| Legislative: |
1. Full text of 24 articles adopted and promulgated on 27 April 2015
2. Articles 2, 7, 12 and 31 amended and issued on August 17, 2016
3. Articles 2 and 12 amended and issued on September 10, 2016
4. Article 2, 7, 9, 12, 24, 27 amended and issued on August 18, 2017; article 20-1 was added
5. Promulgated and amended Article 2, Article 5-1, Article 6, Article 7, Article 10, Article 12, Article 12-1, Article 15, Article 20, Article 20-1, Article 24, Article 26, and Article 27 on July 2, 2019 |
| Content: |
Title:Rules Governing the Administration of Electronic Payment Business
Amended Date:2019-07-02
Chapter 1 General Provisions
Article 1 These Rules are adopted pursuant to Article 33 and Article 39 of the Act Governing Electronic Payment Institutions (referred to as the “Act” hereunder) and Article 40 of the Act to which Article 33 of the Act applies mutatis mutandis.
Article 2 The terms as used in these Rules are defined as follows:
1. "Collecting and making payments for real transactions as an agent" shall mean the business of an electronic payment institution independent of the users of real transactions accepting under the mandate of both parties to a real transaction the amount of the transaction transferred from the payor, and after certain conditions are fulfilled, or a certain period of time has arrived or receiving an instruction from the payor, transferring the amount of the real transaction to the recipient.
2. "Accepting deposits of funds as stored value funds" shall mean the business of an electronic payment institution receiving funds from a user in advance and storing the funds in the user's electronic payment account (referred to as "e-payment" account hereunder) for future transfer of funds between said user and other users other than the electronic payment institution itself.
3. "Transferring funds between e-payment accounts" shall mean the business of an electronic payment institution transferring funds in the e-payment account of an user according to said user's payment instruction for purposes other than any real transaction into the e-payment accounts of other users of the same electronic payment institution.
4. "Electronic payment business" shall mean businesses under the subparagraphs of Paragraph 1, Article 3 of the Act.
5. "E-payment account" shall mean an online account opened by a user with an electronic payment institution to keep track of his/her funds transfer and funds deposit records.
6. "Users" shall mean persons who register and open an e-payment account with an electronic payment institution and use the services provided by the electronic payment institution to make funds transfer or deposit stored value funds.
7. "Recipient users" shall mean users who use the service of collecting and making payments for real transactions as an agent offered by an electronic payment institution to collect payments.
8. "Payment via agreed linked deposit account" shall mean the service where in conducting its electronic payment business, an electronic payment institution gives a financial institution at where an user opens his/her account (referred to as "the financial institution holding the account" hereunder) an account payment deduction instruction according to the agreement between the user and the financial institution to transfer funds from the user's deposit account with the financial institution for the electronic payment institution to collect payment from the user and record the payment amount and the fund transfer activity under the user's electronic payment account ("e-payment account"). The mechanisms of the operation are as follows:
(1) "Direct link mechanism" means the mechanism where an electronic payment institution gives a financial institution holding the account a payment deduction instruction directly to transfer funds from the user's deposit account.
(2) "Indirect link mechanism" means the mechanism where an electronic payment institution gives a dedicated deposit account bank a payment deduction instruction indirectly through the financial information service enterprise or clearing house to which the bank is connected to transfer funds from the user's deposit account with the bank.
9. “Integration and conveyance of receipt/payment information for recipient users” shall mean an electronic payment institute is entrusted by recipient users and other institutes to provide terminal equipment or application program for integrating and conveying receipt/payment information.
10. "Conveyance of information to users" means the service used by the electronic payment institution to deliver information to users with electronic equipment through the Internet.
11. "Electronic payment account stored value card" means prepayment of a certain amount of money for purchasing an unregistered card with equal monetary value issued by an electronic payment institution in physical form to which the card holder stores the specified monetary amount.
