Chapter 2 Internal Control System.
Section 1 Principles and Scope.
| Article 4 | A credit cooperative’s internal control system shall be based on the following principles:
1. Management’s supervisory and control culture: The board of directors (the board) shall be responsible for approving and periodically reviewing overall business strategies and major policies, and the board has the ultimate responsibility for ensuring the establishment and maintenance of a suitable and effective internal control system. Senior management shall be responsible for carrying out the business strategies and policies approved by the board, developing procedures for identifying, measuring, supervising and controlling the credit cooperative’s risks, setting up proper internal control policies and supervising the efficiency and adequacy thereof;
2. Risk identification and evaluation: An effective internal control system shall facilitate the identification and continuous evaluation of material risks that may adversely affect the likelihood of the cooperative achieving its goals, and determine how to respond to related risk to keep it within acceptable range;
3. Control activities and segregation of duties: Control activities shall be a part of a credit cooperative’s daily overall operations. A complete control structure should be established with internal control processes defined at every level. An effective internal control system should contain appropriate segregation of duties, and management and employees shall not be given conflicting responsibilities;
4. Information and communication: A credit cooperative shall keep pertinent and complete financial, operations and compliance information; such information shall be reliable, up to date, easily accessible, and provided in a uniform format. An effective internal control system shall have effective communication channels; and
5. Monitoring activities and remediation of deficiencies: A credit cooperative should continuously monitor the overall effectiveness of its internal control system. The business units, internal auditors and other internal control personnel shall, upon the discovery of deficiencies in such system, report to the appropriate management. Material internal control deficiencies shall be reported to senior management and the board, and be addressed promptly. |
| Article 5 | A credit cooperative’s internal control system shall cover all business activities with the following policies and operating procedures established and timely reviewed:
1. Organization charter or management rules, which shall include a clear organizational system, functions and responsibility of respective department, and clear rules governing authorizations and hierarchy responsibilities.
2. Related business rules, procedures and operational manuals, including:
(1) Cashiers, deposits, extension of credit, and exchange.
(2) Investment guidelines.
(3) Confidentiality of customer data.
(4) Transactions with stakeholders.
(5) Accounting and financial statement preparation process, general affairs, information and human resources (including rules for rotation and vacation).
(6) Management of information disclosure.
(7) Management of outsourcing operation.
(8) Other business rules and operating procedures.
Where necessary, the credit cooperative’s compliance and internal audit units should participate in the drafting, revision or abolishing of operational and management rules and procedures mentioned above. |
| Article 6 | A credit cooperative shall set up a compliance system, a risk management mechanism, an internal audit system, and a self-inspection system to maintain the effective and proper operations of its internal control system. |
| Article 7 | A credit cooperative’s internal control system shall be approved by its board of directors. If any of the directors expresses a dissenting view which is documented or comes with a written statement, the credit cooperative shall submit the dissenting view together with the internal control system approved by the board to its supervisors; the preceding provisions apply when the credit cooperative revises its internal control system. |
Section 2 Compliance System.
Section 3 Risk Management Mechanism.
| Article 11 | A credit cooperative shall draw up pertinent risk management policy and process and set up an independent and effective risk management mechanism to evaluate and monitor its risk bearing capacity, current status of risk exposures, risk response strategies and compliance with risk management process.
The aforementioned risk management policy and process shall be approved by the board of directors, and reviewed and modified at opportune time. |
| Article 12 | A credit cooperative shall set up an independent risk control unit or designate an administrative unit of the head office to take charge of risk control and submit a risk control report to the board of directors on a regular basis, and take prompt and proper measures and report to the board of directors upon discovery of material exposure that might imperil the credit cooperative’s finance, business or compliance. |
| Article 13 | A credit cooperative’s risk control mechanism shall contain the following principles:
1. Monitoring of capital adequacy by scale of business, the status of credit risk, market risk and operational risk, and future business trends;
2. Establishment of management mechanism for measuring and monitoring liquidity position to measure, monitor and control liquidity risk;
3. Carrying out asset allocation and establishing risk management for each business in consideration of overall exposure, own capital and liability characteristics;
4. Establishing methods for assessing the quality and classification of cooperative’s assets, calculating and controlling large-sum exposures, and periodically examining and truthfully setting aside loss provisions; and
5. Establishing information security mechanism and emergency response plan for cooperative’s businesses, transactions, and use of information. |
Section 4 Internal Audit System and Inspection.
