South Korea’s Financial Services Commission (FSC) has introduced revised conduct standards governing artificial intelligence use across the financial sector, establishing human accountability for AI decisions as a formal regulatory expectation – though the framework is self-regulatory for now, with binding rules under consideration.
The FSC introduced the revised guidelines at a meeting on AI transformation, or AX, held June 18 with representatives from financial holding companies, card companies, electronic financial service providers, related organizations, and research institutions. The guidelines took effect June 22, 2026.
The framework applies to all financial companies, including fintech businesses, and covers seven areas: governance, legitimacy, human supervision, data and model credibility, financial stability, good faith conduct, and security. Companies are expected to assess their own resources, scope of AI use, and service risk levels before determining how to apply the principles. AI systems classified as high-impact or falling under the Framework Act on the Development of Artificial Intelligence and the Creation of a Foundation for Trust are subject to mandatory requirements.
For insurers, two principles carry particular operational weight. The human supervision principle designates AI as an assistive tool and places final decision-making authority with a human supervisor. For insurance companies using AI in underwriting, claims assessment, or customer-facing services, this creates a clear organizational requirement: someone must be accountable for what the AI recommends or decides. The guidelines do not specify how that accountability should be structured internally, but the FSC has indicated it will address the question of AI responsibility and authority in future rule-making. The security principle requires not only that cybersecurity standards be established, but that they be subject to continuous review and improvement. For insurers managing large volumes of policyholder data, this is an ongoing operational obligation rather than a one-time compliance exercise.
The remaining principles – governance, legitimacy, credibility, financial stability, and good faith – establish baseline expectations that align with existing regulatory obligations in most insurance contexts, though the governance principle places explicit responsibility on CEOs and executives to take an active role in overseeing AI development and deployment. The Financial Supervisory Service (FSS) will publish an AI risk management framework and the Financial Security Institute (FSI) will release an AI security guidebook to accompany the guidelines. An AI guidelines helpdesk will be available to field compliance questions.
The current framework is self-regulatory, but the FSC has indicated it is an interim step. At the June 18 meeting, FSC vice chairman Kwon Dae-young said that as AI agents take on greater roles in recommending financial products, processing subscriptions, and handling payments – functions central to insurance operations – authorities will consider ways to prepare rules on the responsibility and authority of AI. What is discretionary today may not remain so.
Also at the June 18 meeting, Kwon identified accountability as a central concern in the framework the FSC intends to build, calling for clear lines of responsibility and authority for financial companies, with international regulatory consistency factored in to support fair competition across borders. He also raised the question of using AI to supervise AI agents as a consumer protection mechanism – an approach that would have direct implications for how insurers structure their compliance and governance functions.
Kwon said the rules must create a level playing field so that AI use neither confers an unfair competitive advantage nor imposes an unfair burden, and that risk management systems must be in place ahead of problems, given that AI-related cybersecurity threats can emerge rapidly and at scale. Authorities also intend to accelerate the easing of network separation requirements for AI cybersecurity purposes and pursue changes to rules on personal credit data consent and data pseudonymization. Once preparatory work is completed, the FSC plans to test AI agent operations through the financial regulatory sandbox before any wider implementation.
The security principle’s requirement for continuous cybersecurity improvement does not exist in isolation. At a separate meeting held May 22, the FSC announced a phased easing of network separation rules, allowing qualifying financial companies to deploy advanced AI models and cloud-based security tools for cybersecurity purposes – the practical infrastructure that would enable insurers to meet the security principle’s ongoing obligations.
Forty-nine institutions with at least 10 trillion Korean won in assets and a regular headcount of 1,000 or more are eligible, with reviews proceeding in three phases through the fourth quarter of 2026. For insurers that fall within the eligibility threshold, this represents an immediate option to establish AI-driven security infrastructure aligned with the new guidelines. For those that do not qualify, the FSI will provide AI vulnerability assessments for up to 17 companies through July.
At the May 22 meeting, Kwon said the AI transformation in the financial industry “involves a fundamental shift in how financial services are delivered,” and acknowledged that full immunity from AI-driven cybersecurity threats is not achievable, making consistent cyber hygiene practices a necessity for all financial companies. Qualifying insurers that move promptly through the process could have expanded cybersecurity tools in place before the FSC advances toward binding AI rules – making the network separation easing and the June guidelines part of a single compliance preparation window.
That window is only useful if institutions have the personnel to act on it. Aon’s Human Capital Trends Study, published in June 2026 and drawing on responses from 504 business and HR leaders across Asia Pacific markets – including Australia, China, Hong Kong, India, Malaysia, the Philippines, and Singapore – found that 74% of organizations in the region had deployed or were piloting AI, slightly above the global figure of 73%. However, only 21% said they were confident in their ability to recruit and retain adequate AI talent, below the global average of 24%. “Insufficient investment in skills and workforce planning is constraining the value organisations can realise from AI,” said Tim Dwyer, head of Human Capital in APAC for Aon.
While the Aon data covers the broader APAC region and does not speak specifically to Korea or to the insurance sector in isolation, the structural challenge it describes is relevant context for Korean insurers now working through the FSC’s framework. The human supervision principle assumes that qualified personnel are in place to oversee AI systems. The governance principle assumes that executives have the technical literacy to discharge their oversight responsibilities meaningfully. The security principle assumes ongoing institutional capacity to review and upgrade cybersecurity measures. Each of these assumptions is harder to meet in an environment where AI talent is scarce.
For Korean insurers, the window between the current voluntary framework and any future binding rules is also a window to close that gap. Workforce readiness is not a separate concern from regulatory compliance – it is a precondition for it.
