1. These Directions are specifically adopted to strengthen the anti-money laundering and countering terrorism financing (AML/CFT) regime of the Republic of China (R.O.C.), and enhance soundness of the internal control and internal audit system of the insurance industry in R.O.C.
2. In matters related to AML/CFT, an insurance enterprise shall observe these Directions as well as relevant provisions in the “Money Laundering Control Act”, “Terrorism Financing Prevention Act”, “Regulations Governing Cash Transaction Reports (CTR) and Suspicious Transaction Reports (STR) by Financial Institutions”,  and other relevant regulations.
3. The "insurance enterprise" referred to in these Directions include insurance companies, reinsurance companies, insurance agent companies (including banks engaging concurrently in insurance agent business), insurance broker companies (including banks engaging concurrently in insurance broker business), and post offices engaging in simple life insurance business.
Insurance agent companies that solicit insurance policies on behalf of insurance companies in accordance with Article 8 of the Insurance Act and insurance broker companies that negotiates an insurance policy or provides related services on the basis of the interests of the insured in accordance with Article 9 of the Insurance Act may be exempted from the provisions of ongoing customer due diligence provided in Point 6 herein, the extent of applying ongoing customer due diligence measures provided in Point 7 herein, the policies and procedures for checking the names of customers and trading counterparties provided in Point 8 herein and ongoing monitoring of transactions provided in Point 9 herein. However if an insurance agent company undertakes underwriting and claim settlement business on behalf of an insurance company, the insurance agent company shall comply with the provisions of these Directions on insurance company with respect to its policies, procedures and controls for its agency business.
4.  An insurance enterprise shall comply with the following provisions in undertaking customer due diligence (CDD) measures:
(1) An insurance enterprise shall not accept anonymous insurance applications or insurance applications using a fake name, a nominee, a shell entity or a shell corporation.
(2) An insurance enterprise shall undertake CDD measures when:
A. establishing business relations with a customer;
B. carrying out cash receipt or payment in a single transaction (including all transactions recorded on cash deposit or withdrawal vouchers for accounting purpose) involving NTD 500,000 or more (including the foreign currency equivalent thereof);
C. there is a suspicion of money laundering or terrorist financing; or
D. an insurance enterprise has doubts about the veracity or adequacy of previously obtained customer identification data.
(3) The CDD measures to be taken by an insurance enterprise are as follows:
A. Identifying the customer and verifying customer’s identity using reliable, independent source documents, data or information, and retaining copies of the customer’s identity documents or record relevant information.
B. Verifying that any person purporting to act on behalf of the customer is so authorized, identifying and verifying the identity of that person using reliable, independent source documents, data or information where the customer applies for insurance, files claim, modifies contract or carries out other transactions through an agent. In addition, the insurance enterprise shall retain copies of the agent’s identity documents or record relevant information.
C. Taking reasonable measures to identify and verify the identity of the beneficial owner of a customer.
D. Enquiring information on the purpose and intended nature of the business relationship when undertaking CDD measures.
(4) When the customer is a legal person or a trustee, an insurance enterprise shall, in accordance with the preceding subparagraph, understand the business nature, ownership and control structure of the customer or trust (including trust-like legal arrangements) and obtain at least the following information to identify and verify the identity of the customer or the trust:
A. Name, legal form and proof of existence of customer or trust.
B. The powers that regulate and bind the legal person or trust, such as articles of association or similar documents, as well as the names of the relevant persons having a senior management position in the legal person or trustee.
C. The address of the registered office of the legal person or trustee, and the address of its principal place of business.
(5) When the customer is a legal person, an insurance enterprise shall understand whether the customer is able to issue bearer shares and adopt appropriate measures for customers who have issued bearer shares to ensure its beneficial owners are kept up-to-date.
(6) When the customer is a legal person or a trustee, an insurance enterprise shall, in accordance with Item C of Subparagraph (3), obtain the following information to identify the beneficial owners of the customer and take reasonable measures to verify the identity of such persons:
A. For legal persons:
(A) The identity of the natural persons who ultimately have a controlling ownership interest in a legal person. A controlling ownership interest refers to owning more than 25 percents of a company’s shares or capital.
