Regulations Governing Internal Audit and Internal Control System of Anti-Money Laundering and Countering Terrorism Financing of Securities and Futures Business and Other Financial Institutions Designated by the Financial Supervisory Commission
2018-11-09
手機睡眠
語音選擇
Article 1
These Regulations are adopted pursuant to Article 6, paragraph 3 of the Money Laundering Control Act ("the Act").
Article 2
The "securities and futures business" referred to in these Regulations include securities firms, securities investment and trust enterprises, securities finance enterprises, securities investment consulting enterprises, securities central depository enterprises, and futures commission merchants.
The "other financial institutions designated by the Financial Supervisory Commission (FSC)" referred to in these Regulations include futures trust enterprises, managed futures enterprises, and leverage transaction merchants.
The "other financial institutions designated by the Financial Supervisory Commission (FSC)" referred to in these Regulations include futures trust enterprises, managed futures enterprises, and leverage transaction merchants.
Article 3
Securities and futures business and other financial institutions designated by the FSC launching new products or services or engaging in new business practices shall assess the money laundering or terrorism financing risks that may arise in relation thereto, and establish relevant risk management measures to mitigate those identified risks.
Article 4
The internal control system for anti-money laundering and countering the financing of terrorism (AML/CFT) of securities and futures business and other financial institutions designated by the FSC, and any amendments to that internal control system, shall be approved by the board of directors. The content of the system shall include the following matters:
1.The policies and procedures for identifying, assessing, and managing the business or institution's money laundering and terrorism financing risks.
2.AML/CFT programs adopted based on its money laundering and terrorism financing risks, and the scale of its business, in order to manage and mitigate those identified risks, and to adopt enhanced control measures on items with higher risks.
3.Monitoring and control measures for compliance with AML/CFT laws and regulations, and the standard operating procedures for implementing the AML/CFT programs, which shall be incorporated into its self-audit and internal audit items, and enhanced if necessary.
The identification, assessment, and management of the money laundering and terrorism financing risks, as mentioned in subparagraph 1 of the preceding paragraph, shall cover at least customers, geographic areas, products and services, transactions, or payment and delivery channels, and shall be conducted in accordance with the following rules:
1.Produce a risk assessment report.
2.Consider all risk factors to determine the level of overall risk, and appropriate measures to mitigate the risks.
3.Have a risk assessment update mechanism in place to ensure that risk data are kept up-to-date.
4.Upon the completion or updating of a risk assessment report, submit the risk assessment report to the FSC for recordation.
The AML/CFT programs, as mentioned in subparagraph 2 of paragraph 1 shall include the following policies, procedures, and control mechanisms:
1.Customer due diligence.
2.Checking of names of customers and trading counterparties.
3.Ongoing monitoring of accounts and transactions.
4.Record keeping.
5.Reporting of currency transactions above a certain amount.
6.Reporting of transactions that are suspected of money laundering or terrorism financing.
7.Appointment of a compliance officer at the management level in charge of AML/CFT compliance matters.
8.Employee screening and hiring procedures.
9.Ongoing employee training programs.
10.An independent audit function to test the effectiveness of the AML/CFT mechanisms.
11.Other matters required by the AML/CFT laws and regulations and the FSC.
In the case of securities and futures business and other financial institutions designated by the FSC that have branches (or subsidiaries), the business or institution shall establish a group-level AML/CFT program, to be implemented in the branches (or subsidiaries) within the group. The program shall include the policies, procedures and controls mentioned in the preceding paragraph, and in addition, the following particulars, without violating the information confidentiality laws and regulations of Taiwan and of the countries or jurisdictions where foreign branches and subsidiaries are located:
1.Policies and procedures for sharing information within the group as required for the purposes of customer due diligence, and money laundering and terrorism financing risk management.
2.For AML/CFT purposes, when necessary, branches (or subsidiaries) may be required to provide customer, account, and transaction information, as required under the group-level compliance, audit, and AML/CFT functions. This shall include information and analysis of unusual transactions or activities. When necessary, branches (or subsidiaries) also may be enabled to receive such information from these group-level functions.
3.Safeguards on the use and confidentiality of information exchanged, including safeguards to prevent tipping-off.
