Article 1
These Regulations are adopted pursuant to Paragraph 3, Article 6 of the Money Laundering Control Act (referred to as the “Act” hereunder).
Article 2
For other financial institutions designated by the Financial Supervisory Commission (“FSC”) that do not have a board of directors (council) established (referred to as the “other FSC-designated institutions), matters to be undertaken by the board of directors (council) as set forth in these Regulations shall be carried out by the executive director who represents the company.
Article 3
The “insurance company” referred to in these Regulations include non-life insurance companies, life insurance companies, and reinsurance companies.
The “other FSC-designated institutions” referred to in these Regulations include insurance agent companies, insurance broker companies and individuals practicing as an insurance agent or broker.
Article 4
Insurance companies, post offices engaging in simple life insurance business and other FSC-designated institutions should assess the money laundering and terrorist financing (ML/TF) risks before launching new products with policy value reserve or cash value or money-related services or new businesses, and establish relevant risk management measures to mitigate the identified risks.
Article 5
With the exception of individuals practicing as an insurance agent or broker, the internal control system of insurance companies, post offices engaging in simple life insurance business and other FSC-designated institution for AML/CFT and any subsequent amendment thereto shall be approved by its board of directors (council). The internal control system shall contain the following particulars:
1. The policies and procedures to identify, assess and manage its money laundering and terrorist financing risks.
2. An AML/CFT program established based on money laundering and terrorist financing risks and business size to manage and mitigate identified risks, which also includes enhanced control measures for higher risk situations.
3. Standard operating procedures for monitoring compliance with AML/CFT regulations and for the implementation of AML/CFT program, which shall be included in the self-inspection and internal audit system, and enhanced if necessary
When insurance companies, post offices engaging in simple life insurance business and other FSC-designated institutions carry out the identification, assessment and management of money laundering and terrorist financing risks mentioned in Subparagraph 1 of the preceding paragraph, the operation should cover at least customers, geographic areas, products and services, transactions, and delivery channels, and be conducted in accordance with the following provisions:
1. Produce a risk assessment report;
2. Risk assessment should consider all risk factors to determine the level of overall risk, and appropriate measures to mitigate the risks;
3. There should be a risk assessment update mechanism in place to ensure that risk data are kept up-to-date.
4. When the risk assessment report is completed or updated, submit the report to the FSC for recordation.
The AML/CFT program mentioned in Subparagraph 2 of Paragraph 1 hereof shall include the following policies, procedures and controls; the AML/CFT program of insurance agent companies, insurance broker companies and individuals practicing as an insurance agent or broker need not include Items 2 and 3 below
1. Verification of customer identity;
2. Watch list filtering of customers and trading counterparties;
3. Ongoing monitoring of transactions;
4. Record keeping;
5. Reporting of currency transactions above a certain amount;
6. Reporting of suspicious money laundering or terrorist financing transactions.
7. Appointment of a compliance officer at the management level to take charge of AML/CFT compliance matters;
8. Employee screening and hiring procedure;
9. Ongoing employee training program;
10. An independent audit function to test the effectiveness of AML/CFT system; and
11. Other matters required by the AML/CFT regulations and the competent authorities
Insurance companies, post offices engaging in simple life insurance business and other FSC-designated institutions shall establish a group-level AML/CFT program for implementation by branches (or subsidiaries) within the group. The AML/CFT program shall include the policies, procedures and controls mentioned in the preceding paragraph, and in addition, the following particulars without violating the information confidentiality regulations of the ROC and countries or jurisdictions at where the foreign branches (or subsidiaries) are located:
1. Policies and procedures for sharing information within the group required for the purposes of customer due diligence and money laundering and terrorist financing risk management;
2. When necessary for AML/CFT purposes, group-level compliance, audit, and AML/CFT functions should be provided with customer and transaction information as well as information on unusual transactions or activities and analysis therefor from foreign branches (or subsidiaries); when necessary, foreign branches (or subsidiaries) can access such information through group management functions; and
3. Adequate safeguards on the confidentiality and use of information exchanged, including safeguard against information leakage.
