Loading market data...
Wednesday, July 1, 2026
Back to HomeNews

Korea to Scrap Banks' 'Network Separation' Rule by Year-End

By MinJeKim0 views
Share
Korea to Scrap Banks' 'Network Separation' Rule by Year-End

Korea's FSC (Financial Services Commission, the country's top financial regulator) said on June 10 it will pursue a full removal of the long-standing "network separation" mandate — the rule that bars financial firms' internal work systems from connecting to the internet — for a tightly screened group of institutions with advanced AI and security capabilities, with implementation targeted within 2026.

What is actually changing

Network separation (망분리) requires Korean financial firms to physically isolate internal business systems from external networks such as the internet. The constraint has shielded lenders from intrusions but also blocked them from deploying internet-connected, AI-based security and cloud tools. FSC Chairman Lee Eok-won, speaking at a hacking and voice-phishing roundtable hosted at the Korea Federation of Banks (Korea's main banking-industry body), framed the shift around a single idea: "AI attacks must be defended with AI" (per Chosun Biz).

The FSC is moving in two stages. First, a temporary one-year easing for firms that apply to use AI for security purposes — subject to expert review, an FSC report, and a no-action letter — began rolling out from June. Applications are being processed in three rounds: up to 10 firms in June–July, 10 to 20 firms in August–September, and the remainder in the fourth quarter (per Seoul Economic Daily). Second, and more far-reaching, the FSC said it will pursue an outright, permanent removal of the rule for a strictly selected subset of firms by year-end.

For whom

Eligibility is narrow. According to Seoul Economic Daily, the temporary-easing track is open to firms with total assets of ₩10 trillion ($7.3 billion) or more, at least 1,000 full-time employees, and a dedicated Chief Information Security Officer — criteria that roughly 49 institutions currently meet. The big-five financial holding groups whose leaders attended the June 10 meeting sit squarely inside that set: Jin Ok-dong of Shinhan Financial Group (055550.KS), Ham Young-joo of Hana Financial Group (086790.KS), Lim Jong-yong of Woori Financial Group, Lee Chan-woo of NH NongHyup Financial, and Lee Hwan-joo, head of KB Kookmin Bank, all joined alongside the Korea Federation of Banks chairman (per Chosun Biz).

Why the urgency now

The rethink was accelerated by a specific threat. Anthropic's "Mythos," a security-focused frontier AI model that surfaced in April 2026, raised regulator concern that advanced models could be weaponized for hacking faster than air-gapped defenses can respond (per Seoul Economic Daily). The original rule has its own origin story: it was introduced after the March 20, 2013 cyberattack that froze systems at Korean broadcasters and financial firms — including Shinhan Bank — damaging some 32,000 computers and servers and causing an estimated $750 million in economic damage (per Wikipedia's account of the 2013 attack), and the requirement was subsequently codified through the FSC's Electronic Financial Supervisory Regulation (전자금융감독규정), with financial firms required to complete physical network separation by 2014. The current move marks an attempt to unwind, for the most capable firms, a control that has stood for over a decade.

Second-order effects

Lifting separation is the gateway to internet-connected generative AI, cloud and Security-as-a-Service tools inside core banking environments — capabilities Korean lenders have struggled to adopt under the existing regime. The June 10 meeting paired the deregulation with tighter consumer-protection commitments: an expansion of ASAP (the bank-led AI-based anti-Phishing Sharing & Analysis Platform launched in October 2025) to pull in telecom and investigative data, integration of anti-phishing patterns into firms' fraud detection systems (FDS), and a pledge to expedite a "no-fault liability" framework that would strengthen remedies for phishing victims (per Chosun Biz). The trade-off is explicit: relax the perimeter, but raise institutional accountability for breaches and scams.

Not everyone benefits equally. The asset and headcount thresholds exclude smaller fintechs, several of which have publicly questioned whether they will gain comparable access to AI security tools under the new regime (per Korean trade-press coverage of the easing).

What to watch

The near-term confirmation point is the first-round list: which of the roughly 49 eligible firms clear expert review and receive no-action letters in the June–July window, and how quickly. The larger question is whether the FSC follows through on a permanent, full removal of network separation by year-end — a step that, if enacted, would reset the baseline security architecture for Korea's largest banks rather than merely granting case-by-case exemptions.


This article is for informational purposes only and does not constitute investment advice. Figures are sourced from the cited publications and were accurate as of publication; currency conversions use an approximate rate of 1 USD = 1,370 KRW.

NewsFinanceMarkets

Go deeper than the headline

You just read what happened. Here's how to read what it means.

This company

Full report on Shinhan Financial Group

We read Shinhan Financial Group's latest DART filing in full — financials under K-IFRS, governance, and what it means for the stock. PDF in your inbox in 30–40 min.

$12 · one-time

Get the Shinhan Financial Group report
Every name you watch

Follow the whole market

Reading several Korean stocks a week? Get on-demand analysis on any KOSPI or KOSDAQ company, whenever you need it.

$9.99 · monthly

Subscribe

Independent journalism based on primary DART filings — not investment advice. No brokerage affiliation.