(B) To the extent where no natural person exerting control through ownership interests is identified or there is doubt as to whether the person(s) with the controlling ownership interest are the beneficial owner(s), the identity of the natural persons (if any) exercising control of the customer through other means.
(C) Where no natural person is identified under Item (A) or (B) above, an insurance enterprise shall identify the identity of the relevant natural person who holds the position of senior management.
B. For trustees: the identity of the settlor(s), the trustee(s), the trust supervisor, the beneficiaries, and any other person exercising ultimate effective control over the trust, or the identity of persons in equivalent or similar positions.
C. Unless otherwise provided for in the proviso of Subparagraph (2) of Point 7 herein, an insurance enterprise is not subject to the aforementioned requirements of identifying and verifying the identity of shareholder or beneficial owner of a customer, provided the customer or a person having a controlling ownership interest in the customer is:
(A) a R.O.C government entity;
(B) an enterprise owned by the R.O.C government;
(C) a foreign government entity;
(D) a public company in the R.O.C. or its subsidiaries;
(E) an entity listed on a stock exchange outside of R.O.C. that is subject to regulatory disclosure requirements of its principal shareholders, and the subsidiaries of such entity;
(F) a financial institution supervised by the R.O.C. government, and an investment vehicles managed by such institution;
(G) a financial institution incorporated or established outside R.O.C. that is subject to and supervised for compliance with AML/CFT requirements consistent with standards set by the Financial Action Task Force on Money Laundering (FATF), and an investment vehicle managed by such institution; or
(H) Public Service Pension Fund, Labor Insurance Fund, Labor Pension Fund, or Postal Savings of R.O.C.
D. Unless otherwise provided for in the proviso of Subparagraph (2) of Point 7 herein, an insurance enterprise is not subject to the aforementioned requirements of identifying and verifying the identity of shareholder or beneficial owner of a customer when the customer purchases health insurance or an insurance product that does not require policy value reserve.
(7) An insurance enterprise shall adopt the following measures before paying out benefit on a life insurance policy, investment-linked insurance policy or annuity insurance policy:
1. Obtaining the name of the natural person, legal person or trustee who is the appointed beneficiary; and
2. Obtaining adequate information to confirm the identity of the beneficiary if the beneficiary is appointed based on the nature of contract or by other means.
(8) An insurance enterprise should not establish business relationship with a customer before completing the CDD process. However, an insurance enterprise may first obtain information on the identity of the customer and any beneficial owner and complete the verification following the establishment of business relationship, provided that:
A. money laundering and terrorist financing risks are effectively managed, including adopting risk management procedures with respect to the situations under which a customer may utilize the business relationship to complete a transaction prior to verification;
B. it would be essential not to interrupt the normal conduct of business with the customer; and
C. verification of the identities of customer and beneficial owner will be completed as soon as reasonably practicable following the establishment of business relationship. The insurance enterprise shall terminate the business relationship if verification cannot be completed as soon as reasonably practicable and inform the customer in advance.
(9) Where an insurance enterprise is unable to complete the required CDD process on a customer, it should consider reporting suspicious transactions in relation to the customer.
(10)  If an insurance enterprise suspects that a customer or transaction may relate to money laundering or terrorist financing and reasonably believes that performing the CDD process will tip-off the customer, it may choose not to pursue that process and file a suspicious transactions report instead.

5.  If there exists any of the following situations in the CDD process, an insurance enterprise should decline to establish business relationship or carry out any transaction with the customer:
(1) The customer is suspected of using a fake name, a nominee, a shell entity, or a shell corporation to apply for insurance;
(2) The customer refuses to provide the required documents for identifying and verifying his/her identity;
(3) Where a customer applies for insurance, files a claim, applies for contract modification or other transactions through an agent, it is difficult to check and verify the facts of agency and identity related information;
(4) The customer uses forged or altered identification documents or only provides photocopies of the identification documents in a face-to-face transaction;
(5) Documents provided by the customer are suspicious or unclear, or the customer refuses to provide other supporting documents, or the documents provided cannot be authenticated;
(6) The customer procrastinates in providing identification documents in an unusual manner;
(7) Other unusual circumstances exist in the process of establishing business relationship and the customer fails to provide reasonable explanations; or
(8) The customer is an individual, legal entity or organization sanctioned under the Terrorism Financing Prevention Act or a terrorist or terrorist group identified or investigated by a foreign government or an international anti-money laundering organization.
