Article Content
Chapter 3 Recordkeeping and Notification of Data Transactions and Account Management
Section 1 Deposit Accounts
| Article 15 | When deposit business institutions implement measures in accordance with the second half of Paragraph 1, Article 8 of the Act, they shall retain the following information and transaction records in hard copy or electronic format:
1. All records obtained through CDD measures, such as copies or records of passports, identity cards, driving licenses or other similar official identification documents of the account holder.
2. Contract files.
3. All abnormal transaction records of deposit accounts suspected of fraud.
4. Data and records obtained from peer notifications regarding abnormal deposit accounts suspected of fraud, in accordance with the regulations in Chapter 2.
The abnormal transaction records of electronic deposit accounts suspected of being involved in fraud, as referred to in Subparagraph 3 of the preceding paragraph, shall be sufficient to reconstruct individual abnormal transactions and serve as evidence for identifying illegal activity. |
| Article 16 | Where a deposit account is deemed as an abnormal deposit account suspected of fraud, the deposit business institution shall take the following response measures:
It shall strengthen the CDD measures for the account holder in accordance with the second half of Paragraph 1, Article 8 of the Act. It may adopt control measures such as continual review, suspension of deposits or withdrawals, suspension of outward remittance of funds, suspension of all or certain transaction functions, and refusal to establish a business relationship or to provide services, and may report to the judicial police authority.
If a virtual account is watch-listed, the deposit business institution shall suspend all transaction functions of the virtual account and earmark an amount in the deposit account that corresponds to the amount in the virtual account. Subsequent inward remittances of the virtual account shall be returned to the deposit business institution or electronic payment institution that conducted the remittance by refunds. If there is no outward remittance account corresponding to the virtual account to which the remittance can be returned, the deposit business institution shall earmark the amount in the virtual account. The deposit business institution shall immediately notify the account holder to take relevant control measures with regard to the user of the virtual account.
Measures to be taken in accordance with the Money Laundering Control Act and other applicable laws and regulations.
When a deposit business institution notifies the judicial police in accordance with the regulations in the preceding paragraph, it shall use the telephone,fax, email, electronic platform, or other feasible means. It shall also provide documents of abnormal deposit accounts suspected of fraud, the identity of the account holder, relevant transaction records, or other documents required to be provided under the notification method based on the request. |
| Article 17 | After receiving a report from the deposit business institution, the judicial police authority shall notify the deposit business institution in writing letter within 20 days regarding the subsequent measures for account monitoring or the release of the abnormal deposit accounts involved in fraud. If the judicial police authority fails to notify the deposit business institution within this period, the deposit business institution may continue to apply measures.
In case of major contingencies, the judicial police authority may send the notification in the preceding paragraph to the deposit business institution by telephone, fax, email, or other feasible means, followed by a confirming official letter and documents which should be delivered within five business days. |
Section 2 Electronic Payment Accounts
| Article 18 | When electronic payment institutions implement measures in accordance with the second half of Paragraph 1, Article 8 of the Act, they shall retain the following information and transaction records in hard copy or electronic format:
1. All records obtained through CDD measures, such as copies or records of passports, identity cards, or other similar official identification documents of the user.
2. Contract files.
3. All abnormal transaction records of electronic payment accounts suspected of fraud.
4. Data and records obtained from peer notifications regarding abnormal electronic payment accounts suspected of fraud, in accordance with the regulations in Chapter 2.
The abnormal transactions records of electronic payment accounts suspected of being involved in fraud, as referred in Subparagraph 3 of the preceding paragraph,shall be sufficient to reconstruct individual abnormal transactions, and shall serve as evidence for identifying illegal activity. |
| Article 19 | Where an electronic payment account is identified as an suspicious electronic payment account involved in fraud, the electronic payment institution shall take the following measures:
1. It shall strengthen the CDD measures for the applicant in accordance with the second half of Paragraph 1, Article 8 of the Act. It may adopt control measures such as continual review, suspension of inward remittances (transfers) or withdrawals, suspension of all or part of the transaction functions, refusal to establish a business relationship or to provide services, and may report to the judicial police authority.
2. Measures to be taken in accordance with the Money Laundering Control Act and other applicable laws and regulations.
When the electronic payment institution reports to the judicial police authority in accordance with the regulations in the preceding paragraph, it shall use the telephone, fax, email, electronic platform, or other feasible means. The institution shall also provide relevant documents related to the suspicious electronic payment accounts, the user’s identity information, relevant transaction records, or other documents required to be provided under the reporting. |
| Article 20 | After receiving a report from the electronic payment institution, the judicial police authority shall notify the electronic payment institution in writing letter within 20 days regarding the subsequent measures for account monitoring or the release of the abnormal electronic payment accounts involved in fraud. If the judicial police authority fails to notify the electronic payment institution within this period, the electronic payment institution may continue to apply measures.