Insurance companies, post offices engaging in simple life insurance business and other FSC-designated institutions shall ensure that its foreign branches (or subsidiaries) apply AML/CFT measures to the extent that the laws and regulations of host countries or jurisdictions so permit, and those measures should be consistent with those adopted by the head office (or parent company). Where the minimum requirements of the countries where its head office (or parent company) and branches (or subsidiaries) are located are different, the branch (or subsidiary) shall choose to follow the criteria which are higher. However, in case there is any doubt regarding the determination of higher or lower criteria, the determination by the competent authority of the place at where the head office of insurance company, post office engaging in simple life insurance business or other FSC-designated institution is located shall prevail. If a foreign branch (or subsidiary) is unable to adopt the same criteria as the head office (or parent company) due to prohibitions from foreign laws and regulations, appropriate additional measures should be taken to manage the risks of money laundering and terrorist financing, and a report shall be made to the FSC.
For insurance companies, post offices engaging in simple life insurance business and other FSC-designated institutions that have a board of directors (council) established, its board of directors (council) holds the ultimate responsibility for ensuring the establishment and maintenance of appropriate and effective AML/CFT internal controls. The board of directors (council) and senior management of the company/post office/institution should understand its money laundering and terrorist financing risks and the operation of its AML/CFT program, and adopt measures to create a culture of AML/CFT compliance.
Article 6
Insurance companies, post offices engaging in simple life insurance business and other FSC-designated institutions shall be staffed with adequate number of AML/CFT personnel and resources appropriate to the size and risks of its business. Its board of directors (council) shall appoint a senior officer to act as the chief AML/CFT compliance officer and vest the officer full authority in coordinating and supervising AML/CFT implementation and shall ensure that its AML/CFT personnel and the chief AML/CFT compliance officer do not hold concurrent posts that may have a conflict of interest with their AML/CFT responsibilities. A domestic life insurance company shall, in addition, set up an independent, dedicated AML/CFT compliance unit under the president, or the legal compliance unit or risk management unit of the head office. The AML/CFT compliance unit may not handle businesses other than AML/CFT.
For insurance agent companies and insurance broker companies that solicit insurance business but are not subject to the requirement for internal control set forth in Subparagraph 2, Article 2 of the Regulations Governing the Implementation of Internal Control and Audit System and Business Solicitation System of Insurance Agent Companies and Insurance Broker Companies (referred to as the “Implementation Regulations” hereunder), its board of directors (council or delegated responsible unit) shall assign at least one personnel to handle the AML/CFT operation and make sure that such personnel does not hold concurrent posts that may have a conflict of interest with his/her AML/CFT responsibilities. However insurance agent companies shall comply with the provisions of the preceding paragraph regarding the appointment of AML/CFT personnel and officer insurance company with respect to its underwriting and claim settlement operations undertaken on behalf of an insurance company.
The dedicated compliance unit or chief AML/CFT compliance officer mentioned in Paragraphs 1 shall be charged with the following duties:
1. Supervising the planning and implementation of policies and procedures for identifying, assessing and monitoring money laundering and terrorist financing risks.
2. Coordinating and supervising enterprise-wide AML/CFT risk identification and assessment.
3. Monitoring and controlling money laundering and terrorist financing risks.
4. Developing an AML/CFT program.
5. Coordinating and supervising the implementation of AML/CFT program.
6. Confirming compliance with AML/CFT regulations, including the relevant compliance template or self-regulatory rules produced by the trade association the enterprise belongs to and approved by the FSC.
7. Supervising the reporting on transactions suspicious of money laundering or terrorist financing and on the properties or property interests and location of individuals or legal entities designated by the Counter-Terrorism Financing Act to the Investigation Bureau, Ministry of Justice.
