| Legislative: |
Abolished on 9 November 2018 |
| Content: |
1. These Directions are specifically adopted to strengthen the anti-money laundering and countering terrorism financing (AML/CFT) regime of the Republic of China (R.O.C.), and enhance soundness of the internal control and internal audit system of the insurance industry in R.O.C.
2. In matters related to AML/CFT internal controls, an insurance enterprise shall comply with these Directions as well as relevant provisions in the “Money Laundering Control Act”, “Terrorism Financing Prevention Act” and other relevant regulations.
3. The "insurance enterprise" referred to in these Directions include insurance companies, reinsurance companies, insurance agent companies (including banks engaging concurrently in insurance agent business), insurance broker companies (including banks engaging concurrently in insurance broker business), and post offices engaging in simple life insurance business.
4. An insurance enterprise should assess the money laundering and terrorist financing risks before launching new products with policy value reserve or cash value or money-related services or new businesses (including new delivery mechanisms, use of new technologies for pre-existing or new products or businesses) and establish relevant risk management measures to mitigate the identified risks.
5. Internal control system:
(1) An insurance enterprise’s internal control system for AML/CFT and any subsequent amendment thereto shall be approved by its board of directors (council). The internal control system shall contain the following particulars:
A. The policies and procedures to identify, assess and manage its money laundering and terrorist financing risks.
B. An AML/CFT program established based on money laundering and terrorist financing risks and business size to manage and mitigate identified risks, which also includes enhanced control measures for higher risk situations.
C. Standard operational procedures for monitoring compliance with AML/CFT regulations and for the implementation of AML/CFT program, which shall be included in the self-inspection and internal audit system, and enhanced if necessary.
(2) When insurance companies and post offices engaging in simple life insurance business carry out the identification, assessment and management of money laundering and terrorist financing risks mentioned in Item A of the preceding subparagraph, the operation should cover at least customers, geographic areas, products and services, transactions, and delivery channels, and be conducted in accordance with the following provisions:
A. Produce a risk assessment report;
B. Risk assessment should consider all risk factors and cover at least customers, geographic areas, products and services, transactions and delivery channels to determine the level of overall risk, and appropriate measures to mitigate the risks; and
C. There should be a risk assessment update mechanism in place to ensure that risk data are kept up-to-date.
D. When the risk assessment report is completed or updated, submit the report to the FSC for recordation.
(3) The policies and procedures of insurance agent companies or insurance broker companies of certain sizes for identifying, assessing and managing money laundering and terrorist financing risks mentioned in Item A of Subparagraph (1) hereof should accommodate the data needs of insurance companies in customer risk identification, assessment and management to assist in the accuracy of collected or verified data and carry out required matters mentioned in item A to item D of the preceding paragraph.
(4) The AML/CFT program mentioned in Item B of Subparagraph (1) hereof shall include the following policies, procedures and controls; the AML/CFT program of insurance agent companies and insurance broker companies need not include Items B and C below:
A. Verification of customer identity;
B. Checking of names of customers and trading counterparties;
C. Ongoing monitoring of transactions;
D. Record keeping;
E. Reporting of currency transactions above a certain amount;
F. Reporting of transactions suspicious of money laundering or terrorist financing.
G. Appointment of a compliance officer at the management level to take charge of AML/CFT compliance matters;
H. Employee screening and hiring procedure;
I. Ongoing employee training program;
J. An independent audit function to test the effectiveness of AML/CFT system; and
K. Other matters required by the AML/CFT regulations and the competent authorities.
(5) An insurance enterprise having foreign branches (or subsidiaries) shall establish a group-level AML/CFT program for implementation by branches (or subsidiaries) within the group. The AML/CFT program shall include the policies, procedures and controls mentioned in the preceding subparagraph, and in addition, the following particulars without violating the information confidentiality regulations of the ROC and countries or jurisdictions at where the foreign branches (or subsidiaries) are located:
A. Policies and procedures for sharing information within the group required for the purposes of CDD and money laundering and terrorist financing risk management;
B. Group-level compliance, audit, and AML/CFT functions should be provided with customer and transaction information from foreign branches (or subsidiaries) when necessary for AML/CFT purposes; and
C. Adequate safeguards on the confidentiality and use of information exchanged.
(6) An insurance enterprise shall ensure that its foreign branches (or subsidiaries) apply AML/CFT measures to the extent that the laws and regulations of host countries or jurisdictions so permit, and those measures should be consistent with those adopted by the head office (or parent company). Where the minimum requirements of the countries where its head office (or parent company) and branches (or subsidiaries) are located are different, the branch (or subsidiary) shall choose to follow the criteria which are higher. However, in case there is any doubt regarding the determination of higher or lower criteria, the determination by the competent authority of the place at where the head office of the insurance enterprise is located shall prevail. If a foreign branch (or subsidiary) is unable to adopt the same criteria as the head office (or parent company) due to prohibitions from foreign laws and regulations, appropriate additional measures should be taken to manage the risks of money laundering and terrorist financing, and a report shall be made to the FSC.
