This paper analyzes the rise of Banking-as-a-Service (BaaS) as a key enabler of embedded, everyday finance in the context of mobile-first distribution and open-API regulation (e.g., PSD2 and the Consumer Data Right). BaaS is defined as the provision of bank-licensed infrastructure and functionalities via APIs, allowing third parties to assemble and deliver financial services; it is differentiated from open banking (primarily data sharing) and neobanks (bank-led digital transformation). The paper outlines the industry and regulatory drivers of BaaS adoption, emphasizing banks’ strategic use of partnerships to extend service reach under constraints such as compliance, privacy, and legacy systems. It characterizes prevailing implementation models (B2B and B2B2C) and the required technical stack, including API gateways, developer portals, and sandboxes, and highlights the need for API-centric core banking architectures and strengthened identity, access control, and data-security capabilities. Comparative case evidence from major international providers illustrates the expansion of BaaS use cases across payments, card issuance, credit assessment, lending, and digital identity. The paper further discusses the Korean market, where service diversification remains constrained but is expanding through bank-led open-API platforms and embedded partnerships with large consumer platforms. Finally, it proposes a forward-looking trajectory toward hyper-personalized embedded finance supported by digital twins and IoT-enabled “zero interfaces,” with implications for proactive financial services and risk management.

○ Since the onset of the pandemic, the accelerated digital transformation and expansion of LLM-based cyberattacks have significantly increased cyber risk exposure across all industries. ○ Recent large-scale personal data breaches demonstrate that security failures at companies with de facto 'societal infrastructure status', such as those in the information and communications technology (ICT) sector and digital platforms, spread across all industries, finance and society. This represents a new form of 'systemic cyber risk'. ○ Big Tech and large digital platforms possess systemically important technologies; their information security failures could thus cause structural shocks similar to systemic risks in financial systems. ○ While the systemic nature of cyber risks has expanded global demand for cyber insurance, the insurance industry's underwriting capacity is being hampered by increasing cumulative risks and state-sponsored attacks. ○ In Korea, while fines for personal data breaches are substantial, liability compensation amounts are very low, limiting corporate civil liability risks. This creates a structural problem where sufficient incentives for cyber insurance adoption are not formed. ○ To address systemic cyber risks, companies must strengthen enterprise-wide risk management systems, insurers must secure security and underwriting expertise, and the government must establish policy foundations such as disclosure requirements, punitive damages, and public-private cooperative insurance programs. ○ Financial authorities must introduce ‘cyber risk stress tests’ based on extreme cyber incident scenarios. This is necessary not only to assess the systemic vulnerabilities of financial institutions but also to quantitatively manage the impact of cyber incidents at big tech and platform companies on financial stability.

Concerns are mounting regarding systemic cyber risks that are expanding beyond the confines of individual companies to encompass entire systems. This phenomenon is precipitated by the rapid advancements in digital transformation and the widespread dissemination of artificial intelligence. This study employed a SEIR model to analyze the chain reaction of cyberattacks and empirically identify the impact of resulting unreported incurred but not reported (IBNR) losses on insurers' solvency. An analysis of 232 ransomware incidents in the financial and IT sectors revealed that higher corporate resilience curbs total losses, while shorter incident reporting delays enable more stable loss management. It is noteworthy that insurers experienced a precipitous decline in their solvency ratio when resilience was low and dependence on the financial sector was high. This impact was more pronounced among small and medium-sized insurers. This study posits that prevailing insurance regulatory frameworks, such as Solvency II, are inadequate in adequately reflecting the distinctive characteristics of cyber risk. To address this, the proposal entails the incorporation of policyholders' security investment levels and recovery capabilities into the underwriting process. The report further proposes the establishment of standards within the prevailing solvency regulation system that reflect the unique characteristics of cyber risk. The implementation of these standards would facilitate the management of reporting delay effects and fat-tail risks. The report further proposes the implementation of a mutual reinsurance system, with the objective of safeguarding small insurers undertaking cyber risk underwriting activities.

This paper examines the escalating threat of cyber risk amid accelerating digital transformation and the widespread adoption of AI, framing it as a prominent form of emerging risk. It outlines the unique features of cyber risk—rapidly evolving threats, high systemic interconnectivity, and challenges in risk quantification—and reviews global market trends, noting the maturity of U.S. and European cyber insurance markets compared to Korea’s underdeveloped landscape. The study proposes a comprehensive framework for Korea, including standardized definitions and classification systems, integrated internal–external cyber risk databases, data-driven assessment models incorporating firmographics and quantitative security metrics, and the development of specialized cyber risk assessment institutions. It emphasizes the necessity of public–private collaboration, regulatory support, and ecosystem building to enhance resilience, improve underwriting accuracy, and foster sustainable growth in the domestic cyber insurance market.

