Rules Governing the Administration of Electronic Payment Business

2021-06-30
播放模式
手機睡眠
語音選擇
Chapter 1 General Provisions
Article 1
These Rules are adopted pursuant to Paragraph 1 of Article 19, Paragraph 1 of Article 36, and Article 42 of the Act Governing Electronic Payment Institutions (referred to as the “Act” hereunder) to which Paragraph 1 of Article 19 and Paragraph 1 of Article 36 of the Act apply mutatis mutandis.
Article 2
The terms as used in these Rules are defined as follows:
1. “Electronic payment business” shall mean businesses under the subparagraphs of Paragraphs 1 and 2, Article 4 of the Act.
2. “Payment via agreed linked deposit account” shall mean the service where in conducting its electronic payment business, an electronic payment institution gives a financial institution at where an user opens his/her account (referred to as “the financial institution holding the account” hereunder) an account payment deduction instruction according to the agreement between the user and the financial institution to transfer funds from the user's deposit account with the financial institution for the electronic payment institution to collect payment from the user and record the payment amount and the fund transfer activity under the user's electronic payment account (“e-payment account”) or a stored value card. The mechanisms of the operation are as follows:
(1) “Direct link mechanism” means the mechanism where an electronic payment institution directly gives a financial institution holding the said institution’s account a payment deduction instruction to transfer funds from the user's linked deposit account.
(2) “Indirect link mechanism” means the mechanism where an electronic payment institution indirectly gives a payment deduction instruction through the financial information service enterprise or clearing house to transfer funds from the user's linked deposit account.
3. “Integration and conveyance of receipt/payment information by contracted institutions” means that an electronic payment institution is entrusted by contracted institutions and other institutions to provide services of integrating and conveying receipt/payment information.
4. “Conveyance of information between users and conveyance of information between a user and a contracted institution” shall mean the service provided by the electronic payment institution to deliver information between users and between a user and a contracted institution with electronic equipment through the Internet.
5. “Related services such as the custody of payment funds for product (service) gift vouchers or tickets and assistance for issuance, sales, and reimbursement” means that an electronic payment which is entrusted by the issuer of product (service) gift voucher or ticket, to interface or set up the information systems for providing custody services of payment funds raised from product(service) gift voucher or ticket related real transactions collected and made as an agent business and to assist for the issuance, sales, or reimbursement of the vouchers or tickets.
6. “Reward points” means that points issued or provided by the reward point issuers or institutions in collaboration with the reward points issuer for marketing, business promotion or purposes of policy to persons engaged in business or policy-related behaviors without compensation. The points shall be used by the point holders in accordance with these Rules and the agreement of purposes and usage signed by the reward point issuer or the party in collaboration with the reward points issuer.
7. “Stored value cards annexed to electronic payment accounts” mean registered stored value cards issued by electronic payment institutions that are linked to the user's electronic payment account are authorized to implement payment deduction under the business of collecting and making payments for real transactions as an agent.
8. “Watch-listed e-payment account” shall mean an e-payment account that a court, public prosecutors office, or a judicial police authority has, for the purpose of a criminal investigation, electronic payment institutions to classify as watch-listed.
9. “Derivative watch-listed account” means all other e-payment accounts opened by a user of a watch-listed e-payment account.
Chapter 2 Users and Contracted Institutions Administration
Article 3
When an electronic payment institution accepts a user for registration, a contract entered between the parties shall comply with the provisions of Article 30 of the Act, and the electronic payment institution shall allow users to inquire the contents of the contract in a manner agreed by the parties.
Article 4
An electronic payment institution shall consider the types of the contracted institutions, transaction amount, transaction modes, deferred products or services, and risks raised from selling products to establish mechanisms for credit checking, risk management, contract signing, training, audit management, and periodic review, and meet the following requirements:
1. The contract between the electronic payment institution and the contracted institution shall contain an agreement that the contracted institution shall not be involved in any transactions prohibited by law or regulations stipulated by central government authorities in charge of certain industry.
2. The contract between the electronic payment institution and the contracted institution shall contain an agreement that if the contracted institution sells or provides deferred products or services, the contracted institution shall adopt escrow or declare trust and disclose such escrow or trust information to the users.
3. The contract between the electronic payment institution and the contracted institution shall contain an agreement that the contracted institution will comply with the following provisions of transaction records related safekeeping and inquires:
(1) The contracted institution shall properly retain relevant data of transactions, documents and receipts for at least 5 years; and
(2) The contracted institution shall provide transaction related information as requested by the electronic payment institution, including but not limited to the terms of transaction, the ways of fulfillment of obligation, transaction results, as well as businesses operated by the contracted institution and its qualifications. With regard to information requested by the electronic payment institution, the contracted institution shall provide detailed descriptions and necessary documentation.
Article 5
When an electronic payment institution signs or terminates a contract with a contracted institution, the electronic payment institution shall report to the Joint Credit Information Center (JCIC).
Where an electronic payment institution accepts a registration application of a non-individual contracted institution or an individual contracted institution with an average transaction amount generated from the business of collecting and making payments for real transactions as an agent that reaches NTD 80,000 in the most recent six months, the electronic payment institution shall request the following information from JCIC and retain related records for reference. However, these requirements do not apply if a dual-status electronic payment institution has completed the information check of the contracted institution with the JCIC, in accordance with related regulations governing the assessment of credit card contracted merchants, and the said contracted institution agrees to provide the checked information to the electronic payment institution under business purposes:
1. Information of contracts signing and termination with the contracted institution reported by the electronic payment institution;
2. Information of contracts signing and termination with the contracted merchant reported by the credit card business institution;
3. Other information required by the competent authority.
Where the contracted institution applies for a new electronic payment account or engaging in stored value cards related services of collecting and making payments for real transactions as an agent, the electronic payment institution shall implement the information check again with the JCIC in accordance with the preceding paragraph.
Where the electronic payment institution does not meet requirements in the preceding three paragraphs, they shall make adjustments to meet the requirements before June 30 of 2022.
Article 6
An electronic payment institution shall adopt the following risk management measures for contracted institutions:
1. Establishing credit checking mechanism and process for contracted institutions. Staff assigned to take charge of contracted institution related review, authorization and administration may not serve concurrently as business personnel;
2. Establishing risk ranking mechanism for contracted institutions and adopting measures such as transaction amounts limits, strengthening transaction monitoring, conducting on-site visits, charging deposits, requiring the provision of other guarantees or postponing funds clearing for contracted institutions ranked at a higher risk level to mitigate transaction risk;
3. Establishing the contracted institution investigation, evaluation or on-site visit mechanisms, the contents of investigation and evaluation shall include irregularities in transactions and the information specified in Paragraph 2 of the preceding article; and based on the risk level of contracted institution, conducting investigation, evaluation or on-site visit at a proper frequency and in an adequate manner, and retaining relevant records are also required; and
4. Other risk management measures required by the competent authority.
Where an electronic payment institution requests a contracted institution to charge deposits in accordance with requirements in Subparagraph 2 of the preceding paragraph, the electronic payment institution shall consider the types of the contracted institutions, transaction amount, transaction modes, and risks raised from selling products to evaluate the deposit amount to be charged for the contracted institution. The contracted institution shall save the deposit in other deposit account than the dedicated deposit account agreed by the electronic payment institution and the contracted institution.
