|
|
| 1 |
I. When outsourcing operations to a third party, a financial institution shall enter into an agreement with the relevant third party and comply with these Directions.
"Financial institution" as used herein shall include domestic banks, the ROC branches of foreign banks, investment and trust companies, bills finance companies, credit associations, credit departments of farmers' and fishermen's associations, and institutions engaged in the credit card business. |
|
|
| 2 |
II. When outsourcing operations to third parties, a financial institution may not violate any mandatory or prohibitive provision [of the law], public order or good morals, and there shall not be any adverse affect on the financial institution' business operations, management or the interests of the financial institution' customers. A financial institution shall ensure that the Banking Act, the Money Laundering Control Act, the Computer-Processed Personal Data Protection Act and other applicable [laws and] regulations are complied with.
A financial institution shall designate a dedicated department to tightly control and supervise outsourced matters, and conduct regular and irregular audits on such matters and maintain a record thereof. |
|
|
| 3 |
III. When outsourcing operations to third parties, a financial institution shall assure that the Ministry of Finance ("MOF"), the Central Bank of China ("CBC") and the Central Deposit Insurance Company will be able to obtain relevant information or reports and may conduct financial audits. |
|
|
| 4 |
IV. When outsourcing operations to third parties, a financial institution shall carefully select the service provider and confirm that such outsourced matters fall within the permitted scope of business of such service provider.
When outsourcing operations to a third party, a financial institution shall establish emergency measures to prevent the bank's business operations or the customers' interests from being affected because of reduced quality of service by the service provider, the service provider's termination of the service agreement, or the service provider's cessation of business.
When outsourcing operations to a third party, financial institutions shall be responsible to customers whose interests are impaired due to the negligence of a service provider or an employee thereof.
When outsourcing operations to a third party, financial institutions shall implement a consumer dispute resolution procedure and timetable for handling such disputes and establish a department for coordination and conciliation to receive and handle customer complaints. |
|
|
| 5 |
V. A financial institution may outsource matters related to the conduct of its registered lines of business or customer information only if such matters are among the following:
(1) Data processing including input, processing and output of data in the relevant computer system and improvement, control and maintenance of such computer system, and logistical support for data processing in connection with the financial institution's business.
(2) The marketing of credit cards, input of customer information, printing of relevant forms and statements, matters regarding envelope stuffing, matters regarding sorting and mailing, matters regarding computerized or manual card activation, reporting of lost cards, cash advances and emergency services.
(3) Transporting securities, checks, forms and statements, and cash, and delivering cash to ATMs.
(4) Hiring a law firm or real estate closing agent to handle relevant legal matters, and approaching other institutions to handle matters related to taking over title to collateral.
(5) Locating services and auctioning services for automobiles, where repayment on a car loan is overdue (excluding the determination of the floor price for such auctions).
(6) Appraisal of real estate.
(7) Warehousing of relevant documents such as forms, statements and certificates.
(8) Collection of debts.
(9) Matters related to marketing, management (other than the granting or denial of loan applications), [customer] service and consulting for auto loans.
(10) Internal audits (provided that such audits may not be conducted by the certified public accountant who audits such financial institution's finances).
(11) Matters related to drawing negotiable instruments (e.g., checks and drafts) for customers.
(12) Back office functions for international trade financing activities (e.g., the issuance and negotiation of letters of credit and import and export collections).
(13) Verification of the identities and signatures of consumer loan applicants.
(14) Marketing of housing loans.
(15) Electronic customer services (including: automated telephone voice menu systems; telemarketing; management of and response to customer e-mail; inquiries about, and assistance for, electronic banking and electronic commerce customers; and specialized electronic banking customer services).
(16) Marketing of, and identity confirmation for, consumer loans.
(17) Evaluation, classification, packaging and sale of non-performing loans; provided, that such outsourcing agreements shall provide that the service providers and their employees shall not engage in any work or provide any consulting or advisory services which give rise to a conflict of interest with the outsourced services during the term of such outsourcing agreements or for a reasonable period of time after termination/expiry thereof.
