KLRI : KOREA LEGISLATION RESEARCH INSTITUTE

Ⅰ. Backgrounds and Purposes

▶ The Necessity and Purpose of the Research

○ To ensure the success of regulation, a precise understanding of the background of regulation, namely the practices and culture of regulation, as well as the establishment of the relationship between the government, market, and regulation, is essential before revising the regulatory legal system.

○ There is a need to explore an appropriate combination of legal theory and regulatory theory to ensure the effectiveness of regulatory reform measures.

○ Therefore, the purpose is to introduce not only traditional regulatory theories but also new regulatory theories that are actively discussed in response to the emergence of new technologies/industries. This will include a general overview of legal theories and an exploration of international discussions on the subject.

▶ The Content of the Research

○ Introduction

○ Traditional Regulation and Regulatory Law Theories

○ Flexible Regulation (Responsive Regulation, Principle-based Regulation, Management-based Regulation)

○ Sophisticated Regulation (Risk-based Regulation, Evidence-based Regulation, Regulation Utilizing RegTech)

○ Collaborative Regulation (Meta-Regulation, Self-Regulation, Regulatory Enforcement and Compliance)

○ Implications and Conclusion

▶ The Research Method

○ Literature review is employed as the primary research method to examine recent literature, relevant systems, and specific cases in major countries.

○ Detailed introductions of overseas major theories are provided in context.

○ Subsequently, an ultimate direction check is conducted to assess how regulatory legal systems and theories should evolve from this.

Ⅱ. Major Content 

▶ Traditional Regulatory Theory

○ The concept of regulation can be divided into specific sets of commands (regulation by agreement), all actions undertaken with the intent of the state influencing the market (broad regulation), and all ways of influencing the market or society through market mechanisms, etc. (broadest regulation). In the broad regulation concept, various regulatory means, including the use of economic incentives, are discussed, and the broadest regulation concept implies that regulation can be carried out by various institutions such as companies outside the state, self-regulatory bodies, and voluntary organizations.

○Public Interest Theory views regulation as rational government intervention based on public demand or normative necessity for correcting market failures, with the goal of achieving public interest. In the early stages of regulatory policy, Public Interest Theory provided a justification for regulation.

○ Private Interest Theory understands regulation as a result of the pursuit of interests by interest groups, politicians, or bureaucrats. (1) Stigler or Bernstein, who explained the process of regulatory capture by regulatory agencies in industries they regulate, represent the view that the formation of the regulatory market itself is driven by rent-seeking behavior of interest groups. (2) Wilson's 'Regulatory Politics Theory' typifies and analyzes the factors and interactions of regulatory political situations by categorizing them into the distribution of costs and benefits resulting from regulation.

○ Both Public Interest Theory and Private Interest Theory have limitations in sufficiently explaining the dynamic relationship of the complex regulatory reality. Therefore, in recent years, there has been an  emphasis on the institutional approach focusing on the formal and informal influences on human behavior and decision-making processes.

▶ The Principles and Characteristics of Regulatory Law in the Digital Era

○ Digital Era and Regulatory Law

  - The disparity between reality and regulation has always existed, but with the advent of the digital era, the scale, scope, and intensity of this disparity have deepened. Additionally, as conflicts with stakeholders in related fields increase, the uncertainty of regulation has also heightened.

○ Phenomena and Issues in the Digital Era

 - Regulatory gaps, inadequacies in regulatory application, ambiguity in regulatory application, and regulatory delays encompassing outdated regulation. Conflicts between incumbents and new entrants affected by digital technologies causing regulatory conflicts. Outdated regulatory approaches and practices that negatively perceive positive regulatory practices and proactive discretionary practices. The convergence brought about by digital technologies leads to jurisdictional conflicts among relevant ministries.

