|Issued on 18 November 2021 per Order No. Jin-Guan-Bao-Shou-Zi- 11004941081 of the Financial Supervisory Commission
|1. These Directions are established as guidance for insurance companies to provide distance insurance contracts and insurance services (hereinafter referred to as the business) for insurance policies for which both the proposer and the insured are natural
2. The business refers to the insurance company's use of video and audio recording in compliance with the principles of protecting personal data and information security to certify a customer's identity and obtain an expression of intent for completing an insurance
application or insurance services.
3. The insurance company shall process the business in accordance with the Insurance Act, Fair Trade Act, Consumer Protection Act, Financial Consumer Protection Act, Personal Data Protection Act, Electronic Signatures Act, Money Laundering Control Act, Counter-Terrorism
Financing Act, and related regulations. It must also incorporate the Directions into its internal control system and ensure its effective implementation.
4. The insurance company shall apply for the pilot program for the business in accordance with the Operation Directions Governing Application by Insurance Enterprises for the Approval of Business Trial. Upon the expiry of the business trial period and the attainment
of the expected results of the business trial, it shall report the results and obtain the approval of the competent authority as a successful case before official implementation.
5. To ensure the progression of distance insurance contracts businesses, the insurance solicitor (hereinafter referred to as the solicitor) may verify the customer's willingness to purchase insurance and prepare the following documents based on the customer's
(1) Insurance application and related insurance application documents.
(2) Personal data collection and processing consent form (if the video or audio files used for the business are temporarily stored in a storage area of the online video communication service provider, the applicant must be notified in the consent form).
(3) Mobile insurance application consent form (except where mobile insurance application is not used).
(4) distance insurance contracts declaration and consent form.
(5) Fund transfer or credit card authorization form.
After the solicitor establishes a link with the customer through the online video communication software and mobile device set up or used by the insurance company, the solicitor and the customer must simultaneously appear in the video in the recording process.
The solicitor is required to display the registration license and explain the service solicited or processed by his/her company or authorized by the insurance company, and confirm the customer's approval for the distance insurance contracts application.
6. With regard to the customer identity verification principles, the insurance company must confirm the identity of the customer to verify that the customer is applying for the insurance. The principles shall include the following items:
(1) The insurance company shall confirm the identity of the customer before entering the video through the mobile ID and member account password login with one-time password or other means approved by the competent authority. However, if the customer is a minor,
the legal representative shall be required confirm his/her identity with one of the aforementioned methods.
(2) The insurance company shall ask the customer to present his or her national ID card or residence permit. In addition to verifying that the customer's appearance matches the photo on the identity document, the insurance company shall establish mechanisms
to detect errors and forgeries in the identity document or check the authenticity of the document with the issuing authority. Minors without a national ID card shall present a health insurance card or passport with a photo.
(3) The insurance company may also adopt biometric identification (e.g., facial biometrics) as an additional identification measure for concluding distance insurance contracts customers to strengthen the identification of the proposer and the insured of the
7.The customer's expression of consent to distance insurance contracts may be expressed in one of the following methods:
(1) The customer shall complete the signature with an electronic signature or electronic certificate on the mobile service platform, website, or electronic file set up or used by the insurance company, and declare his/her consent.
(2) If the insurance company opts to use the biometrics specified in Subparagraph 3 of the preceding point as an additional identity verification measure, after the customer completes the signature in accordance with the preceding subparagraph, it may, with
the confirmation and approval of the customer, use biometrics to confirm the loading of the first signature template in each subsequent signature area for the customer's expression of consent.
The areas in the insurance contract document that require the proposer or insured to personally affix their signatures, including the matters to be communicated to the customer in the insurance application form, must be verified by the customer personally in
the insurance application procedure and processed in accordance with the preceding paragraph. It may not be processed in the form of broad consent, and the insurance enterprise must retain the video and audio record certifying that the customer has read and
agrees to the contents of the insurance policy.
The quality of videos specified in the preceding paragraph must be complete and clear. The resolution must be at least 800 x 600 pixels and the date and time must be recorded. If the insurance company is unable to record the video of the customer's hand when
he/she applies the signature, it is required to record a statement of the customer stating that the customer has personally signed all insurance application documents.
If the insurance company opts to use the biometrics specified in Subparagraph 3 of the preceding point and Subparagraph 2 of Paragraph 1 as an additional identity verification measure, the error rate may not be higher than one-ten-thousandth.
