A specialized electronic payment institution shall formulate proper risk management policies and procedures, and establish independent and effective risk management mechanism, by which to assess and monitor the overall risk bearing capacity, current status of risks already incurred, and to determine the risk response strategies and the compliance framework of the risk management procedures.
The risk management policies and procedures under the preceding paragraph shall be passed by the board of directors and be reviewed and revised in a timely manner.

A specialized electronic payment institution shall establish a risk management unit and regularly submit risk management reports to the board of directors. Upon identifying a significant risk exposure that might adversely affect its financial, or business status, or compliance with applicable acts and regulations, the specialized electronic payment institution shall take immediate and adequate measures and submit a report to the board of directors.
The risk management unit under the preceding paragraph may be replaced by a designated management unit.

The risk management mechanisms of a specialized electronic payment institution shall include the following:
1. Establishing a fraud prevention mechanism to uphold transaction security and better control fraud risk.
2. Establishing the examination and control mechanism for operating procedures and establishing information security mechanism and emergency response plan.
3. Establishing users and contracted institutions management mechanism.
4. Establishing exit mechanism for circumstances when business or finance deteriorates significantly.
5. Establishing users’ funds of payment management mechanism.
6. Establishing users’ and contracted institutions’ identity verification mechanism.
7. Establishing users’ and contracted institutions’ information protection mechanism.
8. Establishing outsourcing management mechanism.
9. Establishing financial consumer protection mechanism.