○ Principles and Characteristics of Regulatory Law in the Digital Era: The Korean Regulatory Sandbox 

- The Korean Regulatory Sandbox allows businesses to launch new products and services utilizing new technologies under certain conditions (time, place, scale restrictions) for testing and verification without applying all or part of the existing regulations. Originating from the shortcomings of the Temporary Permit and New Product Suitability Certification system in the Convergence Act and the Industrial Convergence Promotion Act, which had strict procedures and took a considerable amount of time, the Regulatory Sandbox was introduced to address these issues. The Regulatory Sandbox operates by sector, with each sector's relevant ministry overseeing its operation. The Regulatory Sandbox primarily focuses on regulatory quick confirmation, temporary permits, and special exemptions, having the legal nature of a patent experimental clause.

○ The Need for Theoretical Formulation for Smarter Regulation in the Digital Era

- While the Regulatory Sandbox has shown some success in addressing phenomena and issues in the digital era, there has been a rush to establish a system to cope with challenges before engaging in theoretical argumentation, discussion, and legal verification through deliberation. Various ministries are competitively producing new legislation to take the lead in the Regulatory Sandbox in their respective fields. In addition to legislative responses, there is a need for theoretical exploration of the principles of regulatory law that align with the digital era, not only in legislative interpretation and application but also in the pursuit of smarter regulatiㅋon, rather than mere relaxation of regulations.

▶ Responsive Regulation

○ Complexity of Responsive Regulation

○ Scope of Application of Responsive Regulation Theory

- Law enforcement agencies can respond to how effectively citizens or businesses regulate themselves before escalating the state's intervention.

 - However, civil society actors can also regulate responsively, and these actors can also respond to the government in a reactive manner.

○ Consistency between Responsive Regulation and Law Enforcement

 - Responsive regulation challenges the 'Rule' presumption that if an action X is taken, regulatory intervention Y should follow.

- Responsive regulation is not designed to maximize consistency in law enforcement, and there are opinions that businesses, being 'rational actors,' should make decisions through consistent law enforcement of regulations, and businesses can be persuaded to comply with the law as 'responsible citizens.'

 - The difficulty arises because the 'consistency' of punishment may result in worse outcomes for future victims, making it a challenging issue for regulatory agencies.

▶ Principle-Based Regulation

○ Significance and Background

 - Principle-based regulation departs from relying on detailed and normative rules and instead relies more on high-level comprehensive rules or principles.

  - The key elements of principle-based regulation are as follows: First, it prioritizes broad-based standards over detailed rules. Second, it emphasizes the achievement of final results rather than specific procedures through outcome-based regulation. Third, it strengthens the responsibility of senior executives within regulated entities regarding regulatory compliance.

 - The trend of introducing principles as a significant part of the regulatory order, without relying solely on detailed normative rules, has been a crucial feature of global financial services regulatory regimes since the 1990s.

○ Advantages and Disadvantages of Principle-Based Regulation

 - Advantages include clearly communicating regulatory objectives to the regulated entities, increasing compliance with regulations by encouraging actions that achieve the objectives. Principles, compared to detailed rules, have a higher durability as norms, providing many advantages for principle-based regulation in addressing significant regulatory issues.

- Disadvantages include the inherent uncertainty of principles, the potential for confusion caused by the proliferation of guidance to give certainty to principles. Concerns about excessive regulation depending on the application pattern of principle-based regulation and the possibility of inducing overcompliance by regulated entities. Also, the transfer of regulatory costs to the private sector during the regulatory application process is mentioned.

○Institutional Premises for the Establishment of Principle-Based Regulation

-For the principle-based regulation system to settle, regulatory authorities need to provide appropriate incentives for regulated entities to innovate in the regulatory application process. Also, optimized regulatory strategies based on the capabilities of various regulatory agencies are necessary.

○ Representative Case of Principle-Based Regulation: UK's 'New customer duty’

- Principle-based regulation, based on the comprehensive rule- making authority of Section 137A of the Financial Services and Markets Act 2000, is specifically regulated in the FCA Handbook formulated by the FCA.

