[Exclusive] FSS Targets Major Banks for Credit Information Act Violations... On-Site Inspection of Customer Consent Practices
Inspections Completed for Shinhan, Woori, IBK, and Toss Bank
On-Site Reviews Planned This Month for KB, Hana, and NongHyup
Focus on Consent Procedures for Marketing and Sending Advertising Information
The Financial Supervisory Service (FSS) has launched an inspection into major commercial banks to assess their management of personal credit information. This move reflects the recent emphasis by financial authorities on "consumer protection," with a particular focus on whether banks have strictly complied with the Credit Information Act during the transmission of advertising information and in their sales and marketing activities.
![[Exclusive] FSS Targets Major Banks for Credit Information Act Violations... On-Site Inspection of Customer Consent Practices](http://www.asiae.co.kr/news/img_view.htm?img=2026050316123548916_1777792354.jpg)
According to the financial sector on May 6, the FSS, led by its Second Examination Bureau, has been conducting ad-hoc inspections of Shinhan Bank, IBK Industrial Bank of Korea, Woori Bank, Toss Bank, and iM Bank since early last month for a period of about one month. The inspections reviewed whether the banks are properly complying with the Credit Information Act and other relevant regulations in the handling and management of personal data. The inspections reportedly took about three to five business days per bank.
Starting this month, the FSS First Examination Bureau is scheduled to carry out on-site inspections covering the same areas at KB Kookmin Bank, Hana Bank, and NH Nonghyup Bank. However, for KB Kookmin Bank, as a regular inspection is already scheduled for the first half of this year, the FSS is considering integrating the review into the regular inspection instead of conducting a separate ad-hoc inspection.
Under the Credit Information Act, financial companies are required to grant customer information access rights only to the minimum extent necessary to perform their work. In addition, customer information must be deleted within five years after the termination of a business relationship, and advertising information may only be sent to customers who have given prior consent to receive such information.
The financial authorities are known to have focused their inspection on whether these procedures have actually been implemented properly on-site. In particular, they are closely examining whether, even when customer consent was obtained, the actual use of information was within the scope of the disclosed purpose, and whether the appropriate consent procedures were followed when sending advertising information. They are also checking whether text messages or app push notifications were sent to customers who did not agree to the use of their information for marketing purposes. These efforts are interpreted as proactive measures by the financial authorities to assess the management practices of the banking sector, in line with their emphasis on consumer protection and the proper use of information.
An official from a commercial bank commented, "Given the growing social interest in financial consumer protection and the use of personal information, we understand this inspection is aimed at reviewing the entire process of advertising consent and management procedures," adding, "It is time for banks to strengthen internal controls and work to enhance consumer trust."
Typically, it takes at least six to seven months for the results of an inspection related to the Credit Information Act to be released, so the findings of this inspection are also expected to be announced no earlier than the second half of this year.
The Credit Information Act is one of the areas strictly overseen by the financial authorities. If it is found that personal information was used without customer consent or for purposes other than those intended, severe penalties such as fines and administrative surcharges, institutional warnings, and disciplinary actions for executives and employees may be imposed. In severe cases, business suspension orders can also be issued.
A former official from the financial authorities commented, "Financial companies often claim there is no problem with information usage on the grounds that they have obtained broad consent from customers. However, the financial authorities maintain that broad consent does not necessarily allow for wide-ranging use beyond the stated purposes."
In fact, the level of punishment for violations of the Credit Information Act has been increasing. Last year, the FSS imposed an administrative surcharge of 150 billion won on Tongyang Life Insurance for violating the Credit Information Act, sending a strong warning to the industry. However, the Financial Services Commission has yet to reach a final decision on the level of sanctions and whether a legal violation actually occurred in this case.
Hot Picks Today
!["Stock Set to Double: This Company Smiles Every Time a Data Center Is Built [Click e-Stock]"](https://cwcontent.asiae.co.kr/asiaresize/93/2026050416112750184_1777878687.jpg)
"Stock Set to Double: This Company Smiles Every...
- "South Korea Will Be Taken Advantage of as an Errand Boy": Expert Voices Concern...
- “Did They Bet Too Early?” Losses Snowball for ‘Geopverse Ants’ as KOSPI Soar...
- Iranian Embassy: "South Korean Vessel Damage in Hormuz Not Iran's Responsibility...
- "Going to Seongsu-dong?" Japanese Girl Group Faces Taxi Refusal in Seoul
Furthermore, in the first sanction case following the 2024 amendment of the Credit Information Act, Toss received penalties including fines and administrative surcharges totaling approximately 6 billion won, while in the same year, Woori Bank was fined 878 million won.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
