Chapter 3 Operations Management
Article 16
An approved institution may not cooperate with or assist any foreign institution in engaging in activities associated with electronic payment business within the territory of the ROC that is not yet approved or registered by the competent authority.
An electronic payment institution that has been approved to cooperate with or assist a foreign institution in engaging in activities associated with electronic payment business within the territory of the ROC shall be deemed as engaging in collecting and making payments for real transactions as an agent provided in Subparagraph 1, Paragraph 1 of Article 4 of the Act and shall undertake operations management under these Regulations.
Article 17
An approved institution that cooperates with or assists a foreign institution in engaging in activities associated with electronic payment business within the territory of the ROC shall comply with the following provisions:
1. Carry out transfer of funds collected/paid as an agent according to the agreement with the customer or the foreign institution without any delay.
2. Funds received from or paid to customers may be settled and cleared in NTD or foreign currency, whereas offshore funds received or paid shall be settled and cleared in foreign currency. When the settlement involves foreign exchange receipts and disbursement or transactions, an approved institution other than a banking enterprise shall mandate a banking enterprise to declare exchange settlement in the name of the mandatory.
3. When paying a customer funds collected on his/her behalf, the funds should be transferred into the said customer's personally owned account in a financial institution or an electronic payment account in the same currency, but the said funds are not allowed to be paid in cash.
4. Establish a customer identity verification mechanism and retain the data obtained in the customer identification process. Such procedure shall apply when a customer changes his/her identity information.
5. Retain necessary customer transaction records, including transaction items, dates, amounts and currencies. Any uncompleted transactions shall comply with the same record procedure.
6. Establish a mechanism for handling customer complaints and dispute settlement.
7. File reports on data and information relating to cooperating with or assisting a foreign institution in engaging in activities associated with electronic payment business within the territory of the ROC in accordance with the requirements of the competent authority and the Central Bank.
The retention period for data obtained in customer identification process referred to in Subparagraph 4 of the preceding paragraph shall be at least 5 years after the contractual relationship with the customer ceases.
The necessary transaction records referred to in Subparagraph 5 of Paragraph 1 shall be retained for at least 5 years after the termination or completion of transaction, or longer, provided longer period of retention is required according to other regulations.
Regulations prescribed pursuant to Paragraph 3 of Article 25 and Paragraph 3 of Article 26 of the Act apply mutatis mutandis to approved institutions with respect to the manner of establishment, process for customer identity verification mechanism, as well as management and scope of data to be obtained in the customer identity verification process provided in Subparagraph 4 of Paragraph 1 hereof, and the scope and method of retaining necessary transaction records provided in Subparagraph 5 of Paragraph 1 hereof.
The approved institution shall adopt suitable identity verification mechanisms for the verification of the customer's personally own account for the services set out in subparagraph 4, Paragraph 1 of Article 4 to verify the consistency of the account holder, in order to confirm that the account belongs to the said customer.
Regulations prescribed pursuant to Article 16 of the Act apply mutatis mutandis to the approved institutions with respect to limits of transaction amount in association with services provided by such approved institutions under Subparagraphs 1 to 4, Paragraph 1 of Article 4 herein.
The regulations in Article 5 of the Rules Governing the Administration of Electronic Payment Business apply mutatis mutandis to the reporting and inquiry of related information to the Joint Credit Information Center as well as other requirements when an approved institution signs or terminates a contract with a domestic recipient customer, but this requirement shall not apply if the approved institution provides services specified in Subparagraph 4, Paragraph 1 of Article 4 to domestic recipient customers.
Article 18
Specialized electronic payment institutions and data processing service providers shall comply with the following provisions as they cooperate with or assist a foreign institution in engaging in activities associated with electronic payment business within the territory of the ROC:
1. Deposit funds received as an agent into a dedicated deposit account which they open with a bank, and accurately record the amounts of funds received and transferred.
2. Declare trust in full or obtain full guarantee from a bank for funds received as an agent.
3. Deposit and safekeep funds received as an agent in a dedicated deposit account without making use of it by any other means or instructing the bank at which they open their dedicated deposit account to make use of it by any other means, but this does not apply to specialized electronic payment institutions that engage in activities under Paragraph 2 of Article 22 of the Act.
4. Post on their website the exchange rates offered by the bank which they use as reference and the names of banks they cooperated with.
Regulations prescribed pursuant to Paragraph 3, Article 17 of the Act apply mutatis mutandis to specialized electronic payment institutions and data processing service providers as they engage in electronic payment business with respect to restrictions on the opening of dedicated deposit account provided in Subparagraph 1 of the preceding paragraph, its management, operating mode and other requirements.
Article 19
When an electronic payment institution provides services under Subparagraph 2, Paragraph 1 of Article 4 herein, it shall ask the foreign institution to establish appropriate mechanisms to ensure its users to be foreign individuals.
