No Support JavaScript
Main Content Area
:::

Content

Title: Regulations Governing the Implementation of Internal Control and Audit System and Business Solicitation System of Insurance Agent Companies and Insurance Broker Companies Ch
Date: 2018.10.17
Legislative: Amended on 17 October 2018 per Order No. Jin-Guan-Bao-Zong-Zi 10704566001 of the Financial Supervisory Commission
Content: Article 4  The internal control and audit system and business solicitation system and procedures of insurance agent companies, insurance broker companies or banks shall be passed by its board of directors (council), and, if any director has a reservation or dissenting opinion, the company shall state such director’s opinion and reasons in the board of directors (council) meeting minutes, and shall send the minutes together with the internal control, audit and business solicitation system and procedures passed by the board of directors (council) to each supervisor(board of supervisors) or audit committee ; the same shall apply to any amendment thereto.
If an insurance agent company, insurance broker company or bank has established an audit committee, the adoption of or any amendment to the internal control and audit systems as well as solicitation systems and procedures shall be approved by its audit committee with the consent of one-half or more of audit committee members and submitted to its board of directors (council) for a resolution.
If the adoption or amendment under the preceding paragraph is not approved by the audit committee, it may be done with the approval of at least two-thirds of the entire board of directors (council), and the resolution of the audit committee shall be recorded in the minutes of the board of directors (council) meeting.

Article 5  The internal control system of banks as well as insurance agent companies and insurance broker companies with annual operating revenue of NT$500 million or more shall contain at least the following components:
1. Control environment: Control environment is the basis of the design and implementation of internal control system across the company. Control environment encompasses corporate integrity and ethical value of the company, governance oversight responsibility of the board of directors (council) and supervisors (board of supervisors), or audit committee organizational structure, assignment of authority and responsibility, human resources policy, and performance measures and reward and discipline. The board of directors (council) and management shall prescribe internal standards of conduct, including the adoption of code of conduct for directors (council) and employees.
2. Risk assessment: A precondition to risk assessment is the establishment of objectives, linked at different levels of the company, taking into account suitability of the objectives. Management shall consider the impact of possible changes in the external environment and within its own business model that may render internal control ineffective. The risk assessment results can assist the company in designing, correcting, and operating necessary control activities in a timely manner.
3. Control activities: Control activities are actions of carrying out policies and procedures taken by the company according to risk assessment results to limit relevant risks to a sustainable level. Control activities shall be performed at all levels of the company, at various stages within business processes, and over the technology environment, and shall include supervision and management of subsidiaries.
4. Information and communications: Information and the company obtains, generates, or uses communication mean the relevant and quality information from both internal and external sources to support functioning of other components of internal control, and to ensure effective communication of such information between the company and external parties. Internal control systems must have mechanisms of generating information necessary for planning, implementation, and monitoring and providing timely information to those who need it.
5. Monitoring activities: Monitoring activities means ongoing evaluations, separate evaluations, or some combinations of the two used by the company to ascertain whether each component of the internal control system exists and continues to function. Ongoing evaluations means routine evaluations built into the course of operations at different levels of the company. Separate evaluations are evaluations conducted by internal auditors, supervisors (board of supervisors) or audit committee, or board of directors (council). Findings of deficiencies of the internal control system shall be communicated to the management of appropriate levels, the board of directors (council) and supervisors (board of supervisors) or audit committee, and improvements shall be made in a timely manner.
The insurance agent companies and insurance broker companies with annual operating revenue less than NT$500 million shall contain at least the following components:
1. Management oversight and control culture: The board of directors (council) shall have the responsibility for approving and periodically reviewing overall business strategies and major policies, and shall have the ultimate responsibility for ensuring that an adequate and effective internal control system is established and maintained; senior management shall have the responsibility for implementing business strategies and policies approved by the board of directors (council), for developing processes that identify, measure, monitor, and control risks incurred by the company, for setting appropriate internal control policies, and for monitoring their effectiveness and relevance.
2. Risk recognition and assessment: An effective internal control system requires that the material risks that could adversely affect the achievement of the company goals are being identified and continually evaluated.
3. Control activities and delegation of responsibilities: Control activities shall be an integral part of the daily operations. An appropriate control structure shall be set up, with internal control processes defined at every business level. An effective internal control system requires that there is appropriate delegation of responsibilities and that management and employees are not assigned conflicting responsibilities.
4. Information and communication: an insurance agent company or insurance broker company shall maintain relevant and comprehensive financial and non-financial information related to operations, financial reports and regulatory compliance; such information shall be reliable, timely, and accessible in order to establish effective channels of communication.
5. Monitoring activities and correction of deficiencies: An insurance agent company or insurance broker company shall monitor the overall effectiveness of its internal controls on an
ongoing basis. Business units, internal auditors or other internal control personnel shall promptly report any internal control deficiencies found to the appropriate management in a timely manner, and any significant internal control deficiencies shall be reported to senior management, the board of directors (council) and supervisors (board of supervisors) with corrective actions promptly taken.
Insurance agent companies, or insurance broker companies that have already established its internal control system according to paragraph 1 hereof shall stay in compliance with paragraph 1 when annual operating revenue falling below NT$500 million.

