| Legislative: |
Amended on 31 May 2018 per Order Ref. Jin-Guan-Bao-Zong-Zi 10704562451 of the Financial Supervisory Commission |
| Content: |
5. Internal control system:
(1) An insurance enterprise’s internal control system for AML/CFT and any subsequent amendment thereto shall be approved by its board of directors (council). The internal control system shall contain the following particulars:
A. The policies and procedures to identify, assess and manage its money laundering and terrorist financing risks.
B. An AML/CFT program established based on money laundering and terrorist financing risks and business size to manage and mitigate identified risks, which also includes enhanced control measures for higher risk situations.
C. Standard operational procedures for monitoring compliance with AML/CFT regulations and for the implementation of AML/CFT program, which shall be included in the self-inspection and internal audit system, and enhanced if necessary.
(2) When insurance companies and post offices engaging in simple life insurance business carry out the identification, assessment and management of money laundering and terrorist financing risks mentioned in Item A of the preceding subparagraph, the operation should cover at least customers, geographic areas, products and services, transactions, and delivery channels, and be conducted in accordance with the following provisions:
A. Produce a risk assessment report;
B. Risk assessment should consider all risk factors and cover at least customers, geographic areas, products and services, transactions and delivery channels to determine the level of overall risk, and appropriate measures to mitigate the risks; and
C. There should be a risk assessment update mechanism in place to ensure that risk data are kept up-to-date.
D. When the risk assessment report is completed or updated, submit the report to the FSC for recordation.
(3) The policies and procedures of insurance agent companies or insurance broker companies of certain sizes for identifying, assessing and managing money laundering and terrorist financing risks mentioned in Item A of Subparagraph (1) hereof should accommodate the data needs of insurance companies in customer risk identification, assessment and management to assist in the accuracy of collected or verified data and carry out required matters mentioned in item A to item D of the preceding paragraph.
(4) The AML/CFT program mentioned in Item B of Subparagraph (1) hereof shall include the following policies, procedures and controls; the AML/CFT program of insurance agent companies and insurance broker companies need not include Items B and C below:
A. Verification of customer identity;
B. Checking of names of customers and trading counterparties;
C. Ongoing monitoring of transactions;
D. Record keeping;
E. Reporting of currency transactions above a certain amount;
F. Reporting of transactions suspicious of money laundering or terrorist financing.
G. Appointment of a compliance officer at the management level to take charge of AML/CFT compliance matters;
H. Employee screening and hiring procedure;
I. Ongoing employee training program;
J. An independent audit function to test the effectiveness of AML/CFT system; and
K. Other matters required by the AML/CFT regulations and the competent authorities.
(5) An insurance enterprise having foreign branches (or subsidiaries) shall establish a group-level AML/CFT program for implementation by branches (or subsidiaries) within the group. The AML/CFT program shall include the policies, procedures and controls mentioned in the preceding subparagraph, and in addition, the following particulars without violating the information confidentiality regulations of the ROC and countries or jurisdictions at where the foreign branches (or subsidiaries) are located:
A. Policies and procedures for sharing information within the group required for the purposes of CDD and money laundering and terrorist financing risk management;
B. Group-level compliance, audit, and AML/CFT functions should be provided with customer and transaction information from foreign branches (or subsidiaries) when necessary for AML/CFT purposes; and
C. Adequate safeguards on the confidentiality and use of information exchanged.
(6) An insurance enterprise shall ensure that its foreign branches (or subsidiaries) apply AML/CFT measures to the extent that the laws and regulations of host countries or jurisdictions so permit, and those measures should be consistent with those adopted by the head office (or parent company). Where the minimum requirements of the countries where its head office (or parent company) and branches (or subsidiaries) are located are different, the branch (or subsidiary) shall choose to follow the criteria which are higher. However, in case there is any doubt regarding the determination of higher or lower criteria, the determination by the competent authority of the place at where the head office of the insurance enterprise is located shall prevail. If a foreign branch (or subsidiary) is unable to adopt the same criteria as the head office (or parent company) due to prohibitions from foreign laws and regulations, appropriate additional measures should be taken to manage the risks of money laundering and terrorist financing, and a report shall be made to the FSC.
(7) The board of directors (council) of an insurance company holds the ultimate responsibility of ensuring the establishment and maintenance of appropriate and effective AML/CFT internal controls. The board of directors and senior management of an insurance company and the board of directors (or a delegated responsible unit) of an insurance agent company or insurance broker company should understand the company’s money laundering and terrorist financing risks and the operation of its AML/CFT program, and adopt measures to create a culture of AML/CFT compliance. |