South Korea's Financial Supervisory Service will intensively inspect how financial firms implement basic IT controls to prevent electronic finance incidents. It aims to raise firms' incident response capabilities and IT resilience as system failures and security breaches continue.

The FSS said on June 29 it held a virtual "Financial IT Risk Response Meeting" for 491 financial companies and other entities that conduct electronic finance operations.

The meeting was designed to share results from first-half on-site inspections and ongoing monitoring and to outline the focus of second-half inspections. 대상은 은행, 보험, 금융투자, 저축은행, 여신금융, 신용정보, 상호금융, 전자금융업자 등이다.

The FSS said it found cases in first-half inspections where basic IT controls were weak, including in program change management and performance management. It urged firms to carry out rapid corrective work when vulnerabilities occur in operating systems and IT equipment, manage access rights to key computer data and check the integrity of backup data.

The safety of power facilities at data centres is also included in the inspection. The FSS said firms should regularly check the management status of uninterruptible power supplies, emergency generators and fire-prevention facilities, and review fire-response systems, including immediately replacing ageing batteries.

Preventing unauthorised access that exploits wireless networks was also presented as a key task. The FSS said firms should check for wireless backdoors when introducing or bringing in IT equipment and strengthen monitoring for unauthorised wireless networks as well as abnormal signs on servers and terminals.

The FSS plans to focus second-half inspections on how firms implement basic IT controls. It will also conduct checks on how data centre power facilities are operated to prevent fires.

It made the assessment because recent electronic finance incidents are arising from failure to comply with basic controls, including insufficient impact analysis when changing programs, equipment malfunctions, insufficient processing capacity and misapplication of firewall policies.

It will also examine whether information security obligations are being met for cloud-based office management and business support software. It plans to check whether, in connection with SaaS network separation exceptions that are exceptionally allowed under revised detailed rules for the electronic finance supervisory regulations, the Financial Security Institute's assessment, protections for access terminals and semi-annual evaluations of information security control implementation are being properly carried out.

The FSS said, "The more the trend is toward regulatory easing such as AI transformation, the more important it is for financial companies themselves to have an IT internal control system that checks and improves vulnerabilities." It added, "We plan to conduct accident-prevention consulting for financial companies with frequent electronic finance incidents and provide a self-diagnosis tool for basic IT controls."

It added, "We will consider incentives such as reduced sanctions for financial companies that faithfully make voluntary corrective efforts, and we will take strict action against perfunctory voluntary corrections or repeat occurrences of similar incidents."