- Rules in the Handbook, including principles, have the same external binding force regardless of whether they are high-level principles. Violating principles makes the entity subject to FCA sanctions. 

○ Impact on Public Law Theories

- [Related to the Rule of Law] The extensive legislative discretion of the UK FCA has taken root. There is expected to be a legal examination of the extent to which the legislative and executive discretion of supervisory authorities can be recognized in the current legal system and a fierce debate during the process of overcoming existing legal theories based on it.

- [Related to Democracy] As principle-based regulation is based on a high level of mutual trust between the regulatory authority and the regulated entity, constant communication is required. Such active communication can contribute to the development of democracy.

○ Implications for South Korea

-While principle-based regulation may be a new and effective regulatory response in the digital era, premature and uniform adoption is neither possible nor desirable. Flexible responses are required depending on the regulatory area and environment.

-Through the theory of principle-based regulation, implications can be found in the shift of regulatory direction from a reactive approach to a preventive one.

-Importantly, the focus should be on how to apply the adopted system rather than adopting principle-based regulation.

▶ Management-Based Regulation

○ Significance and Characteristics

-Management-based regulation is an approach where regulatory agencies engage in regulating by utilizing the knowledge of private entities in specific fields and involving companies in developing internal procedures and monitoring practices to deal with risks.

-In comparison to traditional regulatory approaches, it enhances the capability of companies by imposing responsibility on them. It intends to achieve effects such as cost reduction, increased effectiveness, incentives for continuous innovation attempts, and improved compliance with self-established rules and procedures.

-Because companies are directed to adopt internal procedures and take measures on their own, management-based regulation is intended to be more cost-effective than other regulatory strategies. It can also reduce government regulatory resources related to inspections and compliance regulations and promote compliance by companies.

-Unlike self-regulation, which is voluntary, management-based regulation is a form of mandatory regulation that imposes obligations on companies to perform analysis, planning, and management practices.

○ Application of Management-Based Regulation

-In the United States, evaluations of applications in areas such as pollution prevention, prevention of chemical explosions, food safety assurance, enhancement of security for high-risk facilities, and prevention of marine oil spills have been conducted.

- In South Korea, evaluations of applications have been conducted in the field of industrial safety and food safety.

○ Evaluation and Challenges

- Management-based regulation can shift a significant portion of policy decision-making from the government to the private sector and provide flexibility to companies in regulatory enforcement.

- To ensure that regulated companies can make autonomous choices and decisions faithfully, it is necessary to allow discretionary authority while ensuring appropriate government execution to perform required plans and implement them as needed.

▶ Risk-Based Regulation

○Emergence and Background of the Theory - "Who will define and distribute?"

-Ulrich Beck, in his "World Risk Society," addresses the question of who (who) will define and distribute (how) in the face of the expansion of the scope of risk worldwide due to technological advancements, dissemination, the emergence of global corporations, and more.

-In cases where damage is reasonably expected, efforts for prevention ("Gefahr," danger) are needed. However, even in situations where there is a possibility of risk, which is different from reasonably expected damage, proactive introduction is necessary by evaluating the possibility of damage as a relative ratio (risk ratio).

-This concept is applied to manage the stages of uncertain risks and iscommonly found in various fields such as finance, the environment, food, and legal services.

○ Development Process - UK Financial Market Light Touch Strategy

- In 2000, the UK announced a "light touch" strategy for its financial market, indicating that it would only have minimal contact between New York and London, the core resources of the UK's financial market. However, after the 2008 financial crisis, there was widespread criticism of the failure of risk-based regulation. Key reasons pointed out include the qualitative level of risk assessment, regulatory decisions influenced by cognitive biases, and suggestions for improvements such as enhancing the qualitative level of risk assessment, ensuring transparency, and political support.

