Regulations Governing the Internal Controls and Audit System for Postal Remittances and Savings

2023-09-08
播放模式
手機睡眠
語音選擇
Article 1
The regulations hereof are being established as mandated by Article 10 of the Postal Remittances and Savings Act.
Article 2
Chunghwa Post Co., Ltd. (hereinafter called Chunghwa Post) shall establish an internal control and audit system for its postal savings and remittances business (hereinafter called the savings and remittances business) and make sure that the system is continually in operation and effective at promoting the healthy development of the company and maintaining its financial stability.
Chunghwa Post shall organize overall operation strategies, risk management policies and guidelines, draft operation plans, risk management procedure and execution guidelines.
Article 3
The basic objectives of internal controls of Chunghwa Post are to promote sound operations and, through joint compliance by the board of directors, management, and all personnel, to reasonably ensure that the following objectives are achieved:
1. Effectiveness and efficiency of operations;
2. Reliability, timeliness, transparency and compliance of reporting; and
3. Compliance with applicable rules and regulations.
The objective of effectiveness and efficiency of operations referred to in subparagraph 1 of the preceding paragraph includes objectives such as profits, performance, and safeguarding asset security.
The "reporting" referred to in subparagraph 2, paragraph 1 includes internal and external financial reporting and non-financial reporting of Chunghwa Post. The objective of external financial reporting includes ensuring that financial reports presented to external users are prepared in accordance with the generally accepted accounting principles and that all transactions are properly approved.
Article 4
The internal control system of Chunghwa Post should be supported by the board of directors. If the board has opposite opinions or retains their opinions, these opinions and reasons should be notified clearly in meeting minutes and sent, together with the internal control system passed by the board, to the auditor. The same procedure should be applied if any revisions are needed.
The board of directors of Chunghwa Post should be aware of the operational risks faced by the company or business, supervise its operating results and bears the ultimate responsibility for ensuring the establishment and maintenance of appropriate and effective internal control system.
Article 5
The internal control system of Chunghwa Post shall incorporate the following components:
1. Control Environment: Control environment is the basis for the design and implementation of internal control systems across Chunghwa Post. It encompasses the integrity and ethical values of Chunghwa Post, governance oversight responsibility of its board of directors and supervisors, organizational structure, assignment of authority and responsibility, human resources policy, performance measures, and awards and disciplines. The board of directors and management should establish an internal code of conduct, including a code of conduct for directors and code of conduct for employees.
2. Risk Assessment: A precondition to risk assessment is the identification of objectives, linked at different levels of Chunghwa Post, and the suitability of the objectives should also be taken into consideration. The management shall consider the impact of changes in the external environment and within its own business model and possible fraud scenarios. The risk assessment results can assist Chunghwa Post in designing, correcting, and implementing necessary controls in a timely manner.
3. Control Operations: Control operations means the actions of adopting proper policies and procedures by Chunghwa Post based on the risk assessment results to control risks within a tolerable range. Control operations shall be performed at all levels of Chunghwa Post, at various stages of business processes, and over the technological environment, and shall include supervision and management of subsidiaries, appropriate segregation of duties and that management and employees are not assigned conflicting responsibilities.
4. Information and Communication: Information and communication means relevant and quality information that Chunghwa Post obtains, generates, or uses from both internal and external sources to support the continuous functioning of other components of internal control, and to ensure that information can be effectively communicated within and outside the organization. The internal control system must have mechanisms to generate information necessary for planning, implementation, and supervision and to enable timely access to information by those who need it, and the system should maintain comprehensive internal financial, operational and compliance data. An effective internal control system shall also establish effective channels of communication.
5. Monitoring Operations: Monitoring operations means ongoing evaluations, individual evaluations, or combination of the two undertaken by Chunghwa Post to ascertain whether each of the components of internal control is present and continuously functioning. Ongoing evaluations means routine evaluations built into the course of operations at different levels. Individual evaluations are evaluations conducted by different personnel such as internal auditors, supervisors or the board of directors. Findings of deficiencies of the internal control system shall be communicated to management of appropriate levels, the board of directors, and supervisors, and improvements shall be made in a timely manner.