Securities and futures business and other financial institutions designated by the FSC shall ensure that their foreign branches (and subsidiaries) apply AML/CFT measures, to the extent that the laws and regulations of the host countries or jurisdictions so permit, consistent with those implemented by the head office (or parent company). Where the minimum requirements of the countries where the business or institution's head office (or parent company) and branches (or subsidiaries) are located are different, the branch (or subsidiary) shall follow the criteria which are higher. However, in case there is any doubt regarding the determination of higher or lower criteria, the determination by the competent authority of the place where the head offices (or parent companies) of the securities and futures business and other financial institutions designated by the FSC are located shall prevail. If a foreign branch or subsidiary is unable to adopt the same criteria as the head office (or parent company) due to prohibitions of foreign laws or regulations, appropriate additional measures should be taken to manage the risks of money laundering and terrorism financing, and a report shall be made to the FSC.
The boards of directors of securities and futures business and other financial institutions designated by the FSC shall bear ultimate responsibility for ensuring the establishment and maintenance of an appropriate and effective internal control system for AML/CFT. The board of directors and senior management should understand the money laundering and terrorism financing risks and the operation of the AML/CFT programs, and adopt measures to create a culture of AML/CFT compliance.
1.The policies and procedures for identifying, assessing, and managing the business or institution's money laundering and terrorism financing risks.
2.AML/CFT programs adopted based on its money laundering and terrorism financing risks, and the scale of its business, in order to manage and mitigate those identified risks, and to adopt enhanced control measures on items with higher risks.
3.Monitoring and control measures for compliance with AML/CFT laws and regulations, and the standard operating procedures for implementing the AML/CFT programs, which shall be incorporated into its self-audit and internal audit items, and enhanced if necessary.
The identification, assessment, and management of the money laundering and terrorism financing risks, as mentioned in subparagraph 1 of the preceding paragraph, shall cover at least customers, geographic areas, products and services, transactions, or payment and delivery channels, and shall be conducted in accordance with the following rules:
1.Produce a risk assessment report.
2.Consider all risk factors to determine the level of overall risk, and appropriate measures to mitigate the risks.
3.Have a risk assessment update mechanism in place to ensure that risk data are kept up-to-date.
4.Upon the completion or updating of a risk assessment report, submit the risk assessment report to the FSC for recordation.
The AML/CFT programs, as mentioned in subparagraph 2 of paragraph 1 shall include the following policies, procedures, and control mechanisms:
1.Customer due diligence.
2.Checking of names of customers and trading counterparties.
3.Ongoing monitoring of accounts and transactions.
4.Record keeping.
5.Reporting of currency transactions above a certain amount.
6.Reporting of transactions that are suspected of money laundering or terrorism financing.
7.Appointment of a compliance officer at the management level in charge of AML/CFT compliance matters.
8.Employee screening and hiring procedures.
9.Ongoing employee training programs.
10.An independent audit function to test the effectiveness of the AML/CFT mechanisms.
11.Other matters required by the AML/CFT laws and regulations and the FSC.
In the case of securities and futures business and other financial institutions designated by the FSC that have branches (or subsidiaries), the business or institution shall establish a group-level AML/CFT program, to be implemented in the branches (or subsidiaries) within the group. The program shall include the policies, procedures and controls mentioned in the preceding paragraph, and in addition, the following particulars, without violating the information confidentiality laws and regulations of Taiwan and of the countries or jurisdictions where foreign branches and subsidiaries are located:
1.Policies and procedures for sharing information within the group as required for the purposes of customer due diligence, and money laundering and terrorism financing risk management.
2.For AML/CFT purposes, when necessary, branches (or subsidiaries) may be required to provide customer, account, and transaction information, as required under the group-level compliance, audit, and AML/CFT functions. This shall include information and analysis of unusual transactions or activities. When necessary, branches (or subsidiaries) also may be enabled to receive such information from these group-level functions.
3.Safeguards on the use and confidentiality of information exchanged, including safeguards to prevent tipping-off.
Securities and futures business and other financial institutions designated by the FSC shall ensure that their foreign branches (and subsidiaries) apply AML/CFT measures, to the extent that the laws and regulations of the host countries or jurisdictions so permit, consistent with those implemented by the head office (or parent company). Where the minimum requirements of the countries where the business or institution's head office (or parent company) and branches (or subsidiaries) are located are different, the branch (or subsidiary) shall follow the criteria which are higher. However, in case there is any doubt regarding the determination of higher or lower criteria, the determination by the competent authority of the place where the head offices (or parent companies) of the securities and futures business and other financial institutions designated by the FSC are located shall prevail. If a foreign branch or subsidiary is unable to adopt the same criteria as the head office (or parent company) due to prohibitions of foreign laws or regulations, appropriate additional measures should be taken to manage the risks of money laundering and terrorism financing, and a report shall be made to the FSC.
