TLDR: South Korean banks are facing significant challenges in fully integrating generative AI technologies into their operations due to persistent cybersecurity concerns and stringent regulations. While banks recognize the potential for enhanced efficiency and customer service, the risks associated with data privacy, “hallucinations,” and the increasing sophistication of AI-powered cyber threats are prompting a cautious approach from both financial institutions and regulators.
South Korean commercial lenders are grappling with considerable difficulties in the widespread adoption of generative artificial intelligence (AI) technologies within their financial services. A primary impediment is the current regulatory framework, which prohibits the use of full, unencrypted personal credit information, according to market observers. Despite the embrace of generative AI for applications such as credit risk assessment and employee assistance in customer consultation services, the inherent risk of “hallucinations” — where AI generates inaccurate or fabricated data — renders vast amounts of rich datasets unusable.
The Financial Services Commission (FSC) is reportedly delaying its plans to permit the use of unencrypted data in generative AI-mediated financial services, pushing the timeline from the latter half of this year to next year. This cautious stance underscores the critical need to balance technological innovation with robust security measures, particularly concerning network separation. Under existing law, financial service providers must secure regulatory sandbox approval from the FSC to deploy generative AI services within their internal servers and networks, and even then, only encrypted data is permissible for use.
An official from Woori Financial Group commented on the transformative potential, stating, “Generative AI adoption is a paradigm change. Full deregulation will help guarantee enhanced customer service and workflow efficiency, despite lingering unresolved cybersecurity and privacy risks.” The official further noted that less experienced employees could significantly reduce the time spent assisting customers, thereby boosting productivity. “We expect more AI-mediated services to boost our overall support capabilities,” the official added, acknowledging the delays in regulatory changes for the financial sector’s network separation.
Conversely, an industry official, speaking anonymously, acknowledged the financial authorities’ prudence, stating, “It is understandable that the financial authorities are taking a cautious approach, mindful of potential fallout triggered and amplified by a lack of regulatory fallback. However, delays in technology implementation will inevitably lead to delays in service quality improvements overall.” Last December, the FSC initiated a pilot program, allowing nine financial service providers to use encrypted personal data for generative AI services within their internal networks.
Broader industry trends reinforce these concerns. A KPMG 2025 Banking Technology Survey revealed that as cyberattacks escalate in frequency, banks are prioritizing immediate investments in fraud and security protection while simultaneously deploying Generative AI to enhance digital offerings. The survey indicated that 89% of banking executives are increasing their cybersecurity budgets, and 75% reported an increase in cyberattacks on their banks in the past year. When asked about the top challenges in deploying GenAI, 61% cited security and compliance issues.
Also Read:
- AI Agents Revolutionize Cybersecurity: A New Era of Human-Machine Collaboration Emerges
- Corelight Advances Cybersecurity with Generative AI for Enhanced Threat Detection
Furthermore, a recent Accenture survey highlighted that 80% of cybersecurity executives at large global banks believe generative AI is empowering attackers faster than banks can respond. More than half (54%) of security executives admitted that their bank’s business reinvention efforts have introduced more security vulnerabilities, with only 32% embedding security controls into all initiatives by design. Specific threats include AI-powered fraud and social engineering, with deepfake fraud posing a significant risk by potentially bypassing voice authentication systems or authorizing fraudulent transactions through AI-generated audio and video impersonations. Banks are urged to embed security into product design and leverage real-time threat intelligence to combat these evolving threats effectively.