Chapter 2 User Management
Article 3 An electronic payment institution shall accept user registration in the following manners:
1. Know the identity of the user in accordance with the regulations stipulated pursuant to Paragraph 3, Article 24 of the Act, retain user identity data and verify the authenticity of user identity information; the preceding provision applies when a user changes his/her identity information;
2. Establish management mechanism for irregular applications to prevent the registration of dummy accounts; and
3. Remind users that they will be held legally responsible if they use their e-payment accounts illegally.
Article 4 When an electronic payment institution accepts user's registration, the contract entered between the parties shall comply with the provisions of Article 27 of the Act, and the electronic payment institution shall enable users to inquire the contents of the contract in a manner agreed by the parties.
An electronic payment institution shall announce the followings on its website:
1. Its name and contact information;
2. Clauses of the standard form contract for its electronic payment business;
3. The manners by which the e-payment account is used, causes for termination of e-payment account, and withdrawal and refund of funds received from user;
4. Fees and charges, all possible expenses that the user may incur and calculation methods therefor explained in plain language, supplemented with specific examples;
5. Possible risks associated with using e-payment account;
6. Actions to take when the user's ID or the password of user's e-payment account is lost or stolen, and reminder for user to safekeep his/her ID, password and other related information of user identity;
7. Rights and obligations of the parties when user's e-payment account is used without user's authorization;
8. Mechanism for Customer complaint handling and dispute settlement;
9. Warning of legal consequences of illegal use of e-payment account.;
10. Other matters relating to user's rights and obligations; and
11. Other matters required of public announcement on website by the competent authority.
The announcements under the preceding paragraph should use plain and concise language, and important matters relating to user interests should be posted in a conspicuous manner.
Fees and expenses charged by an electronic payment institution to its users should reasonably reflect its costs.
Article 5 An electronic payment institution shall establish mechanisms for recipient user management with respect to credit checking, contract signing and periodic review, and observe the following rules:
1. The contract should contain an agreement that the business of the recipient user shall not be involved in financial products or services to which the competent authority has not approved receipts and payments processed by an agent and in other transactions prohibited by law or according to the notices of central government authorities in charge of certain industry.
2. The contract should contain an agreement that if the recipient user sells or provides deferred products or services, the user shall obtain performance guarantee or declare trust and disclose such performance guarantee or trust information to the buyer users.
3. The contract should contain an agreement that the recipient user will observe the following provisions on safekeeping and inquiries of transaction records:
(1) The recipient user shall properly retain relevant transaction data, documents and forms for at least 5 years; and
(2) The recipient user shall provide transaction related information as requested by the electronic payment institution, including but not limited to the terms of transaction, method of performance, transaction results, as well as business items operated by the recipient user and its qualifications. With regard to information requested by the electronic payment institution, the recipient user should provide detailed descriptions and necessary documentation.
Article 5-1 When an electronic payment institution and recipient user signs or terminates the contract, the electronic payment institution shall report to the Joint Credit Information Center (JCIC).
Where an electronic payment institution accepts a registration application of a non-personal recipient user or a personal recipient user with an average transaction amount in collecting and making payments for real transactions as an agent in excess of NTD 80,000 in the most recent six months, the electronic payment institution shall request the following information from JCIC and retain related records for reference:
1. Information on the signing and termination of the contract by the recipient user reported by the electronic payment institution;
2. Information on the signing and termination of the contract by the merchant reported by the credit card business institution;
3. Other information required by the competent authority.
Where the electronic payment institution does not meet requirements in the two preceding paragraphs, they shall implement adjustments to meet the requirements before December 31, 2019.