8. If the proposer and the insured are not the same person, the insurance company must complete the procedures for identity verification and expression of approval for the proposer and the insured separately in accordance with the requirements in the two points
If the proposer or insured is a minor, both the minor and his/her legal representative shall be required to appear in the video. The insurance company must complete the procedures for identity verification and expression of approval in accordance with the requirements
in the two points above. However, if the proposer or insured is less than 7 years old, the legal representative shall be required to provide the expression of approval on his/her behalf.
9. The insurance company must request its solicitor to confirm the integrity of the data obtained in accordance with the four preceding points. After confirmation, the data shall be reviewed and approved by the insurance underwriting personnel or the designated
administration personnel or supervisor of a non-solicitor unit to confirm the true intent of the customer's insurance application.
The review of the videos specified in the preceding paragraph shall at least include the following items:
(1) Images of the identification information (image of the face on the front and identity certification document).
(2) Video and audio of the customer's consent for the audio and video recording.
(3) Video and audio of each of the customer's signature for approval or consent for the use of biometrics for expressing the customer's intent.
10. Insurance services specified in Point 1 include distance conservation services, distance claim services, and distance authorization of payment of insurance premiums. The operation methods shall be the same as those in the five preceding points. The documents
required for insurance services shall be adjusted for each insurance service item.
11. With regard to the information security principles, the insurance company must set up the necessary security protection mechanisms for video and audio files for processing the service to ensure personal data security for customers. The principles shall
include the following items:
(1) The insurance company shall at least obtain the ISO 27001 Information Security Management System and Personal Information Management System (PIMS) certification for operating the service. It shall also ensure that the customers' personal data are appropriately
stored, meet the stated purposes for the collection, processing, and use of personal data in accordance with the Personal Data Protection Act, and are securely transmitted and adequately stored.
(2)After completing insurance application or insurance services, the insurance company shall immediately upload the video and audio files to the company's internal server. The files may not be stored on the solicitor's personal device. However, where the upload
cannot be immediately completed due to connection issues, the video and audio files shall be encrypted and stored in the mobile device for up to two hours. They may not be transferred to an external device in any manner. After the time elapses, the files shall
be automatically deleted or blocked to ensure information security. Where online video communication software of an external network is used for the audio or video recording and the audio and video file is temporarily stored in a storage area of the online
video communication service provider, the insurance company shall download the file to the company's internal server within two hours of the upload and verify that the service provider has deleted the file.
(3)The insurance company shall ensure that the video and audio recordings and the insurance application documents are appropriately and completely stored. The storage period may not be less than five years from the termination or expiry of the insurance contract
or five years from the date the decision of non-underwriting is finalized.
12. Before the customer proceeds with the service, the insurance company must clearly inform the customer of the operating environment of the insurance company, procedures, and potential issues that may occur during the video communication process (e.g., connection
interruption) and the adjustment measures to be taken. The insurance company must also remind the customer to ensure the security of the network environment during the video communication process (e.g., do not use public Wi-Fi or public computers, or purchase
insurance policies in a public area).
The insurance company must provide its solicitor with comprehensive training for the business to ensure that they fully understand the operations of the business and the information security risks to pay attention to, and have the ability to help customers
operate in a secure environment before they start processing the business.
13. Where a dispute or litigation arises between the proposer or insured and the insurance company due to the business, the proposer or insured may request the insurance company to provide a backup copy of the video or audio file. The insurance company may
not refuse to provide such files but may impose a charge to cover the cost.
14. In the event of a dispute arising due to the poor communication in the operating process of the business, poor quality of the recording caused by the video or audio recording equipment, or unstable or interrupted network connection, the dispute shall be
interpreted and processed in favor of the proposer or the insured.
15.The insurance company may work with insurance agents, insurance brokers, and banks that operate insurance agent or insurance broker businesses to process the business. The insurance agents, insurance brokers, and banks that operate insurance agent or insurance
broker businesses shall comply with the regulations for the operations of the business established by the partner insurance company. The signatory must also sign related documents in accordance with Article 34 of the Regulations Governing Insurance Agents
and Article 34 of the Regulations Governing Insurance Brokers.
With regard to cases solicited by solicitors of insurance agents and insurance brokers, the insurance company shall store documents that have not been signed separately and request the signatory to sign the documents online in the system.
The insurance company shall request the insurance agents and insurance brokers to ensure that their solicitors and signatories comply with the Directions and bear management responsibilities.