"Internal Control in Financial Firms: Clarifying Responsibilities and Roles of Management and Board of Directors"

[Asia Economy Reporter Yu Je-hoon] Amid the spotlight on inadequate internal controls within financial companies during financial accidents such as the 'overseas interest rate-linked derivative-linked product (DLF) incident,' financial authorities have suggested an improvement direction that clearly regulates the responsibilities and roles of financial company CEOs, executives, and boards of directors. The intention is to specifically stipulate who should exercise what authority, what scope of responsibility they bear, and what activities they should perform to prevent financial accidents, along with imposing corresponding sanctions and incentives.

On the morning of the 20th, the Financial Services Commission (FSC) and the Korea Capital Market Institute held a policy seminar on the "Desirable Improvement Direction for Internal Control Systems" at the Financial Investment Center in Yeongdeungpo-gu, Seoul. Hosted by the Korea Capital Market Institute and sponsored by the FSC, the seminar featured presentations by Byun Jae-ho, Director of Financial Policy at the FSC; Lee Hyo-seop, Head of the Financial Industry Division at the Korea Capital Market Institute; and Lee Hong-kyung, Director at SC First Bank.

Internal control refers to a series of control processes devised by financial companies to ensure soundness, consumer protection, and compliance management, which are observed by all employees. Internal control regulation is a legal framework that encourages financial companies to establish effective internal control systems.

In the first presentation, Director Byun introduced the three components of internal control regulation discussed by the FSC's "Internal Control System Improvement Task Force (TF)": ▲Who (job authority) ▲What (responsibility area) ▲How (control activities). Using an employee of a financial company as an example, it is necessary to clearly define what authority they exercise in their position, what scope and area of work they are responsible for, and what activities they perform to prevent financial accidents.

However, the authorities judge that the current internal control regulation under the "Financial Company Governance Act (Governance Act)" is ambiguous. Article 24 of the current Governance Act only stipulates that "financial companies must establish standards and procedures (internal control standards) to be observed by employees when performing their duties to comply with laws, manage soundly, and protect shareholders and stakeholders" concerning internal control. Since the subject responsible for establishing internal control is defined as the "company," it is unclear in terms of job authority, and there are differing opinions on which standards must be mandatorily established, making the responsibility area unclear.

In particular, on the 15th, the Supreme Court distinguished between the obligation to 'establish' internal controls and the obligation to 'comply' with them in the final ruling on the lawsuit filed by Sohn Tae-seung, Chairman of Woori Financial Group, against the Financial Supervisory Service regarding the DLF incident. The court reasoned that while establishing internal controls is mandatory under current law, there is no basis to consider compliance as a mandatory obligation.

Accordingly, the authorities identified the following as future directions for improving internal controls: ▲Separating responsibility for preventing financial accidents by each executive ▲Assigning management duties to prevent financial accidents ▲Sanctioning responsible executives and granting exemptions if necessary when financial accidents occur ▲Clarifying the board of directors' internal control monitoring duties for management. For example, major financial accidents would be the responsibility of the CEO, while general financial accidents would be the responsibility of other executives. Financial companies themselves would predefine the responsibility areas for each executive and submit them to financial authorities, while imposing the obligation to take appropriate measures to prevent financial accidents.

Furthermore, while strengthening sanctions against responsible executives when accidents occur, the authorities explained the need to introduce provisions on the board of directors' supervisory responsibilities under the Governance Act, similar to those in the Commercial Act, to specify the board's monitoring duties. The current Commercial Act stipulates that "if a director intentionally or negligently violates the articles of incorporation or neglects their duties, the director shall be jointly liable to compensate the company for damages."

Regarding this, Director Byun said, "While authority related to internal control can be delegated, the principle that responsibility for deficiencies cannot be delegated or shifted must be established. When a financial accident occurs, senior executives and officers should not explain that they 'did not know,' but rather institutionalize the requirement to demonstrate 'what preventive efforts were made.' It is necessary to predefine the responsibility areas for each executive to encourage them to conduct sufficient internal control activities."

There was also an argument that incentives and exemption provisions should be strengthened while clarifying internal control regulations. Director Lee said, "If supervision regarding employees' violations of regulations is negligent, supervisory responsibility (management responsibility) should be imposed up to the CEO. Incentives that reduce sanctions and reasonable exemption conditions should also be necessary when internal control obligations are faithfully fulfilled."

In the subsequent discussion, while there was anticipation for the improvement measures, the need for supplementation was also raised. Kim Eunice, former professor at Ewha Womans University Law School, said, "For the system's purpose to be properly realized, financial companies must have the capability to appropriately establish internal controls, and financial authorities must have the capability to objectively evaluate internal control systems." Park Chang-ok, Executive Director of the Korea Federation of Banks, said, "To enhance industry predictability and regulatory clarity, we hope that specific guidelines on exemption criteria and bold incentives will be provided during the future legislative process."

Meanwhile, the FSC plans to promptly finalize improvement measures reflecting the various opinions raised at this seminar and initiate related procedures, including announcing the amendment bill to the Governance Act for public comment in the first quarter of next year.

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.