| Article 14 | The purposes of the internal audit system are to inspect and evaluate the effectiveness of internal control system and provide timely suggestions for improvement to ensure that the system will continue to be effective and to assist the board of directors and the management in performing their duties. |
| Article 15 | A credit cooperative shall establish an internal audit unit under its board of directors that performs its duties with independent spirit and objectivity, and reports to the boards of directors and supervisors regularly at least once every half a year.
A credit cooperative shall establish the position of chief auditor who oversees the audit business. The chief auditor should have leadership and the capability to effectively oversee the audit work. The qualifications of chief auditor shall comply with the Regulations Governing the Qualifications and Election/Appointment of Membership Representatives, Directors, Supervisors and Managerial Officers of Credit Cooperatives, and such position shall be equivalent to a vice president.
The chief auditor shall not hold concurrent positions other than those specified below:
1. Chief of audit unit.
2. Compliance officer.
3. Officer in charge of money laundering prevention.
The appointment, dismissal or transfer of the chief auditor shall have the consent of at least two third (2/3) of the members of the board of directors and the prior approval of the central competent authority. The appointment, discharge, promotion, reward, punishment, transfer and performance review of audit personnel will be handled by the chief auditor and take effect after approval by the board of directors and subject to the consent of the board of supervisors. Where such action involves the personnel of other administrative or business units, the chief auditor shall first consult the personnel office to seek the consent of the president and then final approval from the chairman of the board. |
| Article 16 | Internal auditors shall perform their duties based on the principles of honesty and credibility and stay free of the following conducts:
1. Concealing knowledge of cooperative’s business activity, financial reporting and compliance status that directly impairs the interests of stakeholders, or making untruthful or improper disclosure.
2. Engaging in conduct exceeding the bounds of audit authority or other illicit activity by disclosing privileged information to others for personal gain or damaging the interests of the credit cooperative.
3. Not withdrawing from audit cases involving business he or she used to perform or is having an interest in.
4. Accepting unjustified entertainment or gratuity or other illicit benefits from credit cooperative employee or customer. Failing to carry out audit or provide related information as instructed by the competent authority.
5. Engaging in activities that violate laws and regulations or is prohibited by the competent authority. |
| Article 17 | The internal audit unit shall undertake the following tasks:
1. A credit cooperative should outline the organization, organizational structure and responsibility of its internal audit unit, and draft the internal audit manual and working papers. The internal audit manual shall contain at least the evaluation of established internal control requirements and business procedures to determine whether the existing requirements and procedures are properly controlled and whether the administrative units and business units faithfully implement internal control and the outcome of implementation is reasonably effective, and to make suggestions for improvement whenever needed.
2. Drawing up the content and procedure for self-inspection and overseeing the self-inspection carried out by respective units.
3. Drafting an annual audit plan and audit plans for individual units in view of the risk exposures and internal audit implementation of respective units.
The credit cooperative should urge respective units to undertake self-inspection. The internal audit unit will review the self-inspection reports produced by respective units, which, together with the internal control deficiencies discovered by the internal audit unit and results of improvement actions taken, will be used as basis for the board of directors, president, chief auditor and compliance officers to assess the effectiveness of the credit cooperative’s internal control system and issue an internal control statement. |
| Article 18 | The duties of an internal auditor include the following:
1. The audit of business and accounting books;
2. The audit of assets and liabilities;
3. The audit of contracts, receipts, bills, rules and statements.
4. Inventory taking of stock and articles in custody.
5. Investigation of internal fraud.
6. Follow-up of improvement actions taken against deficiencies found in financial examination and items to be rectified under the order of the competent authority.
