Newsletter
Amendment to the Regulations Governing Implementation of Internal Control and Auditing System of Insurance Enterprises
To establish a differentiated supervision mechanism for large insurance enterprises, encompassing the establishment of the information security management system, the enforcement of compliance and risk management mechanisms and guide insurance enterprises to put in place internal reporting and whistleblower protection mechanisms (the "whistleblower system"), the Financial Supervisory Commission (FSC) proposed draft amendments to the Regulations Governing Implementation of Internal Control and Auditing System of Insurance Enterprises (the "Regulation") after considering the current situation of the financial market, suggestions from insurers and the supervisory needs. The FSC has issued the advance notice of proposed draft amendments which will be promulgated in the near future. The amendments include six amended articles and three new ones. Main points of the amendments are as follows:
A. Under the differentiated supervision mechanism, large insurance enterprises with total assets of more than NTD1 trillion audited by certified public accountants in the previous fiscal year shall make adjustments within six months upon reaching said threshold in accordance with the applicable rules, including:
1. Amended Article 6-1: the insurance enterprise shall set up a dedicated independent information security unit (independent of the IT unit and on the same level of hierarchy in the organization) and shall assign a chief thereof at least at the associate general manager level or higher, and shall specify the powers and responsibilities of the dedicated information security unit and its chief.
2. Amended Article 30: the insurance enterprise shall set up a dedicated compliance unit to handle anti-money laundering and countering terrorism financing (AML/CTF) related matters; however, said unit shall not concurrently handle legal affairs which are irrelevant to the planning, management and implementation of compliance system or other businesses which are in conflict with its duties. The head of compliance of the head office may concurrently head the AML/CTF unit but cannot act concurrently as head of legal or hold other internal positions.
3. Amended Article 32-1: the insurance enterprise shall establish an enterprise-wide compliance and risk management framework and shall stipulate clearly the framework principles and powers and responsibilities, including enterprise-wide compliance and risk management infrastructure, independent compliance function and powers and responsibilities, and the implementation of compliance performance reports and supervision.
B. All insurance enterprises shall have in place an internal reporting system
1. Amended Article 32: the internal reporting system shall include:
a. an independent unit designated by the head office responsible for receiving, responding to and investigating complaints or reports of suspected misconduct
b. confidential reporting SOP (standard operating procedure)
c. confidential procedure and protection of whistleblowers' employment rights.
2. Amended Article 41: Considering that it takes time to adjust the reporting mechanism, this Article is scheduled to take effect six months after the release date for insurers to have enough time to be compliant.