South Korea Financial Services Commission urges major financial groups to strengthen AI cyber defenses and signals strict liability for phishing losses

The South Korea Financial Services Commission convened the chief executives of five major financial holding companies to set priorities for responding to cybersecurity threats and deepfake voice phishing as artificial intelligence use expands in finance. The main message was that firms need to strengthen their defenses against new AI-enabled threats while the government eases the network separation rule for AI cyber defense, expands the AI-based anti-phishing Sharing and Analysis Platform, and moves to introduce a strict liability rule intended to increase firms’ responsibility and improve remedies for victims. Financial holding companies were asked to take part in government AI cybersecurity tests, prepare concrete plans for AI use in their operations ahead of the complete lifting of the network separation rule, and devote staff and resources so anti-phishing controls cover newly emerging scams. They were also urged to work closely with law enforcement and the Korea Financial Intelligence Unit, share more useful data on phishing patterns and illicit transactions through the platform, and ensure subsidiaries maintain adequate AI cybersecurity capacity through hacking tests, risk-based response strategies, adherence to core security protocols, and internal information sharing on phishing attacks. The Commission also said firms should consider their own insurance arrangements to strengthen protection for victims. The government said it will support implementation of its AI transformation policies for the financial industry and continue close engagement with the sector on additional measures. It also encouraged larger and better-resourced firms to move first in adopting AI under the revised policy framework and establish precedents for the rest of the market.