The code of conduct for directors mentioned in Subparagraph 1 of the preceding paragraph shall contain at least the rules that when a director discovers that Chunghwa Post is in danger of sustaining material loss or damage, the director should promptly take appropriate actions and immediately notify supervisors, and report to the board of directors, and supervise Chunghwa Post to report to the Ministry of Transportation and Communications (MOTC) or the Financial Supervisory Commission(FSC).
Article 6
Chunghwa Post’s internal control system shall cover all operational activities of savings and remittances, and the following policies and procedures shall be drawn up:
1. Regulations governing the organization of the company or regulations governing the management of the company, including setting out a clear organizational system, departmental duties and clear authorization as well as measures regarding delegation of responsibilities to the proper level staff.
2. A handbook stating related system standards and business activities: Including the policies, operational procedures and standards of savings, remittances, new lines of business, the utilization of postal savings, money handling, accounting, general affairs, information, personnel management, customer data confidentiality, regulation on interested party transactions, management of the preparation process of financial statements, management of operations for disclosing information externally, management of financial examination report, management of protection of financial consumers, management of outsourcing, mechanism for handling major contingencies, mechanism for anti-money laundering and combating the financing of terrorism (AML/CFT) and management of compliance with relevant laws and regulations, including the management mechanism for identifying, assessing, and monitoring AML/CFT risks and other operations, and appropriate internal controls to apply in accordance with each business line’s nature and scale.
Chunghwa Post shall, in step with changing regulations, business items and operational procedures, periodically review and amend the various kinds of operations and management regulations mentioned in the preceding paragraph and require the participation of legal compliance, internal audit, risk management and information agencies if necessary.
Article 7
Chunghwa Post shall establish three lines of defense in internal control system, including a self-inspection system, a legal compliance system and a risk management mechanism, and an internal audit system in order to maintain an effective and appropriate operation of the internal control system of the savings and remittances businesses:
1. The self-inspection system: The self-inspection system shall be carried out by members of the various operations, finance, asset safekeeping and information units of Chunghwa Post by reviewing each other’s actual working circumstances. All departments shall designate assistants to the head of the department or personnel of at least a certain level to supervise the execution of this system, in order to discover operational flaws and take corrective actions as soon as possible.
2. Legal compliance system: The compliance officers of the business and management departments of Chunghwa Post shall, in accordance with the compliance program and self-assessment items drawn up by headquarters, ensure that all employees are in compliance with the rules and regulations of regulatory agencies when carrying out their duties.
3. Risk management mechanism: All relevant business departments and risk management departments of Chunghwa Post shall perform risk identification, measurement, monitoring and reporting according to their respective authorities and responsibilities, and implement the risk management check and balance mechanism.
4. The internal audit system: The internal audit system shall be executed by Chunghwa Post’s audit department, which is responsible for auditing all savings, remittances and management departments as well as assessing on a regular basis the self-auditing performance of the savings and remittances business departments.
Article 8
The purpose of an internal audit is to assist the board of directors and the managerial level of Chunghwa Post to verify and evaluate whether the operation of internal control system works effectively and smoothly and provide appropriate suggestions for revision, which can ensure the on-going performance of effective internal control and serve as the basis of internal control system revisions.
Article 9
Chunghwa Post should set up an internal audit unit that is directly subsidiary to the board of directors, which should perform audit business independently and honestly. The unit is required to report its audit business to the board of directors and supervisors at a minimum period of every six months. When necessary, the board of directors or the corporate supervisors may order the chief auditor to make a report at any time. In the case of any major internal control flaws, the chief auditor shall report to the board of directors immediately.
Chunghwa Post shall establish a system for a chief auditor, who will be in charge of auditing operations. The chief auditor shall meet the qualifications specified in the Regulations Governing Postal Remittances and Savings Operations. The position is at the same level as a vice president, and the chief auditor may not take on any job that conflicts with or impedes carrying out his or her auditing responsibilities.