- The UK's Centre for Data Ethics and Innovation (CDEI) presented a harmonious interpretation of the value, safety, benefits, and risks of data, assuming GDPR limitations. Specifically, it proposed (1) risk and opportunity analysis and prediction related to the use of data and artificial intelligence, (2) presenting best practices related to the use of data and artificial intelligence, and (3) providing advice to the government as its main missions.

- The European AI White Paper presented means of managing risks at various stages, including Unacceptable Risk, High Risk, Limited Risk, and Minor Risk.

○ Implications of Risk Regulation

- Risks are classified into danger ("Gefahr"), which is a situation where damage is reasonably expected, and risk ("Risiko"), which is a situation with a possibility of damage even if reasonably expected damage is not likely. The focus of discussion lies in possibility ("may happen or to be") and probability ("likely to happen or to be").

-Characteristics of Risk-Based Regulation Concentrate regulatory resources on high risks, conduct regular inspections or self-certifications for low risks, consider the characteristics of risks, the possibility of regulatory compliance by institutions, the characteristics of regulatory agencies, motivation methods, cognitive regulatory frameworks, and the impact of regulation on stakeholders' behavior.

○ Implications for the Digital Age New Order

- There is a need for social consensus on the necessity of regulating risk areas and presenting arguments, especially avoiding the one-size-fits-all application of technology impact assessments and regulatory impact assessments. There is a demand for a shift in regulatory perspectives and approaches, considering administrative resource redistribution and encouraging self-regulation in the service and industry sectors. Additionally, measures such as quality certification systems for low-risk areas, voluntary labeling, and ensuring transparency in information and data management can be encouraged. Dispute resolution systems and discussions on responsibility distribution are also necessary.

  ▶ Evidence-Based Regulation

○Emergence and Background of the Theory – Solving the Challenge of Evidence-Based Regulation

-Addressing the issue that the root cause of the global problem of poverty lies in human behavior, proposing tailored policy alternatives

- OECD Data Insight – Providing a basis for policy decisions

-Pursuing the proof of the effectiveness of policy decisions in modern society, such as technology regulation, environmental regulation, financial regulation, intellectual property rights, monopolies, and food safety

○ Content of the Theory and Overseas Legislative Cases

-Deriving a more rational and desirable regulatory approach based on the best available scientific evidence at the current moment

-The term "evidence-based" was first used in "evidence-based medicine," and it is widely used in various policy decision areas such as evidence-based practice, evidence-based policing, evidence-based education, etc.

○ Implications of Evidence-Based Regulation

- Issues of Evidence Interpretation – The problem of how variables or values are weighted differently, and the combination of cluster human behavior and judgment may result in a significant gap between evidence and policy effects, even if a specific effect is expected scientifically.

-Empirical Limits – Limits of evidence collection: cost of data collection, limits of causation analysis: unclear distinction between correlation and causation depending on the degree of causation, limits of generalization: using past statistics for future policy decisions, limits of execution: social acceptability, limits of executive resources.

-Limits of Systematization – Determining priorities among evidence, limits of systematic evidence evaluation, empirical feasibility assessment of regulatory impact assessment

○ Application Cases

-Introduction of the Basic Administrative Regulation Law and the Realistic Limits of Regulatory Impact Analysis – The regulatory impact assessment system is regulated only in government legislation, and the system of regulatory impact analysis faces practical difficulties in assessing the real costs and benefits.

-Establishment and Implementation of Evidence-Based COVID-19 Prevention Policies in 2020 – After the outbreak of COVID-19 in 2020, the continuous crisis of the spread of infectious diseases required the establishment of policies for (1) appropriate distribution of medical resources, (2) prevention of infectious disease spread, and (3) promotion of vaccination. The policy-making process required scientific evidence. Technologies such as mobile phone tracking, separate applications, social media, and examination records were continually generated and utilized. These technologies were also used for policies like social distancing and predicting the number of confirmed cases.

- Legislative Measures for the Spread of Evidence-Based Regulation – Public Data Act, Data-Based Administration Act

○ Implications for the New Order in the Digital Age

- Ensuring the effectiveness of policy execution, securing social trust

-Widely used in healthcare legislation, environmental legislation, financial legislation, etc.

