 |
Photo courtesy of Shinhan Bank |
[Alpha Biz= Kim Jihyun] The Financial Supervisory Service (FSS) has imposed a total of KRW 246 million in fines on four banks—Shinhan Bank, Woori Bank, Suhyup Bank, and Standard Chartered Bank Korea—for violating mandated safety requirements for electronic financial transactions.
According to regulatory sanctions disclosed on December 8, the FSS recently levied a KRW 96 million fine on Shinhan Bank in connection with two electronic banking system outages that occurred in 2022.
On March 14, 2022, a department within Shinhan Bank changed the access control program settings on its core banking database server without the required approval. The unauthorized configuration caused system overload and led to an 86-minute shutdown of all electronic financial services.
A second incident occurred on September 7 the same year, when a performance enhancement task was implemented without sufficient testing, resulting in a 118-minute service outage affecting all electronic transactions except simple inquiries.
Standard Chartered Bank Korea was fined KRW 60 million for insufficient emergency response procedures and inadequate system management, which led to repeated interruptions in external service operations.
Woori Bank received a KRW 50 million fine for violating network separation requirements. Between August and October 2021, the bank allowed an external vendor to access the internet from 444 terminals within its data center approximately 1.63 million times for system development purposes—an action deemed noncompliant with physical network separation rules.
Under Article 21 of the Electronic Financial Transactions Act, financial institutions must physically separate terminals directly connected to the information processing systems in their data centers from external communication networks.
Suhyup Bank was fined KRW 40 million for inadequate backup of electronic data and violations of network separation rules. Between 2019 and 2023, the bank failed to establish proper protection measures for the electronic data of its outsourced internet banking channel, resulting in critical program source files and other essential system data not being backed up or stored separately.
All sanctions were finalized as monetary penalties without heavier disciplinary measures such as institutional warnings. However, certain executives at Woori Bank and Suhyup Bank received “cautionary” administrative notices.
A Shinhan Bank representative told AlphaBiz, “Following the past incidents, we strengthened our pre-verification procedures by third parties for infrastructure changes, and now require thorough transaction testing before implementing any database-related work. We are reinforcing our overall IT controls to prevent recurrence of similar incidents.”
Alphabiz 김지현 기자(ababe1978@alphabiz.co.kr)
