Financial Examination Focus- Financial Examination Focus in 2020-Financial Examination Bureau, Financial Supervisory Commission, R.O.C.

:::

Financial Examination Focus

Main Content

Financial Examination Focus in 2020

2020-05-22

Ⅰ. Preface

Some of the financial examination focuses of the Bureau in 2020 remain the same as those of 2019. Also, in response to financial market conditions and supervisory concerns for each type of financial services firm, we have included some new focuses for 2020, e.g. implementation of anti-money laundering, counter-terrorism financing, and non-proliferation of weapons measures; legal compliance systems; corporate governance; management of information and communication security; financial customer protection; and personal information protection.

Ⅱ. The financial examination focuses of 2020 for each type of financial services firm are as follows:

1. Financial holding companies (FHCs)

A. Compliance with regulations governing anti-money laundering, counter-terrorism financing, and non-proliferation of weapons: The FHC needs to work with FHC subsidiaries to ensure their understanding and compliance with regulations on anti-money laundering (e.g., by reviewing the consistency of the assessment methodology for subsidiaries’ institutional risk assessments (IRA), the quality of their assessment results, and the reasonableness of risk appetite at the group and subsidiary levels), oversee efforts by inspected subsidiaries to carry out corrective action to address anti-money laundering deficiencies, and require other non-inspected subsidiaries to review and revise their anti-money laundering mechanisms.

B. Implementation of legal compliance system: implementation of designs and operations of FHCs’ legal compliance systems, and overseeing efforts by the compliance officers of their subsidiaries (including invested enterprises) to properly introduce, establish, and implement relevant internal rules, so as to ensure the effectiveness of their legal compliance systems.

C. Management of invested enterprises:

a. An FHC should establish appropriate guidelines for investment and M&A management, and implement related measures, including mechanisms for control of confidentiality and insider trading, pre-investment assessments (of such things as potential risks, investment returns, transaction prices, etc.), review and approval procedures, public announcements and filings, legal compliance (e.g. Regulations Governing the Investing Activities of a Financial Holding Company), post-investment monitoring of returns, and risk management.

b. FHCs regularly confirm whether subsidiaries other than the main entities (e.g., banks, insurance companies, and securities firms) are soundly operated and whether they comply with regulatory requirements (including the prevention of conflicts of interest, and control mechanisms for interested-party transactions and management operations, etc.), establish management mechanisms for monitoring and control of overall risk, e.g. risks posed by venture capital subsidiaries (such as the reasonableness of their use of proceeds and the appropriateness of impairment assessments), by asset management subsidiaries (e.g., whether they have established a clear internal control system, etc.), by financial leasing subsidiaries (whether their business operations are in line with their risk-bearing capacity, and whether they have established credit check procedures that ensure fulfillment of the duty of professional care, etc.), and by insurance broker (agent) subsidiaries (e.g., the appropriateness of soliciting, marketing, and expenses, etc.)

D. Corporate governance:

a. Steps to strengthen the functions of the board of directors: Examinations focus on such matters as the organization and functions of the board of directors; the establishment and operation of the audit committee and other functional committees; rules for the proceedings and decision-making procedures of the board of directors; the fiduciary duties and responsibilities of directors; and the establishment of a chief corporate governance officer and other corporate governance officers.

b. Management mechanism for the responsible persons’ concurrent positions and proper levels of responsibility: Examinations focus on the internal management mechanism to confirm whether the responsible persons’ holding of concurrent positions is compliant with the related laws and internal regulations, whether any concurrently held position other than that of chairperson or general manager is in the nature of a directorate-grade officer position, and whether the internal responsibilities have been clearly segregated to preserve a balance of authority and accountability.

c. Mechanisms for reporting the holdings of major shareholders: Examinations focus on mechanisms for identifying the beneficial owners of major shareholders, including: understanding whether major shareholders accurately report their beneficial owners in accordance with regulations; and procedures for discovering major shareholders who fail to comply with regulations.

d. Interested-party transactions:

(a) Examinations focus on mechanisms for control of interested-party transactions, and the legality thereof, including transactions with substantively interested parties and the management of such transactions.

(b) For directors and other interested-parties who are subject to regulatory provisions governing interested-party transactions, examinations focus on whether an FHC has established an appropriate verification mechanism to confirm that they have accurately declared their status as an interested-party.

e. Establishment and implementation of a whistleblower system: Examinations focus on whether a whistleblower system is independent and effective, and whether it actually protects a whistleblower’s interests.

E. Risk management mechanism:

a. Control of total risk exposures in mainland China.

b. Examinations check whether an FHC urges its subsidiaries to properly manage the risks of invested enterprises (including foreign companies) and report essential information to the FHC in order to control group risks.

c. For an FHC director has invested in an enterprise belonging to another industrial group, or with respect to matters with a bearing upon the interests of an interested party of an FHC director, examinations focus on whether the FHC asks such a director to exercise appropriate recusal or strictly adhere to the related rules, and on whether the FHC has established effective mechanisms for internal checks and supervision.

d. Examinations focus on whether FHCs devise policies and groupwide risk management mechanisms to ensure timely responses to changing economic conditions.