8. Other matters related to AML/CFT.
The chief AML/CFT compliance officer mentioned in Paragraph 1 hereof should report to the board of directors (council) and supervisors (board of supervisors) or the audit committee at least semiannually, or whenever a major regulatory violation is discovered.
The foreign business units of an insurance company, a post office engaging in simple life insurance business or an other FSC-designated institution shall be staffed with an adequate number of AML/CFT personnel in view of the number of local branches, and the size and risks of its business, and appoint an AML/CFT compliance officer to take charge of the coordination and supervision of related compliance matters.
The appointment of AML/CFT compliance officer by the foreign business unit of an insurance company, a post office engaging in simple life insurance business or an other FSC-designated institution shall comply with the local regulations and the requirements of the host country. The AML/CFT compliance officer shall be vested with full authority in coordinating and supervising AML/CFT implementation, including reporting directly to the chief AML/CFT compliance officer mentioned in Paragraph 1 and should not hold other posts except for the post of legal compliance officer. If the AML/CFT compliance officer holds other concurrent posts, the foreign business unit should communicate the fact with the local competent authority of the host country to confirm that the holding of other concurrent posts will not result or potentially result in conflict of interest, and report the matter to the FSC for recordation.
Article 7
The domestic and foreign business units of an insurance company, a post office engaging in simple life insurance business or an other FSC-designated institution shall appoint a senior manager to act as the supervisor to take charge of supervising AML/CFT related matters of the business unit, and conduct self-inspection in accordance with relevant rules.
The internal audit unit of an insurance company, a post office engaging in simple life insurance business or an other FSC-designated institution (except for those mentioned in Paragraph 3 hereof) shall audit the following matters and submit audit opinions:
1. Whether the money laundering and terrorist financing risk assessment and the AML/CFT program meet the regulatory requirements and are vigorously implemented; and
2. The effectiveness of AML/CFT program.
Insurance agent companies and insurance broker companies that are not subject to the requirement for internal audit system set forth in Subparagraph 1, Article 2 of the Implementation Regulations and individuals practicing as an insurance agent or broker may undertake matters set out in these Regulations in accordance with the manners and guidelines drafted by the trade association they belong to and approved by the FSC; each member of the trade association should submit regularly its annual AML/CFT audit report to the FSC for recordation through the trade association.
Insurance companies, post offices engaging in simple life insurance business and insurance agent companies or insurance broker companies subject to the requirement for internal control set forth in Paragraphs 1 and 2, Article 2 of the Implementation Regulations shall follow the provisions below with regard to the implementation and statement of internal AML/CFT control:
1. The president of an insurance company or a post office engaging in simple life insurance business should oversee that respective units prudently evaluate and review the implementation of internal AML/CFT control system. The chairman, president, chief auditor (internal auditor) and chief AML/CFT compliance officer shall jointly issue a statement on internal AML/CFT control (see attached), which shall be submitted to the board of directors (council) for approval and disclosed on the website of the insurance enterprise within three (3) months after the end of each fiscal year, and filed via a website designated by the FSC.
2. The president of an insurance agent company or insurance broker company subject to the requirement for internal control set forth in Paragraphs 1 and 2, Article 2 of the Implementation Regulations should oversee that respective units prudently evaluate and review the implementation of internal AML/CFT control system. The chairman, president, internal auditor and chief AML/CFT compliance officer shall jointly issue a statement on internal AML/CFT control (see attached), which shall be submitted to the board of directors (council) for approval and filed in a manner designated by the FSC before the end of April every year.
For the branches of a foreign insurance company, insurance agent company or insurance broker company in Taiwan, the authorized personnel of its head office shall be responsible for matters concerning the board of director or supervisors under these Regulations. The statement mentioned in the preceding paragraph shall be jointly issued by the responsible person and chief AML/CFT compliance officer of the branch in Taiwan as authorized by the head office as well as the officer in charge of audit operation in Taiwan area.