6.  Ongoing customer due diligence:
(1) An insurance enterprise shall apply CDD measures to existing customers on the basis of materiality and risk, and to conduct due diligence on such existing relationships at appropriate times, taking into account whether and when CDD measures have previously been undertaken and the adequacy of data obtained. The aforementioned appropriate times include at least:
A. When the customer increases the sum insured to an extraordinary level or enters new business relationships;
B. When it is time for periodic review of the customer scheduled on the basis of materiality and risk; and
C. When it becomes known that there is a material change to customer’s identity and background information.
(2) An insurance enterprise shall conduct ongoing due diligence on the business relationship and scrutiny of transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are consistent with its knowledge of the customer, the customer's business and risk profile, including, where necessary, the source of funds.
(3) An insurance enterprise shall periodically review the adequacy of customer identification information obtained in respect of customers and beneficial owners and ensure that the information is kept up to date, particularly for higher risk categories of customers, for whom the insurance enterprise should conduct review at least once every year.
(4) An insurance enterprise may use data and information on a customer obtained in the past in customer identification and verification process without repeatedly identifying and verifying the identity of each customer every time the customer conducts a transaction. However when the insurance enterprise have doubts about the veracity of customer information, or suspects that the customer is involved in money laundering transaction, or when there is a material change in the way the customer conducts transaction which is not consistent with the customer’s business profile, the insurance enterprise shall conduct CDD again in accordance with the provisions of Point 4 herein.
7.  An insurance enterprise shall determine the extent of applying CDD and ongoing CDD measures under Subparagraph (3) of Point 4 herein and the preceding Point using a risk-based approach (RBA):
(1) For higher risk circumstances, an insurance enterprise shall apply enhanced CDD or ongoing CDD measures by adopting additionally at least the following enhanced measures:
A. Obtaining the approval of senior management before establishing or entering a new business relationship;
B. Adopting reasonable measures to understand the sources of customer's wealth and funds;
C. Adopting enhanced ongoing monitoring of business relationship; and
D. The beneficiary of a life insurance policy should be included as a relevant risk factor by the insurance enterprise in determining whether enhanced CDD measures are applicable. If the insurance enterprise determines that a beneficiary who is a legal person or a trustee presents a higher risk, the enhanced CDD measures should include reasonable measures to identify and verify the identity of the actual beneficiary before making benefit payout.
(2) For lower risk circumstances, an insurance enterprise may adopt simplified CDD measures, which shall be commensurate with the lower risk factors. However simplified CDD measures are not allowed in any of the following circumstances:
A. Where the customers are from or in countries and jurisdictions known to have inadequate AML/CFT regimes, including but not limited to those which designated by international organizations on AML/CFT as countries or regions with serious deficiencies in their AML/CFT regime , and other countries or regions that do not or insufficiently comply with the recommendations of international organizations on AML/CFT as forwarded by the Financial Supervisory Commission (FSC); or
B. Where an insurance enterprise suspects that money laundering or terrorist financing is involved.
8.  Policies and procedures for checking the names of customers and trading counterparties:
(1) An insurance enterprise shall establish policies and procedures for checking the names of customers and trading counterparties using a risk-based approach to detect, match and filter customers or trading counterparties that are individuals, legal entities or organizations sanctioned under the Terrorism Financing Prevention Act or terrorists or terrorist groups identified or investigated by a foreign government or an international anti-money laundering organization, and handle related matters in compliance with Article 7 of the Terrorism Financing Prevention Act.
(2) The policies and procedures for checking the names of customers and trading counterparties of an insurance enterprise shall include at least matching and filtering logics, implementation procedures and inspection standards, and shall be documented.
(3) An insurance enterprise shall document its name and account checking operations and maintain the records for a time period in accordance with Point 10 herein.
9. Ongoing monitoring of transactions:
(1) An insurance enterprise shall use an information system to consolidate basic information and transaction information on all customers for inquiries by the head office and branches for AML/CFT purpose so as to strengthen the enterprise’s transaction monitoring ability. An insurance enterprise shall also establish internal control procedures for requests and inquiries with respect to customer information made by various entities, and shall exercise care to ensure the confidentiality of the information.