F. Examinations focus on whether FHCs supervise and inspect their subsidiaries’ implementation of network system security controls and maintenance of information security, whether they have established effective measures for intrusion detection and defense, and whether they have established emergency response procedures, recovery plans, and customer protection mechanisms to deal with network abnormalities.

G. Personal information protection: Examinations focus on the performance of FHCs and their subsidiaries in handling the following tasks — maintaining the security of customer information that they collect, process, and use; conducting training exercises to prepare for response to any possible leak of personal information; and security maintenance measures for (as well as the legality of) cross-selling operations.

H. Internal audits:

a. Examinations focus on the overall planning of internal audits at an FHC and its subsidiary companies, supervision of audits, adequacy of human resources, and the independence of internal audit units.

b. Examinations focus on: (a) whether the internal audit units of an FHC and its subsidiaries have assigned adequate human resources, given the nature of the audited parties and the key focal points of the audits, to ensure that all subsidiaries (including foreign branches) are effectively audited; (b) whether an oversight mechanism for internal audits (included outsourced audits of foreign branches) has been established; and (c) whether the FHC has strengthened the implementation and management of auditing operations to improve audit quality and ensure proper oversight of corrective actions taken to address identified deficiencies.

c. After an FHC or any of its subsidiaries is examined by a foreign host authority or receives an examination report from a foreign host authority, its internal audit unit is required to promptly report the matter to the FSC in accordance with the materiality principle. Examinations focus on whether there is a mechanism in place to ensure prompt reporting.

d. Examinations focus on what an FHC does to confirm, assess, and supervise the effectiveness of the risk-based auditing systems adopted by its banking subsidiaries.

e. Examinations focus on whether the scope of an FHC internal audit unit’s inspections of subsidiaries other than banks, insurance companies, and securities firms covers their key lines of business and related risks.

2. Domestic banks

A. Examinations focus on compliance by domestic banks (including their OBUs) with regulations governing anti-money laundering, counter-terrorism financing, and non-proliferation of weapons:

a. Institutional risk assessments and internal control system frameworks: Examinations focus on the completeness and reasonableness of institutional risk assessments (especially the measurement of cross-border risk), and the appropriateness and effectiveness of overall internal control frameworks.

b. Customer due diligence and risk level assessments: Examinations focus on — identification of beneficial owners; methodology for customer risk assessments; and the completeness and reasonableness of customer due diligence (should be commensurate with customer risks).

c. Ongoing monitoring of accounts and transactions: Examinations focus on — the reasonableness of transaction monitoring thresholds; the screening and verification of money laundering red flags or signs that customers and their transaction counterparties may meet the conditions for inclusion on a list of specially designated nationals; and the independence and timeliness of monitoring operations.

d. Suspicious transaction reporting procedures, and quality of reporting: Examinations focus on the handling of suspected ML/TF/PF transactions (including reporting, confidentiality procedures, and record keeping operations).

e. Organization and personnel: Examinations focus on — the professionalism and adequacy of the chief officers and personnel; the adequacy of resource allocations; education and training; and the quality and reliability of independent tests by internal audit units and accountants of the effectiveness of AML/CFT/NPW systems.

B. Legal compliance system and its implementation: Examination focal points include: (a) the establishment of a legal compliance department; (b) qualification requirements and training of the chief compliance officer and other compliance personnel, and implementation of the compliance function (including establishment of consultation and communication channels for legal compliance, analysis and reporting of instances involving material compliance deficiencies or malpractice, provision of opinions on the legality of new lines of business or new products, and evaluation of legal compliance self-assessments); (c) the legal compliance of personal information safeguards (including custody and utilization of customer data, and cyber security mechanisms); and (d) compliance with consumer protection requirements in the trust business (including product suitability, real estate development trusts for pre-sale properties and escrow services).

C. Management of overseas risk exposures:

a. Management of foreign branches: Examination focal points include — oversight by the board of directors; head office oversight and allocation of resources to compliance operations at overseas subsidiaries; anti-money laundering operations; credit risk concentration; asset quality; credit checks and post-lending management; operational risks; reporting mechanism for material events; mechanisms for communication with host authorities; regulatory compliance (including the independence and fitness of chief compliance officers and other compliance personnel, the state of compliance with local laws and regulations by overseas branches, and establishment by such branches of compliance risk self-assessment and monitoring and control mechanisms); legal education and ethics evaluations for bank employees; and the implementation of internal audits to verify audit quality and track improvement of deficiencies.

b. Examinations focus on: risk management for investments in foreign securities, and for loans, investments, and interbank loans/deposits in mainland China (including control of exposure limits, correctness of exposure calculations, credit investigation and review for loans, and post-lending management), and management mechanisms for other finance-related enterprises in mainland China.

