1.These Directions are set forth to safeguard the interests of consumers and regulate the outsourcing operations of insurance enterprises (referred to as "outsourcing" hereunder).
Insurance enterprises should include the particulars of these Directions into their internal control procedures drafted pursuant to Article 5, subparagraph 10 of the Regulations Governing Implementation of Internal Control and Auditing System of Insurance Enterprises.
2.The outsourcing operations of an insurance enterprise shall not violate any mandatory or prohibitive provisions [of law], public order or good customs, and shall observe the Insurance Act, the Money Laundering Control Act, the Computer-Processed Personal Data Protection Act and other applicable laws and] regulations.
An insurance enterprise shall vigorously supervise and manage matters relating to its outsourcing operations, and assume the responsibility of an authorizer.
3.An insurance enterprise that plans to outsource its operations to overseas service providers shall first confirm the following matters and apply to the competent authority for approval:
(1) The insurance enterprise shall obtain a letter of consent on supervisory cooperation from the foreign competent authority. The letter of consent shall contain the following:：
A.The foreign competent authority is aware of the matter and agrees to the performance of outsourced services by the service provider.
B.The foreign competent authority allows the competent authority in Taiwan and the outsourcing insurance enterprise to conduct necessary examination of the outsourced items.
C.The foreign competent authority shall inform the competent authority in Taiwan in advance if it plans to examine the outsourced items.
(2)The insurance enterprise shall describe measures for the protection of customer data and whether customers have given their consent to the outsourcing to ensure the quality of outsourcing service and the interests of customers.
Where an insurance enterprise is unable to obtain the letter of consent mentioned in subparagraph 1 of the preceding paragraph from the foreign competent authority, it shall first acquire a letter of consent from the service provider, agreeing that where necessary, a person designated by the insurance enterprise may examine the outsourced items.
4.Unless it is otherwise provided by law, the outsourcing of business operations by an insurance enterprise shall be limited to the following:
(1)Data entry, processing, output and delivery, development, monitoring, control, and maintenance of information system, and logistical support for data processing in connection with the insurance enterprise's business.
(2)Conducting checking and investigation relating to insurance contract, consumer opinion survey, customer follow-up by telephone, and providing additional services other than the performance of insurance contract (including but not limited to providing free physical examination and free parking, and issuing policyholder card).
(3)Production, printing, mailing, safekeeping and disposal of forms and documents, such as insurance policy, renewal notice, notice of premium payment, notice of suspension in coverage, proof of annual premium payment and other forms and documents relating to the performance of insurance contract.
(4)Overseas emergency assistance and roadside assistance services.
(5)Production, distribution, broadcast and posting of sales advertisements and consumer publications.
(6)Collection of premiums, policy loans and other payments, provided the service provider has been approved by the competent authority.
(7)Collection of debts.
(8)Electronic customer services, including automated voice systems, phone answering service, answering and processing customer e-mails, and electronic commerce related inquiry service and assistance.
(9)Land registration or real estate management services, and disposal of collateral from claim entitlement.
(10) Locating cars with auto loan default and car auction, but excluding the determination of floor price for auction.
(11) Valuation, classification, bundling and sale of non-performing loans; provided such outsourcing agreement stipulates that the service providers and their employees involved in the outsourcing agreement shall not engage in any work or provide any consulting or advisory services which give rise to a conflict of interest with the outsourced services during the term of such outsourcing agreements or during a reasonable period of time after termination/expiry thereof.
(12) Other operations approved by the competent authority for outsourcing.
Except for outsourcing operations stipulated in subparagraph 7 and subparagraph 12 of the preceding paragraph where an insurance enterprise is required to apply to the competent authority for approval pursuant to Point 6 herein, an insurance enterprise shall file its outsourced operations, content and scope in a manner prescribed by the competent authority with the competent authority or an institution designated by the competent authority for other outsourcing operations stipulated in the preceding paragraph.
5.Under the premises that outsourcing will not affect the sound operation of the insurance enterprise, the interests of customers, or regulatory compliance, the insurance enterprise may outsource the operations stipulated in the foregoing point in accordance with its internal outsourcing procedures approved by its board of directors, or by an officer authorized by the head office in the case of a branch of a foreign insurance enterprise in Taiwan.
The internal outsourcing procedures referred to in the preceding paragraph shall specify the following particulars:
(1)The designation of a unit-in-charge and its authority and responsibility.
