| Content: |
- These Directions are set forth for regulating the electronic commerce business of insurance enterprises (referred to as the “Business” hereunder) so as to protect consumer interests and enhance the service effectiveness
of insurance enterprises.
2. When engaging in the Business, insurance enterprises shall follow these Directions, and in addition, the Insurance Act, Fair Trade Act, Consumer Protection Act, Financial Consumer Protection Act, Personal Data Protection Act, Electronic Signatures Act, Money
Laundering Control Act, Counter-Terrorism Financing Act, Regulations Governing Anti-Money Laundering of Financial Institutions, Regulations Governing Implementation of Internal Control and Audit System for Anti-Money Laundering and Countering Terrorism Financing
of Insurance Companies, Post Offices Engaging in Simple Life Insurance Business and Other Financial Institutions Designated by the Financial Supervisory Commission, Regulations Governing Business Solicitation, Policy Underwriting and Claim Adjusting of Insurance
Enterprises, Directions for Promotion of Insurance Business Through Cross-Industry Cooperation (referred to as “Directions for Cross-Industry Cooperation” hereunder), Operation Directions Governing Application by for Insurance Enterprises Applying for the
Approval of Business Trial and other relevant rules and regulations.
- An insurance enterprise that engages in the Business shall set up a website section or webpage or build a mobile insurance application (APP) as a service platform, and its solicitors may not set up their own
service platform.
When an insurance enterprise cooperates with a business in a different industry (referred to as “cross-industry partner” hereunder) in the offering of online insurance business and online insurance services in accordance
with the Directions for Cross-Industry Cooperation, the insurance enterprise shall be responsible for managing, maintaining, and disclosing related information on the website section, webpage or mobile insurance application
(APP) built by its cross-industry partner.
- The term “electronic commerce business” as used in these Directions includes online insurance business and online insurance services.
The term “online insurance business” as used in these Directions
means an applicant (must be a natural person) enters an insurance contract directly with an insurance company in the way of completing the first-time registration and identity verification process and then inputting application information on the webpage and
completing the insurance application and identity verification process via Internet connection with the computer of the insurance company or by visiting the insurance company in person.
The term “online insurance services” under Paragraph 1 hereof means insurance services other than purchasing insurance online offered on-line for a policyholder after completing the registration and identity verification
process via Internet connection with the computer of the insurance company or by visiting the insurance company in person. In addition, “online group insurance services” means group insurance services offered online by an insurance company after the application
unit has applied for such services in writing and designated authorized personnel and the insureds, and the insurance company completing the verification of authorization. However the preceding provision does not apply to services approved by the competent
authority or new business trial applied by an insurance enterprise and approved by the authority.
Online insurance services under the preceding paragraph are detailed in Tables 1 ~ 3 and include other services approved by the competent authority.
When conducting online insurance business, an insurance enterprise should reflect the costs saved therefrom in the loadings of the insurance product.
- An insurance enterprise shall obtain certification of information security management systems (ISO27001) and personal information management system (PIMS) for the Business.
The qualification requirements for an insurance enterprise to apply for conducting online insurance business are as follows:
(1) The enterprise is sound in both finance and business operations and has the capability of conducting online insurance business, and its
ratio of adjusted net capital to risk-based capital in the most recent year conforms to the adequacy ratio set forth in Paragraph 1, Article 143-4 of the Insurance Act.
(2) The enterprise has not been subject to major sanctions and penalties imposed by the competent authority in the most recent year, or if it has, concrete improvement actions have been taken to remedy the violation and recognized
by the competent authority.
(3) The enterprise was ranked in the top eighty percent in the past year in terms of the results of the Treating Customers Fairly Principle evaluation of non-life or life insurance companies. The preceding provision does not apply to a non-life company or a
life company that could provide reasonable explanation (for not ranking in the top eighty percent) and such explanation is approved by the competent authority.
“Major sanctions and penalties” in Subparagraph 2 of the preceding paragraph means major disciplinary actions specified in Article 2 of the Regulations Governing Public Disclosure by the Financial Supervisory Commission
of Material Enforcement Actions for Violations of Financial Legislation.
