Regulations Governing Internal Audit and Internal Control System of Anti-Money Laundering and Countering Terrorism Financing of Banking Business and Other Financial Institutions Designated by the Financial Supervisory Commission

2021-12-14
播放模式
手機睡眠
語音選擇
Article 1
These Regulations are enacted pursuant to Paragraph 3, Article 6 of the Money Laundering Control Act (hereinafter referred to as the “Act”).
Article 2
The “banking business” referred to in these regulations shall mean banks, credit cooperatives, postal institutions handling postal savings and remittance businesses, bills finance companies, credit card companies and trust enterprises.
The “other financial institutions designated by the Financial Supervisory Commission (hereinafter referred to as the “FSC”) referred to in these regulations shall mean electronic payment institutions and foreign migrant worker remittance companies (limited to small-amount remittance services for foreign migrant workers):
1. “Electronic payment institution” shall mean an institution approved to engage in electronic payment business pursuant to the Act Governing Electronic Payment Institutions.
2. “Foreign migrant worker remittance company” shall mean a company approved to engage in small-amount remittance services for foreign migrant workers pursuant to the Regulations Governing Small Amount Remittance Services for Foreign Migrant Workers.
Article 3
Banking businesses and other financial institutions designated by the FSC shall establish specific policies and procedures for correspondent banking and other similar relationships, including:
1. Gather sufficient publicly available information to fully understand the nature of the respondent bank’s business and to determine its reputation and quality of management, including whether it has complied with the Anti-Money Laundering and Countering Terrorism Financing (hereinafter referred to as the “AML/CFT”) regulations and whether it has been investigated or received regulatory action in connection with money laundering or terrorist financing (hereinafter referred to as the “ML/TF”);
2. Assess whether the respondent bank has adequate and effective AML/CFT controls;
3. Obtain approval from senior management before establishing new correspondent bank relationships;
4. Document the respective AML/CFT responsibilities of each party;
5. Where a correspondent relationship involves in “payable–through accounts”, the banking business shall be required to satisfy itself that the respondent bank has performed customer due diligence (hereinafter referred to as the “CDD”) measures on its customers who have direct access to the accounts of the correspondent bank, and is able to provide relevant CDD information upon request to the correspondent bank;
6. The banking business is prohibited from entering into correspondent relationships with shell banks and shall be required to satisfy itself that respondent financial institutions do not permit their accounts to be used by shell banks;
7. For a respondent bank that is unable to provide the aforementioned information upon request, the banking business or other financial institutions designated by the FSC may decline the respondent bank’s application to open an account, suspend transactions with the respondent bank, file a suspicious ML/TF transaction report or terminate business relationship; and
8. The aforementioned provisions are also applied to the respondent bank that is a foreign branch or subsidiary of the banking business or financial institutions designated by the FSC.
Article 4
A banking business and other financial institutions designated by the FSC shall assess ML/TF risks before launching new products, new services or new business practices and establish appropriate risk management measures to mitigate identified risks.
Article 5
A banking business and other financial institutions designated by the FSC shall conduct domestic and cross-border outward and inward wire transfers involving foreign currencies in accordance with the following regulations:
1. Banking business: Conduct wire transfers involving foreign currencies in accordance with the Directions Governing Banking Enterprises for Operating Foreign Exchange Business.
2. Electronic payment institution: Conduct wire transfers involving foreign currencies in accordance with the Rules Governing the Administration of Electronic Payment Business.
3. Foreign migrant worker remittance company: Conduct wire transfers involving foreign currencies in accordance with the Regulations Governing Small Amount Remittance Services for Foreign Migrant Workers.
A banking business and other financial institutions designated by the FSC shall conduct domestic wire transfers involving New Taiwan Dollar (hereinafter referred to as the “NTD”) as ordering financial institutions in accordance with the following rules:
1. Provide required and accurate originator information and required beneficiary information by any of the means below:
(1) Include information on the originator and the beneficiary accompanying the wire transfer; or
(2) Include the account number or a unique transaction reference number which permits the transaction to be traced back to the originator and the beneficiary and make information available within three business days of receiving the request either from the beneficiary financial institution or from appropriate competent authorities. However, Law enforcement authorities should be able to compel immediate production or such information and the banking business shall respond accordingly.