Article 6 An electronic payment institution should adopt the following measures for risk management of recipient users:
1. Establishing credit checking mechanism and process for recipient users and assigning staff to take charge of recipient user review, approval and management operations;
2. Establishing risk rating mechanism for recipient users and adopting measures such as limiting transaction amounts, strengthening transaction monitoring, conducting field visits, charging deposits, requiring the provision of other guarantees or delayed settlement for recipient users at higher risk level to reduce transaction risk;
3. Establishing the recipient user investigation, evaluation or field visit mechanisms, the contents of user investigation and evaluation shall include irregularities in transactions and the information specified in Paragraph 2 of the preceding article, and based on the risk level of recipient user, conducting investigation, evaluation or field visit at proper frequency and in a proper manner, and retaining relevant records; and
4. Other risk management measures required by the competent authority.
Chapter 3 User's Payment Instructions
Article 7 An electronic payment institute shall carry out transfer of funds according to payment instructions of users. Unless otherwise provided in the Laws or this Rule, or otherwise agreed between the user and the electronic payment institute, the electronic payment institute shall not arbitrarily freeze the funds in user’s electronic payment account.
A user payment instruction shall include the following information:
1. The payor's name, title, other information sufficient for the identification of the payor agreed by the payor and the electronic payment institution, and the e-payment account number. The user name shall be partially hidden.;
2. The recipient's name, title, other information sufficient for the identification of the recipient agreed by the recipient and the electronic payment institution, and the e-payment account number. The user name shall be partially hidden;
3. The exact dollar amount and currency of payment;
4. Time for transfer of funds; if the transfer is not effected immediately, the conditions and time period for the transfer to take place or manner of payment instructed by payor; and
5. Other information required by the competent authority.
Upon receiving a payment instruction from a user, an electronic payment institution shall notify the user in a manner agreed by the user for reconfirmation and notify the user of the result after executing user's payment instruction.
When an electronic payment institution engages in the following businesses regarding collecting and making payments for real transactions as an agent, each transaction shall be limited to NTD 50,000 or its equivalent; the daily transaction amount shall be limited to NTD 100,000 or its equivalent; and the cumulative transaction amount for each month shall be limited to NTD 200,000 or its equivalent, the provision regarding user payment instruction provided in Paragraph 2 and the provision regarding reconfirmation in preceding paragraph may not apply:
1. To provide Online to Offline payment service.
2. To pay charges and fees, taxes, fines, or other expenses imposed by government, and to pay service fees of public utilities, telecommunication service charges, public transportation or parking fees, and to pay charges and fees, taxes, fines, or other expenses imposed by the recipient user on behalf of government or service fees of public utilities, telecommunication service charges, public transportation or parking fees received by the recipient user on behalf of consignor.
When an electronic payment institution engages in the following businesses, it is not subject to the provisions of Subparagraph 1 and Subparagraph 2 of Paragraph 2 and Paragraph 3 regarding reconfirmation:
1. Providing payment services for physical channels;
2. Providing transaction information produced by the payor and collecting and making payments for real transactions as an agent through batch operations;
3. Providing fund transfer services conducted with assistance or approval from the recipient.
An electronic payment institution should, in a manner agreed with the user, provide free services, allowing the user to inquire his/her transaction records within the past year at any time, and at user's request, providing transaction records that are more than one year old but less than five years.
Article 8 An electronic payment institution shall promptly notify its users when it becomes unable to execute users' payment instructions due to the breakdown of its information system or other reasons.
Chapter 4 Business Management and Operations of Electronic Payment Institutions
Article 9 Funds may not be transferred between the e-payment accounts of different electronic payment institutions, regardless whether the accounts are opened by the same user or not.
The electronic payment institute that has been approved by the competent authority to engage in electronic stored value card business may transfer the NTD payment amount recorded in electronic payment account to the NTD registered electronic stored value card issued by the competent authority and possessed by the same user according to the payment instructions of the user.
Article 10 The transfer of funds between electronic payment institutions and between an electronic payment institution and an entity that engages in the business of collecting and making payments for real transactions as an agent must be effected through a financial institution that they may not open an e-payment account with each other or go through other electronic payment institutions or entities engaging in the business of collecting and making payments for real transactions as an agent.