The requirement for PIMS certification set out in Paragraph 1 hereof shall become effective one year after the amendment of these Directions on May 6, 2021.
6. Non-life insurance enterprises may offer online purchase of non-life insurance products except for the following situations:
(1) The applicant or the insured is not a natural person.
(2) Comprehensive insurance policies that include personal injury or health insurance coverage, as well as any additional clause or endorsement. However the preceding provision does not apply to mountaineering comprehensive
insurance, maritime activities comprehensive insurance, vaccination comprehensive insurance, epidemic comprehensive insurance, and the types of insurance under Paragraph 3 of Direction 7.
(3) The applicant and the insured are not the same person. However the preceding provision does not apply to travel inconvenience insurance an applicant purchases for his or her minor children under seven years of
age, and cost-based vaccination comprehensive insurance they purchase for minor children (excluding death benefits).
(4) The annual premiums of master and rider per policy combined exceed NT$100,000.
The epidemic comprehensive insurance under Subparagraph 2 of the preceding paragraph is limited to coverage of benefits for notifiable infectious diseases that is designed as a primary insurance contract.
7. An insurance enterprise may offer the following types of life insurance products online:
(1) Travel accident insurance and add-on medical reimbursement insurance.
(2) Accident insurance and add-on accidental medical reimbursement insurance.
(3) Term life insurance.
(4) Reimbursement health insurance.
(5) Traditional annuity.
(6) Interest sensitive annuity.
(7) Endowment insurance with coverage period of not more than 20 years and maximum age of maturity up to 75 years old.
(8) Small whole life insurance.
(9) Microinsurance.
(10) Long-term care insurance.
(11) Benefits-in-kind insurance.
(12) Health management insurance.
(13) Investment-linked annuity.
(14) Critical illness health insurance sold through a platform portal designated by the competent authority.
(15) Daily benefit hospitalization insurance.
Purchasers of the life insurance products under the preceding paragraph shall meet the following requirements, and the sum assured shall be limited to the amounts set out in Appendix 1:
(1) The applicant and the insured must be the same person (the preceding provision does not apply to travel accident insurance purchased with a Citizen Digital Certificate or by an applicant for his or her minor children under seven years of age).
(2) The applicant has legal capacity.
(3) The death beneficiary shall be limited to a direct blood relative, spouse or legal heir.
When a non-life insurance enterprise offers driver injury insurance in accordance with applicable rules and regulations for non-life insurance products, it shall be limited to driver accident insurance as add-on to
compulsory automobile liability insurance, or driver accident insurance as add-on to personal automobile third-party liability insurance; the insured shall be limited to driver who is the vehicle owner; the sum assured in case of death, disability or medical
expenses shall be limited to the sum assured for compulsory automobile liability insurance; and the death beneficiary shall be limited to a direct blood relative, spouse or legal heir.
7-1. An insurance enterprise may cooperate with a cross-industry with financial technology expertise such as big data analytics, interface design, software development, Internet of Things (IoT), wireless telecommunication,
etc. to develop innovative insurance products for the Business, and apply for trial in accordance with the Directions for Insurance Enterprise Applying for New Business Trial.
The term “innovative insurance product” under the preceding paragraph includes innovative content or process for products or services.
Insurance enterprises are not subject to the limitations set out in Paragraph 4 of Direction 4, Direction 6 and the preceding direction when conducting business in Paragraph 1.
8. An insurance enterprise that conducts online insurance business shall provide the means approved by the competent authority or one of the means below for customers with legal capacity to carry out first-time registration and identity verification:
(1) Online:
A. The insurance enterprise should post legally required information on the website section, webpage or mobile insurance app built by it or its cross-industry partner, which includes but is not limited to declaration of consent to online insurance purchase
and disclosure obligation pursuant to the Personal Data Protection Act for perusal by the customers, and allow the customer to proceed with first-time registration and identity verification only after the customer has indicated that he/she has read the disclosure
and consented to online insurance purchase.
