
Financial Services Commission Chairman Lee Eok-won said Friday that authorities will move quickly to draw up plans to fully lift network separation requirements for financial institutions with sufficient artificial intelligence and cybersecurity capabilities.
Lee made the remarks at an Information Security Day event hosted by the Financial Security Institute, where financial industry executives gathered to discuss joint responses to increasingly sophisticated AI-powered cyberattacks.
“The traditional approach of closing networks, restricting access and relying on reactive measures can no longer keep pace with evolving AI attacks,” Lee said.
“We need to build a system in which AI is used to defend against AI attacks,” he added, urging financial firms to use AI to identify system vulnerabilities quickly and respond immediately.
Lee said the FSC would continue AI security tests launched under emergency regulatory relief introduced in June and broaden participation by making the eligibility criteria more flexible.
“We will also move quickly to develop plans to fully lift network separation requirements for financial companies with sufficient AI and cybersecurity capabilities,” he said.
Korea’s financial institutions have long been required to physically separate internet-connected business networks from internal systems handling customer and transaction data. The safeguard is intended to prevent external cyberattacks from reaching sensitive financial systems.
The framework has been viewed as a pillar of financial cybersecurity, but financial firms say it has become a major obstacle to deploying generative AI and cloud-based services. Regulators also increasingly view AI as essential to cyber defense as attacks become more sophisticated, adding momentum to calls for easing the rules.
Lee first said in June that the government was considering fully lifting the rules for firms with advanced AI security capabilities by year-end. The temporary relief now allows 10 large financial institutions, including major banks, brokerages and insurers, to use externally connected high-performance AI systems for cybersecurity tasks such as vulnerability testing.
Lee on Friday also urged financial company CEOs and boards to increase security investments, secure specialist personnel and take greater responsibility for continuous monitoring, cyberattack simulations and other security operations.
He said the FSC would push revisions to the Electronic Financial Transactions Act to introduce punitive surcharges and enforcement fines for hacking incidents, strengthen the authority of chief information security officers and expand consumer disclosure.
The regulator also plans to draft a Digital Financial Safety Act aimed at closing gaps in cybersecurity oversight.
A recent Korea Institute of Finance report warned that AI-powered cyberattacks could escalate from firm-level operational risks to broader systemic threats, calling for wider use of AI security tools and zero-trust frameworks rather than relying solely on traditional network separation.