(2) An insurance enterprise shall establish policies and procedures for transaction monitoring using a risk-based approach and utilize information system to assist in the detection of suspicious transactions.
(3) An insurance enterprise shall review its policies and procedures for transaction monitoring based on AML/CFT regulations, customer's nature, business size and complexity, money laundering and terrorist financing related trends and information obtained from internal and external sources, and the results of internal risk assessment, and update those policies and procedures periodically.
(4) The policies and procedures for transaction monitoring of an insurance enterprise shall include at least the procedures for establishing a complete monitoring system, and carrying out the setting of parameters, threshold amounts, alerts and monitoring operations, the procedures for checking the monitored cases and reporting standards, and shall be documented.
(5) A complete monitoring system mentioned in the preceding subparagraph shall include the patterns published by the trade associations and additional monitoring patterns in reference to the insurance enterprise's own money laundering and terrorist financing risk assessment or daily transaction information. Examples of monitoring patterns are as follows:
A. Life insurance enterprises:
(A) Where the total cash deposits or withdrawals (including cumulative deposits or withdrawals into or from the same account on the same business day) for cash transactions reaches above NTD500,000 (including the foreign currency equivalent thereof) and the transactions show signs of money laundering.
(B) Individuals implicated in an extraordinary or major case reported in the media such as television, newspaper, magazine or the Internet intend to purchase an insurance policy that requires policy value reserve or has cash value, or such individuals are an applicant, insured or beneficiary of an insurance policy and like to change the applicant or beneficiary or carry out transactions involving money flow and the transactions show signs of money laundering.
(C) Where a large sum of premium is paid by somebody other than the principal party or an interested party to the insurance contract, for which no reasonable explanations are provided.
(D) Where a customer pays premiums, repays policy loan or mortgage in cash or through different bank accounts and in several payments marginally below the threshold for declaration, but cannot reasonably explain the sources of funds, and the transactions do not appear to be commensurate with the customer’s status and income or are unrelated to the nature of the customer’s business.
(E) Where a policyholder abruptly makes a large-sum payment or repayment but cannot reasonably explain the sources of fund, and the transaction does not appear to be commensurate with the customer’s status and income or are unrelated to the nature of the customer’s business.
(F) Where a policyholder cancels or terminates insurance policies successively over a short period of time and requests payments in cash that cumulatively reach above a certain amount, for which no reasonable explanations are provided.
(G) Where a policyholder pays several  extra premiums successively over a short period of time and the total amount of extra premiums reaches above a certain amount, and the policyholder then requests partial redemption, cancels or terminates insurance policies or policy loans that cumulatively reach above a certain amount, for which no reasonable explanations are provided.
(H) Where a policyholder requests several large policy loans successively over a short period of time and then repays the loans and the amount of repayments is comparable to the amount of loans, for which no reasonable explanations are provided.
(I) Where a customer purchases insurance products that require high policy value reserve or have high cash value successively over a short period of time and the insurances purchased do not appear to be commensurate with the customer’s status and income or are unrelated to the nature of the customer’s business.
(J) Where after a policy changes the applicant, the new applicant applies for change of beneficiary, requests large policy loan or terminate the insurance contract in a short period of time, for which no reasonable explanations are provided.
(K) Where after purchasing a long-term life insurance policy by making a large single premium payment, a customer applies for a large policy loan or cancels the insurance policy in a short period of time, for which no reasonable explanations are provided.
(L) Where after paying a large-sum premium (including cross-border premium payment) for an insurance policy, a customer applies for a large policy loan or terminates the policy in a short period of time, for which no reasonable explanations are provided.
(M) Where the transaction involves a country or region with serious deficiencies in its AML/CFT regime and such transaction does not appear to be commensurate with the customer’s status and income or is unrelated to the nature of the customer’s business.
(N) Where the ultimate beneficiary or transaction party is a terrorist or terrorist group as advised by the FSC based on information provided by foreign governments, or a terrorist organization identified or investigated by an international organization against money laundering; or where the transaction is suspected or bears reasonable reason to suspect to have been linked with a terrorist activity, terrorist organization or financing of terrorism.