D. Financial derivatives：

a. Customer credit risk management system: Examinations focus on the legality of — (a) approval and management of credit lines for customers’ hedge and non-hedge transactions; (b) mechanisms for management of customer risk concentration; and (c) internal operating systems and procedures for initial margin and margin call requirements (e.g. what kinds of product require initial margin, what kinds of security can be used as initial margin, and the method for calculating the haircut rates and net collateral value of the securities used as initial margin).

b. Appropriateness of sales operations for financial derivatives and structured products: Examinations focus on know-your-customer (KYC) procedures, grading of product risks, assessment of product suitability, qualification requirements for sales personnel, and the completeness and appropriateness of product risks information, disclosures, and record keeping operations.

c. Valuation and management mechanisms for financial derivatives: For domestic banks that have established a valuation system for high-risk products to offer price quotes and calculate mark-to-market profits and losses on the basis of the asset classification and product categories of the linked underlying assets (high-risk and non-high-risk products), regulations govern the valuation system verification procedures. With respect to non-high-risk products for which the domestic bank has not established a valuation system but instead uses a book building process, regulations set out an internal operation procedure for assessing the reasonableness of prices.

E. Internal control and management of trading rooms: Examinations focus on — the appropriateness of trading limits and authorizations; and the completeness and credibility of front/middle/back office internal control mechanisms as well as the scope of trading rooms’ internal audits and self-inspections.

F. Financial consumer protection:

a. Examinations focus on: know-your-customer (KYC) operations; assessment of product suitability; fairness and reasonableness of contract terms; control of product sale procedures; review procedures for new products; the remuneration system for sales personnel; consumer dispute handling mechanisms; implementation of principles for fair treatment of consumers (including the collection of credit card default charges and interest on revolving credit); implementation of the Measures to Ensure Friendly Financial Services (including financial services measures, such as online banking and mobile apps for the visually impaired); and protection of personal information (e.g., security measures for the collection, processing, and use of personal information, as well as training exercises to prepare for response to any possible leak of personal information).

b. Examinations focus on implementation of internal control measures for preventing wealth management specialists from embezzling client funds.

c. Examinations focus on concurrent operation by banks of insurance broker and insurance agent business (including the solicitation of insurance products, management mechanisms for verification that application documents have been personally signed by the proposer, and mechanisms for verification of customers’ sources of funds for premium payments).

G. Implementation of digital financial services:

a. Examinations focus on: the provision of online banking, online applications, mobile payments, and other financial services; mechanisms for protecting the security of users’ personal information and financial transactions; customer due diligence; and monitoring of unusual transactions.

b. Examinations focus on: security design for e-banking transactions (such as signature certificates, one-time passwords, biometrics, and key storage on mobile devices); provision of security management for application program interface (API) services; and management mechanisms (including regular safety checks) for the development and launch of mobile apps.

H. Implementation of corporate governance system:

a. Fulfillment of the functions of the board of directors: Examination focal points include — the organization and powers of the board of directors; the establishment and operation of the audit committee; oversight of the various business policies and management mechanisms; and the appropriateness of the board’s exercise of its powers in handling and responding to material events (such as major violations of laws and regulations, a significant risk exposure that might adversely affect its financial and business status).

b. Examinations focus on: (a) internal management mechanisms for the responsible persons’ holding of concurrent positions (including whether the responsible persons’ holding of concurrent positions is compliant with the related laws and internal regulations, and whether any concurrently held position other than that of chairperson or general manager is in the nature of a directorate-grade officer position); and (b) whether the company has appointed a chief corporate governance officer and other corporate governance personnel.

c. Examinations focus on: (a) the compliance of interested parties (including substantively interested parties), transactions (including loans, real estate, other transactions), and management and control mechanisms (including the voluntary self-regulatory mechanism for substantively interested parties); (b) whether there are irregularities with respect to strategies, counterparties, and prices for transactions within the group or with substantively interested parties (including major shareholders, directors, and supervisors); (c) and whether those transactions involve conflicts of interest.

d. Independence and effectiveness of the whistleblower system (including the related internal operating procedures and management mechanisms, e.g., the channels for internal and external whistleblowers, and whistleblower protection measures).

I. Management of information and communication security: Examinations focus on such matters as — implementation by the board of directors of information security governance; fulfillment of the functions of the dedicated information security unit and the chief information security officer; control measures for preventing irregularities in server systems and applications (such as the recovery process for major changes to system architecture, integrity testing, source code review, monitoring of batch operations, and monitoring of system resources); control measures for storage, transfer, and retrieval of personal information; security measures for the payment systems like ATM and SWIFT); cyber security measures (e.g., firewall, intrusion detection and prevention, vulnerability scanning, penetration testing, and other security defense measures and patching cadence, system log collection/monitoring/alerts, management of IoT device usage, notification and response mechanisms for cyber-attack incidents); and procedures for collecting and evaluating cyber security information.

