Financial Supervisory Service Imposes Fine on Woori Bank for Improper Use of Personal Data in Open Banking

Woori Bank was sanctioned by financial authorities for using personal information obtained for open banking services without customer consent to send advertising messages to about 70,000 people.

The Financial Supervisory Service (FSS) revealed on the 12th that during an inspection of Woori Bank, it uncovered violations including the use of personal credit information without consent for sending profit-driven advertising messages, embezzlement of bank assets, incomplete sales of financial investment products such as private equity funds (PEF), and violations of the prohibition on unsound business practices. On the 4th, the bank received an institutional warning and was fined 878 million KRW, while 29 employees were given warnings and other disciplinary actions.

From September 2020 to November 2021, certain departments of Woori Bank used personal credit information (such as maturity dates and deposit amounts of savings and installment savings) received from other financial companies for open banking services to select customers for advertising and sent profit-driven advertising messages. They sent advertising text messages to 68,527 customers (excluding duplicates) who had not consented to the use of their information for product promotion purposes. The total number of messages sent was 98,445.

Open banking service allows customers to view all their credit information scattered across various financial institutions in one place and to transfer funds from accounts held at other financial companies.

Woori Bank, Jung-gu, Seoul. Photo by Jinhyung Kang aymsdream@

The authorities also pointed out inadequate internal controls over information protection. Despite the need to verify consent during non-face-to-face marketing and to re-examine past message sending records, the bank failed to recheck previous sending histories. Furthermore, no IT control measures were established to prevent the extraction of information of customers who did not consent to marketing and the subsequent sending of advertising messages without separate security measures.

The case involving former Woori Bank employee Jeon, who was indicted on embezzlement charges amounting to approximately 70 billion KRW and sentenced to 15 years in prison in the second trial on the 11th, was also addressed. Jeon, who worked in the bank’s corporate improvement department, embezzled a total of 69.73 billion KRW of bank assets in eight instances, including converted equity shares of companies managed by the department, forfeited deposits from mergers and acquisitions (M&A) contracts, forfeited deposits from factory sale contracts, and remaining balances from sale proceeds.

Regarding the overseas interest rate-linked derivative-linked fund (DLF) incident that occurred in 2021, the Financial Supervisory Service stated that Woori Bank violated obligations under the Capital Markets Act, such as the duty to confirm explanations and provide explanatory documents. Although the sales process must be recorded when selling derivative-linked products like equity-linked securities (ELS) to unsuitable investors or general investors aged 70 or older, the bank failed to record five contracts worth approximately 45 million KRW.

The bank was also criticized for engaging in unsound business practices. From December 2018 to November 2021, it provided 1.16 billion KRW to 11 institutions and others to secure business rights without reporting in advance to the compliance officer and only reporting afterward.

Additionally, Woori Bank violated the obligation to verify the real identity in financial transactions by opening new accounts using identification cards presented by spouses even though the account holders themselves did not visit the bank when selling private investment trust products at some branches. The bank also violated the obligation to disclose management information related to credit extensions by subsidiaries.

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.