B. Non-life insurance enterprises:
(A) Where the total cash deposits or withdrawals (including cumulative deposits or withdrawals into or from the same account on the same business day) for cash transactions reaches above NTD500,000 (including the foreign currency equivalent thereof) and the transactions show signs of money laundering.
(B) Individuals implicated in an extraordinary or major case reported in the media such as television, newspaper, magazine or the Internet intend to change the applicant or beneficiary or carry out transactions involving money flow and the transactions show signs of money laundering.
(C) Where a large sum of premium is paid by somebody other than the principal party or an interested party to the insurance contract, for which no reasonable explanations are provided;
(D) Where a customer pays premiums, repays policy loan or mortgage in cash or through different bank accounts and in several payments marginally below the threshold for declaration, but cannot reasonably explain the sources of funds, and the transactions do not appear to be commensurate with the customer’s status and income or are unrelated to the nature of the customer’s business.
(E) Where a customer abruptly makes a large-sum payment or repayment but cannot reasonably explain the sources of fund, and the transaction does not appear to be commensurate with the customer’s status and income or is unrelated to the nature of the customer’s business.
(F) Except in the case of liability insurance, where a customer requests a large-sum indemnity be paid in cash to somebody other than the insured or the beneficiary and third parties unrelated to the insurance contract.
(G) Where a customer creates an insured event and claims losses to conceal the true nature of funds through insurance payout.
(H) Where the insured is a sanctioned person who directly purchases insurance for his/her assets through intermediary service or obtains financial services provided by overseas insurers through the reinsurance mechanism.  
(I) Where a policyholder cancels insurance policies involving huge premiums successively over a short period of time and requests refunds in cash or the transactions are apparently unusual, for which no reasonable explanations are provided.
(J) Where the transaction involves a country or region with serious deficiencies in its AML/CFT regime and such transaction does not appear to be commensurate with the customer’s status and income or is unrelated to the nature of the customer’s business.
(K) Where the ultimate beneficiary or transaction party is a terrorist or terrorist group as advised by the FSC based on information provided by foreign governments, or a terrorist organization identified or investigated by an international organization against money laundering; or where the transaction is suspected or bears reasonable reason to suspect to have been linked with a terrorist activity, terrorist organization or financing of terrorism.
 (6)  An insurance enterprise shall document its ongoing transaction monitoring operation and maintain the records in accordance with Point 10 herein.
10. An insurance enterprise shall keep records on all business relations and transactions with its customers in accordance with the following provisions:
(1) An insurance enterprise shall maintain, for at least five years, all necessary records on transactions, both domestic and international.
(2) An insurance enterprise shall keep all the following information for at least five years after the business relationship is ended:
A. All records obtained through CDD measures, such as copies or records of official identification documents like passports, identity cards, driving licenses or similar documents.
B. Contract documents and files.
C. Business correspondence, including inquiries to establish the background and purpose of complex, unusual large transactions and the results of any analysis undertaken.
(3) Transaction records maintained by an insurance enterprise must be sufficient to permit reconstruction of individual transactions so as to provide, if necessary, evidence for prosecution of criminal activity.
(4) An insurance enterprise shall ensure that information on transaction records and CDD information will be swiftly made available to the competent authorities when such requests are made with appropriate authority.
11. When conducting CDD, insurance companies and post offices engaging in simple life insurance business should use self-established database or information obtained from external sources to determine whether a customer or the beneficial owner of a customer is a person who is or has been entrusted with a prominent function by a foreign government or an international organization (referred to as politically exposed persons (PEPs) hereunder):
(1) For a customer or beneficial owner determined to be a current PEP of a foreign government, an insurance enterprise shall treat the customer directly as a high-risk customer, and adopt enhanced CDD measures under Subparagraph (1) of Point 7 herein.
(2) For a customer or beneficial owner determined to be a current PEP of an international organization, an insurance enterprise shall assess risks when establishing business relationship with the person and conduct annual review thereafter. In case of higher risk business relationship with such customers, the insurance enterprise shall adopt enhanced CDD measures under Subparagraph (1) of Point 7 herein.
(3) The preceding two subparagraphs apply to family members or close associates of PEPs.
(4) For former PEPs of foreign governments or international organizations, an insurance enterprise shall assess risks based on the level of influence that the individual could still exercise, the seniority of the position that the individual held as a PEP, etc. If it is determined that the person is still a PEP, the provisions of the preceding three subparagraphs shall apply.