J. Business operation systems: Examinations focus on — the issuance of account balance certifications; opening of checking accounts and issuance checkbooks; internal control mechanisms at banks for prevention of loan fraud (including pre-loan review process, credit check procedures, and post-lending management); the compliance of outsourcing of operations; and periodic inspections of cross-border outsourcing operations (e.g., outsourcing of business to cloud service providers).

K. Risk management and regulatory compliance of credit business: Examinations focus on such matters as — the credit investigation system for credit business (including financing and factoring of accounts receivable, mortgage loans, as well as project finance and other types of syndicated loans); risk assessment and analysis; risk pricing; credit reviews; loan approval procedures; post-lending management; implementation of the regulation that prohibits SMEs from making loan approval contingent upon partial re-deposit of the loan proceeds; management of the purpose of loans for industrial land and the flow of loan proceeds; and the compliance status of the granting of loans for idle industrial land.

L. Internal audits:

a. Examinations focus on: the independence of the audit unit; the suitability of audit personnel; compliance with any request from the competent authority to add new internal audit items; mechanisms for reporting of and response to material events; auditing of overseas branches (including the head office’s management of internal audit operations at foreign branches); oversight of how an institution follows up on audit findings and how it implements corrective measures; and benefits achieved through implementation of risk-based auditing.

b. Examinations focus on what an institution’s audit unit has done to strengthen audit screening principles, audit frequency, and key focal points of audits in order to prevent wealth management specialists from embezzling client funds (including business dealings between wealth management specialists and customers, and business dealings between wealth management specialists and their related accounts).

c. Audits of concurrently operated insurance broker or insurance agent businesses.

M. Management of invested enterprises: Examinations focus on — supervision of subsidiaries’ adoption and implementation of related operation and risk control rules (including control mechanisms for interested-party transactions); whether the actual lines of business are consistent with those listed in the original business plan; and whether the institution has established a reporting mechanism and management measures for its subsidiaries’ major business plans, transactions, business performance, and exposures.

N. Concurrent operation by banks of underwriting and dealing businesses involving bonds, beneficiary securities, asset-backed securities: Examinations focus on position limits for the aforementioned lines of business; control procedures for the underwriting of bonds issued by affiliates of the same business group; and risk management and product suitability systems for the aforementioned lines of business.

O. Examinations focus on management of concurrent conduct by banks of electronic payment businesses (including control mechanisms for identity verification and transaction limits).

3. Foreign bank branches in Taiwan

A. Compliance by foreign bank branches in Taiwan (including their OBUs) with regulations governing anti-money laundering, counter-terrorism financing, and non-proliferation of weapons:

a. Institutional risk assessments and internal control system frameworks: Examinations focus on the completeness and reasonableness of institutional risk assessments (especially for the measurement of cross-border risks) and the appropriateness and effectiveness of the overall internal control framework.

e. Organization and personnel: Examinations focus on — the professionalism and adequacy of the chief officers and personnel; the adequacy of resource allocations; education and training; and independent tests by internal audit units of the effectiveness of AML/CFT/NPW systems.

B. Provision by banks of information and consultation services pertaining to offshore financial derivatives: Examinations focus on the state of a bank’s legal compliance with respect to such matters as the clientele served, the scope of products offered, the content of services offered, the offering of price quotes, and the distribution of dividend income.

C. Financial derivatives:

a. Customer credit risk management system.

b. Appropriateness of sales operations for financial derivatives and structured products.

c. Valuation and management mechanisms for financial derivatives.

D. Legal compliance system and compliance with legal limits: Examination focal points include: (a) training for compliance personnel; (b) implementation of compliance functions (e.g. establishment of consultation and communication system for legal compliance; analysis and reporting of significant findings in legal compliance, analysis and reporting of instances involving material compliance deficiencies or malpractice, provision of opinions on the legality of new lines of business or new products, and evaluation of legal compliance self-assessments); and (c) implementation of information security operation, and compliance with legal limits (e.g., control of credit limits in mainland China).

E. Management of outsourcing processes: Examinations focus on such matters as compliance with regulations for outsourcing business; periodic inspections of cross-border outsourcing; and information security and risk management measures for business outsourced to cloud service providers.

F. Personal information protection and management of information and communication security.

G. Concurrent operation by banks of underwriting and dealing businesses involving bonds, beneficiary securities, asset-backed securities: Examinations focus on — position limits for the aforementioned lines of business; control procedures for the underwriting of bonds issued by affiliates of the same business group; and risk management and product suitability systems for the aforementioned lines of business.

H. Management of project finance: Examinations focus on such matters as risk assessment and analysis; measures to strengthen protection of creditor rights; and post-loan management.

