These Regulations are adopted pursuant to Paragraph 2, Article 25 of the Financial Technology Development and Innovative Experimentation Act.
Financial institutions defined in Subparagraph 1, Article 2 of the Regulations Governing Anti-Money Laundering of Financial Institutions shall comply with the aforementioned Regulations and the provisions of anti-money laundering and countering terrorist financing (AML/CFT) in relevant laws and regulations when they conduct experimentation involving innovative financial technologies (referred to as “innovative experimentation” hereunder), and these Regulations shall not apply.
Applicants shall observe the provisions of these Regulations and the content of the innovative experimentation plan approved by the competent authority to implement AML/CFT measures and describe the implementation status according to the instructions of the competent authority.
Terms used in these Regulations are defined as follows:
1.Beneficial owner” shall mean the natural person(s) who ultimately owns or controls an innovative experimentation participant (referred to as the “participant” hereunder) and/or the natural person on whose behalf a transaction is being conducted, including those persons who exercise ultimate effective control over a legal person or arrangement.
2.Risk-based approach” (RBA) shall mean the applicants should identify, assess and understand the money laundering and terrorist financing (ML/TF) risks to which they are exposed and take appropriate AML/CFT measures commensurate with those risks in order to effectively mitigate them. Based on the RBA, the applicants should take enhanced measures for higher risk situations, and take relatively simplified measures for lower risk situations to allocate resources efficiently, and use the most appropriate and effective approach to mitigate the identified ML/TF risks.
When conducting an innovative experimentation, an applicant shall take due diligence measures on participant in accordance with Articles 3 ~ 5 and monitor transactions and keep relevant records in accordance with Articles 8 ~ 10. An applicant shall file suspicious ML/TF transaction reports to the Investigation Bureau, Ministry of Justice (referred to as “Investigation Bureau” hereunder) in accordance with Article 14.
An applicant shall comply with the following provisions in undertaking due diligence (DD) measures on participants:
1.An applicant shall not accept anonymous accounts or accounts in fictitious names for establishing or maintaining business relationship.
2.An applicant shall undertake DD measures on participants when:
(1)Establishing business relations with any participant;
(2)There is a suspicion of money laundering or terrorist financing; or
(3)The applicant has doubts about the veracity or adequacy of previously obtained participant identification data.
3.The DD measures on participants to be taken by an applicant shall be as follows:
(1)Identifying the participant and verifying that participant’s identity using reliable, independent source documents, data or information. In addition, an applicant shall retain copies of the participant’s identity documents or record the relevant information thereon.
(2)Verifying that any person purporting to act on behalf of the participant is so authorized, identifying and verifying the identity of that person using reliable, independent source documents, data or information. In addition, an applicant shall retain copies of the person’s identity documents or record the relevant information thereon.
(3)Identifying the identity of the beneficial owner of a participant and taking reasonable measures to verify the identity of the beneficial owner, including using the relevant data or information from a reliable source.
(4)Understanding, and in view of the situation, obtaining relevant information on the purpose and intended nature of the business relationship when undertaking DD measures on participants.
4.An applicant shall not establish business relationship with a participant before completing the DD measures on the participant.
5.If an applicant forms a suspicion of money laundering or terrorist financing and reasonably believes that performing the DD process will tip the participant off, the applicant is permitted not to pursue that process and file a suspicious ML/TF transaction report (STR) instead.
If there exists any of the following situations in the DD process, an applicant should decline to establish business relationship or carry out any transaction with the participant:
1.The participant is suspected of opening an anonymous account or using a fake name, a nominee, a shell company or legal person/organization to establish business relationship;
2.The participant refuses to provide the required documents for identifying and verifying his/her identity;
3.Where any person acts on behalf of a participant, it is difficult to check and verify the fact of authorization and identity-related information;
4.The participant uses forged or altered identification documents;
5.The participant only provides photocopies of identification documents; the preceding provision does not apply to businesses of an innovative experimentation where a photocopy or image file of the identification document supplemented with other control measures are acceptable as approved by the competent authority;
6.Documents provided by the participant are suspicious or unclear, the participant refuses to provide other supporting documents or documents provided by the participant cannot be verified;
7.The participant procrastinates in providing supporting identification documents in an unusual manner;
8.The participant is an individual, a legal person or an organization sanctioned under the Terrorism Financing Prevention Act, or a terrorist or terrorist legal person or an organization identified or investigated by a foreign government or an international organization, except for payments made under Article 6 of the Terrorism Financing Prevention Act; or
9.Other unusual circumstances exist in the process of establishing business relationship or conducting transaction and the participant fails to provide reasonable explanations.