-The need for systematized research has increased to establish principles for using and sharing data, improve data compatibility technology, and enhance accessibility to data.

▶ Using RegTech for Regulation

○ Background

-RegTech (Regulatory Technology) is an abbreviation for 'regulation technology,' referring to the use of technology, especially information technology (IT), for regulation monitoring, reporting, and compliance. It emerged after the 2008 global financial crisis, driven by increased regulatory requirements, the development of data science, and incentives for minimizing regulatory compliance and supervision costs.

○ Content of RegTech and Overseas Legislative Cases

- RegTech operates by combining vast amounts of data generated by corporate activities with the rules specified in legal language, i.e., regulatory norms, to verify compliance and automatically generate reports.

-RegTech contributes to the efficiency of regulatory compliance by reducing compliance costs and risks associated with human errors. It can also function as a means of implementing evidence-based regulation and risk-based regulation by supporting decision-making using data. However, concerns exist about the potential misuse of RegTech for regulatory evasion purposes, the opacity of technology used in decision-making, and risks related to cybersecurity.

-In the UK, the Financial Conduct Authority (FCA) has established a data strategy, including the Digital Regulatory Reporting initiative, aimed at innovating financial regulatory compliance using data and advanced analytics. The initiative progresses through three stages to establish the basic requirements for machine-readable and machine-executable regulatory creation.

○ Implications for Regulatory Governance

-The adoption of RegTech requires close collaboration between regulatory agencies and industries. Successful collaboration in RegTech governance requires cooperation among various stakeholders, including RegTech technology providers, legislative bodies, academia, etc. Sufficient incentives for RegTech governance collaboration must be in place.

○ Implications for Norm Compliance and Execution

-RegTech is introduced to enhance regulatory compliance and supervision efficiency. Advanced RegTech has the characteristic of "real-time," contributing to proactive, adaptive, insight-based regulation through a responsive principles-based approach. In other words, compliance with norms and supervisory checks can occur in real-time.

○ Impact on Public Law Theory

-The introduction of RegTech is expected to enable a proportionate risk-based approach. However, challenges include potential legislative infringements due to norm codification, lack of consideration of ethical values or constitutional principles in the norm interpretation process, and issues related to decision-making responsibility and transparency.

○ Domestic Cases

-In South Korea, the Financial Supervisory Service (FSS) established the RegTech Development Forum in 2018. The FSS has been promoting a pilot project for Machine-Readable Regulation, where IT systems convert financial regulations into machine-readable language, understand them, extract relevant data, and generate reports for submission to supervisory authorities. Additionally, initiatives like the introduction of a system to prevent violations of the Foreign Exchange Transaction Act and the development of AI algorithms for preventing loan fraud and voice phishing have been implemented to actively use new technologies for financial consumer protection.

○ Implications for the New Order in the Digital Age

-RegTech is expected to have a significant impact on decision- making processes in regulatory agencies and regulated industries in the digital age. Its future application is anticipated not only in the financial sector but also in various fields such as law enforcement, environmental regulation, healthcare, transportation, etc.

-To maximize the utility of RegTech, precautions must be taken regarding cybersecurity, data security, and privacy protection. Collaboration between various governance entities, including IT experts and legal professionals, is essential. Recognizing the importance of human judgment in the final decision-making process, a supervisory system for the use of RegTech needs to be established.

▶ Changes in Regulatory Environment and Regulatory Approaches: Shift towards Process-oriented Collaborative Regulation

○ Responding to the Limits of the Regulatory Environment

- The regulatory environment is influenced by limitations in regulatory resources such as human resources and financial resources. Regulatory agencies respond to these resource constraints by diversifying their approaches in terms of the regulatory process, execution, and stakeholders.

- There is a need to redefine the relationship between administration and society in response to changes in the regulatory environment.