I. Examinations focus on what an institution has done to implement and inspect internal control and audit measures for preventing wealth management specialists from embezzling client funds (including business dealings between wealth management specialists and customers, and business dealings between wealth management specialists and their related accounts).

4. Credit cooperatives

A. Compliance with regulations governing anti-money laundering, counter-terrorism financing, and non-proliferation of weapons:

a. Institutional risk assessments and internal control system frameworks: Examinations focus on the completeness and reasonableness of institutional risk assessments, and the appropriateness and effectiveness of the overall internal control framework.

b. Customer due diligence and risk level assessments: Examinations focus on identification of beneficial owners; methodology for customer risk assessments; and the completeness and reasonableness of customer due diligence (should be commensurate with customer risks).

c. Ongoing monitoring of accounts and transactions: Examinations focus on the reasonableness of transaction monitoring thresholds; the screening and verification of money laundering red flags or signs that customers and their transaction counterparties may meet the conditions for inclusion on a list of specially designated nationals; and the independence and timeliness of monitoring operations.

e. Organization and personnel: Examinations focus on the professionalism and adequacy of the chief officers and personnel; the adequacy of resource allocations; education and training; and the quality and reliability of independent tests by internal audit units and accountants of the effectiveness of AML/CFT/NPW systems.

B. Legal compliance system: Examinations focus on such matters as whether laws and regulations are updated in a timely manner, and the appropriateness of legal compliance training courses and legal compliance reports.

C. Credit risk management:

a. Risk management of credit extensions to a single group of related accounts, and large exposures.

b. Risk management, regulatory compliance, and reporting operations for real estate loans: Examinations focus on construction loans, residential loans, home improvement loans, and loans for purchase by builder of completed property.

c. Examinations focus on mechanisms for control of interested-party loans and transactions, and the legality thereof, and whether responsible persons or other personnel have engaged in unusual transactions with customers.

d. The operation of credit review committees, attendance at committee meetings, and resolutions adopted there.

D. Financial customer protection: Examinations focus on such matters as — cooperation with other enterprises to promote the sale of financial products (including mortgage life insurance); whether the examined institution gains a full understanding of financial consumers to ascertain the suitability of products or services; whether the examined institution fully explains the important aspects of financial products, services, and contracts; protection of personal information; consumer dispute resolution mechanisms; implementation of principles for fair treatment of consumers and of the Measures to Ensure Friendly Financial Services; and the reasonableness of methods for calculating default interest and default penalties for late repayments of home loans and unsecured consumer loans.

E. Management of information and communication security: Examinations focus on such matters as — system security for online financial business (including online financial services); transaction security design; cyber security measures (e.g., firewall; intrusion detection and prevention; vulnerability scanning; email social engineering, penetration testing, and other security defense measures and patching cadence, system log collection/monitoring/alerts, management of IoT device usage, notification and response mechanisms for cyber-attack incidents); control measures for storage, transfer, and retrieval of personal information; and procedures for collecting and evaluating cyber security information.

F. Mechanisms for management and control of deposit and withdrawal operations: appropriateness of rules governing deposit and withdrawal operations (including rules that prohibit employees from keeping customers’ seals, passbooks, or blank withdrawal slips already signed/sealed; and rules governing the processing of withdrawals without a passbook); and operation and control mechanisms for supervisor (password) cards.

G. Liquidity control measures: Examinations focus on liquidity risk management policy; whether the institution has established an appropriate information system to measure, and monitor liquidity risk; whether the institution regularly discloses qualitative and quantitative information on liquidity risk management; whether the institution has established liquidity risk management indicators and early warning mechanisms; whether it regularly reviews the sources of funds in large amounts, how such funds are used, and their concentration risk; and whether the institution has established an emergency response plan and procedures for obtaining funds under emergency circumstances.

H. Establishment and implementation of a whistleblower system: Examinations focus on such matters as whether the whistleblower system is independent and effective, and whether it actually protects a whistleblower’s interests.

5. Bill finance companies

A. Compliance with regulations governing anti-money laundering, counter-terrorism financing, and non-proliferation of weapons: Examinations focus on such matters as institutional risk assessments and internal control system frameworks; customer due diligence and risk level assessments; ongoing monitoring of accounts and transactions; suspicious transaction reporting procedures, and quality of reporting; education and training; and the quality and reliability of independent tests by internal audit units and accountants.

B. Corporate governance: Examinations focus on such matters as protection of shareholder interests; strengthening of the functions of directors; fulfillment of the functions of supervisors; respect for stakeholder interests (safeguards for internal whistleblowers); and enhancement of information transparency.

C. Examinations focus on implementation of internal control and legal compliance mechanisms for the granting of credit extensions to interested-parties (including substantively interested parties), and conduct of transactions other than credit extensions with such parties.

D. Examinations focus on the implementation of risk management mechanisms for non-guaranteed commercial paper (including the appropriateness of underwriting limits for non-guaranteed commercial paper issued by individual issuers, and control of a company’s holdings of non-guaranteed commercial paper issued by a single group of related parties or by the members of a single corporate group).

