The FSC orders that a bills finance company with a net worth of over NT$10 billion and an asset of over NT$100 billion shall set up an information security supervisor (Taiwan)

2018.10.1
Fang-Wei Lin

The Financial Supervisory Commission (hereinafter, the “FSC”) issued the Jin-Guan-Yin-Piao-10702147250 Circular of October 1, 2018 (hereinafter, the “Circular”) to communicate the “other requirements” imposed by the competent authority on a bills finance company under the proviso of Paragraph 1 of Article 38-1 of the Implementation Rules of Internal Audit and Internal Control System of Financial Holding Companies and Banking Industries as follows:

Firstly, the Circular requires that a bills finance company with a net worth of over NT$10 billion and a total asset in excess of NT$100 billion as of the closing of the previous accounting year shall set up an information security supervisor and information security officers.  If such scale is not reached, at least one information security officer shall be set up.  The information security supervisors and information security officers shall not concurrently conduct business in conflict with their duties except that they may concurrently perform IT-related duties, and shall at least receive 15 hours of professional information security training or functional training.

This Circular also requires that the information security supervisor and information security officers of a bills finance company shall be responsible for planning, monitoring and implementing information security management operation, and their unit supervisor as well as the chairman, general manager, and auditor general shall jointly issue a statement on the overall status of information security with respect to the overall information security status for the previous year and submit the same to the board of directors within three months after the end of each accounting year.

This Circular came into effect on the day of its issuance, and a bills finance company shall make adjustments within six months after meeting the applicable requirements.