금융IT 컴플라이언스 시스템 구축요소에 관한 탐색적 연구: 컴플라이언스 전문가 심층인터뷰를 중심으로

Recently, to respond to the advanced persistent threat (APT) and to strengthen internal control, financial policy institutions and national agencies are recommending the establishment and operation of effective financial information technology (IT) compliance systems with overall inspections and awareness of the problems of financial IT systems that are required of financial institutions. The institutions have compliance officers or information security officers for internal control tasks in accordance with Korean regulations and the guidelines of supervisory agencies, but specific guidelines and functional requirements for the establishment and operation of effective financial IT compliance systems are insignificant. Consequently, most domestic organizations are not recognizing financial IT compliance as an integral part of corporate management and are making only minimal investments, such as meeting the minimum requirements of the law. Therefore, this exploratory study was conducted with awareness of the following problem: “What are the components of the financial IT compliance system and what are the functional requirements for the development of this system?” As a result of in-depth interview with compliance experts, they suggested four functional and institutional requirements: (1) guaranteeing the real-timeliness and stability of financial IT compliance systems, (2) construction of a financial IT compliance system from the aspect of enterprise risk management, (3) organic cooperation and communication with other non-IT departments in the organization and preparation of quick response system, and (4) the need for investment for the construction and operation of an effective financial IT compliance system.