The DD measures on participants taken by an applicant shall include ongoing due diligence and comply with the following provisions:
1.An applicant shall apply DD measures to existing participants on the basis of materiality and risk, and conduct due diligence on such existing relationships at appropriate times, taking into account whether and when DD measures have previously been undertaken and the adequacy of data obtained. The aforementioned appropriate times shall include at least:
(1)When it is time for periodic review of a participant scheduled on the basis of materiality and risk; and
(2)When it becomes known that there is a material change to a participant’s identity and background information.
2.An applicant shall conduct ongoing due diligence on the business relationship to scrutinize transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are consistent with the applicant’s knowledge of the participant, its business and risk profile, including, where necessary, the source of funds.
3.An applicant shall periodically review the existing participant records to ensure that documents, data or information of the participant and its beneficial owner(s) collected under the DD process are adequate and kept up-to-date, particularly for higher risk categories of participants.
4.An applicant can rely on previously obtained information and existing records of a participant to undertake identification and verification of the participant’s identity. However, an applicant shall conduct DD measures on participants again in accordance with Article 3 when it has doubts about the veracity or adequacy of the records, where there is a suspicion of ML/TF in relation to that participant, or where there is a material change in the way that the participant’s transaction is conducted or the participant’s account is operated, which is not consistent with the participant’s business profile.
An applicant shall determine the extent of applying DD measures on participants and ongoing due diligence measures under Subparagraph 3 of Article 3 and the preceding article based on a risk-based approach (RBA):
1.For higher risk circumstances, an applicant shall perform enhanced DD measures or ongoing due diligence measures, including adopting at least the following additional enhanced measures:
(1)Obtaining the approval of senior management before establishing a business relationship;
(2)Taking reasonable measures to understand the sources of wealth and the source of funds of the participant. The aforementioned source of funds refers to the substantial source from which the funds generate; and
(3)Conducting enhanced ongoing monitoring of the business dealings.
2.For participants from high ML/TF risk countries or regions, an applicant shall conduct enhanced DD measures commensurate with the risks identified.
3.For lower risk circumstances, an applicant may apply simplified DD measures, which shall be commensurate with the lower risk factors. However simplified DD measures are not allowed in any of the following circumstances:
(1)Where the participants are from or in countries and jurisdictions known to have inadequate AML/CFT regimes, including but not limited to those designated by international organizations as countries or regions with serious deficiencies in their AML/CFT regime, and other countries or regions that do not or insufficiently comply with the recommendations of international organizations on AML/CFT; or
(2)Where there is a suspicion of ML/TF in relation to the participant or the transaction.
An applicant shall establish specific policies and procedures for cross-border wire transfers through a foreign bank or an authorized remittance service provider (referred to as the “entrusted institution” hereunder), including:
1.Gather sufficient publicly available information to fully understand the nature of the entrusted institution’s businesses and to determine its reputation and quality of management, including whether it has complied with the AML/CFT regulations and whether it has been investigated or received any administrative action in connection with ML/TF;
2.Assess whether the entrusted institution has adequate and effective AML/CFT controls;
3.Obtain approval from senior management before establishing business relationships with the entrusted institution;
4.Document the respective AML/CFT responsibilities of each party;
5.For an entrusted institution that is unable to provide the aforementioned information upon the request of the applicant, the applicant shall suspend or terminate business relationship.
6.Provisions of the preceding five subparagraphs also apply when the entrusted institution is a foreign branch (or subsidiary or parent company) of the applicant.
An applicant shall conduct cross-border wire transfers business in accordance with the following rules:
1.Provide required and accurate information on the originator and the beneficiary accompanying the wire transfer, and provide such information immediately upon the request of a court, prosecutor’s office or judicial police offices.
2.Maintain the following required information on the originator and the beneficiary in accordance with Article 11:
(1)The aforementioned originator information shall include: name of the originator, the originator account number where such an account is used to process the transaction (if not available, a unique transaction reference number that permits traceability), and any of the information below:
A.National identity number, passport number or resident certificate identification number;
C.Date and place of birth.
(2)The aforementioned beneficiary information shall include: name of the beneficiary and the beneficiary account number (if not available, a unique transaction reference number that permits traceability).
