Three Out of Ten Large GAs Have Weak Internal Controls... Cyber Incident Management Rated 'High Risk'
Internal Control Gaps Widen Among Large GAs Depending on Planner Headcount
IT System Operations and Compliance Monitoring Deemed "High-Risk"... Exposed to Hacking
Financial Supervisory Service Encourages: "Higher Ratings for Strong IT Systems and Consumer Protection"
A recent survey found that three out of ten large general agencies (GAs) with more than 500 insurance planners have weak or high-risk internal controls. It was also revealed that there are serious concerns regarding the establishment and operation of their IT systems.
According to the "2024 Internal Control Status Assessment Results for Large GAs" released by the Financial Supervisory Service on November 26, the average rating for the 75 companies evaluated was Grade 3 (average), the same as in 2023. The proportion of companies rated Grades 1 to 3 (excellent, good, average) was 70.6%, while those rated Grades 4 to 5 (weak, high-risk) accounted for 29.3%. The proportion of Grades 4 to 5 decreased by 9.8 percentage points compared to the previous year.
Even among large GAs, smaller companies were found to have weaker internal controls. Among the 25 GAs with 500 to fewer than 1,000 planners, 13 (52%) were rated Grades 4 or 5. In contrast, among the 30 GAs with 1,000 to fewer than 3,000 planners, only 9 (30%) received Grades 4 or 5. None of the 20 super-large GAs with more than 3,000 planners fell into Grades 4 or 5.
By governance structure, GAs with weaker headquarters control were found to have poorer internal controls. Among branch-type GAs (operated independently by alliances of branches), 16 out of 34 (47.1%) were rated Grades 4 or 5. Among subsidiary-type GAs (where insurers hold equity stakes), 3 out of 15 (20%) fell into Grades 4 or 5. For owner-type GAs (where the headquarters controls branches), only 3 out of 22 (13.6%) were rated Grades 4 or 5.
Examining the status of activities by evaluation category, internal controls at large GAs were found to be at a critical level. While the control environment and control effectiveness were rated Grade 3 (average), control activities were rated Grade 4. Within the control environment, the establishment of compliance monitoring and consumer protection organizations, the preparation of work standards and procedures, and the establishment of complaint handling procedures were rated Grades 1 or 2. However, the establishment and operation of IT systems were rated Grade 5, indicating they are highly exposed to cyber incidents.
Within control effectiveness, indicators such as the incomplete sales rate and the 13-61 month policy retention rate were rated Grade 3, while the sanctioning of insurance planners by GAs was rated Grade 2. However, the Financial Supervisory Service-led assessment of compliance officers was rated Grade 5. Among control activities, the review of insurance product comparison guidance was rated Grade 2, and the appointment review and training of insurance planners were rated Grade 3. On the other hand, checks on frequent regulatory violations were rated Grade 4, and compliance monitoring activities, including those by compliance officers, were rated Grade 5.
The Financial Supervisory Service plans to actively refer to these assessment results when selecting GAs for inspection next year. The principle is to prioritize inspections of large GAs with poor assessment results. The results will be individually notified to each large GA, and they will be required to submit improvement plans. While relatively lenient standards have been applied so far, the evaluation will be gradually enhanced. The aim is to encourage large GAs to strengthen their internal controls to the level of financial institutions.
During the internal control system assessment, the establishment and operation of IT systems will be selected as a key evaluation item. The principle is that greater efforts to strengthen IT security will be rated more highly. Regarding internal control operations, the evaluation will be differentiated based on the frequency of self-inspections aimed at preventing consumer damage and the proactiveness of compliance monitoring activities.
If a GA violates the law again after having been previously sanctioned for the same violation, the Financial Supervisory Service will impose strict penalties. In cases of repeated violations at the institutional level, the agency will not reduce fines exceeding ten times the statutory amount. For intentional or organized violations by GAs, the highest level of sanctions within the legal guidelines will be imposed. If an insurance planner is fined more than twice for repeated legal violations, mitigation of status-related sanctions will not be granted.
Hot Picks Today
If They Fail Next Year, Bonus Drops to 97 Million Won... A Closer Look at Samsung Electronics DS Division’s 600M vs 460M vs 160M Performance Bonuses
- Opening a Bank Account in Korea Is Too Difficult..."Over 150,000 Won in Notarization Fees Just for a Child's Account and Debit Card" [Foreigner K-Finance Status]②
- Egg Size Labels to Be Simplified: "Wang" and "Teuk" Eggs to Be Replaced by "2XL" and "XL"
- Room Prices Soar from 60,000 to 760,000 Won and Sudden Cancellations: "We Won't Even Buy Water in Busan" — BTS Fans Outraged
- "Who Is Visiting Japan These Days?" The Once-Crowded Tourist Spots Empty Out... What's Happening?
A Financial Supervisory Service official stated, "Last year's assessment results indicate that large GAs are making efforts to establish internal control systems," but added, "If they neglect the actual operation of internal controls in the future and legal violations occur, we plan to impose strict sanctions and hold them accountable."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
!["Please Help Us": How Much Do Those Bowing 90 Degrees These Days Actually Earn? [Data Pick]](https://cwcontent.asiae.co.kr/asiaresize/307/2026052010120870131_1779239528.png)
