One Year Since Responsibility Structure Chart Implementation: "Lack of Effectiveness, Need for Greater CEO Accountability"

It has been one year since the implementation of the Responsibility Structure Chart in the banking sector, but critics point out that there are still many shortcomings, including the system's effectiveness and the lack of accountability for CEOs.

On December 21, the Financial Supervisory Service announced that it had conducted both on-site and written inspections to assess the operation of internal control systems related to the Responsibility Structure Chart at financial holding companies and banks. The Responsibility Structure Chart is a system in which each executive at a financial institution clearly defines the scope and details of the internal control tasks for which they are responsible. It has been fully implemented since the beginning of this year.

The Financial Supervisory Service's inspection covered 40 companies, excluding those scheduled for regular inspection by the Bank Examination Department this year, among holding companies and banks (including foreign bank branches) that introduced the Responsibility Structure Chart as of January 3 of this year. The inspection items included the fulfillment of the CEO's overall management obligations and board reporting duties, as well as the appropriateness of supervisory systems such as the operation of the board of directors and internal control committees.

As a result of the inspection, the Financial Supervisory Service noted some positive changes, such as banks clarifying the role of the CEO as the person responsible for internal control and making efforts to operate newly established internal control committees more effectively.

As a representative example, Company A has expanded the scope of overall management actions from a "significant caution" perspective, incorporating not only basic compliance reporting systems but also including the contents of sanction operation guidelines in its inspection items. Company B was highly rated for upgrading and diversifying its inspection indicators by examining non-financial indicators, such as whether sales limits for non-deposit products were achieved, in addition to financial indicators such as assets and operating income specified by law, when inspecting for anomalies in specific business divisions or products.

However, the Financial Supervisory Service pointed out that, to date, there are still many shortcomings, as there are differences in how the new system is operated depending on the sector and company, and the industry is still in the early stages of establishing an effective internal control system based on the Responsibility Structure Chart.

The inspection found that most financial companies have established a system in which the CEO delegates overall management obligations to the relevant executives, and the CEO receives reports on the implementation and provides feedback.

However, in most companies, the CEO delegated the "inspection of the appropriateness of executives' fulfillment of management obligations"-which is part of the CEO's overall management duty-to each executive, resulting in a situation where executives were essentially "self-inspecting" the management actions they had taken, raising concerns about conflicts of interest.

In addition, some companies delegated the CEO's overall management obligations to executives without establishing clear grounds for delegation in internal regulations, or delegated certain items by simply including them in the executives' job descriptions, which could shift responsibility to the respective executives.

The CEO is responsible for the overall execution and operation of internal controls within a financial institution, so overall management obligations should be established and implemented as company-wide measures and inspection items to prevent systemic failures in internal control. However, in some companies, there was overlap between executives' management action reports and the CEO's overall management obligation reports, making it unclear whether the reported activities were performed under delegation from the CEO or as part of the executive's own management duties.

Furthermore, while the CEO is responsible for the overall execution and operation of internal controls and is also expected to carry out the policies, basic guidelines, and strategies established by the board of directors from a risk management perspective, most companies were found to be lacking in establishing detailed strategic tasks and regular implementation reviews from a company-wide risk management standpoint compared to internal control.

A Financial Supervisory Service official stated, "We will share the best practices and areas for improvement identified in this inspection with the industry through briefings and will continue to actively support and manage the stable establishment of the new system going forward."

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.