The chief auditor shall be selected by the board of directors and may not be dismissed or transferred unless with the approval of two thirds of the board members. The chief auditor shall make a report to the Chairperson for his/her approval about the employment, dismissal, promotion, rewards and punishments, job rotation and performance rating of personnel in the auditing department before making a personnel move. However, personnel affairs involving other management and business departments shall be negotiated with the personnel department first, and then reported to the president for approval before being submitted to the chairperson for approval.
The MOTC or the FSC may, depending on the seriousness of the lapse, reprimand the chief auditor, order the chief auditor to take corrective action within a certain time period, or order Chunghwa Post to release the chief auditor from his or her duties if the chief auditor, while supervising and conducting internal auditing, is found to be remiss in any of the following ways:
1. Abusing authority, with evidence showing that he/she has engaged in improper money transfers with clients or other improper activities, or has used his/her authority to benefit him-/herself or others, or has taken advantage of opportunities arising from job duties to harm Chunghwa Post.
2. Illegally leaking, handing over or making public all or part of the company’s financial inspection report without the approval of the MOTC or the FSC.
3. Chunghwa Post’s Failure to report any serious malpractices due to mismanagement to the MOTC or the FSC that results in heavy losses.
4. Failure to uncover, in the internal auditing report, serious problems with Chunghwa Post’s financial and business matters that would cause heavy losses.
5. Submitting false auditing reports.
6. As a result of obviously insufficient staffing or staffing operations by obviously incompetent internal auditors in Chunghwa Post, has failed to identify a serious deficiency in financial and business operations.
7. Failing to heed instructions of the MOTC or the FSC about conducting auditing works and providing related information.
8. Behaving in other ways that are harmful to the credit and reputation or interests of Chunghwa Post.
In the case that there are serious flaws or corrupt practices with Chunghwa Post’s management or business departments, the internal auditing department shall have the authority to suggest punishment and shall fully uncover the negligent personnel responsible in its internal audit report.
Article 10
The internal auditors of Chunghwa Post shall perform their duties in good faith, and may not do any of the following:
1. Conceal or make false or inappropriate disclosures of any of Chunghwa Post's business activities, reporting, or compliance with rules and regulations that they know to directly cause damage to any interested party.
2. Act beyond the scope of audit functions or engage in other improper activities, or externally disclose any acquired information, attempt to profit therefrom, or otherwise use the information against the interest of Chunghwa Post.
3. Cause losses to Chunghwa Post or harm the interests of its stakeholders due to negligence.
4. Conduct audit work within one (1) year to the department where the auditor used to work at.
5. Fail to recuse himself or herself from auditing of cases or business within the scope of his or her past duties or matters in which he or she has a personal interest.
6. Accept improper hospitality or gifts or other improper benefits from Chunghwa Post’s employees or customers.
7. Fail to audit matters that the competent authority has instructed to him or her to audit or to provide relevant information.
8. Any other violation of rules, regulations or practices prohibited by the competent authority.
Chunghwa Post should examine at all time whether the internal auditors have violated the regulations in the preceding paragraphs. If the auditor has violated the rules, the company should order the auditor to make improvement within one(1) month and should be transferred to other job if he or she fails to make such improvement.
Article 11
The general manager of Chunghwa Post shall direct and supervise all savings and remittances departments to make careful assessments and to review the execution of the internal control system, and submit internal control system statements jointly signed and issued by the chairperson, general manager, chief auditor, and compliance officer (as attachment1) to the board of directors for approval, along with operational reports stipulated by the Regulations Governing Postal Remittances and Savings Operations, at the end of each fiscal year to the MOTC, the FSC and the Central Bank of China (CBC) for future reference.
In addition, while conducting internal audits, the auditing department shall also check to see that their suggestions for improvements listed in the internal control system statement are heeded, and continue to urge relevant departments to make improvements.