The recipient user shall be the ultimate beneficiary of the fund transfer in which the electronic payment institution collects and makes payments for real transactions as an agent. However, preceding provision does not apply where the recipient user is a financial institution, convenience store operator, or supermarket operator and subject to one of the following circumstances:
1. Collection of charges and fees, taxes, and fines on behalf of governments of all levels;
2. Collection of service charges on behalf of public utilities;
3. Collection of ticket prices and other related service fees on behalf of public transportation enterprises;
4. Other payments approved by the competent authority.
Article 11 Electronic payment institutions shall not use bonus, gift or other offers to absorb stored value funds.
Article 12 An electronic payment institute shall not accept user’s application for transferring funds between e-accounts by using credit card. In the event that the circumstances meet the following provisions, a user’s application for depositing value by using credit card can be accepted:
1. The deposited value is limited to New Taiwan Dollar.
2. Electronic payment institutions shall establish limits on the amount of value stored and risk control and management mechanisms.
3. The funds deposited by a credit card may only be used for collecting and making payments for real transactions as an agent, and may not be used for transferring between electronic payment accounts or withdrawing funds. In addition, the provision shall be notified to users in conspicuous lettering on service website and every time user deposits value by credit card.
4. In the event of allowing user to carry out automatic value deposit service by credit card, limited amount of automatic value deposit for each application and automatic value deposit on each day shall be agreed on with the user, and the mechanism allowing the user to adjust limited amount at any time and to stop the automatic value deposit service shall be provided.
If an electronic payment institution provides the service of payment via agreed linked deposit account, the operations of both the electronic payment institution and the financial institution at where the user opens his/her account (referred to as "the financial institution holding the account" hereunder) shall comply with the regulations stipulated pursuant to Paragraph 2, Article 29 of the Act and relevant provisions of the Standards for the Security Management Operation of Electronic Banking Business of Financial Institutions.
The agreement entered between an electronic payment institution and the financial institution holding the account on the service of payment via agreed linked deposit account shall contain the following particulars. However, the preceding provision does not apply when the financial institution holding the account is an institution engaging concurrently in electronic payment business or Chunghwa Post Co, Ltd.:
1. The scope, manner and procedure of agreed linked deposit account operation;
2. The content of payment deduction instruction and the manner of giving such an instruction;
3. Method for handling dispute;
4. Method for handling irregular transaction flow;
5. Distinction of sources of payment deduction instructions;
6. Other important rights and obligations of the parties and method of cost sharing;
7. Method for handling user denial of agreed linkage;
8. Obligations of the user's bank to check the agreed data and notify the user after completing fund transfer; and
9. Other items prescribed by the competent authority.
The agreement entered between an electronic payment institution and a dedicated deposit account bank on the service of payment via agreed linked deposit account shall contain items provided in Subparagraphs 1 ~ 6 and 9 of the preceding paragraph. However, the preceding provision does not apply when the dedicated deposit account bank is an institution engaging concurrently in electronic payment business or Chunghwa Post Co, Ltd.
When an electronic payment institution adopts indirect link mechanism to provide the service of payment via agreed linked deposit account, the institution may agree to observe the rules or operating requirements of the financial information service enterprise or clearing house that contain items provided under Paragraph 3 hereof in lieu of entering an agreement with the financial institution holding the account.
When an electronic payment institution provides automatic deposit of stored value funds service through the agreed linked deposit account, the institution shall agree with the user on the limits of automatically deposited funds per deposit and per day, and provide a mechanism for the user to adjust such limits and stop the automatic deposit.
Article 12-1 Electronic payment institutions shall meet the following regulations when issuing electronic payment account stored value cards:
1. The method of storing monetary value in electronic payment account stored value cards shall be disposable. The cards may not specify a limited usage period and the currency shall be restricted to NTD.
2. If an electronic payment account stored value cards is destroyed, lost, or stolen, the user may not report the loss and suspend payments.