7. Inspection of documents handed over during handover of job.
8. Planning, supervision and audit of self-inspection operation and follow-up of improvement actions taken against deficiencies found in self-inspection.
9. Supervision and investigation of construction projects, large-sum acquisitions, orders, and disposal of assets with respect to price negotiation, price comparison, bidding and award of bid.
10. Audit of clearing of non-performing loans and non-accrual loans, and write-off of bad debt.
11. Follow-up and supervision over forwarding cases involving personnel suspected of business violation to law enforcement and actions of recourse and preservation of properties.
12. Other audit related matters.
The clean-up of past due loans and receivables on demand, and write-off of bad debt mentioned in Subparagraph 10 of the preceding paragraph shall be handled in accordance with the regulations and instructions of the central competent authority. |
| Article 19 | A credit cooperative’s internal audit report in general audit shall, by the nature of the audited unit, disclose the following:
1. The scope of audit, summary evaluation, financial status, capital adequacy, business performance, asset quality, regulatory compliance, internal control, transactions with related parties, procedural control and internal management for respective business, security management of customer data, information management, employee’s education concerning confidentiality, and status of self-inspection; and
2. A status report with regard to status of improvement and inactions by each business unit in response to the examination opinions of or deficiencies found by financial examiner, accountant, or internal auditor or self-inspection personnel, and recommendations enumerated in the internal control statement. |
| Article 20 | The internal audit unit shall conduct general audit and target audit of the business, asset management, and information units at least once a year, and conduct target audit of other administrative units at least once each year.
The credit cooperative’s internal audit unit should include the implementation of regulatory compliance system into the general audit or target audit of business and administrative units.
The internal audit report, working papers and relevant data in the first paragraph shall be retained for at least five years. |
| Article 21 | A credit cooperative shall allocate qualified and a suitable number of full time internal auditors commensurate with the number of business units and the size of such businesses, and such auditors (include computer auditors if the cooperative has an information unit) should perform their duties in an independent, objective and impartial manner.
The credit cooperative’s internal auditors shall meet the following requirements:
1. Having graduated from a college or university and minimum two years of experience in financial business or financial examination; or having graduated from a senior high school or vocational school and minimum three years of experience in financial business or financial examination; or have minimum five years of experience in financial business; or having minimum two years of professional experience as an auditor in a accounting firm, or a programmer or systems analyst in a computer firm and having received minimum three months of training in financial business and management;
2. Free of any record of demerit from employer in the last three years, unless the demerit record was a result of joint disciplinary action on account of the violation or offense of a colleague, and the demerit has been offset by other merits; and
3. The lead auditor shall have minimum three years of experience in audit or insurance examination, or minimum one year of audit experience and five years of experience in financial business. |
| Article 22 | The auditors, lead auditor, and chief and assistant chief of the internal audit unit shall attend at least one session of auditor training class, computer auditing training class, lead auditor training class or chief and assistant chief training class sponsored by a training institution designated by the competent authority. New auditors shall pass the examination of aforesaid training institution and receive a certificate of class completion.
Internal auditors shall attend more than thirty (30) hours of finance-related professional training sponsored by a training institution designated by the competent authority, or the employer credit cooperative each year.
The hours of finance-related professional training received from training institutions designated by the competent authority shall make up at least half of the required training hours specified in the foregoing paragraph.
A credit cooperative shall have a plan for continuous and proper training of personnel involved in self-inspection. |
| Article 23 | A credit cooperative shall affirm that its internal auditors meet the qualifications as stipulated in the Rules herein. The affirmation documents and records shall be filed and saved for future reference. |
| Article 24 | To enhance internal check and balance so as to prevent the occurrence of fraud, a credit cooperative shall establish a self-inspection system. The business, asset management and information units of the credit cooperative shall conduct general self-inspection at least once every half a year, and special self-inspection at least once every month. Notwithstanding the foregoing, special self-inspection is not required in the month when a general self-inspection has been conducted, or when a general business audit has been conducted by the internal audit unit of the credit cooperative or the financial holding company, or when a general business examination has been conducted by the financial examiner, or when the audit department has conducted a full business audit, or when a self-evaluation of regulatory compliance has been conducted.
