| Chapter 3 Recordkeeping and Notification of Data Transactions and Account Management |
Section 2 Electronic Payment Accounts |
| Article 18 |
When electronic payment institutions implement measures in accordance with the second half of Paragraph 1, Article 8 of the Act, they shall retain the following information and transaction records in hard copy or electronic format:
1. All records obtained through CDD measures, such as copies or records of passports, identity cards, or other similar official identification documents of the user.
2. Contract files.
3. All abnormal transaction records of electronic payment accounts suspected of fraud.
4. Data and records obtained from peer notifications regarding abnormal electronic payment accounts suspected of fraud, in accordance with the regulations in Chapter 2.
The abnormal transactions records of electronic payment accounts suspected of being involved in fraud, as referred in Subparagraph 3 of the preceding paragraph,shall be sufficient to reconstruct individual abnormal transactions, and shall serve as evidence for identifying illegal activity. |
| Article 19 |
Where an electronic payment account is identified as an suspicious electronic payment account involved in fraud, the electronic payment institution shall take the following measures:
1. It shall strengthen the CDD measures for the applicant in accordance with the second half of Paragraph 1, Article 8 of the Act. It may adopt control measures such as continual review, suspension of inward remittances (transfers) or withdrawals, suspension of all or part of the transaction functions, refusal to establish a business relationship or to provide services, and may report to the judicial police authority.
2. Measures to be taken in accordance with the Money Laundering Control Act and other applicable laws and regulations.
When the electronic payment institution reports to the judicial police authority in accordance with the regulations in the preceding paragraph, it shall use the telephone, fax, email, electronic platform, or other feasible means. The institution shall also provide relevant documents related to the suspicious electronic payment accounts, the user’s identity information, relevant transaction records, or other documents required to be provided under the reporting. |
| Article 20 |
After receiving a report from the electronic payment institution, the judicial police authority shall notify the electronic payment institution in writing letter within 20 days regarding the subsequent measures for account monitoring or the release of the abnormal electronic payment accounts involved in fraud. If the judicial police authority fails to notify the electronic payment institution within this period, the electronic payment institution may continue to apply measures.
In case of major contingencies, the judicial police authority may send the notification in the preceding paragraph to the electronic payment institution by telephone, fax, email, or other feasible means, followed by a confirming official letter and documents which should be delivered within five business days. |