B. When a customer undergoes first-time registration and identity verification, the customer should be required to fill out basic personal information that is sufficient to verify his/her identity. However, with customer consent, the registration and identity
verification may be carried out in one of the following manners:
a. Through the customer’s online banking account (only if the account is opened by customer at the bank counter in person) or digital deposit account (only if the account is a type 1 account that applies to high-risk electronic transfer of funds and transaction
instruction); or
b. Through the customer’s member account with the cross-industry partner.
C. After a customer has completed the first-time registration and identity verification process, the insurance enterprise should verify the customer’s identity by means of one-time password (OTP), biometrics, mobile ID or
FIDO (Fast Identity Online) and guide the customer to complete identity confirmation.
D. A consumer must complete the first-time registration and identity verification process before starting the insurance purchase operation.
(2) In person:
A. A customer may visit the business place of an insurance enterprise (including its branches) in person to apply for first-time registration and identity verification.
B. The insurance enterprise should provide the customer with legally required information in writing or in another verifiable manner, including but not limited to declaration of consent to online insurance purchase and disclosure obligation pursuant to the
Personal Data Protection Act for perusal and signing by the customers to complete the first-time registration and identity verification process.
C. The customer should provide basic personal information that is sufficient to verify his/her identity.
D. A consumer must complete the first-time registration and identity verification process before starting the insurance purchase operation.
For a customer who has completed the identity verification process under the preceding paragraph and obtained the account password but has not purchased any insurance online with the insurance enterprise (not limited to online purchase) in five (5) years after
completing the application, the customer may not use the account password to purchase insurance online until he/she completes the aforementioned identity verification process again.
9. An insurance enterprise that conducts online insurance services shall provide the means approved by the competent authority or one of the means below for existing policyholders with legal capacity to carry out registration and identity verification:
(1) Online:
A. The insurance enterprise should post the legally required information on its website section, webpage or mobile insurance app built by it, which includes but is not limited to declaration of consent to online insurance services and disclosure obligation
pursuant to the Personal Data Protection Act for perusal by the customers, and allows first-time registration and identity verification by the policyholder after the policyholder has indicated that he/she has read the disclosure and consented to online insurance
services.
B. An existing policyholder may agree online to obtain an account number through the identity verification process or digital certificate. However, with policyholder’s consent, an insurance enterprise may carry out registration and identity verification through
his/her online banking account (only if the account is opened by the policyholder at the bank counter in person) or digital deposit account (only if the account is a type 1 account that applies to high-risk electronic transfer of funds and transaction instruction).
C. After an existing policyholder has completed the online registration and identity verification process, the insurance enterprise should verify the policyholder’s identity by means of one-time password (OTP), biometrics, mobile ID or
FIDO (Fast Identity Online) and guide the policyholder to complete identity confirmation.
D. Policyholders who have completed the registration and identity verification process according to the preceding direction may use the assigned account number to obtain online insurance services.
(2) A policyholder may visit the business place of an insurance enterprise (including its branches) in person to apply for registration and identity verification and receive a password for his/her account after completing the process. The insurance enterprise
should provide the policyholder with legally required information in writing or in another verifiable manner, including but not limited to declaration of consent to online insurance services and disclosure obligation pursuant to the Personal Data Protection
Act for perusal and signing by the policyholder to complete the first-time registration and identity verification process.
For a policyholder who has completed the identity verification process and obtained an account password but has not requested any insurance service online from the insurance enterprise (not limited to online request) in five (5) years after completing the application,
the policyholder may not use the account password to obtain online insurance services until he/she completes the aforementioned identity verification process again.
To request electronic proof of insurance for compulsory automobile liability insurance or inquire fee payment for automobile insurance, policyholders may use the insured’s ID Card number (or Uniform Business ID number or Tax ID number issued by the tax agency)
and vehicle license plate without going through the registration or identity verification process under the preceding paragraph.
