1.These Directions are specifically adopted to strengthen the anti-money laundering and countering terrorism financing (AML/CFT) regime, and enhance soundness of the internal control and internal audit system of the securities or futures industry.

2.A securities or futures business shall conduct customer due diligence (CDD) and keep records on all business relations and transactions with its customers in accordance with the Directions as well as relevant provisions in "Money Laundering Control Act" and "Regulations Governing Cash Transaction Reports (CTR) and Suspicious Transaction Reports (STR) by Financial Institutions".

3.The "securities or futures business" referred to in the Directions include securities brokers, securities investment and trust enterprises, securities finance enterprises, securities investment consulting enterprises, securities central depository enterprises, futures brokers, futures trust enterprises and managed futures enterprises.

4.A securities or futures business shall comply with the following provisions in undertaking CDD measures:
(1)A securities or futures business shall not keep anonymous accounts or accounts in fictitious names.
(2)A securities or futures business shall undertake customer due diligence (CDD) measures when:
A.establishing business relations with any customer;
B.carrying out any transactions settled by cash payment (includes a customer subscribes to a single fund and pay with cash) of NT$500,000 or more (including the foreign currency equivalent thereof).
C.there is a suspicion of money laundering or terrorism financing, or carrying out any transactions from a country or region with high money laundering and terrorism financing risk; or
D.a securities or futures business has doubts about the veracity or adequacy of previously obtained customer identification data.
(3) The CDD measures to be taken by a securities or futures business are as follows:
A.Identifying the customer and verifying that customer's identity using reliable, independent source documents, data or information. In addition, a securities or futures business shall retain copies of the customer's identity documents or record the relevant information thereon.
B.Verifying that any person purporting to act on behalf of the customer is so authorized, identifying and verifying the identity of that person using reliable, independent source documents, data or information where the customer opens an account or conducts a transaction through an agent. In addition, the securities or futures business shall retain copies of the person's identity documents or record the relevant information thereon.
C.Taking reasonable measures to identify and verify the identity of the beneficial owner of a customer.
D.Enquiring information on the purpose and intended nature of the business relationship when undertaking CDD measures.
(4)According to Item 3 of the preceding Subparagraph, a securities or futures business shall obtain the following information to identify the beneficial owners of the customer when the customer is a legal person or a trustee:
A.For legal persons:
(A)The identity of the natural persons who ultimately have a controlling ownership interest in a legal person. A controlling ownership interest refers to owning more than 25 percents of a company's shares or capital;
(B)To the extent that there is doubt under (A) above as to whether the person(s) with the controlling ownership interest are the beneficial owner(s) or where no natural person exerting control through ownership interests is identified, the identity of the natural persons (if any) exercising control of the customer through other means.
(C)Where no natural person is identified under (A) or (B) above, a securities or futures business shall identify and take reasonable measures to verify the identity of the relevant natural person who holds the position of senior managing official.
B.For trustees: the identity of the settlor(s), the trustee(s), the trust supervisor, the beneficiaries, and any other person exercising ultimate effective control over the trust;
C.Unless otherwise provided for in the Proviso of Point 5, a securities or futures business shall not be required to inquire if there exists any beneficial owner in relation to a customer that is
(A)a R.O.C government entity;
(B)an enterprise owned by the R.O.C government;
(C)a foreign government entity;
(D)a public company and its subsidiaries;
(E)an entity listed on a stock exchange outside of R.O.C. that is subject to regulatory disclosure requirements of its principal shareholders, and the subsidiaries of such entity;
(F)a financial institution supervised by the R.O.C. government, and an investment vehicles managed by such institution;
(G)a financial institution incorporated or established outside R.O.C. that is subject to and supervised for compliance with AML/CFT requirements consistent with standards set by the FATF, and an investment vehicle managed by such institution;
(H)Public Service Pension Fund, Labor Insurance, Labor Pension Fund and Postal Savings of R.O.C.
(5)Ongoing monitoring on accounts and transactions:
A.A securities or futures business shall conduct ongoing due diligence on the business relationship and scrutiny of transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are consistent with the institution's knowledge of the customer, their business and risk profile, including, where necessary, the source of funds.
B.A securities or futures business shall periodically review the adequacy of customer identification information obtained in respect of customers and beneficial owners and ensure that the information is kept up to date.
C.A securities or futures business is entitled to rely on the identification and verification steps that it has already undertaken, therefore a securities or futures business is allowed not to repeatedly identify and verify the identity of each customer every time that a customer conducts a transaction unless it has doubts about the veracity of that information. Examples of situations that might lead a securities or futures business to have such doubts could be where there is a suspicion of money laundering in relation to that customer, or where there is a material change in the way that the customer's account is operated, which is not consistent with the customer's business profile.
(6)A securities or futures business shall apply CDD measures to existing customers on the basis of materiality and risk, and to conduct due diligence on such existing relationships at appropriate times, taking into account whether and when CDD measures have previously been undertaken and the adequacy of data obtained.