Article 7
When a user of an electronic payment institution uses an e-payment account for conducting the business of collecting and making payments for real transactions as an agent, this user shall sign a contract with the electronic payment institution to become a contracted institution. However, the payment funds collection of the following transactions within the territory of the Republic of China, once the authenticity of the transaction is verified and records are retained, do not be defined as the transactions of a contracted institution, and the provisions in Article 4 to 6 shall not apply:
1. Redemption of prizes for electronic invoices;
2. Payments collected for the repurchase, redemption, or distribution of dividends for purchased financial products or services;
3. Payments collection for salary, or remuneration related income;
4. Payments collection for lending and repayment of NTD loans through P2P lending platform;
5. Payments collection for loan appropriation under banking business;
6. Payments collection for subsidies distributed or tax refunds from government agencies;
7. Other conditions specified by the competent authority.
Article 8
Where an electronic payment institution proceeds to engage in the business of collecting and making payments for real transactions as an agent for offshore contracted institutions and offshore users, it shall submit two copies of the following documents and apply for approval to the competent authority:
1. An application form;
2. Minutes of the board of directors meeting;
3. Business plan;
4. Internal business guidelines and business procedures;
5. Other documents as required by the competent authority.
The competent authority shall consult the Central Bank before granting approval under the preceding paragraph.
Article 9
When a user plans to withdraw funds from his/her e-payment account or an electronic payment institution remits funds to a contracted institution, the electronic payment institution shall meet requirements in Paragraph 1, Article 19 of the Act, and shall transfer the funds into the user’s or the contracted institution’s same-currency deposit account which is opened in a financial institution. However, where the user or contracted institution meets one of the following conditions and the electronic payment institution has reviewed and confirmed the accuracy of related supporting documents, such requirements shall not apply:
1. For a non-individual user or contracted institution operated as a sole proprietorship, the electronic payment institution may transfer the withdrawal or payment funds to the responsible person’s same-currency deposit account which is opened in a financial institution.
2. Where a non-individual user or contracted institution is a domestic government agency, public school, state-owned enterprise, or a business or foundation, of which the representative is appointed by the government according to the law, the electronic payment institution may transfer the withdrawal or payment funds to a same-currency deposit account which is opened in a financial institution specified by the non-individual user or contracted institution.
3. Where a non-individual user or contracted institution is a branch under administration of the head office, the electronic payment institution may transfer the withdrawal or payment funds to the said head office’s same-currency deposit account which is opened in a financial institution.
4. An electronic payment institution may, pursuant to a trust contract signed by a user or a contracted institution as the trustor, transfer the withdrawal or payment funds to a same-currency deposit account which is opened in a financial institution specified by the trustor in accordance with the trust contract.
Chapter 3 User's Payment Instructions
Article 10
Unless otherwise specified in these Rules, the payment instructions on the basis of prior agreement between the users and payment institution shall contain the following items:
1. The payor's name, title, other information sufficient for identifying the payor’s identity agreed by the payor and the electronic payment institution, and the e-payment account number. The individual user’s name shall be partially hidden.
2. The recipient's name, title, other information sufficient for identifying the recipient’s identity agreed by the recipient and the electronic payment institution, and the e-payment account number. The individual user’s name shall be partially hidden.
3. The accurate dollar amount, or authorized deduction limit and currency of payment.
4. The conditions and time period for the transfer to take place or manner of payment instructed by the payor.
5. Other information required by the competent authority.
A user’s immediately approved payment instruction shall include the following information:
1. The payor's name, title, other information sufficient for identifying the payor’s identity agreed by the payor and the electronic payment institution, and the e-payment account number. The individual user’s name shall be partially hidden.
2. The recipient's name, title, other information sufficient for identifying the recipient’s identity agreed by the recipient and the electronic payment institution, and the e-payment account number. The individual user’s name shall be partially hidden.
3. The accurate dollar amount and currency of payment.
4. If the transfer is not implemented immediately, the conditions and time period for the transfer to take place or manner of payment instructed by payor are needed.
5. Other information required by the competent authority.
When a user makes a restrictive payment for taxes or fees, the items included in the payment instructions may be agreed by the electronic payment institution and the contracted institution. However, it must include at least the items specified in Subparagraph 3 of Paragraph 1, or Subparagraph 3 of the preceding paragraph.
When an electronic payment institution engages in the following businesses, the provision in Paragraph 2 does not apply to the records for the user’s immediately approved payment instructions:
1. The user makes payment at a physical channel via a mobile device and meets the security design requirements specified in the Regulations Governing the Standards for Information System and Security Management of Electronic Payment Institutions.
2. The user makes payment at a physical channel via a physical stored value card and meets the security design requirements specified in the Regulations Governing the Standards for Information System and Security Management of Electronic Payment Institutions.
When an electronic payment institution engages in the following businesses, the provisions in Subparagraphs 1 and 2 of Paragraph 1 and Subparagraphs 1 and 2 of Paragraph 2 do not apply to the records for the payment instructions:
1. Providing transaction information generated from the payor and conducting the business of collecting and making payments for real transactions as an agent through batch operations;
2. Providing small-amount domestic and international remittances of the same electronic payment institution jointly conducted or approved from the recipient.
Article 11
An electronic payment institution implement the user’s payment instructions to conduct automatic payment deductions relating to the business of collecting and making payments for real transactions as an agent or small-amount domestic and international remittances on the basis of prior agreement between the users and payment institution shall meet the following regulations:
1. The procedures and amount limits for automatic payment deductions agreed by the parties in advance shall meet related requirements in these Rules and the Regulations Governing the Standards for Information System and Security Management of Electronic Payment Institutions. The transaction security design must be commensurate with the amount limits for different transactions.
2. The electronic payment institution shall obtain payment instructions agreed by a user in advance in accordance with the regulations in the preceding article. It shall also determine the automatic payment deduction objectives and amount limit with the user and provide mechanisms for the suspension and adjustment of the authorized payment deduction amount. If the automatic payment deduction is executed with a non-specific amount, the electronic payment institution and the user shall specify a ceiling for the payment deduction amount.
3. The electronic payment institution must evaluate the purpose, types, and risks of transactions of the contracted institution before it may provide a user with automatic payment deduction services based on the user and the contracted institution’s prior agreement.
4. When the electronic payment institution provides users with automatic transaction payment deduction service for a non-specific amount as described in Subparagraph 2, the services shall be limited to the following transactions or purposes:
(1) To pay for financial products or services, NTD loans through P2P lending platform, or repayment of bank loans.
(2) To pay charges and fees, taxes, fines or other expenses imposed by government, and to pay service fees of public utilities, telecommunication service charges, public transportation fares or parking fees, and to pay charges and fees, taxes, fines, or other expenses imposed by the contracted institutions on behalf of government or service fees of public utilities, telecommunication service charges, public transportation fares, or parking fees, or fees authorized by the competent authority.
(3) Other transactions or payment purposes approved by the competent authority.
Article 12
After implementing a payment instruction of a user, an electronic payment institution shall notify the user of the result in a manner agreed by the parties. However, this requirement does not apply if the contracted institution shows the amount deducted and the balance of the e-payment account or a stored value card to the user when a transaction is carried, and the electronic payment institution provides the user with related inquiry services.
Chapter 4 Business Management and Operations of Electronic Payment Institutions
Article 13
Where an electronic payment institution is permitted to engage in small-amount domestic and international remittances business, it shall participate in the inter-institution funds transfer clearing services operated by a financial information service provider for the function of small-amount domestic remittances specified in Paragraph 1, Article 8 of the Act prior to its commencement of business.
