South Korea’s financial regulator will ease network separation rules to allow financial firms to deploy security-focused artificial intelligence in response to hacking concerns posed by advanced AI systems such as Anthropic’s “Mythos.” The authorities are also considering a full lifting of the rules for financial firms equipped with high-level security and AI capabilities.
The Financial Services Commission (FSC) said on the 24th that it held a “Roundtable on Financial Sector Security Threats Related to Advanced AI” on the 22nd of this month, chaired by Vice Chairman Kwon Dae-young. The meeting brought together AI and security experts and chief information security officers (CISOs) from major financial firms across banking, securities, and credit cards to discuss regulatory improvements. Since the Mythos issue surfaced in April this year, the FSC has held six rounds of discussions on responses to advanced AI security threats.
The FSC plans to swiftly ease network separation rules for security-purpose AI use, including identifying vulnerabilities through advanced AI and building defense systems via Security-as-a-Service (SaaS) solutions. Unlike their overseas counterparts, Korean financial firms are currently subject to network separation rules that require business systems and information processing systems within data centers to be isolated and blocked from external communication networks such as the internet. While such isolation can shield firms from attacks, it has fundamentally restricted the deployment of AI-based security systems, prompting the regulatory rollback.
Given the sweeping nature of the easing, eligibility will be limited to financial firms with a certain level of security capacity. The 49 firms required under the Electronic Financial Transactions Act to maintain a dedicated CISO — those with total assets of 10 trillion won or more and at least 1,000 full-time employees — will qualify. Selected firms will receive a one-year temporary exemption from the network separation rules.
The FSC will accept applications and conduct reviews in three rounds. Considering the urgent need to respond to advanced AI security threats, the first round will be limited to up to 10 companies, with procedures to be completed in June or July. The second round, targeting 10 to 20 companies, will be conducted in August or September, while the third round will take place in the fourth quarter based on remaining demand.
For financial firms with sophisticated security capabilities and AI proficiency, the FSC will also review and pursue a full lifting of the network separation rules through channels such as designated innovative financial services. By boldly easing regulations starting with AI-capable firms, the regulator aims to accumulate success cases and expand AI-driven transformation across the financial sector.
“Advanced AI security threats are like a cold virus — they cannot be completely blocked but must be managed as we live alongside them,” Vice Chairman Kwon said. “Just as we wear masks, building AI defense systems as routine cyber hygiene is the security habit the financial sector must adopt.”
Click Here For The Original Source.