When conducting self-inspection, the chief of the business, asset management or information units shall assign a personnel other than the one who handles the work to carry out self-inspection, and keep the self-inspection operation confidential beforehand.
The self-inspection report, its working papers and related data shall be retained for at least five years. |
| Article 25 | Officers of a credit cooperative at various levels with the authority to approve cooperative’s business or transactions shall meet any of the requirements below prior to taking office:
1. Having minimum one year of practical experience in conducting internal audits as an employee of the internal audit unit;
2. Having passed the examination and received a certification of course completion in an auditor or computer auditor training course offered by an institution designated by the competent authority.
3. Having passed the test for of banking internal control and internal audit and received a certificate therefore from an institution designated by the competent authority. The content of the test should be comparable to the training course and examination mentioned in the preceding subparagraph.
First-time business unit manager of a credit cooperative shall, in addition to meeting a requirement as provided in the first paragraph hereof and provisions in the Regulations Governing the Qualifications and Election/Appointment of Membership Representatives, Directors, Supervisors and Managerial Officers of Credit Cooperatives, participate in the audit internship of the internal audit unit at least four times in the first half year of appointment. The aforesaid internship shall cover at least one audit item in each audit and at least four audit items cumulatively. The intern shall also produce an internship report for the perusal of the chief auditor. The chief auditor, after approving the report, will issue a certificate and preserve it along with other documents for future reference. |
Section 5 Audits by the Accountant.
| Article 26 | When a credit cooperative engages an accountant to audit its annual financial statements, it shall also ask the same accountant to audit its internal control system and express opinion regarding the accuracy of information provided in the financial statements as well as the implementation of the credit cooperative’s internal control system, regulatory compliance system, and the appropriateness of credit cooperative’s bad debt reserve policy.
The accountant’s audit fees will be at the expense of the credit cooperative as agreed between the credit cooperative and the accountant.
Paragraph 1 does not apply to a credit cooperative which is taken over by the competent authority pursuant to laws. |
| Article 27 | Where necessary, the competent authority may order the credit cooperative and its accountant to provide explanations regarding the audit as described in the preceding article, and ask the credit cooperative to replace its accountant to conduct another audit if the competent authority deems that the accountant is incompetent for the audit work. |
| Article 28 | In carrying out audit as described in Article 26 herein, the accountant shall inform the competent authority immediately in case of any of the following situations:
1. In the process of audit, the accountant was unable to continue the audit work because the credit cooperative did not provide the statements, supporting documents, account books or meeting minutes asked by the accountant or refuse to provide explanation to the inquires of the accountant, or due to the other objective circumstances.
2. The credit cooperative under audit is found to contain untruthful information in its accounting or other records, falsify, or omit accounting or other records, and the situation is of serious nature.
3. The credit cooperative under audit does not have adequate assets to cover its liabilities or its financial conditions markedly deteriorate.
4. Evidence indicates that a transaction of the credit cooperative might bring about material loss to its net assets.
Where the credit cooperative under audit is found to be in any of the situations described in subparagraphs 2 ~ 4 of the preceding paragraph, the accountant shall first submit a summary report to the competent authority based on the audit results. |
| Article 29 | A credit cooperative shall, before the end of April every year, file the previous year’s audit report of its accountant regarding the audits described in Article 26 herein with the Department of Finance of the municipal government or the county (city) government, who will also forward a copy of the report to the central competent authority. Such audit report shall contain at least information on the scope and basis of audit, audit procedure and results.
The accountant of a credit cooperative is obliged to provide relevant information and explanations to the questions raised by the competent authority regarding the audit report. |