Procedures for Amending Subordinate Regulations of Corporate Governance Act That Introduces Responsibilities Map Completed and Effective Since July 3, 2024

An amendment to the Act on Corporate Governance of Financial Companies (the “Corporate Governance Act”), which took effect on July 3, 2024 (the “Amendment”), provides for the enhancement of the internal control system and spurs changes to the business practices of financial institutions. Specifically, the Amendment (i) introduces a responsibilities map (the “Responsibilities Map”) regime, (ii) imposes internal control and risk management obligations (the “Internal Control Obligations”) on the officers of financial companies and requires the representative director of the financial companies to supervise the implementation of the Internal Control Obligations, (iii) strengthens the role of the board of directors in monitoring and overseeing internal control matters and requires the establishment of an internal control committee (the “Internal Control Committee”) within the board of directors, and (iv) imposes personal sanctions on officers who breach their management obligations under the Internal Control Obligations.

To specify the matters delegated under the Amendment, the Financial Services Commission (the “FSC”) issued a notice of proposed amendment to (i) the Enforcement Decree of the Corporate Governance Act, and (ii) the “Regulations on Supervision of Corporate Governance of Financial Companies” (the “Regulations,” together with the Enforcement Decree, the “Subordinate Regulations”) on February 13, 2024. The FSC announced a revised proposed amendment to the Enforcement Decree on May 24, 2024, and the amendment procedures for the Enforcement Decree and the Regulations were completed on June 18, 2024 and June 26, 2024, respectively.

The amended Subordinate Regulations set forth the following: (i) the statutory basis for establishing “responsibilities” and the definition of “responsibilities,” (ii) details of the managerial duties, including the Internal Control Obligations imposed upon the officers and representative director, (iii) matters related to the Internal Control Committee, and (iv) the deadline for submitting the Responsibilities Map.

The Amendment aims to promote the responsible management of financial institutions and establish effective internal controls in light of a series of recent financial incidents, including the mis-selling of private equity funds and large-scale embezzlement, despite the existing obligations to establish internal control standards under the previous Corporate Governance Act. The amendment to the Subordinate Regulations aims to further specify the content of these amendments.

The key points of the amendment to the Subordinate Regulations of the Corporate Governance Act are as follows:

Statutory Basis for Establishing and Defining “Responsibilities”

The Amendment adds 14 laws and regulations, including the Act on the Protection of Virtual Asset Users, to the preexisting 51 laws and regulations that constitute the “financial regulatory laws.” These laws serve as the basis for (i) the qualification standards for executives, compliance officers and risk management officers of financial companies, and (ii) the responsibilities under the Amendment. Moreover, the amended Enforcement Decree specifies eight “finance-related laws and regulations” (including the Personal Information Protection Act), which in addition to the “financial regulatory laws,” serve as the basis for establishing “responsibilities.” The amended Regulations provide the grounds for delegating the authority to add new statutes to the “finance-related laws and regulations.”

Annex 1 of the amended Enforcement Decree defines the term “responsibilities” as the obligations to implement and manage the Internal Control Obligations with respect to the matters that financial companies or their officers and employees must comply with under the finance-related laws and regulations. It further categorizes such responsibilities into (i) “responsibilities generally performed by a designated officer,” (ii) “responsibilities related to financial business,” and (iii) “responsibilities related to business management.” In addition, a financial company may amend the scope of responsibilities set forth in Annex 1 appropriately by sub-categorizing or consolidating them depending on its organizational structure, business nature and scope of business.

Details of General Management Measures Such as Internal Control Obligations for Officers and Representative Directors

The amended Subordinate Regulations stipulate that officers of financial companies who are responsible for the Internal Control Obligations (i.e., those required to be included in the Responsibilities Map) will (i) exclude outside directors (except for the board chair), and (ii) include compliance officers, chief risk management officers and any other employees in a supervisory/managerial role equivalent to that of an officer (only if there is no officer in charge of the relevant duties).

In addition to the management measures set forth under the Amendment, the amended Subordinate Regulations set forth additional management measures to fulfill the Internal Control Obligations that should be performed by officers. Specifically under the amended Subordinate Regulations, officers are required to (i) inspect whether necessary measures, such as corrective/improvement measures, are being taken to address insufficient compliance, (ii) provide other officers and employees with necessary education or training to ensure that they comply with the internal control standards, and (iii) request the financial company to investigate and take disciplinary action against officers and employees if they become aware of any failure to comply, or insufficient compliance, with laws and regulations or the Internal Control Obligations.

In addition, the amendment to the Subordinate Regulations sets forth details of the obligations of the representative director of a financial company to implement and manage the Internal Control Obligations by taking measures to (i) address potential risk factors and areas of insufficient compliance, and (ii) prevent prolonged, repeated, systematic or extensive breaches of laws and regulations.

Matters Related to Internal Control Committee

Under the Amendment, the Internal Control Committee to be established within the board of directors may delegate to the audit committee and the risk management committee the duty to inspect and evaluate the management of the representative directors and officers and to take improvement measures to address insufficient compliance. The amended Enforcement Decree clarifies that the existing internal control committee established under Article 19 (2) of the old Enforcement Decree of the Corporate Governance Act and chaired by the representative director, will continue to exist for up to one year from the effective date of the amended Enforcement Decree until the Internal Control Committee is established within the board of directors in accordance with the amended Corporate Governance Act.

Matters Related to Deadline for Submitting Responsibilities Map

The amended Enforcement Decree (in addition to the Addenda to the amended Corporate Governance Act) establishes that (i) financial investment companies (with assets under KRW 5 trillion and managing combined collective investment, discretionary investment and trust assets totaling less than KRW 20 trillion), (ii) insurance companies (with assets under KRW 5 trillion), (iii) mutual savings banks (with assets of KRW 700 billion or more), and (iv) financial companies specializing in loan business (with assets of KRW 5 trillion or more) must submit the Responsibilities Map by the second anniversary of the effective date of the amended Enforcement Decree. Other financial companies will be required to submit their Responsibilities Map by the third anniversary of the effective date.

The amendment to the Enforcement Decree took effect on July 3, 2024, together with the Amendment. In light of the amendments to the Subordinate Regulations, we encourage all affected companies to take steps to prepare for and to comply with the new requirements under the Amendment, including the submission of the Responsibilities Map and the implementation of management measures such as the Internal Control Obligations.

In particular, the requirements under the Amendment (e.g., submission of the Responsibilities Map and the requirement to implement the Internal Control Obligations), can be interpreted as an attempt to move towards a “principle-based regulation.” This approach encourages financial companies to prepare and determine the details of such requirements on their own under established principles. Each financial company should prepare its own Responsibilities Map in compliance with laws and regulations and establish management measures to fulfill the Internal Control Obligations and reporting systems, taking into account its business, organization and nature of business.

The term “responsibility” as it pertains to the Responsibilities Map is defined as “responsibility for the execution and operation of the Internal Control Obligations based on the Corporate Governance Act, the Korean Commercial Code, the Korean Criminal Act, financial regulatory laws and financial-related laws.” Therefore, the scope of “responsibility” is to be defined under relevant laws and regulations, and whether officers performed their duty to adequately manage the Internal Control Obligations with “reasonable care,” which is the standard for reduction/exemption of penalties, will similarly be determined in accordance with applicable laws. Accordingly, impacted financial companies are advised to thoroughly review relevant legal issues and prepare for the Amendment, including the preparation and submission of the Responsibilities Map.

[Korean Version]

Share

Professionals

Professionals