Where an electronic payment institution operates the transfer of funds between e-payment accounts prior to the promulgation of the amendment to the Act on January 27 of 2021, implementation on July 1, it shall be deemed as having been approved to operate small-amount domestic remittances in NTD. It shall therefore be required to participate in the inter-institution funds transfer clearing services operated by a financial information service provider for the function of small-amount domestic remittances specified in Paragraph 1, Article 8 of the Act by September 30 of 2021. However, the payment institution may apply for extension to the competent authority, provided that the reasons of the request for extension are justifiable. The extension shall be once only, and its period shall not exceed three months.
Article 14
Where an electronic payment institution applies for engaging in businesses specified in Subparagraphs 2 and 3, Paragraph 1, Article 4 of the Act that relating to foreign currencies, or applies for buying and selling foreign currencies related businesses under Subparagraph 4, its business plan must specify the following items:
1. Conducting the tests of connection with foreign exchange data processing system of the Central Bank;
2. Disclosing the principles of exchange rate reference certificates issuance, and foreign exchange settlement reporting items to users;
3. The operating procedures that the electronic payment institution as a client applies for conducting foreign exchange funds payment and collections to authorized bank.
Where an electronic payment institution applies for engaging in small-amount international remittances service in accordance with the preceding paragraph, it shall submit two copies of the following documents and apply for approval to the competent authority:
1. Feasibility analysis: The contents must include the considerations for selecting the offshore institution, applicable local regulations and rules, and legitimacy.
2. Correspondent offshore institution related documents including its name, location, and profile, license or permit issued by the local competent authority for engaging in remittance business, and a certification letter. The certification letter provided shall be notarized by a public notary appointed by the local government at where the foreign institution is located and authenticated by an ROC consulate, representative office, or liaison office abroad or other institutions authorized by the Ministry of Foreign Affairs.
3. Other documents as required by the competent authority.
The competent authority shall consult with the Central Bank before granting permission for matters specified in the preceding two paragraphs.
Article 15
When an electronic payment institution engages in the business of collecting and making payments for real transactions as an agent, a contracted institution must be the ultimate recipient. However, this shall not apply under the following circumstances:
1. Where a contracted institution is a financial institution that collects and makes payments for real transactions as an agent in accordance with financial regulations.
2. Where a contracted institution is a convenience store, supermarket, or another industry approved by the competent authority, and one of the following conditions apply:
(1) Collection of charges and fees, taxes, and fines on behalf of governments of all levels.
(2) Collection of service charges on behalf of public utilities.
(3) Collection of ticket fares and other related service fees on behalf of public transportation enterprises.
(4) Collection of credit card payments commissioned by the credit card issuer institutions. However, it may not accept the said payments to be paid by credit cards through e-payment accounts or stored value cards.
(5) Collection of tuition fees on behalf of public and private schools of all levels.
(6) Collection of telecommunication fees for fixed telecommunication network services or mobile broadband services on behalf of Type I telecommunications enterprises.
(7) Collection of cable television fees on behalf of cable broadcast television service enterprises.
(8) Collection of payment on delivery on behalf of online shopping service operators.
(9) Other payments approved by the competent authority.
When an electronic payment institution collects or makes payments for real transactions as an agent for businesses specified in Items 5 to 8, Subparagraph 2 of the preceding paragraph, it shall sign a tripartite agreement with the trustee and trustor of the collection and payment service as an agent and specify both the trustee and the trustor as contracted institutions.
The services provided to online shopping service operators specified in Item 8, Subparagraph 2 of Paragraph 1 shall be limited to those operators who sell products directly to users, and the collection amount on behalf of such service operators shall be limited to no more than NT$5,000.
Article 16
An electronic payment institution shall use New Taiwan Dollar only when engaging in adding value or making payment of users’ stored value cards, except the said stored value cards are annexed to electronic payment accounts.
The following stored value cards must be registered:
1. Stored value cards co-branded and issued with other financial payment instruments;
2. Stored value cards with online transaction functions;
3. Stored value cards with automatic recharge functions connected to other financial payment instruments agreed by users;
4. Stored value cards with withdrawal functions;
5. Stored value cards annexed to electronic payment accounts.
If the provisions in Subparagraph 1 of the preceding paragraph are not met, the electronic payment institution shall obtain the users’ consent for converting their cards to registered stored value cards before completing renewal of the said cards. Where it fails to convert the cards to registered stored value cards while renewing the cards, it shall suspend the use of the stored value cards when the card expires.
Article 17
An electronic payment institution shall meet the following regulations when it accepts users to recharge via credit cards:
1. The payment of recharge shall be conducted in New Taiwan Dollar only.
2. Electronic payment institutions shall establish the ceiling of recharge and risk control and management mechanisms.
3. The funds recharged with credit cards may only be used under the services of collecting and making payments for real transactions as an agent, and may not be used for small-amount domestic and international remittances, withdrawal, loans, and repaying credit cards payments. In addition, the provision shall be disclosed to users in conspicuous lettering not only on the service website but also every time users recharge with credit cards. However, where the recharge service is provided for stored value cards, the said provision may only be informed to users in conspicuous lettering on its service website.
4. If the electronic payment institution provides users with automatic recharge service with pre-agreed linked credit cards, the ceiling of automatic recharge for every single service and every single day shall be agreed by the users. The said institution shall provide the mechanism allowing users to adjust the ceiling and to suspend the automatic recharge service when needed.
5. If an electronic payment institution allows users to carry out automatic recharge service via credit cards, the said credit cards must be the users personally owned.
Article 18
When an electronic payment institution provides users with automatic recharge of stored value funds service through the agreed linked deposit account, the deposit account must be the users personally owned account and the automatic recharge shall be processed in accordance with the following requirements:
1. The ceiling of automatic recharge for every single service and every single day shall be agreed by users, and electronic payment institution shall provide mechanism allowing users to adjust the ceiling and to suspend the automatic recharge service when needed.
2. Where recharge services are provided for stored value cards, each stored value card can only be linked to one deposit account, and the electronic payment institution shall impose reasonable limit on users’ number of stored value cards which can be linked to deposit accounts.
When an electronic payment institution provides users with automatic recharge service of stored value funds through their e-payment accounts, the connected e-payment account must be the account of users, their spouses, lineal relatives, or guardians in the same electronic payment institution, and it shall be processed in accordance with the following regulations:
1. An electronic payment institution shall request users to provide supporting documents which meet with the requirements of this paragraph and verifies its validity before accepting the said automatic recharge service. It must also retain a photocopy of the certification document or maintain such records.
2. Each individual is permitted to connect only one stored value card to an electronic payment account at the electronic payment institution that the said card does not belong to this individual.
3. The electronic payment institution and the user shall specify the ceiling of automatic recharge for every single service and every single day, and it shall provide the mechanism allowing users to suspend the automatic recharge service.
4. The ceiling of automatic recharge service shall be processed in accordance with the following regulations:
(1) For stored value cards, the maximum total automatic recharge for each stored value card shall be limited to no more than NT$3,000 each day.
(2) For e-payment accounts, the maximum cap of automatic recharge from each e-payment account to other person’s stored value card shall be limited to no more than NT$30,000. The electronic payment institution shall also provide the mechanism allowing the e-payment account user to specify an amount lower than the aforementioned maximum cap with the electronic payment institution based on users’ needs.
Article 19
Where a specialized electronic payment institution collects a certain amount of funds from users for a stored value card in advance, which it had issued and agreed to repay, such funds for storing value shall be processed in accordance with regulations in Articles 20 to 22, and it shall declare trust in full for the remaining amounts.