2. Maintain the following required information on the originator and the beneficiary in accordance with Article 12 of the Regulations Governing Anti-Money Laundering of Financial Institutions:
(1) The aforementioned originator information shall include: name of the originator, the originator account number where such an account is used to process the transaction (if not available, a unique transaction reference number that permits traceability), and the information by any of the means below:
A. National identity number;
B. The originator’s address; or
C. Date and place of birth.
(2) The aforementioned beneficiary information shall include: name of the beneficiary and the beneficiary account number (if not available, a unique transaction reference number that permits traceability).
A banking business or other financial institutions designated by the FSC that fail to conduct wire transfers in accordance with the two preceding paragraphs are not allowed to engage in wire transfer business.
A banking businesses or other financial institutions designated by the FSC serving as beneficiary financial institutions shall conduct domestic wire transfers involving NTD in accordance with the following rules:
1. Have risk-based policies and procedures for determining when to execute, reject, or suspend a wire transfer lacking the information specified under Subparagraph 2, Paragraph 2 hereof, and the appropriate follow-up action.
2. Maintain the information on the originator and the beneficiary received in accordance with Article 12 of the Regulations Governing Anti-Money Laundering of Financial Institutions.
Article 6
The AML/CFT internal control system established by a banking business and other financial institutions designated by the FSC and any subsequent amendment thereto shall be approved by its board of directors (council), and shall contain the following:
1. The policies and procedures to identify, assess and manage its ML/TF risks;
2. An AML/CFT program established based on ML/TF risks and business size to manage and mitigate identified risks, which also includes enhanced control measures for higher risk situations; and
3. Standard operational procedures for monitoring compliance with AML/CFT regulations and the implementation of the AML/CFT program, which shall be included in the self-inspection and internal audit system, and enhanced if necessary.
The ML/TF risk identification, assessment and management mentioned in Subparagraph 1 of the preceding paragraph shall cover at least customers, geographic areas, products and services, transactions or delivery channels, and contain the following:
1. A risk assessment report shall be documented;
2. The risk assessment shall consider all risk factors to determine the level of overall risk, and appropriate measures to mitigate the risks;
3. There shall be a risk assessment update mechanism in place to ensure that risk data are kept up-to-date; and
4. When the risk assessment is completed or updated, the report shall be submitted to the FSC for recordation.
The AML/CFT program mentioned in Subparagraph 2 of Paragraph 1 hereof shall include the following policies, procedures and controls:
1. Customer due diligence;
2. Watch list filtering;
3. Ongoing due diligence of accounts and transactions;
4. Correspondent banking business;
5. Record keeping;
6. Filing currency transaction report (CTR);
7. Filing suspicious ML/TF transaction report (STR);
8. Appointment of a compliance officer at the management level in charge of AML/CFT compliance matters;
9. Employee screening and hiring procedure;
10. Ongoing employee training program;
11. An independent audit function to test the effectiveness of AML/CFT system; and
12. Other matters required by the AML/CFT regulations and the FSC.
A banking business and other financial institutions designated by the FSC having branches (or subsidiaries) shall establish a group-wide AML/CFT program which shall be applicable, and appropriate to, all branches (or subsidiaries) of the financial group. The AML/CFT program shall include the policies, procedures and controls mentioned in the preceding paragraph, and in addition, contain the following without violating the information confidentiality regulations of the ROC and host countries or jurisdictions:
1. Policies and procedures for sharing information within the group required for the purposes of CDD and ML/TF risk management;
2. Group-level compliance, audit and AML/CFT functions to require branches (or subsidiaries) to provide customer, account and transaction information from branches and subsidiaries when necessary for AML/CFT purposes. This should include information and analysis of transactions or activities which appear unusual. Similarly branches (or subsidiaries) should receive such information from these group-level functions when necessary for AML/CFT purposes; and
3. Adequate safeguards on the confidentiality and use of information exchanged, including safeguards to prevent tipping-off.