(2)Scope of operations that may be outsourced.
(3)Internal operation and procedure that assure the protection of customer interests.
(4)Risk management principles and operating procedure.
(5)Internal control principles and operating procedure.
(6)Other outsourcing operations and procedures.
6.If the outsourced operation of an insurance enterprise falls under Point 4, paragraph 1, subparagraph 7 or 12 herein where the approval of the competent authority is required, the insurance enterprise shall apply to the competent authority for approval by submitting the following documents:
(1)An outsourcing plan.
(2)Minutes of the board resolution (or a letter of consent signed by an officer authorized by the head office in the case of the branch of a foreign insurance enterprise in Taiwan)
(3)Regulatory compliance statement.
(4)Review form concerning the qualifications of the service provider.
(5)Other documents as required by the competent authority.
The outsourcing plan mentioned in the preceding paragraph shall contain at the least the following particulars:
(1)The internal control procedure for outsourcing operation drafted pursuant to paragraph 2 of the foregoing point.
(2)Necessity and compliance analysis of outsourcing for business operations.
(4)Other matters as required by the competent authority.
If an insurance enterprise intends to add new service providers to the outsourced operation specified hereof after approval by the competent authority, it shall apply to the competent authority for approval by submitting required documentation as provided in the first paragraph hereof.
The insurance enterprise shall draw up conducts, practices and collection letters in the outsourced collection process according to the samples prepared by the Non-Life Insurance Association of the Republic of China (referred to as the "Non-Life Insurance Association" hereunder) and Life Insurance Association of the Republic of China (referred to as the "Life Insurance Association" hereunder), and have its legal counsel review the collection letters to make sure they do not violate the Directions herein or other applicable rules and regulations before submitting the same to the competent authority for recordation.
An insurance enterprise shall carry out outsourcing specified in this point after approval by the competent authority in accordance with its internal outsourcing procedures drawn up pursuant to Point 5, paragraph 2 herein and relevant provisions in Points 7 through 10 herein.
7.The unit-in-charge assigned by an insurance enterprise for its outsourcing operations pursuant to Point 5, paragraph 2, subparagraph 1 herein shall carry out the following tasks:
(1)Managing outsourced operations in accordance with the internal outsourcing procedures set out in accordance with Point 5 herein.
(2)Supervising the outsourced operations in connection with the protection of customer interests, risk management and internal controls, conducting periodic evaluation, and submitting the findings to the board of directors or officer authorized by the head office in the case of a branch of a foreign insurance enterprise in Taiwan.
(3)Supervising the establishment and implementation of internal control and internal audit system by the service providers.
(4)Drafting and executing the measure for selecting service providers, and ensuring that the outsourced operation is a business item that the selected service provider is legally allowed to operate.
(5)Other matters as required by the competent authority.
The unit-in-charge should check regularly relevant information in the outsourcing service providers and employees registration system created by the Joint Credit Information Center (the "JCIC") and retain a copy of the inquiry record for future reference as a part of insurance enterprise's internal control activities over outsourcing and supervision of service provider's internal control systems.
8.The internal operations and procedures of an insurance enterprise in connection with the outsourcing operations of an insurance enterprise that assure the protection of customer interests as provided in Point 5, paragraph 2, subparagraph 3 herein shall contain at least the following:
(1)Where an outsourced operation involves customer information, the customer information shall be handled in accordance with the Computer-Processed Personal Data Protection Act and the agreement executed by the insurance enterprise and the customer shall include a provision that requires the insurance enterprise to inform the customer [of the outsourcing]. If the agreement does not include such a provision, the insurance enterprise shall notify its customers in writing or by other appropriate means of the outsourcing activity.
(2)The scope of customer information or information of the applicant, the insured and the beneficiary in the insurance contracts to be provided [to the service provider] and procedural method for transferring such information. With respect to the information of the beneficiary, only the basic information of the beneficiary stated in the application form, change of beneficiary, benefit payment and other information that has the beneficiary's written consent (to transfer) may be transferred to the service provider for processing.
(3)Methods for supervising the use, processing and control of aforesaid customer information by the service provider and management mechanism.
(4)Procedure and time limit for handling customer dispute in connection of the outsourcing activity; the insurance enterprise should set up a coordination unit that handles customer complaints.
