The Financial Supervisory Service (FSS) has launched an initiative to strengthen the response capabilities of financial companies regarding electronic financial accidents and to inspect their IT internal control systems.
The FSS announced today (June 29) that it held a "Financial IT Risk Response Meeting" with 491 financial institutions, including banks, securities firms, insurance companies, and credit card companies, that conduct electronic financial business under the Electronic Financial Transactions Act.
During the meeting, the results of on-site inspections and continuous monitoring conducted during the first half of the year were shared, along with the focus for inspections in the second half.
Attendees agreed on the need to assess self-response capabilities for electronic financial accidents and to establish rapid recovery systems to ensure the IT stability and reliability of financial services.
The FSS emphasized, "As regulations are eased for transitions such as artificial intelligence (AI), IT internal control systems, where financial companies proactively identify and improve their own vulnerabilities, are becoming increasingly important."
In fact, the FSS found that some financial companies had insufficient basic IT controls, such as in program change management and performance management, during its on-site inspections and continuous IT monitoring in the first half of the year.
In response, the FSS provided financial companies with five key points to note for preventing electronic financial accidents.
The points include: <1> compliance with basic IT controls, <2> enhancing the effectiveness of security vulnerability analysis and evaluation, <3> strengthening the safety of power supply facilities, <4> reinforcing prevention of unauthorized access via wireless networks, and <5> compliance with procedures for responding to and reporting electronic financial accidents.
The FSS plans to inspect the implementation status of basic IT controls and the operational status of power supply facilities to prevent fires at data centers during the second half of the year.
The inspections will also cover compliance with information protection obligations regarding cloud-based Software as a Service (SaaS) for business, which has been subject to exceptions to network separation regulations since last April.
Moving forward, the FSS plans to provide accident prevention consulting to financial companies that have experienced frequent electronic financial accidents and offer self-diagnosis tools to ensure compliance with basic IT controls.
Furthermore, the FSS stated that it would consider incentives, such as reduced sanctions, for financial companies that demonstrate improvement efforts, while taking strict measures against those that only make superficial corrections or experience recurring similar accidents.
(Photo: Yonhap News)
※
Copying, redistribution, and unauthorized use in AI training are strictly prohibited.