Where a specialized electronic payment institution declares trust in accordance with the preceding paragraph, it shall deposit the funds collected from users each day into the trust account specified in the trust contract before the end of the next business day. In addition, the provisions specified in Paragraph 3 to Paragraph 5 and Paragraph 7, Article 21 of the Act shall apply mutatis mutandis.
The regulations in Paragraph 2, Paragraph 3, Paragraph 6, and Paragraph 8, Article 22 of the Act shall apply mutatis mutandis to the funds declared trust by the specialized electronic payment institution in accordance with Paragraph 1 of this Article. The funds shall not be utilized except for the following conditions:
1. Refunding based on users’ requests.
2. Utilize funds received from users in accordance with Paragraph 2 or Paragraph 3, Article 22 of the Act, and dispense or collect respective interest or other income earned thereof.
Where a specialized electronic payment institution uses the funds declared trust to deposit in a bank or purchase negotiable certificates of time deposit (“NCDs”) from a bank, the criteria for the deposit taking bank or the NCDs issuing bank shall, mutatis mutandis, meet requirements in Paragraph 1, Article 11 of the Regulations Governing the Dedicated Deposit Account of Electronic Payment Institutions.
A specialized electronic payment institution shall appoint an accountant to audit the implementation of Paragraph 1 to Paragraph 4, and submit the accountant's audit report to the competent authority for record within two months after the end of every half fiscal year.
Article 20
Where an electronic payment institution issues stored value cards annexed to e-payment accounts, it shall submit the meeting minutes of the board of directors and the business plan for approval to the competent authority, and it must meet the following provisions:
1. The monetary value of stored value cards annexed to e-payment accounts shall be determined by the amount deposited in the e-payment account.
2. When conducting transactions in physical channels, the card must be a chip card or a contactless proximity cards that meets EMV contactless payment regulations specified by the international credit card organizations in accordance with ISO 14443 Standards (NFC cards).
Article 21
When an electronic payment institution refunds the payment funds received from a user, it shall, return the funds through the payment method originally used by the user, return into the user's original e-payment account, original stored value card, original deposit account or original credit card account.
Except where the amount of the payment were originally paid by a user via a credit card, an electronic payment institution that is approved to engage in the business of accepting deposits of funds as stored value funds may convert the refunds specified in the preceding paragraph into stored value funds as agreed with the user, where the balance of stored value funds shall be in accordance with the provisions of Paragraph 1, Article 16 of the Act.
Where an electronic payment institution is unable to carry out refunds according to the preceding two paragraphs, the institution shall request and be agreed by the user to provide his or her own deposit account, which may be used for the refund operation, and it may transfer the relevant refunds into the said deposit account without making the refund in cash.
Article 22
An electronic payment institution may request a contracted institution to set aside a refund reserve into a dedicated deposit account of the electronic payment institution.
When an electronic payment institution returns the payment funds received from a user in accordance with the preceding article, it shall make refunds from the balance of the e-payment account of the contracted institution, or the balance of the payment collected and paid that has not been allocated to the contracted institution first. Where there is not sufficient balance available, it may process the refund within the said reserve under the preceding paragraph.
An electronic payment institution may take the amount in payments collected and made for real transactions as an agent, payment request cycle, average price of every single product or service provided, and frequency of past refund applications of the contracted institution for reference, and evaluate an appropriate amount of the refund reserve to be set aside by a contracted institution.
Article 23
An electronic payment institution shall not set a time limit for payment funds collected in the e-payment accounts or the monetary value deposited in the reloadable stored value cards.
If an electronic payment institution specifies the expiry or times of use for the monetary value deposited in a disposable stored value card, it shall record the information of the expiry of use, times of use, and methods for termination of use on the stored value card.
Article 24
An electronic payment institution shall not offer users or contracted institutions overdraft services, loans, or other credit lines. Nor shall an electronic payment institution advances for a user when the amount of payment instructed by the user exceeds the balance in his/her e-payment account or stored value card. However, the aforementioned restrictions shall not apply to one-time advances and usage in the public transportation or parking lot business.
Article 25
An electronic payment institution shall bear the burden of proof in dispute over a fraudulent transaction, and shall bear the loss arising from the transaction if a user is not found at fault.
Article 26
When the contractual relationship between a user and an electronic payment institution is terminated or ceases to exist, the electronic payment institution shallreturn the balance of withdrawable funds of the user from the e-payment account or the stored value card, and the amount collected in advance and agreed to repay by the electronic payment institution within a reasonable period of time.
When funds in the e-payment account that an electronic payment institution returns according to the preceding paragraph or when the amount to be refunded in a stored value card exceeds NTD 3,000, the funds may not pay in cash, but shall transfer the refunds into the user’s deposit account or his/her e-payment account at the same electronic payment institution. This requirement shall not apply in case of exceptions specified in other laws and regulations.
For an unregistered stored value card, except in cases where the contractual relationship between a user and an electronic payment institution is terminated or ceases to exist, the electronic payment institution shall not refund the balance in the card, in whole or in part, based on the user’s request.
Article 27
A user may report the loss and suspend the use of the stored value card specified in the following subparagraphs in the event of loss or stolen:
1. Registered stored value cards.
2. Registered stored value cards issued by an electronic payment institution prior to January 1 of 2019 for which the identity registration of the user for the stored value cards has not been completed in accordance with requirements set forth in Paragraph 3, Article 25 of the Act, but the identity profile of the user has been obtained.
3. An unregistered stored value card issued by an electronic payment institution in collaboration with schools, mobile telecommunication service operators, or government agencies that are integrated with student IDs, user’s numbers, identity certification documents, or other registered tools for which the identity profile of a user has been obtained.
4. An unregistered stored value card issued by the electronic payment institution in support of government policies for specific users for which the identity profile of users has been obtained.
Article 28
In case a user of an e-payment account or a registered stored value card has any of the following circumstances, an electronic payment institution may suspend all or part of its services available to the user; if the circumstance is of serious nature, the electronic payment institution shallimmediately terminate the contract entered with the user:
1. The user refuses to cooperate in verifying or re-verifying his/her identity.
2. There is concern that the user may provide false identity information.
3. Substantial evidence shows that a user uses his/her e-payment account to engage in fraudulent activities, money laundering or other illegal activities, or the user is suspected of illegal behavior.
4. Substantial evidence shows that the user's account or card was not applied, registered, or used by the user or other irregularities.
An electronic payment institution that terminates the contract entered with a user pursuant to Subparagraphs 2 to 4 of the preceding paragraph shall report the matter to JCIC.
Article 29
An electronic payment institution shall provide the service of integration and conveyance of receipt/payment information for contracted institutions or conveyance of information between users or between the user and the contracted institution in accordance with the following provisions:
1. Sign contracts with users, contracted institutions, or other institutions, and agree on the rights, obligations, and responsibilities of both parties.
2. For the provided terminal equipment or application programs, take appropriate protection and control measures in order to prevent the receipt/payment information from being leaked, tampered, or transmit wrongfully.
3. The obtained and stored receipt/payment information shall be limited to the ones which are necessary for providing service.
4. The information known by operating business, unless otherwise provided in laws and regulations, or otherwise expressly agreed by contract or in writing, shall not be used for any purpose other than operating business.
Article 30
To facilitate the shared use of the point of sale system provided by an electronic payment institution to a contracted institution, the related parties sharing the use of the point of sale system must meet the following regulations:
1. Each party’s rights and obligations must be specified in the contract.
2. The parties shall establish information security control and management mechanisms for the shared use of the system to ensure the privacy and security of the transaction data (including but not limited to electronic payment account numbers, stored value card numbers, transaction contents, transaction authorization, and settlement information) and the accuracy of data transfer, exchange, or processing.