3. The maximum stored value of a single electronic payment account stored value card shall be NTD 5,000 and they shall be issued in increments of NTD 100. The maximum value in a single purchase of an electronic payment account stored value card shall be NTD 50,000 and purchases with credit cards shall not be permitted.
4. The contact information of the electronic payment institution, channels for obtaining information on the rights and obligations of the card holder, and the following items shall be prominently displayed on the front or back of the electronic payment account stored value card; where it is difficult to display the items to be specified on the stored value card, the electronic payment institution shall inform the card holder of the items to be specified in writing or through other reasonable means:
(1) Face value of the electronic payment account stored value card;
(2) Serial number of the electronic payment account stored value card or other information sufficient for proving transactions;
(3) Notices on the use of the electronic payment account stored value card;
(4) Items that involve the rights and obligations of the card holder;
(5) Other items required by the competent authority.
5. Payments collected for the issuance of the electronic payment account stored value card shall be deemed as stored value specified in Subparagraph 2 of Article 6 of the Rules.
6. Electronic payment institutions shall formulate security control and management plans and establish fraud prevention and account verification mechanisms to quickly deliver, confirm, and verify sales information when selling electronic payment account stored value cards. They shall also retain detailed information of transaction records for at least five years. The detailed information shall fully disclose the date of sales, card number, amounts, and the currency.
Article 13 When an electronic payment institution refunds funds received from a user, it shall, depending on the payment method originally used by the user, return the funds into the user's original e-payment account, original deposit account or original credit card account.
Except where the funds were originally paid by the user via a credit card, an electronic payment institution that is approved to engage in the business accepting deposits of funds as stored value funds may convert the refunds under the preceding paragraph into stored value funds as agreed with the user, where the balance of stored value funds is still subject to the provisions of Paragraph 1, Article 15 of the Act.
Where an electronic payment institution is unable to carry out refunds according to the preceding two paragraphs, the institution should agree with the user on a deposit account of the user that may be used for the refund operation and transfer the relevant funds into said deposit account without making the refund in cash.
Article 14 Electronic payment institutions may not set a time limit for the users to use their funds.
Article 15 Electronic payment institutions may not offer users overdraft service or loans or other credit lines for their e-payment accounts. Nor shall an electronic payment institution make advances for a user when the amount of payment instructed by the user exceeds the balance in his/her e-payment account. The restrictions shall not apply to single advances and usage in the public transportation or parking lot business.
Article 16 Electronic payment institutions shall bear the burden of proof in dispute over fraudulent transaction involving e-payment account, and shall bear the loss arising from the transaction if the user is not found at fault.
Article 17 When the contractual relationship between a user and an electronic payment institution is terminated or ceases to exist, the electronic payment institution should return the balance of withdrawable funds of the user within a reasonable period of time.
When the electronic payment institution returns funds according to the preceding paragraph, it may not pay in cash, but shall transfer the returned funds into a deposit account of the user.
Article 18 When a specialized electronic payment institution or an electronic stored value card issuer that engages concurrently in electronic payment business obtains full guarantee from a bank for the stored value funds deposited by users less the required reserve and for the amount of funds collected/paid as an agent in accordance with Article 20 of the Act, the bank that signs the performance guarantee agreement shall meet the following requirements:
1. The bank's ratio of regulatory capital to risk-weighted assets in the most recent quarter as reported to the competent authority complies with Article 5 of the Regulations Governing the Capital Adequacy Ratio of Banks;
2. The bank's average non-performing loan ratio in the past three months is below 2%; and
3. The bank does not have consecutive accumulated deficit in the past two years as audited and certified by an accountant.
Article 19 If an electronic payment institution finds that a user's ID or e-payment account password is missing or stolen or there are other substantial evidences suggesting that a user's e-payment account may be or has been used without authorization, the electronic payment institution should suspend further processing of said user's e-payment account and notify said user the same.