A banking business and other financial institutions designated by the FSC shall ensure that its foreign branches (or subsidiaries) apply AML/CFT measures to the extent that the laws and regulations of host countries or jurisdictions so permit, and those measures should be consistent with those adopted by the head office (or parent company). Where the minimum requirements of the countries where its head office (or parent company) and branches (or subsidiaries) are located are different, the branch (or subsidiary) shall choose to follow the criteria which are higher. However, in case there is any doubt regarding the determination of higher or lower criteria, the determination by the competent authority of the place at where the head office of the banking business and other financial institutions designated by the FSC is located shall prevail. If a foreign branch (or subsidiary) is unable to adopt the same criteria as the head office (or parent company) due to prohibitions from foreign laws and regulations, appropriate additional measures shall be taken to manage the ML/TF risks, and report to the FSC.
The board of directors (council) of a banking business and other financial institutions designated by the FSC takes the ultimate responsibility of ensuring the establishment and maintenance of appropriate and effective AML/CFT internal controls. The board of directors (council) and senior management of a banking business and other financial institutions designated by the FSC shall understand the company’s ML/TF risks and the operation of its AML/CFT program, and adopt measures to create a culture of AML/CFT compliance.
Article 7
A banking business and other financial institutions designated by the FSC shall be staffed with adequate number of AML/CFT personnel and resources appropriate to the size and risks of its business. The board of directors (council) of the banking business and other financial institutions designated by the FSC shall appoint a senior officer to act as the chief AML/CFT compliance officer and vest the officer full authority in coordinating and supervising AML/CFT implementation and shall ensure that its AML/CFT personnel and the chief AML/CFT compliance officer do not hold concurrent positions that may have a conflict of interest with their AML/CFT responsibilities. In addition, a domestic bank shall set up an independent, dedicated AML/CFT compliance unit under the president, legal compliance unit, or risk management unit of the head office and such AML/CFT compliance unit shall not handle businesses other than AML/CFT.
The dedicated AML/CFT compliance unit or the chief AML/CFT compliance officer mentioned in the preceding paragraph shall be charged with the following duties:
1. Supervising the planning and implementation of policies and procedures for identifying, assessing and monitoring ML/TF risks.
2. Coordinating and supervising the implementation of the company-wide AML/CFT risk identification and assessment.
3. Monitoring and controlling ML/TF risks.
4. Developing an AML/CFT program.
5. Coordinating and supervising the implementation of AML/CFT program.
6. Confirming compliance with AML/CFT regulations, including the relevant specimen or self-regulatory rules formulated by the related financial services association and accepted by the FSC for recordation.
7. Supervising the reporting on suspicious ML/TF transactions and on the properties or property interests and location of individuals or legal entities designated by the Counter-Terrorism Financing Act to the Investigation Bureau, Ministry of Justice.
The chief AML/CFT compliance officer mentioned in Paragraph 1 hereof shall report to the board of directors (council) and supervisors (board of supervisors) or the audit committee at least semiannually, or whenever a major regulatory violation is discovered.
Each foreign business unit of a banking business and other financial institutions designated by the FSC shall be staffed with an adequate number of AML/CFT personnel in view of the number of branches in that area, and the size and risks of its business, and appoint an AML/CFT compliance officer to take charge of the coordination and supervision of related compliance matters.
The appointment of an AML/CFT compliance officer by the foreign business unit of a banking business and other financial institutions designated by the FSC shall comply with the regulations and requirements of the host country. The AML/CFT compliance officer shall be vested with full authority in AML/ CFT coordination and supervision, including reporting directly to the chief AML/CFT compliance officer mentioned in Paragraph 1 hereof, and shall not hold other positions, except for the legal compliance officer. If the AML/CFT compliance officer holds other concurrent positions, the foreign business unit shall communicate the fact with the competent authority of the host country to confirm the holding of other concurrent positions not resulting in or potentially leading to the conflict of interest, and report the matter to the FSC for recordation.
Article 8
Each domestic and foreign business unit of a banking business and other financial institutions designated by the FSC shall appoint a senior manager to act as the supervisor to take charge of supervising AML/CFT related matters of the business unit, and conduct self-inspection.
The internal audit unit of a banking business and other financial institutions designated by the FSC shall audit the following matters and submit audit opinions on:
1. Whether the ML/TF risk assessment and the AML/CFT program meet the regulatory requirements and are implemented; and
2. The effectiveness of the AML/CFT program.
The president of a banking business and other financial institutions designated by the FSC shall oversee the respective units to prudently evaluate and review the implementation of internal control system for AML/CFT. The chairman, president, chief auditor and chief AML/CFT compliance officer shall jointly issue a statement on internal control for AML/CFT (see attached), which shall be submitted to the board of directors (council) for approval and disclosed on their website of the business and institutions within three (3) months after the end of each fiscal year, and filed via a website designated by the FSC.
