Chairman Lee Eog-weon of the Financial Services Commission held a meeting with the CEOs of five major financial holding companies on June 10 and discussed ways to effectively respond to cybersecurity threats and voice phishing (vishing) attacks in an era of AI transformation (AX). At the meeting, Chairman Lee and the heads of financial holding companies discussed the risk of cybersecurity threats posed by frontier AI and deepfake vishing scams and ways to effectively respond to these newly emerging digital threats to help propel AI transformation in the financial industry.
In his opening remarks, Chairman Lee talked about both challenges and opportunities presented by AI transformation and pointed out major threats posed by frontier AI models, such as Claude Mythos, as well as deepfake vishing scams that take advantage of AI technology. In this regard, Chairman Lee said that the government has put in place diverse measures and policies intended to bolster the AI-driven defense capabilities against AI attacks. For instance, the network separation rule will be eased for financial companies for their AI cyber defense purposes, and the utility of the AI-based anti-phishing sharing & analysis platform (ASAP) has been ramped up to more effectively detect and prevent newly emerging types of phishing attacks. Moreover, Chairman Lee said that the government is planning to quickly introduce the strict liability rule in the financial sector to make financial companies more responsible and remedies more effective for victims.
To strengthen the financial industry’s response capacity against newly emerging digital threats in an era of AI transformation, Chairman Lee asked the financial holding companies to take the following steps.
First, in response to cyber threats posed by frontier AI, financial holding companies are urged to actively participate in AI cybersecurity tests prepared by the government and take follow-up steps as deemed necessary. In preparation for the complete lifting of the network separation rule, financial holding companies are urged to draw up specific plans on how they intend to use AI in their business operations. Moreover, financial holding companies should make utmost efforts to put in sufficient manpower and resources to make sure that their anti-phishing procedures extend to newly emerging phishing scams in close cooperation with the law enforcement agency and the Korea Financial Intelligence Unit (KoFIU). To further enhance the utility of the ASAP, financial holding companies should also seek to generate useful information about phishing scams, such as types of illicit activities and patterns of transactions, to be shared among them and with the government.
Second, it is necessary for financial holding companies to make active efforts and continuous investments to make sure that their own subsidiary companies are all equipped with an adequate level of AI cybersecurity capacity. In this regard, financial holding companies should oversee the management of cybersecurity hacking tests and risk-based response strategies for individual subsidiaries and make sure that they are strictly adhering to the basic principles and protocols of cybersecurity maintenance. In addition, information sharing about phishing attacks should be promoted between subsidiaries to effectively cut off illicit activities. Also, it will be desirable for financial companies to come up with their own insurance plans to help strengthen protection for victims.
Third, since AI transformation requires venturing into an unknown path that is ridden with challenges and obstacles, financial companies that are highly capable and equipped with sufficient resources need to take bold steps first to set successful precedents for the rest to follow suit. In this regard, taking advantage of various policy measures introduced by the government, including the easing of the network separation rule, financial companies are strongly encouraged to adopt AI to make fundamental improvements to their operations and make financial services more productive, more inclusive, and more trustworthy.
The government will work to ensure a seamless implementation of the policies in support for AI transformation of the financial industry and continue to have close engagement and communication with the financial sector to seek additional measures.
* Please refer to the attached PDF for details.