The boards of directors of securities and futures business and other financial institutions designated by the FSC shall bear ultimate responsibility for ensuring the establishment and maintenance of an appropriate and effective internal control system for AML/CFT. The board of directors and senior management should understand the money laundering and terrorism financing risks and the operation of the AML/CFT programs, and adopt measures to create a culture of AML/CFT compliance.
Article 5
Securities and futures business and other financial institutions designated by the FSC shall appoint an adequate number of AML/CFT personnel appropriate to the size and risks of the business. The board of directors shall appoint one senior officer to serve as the chief AML/CFT officer and vest the officer with full authority in coordinating and monitoring AML/CFT implementation, and ensure that the aforementioned AML/CFT personnel and the chief AML/CFT officer do not hold any concurrent posts that may have a conflict of interest with their AML/CFT responsibilities.
The chief AML/CFT officer mentioned in the preceding paragraph shall be charged with the following duties:
1.Supervising the planning and implementation of policies and procedures for identifying, assessing, and monitoring money laundering and terrorism financing risks.
2.Coordinating and supervising the implementation of business-wide money laundering and terrorism financing risk identification and assessment.
3.Monitoring and controlling money laundering and terrorism financing risks.
4.Developing an AML/CFT program.
5.Coordinating and supervising the implementation of AML/CFT program.
6.Confirming compliance with AML/CFT laws and regulations, including relevant compliance templates or self-regulatory rules that are produced by the financial services trade associations to which the respective business and institutions belong and that are approved by the FSC for recordation.
7.Supervising the reporting on transactions suspected of money laundering or terrorism financing, and on the properties or property interests and locations of individuals or entities designated by the Counter-Terrorism Financing Act, to the Investigation Bureau, Ministry of Justice.
The chief AML/CFT officer under paragraph 1 shall report to the board of directors and supervisors (or the audit committee) at least every half year, and shall immediately report to the board of directors and supervisors (or the audit committee) if he/she discovers any material breach of AML/CFT laws or regulations.
Overseas business units of securities and futures business and other financial institutions designated by the FSC shall be staffed with an adequate number of AML/CFT personnel in view of the number of local branches, and the size and risks of the unit's business, and appoint an AML/CFT officer to take charge of the coordination and supervision of AML/CFT matters.
The appointment of AML/CFT officers by overseas business units of securities and futures business and other financial institutions designated by the FSC shall comply with the local regulations and the requirements of the local authorities of the host jurisdictions. The AML/CFT officer shall be vested with full authority in coordination and supervision of AML/CFT implementation, including reporting directly to the chief AML/CFT officer mentioned in paragraph 1, and should not hold any other posts, except for the post of chief compliance officer. If the AML/CFT officer holds other concurrent posts, the foreign business unit should communicate that fact with the local competent authority to confirm that the holding of other concurrent posts will not likely result in any conflict of interest, and report the matter to the FSC for recordation.
The chief AML/CFT officer mentioned in the preceding paragraph shall be charged with the following duties:
1.Supervising the planning and implementation of policies and procedures for identifying, assessing, and monitoring money laundering and terrorism financing risks.
2.Coordinating and supervising the implementation of business-wide money laundering and terrorism financing risk identification and assessment.
3.Monitoring and controlling money laundering and terrorism financing risks.
4.Developing an AML/CFT program.
5.Coordinating and supervising the implementation of AML/CFT program.
6.Confirming compliance with AML/CFT laws and regulations, including relevant compliance templates or self-regulatory rules that are produced by the financial services trade associations to which the respective business and institutions belong and that are approved by the FSC for recordation.
7.Supervising the reporting on transactions suspected of money laundering or terrorism financing, and on the properties or property interests and locations of individuals or entities designated by the Counter-Terrorism Financing Act, to the Investigation Bureau, Ministry of Justice.
The chief AML/CFT officer under paragraph 1 shall report to the board of directors and supervisors (or the audit committee) at least every half year, and shall immediately report to the board of directors and supervisors (or the audit committee) if he/she discovers any material breach of AML/CFT laws or regulations.
Overseas business units of securities and futures business and other financial institutions designated by the FSC shall be staffed with an adequate number of AML/CFT personnel in view of the number of local branches, and the size and risks of the unit's business, and appoint an AML/CFT officer to take charge of the coordination and supervision of AML/CFT matters.
The appointment of AML/CFT officers by overseas business units of securities and futures business and other financial institutions designated by the FSC shall comply with the local regulations and the requirements of the local authorities of the host jurisdictions. The AML/CFT officer shall be vested with full authority in coordination and supervision of AML/CFT implementation, including reporting directly to the chief AML/CFT officer mentioned in paragraph 1, and should not hold any other posts, except for the post of chief compliance officer. If the AML/CFT officer holds other concurrent posts, the foreign business unit should communicate that fact with the local competent authority to confirm that the holding of other concurrent posts will not likely result in any conflict of interest, and report the matter to the FSC for recordation.