Article 20
When an approved institution engages in the service of collection and payment of funds remitted in for real transactions as an agent as specified in Subparagraphs 1 and 2, Paragraph 1 of Article 4 herein, the approved institution may make advances to customers before receiving such funds transferred by foreign institutions, provided the approved institution complies with the following conditions:
1. Not using funds of customers received as an agent as funds for the advances;
2. Confirmed that the customer had delivered or provided the product or service; and
3. Making advances without violating the terms and conditions agreed with the customer on transfer of collected/paid funds.
An approved institution shall comply with the following provisions when making an advance according to the preceding paragraph:
1. The advance shall be made in NTD only.
2. The amount that total balance of advances made deducts the guarantee deposited by the foreign institutions shall not exceed the amount of funds already collected and pending transfer as notified and confirmed by the foreign institutions, which, however, shall be no more than NT$10 million.
3. The term of an advance shall last from the date on which such advance is made to the date on which the approved institution receives the collected fund transferred by a foreign institution, which, however, shall not be longer than fifteen days.
4. An approved institution shall establish risk control procedure to properly assess the advance limit to individual customers as well as control the risk of making advances and the maximum advance amount and ratio made to the same customer. However, restrictions of the maximum advance amount and ratio may be exempted for advances made within the credit limit of the guarantee deposited by foreign institutions for the same customer.
5. An approved institution shall enter into a contract with the customer to agree on the rights, obligations and responsibilities of the parties relating to the fund advance services.
If a customer or foreign institution has any of the situations below, an approved institution shall stop making advances to the customer before the situation is settled:
1. The customer did not pay back the advances that are due.
2. The foreign institution did not transfer the collected funds that should have been transferred.
Specialized electronic payment institutions and data processing service providers engaging in electronic payment business that make advances to customers shall deposit the advance funds into a dedicated deposit account which they open with a bank and treat the funds as funds collected/paid as an agent to carry out related operations. For the aforementioned collected funds transferred by foreign institutions and received by an approved institution, the approved institution may instruct the bank at where its dedicated deposit account is opened to transfer the funds out of the dedicated deposit account without being subject to the provisions in Subparagraphs 2 and 3 of Paragraph 1 and Paragraph 2 of Article 18 herein, provided the bank has confirmed that an advance has been made to the customer.
Paragraphs 1 and 2 hereof do not apply if the approved institution is a bank and extends credit to customers in accordance with the Banking Act.
Article 21
When a specialized electronic payment institution outsources part of its activities associated with electronic payment business under Paragraph 1 of Article 4 herein, it shall comply with the regulations in Article 45 of the Rules Governing the Administration of Electronic payment business.
When a data processing service provider outsources part of its activities associated with electronic payment business under Paragraph 1 of Article 4 herein, the regulations in Article 45 of the Rules Governing the Administration of Electronic payment business apply mutatis mutandis to the said outsourcing scope and procedure.
When a dual-status electronic payment institution or a bank not engaging concurrently in electronic payment business outsources operations in connection with services under Paragraph 1 of Article 4 herein, in addition to the provisions of Article 45 of the Rules Governing the Administration of Electronic Payment Business hereof shall apply to the scope of its outsourcing, the applicable regulations governing outsourcing of operations for its core business shall be followed.
Article 22
The competent authority may at any time dispatch officers or appoint a suitable agency to examine the business, finance or other relevant matters of a data processing service provider in activities under Paragraph 1 of Article 4 herein, or order the data processing service provider to submit financial report, inventory of property, or other relevant information and reports within a specified time period.
When necessary, the competent authority may designate a professional expert or technical personnel to inspect the matters, reports or information subject to examination according to the preceding paragraph, and submit an inspection report to the competent authority. The expenses thus incurred shall be borne by the data processing service provider.
Article 23
Where an approved institution or an approved institution becomes aware that the foreign institution it cooperates with or assists has any of the following situations, the approved institution shall promptly propose a relevant response plan and report to the competent authority:
1. Accumulated loss exceeds one half (1/2) of its paid-in capital.
2. Merger or transferring all or an essential part of business or assets to others.
3. Enter into, amend, or terminate any contract for lease of the company's business.
4. Having the incidence of bounced check due to insufficient funds, being denied services by banks, or having other events that cause loss of good credit standings.
5. Having a litigious, non-litigious event, administrative disposition or administrative lawsuit that has significantly impact on the finance or business of the institution.
6. Having a fraud or material deficiency in internal controls.
7. Having an information security breach that results in damage to the interests of customers or affects the sound operation of the institution.
8. Other significant events that are sufficient to affect the operation or the interests of shareholders.
Article 24
Where an approved institution plans to terminate part or all of related activities set out in Paragraph 1 of Article 4 herein, it shall apply to the competent authority for approval by submitting a plan.
An approved institution that plans to suspend part of related activities set out in Paragraph 1 of Article 4 herein shall apply to the competent authority for approval by submitting a plan, information on the duration of planned suspension and other necessary information. When the approved institution plans to resume business, it shall report in writing to the competent authority for reference in advance.
The plans mentioned in the preceding two paragraphs shall state the following:
1. The reason for the planned termination or suspension; and
2. A concrete description of the handling of existing customers' rights and obligations or alternative methods for providing services.