South Korea's Financial Supervisory Service urged internet banks and other financial firms to strengthen IT internal controls and tighten accident-prevention systems.

The Financial Supervisory Service held a meeting on Tuesday chaired by Lee Jong-oh (이종오), deputy assistant governor for the digital and IT division, with chief information officers and audit officials from 5 firms including internet banks. It delivered precautions on internal controls to encourage pre-emptive responses to IT risks.

It first stressed the need to closely check compliance with basic control procedures when changing programs, including prior impact analysis, testing and third-party verification. It said control levels must be strengthened across the entire process, including analysing how changes affect other systems, external verification, testing by IT and business departments, and deploying during off-peak hours.

It also urged firms to secure the availability of electronic finance infrastructure to prepare for surges in transaction volume and to recheck effective emergency response systems. It said they should constantly monitor whether core services are delayed and keep track of thresholds for computing resources, securing system performance through urgent expansion if necessary.

In the event of a system failure, it called for stronger financial consumer protection measures, including rapid recovery, providing alternative means and guidance on compensation for losses. It also stressed thorough preparation for possible cyber threats such as DDoS attacks and ransomware as geopolitical risks expand.

Lee Jong-oh said that if internet banks and others have focused on growth centred on improving accessibility and convenience, they must now build IT stability and accident-prevention systems commensurate with their growth. He added that many recent system incidents have stemmed from insufficient basic controls, and that firms should strengthen voluntary control activities, including IT audits, to prevent similar incidents from recurring.

Financial firms including internet banks that attended the meeting also shared the view that IT risk management systems need to be strengthened. They said they would raise the level of internal controls and consumer protection to provide electronic financial services more stably.

The Financial Supervisory Service plans to shift its supervision and inspection system toward prior prevention to prevent IT incidents from recurring and strengthen financial consumer protection. It said it would respond strictly if major system incidents occur due to weak basic internal controls.