The FSC introduced amendments to partial articles of the Regulations on May 29, 2018, in order to increase insurance industry’s information security awareness, urge big insurance companies to establish differentiated regulatory compliance risk management mechanisms, to set up insurance industry’s internal report systems and to increase the subjects that the required anti-money laundering and combating the financing of terrorism (AML/CFT) plan at group level shall apply to.

The key amendments are as follows:

1. In order to increase information security awareness of insurance industry, insurance companies are required to set up a business unit and a full-time officer to take charge of information security activities and adopt differentiated management approaches based on asset size of the company.

2. In order to improve the regulatory compliance performance of domestic big insurance companies, insurance companies with total asset value over NT$ one trillion are required to set up a regulatory compliance unit, which may concurrently take charge of AML/CFT-related matters. The unit shall not concurrently engage in legal affairs that are not related to regulatory compliance system and other activities that have conflict of interest with its duties. The regulatory compliance officer at the headquarters may concurrently assume the position of the AML/CFT unit head, but shall not assume any other positions in the legal affairs unit or other internal units.

3. Big insurance companies shall establish company-wide regulatory risk management and supervision framework and lay down overall principles and rules about related responsibilities and authority, including creation of a company-wide regulatory risk management and supervision framework and independent regulatory risk management organization and duties and effective regulatory compliance performance reporting and supervision.

4. A specific deadline is imposed on insurance companies for establishment of internal report system and designation of an independent unit with appropriate authority to take charge of review and investigation of reported cases at the headquarters.

5. Insurance companies with subsidiaries shall prepare an AML/CFT plan at group level.