(5)Other necessary actions for the protection of customer interests.
An insurance enterprise shall be held equally responsible for its customer as provided by law if an intentional act or negligence of its outsourcing service provider or the employee of the service provider results in damage to customer interests.
9.The risk management principles and operating procedure in connection with the outsourcing operations of an insurance enterprise set out pursuant to Point 5, paragraph 2, subparagraph 4 herein shall contain at least the following:
(1)Establishing a risk and benefit analysis system for the outsourcing operations.
(2)Establishing procedure and management measures sufficient to identify, measure, supervise and control risks associated with outsourcing operations.
(3)Drawing up an emergency response plan.
(4)Other matters as required by the competent authority.
10.The internal control principles and operating procedures in connection with outsourcing operations of an insurance enterprise set out pursuant to Point 5, paragraph 2, subparagraph 5 herein shall contain at least the following:
(1)Drawing up and implementing the operating procedure for supervising and managing the scope of outsourcing.
(2)Incorporating the operating procedure in the preceding subparagraph in the overall internal control and internal audit systems of the insurance enterprise.
(3)Supervising the establishment and implementation of internal control and internal audit system by the service provider.
(4)Other matters as required by the competent authority.
11.An insurance enterprise's outsourcing agreement shall specify at least the following:
(1)The scope of outsourcing and the responsibilities of service provider.
(2)A provision requiring the service provider to comply with Point 2 herein.
(3)Management of employees of the service provider assigned to the insurance enterprise.
(4)The service provider is required to carry out internal controls and internal audits in accordance with its standard operating procedures established under the supervision of the insurance enterprise.
(5)Unless with written authorization of the insurance enterprise, the service provider shall not use the name of the insurance enterprise in the course of handling the outsourced items, nor shall the service provider make untruthful advertising.
(6)Material events that would lead to the termination of outsourcing agreement with the service provider, including a provision on termination or revocation of the agreement if so instructed by the competent authority.
(7)The service provider agrees to let the competent authority access relevant data or reports and conduct financial examination with respect to the outsourced items, or provide relevant data or reports within a prescribed time period under the order of the competent authority.
(8)Consumer protection, including the confidentiality of customer data and adoption of security measures.
(9)The service provider is required to carry out consumer protection and risk management in accordance with its standard operating procedures established under the supervision of the insurance enterprise.
(10) Consumer dispute resolution mechanism, including the timetable and procedure for handling dispute and remedial measures.
(11) Other agreements.
The provisions of subparagraphs 8 through 10 of the preceding paragraph do not apply, provided the outsourcing agreement does not involve the interests or personal information of consumers.
Where the outsourcing agreement does not conform to the provisions in the Directions herein, the insurance enterprise may continue its outsourcing activity under the existing agreement until it expires. However if such outsourcing agreement does not have an expiration date, the insurance enterprise shall make adjustment or remedy the nonconformities within six (6) months from the date the Directions are promulgated.
12.Before applying to the competent authority for approving the outsourcing of its debt collection operation, an insurance enterprise shall make sure in advance that the appointed service provider meets the following qualification requirements:
(1) The service provider shall be one of the following:
A.A company having received an establishment registration form or a registration change form issued by the competent authority that indicates "providing money claim management services to insurance enterprises" in the scope of business.
B.A lawfully established law office.
C.A lawfully established accountants office.
(2)The service provider does not incur accumulated loss or its loss does not exceed one third of its paid-in capital. The preceding provision does not apply if the service provider has incurred loss exceeding one third of its paid-in capital, but has completed the capital increase formalities according to applicable regulations.
(3)The collection personnel of the service provider has completed the training course or passed the examination on collection given by Non-Life/Life Insurance Association or an institution sanctioned by such association and received a credential therefor, and is free of the following situations:
A.Having been convicted under final and unappealable judgment of a crime of violence under the Criminal Code, Organized Crime Act, Anti-Hoodlum Act, or Guns, Ammunition and Knives Control Act, or being wanted for a crime of violence in an ongoing case.
B.Having been adjudicated bankruptcy, and has not had rights and privileges reinstated.
C.Having been denied service by the bills clearing house and rejected status has not yet be removed, or having other poor credit record that is still open.
D.Being legally incompetent or having limited legal capacity or being subject to the order of commencement of assistance and such order has not been revoked.
