Citibank Korea Moves Corporate Customer Information Abroad for Integrated Management

The Korean financial authorities have allowed Citibank Korea to transfer its customer information out of the country, an unprecedented move that has focused a lot of attention on the other foreign financial companies’ decisions. Until recently, they intended to manage customer information with the headquarters through cross-border consignment contracts, but have repeatedly failed to obtain the permits from the authorities for the possibility of improper management. However, an increasing number of foreign financial firms are expected to move their customer information abroad down the road. 

The approval for the transfer of computer centers was given during the regular meeting of the Financial Services Commission on May 21, and Citibank Korea will accelerate the relocation of its corporate client information. “The transfer and integrated management of customer information covers only corporate clients for now, and nothing has been determined as to whether the same policy will be applied to general customers,” the bank explained. 

The approval is to follow the related provisions stipulated in the KORUS FTA and the Korea-EU FTA. According to the relevant clauses, the Korean government has to let foreign banking firms send their customer information to the headquarters and third parties for commissioned management. At present, many such firms run their own computing centers in Hong Kong, India, Singapore, and the like to manage the information of their customers in the Asia-Pacific region. This can result in reduced expenditures in IT systems and some synergy effects in sales and marketing.

The case of Citibank Korea is likely to lead to an increasing number of similar requests from foreign financial companies in Korea. In fact, they have already repeated such calls for the higher efficiency of customer information management and global asset management. The examples include SC Bank and life insurance companies such as Allianz, Prudential, AIA, MetLife, and ING. 

It is also pointed out that the supervision of the data could become loose due to the cross-border transfer and the general public could be hostile to the change in the wake of the series of recent information leakage accidents. “The data to be transferred by Citibank does not include sensitive or personal information such as resident registration numbers but is limited to corporate information,” said the government, adding, “We will continue to apply strict rules to the information management even after the permission of the data transfer.”