Insurance companies and post offices engaging in simple life insurance business should take reasonable measures to identity and verify whether the beneficiaries of a life insurance policy, investment-linked insurance policy or annuity insurance policy and the beneficial owner of the beneficiary are PEPs referred to in the preceding paragraph before paying out benefit or cash surrender value. Before paying out policy proceeds to PEPs, an insurance enterprise should inform senior management, conduct enhanced scrutiny on the whole business relationship with the policyholder, and consider making a suspicious transaction report.

12. An insurance enterprise should assess the money laundering or terrorist financing risks that may arise in relation to the development of new products or services or new businesses (including new delivery mechanisms, use of new technologies for pre-existing or new products or businesses) and establish relevant risk management measures to mitigate those risks.
13. Internal control system:
(1) The internal control mechanism or internal control system established by insurance companies or post offices engaging in simple life insurance business in accordance with Article 5 or 8 of the Regulations Governing Implementation of Internal Control and Audit System of Insurance Enterprises, or by insurance agent companies or insurance broker companies of certain sizes in accordance with Article 6 of the Regulations Governing the Implementation of Internal Control and Audit System and Business Solicitation System of Insurance Agent Companies and Insurance Broker Companies shall contain the following particulars:
A. The policies and procedures to identify, assess and manage its money laundering and terrorist financing risks.
B. An AML/CFT program established based on money laundering and terrorist financing risks and business size to manage and mitigate identified risks, which also includes enhanced control measures for higher risk situations.
C. Standard operational procedures for monitoring compliance with AML/CFT regulations and for the implementation of AML/CFT program, which shall be included in the self-inspection and internal audit system, and enhanced if necessary.
(2) Insurance companies and post offices engaging in simple life insurance business shall identify, assess and manage money laundering and terrorist financing risks mentioned in Item A of the preceding subparagraph in accordance with the following provisions:
A. Risk assessment should be documented;
B. Risk assessment should consider all risk factors and cover at least customers, geographic areas, products and services, transactions and delivery channels to determine the level of overall risk, and appropriate measures to mitigate the risks; and
C. There should be a risk assessment update mechanism in place to ensure that risk data are kept up-to-date.
(3) The policies and procedures of insurance agent companies or insurance broker companies of certain sizes for identifying and assessing money laundering and terrorist financing risks mentioned in Item A of Subparagraph (1) hereof should accommodate the data needs of insurance companies in customer risk identification, assessment and management to assist in the accuracy of collected or verified data.
(4) The AML/CFT program mentioned in Item B of Subparagraph (1) hereof shall include the following policies, procedures and controls; the AML/CFT program of insurance agent companies and insurance broker companies need not include Items B and C below:
A. Verification of customer identity;
B. Checking of names of customers and trading counterparties;
C. Ongoing monitoring of transactions;
D. Record keeping;
E. Reporting of currency transactions above a certain amount;
F. Reporting of suspicious transactions;
G. Appointment of a compliance officer at the management level to take charge of AML/CFT compliance matters;
H. Employee screening and hiring procedure;
I. Ongoing employee training program;
J. An independent audit function to test the effectiveness of AML/CFT system; and
K. Other matters required by the AML/CFT regulations and the competent authorities.
(5) An insurance enterprise having foreign branches shall establish a group-level AML/CFT program, which shall include the policies, procedures and controls mentioned in the preceding subparagraph, and in addition, the following particulars without violating the information confidentiality regulations of the ROC and countries or jurisdictions at where the foreign branches and subsidiaries are located:
A. Policies and procedures for sharing information within the group required for the purposes of CDD and money laundering and terrorist financing risk management;
B. Group-level compliance and audit functions to be established and customer, account and transaction information to be provided by foreign branches and subsidiaries when necessary for AML/CFT purposes; and
C. Adequate safeguards on the confidentiality and use of information exchanged.
(6) An insurance enterprise shall ensure that its foreign branches and subsidiaries apply AML/CFT measures, to the extent that the laws and regulations of host countries or jurisdictions so permit, and consistent with the home country requirements. Where the minimum requirements of the countries where its head office and branches or subsidiaries are located are different, the branch or subsidiary shall choose to follow the criteria which are higher. However, in case there is any doubt regarding the determination of higher or lower criteria, the determination by the competent authority of the place at where the head office of the insurance enterprise is located shall prevail. If a foreign branch or subsidiary is unable to adopt the same criteria as the head office due to prohibitions from foreign laws and regulations, appropriate additional measures should be taken to manage the risks of money laundering and terrorist financing, and a report shall be made to the competent authorities.