(18) Customs clearance, deposit, transportation and delivery of precious metals such as gold bars, silver bars and platinum bars.
(19) Compiling and editing credit analysis reports on customers to whom credit has been extended.
(20) Other matters as approved by the MOF. |
|
|
| 6 |
VI. Under the precondition that outsourcing will affect neither the operations of a financial institution nor the interests of such financial institution's customers, a financial institution may outsource the matters listed in Point V, above, in accordance with internal outsourcing rules approved by its board of directors (or, as regards the Taiwan branch of a foreign bank, by the relevant officer authorized by the head office) of such financial institution.
The above internal outsourcing rules shall clearly specify the below listed matters:
(1) The matters to be handled and scope of operations to be performed by the third party.
(2) The procedures by which customer interests will be protected.
(3) The risk management procedures.
(4) The internal control procedures.
Compliance with internal outsourcing rules shall be included as an item to be reviewed in internal audits. The results of such auditing and the status of handling consumer complaints within the last year shall be disclosed in the internal audit reports. |
|
|
| 7 |
VII. If a financial institution proposes to outsource matters other than those listed in Point 5 of these Directions, and the matters involve conduct of the financial institution's licensed business, or have a bearing on customer interests, the financial institution shall apply to the MOF for prior approval, submitting a copy of the resolution of the board of directors meeting (or, if such institution is the Taiwan branch of a foreign bank, an authorization letter issued by the relevant officer at the head office) authorizing such outsourcing and the relevant outsourcing plan. Such outsourcing plan shall, at a minimum, include:
(1) The matters to be handled and scope of operations to be performed by the third party.
(2) Operations and risk management procedures.
(3) Evaluation of the impact of such outsourcing on the financial institution's business operations.
(4) A description of the actions to be taken to protect customer interests.
(5) An analysis of legal and regulatory compliance issues. |
|
|
| 8 |
VIII. With respect to outsourcing matters that involve customer information, the agreement executed by a financial institution and the customer shall include a provision that requires the financial institution to inform the customer [of the outsourcing]. If the agreement does not include such a provision, the financial institution shall notify its customers in writing of the outsourcing matter, specifying that the customer will be deemed to have consented to such outsourcing unless the customer objects thereto in writing within a reasonable period of time.
A financial institution shall ensure that a service provider hired to handle the outsourcing matters described in the preceding paragraph establishes strict control measures so as to prevent those with access to customer information from disclosing such information or otherwise using such customer information for any inappropriate purposes. |
|
|
| 9 |
IX. A financial institution's outsourcing agreements (including sub-outsourcing agreements) shall, at the minimum, specify the following matters, in order to maintain the quality of the outsourced operations:
(1) The specific outsourced items, and descriptions thereof.
(2) The laws and regulations (including the Banking Act, Money Laundering Control Act, the Computer-Processed Personal Data Protection Act, and other laws and regulations) applicable to financial institutions with which the service providers must comply.
(3) A requirement that the institution hired to handle outsourced operations establish an internal control system and conduct regular and irregular internal audits and immediately notify the outsourcing financial institution if the outsourced operations cannot be duly discharged, or there is difficulty, or a likelihood of difficulty, in performing such operations.
(4) The right of the financial institution to terminate the outsourcing agreement when necessary (including where a competent authority orders termination or cancellation of an outsourcing agreement) by notice to the service provider.
(5) Agreement of the service provider that competent authorities may, in accordance with Article 45 of the Banking Act, check and audit the outsourced matters within the outsourced scope.
(6) Agreement that the service provider shall not use the name of the outsourcing financial institution when dealing with the public in the course of handling the outsourced matters. |
|
|
| 10 |
X. When outsourcing operations to third parties, a financial institution shall comply with the applicable laws regulations, directions, and shall also comply with the operating bylaws and self-regulatory rules adopted by the R.O.C. Bankers Association. |
|
|
| 11 |
XI. In the event that a financial institution violates these Directions the FSC may, depending on the severity of the circumstances, impose appropriate sanctions or suspend all or part of the outsourcing pursuant to Article 61-1 of the Banking Act. |