Section 3 Management |
Article 25 |
An interbank financial information network enterprise may engage in the following businesses:
1. Settlement for interbank transactions;
2. Information transmission and exchange in connection with transactions between financial institutions;
3. Providing information system disaster recovery service to financial institutions;
4. Planning, counseling and consultation of automated transactions between financial institutions; and
5. Other relevant businesses as designated or approved by the Competent Authority. |
Article 26 |
An interbank financial information network enterprise shall submit information on the date of business commencement, service hours and service items to the Competent Authority for approval before it opens business. The same shall apply to any change to the aforesaid information. |
Article 27 |
With regard to the fees schedule of an interbank financial information network enterprise for financial information services provided, the enterprise shall submit in advance information on its costs and calculation method to obtain the approval of the Competent Authority. The same shall apply to any change to the aforesaid information. |
Article 28 |
An interbank financial information network enterprise shall ensure the confidentiality and security of electronic data transferred to and exchanged with its subscribers and shall be responsible for the accurate transmission, exchange or processing of such data. Where such data are erroneous, destroyed, lost, or otherwise incorrectly transmitted, exchanged, or processed, the enterprise shall be responsible for correction and remediation, and exercise the care of a good administrator.
Unless it is otherwise provided by law, a record of the transmission, exchange or processing referred to in the preceding paragraph shall be kept on file for at least five (5) years. |
Article 29 |
An interbank financial information network enterprise shall draw up business rules for the following items and submit same to the Competent Authority and the Central Bank for recordation. The same shall apply to revisions of those rules.
1. Interbank services and business hours.
2. Interbank information transmission and processing methods.
3. Interbank account settlement methods.
4. Procedures for handling interbank information transmission defect or omission.
5. Methods for transmitting, exchanging and processing information relating to the business of financial institutions.
6. Disaster recovery measures.
7. Other matters relating to interbank financial information service. |
Article 30 |
At the end of each fiscal year, an interbank financial information network enterprise shall submit to the Competent Authority its annual business report and other documents related to the its operations. If deemed necessary, the Competent Authority may dispatch personnel to conduct onsite inspection of an interbank financial information network enterprise, to which the enterprise may not refuse |
Article 31 |
An interbank financial information network enterprise shall maintain the normal operation of its interbank network system. In case of malfunction, the company should remove the problem as soon as possible and maintain its system and related equipment, and if necessary, adopt proper redundancy measures to keep the impact of system malfunction to the minimum.
In case it becomes necessary to stop the transmission, exchange or processing operations due to system malfunction mentioned in the preceding paragraph, an interbank financial information network enterprise should promptly notify its subscribers, the Competent Authority and the Central Bank in advance, unless it has legitimate reasons otherwise. |
Article 32 |
When an interbank financial information network enterprise intends to cease all or part of its business operations, it shall report its plans to the Competent Authority one year prior to cessation of business, and shall not cease business operations without the approval of the Competent Authority. |
Article 33 |
An interbank financial information network enterprise shall carry out its settlement operation of interbank transaction tick-by-tick on a real time basis. |
Article 34 |
To ensure the confidentiality and security of information, an interbank financial information network enterprise shall periodically reassess and improve its maintenance measures and plans for information confidentiality and security controls, and shall report its actions to the Competent Authority for acknowledgement. |
Article 35 |
An internal control system should be put in place in regards to an interbank financial information network enterprise. The enterprise needs to ensure that the system can be implemented effectively and sustainably to solidify business management in the enterprise. |
Article 36 |
The internal audit team of an interbank financial information network enterprise should conduct at least one general inspection and one special inspection each year in regards to the business, finance, asset management and information security. For other management units, at least one special inspection is required. |
Article 37 |
An interbank financial information network enterprise shall establish a self-inspection system. Each team of business, finance, asset management and information security should conduct at least one general self-inspection every six months, and at least one special inspection each month. However, the self-inspection can be exempt during the month of regular inspection conducted by internal and external auditors.
An interbank financial information network enterprise shall continue to follow up on the improvement suggestions raised by internal and external auditors. In addition, the service enterprise should submit a report about how it follows up and improves the related areas in a written form to the board of directors and supervisors as a key indicator of rewards or punishment and performance review. |
Article 38 |
An interbank financial information network enterprise may collect, process or use of personal information for the transactions mentioned in Article 25 of the Regulations; all processes to comply with Article 8 Paragraph 2 Subparagraph 2 in Personal Information Protection Act. Therefore, it is not necessary to notify the Party subject to Article 9 Section 1 of Personal Information Protection Act.
Unless otherwise stipulated in other laws or announcements by the Competent Authority, if their contracts signed with clients include the definitive clauses to specify the source of information and other requirements defined by other laws, when the financial institutions and the financial related businesses appointed by the Competent Authority collect, process, or use the information mentioned in the preceding paragraph via an interbank financial information network enterprise, and fulfill the purpose of the range of the same contracts for collect, inquire, process, use, transmit or submit the clients' information, they do not need to notify the clients consecutively or repetitively. |
Article 39 |
These Regulations shall become effective on the date of promulgation. |