(7) The board of directors and senior management of an insurance company and the board of directors (or a delegated responsible unit) of an insurance agent company or insurance broker company should understand its money laundering and terrorist financing risks and the operation of its AML/CFT program, and adopt measures to create a culture of AML/CFT compliance.
14. Dedicated compliance unit and chief AML/CFT compliance officer:
(1) A domestic life insurance company shall set up an independent, dedicated AML/CFT compliance unit under the president, or the legal compliance unit or risk management unit of the head office. The AML/CFT compliance unit may not handle businesses other than AML/CFT and shall be staffed with adequate manpower and resources appropriate to the size and risks of the business. The board of directors of the life insurance company shall appoint a senior officer to act as the chief AML/CFT compliance officer and vest the officer full authority in AML/CFT implementation. The officer should report to the board of directors, supervisors (board of supervisors) or the audit committee at least semiannually, or whenever a major regulatory violation is discovered.
(2) The branch company of a foreign life insurance company in Taiwan, a non-life insurance company, a reinsurance company, an insurance agent company or insurance broker company of certain sizes is not required to set up such a dedicated compliance unit, but shall be staffed with an adequate number of AML/CFT personnel appropriate to the size and risks of its business, and its board of directors shall appoint a chief compliance officer and make sure that its AML/CFT personnel and the chief AML/CFT compliance officer do not hold concurrent posts that may have a conflict of interest with their AML/CFT responsibilities.
(3) For insurance agent companies under certain sizes that solicit insurance business on behalf of insurance companies and insurance broker companies under certain sizes that solicit insurance business, their board of directors (or delegated responsible unit) shall assign at least one personnel to handle the AML/CFT operation and make sure that such personnel does not hold concurrent posts that may have a conflict of interest with his/her AML/CFT responsibilities. However an insurance agent company shall comply with the provisions of the preceding subparagraph on insurance company with respect to its underwriting and claim settlement business undertaken on behalf of an insurance company.
(4) The dedicated compliance unit or chief AML/CFT compliance officer mentioned in Subparagraphs (1) and (2) shall be charged with the following duties:
A. Supervising the planning and implementation of policies and procedures for identifying, assessing and monitoring money laundering and terrorist financing risks.
B. Coordinating and supervising enterprise-wide AML/CFT risk identification and assessment.
C. Monitoring and controlling money laundering and terrorist financing risks.
D. Developing an AML/CFT program.
E. Coordinating and supervising the implementation of AML/CFT program.
F. Confirming compliance with AML/CFT regulations, including the relevant compliance template or self-regulatory rules produced by the trade association the enterprise belongs to and approved by the FSC.
G. Supervising the reporting on suspicious transactions and on the properties or property interests and location of individuals or legal entities designated by the Terrorism Financing Prevention Act to the Investigation Bureau, Ministry of Justice.
H. Other matters related to AML/CFT.
(5) The foreign branches of an insurance enterprise shall be staffed with an adequate number of AML/CFT personnel in view of the number of local branches, and the size and risks of its business, and appoint an AML/CFT compliance officer to take charge of related compliance matters.
(6) The appointment of AML/CFT compliance officer by the foreign branch of an insurance enterprise shall comply with the local regulations and the requirements of the local authorities. The AML/CFT compliance officer shall be vested with full authority in AML/ CFT implementation, including reporting directly to the chief AML/CFT compliance officer mentioned in Subparagraph (1) and Subparagraph (2), and should not hold other posts, except for the post of legal compliance officer. If the AML/CFT compliance officer holds other concurrent posts, the foreign branch should communicate the fact with the local competent authority to confirm that the holding of other concurrent posts will not result or potentially result in conflict of interest, and report the matter to the competent authority for record.