10. An insurance enterprise that offers online insurance services for group insurance should allow the existing application units to apply for registration and identity verification according to the following process:
(1) The insurance enterprise should provide the legally required information in writing, which includes but is not limited to declaration of consent to online insurance services and disclosure obligation pursuant to the Personal Data Protection Act. The application
unit should sign and agree on the registered online insurance services and designate authorized personnel to request online insurance services.
(2) The application unit should designate authorized personnel in writing and complete the authorization verification after the insurance enterprise has checked the application document against the seal specimen the application unit has left on file, and sent
an account password to an email address designated by the application unit for the Business.
(3) The application unit should apply in writing to authorize each insured the use of online insurance services. The authorization verification is completed after the insurance enterprise has checked the application document against the seal specimen the application
unit has left on file. The insurance enterprise must check that the application unit that the insured belongs to has completed the aforementioned application procedure before allowing an insured to undergo first-time registration and identity verification
for online insurance services.
For application units that have completed the authorization verification and obtained an account password, the insurance enterprise should set a validity period for the passwords.
11. An insurance enterprise that conducts online insurance business shall comply with the following:
(1) The insurance enterprise should provide on its website section, webpage or mobile insurance app or those built by it or its cross-industry partner a description of all insurance products that may be purchased online and the policy clauses for browsing by
consumers at any time.
(2) After a consumer has entered application data and selected the insurance product to be purchased, the insurance enterprise should prompt on its website section, webpage or mobile insurance app or those built by its cross-industry partner the full text or
link of insurance policy and important content of the insurance product (note to insurance applicants) selected for perusal and agreement by the consumer.
(3) Purchase and identity verification operation: Before the applicant sends the purchase confirmation, the insurance enterprise should verify the applicant’s identity by means of one-time password (OTP), biometrics, mobile ID or
FIDO (Fast Identity Online) and guide the applicant to complete identity confirmation before completing the whole purchase operation.
(4) When an insurance enterprises handles the online purchase of a personal insurance product where the applicant and the insured are not the same person and the applicant registers with his/her Citizen Digital Certificate, the insured shall declare his/her
intent (consent) using the Citizen Digital Certificate only. The insurance enterprise shall also post on its website section, webpage or mobile insurance app or those built by its cross-industry partner in a conspicuous manner a reminder that the relationship
between the applicant and the insured must comply with Article 16 of the Insurance Act.
For personal insurance products that are investment-linked annuities, an insurance enterprise shall implement the following controls and support operations on its website section, webpage or mobile insurance app:
(1) Prompt and inform product features and associated risks; in addition, when a consumer applies to purchase such a product, confirm consumer’s understanding of associated risks and consumer’s intent to purchase the product.
(2) Disclose the entire product content, including but not limited to the following:
1. Policy operation process.
2. Policy benefits.
3. Brief introduction of investment targets.
4. Policy related expenses.
5. Underwriting rules (age and premium limits, etc.)
6. Sales documents (policy clauses and product description) download link.
7. Investment related risks.
8. Reminder about the different time points of premium payment and actual investment.
(3) Confirm in the application process that the policyholder has fully read important sales documents (e.g. policy clauses and product description) and confirm item-by-item that the policyholder understands the important contents of product and investment risks.
(4) Clearly disclose various operating processes. Those operations include but are not limited to the following:
1. Payment of premiums.
2. Underwriting.
3. Phone interview.
4. Policy issue.
5. Refund of premiums in case of underwriting denial or contract cancellation.
(5) Make sure the applicant has given consent to the manner by which the underwriting insurance company will deliver product description and insurance policy in hardcopy or electronic form to the applicant according to applicant’s instruction, and make sure
there are no situations of the applicant being enticed into doing something. If it is agreed with the policyholder that the insurance policy will be provided in electronic form, make sure the underwriting insurance company has established an assistance mechanism
that reminds policyholder to read or download and sign for the receipt of policy if the policyholder fails to do so within a certain period of time and a response mechanism, and would save the record of policyholder perusing or downloading and signing for
the receipt of policy and relevant trail.
(6) Instantly link to the insurance enterprise reporting information system to make sure the cumulative premiums paid by the applicant for insurance policies underwritten by other insurance enterprises does not exceed the amounts set out in Appendix 1.