Article 31
Where an electronic payment institution provides related services such as the custody of payments for product (service) gift vouchers and tickets, and assistance for issuance, sales, and reimbursement, the services shall be processed in accordance with the following regulations:
1. The electronic payment institution is required to sign a contract with the issuer as a contracted institution and specify the rights and obligations of the electronic payment institution, issuer (the contracted institution and recipient), and consumers (users and payers) in the contract, and specify the following items:
(1) Regulations under Subparagraph 2 of this Article.
(2) Other items required by the competent authority.
2. Where an electronic payment institution provides services for payments custody for gift vouchers or tickets, and the issuer of the gift vouchers or tickets has its business registration canceled or suspends business within the payment custody period, the electronic payment institution shall, based on the request of consumers, refund the payment for the gift vouchers or tickets.
3. When an electronic payment institution provides services for the assistance for issuance, sales, and reimbursement of gift vouchers or tickets, it shall disclose the information on the websites or applications of the gift vouchers or tickets that the gift vouchers or tickets are issued by the issuer, not the electronic payment institution, in order to protect consumer interests.
4. When an electronic payment institution provides services of the assistance for selling gift vouchers or tickets, it may only accept payments for buying gift vouchers or tickets from the user through his or her e-payment account.
Article 32
An electronic payment institution may provide the following reward point integration and use for redeeming collection and payment for real transactions as an agent:
1. Integration services:
(1) Redeeming for products or services: Users use reward points to redeem for products, services, or other deliverables such as cash rebates, shopping funds, and stored value payments from the reward point issuer or institutions in collaboration with the reward point issuer.
(2) Transfer: Users transfer reward points to others or receives reward points transferred by others.
(3) Exchange: Users exchange reward points for other types of reward points with the reward point issuer or other parties.
2. Redeeming for the collected/paid payment for real transactions as an agent services: Users use reward points to redeem payments for real transactions for products or services provided by contracted institutions or related fees for the services provided by electronic payment institutions.
3. Other services approved by the competent authority.
An electronic payment institution shall process reward point integration and use for redeeming collected/paid payment for real transactions as an agent in accordance with the following regulations:
1. Where the services provided involves other reward point issuers or institutions in collaboration with reward point issuers, the electronic payment institution must set the rights, obligations, and duties with all parties.
2. The electronic payment institution shall disclose the name and service items in the service platform or application, and set out the contact information of the reward point issuer, methods for inquiring related rights and obligations of the reward points, and dispute settlement methods and channels.
3. The electronic payment institution shall require other reward point issuers or institutions in collaboration with reward point issuers to ensure that the reward points they distribute or provide and the methods of use meet related laws and regulations, including the Personal Data Protection Act and Consumer Protection Act.
4. The electronic payment institution shall establish fraud prevention mechanisms and implement anomaly detection.
5. In the event of a dispute between a user or a contracted institution with other reward point issuers or institutions in collaboration with reward point issuers, the electronic payment institution shall assist the user in negotiations with other reward point issuers or institutions in collaboration with reward point issuers.
When an electronic payment institution provides users with the service of redeeming reward points of a reward point issuer into stored value, it may collect redeeming reserve from the reward point issuer for redeeming stored value by the user. The redeeming process shall meet the following regulations:
1. There is no disguised interest payment.
2. The stored value redeemed from reward points shall be limited to New Taiwan Dollar only.
3. The electronic payment institution shall evaluate the amount of redeeming reserve based on the amount of reward points distributed and the frequency of past redeeming, and deposit the reserve in an dedicated account.
When an electronic payment institution provides users with the service of transferring reward points to other users, the service must meet the following criteria:
1. The transfer of reward points may not be used for commercial trading.
2. Where the electronic payment institution collects a service fee for the transfer of the reward points, the service fee shall reasonably reflect the cost of operations.
3. The electronic payment institution shall fully inform the user of the service fee required for the transfer of the reward points, deadline of use, times of transfer, quantity, and other conditions or limitations.
Article 33
When an electronic payment institution provides storage segmentations or applications in a stored value card to others for use, it shall be processed in accordance with the following regulations:
1. The electronic payment institution shall establish internal control systems and procedures which must be passed by the board of directors; the same shall apply to amendments.
2. The internal control system shall include at least the following items:
(1) Scope of storage segmentations or applications provided to others for use.
(2) A contract signed with the storage segmentations or applications provider, in which clearly state the obligations of the parties.
(3) Ensure to maintain the privacy and security of data in the storage segmentations or applications.
(4) Disclose the matters regarding the rights and obligations between the user and the storage segmentations or applications operators by the said operators.
(5) Laws and regulations that must be followed by the storage segmentations or applications operators, including the Personal Data Protection Act and Consumer Protection Act.
(6) Disclose the contact information of the storage segmentations or applications operators and the methods for inquiring the rights and obligations to users. Users must be informed that the electronic payment institution only provides stored value card services and is not involved in operating products or services provided by the storage segmentations operators.
(7) Establish mechanisms for the protection of consumer rights and risk management.
3. Where storage segmentations are used to store monetary value, an electronic payment institution shall issue a co-branded stored value card with the storage segmentations operators. However, this requirement does not apply if the storage segmentations operator is a government agency.
Chapter 5 Management of Suspicious or Unusual Transactions
Article 34
The standards for determining what constitutes an electronic payment accounts and registered stored value cards with suspicious or unusual transactions are referred to in these Rules and the classification sheme for such accounts, are as follows:
1. Category 1:
(1) The account or card is opened or registered under a fake name;
(2) The account is a watch-listed e-payment account;
(3) The account is a derivative watch-listed account.
2. Category 2:
(1) The applicant applies for opening an e-payment account frequently over a short period of time and fails to provide a reasonable explanation;
(2) The transaction functions applied for are obviously inconsistent with the user's age or background;
(3) The contact information provided by the user cannot be verified by using reasonable measures;
(4) The e-payment account has been reported by a financial institution or a member of the general public as being used by someone suspected of criminal activity;
(5) The e-payment account has been used for high volumes of small amount inward/outward remittances suspected of being probing activities;
(6) The user makes frequent use of electronic services or facilities of banks over a short period of time in a manner that is obviously at variance with the normal transaction activities of the user;
(7) An inactive account with unexpected unusual transactions;
(8) Accounts with transactions that show signs of money laundering as set out in the Template for Directions Governing Anti-Money Laundering and Counter-Financing of Terrorism of Electronic Payment Institutions; and
(9) Other e-payment accounts or registered stored value cards with transactions determined by the competent authorities or electronic payment institutions to be suspicious or irregular.
In case of major contingencies involving e-payment accounts reported as watch-listed accounts or rescission of such classification by a court, public prosecutor’s office, or judicial police authority, the court, public prosecutor’s office, or judicial police authority may notify the electronic payment institution by telephone, fax, or any other feasible means, followed by a confirming official letter and documents which shallbe delivered to the electronic payment institution within five business days. If such letter or documents are not delivered in a timely manner or are not delivered, the electronic payment institution shallcontact with the original notification agency prior to rescinding the watch-listed status of the e-payment account.
An electronic payment institution shall establish internal operation guidelines for identifying suspicious or unusual transactions of e-payment accounts and registered stored value cards.