E.Left his or her job for violation of the Directions herein and the employer financial institution or insurance enterprise has reported the matter to the JCIC.
(4)If the collection personnel of the service provider has not completed the training course or passed the examination on collection given by Non-Life/Life Insurance Association or an institution sanctioned by such association and has not received a credential therefor, said personnel shall remedy the situation within two months after taking the post.
(5)The responsible person of the service provider shall be free of the situations described in the subparagraphs under Article 3, paragraph 1 of the Regulations Governing Required Qualifications for Responsible Persons of Insurance Enterprises other than subparagraph 13 therein, and shall issue a statement therefor.
(6)A service provider should be equipped with complete computer facilities necessary for the handling of outsourced items, and the telephones of its relevant personnel should come with a recording system where the recording may be accessed instantly in coordination with the computer system for the purposes of audit or verification in case of a dispute. All phone conversations and field visits of the collection personnel shall be recorded with a copy made and retained for at least six months. The service provider shall not delete or alter its recording record.
13.An insurance enterprise shall conduct regular and unscheduled audit and supervision of the debt collection operation of its service provide to ensure compliance with the following provisions:
(1)A debt collector shall not use violence, intimidation, coercion, verbal abuse, harassment, sham, or false, deceptive or misleading representation against the debtor or any third party, or engage in other illicit debt collection practices that invade the privacy of the debtor.
(2)A debtor collector shall not use harassing means that disrupts the regular living conditions, schooling, work, business or the life of others in the debt collection process.
(3)A debt collector may engage in debt collection from 7:00AM to 10:00PM, unless it is otherwise agreed by the debtor.
(4)A debt collector shall not by any means collect debt by harassing or from a third party.
(5)A debt collector communicating with a third party for the purpose of acquiring the location information about the debtor shall identify himself and state that his purpose is to obtain contact information of the debtor. If so requested by said third party, the debt collector should identify the outsourcing insurance enterprise, and the name of his employer. A debtor collection shall also present a letter of authorization when making field visit.
(6)The service provider or its employees shall not collect payment or any fees from the debtor or any third party for the debt collection work, unless the service provider is collecting withheld salary under a court order for an action in which the service provider is a litigation agent on behalf of the insurance enterprise and has the consent of the insurance enterprise to collect the withheld salary of debtor.
(7)The service provider personnel shall wear ID badge in field visits and record the entire conservation with the debtor or related parties in the course of visit. Unless with the consent of the debtor, the service provider personnel may not at his own discretion enter the residence of the debtor by any means.
Any of the following practices is deemed a false, deceptive or misleading representation mentioned in subparagraph 1 of the preceding paragraph:
(1)False representation or implication that nonpayment of debt will result in the arrest, detainment or other criminal disposition against the debtor.
(2)Informing the debtor that his property will be seized while such property is not subject to seizure according to law.
(3)Collecting fees from the debtor other than the amount of debt owed or collecting fees not claimable under the law.
(4)False representation that nonpayment of debt will result in a court action of arrest, garnishment, seizure or auction.
Any of the following practices is deemed as using harassing means that disrupts the regular living conditions, work, business or the life of others mentioned in subparagraph 2 of paragraph 1 hereof:
(1)Repeatedly or during non-collection hours using telephone, fax, short message, e-mail or other communication means, or visiting the debtor's residence, school, work, or business location or other places to collect debt.
(2)Using post cards for collection or using any language, symbols or other means on the envelope of collection letter that could reveal the debt situation or other private information of the debtor to third parties. The preceding provision does not apply to the name of company.
(3)Using bulletin, signboards or other similar methods that reveals the debt situation or other private information of the debtor to third parties.
14.The outsourcing agreement on debt collection operation entered by an insurance enterprise and a collection agency shall contain at least the following in addition to complying with the provisions in Point 10 herein:
(1)Setting out work guidelines for the service provider, which shall include at least the prohibited conduct and practices provided in Point 13 herein and require that the service provider shall draft specific standards for dismissing or punishing violating employees.
(2)Subcontracting the debt collection work by service provider is prohibited.
(3)The service provider should report the handling of debt collection or customer complaint to the outsourcing insurance enterprise regularly or as needed; when there are situations where the service provider or its employees violate applicable laws and regulations in its internal management or collection operation, the service provider shall immediately report the event to the insurance enterprise.
