Opinion
The Amendment to the Korean Commercial Act and Risk Infrastructure: A New Paradigm for Corporate Governance
Jin-Kook Kim Partner, Samil PwC
1. Background and Key Features of the Korean Commercial Code Amendment
The 2025 amendment to the Korean Commercial Act constitutes the most significant revision in over a decade, marking a pivotal inflection point for Korean corporate governance.
The amendment’s principal objectives are to reinforce shareholder rights, enhance board oversight, protect minority shareholders, and strengthen management accountability.
Key reforms include the introduction of mandatory hybrid shareholders’ meetings for large listed companies (effective 2027 for companies with assets exceeding KRW 2 trillion), the expansion of cumulative voting, changes to the election process for audit committee members (including the uniform application of the Aggregate 3% Rule and expanded separate elections), and the broadening of directors’ duty of loyalty. Notably, the term “outside director” has been replaced with “independent director,” with strengthened independence criteria. Companies with assets over KRW 2 trillion are already required to have a majority of independent directors, while those with less than KRW 2 trillion must now ensure that at least one-third of the board consists of independent directors, up from the previous one-fourth requirement. The expanded duty of loyalty is immediately applicable to all corporations, requiring directors to act in the interests of both the company and all shareholders, and to treat all shareholders equitably.
2. The Need for Enhanced Risk Infrastructure and Internal Controls
In light of the Korean Commercial Act amendment, companies must move beyond mere formal compliance and establish robust, substantive risk infrastructure. As recent domestic and international cases have demonstrated, boards and management that make decisions without sufficient information or procedural legitimacy expose their companies to significant financial and reputational risks.
Integrated risk management (covering not only financial reporting but also operational and regulatory compliance), cybersecurity (including personal data protection), internal audit frameworks, oversight of overseas subsidiaries, transparent disclosure, and clearly defined organizational roles and authorities serve as the foundation for trust-based governance (“Trust Infrastructure”).
To ensure the effectiveness of such infrastructure, companies should establish clear governance structures, conduct comprehensive risk assessments and responses, ensure the actual operation of internal control systems, promptly report and address findings, and foster an ethical and transparent organizational culture. True risk resilience is achieved not through box-ticking, but by embedding genuinely effective processes and culture.
Global case studies reveal that when boards and management make decisions without adequate information or when internal controls are merely formalities, the consequences can be severe—ranging from substantial losses and legal liabilities to reputational damage. Accordingly, companies must elevate their internal control and risk management systems beyond regulatory compliance to ensure genuine effectiveness.
3. The Serious Accidents Punishment Act and Risk Infrastructure Implications
The Serious Accidents Punishment Act, effective since 2022, imposes a duty of safety and health on management and holds them criminally liable in the event of a serious accident. With the Korean Commercial Act amendment strengthening directors’ duties of loyalty and oversight, the establishment of infrastructure to ensure compliance with the Serious Accidents Punishment Act has become even more critical.
In the event of a serious accident, if management cannot demonstrate “adequate information gathering, investigation, and review” or the “proper operation of internal control systems,” they cannot escape legal liability. Companies must now systematically identify and manage all major risks—including safety and health risks—and ensure that both the board and management are directly involved in building the necessary culture and systems. This is essential not only for compliance with the Serious Accidents Punishment Act but also for corporate sustainability and the maintenance of social trust.
4. Future Tasks and Implications
Further amendments to the Korean Commercial Act and the Financial Investment Services and Capital Markets Act are expected to continue the trend of strengthening shareholder rights and minority shareholder protection, codifying the business judgment rule, mandating treasury stock cancellation, and enhancing disclosure obligations. To proactively respond to these regulatory changes, companies face several key tasks:
· Advancement of Board Policies and Processes
Enhance transparency and accountability in board operations by ensuring the provision of sufficient information, documenting discussions and objections, and substantiating that decisions are made on an informed basis (due care).
· Effective Operation of Risk Management and Internal Control Systems
Secure systematic risk response capabilities through quality assessments aligned with international internal audit standards, integrated risk management, and strengthened ESG linkages.
· Responding to Evolving Risks in a Changing Business Environment
Address the increasing sensitivity to risks such as the proliferation of AI and cybersecurity threats, as well as uncertainties arising from global business expansion, recognizing that the nature and magnitude of risks are continuously evolving.
Ultimately, for companies to achieve sustainable growth amid new regulatory environments—such as the amended Korean Commercial Act, the Serious Accidents Punishment Act, and the advent of AI—it is essential to build and operate genuinely effective risk infrastructure and internal controls, not just formal systems. This should be recognized not as a simple expenditure, but as a strategic investment that enhances corporate value and trust.
[Contact Us]
Please contact to the email below if you have any questions.
sh.moon@hyundai.com (Accounting Policy Team Seonghoon Moon Manager)
This newsletter has been sent for executives and employees to comply with K-SOX training obligation under the Korean External Audit Act (Enforcement Decree Article 9)
