금융회사 이사의 내부통제관리의무에 관한 연구 - 금융사지배구조법 2024년 1월 개정 내용을 중심으로 -

In January 2024, the government amended Act on Corporate Governance of Financial Companies (‘the Act’) to impose internal control management duty on directors of financial companies in accordance with a responsibilities map and to impose administrative sanctions for violations. This paper aims to analyze the legal nature of the internal control management duty of directors of financial companies introduced through the amendment and explain the legal effects of violations of such obligations, so that financial companies and financial supervisory authorities can operate the system based on them and contribute to achieving the purpose of the Act. The internal control management duty of directors of financial companies is a duty of care, a type of fiduciary duty recognized by the courts in the United States and Korea, and is specifically an obligation to establish and effectively operate an internal control system. Compliance with financial regulations is an essential and mission critical part of a financial company’s business. Directors of financial companies are required to fulfill their internal control management duties to achieve the objectives of internal control, including protecting financial consumers and ensuring financial soundness. The internal control management obligation of directors of financial companies under the Act means that the duty of care, which is the duty of care of directors under Commercial Code, is imposed on them as administrative law obligations in parallel. While the duty of supervision of directors is to monitor the performance of other directors, the duty of internal control management in a responsibilities map is to continuously perform control activities to ensure compliance with laws and risk management standards for the business under their jurisdiction. Directors of financial companies are required to establish an internal control management system and perform monitoring functions for legal compliance and risk management on a continuous and systematic basis. Failure to fulfill these obligations constitutes a breach of internal control management duty. Administrative sanctions are imposed for violations of internal control management duty. Financial supervisory authorities should be careful not to operate the system on a strict liability basis. In addition, derivative lawsuits based on Commercial Code may be filed for violation of internal control management duty, which may result in liability for damages. With regard to civil liability for damages, the doctrine of incomplete performance under Civil Code can be applied to determine whether there were acts or omissions of the directors of the financial company that made it impossible to achieve the purpose of internal control in the continuous and repeated performance of work, whether the directors were culpable in this regard, and whether the financial company suffered damages. In addition, in order to establish liability for damages, the damages must be caused by a substantial causal relationship. The amendments to the Act are expected to contribute to the protection of financial consumers and the financial soundness of financial companies if the internal controls of financial companies are ‘effective’, thereby enhancing public trust in the financial industry and contributing to financial stability.