For the branches of a foreign bank or foreign credit card company in Taiwan, the authorized personnel by its head office shall be responsible for matters concerning the board of director or supervisors under these Regulations. The statement mentioned in the preceding paragraph shall be jointly issued by the litigious/non-litigious agent and the chief AML/CFT compliance officer of the branch in Taiwan as well as officer in charge of audit operation in Taiwan.
  • Attachment Statement on Internal Control for AML/CFT.pdf
Article 9
A banking business and other financial institutions designated by the FSC shall establish screening procedures to ensure high standards when hiring employees, including examining whether the prospective employee has character integrity and the professional knowledge required to perform its duty.
The chief AML/CFT compliance officer, the personnel of dedicated AML/CFT unit and the AML/CFT supervisors of domestic business units of a banking business and other financial institutions designated by the FSC shall possess one of the following qualification requirements in three (3) months after appointment/assignment to the position and the financial institution shall set out relevant control mechanism to ensure compliance with the provisions hereof:
1. Having served as a legal compliance officer or AML/CFT personnel on a full-time basis for at least three (3) years;
2. Having attended at least 24 hours of courses offered by institutions recognized by the FSC, passed the exams, and received completion certificates therefor. But personnel who have met the qualification requirement for the legal compliance officer are deemed to meet the qualification requirement under this Subparagraph after they have attended at least 12 hours of training on AML/CFT offered by institutions recognized by the FSC; or
3. Having received an AML/CFT professional certificate issued by an international or a domestic institution recognized by the FSC.
The chief AML/CFT compliance officer, AML/CFT personnel and the AML/CFT supervisor of domestic business units of a banking business and other financial institutions designated by the FSC shall annually attend at least 12 hours of training on AML/CFT offered by internal or external training units consented by the chief AML/CFT compliance officer mentioned in Paragraph 1of Article 7herein.The training shall cover at least newly amended laws and regulations, trends and typologies of ML/TF risks. If the person has obtained an AML/CFT professional certificate issued by an international or a domestic institution recognized by the FSC in a year, the certificate may be used to substitute the training hours for the year.
The AML/CFT supervisor and the AML/CFT compliance officer and personnel of foreign business units of a banking business and other financial institutions designated by the FSC shall possess professional knowledge on AML/CFT, be well informed in relevant local regulations, and annually attend at least 12 hours of training on AML/CFT offered by foreign competent authorities or relevant institutions. If no such training is available, the personnel may attend training courses offered by internal or external training units consented by the chief AML/CFT compliance officer mentioned in Paragraph 1 of Article 7herein.
A banking business and other financial institutions designated by the FSC shall annually arrange appropriate hours and contents of orientation and on-the-job training on AML/CFT for its directors (council members), supervisors, president, legal compliance personnel, internal auditors, and business personnel in view of the nature of its business, to familiarize them with their AML/CFT duties and equip them with the professional knowhow to perform their duties.
Foreign migrant worker remittance companies shall be required to arrange pre-job training and on-the-job training on AML/CFT with suitable contents and appropriate number of hours for related personnel each year based on the characteristics of their business, ML/TF risks, and common deficiencies found in foreign migrant worker remittance transactions. The regulations from Paragraph 2 to the preceding paragraph do not apply.
Article 10
For the implementation of internal audit and internal control system of AML/CFT of a banking business and other financial institutions designated by the FSC, the FSC may, at any time, appoint a designee, or entrust an appropriate institution to conduct an inspection using risk-based approach. The inspection includes on-site and off-site inspections.
When the FSC or the entrusted institution conducts the inspection in the preceding Paragraph, the banking business and other financial institutions designated by the FSC shall provide the relevant books, documents, electronic data files or other relevant materials. The aforementioned materials, whether stored in hard copy, electronic file, e-mail or any other form, shall be provided, and the banking business and other financial institutions designated by the FSC shall not circumvent, reject or obstruct the inspection for any reason.
Article 11
These Regulations shall be effective from the date of promulgation.