not explicitly specified or restricted under its provisions. It is therefore an example of positive regulation, something for which the Korean legal system is well known. Given this, it seems that because the financial market may have a huge impact on the economy as a whole, the Korean government will maintain its usual cautious approach.

About the author



Chan Sik Ahn

Partner, HMP Law

Seoul, South Korea

T: +82 2 772 2809



Chan Sik Ahn is a partner in the corporate practice group of HMP Law and heads HMP Law's tech and comms team. He provides clients with proactive, strategic and specialised legal advice on current or potential legal issues relating to various breakthrough technologies that represent the fourth industrial revolution, such as: the internet of things (IoT); big data; artificial intelligence (AI); 3D printing; virtual reality (VR); augmented reality (AR) and mixed reality (MR); fintech; Bitcoin and other virtual (or crypto) currencies; virtual/crypto currency exchanges; blockchain; drones; electric cars; driverless cars; secondary battery/renewable energy/new materials; games; and the sharing economy.

About the author



Dongjin Lee

Associate, HMP Law

Seoul, South Korea

T: +82 2 772 2813



Dongjin Lee has worked with HMP Law since 2016. He focuses on general corporate advisory, labour, IT, cryptocurrencies and foreign investment. He holds a BA in Chinese language and literature from Seoul National University and a JD from Seoul National University Law School. He speaks fluent English and Chinese.

About the author



Sunmin Choi

Associate, HMP Law

Seoul, South Korea

T: +82 2 772 2887



Sunmin Choi joined HMP Law in 2018. As a member of its corporate practice group and tech and comms team, Sunmin has gained extensive experience in a wide range of new technical industry fields, including initial coin offerings (ICOs), cryptocurrency exchanges, fintech, regtech, big data, data security and location information protection, etc. And as a member of the criminal litigation and defence team, he has handled various criminal cases relating to white-collar crime, trade secrets and corporate compliance.

Gift this article