E. Examinations focus on compliance with enhanced controls for guarantee business statutory ratios. For example, for guarantee advances not yet reclassified as non-accrual loans that are counted into the total outstanding amount of endorsements and guarantees, the FSC plans to raise the required ratio for reserves against outstanding real estate guarantees to 1.5% by the end of 2021, and examinations will focus on whether this ratio has been met.

F. Internal operating rules for conduct of the guarantee and endorsement business, and appropriateness and implementation of risk management measures: Examinations focus on such matters as the control of credit concentration risk in such sectors as real estate and leasing.

G. Debt instrument investments and management mechanisms for their position risks: Examinations focus on such matters as investment valuation, price review, and management of interest risks associated with rising interest rates.

H. Examinations focus on such matters as liquidity risk management mechanisms and the implementation thereof (including compliance with the "Self-Regulation for the liquidity Risk Management of Bills Finance Companies").

6. Securities firms

A. Compliance by Securities firms (including their OSUs) with regulations governing anti-money laundering, counter-terrorism financing, and non-proliferation of weapons:

B. Implementation of inspections for insider conflicts of interest: Examinations focus on whether securities firms properly inspect for insider conflicts of interest.

C. Non-restricted purpose loans: Examinations focus on the borrowing and lending financing ratio, the scope of collateral, mark-to-market procedures for collateral, and credit extension and risk control operations.

D. Brokerage trading of foreign securities: Examinations focus on the tailoring of management approaches to fit different investor profiles; KYC operations; segmentation of brokerage investment products by investors; and whether a recommendation contract is signed before recommendations are made.

E. Oversight and management of overseas subsidiaries: Examinations focus on — (a) whether a securities firm has adopted rules that set out required control tasks for its subsidiary companies; (b) whether the firm oversees the efforts of its subsidiaries to establish internal control system; (c) whether the firm has established a mechanism review to check whether the domestic securities investments of the firm’s customers comply with domestic laws and regulations (including a check of KYC due diligence procedures, confirmation that clients’ funds are not derived from Taiwan or mainland China, and confirmation that clients are not nationals of mainland China); and (d) what matters the firm is required to focus on its oversight and management of subsidiaries (including business management, financial matters, operational matters, legal compliance, and management of internal audits).

F. Legal compliance system: Examinations focus on such matters as appropriateness of internal rules, implementation of self-assessments, and the implementation of legal compliance education and training.

G. Corporate governance: Examinations focus on a securities firm’s implementation of corporate governance and measures to strengthen the functions of the board of directors, including such matters as — whether the firm has established a whistleblower system; whether it has appointed a chief corporate governance officer, and how well that officer has implemented compliance matters; and whether the firm observes the prohibition against any independent director serving more than three consecutive terms.

H. Financial consumer protection: Examinations focus on such matters as implementation of the Measures to Ensure Friendly Financial Services; whether the firm has established and properly implemented an internal control system for oversight of account openings and product sales in the wealth management business; whether the firm fully discloses service charges and commissions received; appropriateness of performance bonuses and the firm’s handling consumer complaints; and whether the firm collects, processes, and uses customer information appropriately.

I. Principles for Fair Treatment of Consumers: Examinations focus on a securities firm’s implementation of the Principles for Fair Treatment of Consumers by Financial Services Enterprises.

7. Securities investment trust companies

A. Compliance with regulations governing anti-money laundering, counter-terrorism financing, and non-proliferation of weapons:

B. Examinations focus on the disclosure of dividend distributions of onshore and offshore funds; risk disclosures for high-yield bond funds; the advertisement and marketing documents for target maturity bond funds; fund suitability assessments; and the implementation of know-your-customer (KYC) and know-your-product (KYP) requirements in the course of fund sales.

C. Measures for preventing conflicts of interest with regard to the investment of proprietary funds in other enterprises, and the implementation of related internal controls: Examinations focus on such matters as investments in FinTech industry, insurance agent companies, or insurance broker companies; instances in which an invested company acts as the general partner of a private equity fund; and instances in which a security investment trust company adopts the "seed capital" mechanism to manage a private equity fund or to invest its proprietary funds.

D. Investment trust funds and discretionary investment accounts (including discretionary investment accounts managed by a government-run investment fund): Examinations focus on — (a) instances in which a securities investment trust fund’s manager, or a spouse or minor child of such a manager, or anyone else acting as a nominee thereof, trades in the same instruments as those held by the investment trust fund or held in a discretionary investment account that is managed by that fund; (b) and internal control rules governing analysis reports, decisions, execution records, and review reports regarding investments and transactions conducted by an investment trust fund or through an discretionary investment account in such a fund (including discretionary investment accounts managed by a government-run investment fund), and the implementation of those internal control rules.