The internal control system statement under the preceding paragraph shall be duly published in the annual report of Chunghwa Post, and subsequently within three (3) months from the end of each fiscal year disclose the information contained therein on Chunghwa Post's website.
Article 12
Where Chunghwa Post makes any concealment of poor internal management, unsatisfactory internal controls, inadequate implementation of the internal audit system and regulatory compliance system, or the results of implementation of improvement of any deficiency specified by a financial examination agency in an examination opinion requiring review and follow-up, or the audit unit otherwise conceals any audit findings, and where such concealment constitutes significant malpractice, the personnel involved shall be held responsible for negligence in their duties. Chunghwa Post shall commend an auditor who identifies any significant malpractice or negligence and thereby averts material loss to the company.
Article 13
The internal audit unit shall undertake the following tasks:
1. Plan the organization structure, size and duty of the internal audit unit. Prepare internal audit working manuals and working papers, which shall at least include assessing the various rules and operating procedures of the internal control system to determine whether adequate internal controls are already in place in the current rules and procedures, whether each department has realistically carried out the internal controls, and whether the internal controls are carried out in a reasonably effective manner, and from time to time provide recommendations for improvement.
2. Monitor the formulation of rules and procedures for self-inspection and assessments of the internal control system by business and management units, and the implementation of periodic self-inspection by each unit.
3. Formulate annual audit plans and, based on the business risk profile of and implementation of internal audits by each department, determine audit plans targeted at each department.
For the purpose of self-inspecting its internal control system, Chunghwa Post shall see to it that all of its internal departments carry out self-inspection, and have its internal audit unit review the self-inspection reports of each department; such self-inspection, together with the reports on the correction of any deficiencies and irregularities discovered in the internal control system by the internal audit unit, shall serve as a basis for the board of directors, president, chief auditor, and chief compliance officer to evaluate the overall efficacy of the internal control system and to issue internal control system statements.
Article 14
The internal auditing department shall conduct at least one general audit and one special case audit a year of business, finance, asset quality and information departments and at least one general audit a year and a special case audit according to actual needs of other management departments:
The contents of the general audit or the special case audit, which is performed by the internal auditing department, should cover whether there are improper marketing activities when dealing with the sale of financial products; whether the contents of the products are clearly disclosed; whether the risks are well notified; whether the contract is fair and other obligations are performed appropriately following the law or self-regulatory guidelines.
The internal audit unit should include the execution status of the regulatory compliance system into the general audit or special case audit of the business and management units.
Chunghwa Post shall disclose at least the following information in its internal audit report for general business audits.
1. Audit scope; summary commentary; financial status; operation performance; asset quality; management of the operation of board of directors; compliance with major acts, regulations, and rules; internal controls; interested party transactions; the control and internal management of all business tasks; protection and management of customers' data; information management; management of customer data confidentiality; protection measures of consumers and investors and the results of self-inspection, and the evaluation to above matters.
2. Opinions for the major illegal errors or faults in all departments, and the suggestions for punishment for employees fail to fulfill their duties.
3. The examination comments or faults listed by the financial examination agency, accountants, internal audit unit, and self-inspection people, and the improvement status of items that enlisted as 'need further improvement' by the internal control statement.
Internal audit reports and their working papers shall be kept for at least five years for reference.
The internal audit report of Chunghwa Post shall be delivered to the supervisors for review and unless it is otherwise provided by the MOTC and the FSC, shall be submitted to the MOTC and the FSC within two (2) months following completion of the audit.
Article 15
The internal auditing department shall conduct ongoing monitoring of attempts of departments to address suggestions made or flaws found by financial inspection agencies, accountants, internal audit department and self-inspection of internal departments, as well as matters to be addressed that are listed in the internal controls system execution statement. Furthermore, the auditing department shall submit written reports on improvements made during its ongoing monitoring to the board of directors and corporate supervisors and file the reports, as well as list performance in this regard as an important item in the performance ratings of management and business departments.
The main components of the auditing works of Chunghwa Post shall be drawn up jointly by the MOTC and the FSC.