Article 6
The domestic and foreign business units of securities and futures business and other financial institutions designated by the FSC shall appoint a senior manager to act as a supervisory officer in charge of supervising the implementation of AML/CFT related matters of the business unit, and conduct self-assessment in accordance with the Regulations Governing the Establishment of Internal Control Systems by Service Enterprises in Securities and Futures Markets.
The internal audit unit of securities and futures business and other financial institutions designated by the FSC shall audit the following matters and submit audit opinions:
1.Whether the money laundering and terrorism financing risk assessment and the AML/CFT program meet the regulatory requirements and are vigorously implemented.
2.The effectiveness of the AML/CFT program.
The presidents of securities and futures business and other financial institutions designated by the FSC shall oversee that respective units prudently evaluate and review the implementation of the AML/CFT internal control system. The chairman, president, chief auditor and chief AML/CFT officer shall jointly issue a statement on AML/CFT internal control (see attached), which shall be submitted to the board of directors for approval and disclosed on the websites of the securities and futures business and other financial institutions designated by the FSC within three months after the end of each fiscal year, and filed via a website designated by the FSC.
For Taiwan branch offices of foreign securities and futures business, the board of directors at the head office shall authorize the responsible person at the Taiwan branch to be in charge of the matters involving the board of directors or supervisors, as stated in these Regulations. The statement mentioned in the preceding paragraph, shall be provided by three persons: the responsible person of the Taiwan branch authorized by the board of directors of the head office, the chief AML/CFT officer, and the chief auditor in charge of the Taiwan area.
The internal audit unit of securities and futures business and other financial institutions designated by the FSC shall audit the following matters and submit audit opinions:
1.Whether the money laundering and terrorism financing risk assessment and the AML/CFT program meet the regulatory requirements and are vigorously implemented.
2.The effectiveness of the AML/CFT program.
The presidents of securities and futures business and other financial institutions designated by the FSC shall oversee that respective units prudently evaluate and review the implementation of the AML/CFT internal control system. The chairman, president, chief auditor and chief AML/CFT officer shall jointly issue a statement on AML/CFT internal control (see attached), which shall be submitted to the board of directors for approval and disclosed on the websites of the securities and futures business and other financial institutions designated by the FSC within three months after the end of each fiscal year, and filed via a website designated by the FSC.
For Taiwan branch offices of foreign securities and futures business, the board of directors at the head office shall authorize the responsible person at the Taiwan branch to be in charge of the matters involving the board of directors or supervisors, as stated in these Regulations. The statement mentioned in the preceding paragraph, shall be provided by three persons: the responsible person of the Taiwan branch authorized by the board of directors of the head office, the chief AML/CFT officer, and the chief auditor in charge of the Taiwan area.
Article 7
Securities and futures business and other financial institutions designated by the FSC shall establish procedures to ensure high standards for employee screening and hiring, including examining whether the prospective employee has integrity of character and the professional knowledge required to perform their duties.
The dedicated AML/CFT personnel, the chief AML/CFT officer, and the domestic-business-unit AML/CFT supervisory officer of securities and futures business and other financial institutions designated by the FSC shall meet one of the following qualification requirements within three months after appointment, and the securities and futures business and other financial institutions designated by the FSC shall adopt relevant control mechanisms to ensure compliance:
1.Having served as an officer or AML/CFT personnel on a full-time basis for at least 3 years.
2.The dedicated AML/CFT personnel, and the chief AML/CFT officer shall have attended not less than 24 hours of courses organized by an institution recognized by the FSC, passed the exams and received completion certificates therefor. The AML/CFT supervisory officer of domestic business units shall have attended not less than 12 hours of courses organized by an institution recognized by the FSC, passed the exams and received completion certificates therefor. A chief compliance officer concurrently holding the post of chief AML/CFT officer, or a compliance personnel concurrently holding a post as a dedicated AML/CFT personnel will be deemed to have met the qualification requirements under this subparagraph after having attended 12 hours of education and training organized by an institution recognized by the FSC.
3.Having received a domestic or international AML/CFT professional certificate issued by an institution recognized by the FSC.
The dedicated personnel chief officer, and domestic-business-unit supervisory officer referred to in the preceding paragraph shall at least attend 12 hours of AML/CFT training organized by internal or external training institutions approved by the chief officer under Article 5, paragraph 1 every year. The training shall cover at least newly amended laws and regulations, and trends and patterns of money laundering and terrorism financing risks. If the person has obtained a domestic or international AML/CFT professional certificate issued by an institution recognized by the FSC in a given year, the certificate may be used to offset the training hours for the year.