E. The offering and sale of bond ETFs, management of discounts and premiums, and how well such an ETF tracks the underlying index.

F. Personal information protection: Examinations focus on such matters as security measures for the storage, processing, and transmission of personal information.

G. Examinations focus on such matters as — (a) implementation and management of information security audit controls; and (b) for securities investment trust companies that have already become a member of the Financial Information Sharing and Analysis Center (F-ISAC), how those members collect and evaluate cyber security information released by the F-ISAC.

H. Management and auditing of sub-distributors, and payment of payment of distribution fees: Examinations focus on such matters as screening of sub-distributors and on-site visits; eligibility criteria for training program participants; the appropriateness of tours incorporated into training programs, and whether there is a reasonable balance between training program tours and professional coursework (education and training for sub-distributors); pre-evaluation and post-review of distribution fees; whether the internal control system includes distribution fee controls; and the reasonableness of distribution fees.

I. Corporate governance: Examinations focus on such things as efforts to strengthen the functions of the board of directors; interested-party transactions; whistleblower protections; and whether the "Stewardship Principles for Institutional Investors" have been implemented in compliance with internal control rules.

8. Life insurance companies

A. Compliance by life insurance companies (including their OIUs) with regulations governing anti-money laundering, counter-terrorism financing, and non-proliferation of weapons:

B. Implementation of legal compliance system:

a. Examinations focus on establishment by insurers with total assets NT$1 trillion or more of a company-wide framework for oversight of compliance risk management.

b. Examinations focus on an insurer’s establishment of a legal compliance department and its mechanisms for familiarizing employees with laws, regulations, and internal rules.

c. Examinations focus on whether, before introducing a new type of service or product, or before undertaking a specific or major use of funds, the insurer issues and signs an opinion affirming that the service, product, or use of funds complies with applicable regulations and internal rules.

d. Examinations focus on each unit’s procedures for the handling of material compliance failures or malfeasance.

e. Examinations focus on compliance training, implementation of compliance self-assessments, and an insurer’s supervision and auditing of its overseas subsidiaries’ compliance with local laws and regulations.

C. Financial consumer protection:

a. Examinations focus on claim settlement notice operations and the processing mechanism for policy proceeds unclaimed.

b. Examinations focus on establishment of a management system for conservation and complaints.

c. Appropriateness of marketing for interest-sensitive insurance products.

d. Appropriateness of marketing for investment-linked products.

e. The establishment and implementation of product suitability policies for insurance products sold to senior citizens.

f. Implementation of amendments to the model provisions for insurance policies.

g. Implementation of the Principles for Underwriting of Policies for Persons with Physical and Mental Disabilities (e.g., whether there is any prejudiced behavior in the solicitation and underwriting of insurance for persons with physical and mental disabilities), and the implementation of the Measures to Ensure Friendly Financial Services as well as the Principles for Fair Treatment of Consumers by Financial Services Enterprises.

D. Marketing and management of insurance products:

a. Examinations focus on management of solicitors (including overseeing solicitors to ensure they fill out solicitation reports correctly).

b. Examinations focus on an insurer’s performance in convening meetings of its insurance product management team, and in reviewing whether its products are legally compliant and reasonably priced.

c. Examinations focus on an insurer’s handling of declared interest rates for interest-sensitive annuity insurance policies, and its management of asset segregation for interest-sensitive insurance products.

d. Examinations focus on management of an insurer’s business dealings with insurance brokers and insurance agents (including the company’s compliance with the regulatory requirement that it must supervise and manage the legal compliance of its brokers and agents).

E. Corporate governance: Examinations focus on such matters as fulfillment of the functions of the board of directors; compliance and control procedures for interested-party transactions; and establishment of a whistleblower system.

F. Foreign investments:

a. Examinations focus on the terms and legal compliance of investments in senior corporate bonds, subordinated corporate bonds, subordinated financial bonds, and international bonds; and management of the associated risks.

b. Examinations focus on an insurer’s pre-investment and post-investment management mechanisms for equity investments in mainland China insurance entities or foreign insurance enterprises (including handling mechanisms to ensure an appropriate response when, at an invested enterprise, there is a major violation of AML/CFT legislation, material malpractice is caused by ineffective internal controls, or another material incident occurs that might affect its reputation or impede normal business operations), and the insurer’s implementation of legal compliance at the invested entities.

c. Examinations focus on the maintenance of custody over foreign assets, qualification criteria for custodian institutions, and the legality of custodial services contracts.

G. Establishment and implementation of internal control systems for domestic securities investments: Examinations focus on such matters as the establishment of investment policies and procedures; post-investment review mechanisms; control mechanisms for front/middle/back office powers and responsibilities; and the appropriateness of mechanisms for preventing conflicts of interest among equity investment staff.

H. Examinations focus on risk management and internal control mechanisms for insurers’ use of funds in special projects and investments in private investment funds and venture capital firms, and the legal compliance of the above.