An applicant shall establish policies and procedures for watch list filtering, based on a risk-based approach, to detect, match and filter whether participants, their beneficial owners or connected parties of the participants are individuals, legal persons or organizations sanctioned under the Terrorism Financing Prevention Act or terrorists or terrorist legal persons or organizations identified or investigated by a foreign government or an international organization.
An applicant shall document its name and account filtering operations and maintain the records for a time period in accordance with Article 11.
An applicant shall establish policies and procedures for transaction monitoring and could utilize information system to assist in the detection of suspicious ML/TF transactions. Those policies and procedures shall be updated periodically.
The transaction monitoring policies and procedures under the preceding paragraph shall include at least the following ML/TF monitoring indicators:
1.The participant applies for conducting transactions which are obviously incommensurate with the identity or income of the participant.
2.After the establishment of business relationship, the applicant reconfirm a transaction with a suspicious participant and discovers that the transaction is denied by the participant, or the identity of the participant is invalid, or the applicant believes based on other evidence or fact that the name of the participant is being used by others without authorization.
3.The transactions is conducted by a participant involved in a special and significant case that is reported by television, press, internet or other media and the transaction is obviously unusual.
4.The participant or transaction counterparty is an individual, a legal person or an organization sanctioned under the Terrorism Financing Prevention Act, or a terrorist or terrorist legal person or an organization identified or investigated by a foreign government or an international organization.
5.Other suspicious ML/TF transactions discovered by the applicant.
The transaction monitoring operations shall be documented and maintained for a time period in accordance with Article 11.
An applicant shall keep records on participant due diligence process, as well as dealings and transactions with participants in hard copy or electronical form and in accordance with the following provisions:
1.An applicant shall maintain all necessary records on domestic and international transactions for at least five years or a longer period as otherwise required by law.
2.An applicant shall keep all records obtained through DD measures, including documents, files, business dealing information and results of any analysis undertaken for at least five years or a longer period as otherwise required by law after the business relationship is ended.
3.Transaction records maintained by an applicant must be sufficient to reconstruct individual transactions so as to provide, if necessary, evidence of criminal activity.
4.An applicant shall ensure that transaction records and DD information will be swiftly made available to the competent authorities when such requests are made with appropriate authority.
An applicant shall establish an AML internal control and audit system based on its ML/TF risks and business size; the system shall contain the following:
1.AML/CFT operations and control procedures.
2.Holding or attending orientation and on-the-job training on AML.
3.Assigning an officer to take charge of coordinating and supervising the implementation of the operations and procedures under Subparagraph 1.
4.Producing and periodically updating ML/TF risk assessment report.
6.Other matters designated by the central competent authority in charge of the relevant industry.
For the implementation of AML/CFT internal control and audit system of an applicant, the competent authority may, at any time, assign staff or entrust an appropriate agency (institution) to conduct an inspection using the risk-based approach. The inspection includes on-site and off-site inspections.
When conducting an inspection in the preceding paragraph, the competent authority or the entrusted inspector may order the applicant to provide related books, documents, electronic data files or other relevant materials. The aforementioned materials, whether stored in hard copy, electronic file, e-mail or any other form, shall be provided, and the applicant may not circumvent, reject or obstruct the inspection for any reason.
An applicant shall file suspicious ML/TF transaction reports (STR) in accordance with following provisions:
1.For a transaction that exhibits irregularities set out in Article 10, an applicant shall complete the review process to determine whether it is a suspicious transaction as quickly as possible and keep the records thereon.
2.Where a review has resulted in a determination that the transaction is suspected of ML/TF, an applicant shall, regardless of the amount of the transaction, promptly file a STR with the Investigation Bureau in a format prescribed by the Bureau within two business days after the report has been approved by the responsible personnel. The same shall apply to attempted transactions.
3.For obviously significant suspicious ML/TF transactions of urgent nature, an applicant should file a report as soon as possible to the Investigation Bureau by fax or other feasible means and follow it up with a written report. The applicant is not required to submit a follow-up written report, provided the Investigation Bureau has acknowledged the receipt of report by sending a reply by fax. In such event, the applicant shall retain the faxed reply.
4.The format of STR and faxed reply mentioned in the preceding two subparagraphs shall be prescribed by the Investigation Bureau.
5.The data reported to the Investigation Bureau and relevant transaction records shall be kept in accordance with Article 11.
These Regulations shall enter into force from the date of promulgation.