July 2018
Amendments to the Regulations Governing Implementation of the Internal Control and Auditing Systems of Insurance Enterprises (Taiwan)
2018.5.29
Sophia Tsai
The Financial Supervisory Commission issued the Jin-Guan-Bao-Cai-10704502401 Directive of May 29, 2018 to promulgate Articles, 6, 25, 30, 33, 38 and 41, as amended, of the Regulations Governing Implementation of the Internal Control and Auditing Systems of Insurance Enterprises (hereinafter, the "Regulations"); and Articles 6-1, 32-1 and 32-2, as added. Except for Article 32-2, which will go into effect six months after its promulgation, the other provisions will go into effect on the day of their promulgation. The amendments are highlighted below:
1. It is specifically stipulated that an insurance enterprise shall set up a dedicated information security unit and supervisor.
Article 6 and Article 6-1 of the Regulations as amended provide that an insurance enterprise shall basically set up a dedicated information security unit and supervisor, who shall not concurrently handle information or other business that has any conflict of interest with their responsibilities, and appropriate manpower and equipment shall be allocated. In addition, an insurance enterprise with a total asset in excess of NT$1 trillion as certified by certified public accountants in the previously accounting year shall set up a dedicated information security unit which may discharge its responsibilities independently and shall assign a person above the level of an assistant vice president or other equivalent positions to serve as the supervisor of the dedicated information security unit.
2. It is specifically stipulated that an insurance enterprise with a total asset in excess of NT$1 trillion shall set up a dedicated compliance unit.
Article 30 of the Regulations as amended provides that an insurance enterprise with a total asset in excess of NT$1 trillion as certified by certified public accountants in the previous accounting year shall set up a dedicated compliance unit, which may concurrently handle relevant anti-money laundering and anti-terrorist financing operations, provided that such unit shall not concurrently handle legal affairs not relevant to the planning, management and implementation of the compliance system or other business having conflicts of interest with its responsibilities. The compliance supervisor of the head office may concurrently serve as the head of the dedicated anti-money laundering and anti-terrorist financing unit. However, such individual shall not concurrently serve as the head of a legal unit or hold another internal position. In addition, a company-wide compliance risk management and supervision framework shall be set up, and its framework principles and accountability requirements shall be specified in accordance with Article 32-1 of the Regulations as amended.
3. An insurance enterprise shall set up an internal whistle-blowing system.
Article 32-2 of the Regulations provides that an insurance enterprise shall set up an internal whistle-blowing system, and a unit that discharges its responsibilities independently as designated by the head office shall be in charge of accepting and investigating whistle-blowing cases. The effective date of this portion shall be six months after promulgation pursuant to Article 41, Paragraph 2 of the Regulations as amended.
4. An insurance enterprise with any subsidiary is included in entities required to set up a group-level anti-money laundering and anti-terrorist financing plan.
Article 38 of the Regulations as amended provides that an insurance enterprise with any subsidiary shall be included in entities required to set up a group-level anti-money laundering and anti-terrorist financing plan.
Sophia Tsai
The Financial Supervisory Commission issued the Jin-Guan-Bao-Cai-10704502401 Directive of May 29, 2018 to promulgate Articles, 6, 25, 30, 33, 38 and 41, as amended, of the Regulations Governing Implementation of the Internal Control and Auditing Systems of Insurance Enterprises (hereinafter, the "Regulations"); and Articles 6-1, 32-1 and 32-2, as added. Except for Article 32-2, which will go into effect six months after its promulgation, the other provisions will go into effect on the day of their promulgation. The amendments are highlighted below:
1. It is specifically stipulated that an insurance enterprise shall set up a dedicated information security unit and supervisor.
Article 6 and Article 6-1 of the Regulations as amended provide that an insurance enterprise shall basically set up a dedicated information security unit and supervisor, who shall not concurrently handle information or other business that has any conflict of interest with their responsibilities, and appropriate manpower and equipment shall be allocated. In addition, an insurance enterprise with a total asset in excess of NT$1 trillion as certified by certified public accountants in the previously accounting year shall set up a dedicated information security unit which may discharge its responsibilities independently and shall assign a person above the level of an assistant vice president or other equivalent positions to serve as the supervisor of the dedicated information security unit.
2. It is specifically stipulated that an insurance enterprise with a total asset in excess of NT$1 trillion shall set up a dedicated compliance unit.
Article 30 of the Regulations as amended provides that an insurance enterprise with a total asset in excess of NT$1 trillion as certified by certified public accountants in the previous accounting year shall set up a dedicated compliance unit, which may concurrently handle relevant anti-money laundering and anti-terrorist financing operations, provided that such unit shall not concurrently handle legal affairs not relevant to the planning, management and implementation of the compliance system or other business having conflicts of interest with its responsibilities. The compliance supervisor of the head office may concurrently serve as the head of the dedicated anti-money laundering and anti-terrorist financing unit. However, such individual shall not concurrently serve as the head of a legal unit or hold another internal position. In addition, a company-wide compliance risk management and supervision framework shall be set up, and its framework principles and accountability requirements shall be specified in accordance with Article 32-1 of the Regulations as amended.
3. An insurance enterprise shall set up an internal whistle-blowing system.
Article 32-2 of the Regulations provides that an insurance enterprise shall set up an internal whistle-blowing system, and a unit that discharges its responsibilities independently as designated by the head office shall be in charge of accepting and investigating whistle-blowing cases. The effective date of this portion shall be six months after promulgation pursuant to Article 41, Paragraph 2 of the Regulations as amended.
4. An insurance enterprise with any subsidiary is included in entities required to set up a group-level anti-money laundering and anti-terrorist financing plan.
Article 38 of the Regulations as amended provides that an insurance enterprise with any subsidiary shall be included in entities required to set up a group-level anti-money laundering and anti-terrorist financing plan.