Article 20 In case a user has any of the following circumstances, an electronic payment institution may suspend all or part of its business services available to the user; if the circumstance is of serious nature, the electronic payment institution should immediately terminate the contract entered with the user:
1. The user refuses to cooperate in verifying or re-verifying his/her identity.
2. There is concern that the user may have provided false identity information.
3. Substantial evidence shows that the user uses his/her e-payment account to engage in fraudulent activities, money laundering or other illegal activities, or the user is suspected of engaging in such illegal activities.
An electronic payment institution that terminates the contract entered with a user pursuant to Subparagraph 2 or 3 of the preceding paragraph shall report the matter to JCIC.
Article 20-1 Electronic payment institute shall provide the service of integration and conveyance of receipt/payment information for recipient users or conveyance of information to users in accordance with the following provisions:
Sign contracts with users and other institutes and agree on both parties’ rights, obligations and responsibilities of the related matter.
For the provided terminal equipment or application programs, take appropriate protection and control measures in order to prevent the receipt/payment information from being leaked, tampered, or transmit wrongfully.
The obtained and stored receipt/payment information shall be limited to the ones which are necessary for providing service.
The information known by operating business, unless otherwise provided in laws and regulations, or otherwise expressly agreed by contract or in writing, shall not be used for any purpose other than operating business.
Article 21 In conducting electronic payment business, an electronic payment institution shall comply with the Money Laundering Control Act and relevant regulations, establish the following measures, draw up money laundering prevention guidelines and procedures in accordance with Article 6 of the Money Laundering Control Act and file same with the central competent authority in charge of the industry for record:
1. Establishing electronic surveillance mechanism to automatically monitoring and analyzing suspicious money laundering transactions.
2. Establishing mechanism for handling transactions that show signs of money laundering activities.
3. Dutifully retaining necessary transaction records.
4. Designating a specific unit to take charge of drafting money laundering prevention policies and internal control procedures.
5. Periodically conducting anti-money laundering audit.
Chapter 5 Supervision and Administration of Electronic Payment Institutions
Article 22 Specialized electronic payment institutions that set up a new business location shall, within 5 business days from the date of setup, report the date of setup, address, and scope of business of the new outlet to the competent authority for record. The preceding provision applies to the relocation or closing of business locations.
Article 23 The information system and security management operation of an electronic payment institution for its electronic payment business shall comply with the regulations prescribed by the competent authority pursuant to Paragraph 2, Article 29 of the Act, and shall be examined by an accountant with an evaluation report on the information system and security management operation produced at the time the electronic payment institution submits its application for approval and before the end of April each year thereafter.
The information system and its backup system for the electronic payment business of specialized electronic payment institutions shall be set up within the territory of the Republic of China.
Article 24 While the specialized electronic payment institute outsources part of the electronic payment business to other party, except for the matters provided in Subparagraph 3, Subparagraph 6, Subparagraph 8 of Paragraph 2 shall be submitted to the competent authority for approval , the specialized electronic payment institute shall otherwise report to the competent authority for review and record within five business days after outsourcing the business to other party for the first time.
When a specialized electronic payment institution outsources its business items stated in its business license or operations relating to users’ information, the outsourcing shall be limited to the following:
1. Collection of funds paid by users in cash; notwithstanding the foregoing, the outsourced service provider must be an entity already approved by the competent authority to provide such service.
2. Safekeeping and transport of cash payments received from users.
3. Data processing: Including the data entry, processing, and output of information system, the development, monitoring, control, and maintenance of information system, and logistical support for data processing in connection with the business of the electronic payment institution.
4. Safekeeping of documents such as forms, statements and certificates.
5. User services, including automated voice systems, reply to and handling of user’s e-mails, inquiries of and assistance in matters related to the electronic payment business.
6. Engaging an offshore outsourced service provider to perform the identity verification operation of offshore users.
7. Processing work of receipt/payment information, including using other party’s terminal equipment or application program and entrusting other party to integrate and convey receipt/payment information.