The AML/CFT supervisory officer and the AML/CFT officer and personnel of foreign business units of securities and futures business and other financial institutions designated by the FSC shall have expertise in anti-money laundering, and be familiar with relevant local laws and regulations, and shall at least attend 12 hours of training on AML/CFT offered by foreign competent authorities or relevant institutions. If no such training is available, the personnel may attend training courses offered by internal or external training institutions approved by the chief officer under Article 5, paragraph 1.
Securities and futures business and other financial institutions designated by the FSC shall arrange appropriate hours of education and on-the-job training of suitable contents on AML/CFT in view of the nature of their business for their directors, supervisors, general managers, legal compliance personnel, internal auditors, and associated persons to familiarize them with their AML/CFT duties and equip them with the professional knowhow to perform their duties.
The dedicated AML/CFT personnel, the chief AML/CFT officer, and the domestic-business-unit AML/CFT supervisory officer of securities and futures business and other financial institutions designated by the FSC shall meet one of the following qualification requirements within three months after appointment, and the securities and futures business and other financial institutions designated by the FSC shall adopt relevant control mechanisms to ensure compliance:
1.Having served as an officer or AML/CFT personnel on a full-time basis for at least 3 years.
2.The dedicated AML/CFT personnel, and the chief AML/CFT officer shall have attended not less than 24 hours of courses organized by an institution recognized by the FSC, passed the exams and received completion certificates therefor. The AML/CFT supervisory officer of domestic business units shall have attended not less than 12 hours of courses organized by an institution recognized by the FSC, passed the exams and received completion certificates therefor. A chief compliance officer concurrently holding the post of chief AML/CFT officer, or a compliance personnel concurrently holding a post as a dedicated AML/CFT personnel will be deemed to have met the qualification requirements under this subparagraph after having attended 12 hours of education and training organized by an institution recognized by the FSC.
3.Having received a domestic or international AML/CFT professional certificate issued by an institution recognized by the FSC.
The dedicated personnel chief officer, and domestic-business-unit supervisory officer referred to in the preceding paragraph shall at least attend 12 hours of AML/CFT training organized by internal or external training institutions approved by the chief officer under Article 5, paragraph 1 every year. The training shall cover at least newly amended laws and regulations, and trends and patterns of money laundering and terrorism financing risks. If the person has obtained a domestic or international AML/CFT professional certificate issued by an institution recognized by the FSC in a given year, the certificate may be used to offset the training hours for the year.
The AML/CFT supervisory officer and the AML/CFT officer and personnel of foreign business units of securities and futures business and other financial institutions designated by the FSC shall have expertise in anti-money laundering, and be familiar with relevant local laws and regulations, and shall at least attend 12 hours of training on AML/CFT offered by foreign competent authorities or relevant institutions. If no such training is available, the personnel may attend training courses offered by internal or external training institutions approved by the chief officer under Article 5, paragraph 1.
Securities and futures business and other financial institutions designated by the FSC shall arrange appropriate hours of education and on-the-job training of suitable contents on AML/CFT in view of the nature of their business for their directors, supervisors, general managers, legal compliance personnel, internal auditors, and associated persons to familiarize them with their AML/CFT duties and equip them with the professional knowhow to perform their duties.
Article 8
The FSC may adopt a risk-based approach and at any time assign personnel or engage an appropriate institution to conduct audits of the implementation of the AML/CFT internal control and audit systems of securities and futures business and other financial institutions designated by the FSC. The audit methods include on-site audits and off-site audits.
When the FSC or auditors engaged by it carry out an audit under the preceding paragraph, they may order securities and futures business and other financial institutions designated by the FSC to present relevant account books, documents, electronic data files, or other relevant materials. The aforesaid materials shall be provided regardless of their means of storage, whether hard copies, electronic files, emails, or any other form or means of storage whatsoever, and the audited entity may not evade, refuse, or obstruct the audit for any reason.
When the FSC or auditors engaged by it carry out an audit under the preceding paragraph, they may order securities and futures business and other financial institutions designated by the FSC to present relevant account books, documents, electronic data files, or other relevant materials. The aforesaid materials shall be provided regardless of their means of storage, whether hard copies, electronic files, emails, or any other form or means of storage whatsoever, and the audited entity may not evade, refuse, or obstruct the audit for any reason.
Article 9
These Regulations shall take force from the date of issuance.