Article 35
Electronic payment institution shall adopt the following measures for e-payment accounts or registered stored value cards with transactions reported as suspicious or unusual based on the categorization standards set out in the preceding article:
1. Category 1:
(1) If an e-payment account or registered stored value card is registered under a fake name, the electronic payment institution shall notify judicial police authorities, Money Laundering Division of the Investigation Bureau, Ministry of Justice, and JCIC. The electronic payment institution shall immediately close the account or the registered stored value card. Any balance shall disposed of at the instructions of the person who legally has the right to claim such balance; or
(2) For an e-payment account reported as a Watch-listed Account by a court, public prosecutor’s office, or judicial police authority, the electronic payment institution shall notify JCIC immediately. For an e-payment account reported as a Watch-listed Account or designated as a derivative Watch-listed Account by a court, public prosecutor’s office, or judicial police authority, the electronic payment institution shall suspend all transaction functions of the account. The funds stored or remitted into the account after the suspension shall be directly refunded to the original payment instrument.
(3) Measures to be taken in accordance with other regulations.
2. Category 2:
(1) The electronic payment institution shall investigate and continue to monitor such e-payment accounts or registered stored value cards. If it discovers illegal activities, it shall notify judicial police authorities and adopt, in whole or in part, the measures specified in the preceding subparagraph.
(2) Measures to be taken in accordance with the Money Laundering Control Act and other applicable laws and regulations.
Article 36
The watch-list period of watch-listed e-payment accounts shall start from the notification from the court, public prosecutor’s office, or judicial police authority. It shall automatically expire after two years elapse. However, if it is necessary to be watch-listed, the authority which originally reported the watch-listed account may send another notification prior to the expiry. The extension of the notification shall be limited to once and the period of extension may not exceed one year.
The electronic payment institution may not remove limitations on a Watch-listed Account until it has received notification from the authority that issued the original notification, or upon expiry of the watch-list period.
Where an e-payment account or a registered stored value card is a derivative watch-listed account or with transactions reported as suspicious or unusual under standards specified in Subparagraph 2, Paragraph 1 of Article 34, the electronic payment institution shall immediately rescind related limitations after verifying that the suspicious or unusual situations has been eliminated.
Where the watch-list status of a watch-listed e-payment account is terminated based on a notification from the authority that issued the original notification, or where the authority that issued the original notification notifies the electronic payment institution to continue the watch-list status, the electronic payment institution shall notify JCIC immediately.
Article 37
If an electronic payment institution confirms that a e-payment account reported as a watch-listed account was reported as such in connection with fraud, and the account still holds money remitted or transferred in by fraud victims, the electronic payment institution shall, using the account opening information, contact the account holder and negotiate with such account holder for return of such remaining money in the watch-listed account. If the account holder cannot be located, the bank may seek the help of police to try to find the person for one month.
If an electronic payment institution carrying out the procedures described in the preceding paragraph is unable to contact the user, it shall notify the victims through the remitting (transferring) institutions to prepare the following documents and, based on the time of inward remittance (transfer), return the remaining money held in the watch-listed account to victims, starting from the last remitted amount first until there is no more money left in the account:
1. A certificate of reporting case issued by the police authority.
2. Undertaking issued by the victim, which states that he/she will bear all liability for any damages incurred by the bank due to untrue information provided by such victim.
With respect to returning the remaining money held in a watch-listed account pursuant to the preceding two paragraphs, if any of the following occurs, an electronic payment institution may record such remaining money as an account payable and wait until a person legally having the right to claim such money requests repayment; provided that, the electronic payment institution may rescind the effect of the watch-listing from such watch-listed account once the electronic payment institution is notified to rescind the account from the watch-list, or the watch-list period expires:
1. The account balance is less than a certain amount, which the cost of returning the money would make such return not worthwhile;
2. The electronic payment institution is unable to contact either the account holder or the victim(s) within three months after receipt of the notification; or
3. Victim(s) is (are) unwilling to report the case or to claim the money.
The electronic payment institution shall appoint a deputy general manager or officer of equivalent level to be responsible for supervising the handling of balances held in watch-listed e-payment accounts.
Cases suspected of involving transaction disputes or which are otherwise complicated shall be handled by judicial procedures, and the rules regarding return of balances under Paragraph 1 to Paragraph 3 shall not apply thereto.
Article 38
For e-payment accounts reported as watch-listed accounts by a court, public prosecutor’s office, or judicial police authority, an electronic payment institution shall check relevant transactions. If an electronic payment institution finds that funds reported as fraudulent have been remitted to another e-payment account or a deposit account, the electronic payment institution shall notify the receiving electronic payment institution or the bank of the remittance of such amount and the name of the authority which originally reported the watch-listed account, and shall also notify the original reporting authority.
The original reporting authority that reported the watch-listed account shall verify the information listed in the preceding paragraph. If the original reporting authority believes the receiving account shall also be classified as a watch-listed account, it shall notify the relevant electronic payment institution or bank to classify such account as a watch-listed account.
The electronic payment institution or bank receiving the fraudulent funds shall proceed with a transaction check and notification process in compliance with Paragraph 1 of this Article. If such receiving electronic payment institution or bank finds any illegality, it shall adopt the measures as listed in Subparagraph 2 of Article 35.
The method and contents of notifications and of required documents under this article shall be adopted by the Electronic Payment Committee of the Bankers Association of the Republic of China (hereinafter referred to as the Bankers Association) and reported to the competent authority for recordation.
Article 39
If an e-payment account is reported as a Watch-listed Account by a court, public prosecutor’s office, or judicial police authority after the amount of such e-payment account has been ordered attached or preserved, such account shall still be marked as a Watch-listed Account, but such amount shall be handled in accordance with the attachment order or preservation order.
Chapter 6 Supervision and Administration of Electronic Payment Institutions
Article 40
The relevant operating procedures and guidelines of electronic payment institutions for operating e-payment businesses shall comply with the business rules or self-disciplinary rules specified in Subparagraph 2, Paragraph 1, Article 45 of the Act.
The accounting principles of electronic payment institutions shall be reported by the trade association or Electronic Payment Committee of the Bankers Association specified in Paragraph 1, Article 45 of the Act to the competent authority for approval.
An electronic payment institution conducts accounting related matters shall be in accordance with the accounting principles set out in the preceding paragraph.
Article 41
The term “purposes prescribed by the competent authority” referred to in Paragraph 4, Article 22 of the Act means the following situations:
1. Fees necessary for declaring trust or obtaining performance guarantees for the stored value funds deposited by users deduct the required reserve and for funds collected/paid as an agent in accordance with related regulations in the Act.
2. Fees for appointing an accountant for auditing in accordance with related regulations in the Act.
3. Donations that may be considered as expenses or losses in accordance with Article 36 of the Income Tax Act.
4. Funds to be set aside to the sinking fund established by electronic payment institutions in accordance with the Regulations Governing the Organization and Administration of Sinking Fund Established by Electronic Payment Institutions.
Article 42
Specialized electronic payment institutions that set up a new business presence shall, within five business days from the date of establishment, report the date of establishment, address, and scope of business of the new presence to the competent authority for recordation. The aforementioned provision also applies to the relocation or closure of business locations.
Article 43
A specialized electronic payment institution that has operated for at least three years may apply to set up a overseas presence including an overseas branch and a representative office.
An electronic payment institution applying for the establishment of an overseas presence shall submit the following documents to apply for approval to the competent authority.