15. Implementation and statement of internal AML/CFT control system:
(1) The domestic business units and foreign branches of an insurance enterprise shall appoint a senior manager to act as the supervisor to take charge of supervising AML/CFT related matters of the business unit or branch, and conduct self-inspection in accordance with the Regulations Governing Implementation of Internal Control and Audit System of Insurance Enterprises, the Regulations Governing the Implementation of Internal Control and Audit System and Business Solicitation System of Insurance Agent Companies and Insurance Broker Companies and other applicable provisions.
(2) The internal audit unit of an insurance enterprise shall audit the following matters in accordance with the Regulations Governing Implementation of Internal Control and Audit System of Insurance Enterprises, and insurance agent companies and insurance broker companies of certain sizes shall audit the following matters in accordance with the Regulations Governing the Implementation of Internal Control and Audit System and Business Solicitation System of Insurance Agent Companies and Insurance Broker Companies, and submit audit opinions:
A. Whether the money laundering and terrorist financing risk assessment and the AML/CFT program meet the regulatory requirements and are vigorously implemented; and
B. The effectiveness of AML/CFT program.
(3) The president of an insurance enterprise should oversee that respective units prudently evaluate and review the implementation of internal AML/CFT control system. The chairman, president, chief auditor and chief AML/CFT compliance officer shall jointly issue a statement on internal AML/CFT control (see attached), which shall be submitted to the board of directors for approval and disclosed on the website of the insurance enterprise within three months after the end of each fiscal year, and filed via a website designated by the competent authority. The statement on internal AML/CFT control of an insurance agent company or an insurance broker company shall be filed in a manner designated by the competent authority before the end of April every year.
16. Employee hiring and training:
(1) An insurance enterprise shall establish prudent and appropriate procedures for employee screening and hiring, including examining whether the prospective employee has character integrity and the professional knowledge required to perform their duties.
(2) The chief AML/CFT compliance officer, the personnel of dedicated AML/CFT unit and the AML/CFT supervisor of a domestic business unit of an insurance enterprise shall possess one of the following qualification requirements:
A. Having served as a compliance officer or AML/CFT personnel on a full-time basis for at least three (3) years;
B. For chief AML/CFT compliance officers and personnel of dedicated AML/CFT unit, having attended not less than 24 hours of courses recognized by the competent authority, passed the exams and received completion certificates therefor; for the AML/CFT supervisors of domestic business units, having attended not less than 12 hours of courses recognized by the competent authority, passed the exams and received completion certificates therefor. Chief AML/CFT compliance officers and personnel of dedicated AML/CFT units who are appointed/assigned to the post prior to August 31, 2017 may receive the aforementioned certificates within six (6) months after the appointment/assignment, and the AML/CFT supervisors of domestic business units may receive such certificates within one year after the appointment/assignment; or
C. Having received a domestic or international AML/CFT professional certificate issued by an institution recognized by the competent authority.
(3) The chief AML/CFT compliance officer, the personnel of dedicated AML/CFT unit and the AML/CFT supervisor of domestic business units of an insurance enterprise shall attend not less than 12 hours of training offered by institutions recognized by the competent authority or by the  employing insurance enterprise (including the parent company of insurance enterprise) every year. The training shall cover at least newly amended laws and regulations, trends and patterns of money laundering and terrorist financing risks. If the person has obtained a domestic or international AML/CFT professional certificate issued by an institution recognized by the competent authority in a year, the certificate may be used to offset the training hours for the year.
(4) The AML/CFT supervisor and the AML/CFT officer and personnel of  foreign branches of an insurance enterprise shall attend not less than 12 hours of training on AML/CFT offered by foreign competent authorities or relevant institutions every year. If no such training is available, the personnel may attend training courses offered by institutions recognized by the competent authority or by the employing insurance enterprise (including parent company of the insurance enterprise).
(5) An insurance enterprise shall arrange appropriate hours of orientation and on-the-job training of suitable contents on AML/CFT in view of the nature of its business for its legal compliance personnel, internal auditors, business personnel and personnel related to AML/CFT operation to familiarize them with their AML/CFT duties and equip them with the professional knowhow to perform their duties.
17. If an insurance enterprise violates these Directions, the FSC will take appropriate sanctions commensurate with the seriousness of the violations in accordance with Articles 167-2, 167-3 and 171-1 of the Insurance Act, the Money Laundering Control Act and other relevant regulations.