8. Sales of electronic payment account stored value cards.
9. Other operations approved by the competent authority for outsourcing.
Electronic payment institutions shall comply with the following rules when outsourcing the operations specified in Subparagraph 1 of the preceding paragraph:
1. Electronic payment institutions shall formulate security control and management plans with outsourced service providers and establish payment account verification mechanisms to quickly deliver, confirm, and verify payment collection information when outsourced service providers receive payment from users. The maximum payment collection amount for outsourced service providers in each transaction is NTD 20,000 or its equivalent.
2. The payment information of user payments used by outsourced service providers may not fully display the national ID number, account number, or other personal information.
3. Electronic payment institutions shall ensure that outsourced service providers and their personnel cannot use the payment information to obtain or identify the user's national ID number, account number, and other related personal information to prevent leaks of user information.
Electronic payment institutions shall comply with the following rules when outsourcing their operations:
1. An electronic payment institution shall adopt internal operating systems and procedures covering the scope of matters that can be outsourced, protection of user rights and interests, risk management, and internal control principles, and those operating systems and procedures and any subsequent revisions thereto shall be approved by the board of directors
2. An electronic payment institution shall make sure the outsourced service providers meet its requirements for operational security and risk management.
3. An electronic payment institution shall demand that its outsourced service providers comply with the mandatory or prohibitory provisions of laws.
4. An electronic payment institution shall demand that its outsourced service providers agree to give the competent authority and the Central Bank access to data or reports relating to the outsourced operations and allow them to conduct financial examination.
5. An electronic payment institution shall be held jointly liable as provided by law for users whose interests are damaged by the intentional act or negligence of an outsourced service provider or its employees.
A dual-status electronic payment institution that outsources its business items involving electronic payment business or operations relating to user s’ information shall comply with the provisions in Paragraph 2 hereof with respect to the scope of outsourcing, and in addition, comply with the regulations governing the outsourcing of its core business operations.
Article 25 Specialized electronic payment institutions shall not invest in other enterprises, unless it is a subsidiary that the investment in which has been approved by the competent authority, the business of the subsidiary is closely related to that of the issuer, and in which the issuer holds more than fifty percent (50%) of the issued shares of the subsidiary.
The total investment made by a specialized electronic payment institution shall not exceed 10 percent of the balance of its paid-in capital at the time of investment less the minimum paid-in capital as stipulated under the Act and accumulated loss.
Specialized electronic payment institutions shall establish internal guidelines for the utilization of own funds and submit the guidelines and subsequent revisions thereto to the board of directors for approval.
Specialized electronic payment institutions may not provide guarantees for others.
If deemed necessary, the competent authority may set limits to the debt ratios of a specialized electronic payment institution.
Article 26 Electronic payment institutions shall file periodic reports on their electronic payment business with JCIC.
JCIC will determine the scope of information to be reported and inquired by electronic payment institutions and rules for the filing and inquiry operations, fee schedule, operations management, data disclosure deadline, information security management, and audit procedures, and submit same to the competent authority for approval.
JCIC's activities of collecting, processing or using information reported by electronic payment institutions according to Paragraph 1 hereof are considered necessary for fulfillment of the legal obligation provided under Subparagraph 2, Paragraph 2, Article 8 of the Personal Information Protection Act and hence are exempted from giving notice provided under Paragraph 1, Article 9 of the Personal Information Protection Act.
Electronic payment institutions shall ensure the information reported and disclosed according to Paragraph 1 hereof is accurate and free of false statement or representation.
Article 27 Electronic payment institutions that apply for approval to conduct other businesses pursuant to Paragraph 1, Article 3 of the Act shall submit a business plan to the competent authority for approval.