Article 16
Chunghwa Post shall, after having regard to its investment scale, business condition (the number of its branches and amount of business), management needs, and relevant provisions of rules and regulations, staff competent persons in an appropriate number as full-time internal auditors who shall perform their duties in a detached, independent, objective, and impartial manner. Personnel of the internal audit unit shall be deputy to each other to cover each other's absence.
Auditors in charge of auditing the savings and remittances business are required to have a college degree, to have passed the Senior-Grade Civil Service Examination or an equivalent exam, to have passed the Operating position Examination or an equivalent exam, to have been working in postal services for over five years, to have a clean record (with no demerits or more serious offenses) within the last three years, and to have one of the following qualifications:
1. Two years or more experience in postal savings and remittances or financial operations.
2. Two years or more experience in financial management or computer information in postal administration and at least three months of training in savings and remittances business and management.
3. If a lead auditor, have no less than three(3) years of experience in auditing or financial examination, or have no less than one(1) year of experience in auditing and no less than five(5) years of experience in financial business.
Chunghwa Post shall examine at all time whether the internal auditors have violated the regulations in the preceding two paragraphs. If the auditor has violated the rules, the company should order the auditor to make improvement within two(2) months and should be transferred to other job if he or she fails to make such improvement.
With regard to the demerits or worse offenses mentioned in paragraph 2, if the offense in question was a joint or group punishment resulting from the violation of other people and the offense has been erased from the employee’s record due to contributions made, the demerit or greater offense shall not be taken into consideration.
Article 17
Before assuming the following post, the person should enroll in the following trainings held by the professional institution recognized by the FSC and obtain completion certificate from them:
1. When acting as an internal auditor for the first time, the auditor should participate in the audit training course, computer audit training course for no less than sixty (60) hours. The auditor should also pass the exam and obtain the completion certificate.
2. An internal auditor with leadership duty should participate in the internal auditor leader train course for no less than nineteen (19) hours.
3. The chief auditor and official, deputy managers should participate in audit manager training course for no less than twelve (12) hours.
Internal auditors (including the official, deputy managers and chief auditor) of Chunghwa Post each year shall attend a finance-related professional training held by a professional institution recognized by the FSC or by Chunghwa Post thereof. For the minimum number of training hours, the total hour should be no less than twenty(20) for the official, deputy managers and chief auditors; no less than thirty(30) for the other internal auditors. If an auditor has obtained an international internal auditor certificate within the current year, the certificate can be transferred to the training hours.
The total hour of a finance-related professional training held by a professional institution recognized by the FSC shall not be less than half of the training hours in the preceding paragraph.
Chunghwa Post should organize self-inspection programs for every year and continue proper training courses for auditors in accordance with the nature of each department.
Chunghwa Post shall verify that its internal auditors meet the qualification requirements set forth herein. The verification documentation and records for such purpose shall be kept on file for future reference.
Article 18
All newly appointed managers involved in the savings and remittances in a post office branch of Chunghwa Post shall take an auditing course held by a professional institution recognized by the FSC or by Chunghwa Post within two years, as well as pass the examination and obtain a graduation certificate from one of the above-mentioned institutes.
After the implementation of these regulations hereof, all newly appointed managers involved in the savings and remittances (as mentioned in the preceding paragraph) with the exception of upper management, shall pass the savings-and-remittances-internal-controls basic test given by the Chunghwa Post or Taiwan Academy of Banking and Finance and acquire a certificate attesting to that fact within one year.
Article 19
Chunghwa Post shall, in a prescribed format and via an Internet-based information system, file with the FSC for recordation the information on the name and years of service of its internal auditors by the end of January each year.
Chunghwa Post shall submit a list of its internal auditor to the MOTC for reference regularly every year.
When preparing the basic information of internal auditors, Chunghwa Post should verify whether these auditors have met the requirements stipulated in Paragraph 2, Article 16 and Article 17. If the auditor fails to meet the requirements, it should be improved within two(2) months, if not, the auditor should be re-assigned to another job.