○ Changes in Regulatory Approaches due to the Redefinition of the Relationship between Administration and Society

- Traditional command and control regulation, relying on orders and control, reveals its limitations in the face of societal changes.

- In an attempt to overcome the limitations of command and control regulation, self-regulation emerged as a new regulatory approach. However, successful operation of self-regulation requires certain prerequisites such as the establishment of corporate social responsibility and the improvement of the liability system in civil and criminal law.

- To address the shortcomings of self-regulation, consideration needs to be given to the adoption of 'enforced self-regulation,' where cooperative self-regulation or state control is enforced.

  ▶ Meta-Regulation

○ Meaning and Characteristics

- Meta-regulation is an approach where different forms of regulation regulate each other. Regulatory agencies encourage and facilitate organizations to progressively improve internal control efficiency. It is a learning-oriented regulatory model that continuously evaluates and readjusts regulatory strategies based on self-experience.

- While similar to self-regulation in granting considerable discretion to the regulated entities, meta-regulation differs by urging and recommending or obligating regulated entities to solve problems on their own and create their rules.

○  Application

- Evaluation has been conducted in the United States regarding the reduction of toxic substances or chemicals.

○ Evaluation and Challenges

- Meta-regulation serves as a procedural-oriented regulation, addressing the limitations of traditional outcome-oriented normative regulations. It allows governments to maintain authority while utilizing the self-regulatory capabilities within the regulated entities.

-Balancing conflicting demands for the need for regulation and encouraging active cooperation from regulated entities is crucial. Ensuring that regulated entities exercise discretion in a manner consistent with public regulatory objectives rather than private interests is essential.

-Coordination of conflicting requests for the necessity of regulation and encouragement of active cooperation from regulated entities is necessary. Ensuring that regulated entities exercise discretion in a manner consistent with public regulatory objectives rather than private interests is essential.

▶ Self-Regulation

○ Background of the Emergence of Self-Regulation

-The transition to "new governance" can explain the background of self-regulation as a change in the diversified phenomenon of regulatory

subjects beyond the traditional regulatory subject of the state in traditional governance. Alternatively, the emergence of decentered regulation, where regulation is not state-centric, can be another explanation.

-The decentered understanding of regulation is explained by the fragmentation of knowledge, deepening information asymmetry, fragmentation of power and its control, increased autonomy of social actors, increased complexity of interaction and interdependence between social actors and the government, the breakdown of distinctions between public and private, the threat to formal authority, and a transition to hybrid, indirect, and multifaceted regulation.

○ Significance of Self-Regulation

-One significant feature of modern state regulation is the diversification of regulatory subjects involved in creating and executing regulations. Traditional regulation limited regulatory subjects to administrative authorities as the necessary conceptual element. However, to discuss self-regulation within the framework of regulatory law, it is necessary to proactively redefine the concept of "regulation."

-Julia Black, in order to reveal the expanding meaning of regulation, poses five questions related to various meanings/applications of regulation: ① What is 'regulation'? ② Who or what performs this regulation? ③ How is regulation carried out? ④ In what domain or field does regulation take place? ⑤ Through what mechanisms, means, or techniques is regulation performed?

- Applying Black's criteria, the scope of 'regulation' could be very broad. However, regulatory law does not assume the dismantling of the public-private distinction even in this narrowed definition of regulation. In summary, if regulation is considered synonymous with law, and law, according to the traditional understanding that law should be created by the legislative branch delegated by the general public, the concept of self-regulation, which introduces a regulatory force that affects not only the public sphere but also the private sphere, is difficult to accept.

○ Controversies related to Self-Regulation

- [Principle-based Regulation and Self-Regulation] Does principle- based regulation always accompany self-regulation? While the two regulatory systems can coexist, they are not necessarily always combined.

