The Financial Supervisory Service will shift its oversight framework for digital and IT fields to a preventive approach and establish a system to collect and share cyberthreat intelligence using an integrated monitoring system.
Financial Supervisory Service (FSS) on the 4th said this at the "2026 digital and IT financial supervision briefing," attended by about 350 people from financial companies, electronic financial business operators, virtual asset service providers, and associations, stated accordingly.
Financial Supervisory Service (FSS) will strengthen analysis and assessment of vulnerabilities in electronic financial infrastructure and enhance its monitoring system by selecting high-risk financial companies for pinpoint and thematic inspections. It also plans to prepare "third-party IT risk management guidelines" and reflect them in IT examinations to bolster its response to emerging IT risks. To raise information security levels, it will tighten security accountability for the chief executive officer (CEO) and chief information security officer (CISO) and push to introduce punitive penalty surcharge and information security disclosure systems.
It will prepare guidelines for responding to major electronic financial incidents in the financial sector, establishing procedures to prevent the spread of consumer damage, a rapid recovery system, and measures to prevent recurrence when incidents occur. To strengthen digital resilience, it will enhance blind penetration testing and a bug bounty (vulnerability reporting reward) program to identify security weaknesses in advance, and expand joint disaster recovery switchover drills to mutual finance institutions, alternative trading systems, and cloud service providers.
Regarding artificial intelligence (AI) and data use, it will present an AI risk management framework (AIRMF) so financial companies can manage risks that may arise throughout the adoption and use of AI on their own. It also plans to establish ethical guidelines to strengthen fairness, transparency, and accountability in AI use and to devise measures to improve data combination quality and expand reuse so high-quality training data can be more easily secured and utilized.
In the electronic financial business sector, it will pursue institutional improvements to protect user rights and establish sound management, including expanding the disclosure scope to ease payment fee burdens and strengthening the obligation to notify merchant fee rates. It also plans to make prepaid business practices more user-friendly by raising refund ratios after the validity period expires, strengthening advance notices before statutes of limitations, and lowering minimum recharge thresholds. By actively using the authority to demand corrective action introduced by the amendment to the Electronic Financial Transactions Act, it will strengthen guidance on sound management for electronic financial business operators that fail to meet management guidance standards.
In the virtual asset sector, it will push to establish a user-protection-centered regulatory framework. To that end, it will support the enactment of the Digital Asset Basic Act (tentative name) and subordinate regulations and build a disclosure system for virtual asset issuance and transaction support so users receive sufficient information in a timely manner. It also plans to strengthen market surveillance by conducting planned investigations into high-risk areas such as price rigging by large investors that severely undermine market order.