Article 20
Chunghwa Post shall, in a prescribed format and via an Internet-based information system, file with the FSC for recordation its next year's audit plan by the end of each fiscal year and a report on the execution of its preceding year's annual audit plan within two(2) months from the end of each fiscal year.
By the end of each accounting year, Chunghwa Post shall deliver a written audit plan for the next year to the supervisors for examination and compilation. The annual audit plan and changes thereof shall be approved by the board of directors.
The contents of audit plan mentioned in the preceding paragraph shall at least include: an explanation of the audit plan, annual audit points, units that will receive the audit, nature of audit (routine audit or special audit), and whether the frequency of audit comply with the regulation of the competent authority. If the audit is a special audit, then it is necessary to notify the range of audit.
Article 21
Chunghwa Post shall, in a prescribed format and via an Internet-based information system, file with the FSC for recordation its improvements of deficiencies and irregularities identified in the internal control system in previous year within five(5) months from the end of each fiscal year.
Article 22
The internal auditors and compliance officer of Chunghwa Post shall immediately prepare a report for submission, with a notice to the supervisors and report to the MOTC and the FSC, when their recommendations for improvements regarding significant deficiencies or noncompliance identified in internal controls are not accepted by management and as a result Chunghwa Post might incur a material loss.
Article 23
After the end of examination conducted by the competent authority or after receiving an examination report, the internal audit unit at the head office should, based on the principle of materiality, promptly inform the directors and supervisors, and make a report to the forthcoming board of directors' meeting. The report items should include the content of examination communication meeting, major deficiencies found in the examination, improvement actions required by the competent authority or possible disciplinary measures to be taken.
Article 24
Chunghwa Post shall set up a compliance unit under the president to take charge of the planning, management, and execution of the regulatory compliance system. The chief legal compliance officer shall also be assigned to act as chief compliance officer for the head office to conduct compliance affairs. The chief compliance officer shall make a report to the board of directors, supervisors at least semiannually, and in case of major regulatory violation or rating downgrade by the financial competent authority, immediately inform the directors and supervisors, and report to the board of directors on compliance matters.
The chief compliance officer at Chunghwa Post cannot be appointed to internal posts other than chief legal officer or chief AML/CFT compliance officer.
The chief compliance officer at Chunghwa Post shall hold a post comparable to that of vice president and meet the qualification requirements set out in the Regulations Governing Postal Remittances and Savings Operations.
The compliance unit of the head office, business units (post office branches of all levels), information unit, assets safekeeping unit, and other management units of Chunghwa Post shall each assign the personnel to act as the compliance officer to take charge of related affairs.
The chief officer and personnel of the compliance unit of Chunghwa Post, as well as the compliance officer of business units (post office branches of all levels), information department, assets management department, and other management departments shall meet one of the following qualification requirements:
1. Having worked as personnel or chief officer of legal compliance office for five years in aggregate.
2. Having attended not less than 30 hours of courses offered by institutions recognized by the FSC, passed the exams and received completion certificates therefor.
Personnel in the previous paragraph shall attend at least fifteen (15) hours of training a year offered by institutions recognized by the FSC or held internally by Chunghwa Post, and the training courses shall cover at least the latest regulatory amendments, new businesses or new financial products launched. The methods for the on-the-job training held by Chunghwa Post itself shall be approved by the board of directors. The head office shall keep the attendance records of relevant personnel for review.
When a dedicated AML/CFT compliance unit is set up under the legal compliance unit, the required training for AML/CFT compliance unit personnel before their appointment/assignment and every year shall observe the relevant AML/CFT regulations and is not subject to the provisions of the two preceding paragraphs.
Chunghwa Post shall file the list of head office chief compliance officers, the chief officers and personnel of the compliance unit as well as their training records with the FSC via an online information system.
Article 25
Chunghwa Post should establish advisory and communication channels for regulatory compliance matters to keep employees informed of rules and regulations, swiftly clarify any questions of the employees on rules and regulations, and ensure regulatory compliance.