Article 6  The internal control system of insurance agent companies, insurance broker companies or banks shall cover business solicitation system and procedures as well as internal control procedures established in line with the nature and size of business and based on the principle of internal checks and balances, and shall be reviewed and revised in a timely manner.
Where an insurance agent company, insurance broker company or bank has an audit committee established, its internal control system shall also include the management of the audit committee meeting procedures.

Article 7  The business solicitation system and procedures referred to in the preceding article shall contain at least the following particulars:
1. Qualifications of insurance solicitors, insurance agents and insurance brokers, the types of insurance they may solicit, solicitation methods, on-the-job training, rewards and disciplines, and rights and obligations.
2. Management measures regarding performance review that links the commissions received by insurance solicitors to risk exposure and duration of commission payment, solicitation quality, and solicitation dispute.
3. Operations and management measures regarding collection and turn-in of premiums by insurance solicitors on behalf of customers.
4. Description of major contents of insurance products and associated rights and obligations, and disclosure of related information.
5. Advertising, promotional and sales activities and management of such activities.
6. Understanding and evaluating the insurance needs and suitability of proposers or the insured.
7. The operation and management ensuring that business personnel undertaking insurance solicitation write up solicitation reports truthfully, including conducting phone interview for special cases or conducting spot check of relevant documents.
8. Check mechanism and signature operation in place following solicitation and prior to submission of application.
9. Control and safekeeping of solicitation documents.
10. Customer complaint.
11. Other matters designated by the competent authority.
The provisions of subparagraph 7 of the preceding paragraph do not apply to the solicitation of non-life insurance business.

Article 8  The internal control procedures referred to in Article 6 herein shall contain at least the following particulars:
1. Controls on accounting, information, personal data protection, anti-money laundering and countering the financing of terrorism (AML/CFT) and other operations relating to business solicitation and businesses approved by the competent authority.
2. Management of financial examination reports.
3. Other matters designated by the competent authority.
Insurance broker companies that provide the services of risk planning, reinsurance planning and claim application must establish appropriate procedures for such services.
If a bank approved by the competent authority to operate concurrently insurance broker business provides risk planning and insurance claim services, it shall establish proper operating procedures for those services.
The accounting procedure referred to in Subparagraph 1 of Paragraph 1 hereof shall contain at least the following operating procedures:
1. Cashier management: Operating procedure for receipts and payments.
2. Accounting management: Operating procedure for account management and the preparation of balance sheet and income statement.

Article 9  For the purpose of achieving objectives in Article 3 herein, insurance agent companies, insurance broker companies or banks shall adopt the following measures. Insurance agent companies or insurance broker companies may be exempt from subparagraphs 1 and 3 if it meets paragraph 2, Article 2 herein.
1. Internal audit system: Set up the post of auditor to take charge of auditing each unit and periodically evaluating the performance of self-evaluation conducted by each business unit.
2. Self-evaluation system: Members of different units check on each other the actual implementation of internal controls under the supervision of managerial personnel or personnel at comparable position or higher as assigned by each unit to discover deficiencies early and take corrective actions in a timely manner.
3. Independent auditor system: If deemed necessary, the competent authority may order an insurance agent or broker company or a bank to engage a certified public accountant (CPA) to audit its internal control system. 
4. Compliance system: Set up the post of compliance officer to take charge of appraising whether business personnel comply with relevant laws and regulations while executing the business.