For traditional individual life insurance products, an insurance enterprise should provide the consumers with a free look period as agreed in the insurance contract.
The disclosure of operating processes mentioned in Subparagraph 4 of Paragraph 2 hereof must be complemented with a timeline that shows the time of each operation. In addition, the difference between the time points of premium payment and actual investment
should be clearly revealed to the policyholder.
The response mechanism mentioned in Subparagraph 5 of Paragraph 2 hereof means when a policyholder fails to read or download and sign for the receipt of policy within 30 days after the insurance enterprise has delivered the policy, the insurance enterprise
should send a hardcopy of the policy to the policyholder for policyholder to read, review and sign for its receipt.
12. Insurance enterprises shall comply with the following provisions regarding the underwriting and reporting of online insurance:
(1) Underwriting of non-life insurance products:
1.When the insurance enterprise receives the application of automobile-related insurance contract and the endorsements, it should enquire the applicant’s insurance and claim settlement records from the compulsory automobile
liability insurance information platform of Taiwan Insurance Institute to avoid erroneous premium calculation and duplicate coverage for compulsory automobile liability insurance; as for voluntary automobile insurance, the insurance enterprise should check
the applicant’s insurance and claim settlement records from the Optional Automobile Insurance Platform of Trade-Van to avoid erroneous premium calculation.
- When the insurance enterprise receives the application for residential fire and basic earthquake insurance or household (home) comprehensive insurance, it should refer to the Reference
Construction Costs of Residential Buildings in Taiwan Area produced by the Non-Life Insurance Association of the ROC and instantly enquire the residential earthquake insurance and reinsurance inquiry platform of Taiwan Residential Earthquake Insurance Fund
to avoid duplicate insurance.
- If the insurance enterprise find any abnormal application or claim settlement record from related platform in the preceding two subparagraph or its internal data, it may not underwrite
online.
(2) Underwriting of life insurance products:
1. When an insurance enterprise processes an online insurance application, it shall link up to the relevant system to report receipt of an application immediately after sending out the payment data and having obtained credit card or remitting bank’s authorization
code, and immediately report underwriting of an insurance policy within 24 hours after the payment is deducted and an insurance contract is entered.
2. The insurance enterprise must check whether its own insurance or claim settlement record on the same applicant shows any irregularity and the sum insured with the same underwriter may not exceed the limits set out in Appendix 1.
3. The insurance enterprise must instantly link to the insurance enterprise reporting information system to make sure the cumulative sum insured of insurance policies underwritten by all insurance enterprises does not exceed the amounts set out in Appendix
1.
4. An insurance enterprise shall carry out the online insurance underwriting process based on the type of insurance and underwriting rules applicable to different sums insured. If physical examination or financial underwriting is required, or the case does
not meet the underwriter’s internal online insurance screening criteria, or there are other irregular circumstances, the case should be switched to manual underwriting according to the insurance underwriting rules.
13. An insurance enterprise shall comply with the following with regard to the payment operation and auxiliary identity verification mechanism for online insurance:
(1) When consumers who have carried out first-time registration and identity verification
on the website section, webpage or mobile insurance application (APP) built by an insurance enterprise or its cross-industry partner purchase insurance online, they can make premium payments only with their own credit card,
or from their own deposit account or electronic payment account (limited to type 1 or type 2 account).
(2) For consumers who purchase a life insurance product and pay premiums with their own credit card or from their own deposit account, the insurance enterprise should establish an auxiliary identity verification mechanism with National Credit Card Center of
the ROC, Financial Information Service Co., and other banks or electronic payment institutions.
(3) For customers who apply for account password using digital certificate or in person, the insurance enterprise may also offer customers the options of making payment via an automated teller machine, at a bank, a chain convenience store or other methods approved
by the competent authority.
(4) An insurance enterprise should notify applicants of the completion of payment deduction and the underwriting process via text message or email and mail a hardcopy or electronic copy of the insurance policy to the applicant.