When the legal compliance unit of Chunghwa Post makes a report to the board of directors in accordance with Paragraph 1 of the preceding paragraph, the report should contain at least an analysis of the causes of significant deficiency or malpractice in compliance matters within respective departments as well as recommendations for improvement.
Article 26
A compliance unit should conduct the following tasks:
1. Establishing a system for clear and adequate conveyance, consultation, coordination and communication of rules and regulations.
2. Keeping operating and management rules and procedures updated in line with relevant regulations to make sure all business activities comply with regulatory requirements.
3. Before Chunghwa Post introduces a new product or service, or applies to the competent authority for approval to offer a new business, the chief compliance officer shall issue and sign an opinion statement undertaking that the new product, service or business complies with applicable regulations and internal rules.
4. Drafting rules and procedures for evaluating regulatory compliance and overseeing the periodic implementation of self-evaluation by respective units; assessing the compliance self-evaluation operations of respective units and producing a report thereon, which, after being signed off by the president, will be used as reference in the performance evaluation of the unit.
5. Providing pertinent regulatory training to employees.
6. Supervising the introduction, establishment and implementation of relevant internal rules by the compliance officer of respective department. The internal audit unit may draft the rules and procedures for evaluation of compliance by its subordinate units and perform self-evaluation of compliance by its subordinate units, to which the provisions in Subparagraph 4 of the preceding paragraph do not apply.
Chunghwa Post should perform self-evaluation of compliance at least semiannually. The results should be sent to the compliance unit for further reference. The head of a unit should designate a specific person to conduct the self- evaluation affair in each unit.
The self-evaluation draft and information for the preceding affairs should be kept at least five (5) years.
Article 27
Chunghwa Post should establish a self-inspection system in order to strengthen internal efforts to prevent corrupt practices. Chunghwa Post shall conduct a general self-inspection on all business, financial, asset safekeeping, and information units at least semiannually; a special case self-inspection at least every month. However, if the company has conducted a general self-inspection, an internal audit unit has conducted a general business audit, a financial examination agency has conducted a general business audit or self-evaluation on affairs concerning compliance with applicable acts and regulations in that month, a special case self-inspection can be exempted in that month.
For the self-inspection affairs mentioned in the preceding paragraphs, the head of the unit should assign a person of another duty to conduct the audit and be kept secret.
The results of self-inspections mentioned in paragragh 1 shall be made as working papers and shall be preserved together with the self-inspection or internal audit reports and relevant materials for no less than five(5) years.
Article 28
While the accountants are carrying out auditing and certification for Chunghwa Post’s annual financial report, Chunghwa Post shall commission the accountants to carry out the audit of the company’s internal control system and express their opinions on the correctness of the information in the report to the MOTC and the FSC, the execution of the company’s internal control system and regulatory compliance system, as well as the appropriateness of its bad debt allowance policy.
The MOTC or the FSC may request Chunghwa Post to provide the examination report of its personal data protection and AML/CFT mechanism issued by accountants.
The auditing fee shall be negotiated by the company and the accountants and paid by the company.
The company shall submit a list of the accountants in charge of auditing to the MOTC and the FSC for reference within a month of the start of the auditing year; the same shall apply when any of the accountants are replaced.
Article 29
When necessary, the MOTC and the FSC may invite Chunghwa Post and the accountants commissioned for discussions about matters related to the commissioned auditing as mentioned in the preceding article. In the event that any of the accountants are found not to be competent to carry out the auditing, the MOTC and the MOF may order the company to replace the accountants and start the audit over again.
Article 30
When carrying out the auditing work as stipulated in Article 28 hereof, the accountants shall report to the MOTC and the FSC immediately in case of the following:
1. During auditing, the company fails to provide the statements, accounting evidence, account books and minutes as needed, or refuses to answer questions about the account, or for other reasons connected to the objective environment, the accountants are unable to continue their auditing work.
