금융회사의 지배구조에 관한 법률에서의 내부통제- 바젤은행감독위원회의 은행지배구조지침과의 비교를 중심으로 -

Internal control had a legal meaning in relation to the responsibility of the directors since the U.S. established the Federal Sentencing Guidelines in 1991, this measure was extended to mitigate the liability for damages caused by the negligence of the directors’ monitoring obligations when the company suffered losses in 1996. Korea’s internal control system was the beginning of the early 2000s when matters concerning internal control standards and compliance managers were enacted under financial acts. The concept of internal control is generally defined as a procedure that is influenced by the Board of Directors, management and other executives of the Company and designed to provide reasonable assurance in meeting the goals of the Company's management, financial reporting and compliance, the current ‘Act on Corporate Governance of Financial Companies’ stipulates ‘the standards and procedures that financial company executives and employees must follow when performing their duties in order to comply with the law, to ensure sound management and to protect shareholders and stakeholders’. In other words, internal control means internal management for the company to manage management risks on its own, and such internal management includes compliance monitoring to manage risks for legal breaches, risk management for financial transactions and internal accounting. The regulations concerning internal control of the current law are considered to be somewhat inadequate in comparison to the BCBS' 'Corporate governance principles for banks' in terms of strengthening the board's oversight on internal control, also since there is confusion in the status of compliance officers and risk management officers of the companies responsible for internal control, the following improvement is necessary. First, it is necessary to explicitly state that the ultimate responsibility for internal control is the Board of Directors and that the Chief Executive Officer is responsible for implementing the basic policies concerning internal control as determined by the Board of Directors. Second, it is necessary to define the provisions of the Internal Control Committee in the form of a law, not an enforcement decree. Third, it is deemed desirable for a unified application of the Act to be made by the Board of Directors to appoint an internal accounting officer from among the in-house directors or (major) operating officers, the same as the compliance officer and the risk management officer. Furthermore, it is also necessary to consider appointing a compliance officer among the major operating officers, considering their relationship with the risk management officer. Fourth, it is necessary to clarify the relationship between internal control personnel and the Board of Directors or the committees within the Board, and I believe that ultimately it may be an alternative for them to be appointed among the executive directors. Fifth, the roles of the Audit Committee and the Risk Management Committee on Internal Control and Risk Management need to be more actively defined and aligned to be organized to assume a duty of care.