The business plan in the preceding paragraph shall contain the following particulars:
1. Purpose for conducting such business;
2. Agreements or templates therefor among relevant parties regarding their respective rights and obligations;
3. Business rules, business processes and risk management; and
4. Market prospects, and risk/benefit evaluation.
An electronic payment institute providing the service of integration and conveyance of receipt/payment information for recipient users or conveyance of information to users shall be deemed to operate other businesses approved by the competent authority provided in Subparagraph 4 of Paragraph 1 of Article 3 of the Act, and shall report to the competent authority for review and record within five business days after the first-time operation, and the provision in Paragraph 1 does not apply.
Article 28 Where an electronic payment institution plans to terminate part of its business, it shall apply to the competent authority for approval by submitting a plan.
Where an electronic payment institution plans to suspend part of its business operations, it shall submit a plan which describes the duration of suspension and other necessary information to the competent authority for approval. The electronic payment institution shall also report to the competent authority for record when it plans to resume the business operation at a later date.
The plans in the preceding two paragraphs shall contain the following particulars:
1. The reason for the planned termination or business suspension; and
2. A concrete description of how the rights and obligations of existing users will be handled or alternative methods for providing services.
Article 29 A specialized electronic payment institution having any of the situations below shall report to the competent authority for prior approval:
1. Change of articles of incorporation.
2. Undergoing merger or acquisition.
3. Transferring all or major part of operations or assets to others.
4. Receiving the transfer of all or major part of operations or assets from others.
5. Change of capital.
6. Change of business place.
7. Other matters that require prior approval as prescribed by the competent authority.
Article 30 A specialized electronic payment institution having any of the following situations shall report to the competent authority within one day after becoming aware of the event by stating the particulars of the event and providing related information, and send a copy of the same to the Central Bank of the ROC:
1. Filing a petition with a court for reorganization or filing for or being filed for declaration of bankruptcy by itself or by a stakeholder.
2. Engaging in business equivalent to businesses under the subparagraphs of Paragraph 1, Article 3 of the Act by itself or in cooperation with a foreign institution outside the ROC, whereas the local government takes any of the following actions:
(1) Revoking, suspending or terminating the business permit of the electronic payment institution or the foreign institution.
(2) Disallowing the electronic payment institution or the foreign institution to continue its business operations or halting its business operations.
3. The securities or other financial products invested by the specialized electronic payment institution using the stored funds pursuant to Paragraph 3, Article 21 of the Act are cancelled or seriously impaired in value.
4. Transfer of equity or change of equity structure involving more than ten percent (10%) of its ownership.
5. Having the incidence of bounced check due to insufficient funds, being denied services by banks, or having other events that cause loss of good credit standing.
6. Having a litigious or non-litigious event, or an administrative disposition or administrative lawsuit that has material impact on the finance or business of the institution.
7. Having a situation provided in Subparagraph 1, Paragraph 1, Article 185 of the Company Act.
8. Having a fraud or material deficiency in internal controls.
9. Having an information security breach that results in damage to the interests of users or affects the sound operation of the institution.
10. An director, supervisor or managerial officer has any of the following situations:
(1) Being sentenced to imprisonment for the offense of forging instruments or seals, counterfeiting currency or valuable securities, misappropriation, fraud or breach of trust.
(2) Being sentenced to imprisonment for violating the Banking Act, Financial Holding Company Act, Trust Enterprise Act, Act Governing Bills Finance Business, Financial Assets Securitization Act, Real Estate Securitization Act, Insurance Act, Securities and Exchange Act, Futures Trading Act, Securities Investment Trust and Consulting Act, Foreign Exchange Control Act, Credit Cooperatives Act, Agricultural Finance Act, Farmers’ Association Act, Fishermen’s Association Act, Money Laundering Control Act or other laws regulating financial activity.
11. Other significant events that are sufficient to affect the operations of the electronic payment institution or the interests of its shareholders or users.
Chapter 6 Supplemental Provisions
Article 31 These Rules shall be in force on May 3, 2015.
The amended provisions of these Regulations shall be in force on the date of implementation. |