FSS Announces Internal Control Innovation Plan... Will Embezzlement Incidents Be Eradicated?

View original image

[Asia Economy Reporter Song Seung-seop] On the 3rd, the Financial Supervisory Service (FSS) announced a plan to innovate internal control measures within domestic banks and to revolutionize related infrastructure. They also revealed measures to operate internal control regulations, which have been criticized as ineffective, in a practical and continuous manner. The FSS aims to prevent the recurrence of large-scale financial accidents such as embezzlement caused by internal control failures.

The plan was prepared by the "Banking Sector Task Force (TF) for the Prevention of Financial Accidents and Improvement of Internal Controls." After various embezzlement incidents surfaced in the domestic financial sector earlier this year, the FSS formed a TF with the Korea Federation of Banks and domestic banks from July 26 to August 18 to discuss improvement measures. The core principles of the innovation plan are ① Innovation of internal control infrastructure ② Establishment of detailed operational standards for major accident prevention measures ③ Advancement of vulnerable business processes prone to accidents ④ Normalization of internal control and enhancement of its perceived effectiveness.

First, domestic banks agreed to set minimum standards for securing personnel and expertise in compliance monitoring departments. Currently, banks are required to support adequate compliance monitoring personnel, but as of the end of March, compliance staff accounted for only 0.48% of total employees, falling short of the minimum required ratio of 0.80%. The proportion of key specialists is also only about 9.7%. The TF analyzed that the lack of personnel and expertise in compliance departments has led to a decline in both the quantitative and qualitative levels of work.

Accordingly, banks will be required to have compliance monitoring personnel accounting for at least 0.8% of total employees, with a minimum of 15 personnel. However, personnel dedicated to anti-money laundering and branch audit will be excluded. Specialists within the compliance department must constitute at least 20% of the total staff. Specialists are defined as those holding a master's degree or higher in relevant fields or possessing certifications. In particular, at least one expert must be assigned in each of the six key areas: credit, foreign exchange, derivatives, risk, IT, and accounting.

A personnel management system for employees who have worked long-term in the same department was also established. In the financial sector, there were many criticisms that an employee who committed a 70 billion KRW embezzlement at Woori Bank was able to conceal the crime due to long-term service in the Corporate Improvement Department. Although domestic banks have standards for department transfers (3?5 years) and job rotation (1?2 years), exceptions were applied, resulting in insufficient special control measures and no personnel management standards for long-term employees.

Therefore, long-term employees will be managed to constitute no more than 5% of rotation-targeted staff or fewer than 50 individuals. The approval authority for long-term employment was elevated from the existing department head to the HR executive, and approval requires mandatory verification of necessity, debt, and investment status. This review will be conducted annually, and approval for long-term employment is limited to a maximum of two times.

Additionally, qualification requirements for compliance officers will be strengthened. Currently, under the law, anyone who has worked in a financial company for more than 10 years can be appointed as a compliance officer regardless of relevant experience. The TF stipulated that compliance officers must have at least two years of experience in compliance, audit, risk management, accounting, legal affairs, or anti-money laundering to ensure professionalism.

The mandatory leave system will significantly expand its target group and strengthen enforcement. The scope of risky duties, previously concentrated in branches, will be greatly expanded to include head office duties. Employees who have worked long-term in the same department or in the same role for more than two years will also be included as mandatory leave targets. Risky duty holders and long-term employees must take mandatory leave once a year (1?3 business days per leave), and the system will restrict registration times to allow for unannounced leave.

The subjects requiring segregation of duties will be specified in detail. Segregation of duties is a system where multiple personnel or departments participate in a single transaction with a high risk of accidents to prevent incidents. Going forward, duties involving large sums of money must be segregated in principle. A system to register and manage duties requiring segregation will be established, and the status of responsible employees will be systematically managed.

The whistleblower system will enhance anonymity and expand the scope of reportable acts. Last year, among 20 banks, 10 had no whistleblower reports, effectively rendering the system formalistic. Therefore, the principle of real-name reporting will be removed, and investigation results will be provided in principle even for anonymous reports. Particularly, "internal regulation deficiencies" expected to cause accidents will be added as reportable subjects, and failure to report financial accidents exceeding 300 million KRW will mandate investigation and sanctions.

Accident prevention measures will be mandatory not only at branches but also for head office departments, with internal control responsibilities differentiated and specified by rank.

Access control to systems will be enhanced. Many financial accidents began with employees sharing passwords for convenience or stealing passwords from supervisors. Therefore, authentication methods replacing passwords will be introduced and expanded. Inspections of system authentication management will also be strengthened.

Additionally, creditor groups will be required to verify joint funds compulsorily. This is because joint funds arising during corporate restructuring have a high risk of being misused for crimes. Creditors must regularly issue and report deposit balance certificates, and financial institutions managing funds must respond promptly. Other measures include step-by-step verification of fund withdrawal systems and establishment of computerized management systems for manual documents.

The scope and systematization of continuous monitoring will also be expanded. Currently, many banks exclude head office operations from continuous monitoring and lack sufficient indicators for detecting abnormal transactions, limiting the detection of signs of financial accidents. Continuous monitoring will be extended to include fund and operational management tasks at head office departments, and reporting and processing procedures for abnormal transactions will be strengthened.

For branch audits, the compliance monitoring department will check appropriateness, and a procedure to impose penalties on branches with inadequate audits will be introduced. For internal control weak points identified through monitoring, procedures to establish recurrence prevention measures will be implemented.

Hot Picks Today

"Stocks Are Not Taxed, but Annual Crypto Gains Over 2.5 Million Won to Be Taxed Next Year... Investors Push Back"

• "Even With a 90 Million Won Salary and Bonuses, It Doesn’t Feel Like Much"... A Latecomer Rookie Who Beat 70 to 1 Odds [Scientists Are Disappearing] ③
• "Who Is Visiting Japan These Days?" The Once-Crowded Tourist Spots Empty Out... What's Happening?
• "Am I Really in the Top 30%?" and "Worried About My Girlfriend in the Bottom 70%"... Buzz Over High Oil Price Relief Fund
• "It Has Now Crossed Borders": No Vaccine or Treatment as Bundibugyo Ebola Variant Spreads [Reading Science]

The Korea Federation of Banks will incorporate these innovation measures into the model regulations by the end of this year, and individual banks will revise their internal regulations by the end of March next year after a preparation period including review of work plans. Full implementation will begin on the 1st of the following month. From the second quarter of next year, the FSS will verify banks’ incorporation of the regulations and readiness for task implementation. The FSS stated, “We will coordinate with the Financial Services Commission to smoothly advance tasks requiring legal amendments and will continuously strive to ensure that the innovation plan is properly implemented so that an internal control culture takes root in the banking sector.”

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.