(7) The board of directors (council) of an insurance company holds the ultimate responsibility of ensuring the establishment and maintenance of appropriate and effective AML/CFT internal controls. The board of directors and senior management of an insurance company and the board of directors (or a delegated responsible unit) of an insurance agent company or insurance broker company should understand the company’s money laundering and terrorist financing risks and the operation of its AML/CFT program, and adopt measures to create a culture of AML/CFT compliance.
6. Dedicated compliance unit and chief AML/CFT compliance officer:
(1) An insurance enterprise shall be staffed with adequate number of AML/CFT personnel and resources appropriate to the size and risks of its business. The board of directors (council) of the insurance enterprise shall appoint a senior officer to act as the chief AML/CFT compliance officer and vest the officer full authority in coordinating and supervising AML/CFT implementation and shall ensure that its AML/CFT personnel and the chief AML/CFT compliance officer do not hold concurrent posts that may have a conflict of interest with their AML/CFT responsibilities. A domestic life insurance company shall, in addition, set up an independent, dedicated AML/CFT compliance unit under the president, or the legal compliance unit or risk management unit of the head office. The AML/CFT compliance unit may not handle businesses other than AML/CFT.
(2) For insurance agent companies under certain sizes that solicit insurance business on behalf of insurance companies and insurance broker companies under certain sizes that solicit insurance business, their board of directors (or delegated responsible unit) shall assign at least one personnel to handle the AML/CFT operation and make sure that such personnel does not hold concurrent posts that may have a conflict of interest with his/her AML/CFT responsibilities. However an insurance agent company shall comply with the provisions of the preceding subparagraph on insurance company with respect to its underwriting and claim settlement business undertaken on behalf of an insurance company.
(3) The dedicated compliance unit or chief AML/CFT compliance officer mentioned in Subparagraphs (1) shall be charged with the following duties:
A. Supervising the planning and implementation of policies and procedures for identifying, assessing and monitoring money laundering and terrorist financing risks.
B. Coordinating and supervising enterprise-wide AML/CFT risk identification and assessment.
C. Monitoring and controlling money laundering and terrorist financing risks.
D. Developing an AML/CFT program.
E. Coordinating and supervising the implementation of AML/CFT program.
F. Confirming compliance with AML/CFT regulations, including the relevant compliance template or self-regulatory rules produced by the trade association the enterprise belongs to and approved by the FSC.
G. Supervising the reporting on transactions suspicious of money laundering or terrorist financing and on the properties or property interests and location of individuals or legal entities designated by the Terrorism Financing Prevention Act to the Investigation Bureau, Ministry of Justice.
H. Other matters related to AML/CFT.
(4) The chief AML/CFT compliance officer mentioned in Subparagraph (1) hereof should report to the board of directors (council) and supervisors (board of supervisors) or the audit committee at least semiannually, or whenever a major regulatory violation is discovered.
(5) The foreign business units of an insurance enterprise shall be staffed with an adequate number of AML/CFT personnel in view of the number of local branches, and the size and risks of its business, and appoint an AML/CFT compliance officer to take charge of the coordination and supervision of related compliance matters.
(6) The appointment of AML/CFT compliance officer by the foreign business unit of an insurance enterprise shall comply with the local regulations and the requirements of the host country. The AML/CFT compliance officer shall be vested with full authority in coordinating and supervising AML/CFT implementation, including reporting directly to the chief AML/CFT compliance officer mentioned in Subparagraph (1) and should not hold other posts, except for the post of legal compliance officer. If the AML/CFT compliance officer holds other concurrent posts, the foreign business unit should communicate the fact with the local competent authority of the host country to confirm that the holding of other concurrent posts will not result or potentially result in conflict of interest, and report the matter to the FSC for recordation.
7. Implementation, audit and statement of internal AML/CFT control system:
(1) The domestic and foreign business units of an insurance enterprise shall appoint a senior manager to act as the supervisor to take charge of supervising AML/CFT related matters of the business unit, and conduct self-inspection in accordance with relevant rules.