5.A securities or futures business shall determine the extent of applying CDD and ongoing monitoring measures under Subparagraphs (3) and (5) of the preceding Point using a risk-based approach (RBA). The enhanced CDD and ongoing monitoring measures shall be applied to those circumstances with higher risk while the simplified CDD measures are allowed where a lower risk has been identified. However, simplified CDD measures are not allowed in the following circumstances:
(1)Where the customers are from or in countries and jurisdictions known to have inadequate AML/CFT regimes, including but not limited to those which designated by international organizations on AML/CFT as countries or regions with serious deficiencies in their AML/CFT regime , and other countries or regions that do not or insufficiently comply with the recommendations of international organizations on AML/CFT as forwarded by the Financial Supervisory Commission (FSC); or
(2)Where a securities or futures business suspects that money laundering or terrorism financing is involved.

6.A securities or futures business shall keep records on all business relations and transactions with its customers in accordance with the following provisions:
(1)A securities or futures business shall maintain, for at least five years, all necessary records on transactions, both domestic and international.
(2)A securities or futures business shall keep all the following information for at least five years after the business relationship is ended, or after the date of the occasional transaction:
A.All records obtained through CDD measures, such as copies or records of official identification documents like passports, identity cards, driving licenses or similar documents.
B.Account files.
C.Business correspondence, including inquiries to establish the background and purpose of complex, unusual large transactions and the results of any analysis undertaken.

7.Risk control mechanism and internal control system:
(1)The risk control mechanism and internal control system established by a securities or futures business according to Article 2 of the Regulations Governing the Establishment of Internal Control Systems by Service Enterprises in Securities and Futures Markets, Articles 2, 35-1 of the Regulations Governing Securities Firms, Article 2 of the Regulations Governing Futures Commission Merchants, Articles 6, 33 of the Regulations Governing Futures Trust Enterprises, Articles 8 of the Regulations Governing Managed Futures Enterprises, Articles 2, 22-1 of the Regulations Governing Securities Investment Trust Enterprises, Article 2 of the Regulations Governing Securities Investment Consulting Enterprises, Articles 6, 42 of the Regulations Governing Offshore Funds , Article 22-1 of the Regulations Governing the Conduct of Discretionary Investment Business by Securities Investment Trust Enterprises and Securities Investment Consulting Enterprises, Article 5 of the Regulations Governing Securities Finance Enterprises shall contain the following items:
A.The policy and procedure to identify, assess and manage its money laundering and terrorism financing risks.
B.An AML/CFT program based on the result of risk assessment.
C.A standard operational procedure to comply with the AML/CFT regulations, which shall be included in the self-inspection and internal audit system.
(2)A securities or futures business shall ensure that its foreign branches and subsidiaries apply AML/CFT measures, to the extent that the laws and regulations of host countries or jurisdictions so permit, consistent with the home country requirements.

8.If a securities or futures business violates the Directions, the FSC may take appropriate sanctions commensurate with the seriousness of the violations in accordance with Articles 14-1, 18-1, 178 of the Securities and Exchange Act, Articles 97-1, 119 of the Futures Trading Act, Articles 102, 103 of the Securities Investment Trust and Consulting Act and other relevant regulations.