-[Self-Regulation and Administrative Guidance] Government intervention or participation in self-regulation should be indirect and retrospective. In encouraging and promoting autonomous regulation, indirect & retrospective government intervention can be understood as a dimension of encouraging autonomous regulation. However, when self-regulation does not function properly, retrospective intervention becomes possible. In this case, indirect government intervention is linked to administrative guidance.

○ Implications

-Julia Black suggests that meaningful discussions on self-regulation are only possible when the distinction between public and private law becomes meaningless. However, in today's context, where values of 'democracy' and 'rule of law' are still important, excluding the government from 'self-regulation' is an empty discussion.

- Therefore, discussions on self-regulation should be concretized as debates on how markets or the private sector can participate in the government's regulatory mission, in what scope, and in what forms and methods.

▶ Compliance

○ Concept and Significance of Compliance

- Compliance can be defined as 'to follow' or 'to adhere to.' The scope of compliance includes not only explicit legal norms but also the ethics and policies formalized by companies. Compliance serves the function of suppressing illegal activities within a company, regulating them internally when violations occur, and providing a method for reporting.

○ Background of the Emergence of Compliance

- Compliance originated from scandals in the economic sector. Risks or illegalities in areas such as fair trade, finance, corruption scandals, environmental issues often lead to regulations addressing these problems. As regulations increase and become more complex, there is a growing demand for new methods to ensure that companies and their employees comply with regulations. Compliance evolved from initially being voluntary, informal, and relatively simple self-regulation to formalized and structured corporate compliance.

○ Contents of Compliance Programs

-The primary goal of a compliance program is the prevention of violations. It also has the function of detecting violations that have already occurred. Risk analysis and investigation are conducted accordingly. The results of risk analysis and investigation lead to the systematic implementation of appropriate measures by the company.

○ International Legalization Cases

-Compliance programs have been formalized in some cases (e.g., Section 29 of the German Insurance Supervision Act), while in other cases, companies voluntarily operate them based on their own interests. Some cases indirectly force compliance operations by imposing compliance obligations on boards of directors (e.g., Section 76 of the German Commercial Code) or regulating necessary supervisory measures to prevent violations (e.g., Section 130 of the German Act on Regulatory Offences). In the United States, sentencing guidelines explicitly mention the factors that affect the imposition of penalties, emphasizing the role of effective compliance programs in the decision-making process regarding prosecution and negotiation with prosecuting authorities.

○ Domestic Legalization Cases

- In South Korea, discussions on the introduction of compliance systems were active after the 1997 IMF financial crisis and were first preemptively introduced in the financial sector. The Bank Act was amended in January 2000, establishing provisions related to internal control standards and making it mandatory for banks to appoint compliance officers. The Commercial Act also includes provisions on setting compliance control standards and appointing compliance support personnel. The Fair Trade Act introduced a voluntary compliance program, which, when evaluated by the Fair Trade Commission, is used as a basis for mitigation of corrective measures, fines, etc. The compliance scope is expanding in the E.S.G. sector as companies build and operate compliance systems by segment or establish an 'E.S.G. Risk Management System.'

○ Implications for Regulatory Governance

- Implications of Compliance for Regulatory Governance suggest a shift in paradigms from the state-centric, top-down, sanction- centered concept of law developed after World War II and the economic depression. In the early 21st century, against the backdrop of global competition, changes in market organization patterns, and a decrease in the willingness of governments to directly intervene, modern legal thinking and practices have given rise to a new paradigm, governance, 

  which combines recent developments in political economy and advances in legal and democratic theories. The United States, in particular, interprets the structure of compliance as a trend towards negotiated governance, providing a greater governance role to both the regulated and other stakeholders.

○ Functions and Success Factors of Compliance Programs

- The introduction of a compliance program does not automatically prove its effectiveness. Many companies use compliance programs as a defense mechanism for responsibility. However, this is not justified under current legal conditions. The success of a compliance program depends on how persuasively and trustworthily the top management convinces and embeds compliance as a central component of corporate culture in a sustainable manner.