1. An application form;
2. Minutes of the board of directors meeting;
3. Business plan: If the electronic payment institution plans to set up a branch, it shall specify the principles for business, internal organization structure and functions, recruitment, introduction of venues and equipment, and financial forecasts for the next three years. If the electronic payment institution plans to set up a representative office, it shall specify the organization structure and tasks of the representative office.
4. Feasibility evaluation report required for setting up a branch: The report shall specify the selection criteria for the country (or region) in which the electronic payment institution intends to establish the branch; application process and the review and approval standards for a foreign electronic payment institution to establish a branch, and business and operational restrictions hereupon; whether the competent financial authority of the ROC may collect and review data regarding the financial and operational status of the branch; a self-evaluation statement explaining the compliance of the establishment plan with local laws and regulations; and an operational risk assessment and benefit analysis for the branch to be established.
5. Other documents as may be required by the competent authority.
After the electronic payment institution establishes an overseas branch, it shall comply with the following provisions:
1. Material contingencies or incidents of fraud occur in an overseas branch shall be handled and reported in accordance with the regulations of the competent authority.
2. The electronic payment institution shall file information concerning the overseas branch into the Internet reporting system of the competent authority; all changes must be updated in the system accurately.
3. An electronic payment institution that intends to close an overseas branch shall notify the competent authority and obtain approval in advance.
4. After an overseas branch is established, any change of the location or business scope may be filed to the competent authority for reference after such changes are effected.
5. An electronic payment institution that establishes an overseas branch shall also complete the following requirements:
(1) Conduct internal audits in accordance with the Implementation Rules for the Internal Audit and Internal Control System of Electronic Payment Institutions. Business audit report, audit report of a certified public accountant, and inspection report of local financial competent authority shall be filed to the competent authority for record.
(2) It shall file data relating to their operations status into the Internet reporting system of the competent authority each quarter.
(3) It shall prepare a consolidated financial statement including its overseas branches each fiscal year, and submit it to the competent authority for record in accordance with Article 35 of the Act.
Article 44
The information system and security management operation of an electronic payment institution for conducting the electronic payment business shall be set up within the territory of the ROC. However, this provision does not apply to those that meet the requirements that the competent authority may immediate, direct, complete, and continuous access to related information, and have obtained the approval of the competent authority.
An electronic payment institution applying for the approval of the competent authority in accordance with the proviso of the preceding paragraph shall submit the following documents:
1. The written confirmation letter from the local government authority where the service provider is located. The letter shall contain the following:
(1) The government authority agrees that the competent authority of the ROC and the electronic payment institution may conduct necessary audits.
(2) The government authority agrees not to collect customer information in Taiwan.
2. An inspection report issued by an independent third party specializing in information technology, indicating that the information system of the offshore service provider is not below the domestic information security standards.
3. A contingency plan in the event that the offshore information system fails to provide services, and an assessment report issued by an independent third party specializing in information technology, indicating that such plan meets the following requirements:
(1) The electronic payment institution shall ensure the restoration of normal functions for existing customers within four hours after the offshore information system fails to provide services, and ensure the proper management of financial and business risks; and
(2) If it is evaluated that the offshore information system could not be functional within a short period of time due to a natural disaster, the electronic payment institution shall ensure the functional operations of its main businesses within the territory of the ROC within seven days of the incident, through activation of the backup system, installation of (temporary) information server or other means.
4. An ordinary supervision plan with the following particulars:
(1) The setup of a supervisory unit or committee consisting personnel of compliance, internal audit, operational risk management, and information management to effectively carry out the ordinary supervision; and
(2) An outsourcing operation’s supervision mechanism including: the log file of customer information accession, authorization of system access, non-routine operations, with the detailed descriptions of the operational contents, methods, and processes along with the deficiency resolving mechanism.
5. An evaluation report on the cost benefit and the reasonableness of expense allocation within the group that has been passed by the board of directors.
An electronic payment institution applying for approval in accordance with the preceding two paragraphs must meet the following requirements:
1. Not having been subject to sanction by the competent authority due to violation of financial regulations in the previous year, or having made concrete improvement actions recognized by the competent authority over the violation.
2. All deficiencies as redressed by the competent authority or the Central Bank before the end of year preceding application have been effectively remedied; and
3. Not having any major breach of information security that is not yet remedied in the past year.
Article 45
Where a specialized electronic payment institution outsources part of the business items specified in its business permission or operations related to users information to other parties, the outsourcing shall be limited to the following:
1. Collection of funds paid by users in cash in New Taiwan Dollar.
2. Safekeeping and transport of cash payments received from users and stored value cards.
3. Outsourcing the process of sales and refund of bearer stored value cards.
4. Value storing in stored value cards.
5. Data processing: Including the data entry, processing, and output of information system, the development, monitoring, control, and maintenance of information system, and logistical support for data processing in connection with the business of an electronic payment institution.
6. Safekeeping of documents such as forms, statements and certificates.
7. User services, including automated voice systems, reply to and handling of user’s e-mails, inquiries of and assistance in matters related to the electronic payment business.
8. Engaging an outsourced service provider to perform the identity verification operation of users and contracted institutions.
9. Processing work of receipt/payment information, including using the terminal equipment or application programs of other electronic payment institutions, credit card acquirers, contracted institutions to integrate and convey receipt/payment information.
10. Installation, tests, maintenance, training, and inspections of the terminal equipment system.
11. Shared use of the terminal equipment systems of other electronic payment institutions, credit card acquirers, contracted institutions, or stored value institutions.
12. Production and coding of stored value cards.
13. Over-the-air downloading and issuance of stored value cards through a trusted service manager platform.
14. Promotion of e-payment accounts or stored value card acquirer services, and the audit for the contracted institutions of the electronic payment account or stored value cards carried out by banks, other electronic payment institutions, or credit card acquirers. However, the electronic payment institution is still required to sign a contract with the contracted institutions.
15. Transaction clearing operations carried out by other electronic payment institutions and credit card acquirers that provide the shared terminal equipment system.
16. Other operations approved by the competent authority for outsourcing.
Except the outsourcing business in Subparagraphs 5, 8, and 16 of the preceding paragraph, which must be reported to the competent authority to obtain approval in advance, the remaining outsourcing business specified in the preceding paragraph shall be filed to the competent authority for record within five business days since the first-time operation commencement.
Electronic payment institutions shall comply with the following rules when outsourcing the operations specified in Subparagraph 1 of Paragraph 1:
1. Electronic payment institutions shall formulate security control and management plans with outsourced service providers and establish payment account reconciliation mechanisms to immediate deliver, confirm, and check payment collection information when outsourced service providers receive payment from users. Except where the Ministry of Finance promulgates other regulations on the maximum cap of tax payments in convenience stores been on behalf of authorities, the maximum payment collection amount for outsourced service providers in each transaction is NTD 20,000 or its equivalent.
2. The payment information of user payments which collected by outsourced service providers shall not fully display the user’s ID number, account number, or other personal information.
3. Electronic payment institutions shall ensure that outsourced service providers and their personnel cannot obtain or identify the user's ID number, account number, and other related personal information by means of the payment information to prevent leaks of user information.
A Specialized electronic payment institution shall comply with the following rules when outsourcing their operations:
1. An electronic payment institution shall establish internal operating systems and procedures governing the scope of matters that can be outsourced, protection of users rights and interests, risk management, and internal control principles, and those operating systems and procedures and any revisions thereto shall be approved by the board of directors.
2. An electronic payment institution shall ensure the outsourced service providers meet its requirements for operational security and risk management.
