Series Articles on Taiwan's New Anti-Fraud Laws and Regulations (3) – VASP's Anti-Fraud Obligations

In our previous article, Series Articles on Taiwan's New Anti-Fraud Laws and Regulations (1) – Corporate Cooperation Obligations and Preventive Measures under the Fraud Crime Prevention Act , we discussed the inclusion of Virtual Asset Service Providers ("VASPs") within the regulatory framework of the Fraud Crime Hazard Prevention Act (hereinafter referred to as the "Anti-Fraud Act"). In January 2025, the "Overview of Taiwan's Regulatory Measures for Virtual Asset Service Providers" was published, detailing the obligations imposed on VASPs under the Anti-Fraud Act, including their duty to cooperate with judicial police and law enforcement in establishing joint defense and reporting systems to combat fraudulent activities.

This article examines the Anti-Fraud Act and its implementing regulations, namely the "Regulations on Financial Institutions and Virtual Asset Service Providers for the Prevention of Fraud Crime" (hereinafter referred to as the "Anti-Fraud Regulations"), and summarizes the key anti-fraud obligations imposed on VASPs as follows:

1. Enhanced Customer Due Diligence and Account Control Measures
For accounts suspected of involvement in fraudulent activities, VASPs are required to strengthen identity verification. Additionally, VASPs may conduct ongoing due diligence and implement account control measures, including but not limited to suspending all or part of the transaction functionalities, declining to establish a business relationship, or refusing to provide the services (see Article 8, Paragraph 1 of the Anti-Fraud Act; Articles 13 and 25 of the Anti-Fraud Regulations).

2. Information Sharing on Suspicious Accounts upon Industry Request
VASPs may request and exchange information concerning suspicious accounts suspected of fraudulent activities through telephone, email, or other mutually acceptable communication methods with other VASPs. The responding VASP is generally required to provide the requested information within five (5) business days (see Article 8, Paragraph 2 of the Anti-Fraud Act; Article 14 of the Anti-Fraud Regulations).

3. Record-Keeping Requirements
When executing account control measures on suspicious accounts pursuant to the Anti-Fraud Act, VASPs must maintain records in either paper or electronic format. The documentation and transaction records to be preserved include: (1) all records related to customer identity verification, such as the identity card or other official identification documents; (2) contractual agreements and relevant documentation; (3) transaction records of all suspicious activities associated with the account; and (4) information and records obtained through inquiries made to other VASPs (see Article 9, Paragraph 1 of the Anti-Fraud Act; Article 24 of the Anti-Fraud Regulations).

4. Joint Defense Mechanism
Once an account is reported as a watch-listed account, VASPs must immediately review all transactions related to the reported account. If the watch-listed account has transferred virtual assets, the VASP must notify the recipient VASP of the transferred assets.
Additionally, if an individual reports to a VASP in person that they have been defrauded, the VASP must ascertain the details of the fraud, track the flow of the defrauded virtual assets or funds, and assist the victim in contacting the 165 Anti-Fraud Consultation Hotline (hereinafter referred to as the "165 Hotline"). If an individual reports fraud through a VASP's customer service channel, the VASP must direct the individual to contact the 165 Hotline (see Article 10 of the Anti-Fraud Act; Articles 45-47 of the Anti-Fraud Regulations).