"Based on the Principle of Autonomous Security and Accountability"
A plan to improve network separation in the financial sector, which operates by separating external networks such as the internet from internal business networks, has been introduced. The core idea is to allow the introduction of generative AI (artificial intelligence) through a regulatory sandbox and to establish a legal framework in the medium to long term to ensure safety measures that prevent security issues.
On the 13th, the Financial Services Commission (FSC) announced the "Financial Sector Network Separation Improvement Roadmap" under the chairmanship of FSC Chairman Kim Byung-hwan, with participation from private security experts, financial associations, the Financial Supervisory Service, the Financial Security Institute, and other related organizations.
There have been continuous requests for regulatory improvements, citing that network separation has caused significant operational inefficiencies for financial companies and electronic financial service providers, hindered the use of new technologies, and made research and development difficult. In particular, as software usage shifts from self-built systems to cloud-based subscription models (SaaS) and the use of generative AI increases, network separation has been pointed out as a factor that lowers financial competitiveness beyond mere operational inconvenience, according to the authorities.
Considering that the current financial security system has been structured on the premise of an environment separated from external communications, the financial authorities plan to pursue gradual improvements rather than rapid deregulation. Areas requiring swift response will use the sandbox to immediately resolve regulatory difficulties. However, since it will take time to establish an autonomous security system, sufficient safety measures such as separate security plans will be put in place to ensure there are no security issues.
Financial Services Commission Chairman Kim Byung-hwan is delivering opening remarks at the 'User Meeting for Comprehensive Support for the Underprivileged' held on the 7th at the Credit Recovery Committee's main conference room in Jung-gu, Seoul. Photo by Kang Jin-hyung aymsdream@
First, the use of generative AI by financial companies will be allowed within this year. While most generative AI is provided in cloud-based internet environments, domestic financial institutions have faced restrictions on using external communications, limiting AI adoption. Regulatory exceptions regarding internet usage restrictions will be permitted through the sandbox. Security measures against risks will be imposed as conditions, and safety measures such as security inspections and consulting for each applicant company will be implemented.
The scope of using cloud-based applications (SaaS) will also be significantly expanded. Previously, SaaS use was allowed only for non-critical tasks such as document and personnel management, but the usage scope will be extended to security and customer management tasks, and pseudonymized data processing and use on mobile devices will also be permitted. Additionally, amendments to the Electronic Financial Supervisory Regulations will relax physical restrictions to facilitate easy transfer of research and development outputs by financial companies and allow the use of pseudonymized data, thereby providing an environment conducive to developing financial products.
Next year, the regulatory exceptions implemented this year will be formalized into regular systems. For example, regulatory exceptions will be enhanced to allow direct processing of personal credit information, not just pseudonymized data. However, additional security measures will also be imposed due to the increased scope of data usage. Based on this, a separate Financial Security Act (Digital Financial Security Act) will be established to build a financial security system based on the principle of "autonomous security and accountability for results."
The financial authorities will start by holding a briefing session for all financial sectors on the 22nd and will conduct sector-specific business briefings until September. Sandbox applications will be accepted in September, and innovative financial services for new projects will be designated within the year.
FSC Chairman Kim Byung-hwan said, "It is time to have more effective network separation improvement measures to respond to rapidly changing information technology (IT) environments such as cloud and generative AI," adding, "This network separation improvement roadmap will lead to enhanced competitiveness of the financial industry and increased benefits for financial consumers. Since the regulations are being improved with difficulty, I hope the financial sectors will also work hard to ensure that the new system is well established without any security incidents."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