(4)When recruiting personnel, the service provider shall obtain the written consent of the employee permitting the outsourcing insurance enterprise and JCIC to collect, process and use his personal data.
(5)The service provider shall provide the insurance enterprise with information of departed employee who leaves job due to violation of any subparagraph under Article 13, paragraph 1 herein for posting with JCIC. The posted information shall include:
A.Basic data of the departed employee.
B.Date of departure.
C.Reason for departure.
(6)When outsourcing the debt collection operation to a service provider, an insurance enterprise shall submit the basic information of said service provider to JCIC. The service provider shall agree that the outsourcing insurance enterprise may submit the information on termination of outsourcing agreement due to violation of the Directions herein by the service provider to JCIC for posting. The posted information shall include:
A.Basic information of the service provider.
B.Date of agreement execution and date of its termination.
C.Reasons for violation of the Directions herein.
15.An insurance enterprise shall comply with the following provisions in outsourcing its debt collection operation:
(1)The insurance enterprise shall heed the complaints made by the debtor or any third party regarding debt collection practice, and check the relevant information in the outsourcing service providers and employees registration system created by the JCIC in a regular and timely manner; when there are material incidents under which the service provider should dismiss its unfit employee pursuant to the outsourcing agreement or the insurance enterprise should terminate the outsourcing agreement with the service provider, the insurance enterprise shall take actions in accordance with the Directions herein and the outsourcing agreement.
(2)If the service provider or any of its employees has been reported to the JCIC by other insurance enterprises pursuant to Point 14, subparagraphs 5 and 6 herein, but the incident is not significant enough as grounds for termination of outsourcing agreement, the insurance enterprise should step up the frequency and scope of audit for the service provider.
(3)Where the service provider has engaged in practice that violates a subparagraph under Point 13, paragraph 1 herein and makes it unacceptable to the debtor and the debtor contacts the insurance enterprise directly to negotiate the settlement of debt, the insurance enterprise shall accept the request of the debtor and actively handle the matter.
(4)Where the insurance enterprise finds that its service provider or any of its employees resorts to violence, coercion or intimation in the collection process, it should report the matter to law enforcement agency.
(5)The insurance enterprise shall not give information on people who do not have legal obligation in the performance of debt to its service provider.
(6)Prior to outsourcing its collection operation to a service provider, the insurance enterprise shall send the debtors a written notice, informing them of the name of service provider, amount of debt owed, the duration of retaining collection recording record, telephone number (of the insurance enterprise) for making a complaint, and practices prohibited as provided in the subparagraphs under Point 13, paragraph 1 herein.
(7)The insurance enterprise should make public the basic information of its service provider at its business places and on its website to make it convenient for debtors to check the relevant information of the collection agency.
16.Where the service provider providing debt collection service for an insurance enterprise is referred to the law enforcement agency due to alleged use of violence in the collection process, the insurance enterprise may terminate its outsourcing agreement in view of the severity of the case, and must terminate the outsourcing immediately provided the service provider is indicted.
Where a service provider does not meet the qualification requirements set forth in Point 12 herein, or violates any of the subparagraphs under Point 13, paragraph 1 herein, or violates other laws and regulations, the competent authority may, depending on the severity of the case, instruct the outsourcing insurance enterprise to terminate the outsourcing pursuant to the outsourcing agreement, request the service provider to make improvement within a given period of time, or suspend the outsourcing until the agency (institution) relevant to the qualification or practice of the service provider deems that it has made improvement.
Where an insurance enterprise violates the Directions herein in the outsourcing of its debt collection operation, the competent authority may, depending on the severity of the case, order the insurance enterprise to make improvement within a given time period, or suspend or revoke the permission allowing the insurance enterprise to outsource its debt collection operation.
17.The competent authority or appropriate institutions or persons commissioned by the competent authority may audit the outsourcing operations of an insurance enterprise at the expense of said insurance enterprise.
18.An insurance enterprise shall make adjustment or remedy any nonconformity of its outsourcing operations with these Directions within six (6) months from the date these Directions are promulgated. The preceding provision applies to outsourcing operations of an insurance enterprise that have been approved by the competent authority before the implementation of these Directions.
19.If the outsourcing operations an insurance enterprise violate these Directions, the competent authority may mete out appropriate disciplinary action pursuant to the Insurance Act in view of the severity of violation.