14. An insurance enterprise that conducts the Business should carry out review in accordance with relevant regulations and its internal control procedures for underwriting, conservation and claim adjusting, and notify the policyholder of the review results
when it is completed.
The notification in the preceding paragraph may be effected by electronic document if so agreed by the policyholder.
15. Except for applicants who purchase compulsory automobile liability insurance, travel accident insurance, comprehensive travel insurance, mountaineering comprehensive insurance, or maritime activities comprehensive
insurance singly and for existing policyholders of non-life insurance who have completed the application procedure online before the existing policy expires and the coverage and the sum insured are the same as the previous year, an insurance enterprise should
confirm the intent of the applicant to purchase an insurance online by performing the following confirmation procedure:
(1) For new policyholders, the insurance enterprise should sample 10% of such applicants for phone interview to confirm their intent to purchase insurance before mailing the insurance policy to them. If it is confirmed that an applicant has no intention to
purchase insurance, the insurance enterprise shall not underwrite a policy. (The preceding provision does not apply if the applicant uses digital certificate or visits the insurance enterprise in person. But such applicants will be included in the sampling
population parameter in Subparagraph 2 hereof).
(2) For existing policyholders, the insurance enterprise should sample 5% of such policyholders for phone interview to confirm their intent to purchase insurance before mailing the insurance policy to them. If it is confirmed that an applicant has no intention
to purchase insurance, the insurance enterprise shall not underwrite a policy.
(3) For purchase of investment-linked annuity, phone interview shall be conducted for all online applications before mailing the policy to the applicant so as to ensure that the applicant understands clearly the content and the risks of investment-linked annuity
and confirm applicant’s intent to purchase the product. No policy shall be underwritten if the phone interview is not completed. In addition, the insurance enterprise should notify and confirm with the applicant that he/she knows an insurance contract has
been entered.
For the phone interview under the preceding paragraph, the insurance enterprise should, with applicant’s consent, tape record the entire interview process and save a copy of the tape. If the applicant has speech or hearing impairment, the insurance enterprise
may use text messaging, email or other viable methods to confirm the applicant’s intent to purchase insurance.
An applicant who purchases personal life insurance with a term of two years or longer may apply to cancel the insurance within ten (10) days starting from the next day of receiving the insurance policy.
16. Rewards and disciplines for insurance enterprises that meet the key indicators for differentiated management set out in Appendix 2 are as follows:
(1) An insurance enterprise that meets all positive indicators may increase the sum assured amounts set out in Appendix 1 by 25% and have the phone interview sampling set out in Paragraph 1 of the preceding direction reduced by one half.
(2) An insurance enterprise that meets one of the negative indicators shall have its sum assured amounts set out in Appendix 1 reduced by 25% and have its phone interview sampling set out in Paragraph 1 of the preceding direction increased by one half.
17. Insurance enterprises may not accept retrospective insurance cases for the Business.
18. An insurance enterprise shall save a backup copy of the electronic record on consumer’s selection or consent.
The retention period for the backup copy mentioned in the preceding paragraph shall not be less than five (5) years after the insurance contract has expired or after the insurance enterprise has notified the applicant of its decision not to underwrite a policy.
19. Disputes arising out of the electronic commerce business of an insurance enterprise shall be handled in accordance with the Insurance Act, Financial Consumer Protection Act and other applicable regulations.
20. Except for Paragraph 2 of Direction 4, Direction 8 and Direction 9, the provisions of these Directions apply mutatis mutandis to online purchase of insurance using other digital certificates than that used by insurance industry.
21. An insurance enterprise should include the contents of these Directions in its internal business solicitation systems and procedures in accordance with Subparagraph 4, Paragraph 1, Article 6 of the Regulations Governing Business Solicitation, Policy Underwriting
and Claim Adjusting of Insurance Enterprises.
An insurance enterprise that conducts the Business should include the contents of these Directions into its internal controls and audit, and perform internal audit and self-inspection.
If an insurance enterprise violates any provision of these Directions, the competent authority may, in view of the severity of violation, take appropriate disciplinary actions in accordance with the Insurance Act and other applicable
regulations.
|