FSC Announces Screening and Licensing Plan for MyData Service Providers in 2022Apr 13, 2022

The FSC announced this year’s screening and licensing plan for financial MyData service providers on April 13. The authorities will continue to provide support for innovative firms to enter the market in order to further promote the growth of MyData services as a key driver of growth in the financial industry. For consumer protection purposes, however, the authorities will strengthen pre-licensing control measures as well as post-licensing management. In order to provide more in-depth screening and consultation, the authorities will accept applications en bloc periodically at the end of every quarter and have them screened by external experts.

 

Background

 

MyData business came under the purview of the law with the revision to the Credit Information Use and Protection Act in February 2020 which aimed to strengthen personal data privacy and security and ensure the stable provision of services. From an early stage, the authorities minimized the entry barrier to promote access of innovative firms while adopting a licensing system to help establish a sound MyData business ecosystem. Since the first batch of MyData service providers that were granted full license for operation on January 27, 2021, a total of 56 MyData service providers have been given full licenses with 45 MyData services being launched so far. However, there still exists demand for additional licensing by small-scale fintechs and financial companies. Therefore, after operating a taskforce composed of relevant experts, the authorities held discussions on MyData licensing plan for future as well as issues to consider for further screening and licensing.

 

Screening and Licensing Plan for MyData Service Providers in 2022

 

The licensing requirements for new entrants will be maintained at the current level to promote a continuing provision of innovative services by new entrants that are equipped with creative ideas. Nonetheless, improvements will be made in the following areas for the purpose of consumer protection given the nature and ability of MyData service providers to stack up financial and non-financial consumer data scattered around different financial institutions.

 

(Strengthening External Expert Review)  The process of evaluation by external experts (an external review committee) will be strengthened to boost the society’s level of confidence in MyData services and enhance consumer safeguards. Previously, the external review committee made assessments on the feasibility of business plans and material resources on three levels (qualified, insufficient and disqualified) and even when the committee finds an insufficient level of preparation, a preliminary approval was granted under the condition that the applicant makes up for inadequacy in the final licensing stage. However, this will be changed to require the applicant to take supplementary measures to make up for inadequacy during the preliminary approval stage which will then be subject to a reassessment by the external review committee.

 

(Preventing Data Abuse or Misuse)  In order to help improve consumer convenience through MyData services, the authorities will prohibit the function of data brokerage or buying and selling of data. Business entities that are highly likely to engage in data brokerage or buying and selling of data as their main business function as well as those with high potential for data abuse or misuse will be precluded from the licensing process in principle. When necessary, however, a conditional approval may be granted with a restriction on the provision of consumer data to a third party or a prohibition on ancillary work related to the buying and selling of data.

 

(Strengthening Responsibility)  After the licensing process, the authorities will carry out inspections on MyData service providers’ consumer data protection mechanisms and business plans on a regular basis and provide consultations or issue corrective orders when necessary. The authorities will periodically look into whether MyData service providers are operating according to the personal data privacy and security mechanisms and business plans that they proposed in the application stage. Upon finding an insufficient level of compliance, the authorities will issue corrective orders to ensure trust in the market.

 

Further Plan

 

Major financial companies have already been granted approvals to operate MyData services. As such, the demand for new license has been in decline. However, there still exists considerable demand for entering MyData services among fintechs that may have relatively lower levels of expertise in financial areas. Therefore, the authorities plan to periodically accept applications en bloc to ensure the provision of more in-depth screening and consultation. More specifically, this year’s first business application for preliminary license will open up on April 22 with further application cycles becoming available at the end of every quarter thereafter.


* Please refer to the attached PDF for details.