I. Examinations focus on implementation of Own Risk and Solvency Assessments (ORSA): e.g., the internal implementation of the ORSA (including risk response measures and monitoring mechanisms).

J. Conduct of digital financial services: Examinations focus on management mechanisms (including regular safety checks) for the development and launch of mobile apps; administration of electronic insurance policies; conduct of customer due diligence for online applications and mobile device applications for insurance; confirmation of bona fide intent to purchase insurance; and control mechanisms for underwriting and notifications.

K. Management mechanisms for information and communication security as well as personal information protection:

a. Examinations focus on management mechanisms and security measures for the collection, processing, and use of personal information, and the compliance thereof.

b. Examinations focus on information system security controls and training exercises to prepare for response to any possible leak of personal information.

9. Non-life insurance companies

A. Compliance with regulations governing anti-money laundering, counter-terrorism financing, and non-proliferation of weapons: Examinations focus on such matters as the internal control system for anti-money laundering and counter-terrorism financing; implementation of risk assessment and risk reduction measures; customer due diligence; name screening; ongoing monitoring of accounts and transactions; establishing and integrating the information system; screening for money laundering transactions and filing of suspicious transaction reports; and AML training.

B. Implementation of legal compliance system:

a. Examinations focus on an insurer’s establishment of a legal compliance department and its mechanisms for familiarizing employees with laws, regulations, and internal rules.

b. Examinations focus on whether, before introducing a new type of service or product, or before undertaking a specific or major use of funds, the insurer issues and signs an opinion affirming that the service, product, or use of funds complies with applicable regulations and internal rules.

c. Examinations focus on each unit’s procedures for the handling of material compliance failures or malfeasance.

d. Examinations focus on compliance training, implementation of compliance self-assessments, and an insurer’s supervision and auditing of its overseas subsidiaries’ compliance with local laws and regulations.

C. Financial consumer protection:

a. Examinations focus on the handling of claim settlement notices, and the processing mechanism for policy proceeds unclaimed.

b. Implementation of the Principles for Underwriting of Policies for Persons with Physical and Mental Disabilities: Examinations focus on such matter as — (a) whether there is any prejudiced behavior in the solicitation and underwriting of insurance for persons with physical and mental disabilities); and (b) the implementation of the Measures to Ensure Friendly Financial Services as well as the Principles for Fair Treatment of Consumers by Financial Services Enterprises.

c. State of compliance with the “Mandatory and Prohibitory Provisions of Standard Form Contract for Automobile Insurance."

D. Marketing and management of insurance products:

a. Examinations focus on an insurer’s performance in convening meetings of its insurance product management team, and in reviewing whether its products are legally compliant and reasonably priced.

b. Rate-making for commercial fire insurance and private passenger car physical damage insurance.

c. Management of brokerage & agency channels and cooperation with business entities from other sectors.

E. Establishment and implementation of solicitation, premium collection, underwriting, and claim procedures for voluntary automobile insurance:

a. Examinations focus on such matters as implementation of premium collection and issuance of insurance policies; handling of policy conditions and endorsements that stipulate driver-only coverage; appropriateness of indirect solicitation fees paid to automobile dealers; and whether the insurer properly obtains statements of deductible expenses and pro-forma invoices; and whether the insurer checks the reasonableness of spare part prices.

b. Examinations focus on such matters as handling of underwriting and claim adjustments for compulsory automobile liability insurance; archiving of electronic application forms; and management of insurance application data.

F. Risk management mechanism for funds utilization: Examinations focus on such matters as the compliance of an insurer’s investments in securities and foreign assets, and its related transaction controls and risk management measures.

G. Implementation of Own Risk and Solvency Assessment (ORSA): e.g., the internal implementation of the ORSA (Examinations focus on such matters as risk response measures and monitoring mechanisms etc.).

H. Conduct of digital financial services: Examinations focus on management mechanisms (including regular safety checks) for the development and launch of mobile apps; administration of electronic insurance policies; conduct of customer due diligence for online applications and mobile device applications for insurance; confirmation of bona fide intent to purchase insurance; and control mechanisms for underwriting and notifications.

I. Management mechanisms for information and communication security as well as personal information protection:

a. Examinations focus on management mechanisms and security measures for the collection, processing, and use of personal information, and the compliance thereof.

b. Examinations focus on information system security controls and training exercises to prepare for response to any possible leak of personal information.

J. Corporate governance: Examinations focus on such matters as fulfillment of the functions of the board of directors; compliance and control procedures for interested-party transactions; and establishment of a whistleblower system.

K. Management mechanisms for outward reinsurance: Examinations focus on such matters as management of the obtaining of written confirmations from reinsurers and reinsurance brokers; and mechanisms for checking reinsurers’ qualifications, reinsurance arrangements, and the terms and conditions of original insurance contracts.

Visitor： 1021 　 Update： 2020-05-26

Top