Article 12  Insurance agent companies, insurance broker companies or banks shall appoint an appropriate number of qualified auditors directly under the board of directors (council) to take charge of the audit operations. Auditors shall not serve concurrently in positions that are in conflict with or will handicap their audit works set out in Article 13 herein and shall report the audit operation to the board of directors (council) and supervisors (board of supervisors) or audit committee at least once every year.
The appointment, dismissal or transfer of auditors of insurance agent companies and insurance broker companies must be passed by the board of directors (council) and reported to the competent authority in a manner designated by the competent authority with confirmation document and record filed and saved.
The appointment, dismissal or transfer of auditors of banks shall be effected in accordance with the Implementation Rules of Internal Audit and Internal Control System of Financial Holding Companies and Banking Industries and reported to the competent authority in a manner designated by the competent authority with confirmation document and record filed and saved.
To put the internal control system into effect, strengthen the professional abilities of the deputy of the auditor and to further improve and maintain the quality of audit and its implementation result, an insurance agent or broker company shall have a deputy in place for auditor.
The provisions in Articles 14 ~ 16 and Article 20 herein shall apply mutatis mutandis to the deputy mentioned in the preceding paragraph.

Article 13  To ensure that the company maintains proper and effective internal audit system, the duties of auditors in performing the tasks of internal audit shall include at least the following:
1. The audit of business solicitation mentioned in Article 7.
2. The audit of operations mentioned in Subparagraph 1, Paragraph 1 of Article 8.
3. In charge of liaison works when the competent authority performs financial examination and provide related information and assist in the examination works.
4. The audit of financial examination report management.
5. Other matters designated by the competent authority.

Article 19  Auditors shall continually follow up on any examination opinions or audit deficiencies brought up by the competent authority, independent auditor, or auditors, or self-evaluation, and on matters requiring further improvement as specified in the statement on internal controls, and submit a written report on the status of improvement actions taken to the management, board of directors (council) and supervisors(board of supervisors),or audit committee and include those items as important factors for consideration in determining reward/disciplinary for and performance evaluation of each unit.
Internal audit reports shall be submitted to the supervisors (board of supervisors), or audit committee for review. In addition, a company shall, within two months after the end of each fiscal year, submit a report on the irregularities and deficiencies found in previous year’s internal audits as well as improvement actions taken to the competent authority. However in case a material violation or irregularity is found in an internal audit, the company shall submit the related internal audit report to the competent authority within one month from the end of the audit.

Article 23  The general manager of insurance agent companies, insurance broker companies or banks shall oversee that each unit carefully evaluates and reviews the implementation of internal control system. The company’s chairman of the board (council chairman), general manager and relevant officers shall jointly sign a statement on internal controls (Form 1), which shall be submitted to the board of directors (council) for approval and filed in a manner designated by the competent authority before the end of April each year.
A bank shall include its insurance agent or broker business in its statement on internal control (Form 2).

Article 24  If deemed necessary, the competent authority may order an insurance agent company, insurance broker company or bank to engage a CPA to audit its internal control system and express opinions on the accuracy of the statements, reports, and other information of the company or bank submitted to the competent authority, as well as the status of implementation of the company’s internal control system and compliance system.
The audit fees of the CPA in the preceding paragraph are to be agreed upon between the insurance agent company ,the insurance broker company or the bank and the CPA, and shall be borne by the company or the bank.

Article 27  When insurance agent companies, insurance broker companies or banks engage a CPA to conduct the audit specified in Article 24 herein, the company or the bank shall submit the CPA’s audit report to the competent authority or an agency designated by it within the time period specified by the competent authority.
When the competent authority inquires the contents of the audit report, the CPA shall provide relevant information and explanations in details.