(2) The internal audit unit of an insurance enterprise shall audit the following matters in accordance with the Regulations Governing Implementation of Internal Control and Audit System of Insurance Enterprises, and insurance agent companies and insurance broker companies of certain sizes shall audit the following matters in accordance with the Regulations Governing the Implementation of Internal Control and Audit System and Business Solicitation System of Insurance Agent Companies and Insurance Broker Companies, and submit audit opinions:
A. Whether the money laundering and terrorist financing risk assessment and the AML/CFT program meet the regulatory requirements and are vigorously implemented; and
B. The effectiveness of AML/CFT program.
(3) The president of an insurance enterprise should oversee that respective units prudently evaluate and review the implementation of internal AML/CFT control system. The chairman, president, chief auditor (internal auditor) and chief AML/CFT compliance officer shall jointly issue a statement on internal AML/CFT control (see attached), which shall be submitted to the board of directors (council) for approval and disclosed on the website of the insurance enterprise within three(3) months after the end of each fiscal year, and filed via a website designated by the FSC. The statement on internal AML/CFT control of an insurance agent company or an insurance broker company shall be filed in a manner designated by the FSC before the end of April every year.
(4) For the branches of a foreign insurance enterprise in Taiwan, the authorized personnel of its head office shall be responsible for matters concerning the board of director or supervisors under these Directions. The statement mentioned in the preceding subparagraph shall be jointly issued by the responsible person and chief AML/CFT compliance officer of the branch in Taiwan as authorized by the head office as well as officer in charge of audit operation in Taiwan area.
8. Employee hiring and training:
(1) An insurance enterprise shall establish prudent and appropriate procedures for employee screening and hiring, including examining whether the prospective employee has character integrity and the professional knowledge required to perform their duties.
(2) The chief AML/CFT compliance officer, the personnel of dedicated AML/CFT unit and the AML/CFT supervisor of domestic business units of an insurance enterprise shall possess one of the following qualification requirements in three (3) months after appointment/assignment to the post and the insurance enterprise shall set out relevant control mechanism to ensure compliance with the provisions hereof:
A. Having served as a compliance officer or AML/CFT personnel on a full-time basis for at least three (3) years;
B. For chief AML/CFT compliance officers and personnel of dedicated AML/CFT unit, having attended not less than 24 hours of courses offered by institutions recognized by the FSC, passed the exams and received completion certificates therefor; for the AML/CFT supervisors of domestic business units, having attended not less than 12 hours of courses offered by institutions recognized by the FSC, passed the exams and received completion certificates therefor. But chief AML/CFT compliance officers who also act as legal compliance officer or personnel of dedicated AML/CFT unit who also acts as legal compliance personnel are deemed to meet the qualification requirement under this Item after they have attended at least 12 hours of training on AML/CFT offered by institutions recognized by the FSC; or
C. Having received a domestic or international AML/CFT professional certificate issued by an institution recognized by the FSC.
(3) Personnel mentioned in the preceding subparagraph who are appointed/assigned to the post prior to August 31, 2017 may be deemed as qualified if he or she meets any of the qualification requirements below:
A. Meeting the qualification requirement set out in Item A or Item C of the preceding subparagraph prior to August 31, 2017.
B. Meeting the qualification requirement set out in item 2 of the preceding subparagraph within the time periods specified below:
(A) For the chief AML/CFT compliance officer and AML/CFT personnel, meeting the qualification requirement within six (6) months after appointment/assignment to the post.
(B) For AML/CFT supervisor of domestic business units, meeting the qualification requirement within one year after appointment/assignment to the post.
(4) The chief AML/CFT compliance officer, the personnel of dedicated AML/CFT unit and the AML/CFT supervisor of domestic business units of an insurance enterprise shall attend not less than 12 hours of training on AML/CFT offered by internal or external training units consented by the chief AML/CFT compliance officer mentioned under Subparagraph (1) of Point 6 herein every year. The training shall cover at least newly amended laws and regulations, trends and patterns of money laundering and terrorist financing risks. If the person has obtained a domestic or international AML/CFT professional certificate issued by an institution recognized by the FSC in a year, the certificate may be used to offset the training hours for the year.
(5) The AML/CFT supervisor and the AML/CFT officer and personnel of foreign business units of an insurance enterprise shall possess professional knowledge in AML/CFT, be well informed in relevant local regulations, and attend not less than 12 hours of training on AML/CFT offered by foreign competent authorities or relevant institutions every year. If no such training is available, the personnel may attend training courses offered by internal or external training units consented by chief AML/CFT compliance officer mentioned under Subparagraph (1) of Point 6 herein.
(6) An insurance enterprise shall arrange appropriate hours of orientation and on-the-job training of suitable contents on AML/CFT every year in view of the nature of its business for its directors (council members), supervisors, president, legal compliance personnel, internal auditors, business personnel and personnel related to AML/CFT operation to familiarize them with their AML/CFT duties and equip them with the professional knowhow to perform their duties.
9. If an insurance enterprise violates these Directions, the FSC will take appropriate sanctions commensurate with the seriousness of the violations in accordance with Articles 167-2, 167-3 and 171-1 of the Insurance Act, and other relevant regulations. |