○ Implications for the New Order in the Digital Age

- In the digital age, new challenges such as security risks, legal risks, and risk factors not regulated by law are emerging in various aspects of corporate operations. To address these threats, compliance tools utilizing digital technology are being applied in actual business settings. For example, employee education software or other e-learning products are used, and process tools provide checklists, analysis, and monitoring tools for potential issues in business processes. Governance, Risk, and Compliance (GRC) applications can comprehensively consider legal, financial, and reputational risks. Applying chatbots and artificial intelligence to internal whistleblower systems or incorporating regtech technology into compliance areas are also possibilities. The direction of compliance in the digital age presupposes that the top management recognizes the obligation of legal control, takes responsibility for the company's digital infrastructure in line with the digital age, and resolves digital compliance issues by appointing a Chief Digital Officer (CDO) or delegating digital compliance responsibilities to a dedicated practitioner.

Ⅲ. Expected Effects

  ▶ Suggestions for Institutional Improvement in Response to Changes in Regulatory Approaches

○ Acceptance of Flexible Regulations

-Recognizing the need for more effective means to achieve ultimate regulatory goals through flexible regulations.

-Emphasizing the achievement of regulatory results rather than focusing solely on compliance with principle-based regulations.

- Acknowledging the importance of incorporating corporate regulatory execution management into the regulatory framework in accordance with the concerns of management-based regulations.

○ Systematization of Sophisticated Regulation

- The concept of risk management implies avoiding unconditional legalregulation in favor of implementing differential regulations based on the intensity of risks. It is necessary to explore various intervention methods that correspond to lower levels of risk.

-Despite the limitations of evidence-based regulation, attention is drawn to the institutionalization of mechanisms that enhance the use of evidence, such as regulatory impact analysis and data utilization.

-RegTech technologies can serve as efficient means of regulatory execution while providing substantive meaning to streamlined regulations.

○ Systematization of Collaborative Regulation

-The operation of regulations through private cooperation has become indispensable in today's context. While theories of self-regulation focus on private self-regulation, they paradoxically prompt reflections on the role of regulatory agencies in collaborative governance.

-Meta-regulation also emphasizes the 'meta' dimension of functions that enable regulatory agencies to facilitate effective self-regulation.

-The role of the private sector in regulatory execution can be understood within the framework of compliance systematization. The programming of compliance systems normalizes private regulatory compliance as part of daily business activities, internalizing norms.

○ Implications for Regulatory Improvement

- Acknowledging the inevitability of flexible regulations and institutionalizing measures to alleviate their adverse effects.

- Recognizing that the regulatory process is a problem-solving process, and institutionalizing measures that enhance mutual understanding between regulators and the regulated.

-Encouraging institutional measures that induce the voluntary manifestation of private capabilities.

- Enhancing the utilization of data to ensure accurate regulations.

-Institutionalizing measures that link regulation, execution, and sanctions organically to facilitate compliance.

-Fostering greater interest in the private sector's role in the regulatory execution process.

▶ Points for Improving Practical Systems

○Supplementary Measures for Administrative Regulation Basic Law Regarding Regulatory Principles

-Exploring the declaration and concretization in the Administrative Regulation Basic Law and other laws of principles related to regulatory governance, desirable administrative culture, and participation in regulatory execution.

○Improving Legislation in the Digital-Centric New Industry and Technology

-Increasing uncertainty and inducing spontaneity, as raised in the theories above, are core considerations in the regulation of new industries and technologies.

- Examining the diffusion of regulatory sandbox models in the context of the theories presented, assessing the premises under which the sandbox model is accepted as an exceptional institution, and determining its potential general applicability.

-Actively adopting RegTech requires establishing legal grounds in individual laws to ensure the efficiency of regulatory execution and prevent violations of fundamental rights such as privacy.

-Beyond the portrayal of phenomena in regulatory culture, continuous institutional considerations are needed to enable shared understanding levels among regulators and the regulated in the regulatory context.