In case of major contingencies, the judicial police authority may send the notification in the preceding paragraph to the electronic payment institution by telephone, fax, email, or other feasible means, followed by a confirming official letter and documents which should be delivered within five business days. |
Section 3 Credit Cards
| Article 21 | When card issuers implement measures in accordance with the second half of Paragraph 1, Article 8 of the Act, they shall retain the following information and transaction records in hard copy or electronic format:
1. All records obtained through CDD measures, such as copies or records of passports, identity cards, driving licenses or other similar official identification documents of the cardholder.
2. Contract files.
3. All abnormal transaction records of credit cards suspected of fraud.
4. Data and records obtained from peer notifications regarding abnormal credit cards suspected of fraud, in accordance with the regulations in Chapter 2.
The abnormal transaction records of credit cards suspected of being involved in fraud, as referred to in Subparagraph 3 of the preceding paragraph, shall be sufficient to reconstruct individual abnormal transactions and shall serve as evidence for identifying illegal activity. |
| Article 22 | Where a credit card is deemed as an abnormal credit card suspected of fraud, the card issuer shall take the following response measures:
1. It shall strengthen the CDD measures for the customer in accordance with the second half of Paragraph 1, Article 8 of the Act. It may adopt control measures such as continual review, credit card management, suspension of credit card account transaction functions, and refusal to establish a business relationship or to provide services, and may report to the judicial police authority.
2. Measures to be taken in accordance with the Money Laundering Control Act and other applicable laws and regulations.
When a card issuer notifies the judicial police authority in accordance with the regulations in the preceding paragraph, it shall use the telephone, fax, email, electronic platform, or other feasible means. It shall also provide documents of abnormal credit cards suspected of fraud, the identity of the cardholder, relevant transaction records, or other documents required to be provided under the notification method based on the request. |
| Article 23 | After receiving a report from the card issuer, the judicial police authority shall notify the card issuer with an official letter within 20 days to carry out subsequent measures for account monitoring or release of the abnormal credit cards suspected of fraud. The card issuer may continue monitoring if the notification to the card issuer is delayed.
In case of major contingencies, the judicial police authority may send the notification in the preceding paragraph to the card issuer by telephone, fax, email, or other feasible means, followed by a confirming official letter and documents which should be delivered within five business days. |
Section 4 Virtual Asset Accounts
| Article 24 | When virtual asset service providers implement measures in accordance with the second half of Paragraph 1, Article 8 of the Act, they shall retain the following information and transaction records in hard copy or electronic format:
1. All records obtained through CDD measures, such as copies or records of passports, identity cards, driving licenses or other similar official identification documents of the customer.
2. Contract files.
3. All abnormal transaction records of virtual asset accounts suspected of fraud.
4. Data and records obtained from peer notifications regarding abnormal virtual asset accounts suspected of fraud, in accordance with the regulations in Chapter 2.
The abnormal transaction records of virtual asset accounts suspected of being involved in fraud, as referred to in Subparagraph 3 of the preceding paragraph, shall be sufficient to reconstruct individual abnormal transactions and shall serve as evidence for identifying illegal activity. |
| Article 25 | When a virtual asset account is deemed as an abnormal virtual asset account suspected of fraud crime, the virtual asset service provider shall take the following measures:
1. In accordance with the second half of Paragraph 1, Article 8 of the Act, the virtual asset service provider shall strengthen the CDD measures for the customer and may adopt control measures such as continual review, suspension of deposits or withdrawals, suspension of outward remittance of virtual assets and funds, suspension of all or partial transaction functions, and refusal to establish a business relationship, service provision, and other control measures, and may report to the judicial police authority.
2. Measures to be taken in accordance with the Money Laundering Control Act and other applicable laws and regulations.
When a virtual asset service provider notifies the judicial police authority in accordance with the regulations in the preceding paragraph, it shall use the telephone, fax, email, electronic platform, or other feasible means. The virtual asset service provider shall also provide documents of abnormal virtual asset service accounts suspected of fraud crime, the identity of the customer, relevant transaction records, or other documents required to be provided under the notification method . |
| Article 26 | After receiving a report from the virtual asset service provider, the judicial police authority shall notify the virtual asset service provider with an official letter within 20 days to carry out subsequent control measures for account monitoring or lift the control on the abnormal virtual asset accounts suspected of fraud crime. The virtual asset service provider may continue its control measures if the notification to the virtual asset service provider is delayed.
In case of major contingencies, the judicial police authority may send the notification in the preceding paragraph to the virtual asset service provider by telephone, fax, email, or other feasible means, followed by a confirming official letter and documents which should be delivered within five business days after the initial notification. |