Article 8
Insurance companies, post offices engaging in simple life insurance business and other FSC-designated institutions shall establish procedures for screening and hiring high-quality employees, including examining whether the prospective employee has character integrity and the professional knowledge required to perform their duties.
The chief AML/CFT compliance officer, the personnel of dedicated AML/CFT unit and the AML/CFT supervisor of domestic business units of insurance companies, post offices engaging in simple life insurance business and other FSC-designated institutions shall possess one of the following qualifications in three (3) months after appointment/assignment to the post and the insurance enterprise shall set out relevant control mechanism to ensure compliance with the provisions hereof:
1. Having served as a compliance officer or AML/CFT personnel on a full-time basis for at least three (3) years;
2. For chief AML/CFT compliance officers and personnel of dedicated AML/CFT unit, having attended not less than 24 hours of courses offered by institutions recognized by the FSC, passed the exams and received completion certificates therefor; for the AML/CFT supervisors of domestic business units, having attended not less than 12 hours of courses offered by institutions recognized by the FSC, passed the exams and received completion certificates therefor. But chief AML/CFT compliance officers who also act as legal compliance officer or personnel of dedicated AML/CFT unit who also acts as legal compliance personnel are deemed to meet the qualification requirement under this subparagraph after they have attended at least 12 hours of training on AML/CFT offered by institutions recognized by the FSC; or
3. Having received a domestic or international AML/CFT professional certificate issued by an institution recognized by the FSC.
The chief AML/CFT compliance officer, the personnel of dedicated AML/CFT unit and the AML/CFT supervisor of domestic business units mentioned in the preceding paragraph shall attend not less than 12 hours of training on AML/CFT offered by internal or external training units consented by the chief AML/CFT compliance officer mentioned in Paragraph 1 of Article 6 herein every year. The training shall cover at least newly amended laws and regulations, trends and patterns of money laundering and terrorist financing risks. If the person has obtained a domestic or international AML/CFT professional certificate issued by an institution recognized by the FSC in a year, the certificate may be used to offset the training hours for the year.
The AML/CFT supervisor and the AML/CFT officer and personnel of foreign business units of an insurance company, a post office engaging in simple life insurance business or an other FSC-designated institution shall possess professional knowledge in AML/CFT, be well informed in relevant local regulations, and attend not less than 12 hours of training on AML/CFT offered by foreign competent authorities or relevant institutions every year. If no such training is available, the personnel may attend training courses offered by internal or external training units consented by chief AML/CFT compliance officer mentioned in Paragraph 1 of Article 6 herein.
Insurance companies, post offices engaging in simple life insurance business and other FSC-designated institutions shall arrange appropriate hours of orientation and on-the-job training of suitable contents on AML/CFT every year in view of the nature of its business for its directors (council members), supervisors, president, legal compliance personnel, internal auditors, business personnel and personnel related to AML/CFT operation to familiarize them with their AML/CFT duties and equip them with the professional knowhow to perform their duties.
Individuals practicing as an insurance agent or broker shall attend at least 2 hours of training on AML/CFT a year based on the nature of their business.
Article 9
The FSC may adopt a risk-based approach to appoint officer(s) or entrust other appropriate institutions at any time to examine the implementation of the internal AML/CFT control system of an insurance company, a post office engaging in simple life insurance business or an other FSC-designated institution. The examination may be conducted onsite and offsite.
In carrying out the examination mentioned in the preceding paragraph, the FSC or the entrusted examiner may require an insurance company, a post office engaging in simple life insurance business or an other FSC-designated institution to produce relevant account books, documents, electronic files, or other such materials. The aforementioned materials shall all be provided, regardless whether they are stored in writing, electronic file or email or by any other means, and the examinee may not for any reason circumvent, refuse or obstruct the examination.
Article 10
These Regulations shall enter into force on the date of promulgation.