3. An electronic payment institution shall demand that its outsourced service providers comply with the mandatory or prohibitory provisions of laws.
4. An electronic payment institution shall demand that its outsourced service providers agree to give the competent authority and the Central Bank access to data or reports relating to the outsourced providers and allow them to conduct financial examination.
5. An electronic payment institution shall be held jointly liable as provided by law for users whose interests are damaged by the intentional act or negligence of an outsourced service provider or its employees.
A dual-status electronic payment institution that outsources its operations involving electronic payment business or operations relating to users’ information shall comply with the provisions in Paragraph 1 hereof with respect to the scope of outsourcing, and in addition, comply with the regulations governing the outsourcing of its core business.
Article 46
Where the paid-in capital of a specialized electronic payment institution reaches NT$500 million or more, it shall file for classification as a public company within one year of commencing business. A specialized electronic payment institution and an electronic stored value cards issuer that engage concurrently in the businesses of an electronic payment institution prior to the promulgation of the amendment to the Act on January 27 of 2021, implementation on July 1 shall file for classification as a public company within one year of the promulgation of the amendment to the Act on July 1 of 2021.
Article 47
A specialized electronic payment institution shall not invest in other enterprises, unless it is a subsidiary that the investment in which has been approved by the competent authority, as well as the business of the subsidiary is closely related to the said institution, and in which the said institution holds more than fifty percent (50%) of the issued shares of the subsidiary.
The total investment made by a specialized electronic payment institution shall not exceed ten percent (10%) of the balance of its paid-in capital at the time of investment deduct the minimum paid-in capital as stipulated under the Act and accumulated loss.
A specialized electronic payment institution shall establish internal guidelines for the utilization of own funds and submit the guidelines and subsequent revisions thereto to the board of directors for approval.
A specialized electronic payment institution may not provide guarantees for others.
If deemed necessary, the competent authority may set limits to the debt ratios of a specialized electronic payment institution.
Article 48
Electronic payment institutions shall file periodic reports on their electronic payment business with JCIC.
JCIC will determine the scope of information to be reported and inquired by electronic payment institutions and rules for the filing and inquiry operations, fee schedule, operations management, data disclosure deadline, information security management, and audit procedures, and submit same to the competent authority for approval.
JCIC's activities of collecting, processing or using information reported by electronic payment institutions according to Paragraph 1 hereof are considered necessary for fulfillment of the legal obligation provided under Subparagraph 2, Paragraph 2, Article 8 of the Personal Information Protection Act and hence are exempted from giving notice provided under Paragraph 1, Article 9 of the Personal Information Protection Act.
Electronic payment institutions shall ensure the information reported and disclosed according to Paragraph 1 hereof is accurate and free of false statement or representation.
Article 49
An electronic payment institution that applies for engaging in more other businesses pursuant to Paragraph 1, Article 4 of the Act shall submit two copies of the business plan to the competent authority for permission.
Where an electronic payment institution engages in a business specified in Subparagraphs 5 and 6, Paragraph 2, Article 4 of the Act, it shall submit a business plan to the competent authority for permission before the first-time operation. Where an electronic payment institution has already operated a business specified in Subparagraphs 5 and 6, Paragraph 2, Article 4 of the Act, it shall submit an adjusted business plan before December 31 of 2021 and file to the competent authority for record. Where the permitted or reviewed and recorded item is changed, the electronic payment institution shall, within fifteen days after the change, submit the original permission or review and record letter and an elaboration of the changed items to the competent authority for record.
The competent authority should consult with the Central Bank before granting permission for businesses set out in the preceding two paragraphs; where business involve foreign exchange business, they must be approved by the Central Bank before commencement.
The business plan prescribed in Paragraphs 1 and 2 of this Article shall contain the following particulars:
1. Purpose for conducting such business;
2. Agreements or templates therefor among relevant parties regarding their respective rights and obligations;
3. Business rules, business processes and risk management; and
4. Market prospects, and risk/benefit evaluation.
An electronic payment institution that engages in business specified in Subparagraphs 1 to 4 and Subparagraphs 7 to 9, Paragraph 2, Article 4 of the Act shall file to the competent authority for record within five business days after the first-time operation. However, this requirement does not apply to businesses already started prior to July 1 of 2021.
Article 50
Where an electronic payment institution intends to terminate part of its business, it shall apply to the competent authority for approval by submitting a plan.
Where an electronic payment institution plans to suspend part of its business, it shall submit a plan which describes the duration of suspension and other necessary information to the competent authority for approval. The electronic payment institution shall also file to the competent authority for record when it plans to resume the business operation at a later date.
The plans in the preceding two paragraphs shall contain the following particulars:
1. The reason for the planned termination or business suspension; and
2. A concrete description of how the rights and obligations of existing users will be handled or alternative methods for providing services.
Article 51
A specialized electronic payment institution having any of the situations below shall report to the competent authority for prior approval:
1. Change of articles of incorporation.
2. Undergoing merger or acquisition.
3. Transferring all or major part of operations or assets to others.
4. Receiving the transfer of all or major part of operations or assets from others.
5. Change of capital.
6. Change of business place.
7. Other matters that require prior approval as prescribed by the competent authority.
Article 52
A specialized electronic payment institution having any of the following situations shall report to the competent authority within one day after becoming aware of the event by stating the particulars of the event and providing related information, and send a copy of the same to the Central Bank of the ROC:
1. Filing a petition with a court for reorganization or filing for or being filed for declaration of bankruptcy by itself or by a stakeholder.
2. Engaging in business equivalent to businesses under the subparagraphs of Paragraph 1, Article 4 of the Act by itself or in cooperation with a foreign institution outside the ROC, whereas the local government takes any of the following actions:
(1) Revoking, suspending or terminating the business permit of the electronic payment institution or the foreign institution.
(2) Disallowing the electronic payment institution or the foreign institution to continue its business or halting its business.
3. The securities or other financial products invested by the specialized electronic payment institution using the payment funds pursuant to Paragraph 2, Article 22 of the Act are canceled or seriously impaired in value.
4. Transfer of equity or change of equity structure involving more than ten percent (10%) of its ownership.
5. Having the incidence of bounced check due to insufficient funds, being denied services by banks, or having other events that cause loss of good credit standing.
6. Having a litigious or non-litigious event, or an administrative disposition or administrative lawsuit that has material impact on the finance or business of the institution.
7. Having a situation provided in Subparagraph 1, Paragraph 1, Article 185 of the Company Act.
8. Having a fraud or material deficiency in internal controls.
9. Having an information security breach that results in damage to the interests of users or affects the sound operation of the institution.
10. A director, supervisor or managerial officer has any of the following situations:
(1) Being sentenced to imprisonment for the offense of forging instruments or seals, counterfeiting currency or valuable securities, misappropriation, fraud or breach of trust.
(2) Being sentenced to imprisonment for violating the Act, Banking Act, Financial Holding Company Act, Trust Enterprise Act, Act Governing Bills Finance Business, Financial Assets Securitization Act, Real Estate Securitization Act, Insurance Act, Securities and Exchange Act, Futures Trading Act, Securities Investment Trust and Consulting Act, Foreign Exchange Control Act, Credit Cooperatives Act, Agricultural Finance Act, Farmers’ Association Act, Fishermen’s Association Act, Money Laundering Control Act or other laws regulating financial activity.
11. Other significant events that are sufficient to affect the operations of the electronic payment institution or the interests of its shareholders or users.
Chapter 7 Supplemental Provisions
Article 53
These Rules shall be in force on July 1, 2021.