This article analyzes global cyber risk trends and the evolving cyber insurance market, emphasizing the rapid increase in cyber risk exposure since the COVID-19 pandemic, driven by digital transformation and AI adoption. It details the structural characteristics of cyber risks—high interconnectivity, accumulation potential, and difficulty in quantification—and compares the responses of mature markets like the U.S. and EU with Korea’s relatively nascent market. The article recommends establishing standardized risk definitions and classification systems, expanding and integrating internal/external cyber incident databases, developing advanced risk assessment and pricing models, and fostering specialized assessment institutions. It concludes that coordinated public–private partnerships, regulatory frameworks, and improved market infrastructure are essential to enhance resilience, enable effective underwriting, and stimulate the sustainable growth of Korea’s cyber insurance market.

The COVID-19 pandemic has changed the level of the received risk of the public and their social behavior patterns since 2020. This study aims to investigate temporal changes of online search activities of the public about shopping products, harnessing the NAVER DataLab Shopping Insight (NDLSI) data (weekly online search activity volumes about +1,800 shopping products) over 2017–2021. This study conducts the singular value decomposition (SVD) analysis of the NDLSI data to extract the major principal components of online search activity volumes about shopping products. Before the pandemic, the NDLSI data shows that the first principal mode (15% of variance explained) is strongly associated with an increasing trend of search activity volumes relating to shopping products. The second principal mode (10%) is strongly associated with the seasonality of monthly temperature, but in advance of four weeks. After removing the increasing trend and seasonality in the NDLSI data, the first major mode (27%) is related to the multiple waves of the new confirm cases of corona virus variants. Generally, life/health, digital/home appliance, food, childbirth/childcare shopping products are associated with the waves of the COVID-19 pandemic. While search activities for 241 shopping products are associated with the new confirmed cases of corona virus variants after the first wave, 124 and 190 shopping products are associated after the second and third waves. These changes of the public interest in online shopping products are strongly associated with changes in the COVID-19 prevention policies and risk of being exposed to the corona virus variants. This study highlights the need to better understand changes in social behavior patterns, including but not limited to e-commerce activities, for the next pandemic preparation.

This article examines cyber risk as an emerging risk in the era of rapid digital transformation and AI proliferation, emphasizing its accelerating nature, uncertainty, and insufficient data compared to traditional risks. It proposes a systematic management framework consisting of: (1) establishing standardized definitions and multi-layer classification systems; (2) building comprehensive internal and external cyber risk databases; (3) conducting data-driven assessments via firmographics, quantitative security metrics, and advanced loss modeling; and (4) integrating findings into enterprise-wide decision-making structures. The study highlights the need for specialized cyber risk assessment institutions to strengthen both the supply and demand sides of the underdeveloped Korean cyber insurance market, drawing lessons from advanced markets like the U.S. It concludes that fostering standardized definitions, collaborative data pools, institutionalized detection/reporting mechanisms, and public–private partnerships is essential for enhancing resilience, enabling effective insurance underwriting, and supporting a mature cyber risk management ecosystem.

Conference

This study quantitatively analyzed the socioeconomic value of the main tasks performed by the Korea Fire Insurance Association in a “risk society” where the scope and uncertainty of risks have expanded due to the COVID-19 pandemic and climate change. A total of 26 types of internal and external data were collected and refined for the association's five core functions (safety inspections, consulting, education and promotion, testing and certification, and research and development, as well as fire safety investigations), and statistical analysis was used to calculate the economic effects of each function. The analysis estimated the annual socioeconomic value of the association's overall activities to be approximately 113.495 billion won, with safety inspections accounting for about 85% of the total value. These results demonstrate that the association's existing activities generate significant social benefits and suggest the need for strategies such as enhancing data analysis platforms, developing risk assessment models, and strengthening consulting capabilities to expand its business into the general liability insurance sector and various disaster risk management areas in the future.

This study examines how rising technologies apply to the financial business models amid the current digital transformation facing the financial services industry, and represents digital and cyber operational risk classification with a three-step approach. The study provides better understanding of potential risk scenarios by showing examples of digital and cyber operational loss events. It also investigates theoretical frameworks on how to control extreme digital and cyber risks, and proposes a risk map showing the levels of loss frequency and severity. This study contributes to the discussion of operational risk management as follows: First, it can call the financial industry’s attention to potential digital risks by providing the overall picture of how information technologies leading the digital transformation can apply to the value chain of banking and insurance industries. Second, it can help the industries develop an action plan to construct an enterprise digital risk management system by providing specific classification of digital risk. Third, it can be used as a benchmark for digital and cyber risk analytics by providing an analytical tool to estimate the risk impact with a large scale cyber risk dataset. The current digital transformation of the financial industry is a structural phenomenon, where the value chain is significantly changing and a concern on the role of the industry is rising. Financial firms may be highly exposed to newly emerging risks without any solution or management strategies amid rapid digital transformation to survive in the market. In this regard, this study is in part useful to develop a framework to understand and mitigate such emerging risks.