2. There are false or missed entries of a serious nature in the accounts or other records.
3. The company’s assets are less than its liabilities or the company’s financial status has deteriorated drastically.
4. Evidence shows that a business transaction may possibly result in heavy losses to the net assets of the company.
In the case any part of subparagraphs 2, 3 or 4 are true in so far as the company is concerned, the accountants shall make an excerpt report of the auditing results to the MOTC and the FSC.
Article 31
When commission accountants carry out an audit as stipulated in Paragraph 1 of Article 28 hereof, Chunghwa Post shall submit the accountant’s auditing report to the MOTC and the FSC for reference before the deadline set out by the FSC. This auditing report shall at least cover the scope, basis, procedures and results of the audit.
When the MOTC or the FSC makes inquiries about the contents of the auditing report, the accountants shall provide detailed related data and explanations.
Article 32
Chunghwa Post shall formulate risk management policies and procedures and establish operationally independent and effective risk management mechanisms, by which to assess and monitor the respective risk-bearing capacity, and current status of risks already incurred, and to determine their compliance with the risk response strategies and risk management procedures.
The risk management policies and procedures under the preceding paragraph shall be passed by the board of directors and be reviewed and revised in a timely manner.
Article 33
Chunghwa Post shall establish an independent risk management task force and regularly furnish risk management reports to the board of directors; upon identifying a significant risk exposure that might adversely affect its financial or business status or compliance with applicable acts and regulations, it shall take immediate and adequate countermeasures and submit a report to the board of directors.
Article 34
The risk management mechanism of Chunghwa Post shall include the following principles:
1. Setting risk appetite and monitoring based on its business scale, credit, market, and operational risks, and future business trends.
2. Establishing management mechanisms for measuring and monitoring the liquidity positions of the banking business, by which to measure, monitor, and manage the liquidity risks.
3. Making various investment allocations after having considered the overall risk exposure, equity capital, and characteristics of liabilities, and establishing various measures to manage investment risks.
4. Establishing uniform assessment methodologies for rating and classifying the quality of assets, calculating and controlling large risk exposures, carrying out periodic reviews, and faithfully setting aside allowances or reserves for loss.
5. Building information security mechanisms and contingency plans with respect to business, transactions, and information exchanges or other activities.
Article 34-1
Chunghwa Post shall assign a manager ranking vice president or higher or an individual with equivalent position to serve concurrently as the chief information security officer, who shall oversee the implementation and coordination of the information security policy and resource allocation.
Chunghwa Post shall set up a dedicated information security unit with independent function, arrange suitable workforce and equipment, and appoint a person with the rank higher than that of the head of the office or equivalent position to serve as the chief officer of such unit.
The staff and the chief officer of the dedicated information security unit under the preceding paragraph shall not be appointed to other posts in charge of information or tasks with conflicts of interest.
The dedicated information security unit is in charge of planning, monitoring, and implementing the management processes of information security. Chunghwa Post shall submit, disclose, and publish the internal control system statement in accordance with the regulations in Paragraph 1 of Article 11 and the chief information security officer shall co-sign and issue the statement.
The personnel of the dedicated information security unit of Chunghwa Post shall attend at least fifteen (15) hours of professional courses regarding information security or on-the-job training every year. The personnel of the head office, business units (post office branches of all levels), information units, assets safekeeping units, and other management units of Chunghwa Post shall attend no less than three hours of information security courses every year.
Article 35
To secure the confidentiality level of the financial examination report of Chunghwa Post, unless consented by the law or the competent authority, the responsible person or the employee are not allowed to read or disclose, deliver, publicize all or part of the contents of the report to another person irrelevant of the performing of the task.
Chunghwa Post should follow the provisions of the competent authority to prescribe the relating internal management regulations and business procedures of the financial examination reports and submit them to the board of directors for consent.
Article 36
Compliance personnel or officers who took up the post after the promulgation of the amended Regulation on April 11, 2019 but do not meet the provisions in Paragraph 5 of Article 24 herein shall make adjustment to obey the rules within one year.
Article 37
The regulations herein shall be in force on the date of promulgation.