Taiwan's anti-money laundering legislation is embodied in The Money Laundering Control Act, 1996 (amended in 2003, 2006, 2007, 2008, and 2009, hereinafter the “Act”).
Under Article 5 of the Act, banks, trust and investment corporations, credit cooperative associations, credit department of farmers’ associations, credit department of fishermen’s associations, Agricultural
Bank of Taiwan, postal service institutions which also handle the money transactions of deposit, transfer and withdrawal, negotiable instrument finance corporations, credit card companies, insurance
companies, securities brokers, securities investment and trust enterprises, securities finance enterprises, securities investment consulting enterprises, securities central depository enterprises, futures
brokers, trust enterprises, and other financial institutions designated by the Financial Supervisory Commission (hereinafter the “FSC”) fall within the definition of “financial institutions” and are thus subject to
jewellery, retail businesses and other institutions having the risk of being used for money laundering and having been designated by the Ministry of Justices in consultation with such institutions’
As of Nov 2014, each type of “financial institution” under Article 5 of the Act, except Agricultural Bank and securities central depository enterprises, has respective, standalone AML practical guidance. While
There is no requirement to retrospectively verify the identity of customers before the Act was adopted and became effective. However, in any of following events, financial institutions are required to verify a
customer’s identity even after the customer has a pre-existing relationship with the financial institution:
a) any domestic transfer or remittance that exceeds TWD30,000 (approx. USD900);
b) discovery of a transaction suspicious of money laundering or financing of terrorism, or remittance from countries or regions with high risk of money laundering or financing of terrorism; or
c) suspicion of authenticity or sufficiency of customer identity information having previously acquired.
Taiwan has not been the subject of a FATF Mutual Evaluation since 2008.
Under applicable practical guidance, customer due diligence is required upon:
a) the establishment of business relationship;
b) discovery of a transaction which raises suspicion of money laundering or financing of terrorism, or remittance from countries or regions with a high risk of money laundering or financing of terrorism;
c) suspicion of authenticity or sufficiency of customer identity information having previously acquired, regardless of any transaction threshold.
In the case of one-off transactions, customer due diligence is required where:
a) single receipt or payment of cash or exchange of new bills exceeds TWD500,000 (approx. USD15,000); or
b) domestic cash remittance exceeds TWD30,000 (approx. USD900) but lower than TWD500,000 (approx. USD15,000). In addition, customer due diligence is also required for any domestic transfer
or remittance that exceeds TWD30,000 (approx. USD900).
a) identification of customer and verification of identity must be based on reliable, independent original copy, information or data, the photocopies of which must be kept in custody or on record;
b) in cases where an agent carries out an account-opening or a transaction, the authority must be verified and the identity of the agent must be confirmed by way of a) above;
c) reasonable measures to identify and verify the beneficiary of a customer must be adopted; and
d) verification of customer identity should include inquiries on the purpose and nature of business.
When a customer is trustee of a trust, the identities of settlor, trustee, guardian, beneficiary and any other individual that has the power to effectively control the trust account must be acquired to verify the
While practical guidance allows the adoption of simplified due diligence arrangements in low risk circumstances, there is no definition of what constitute low risk circumstances in practical guidance. On the other hand, simplified customer due diligence is prohibited in high risk circumstances, which are defined as: a) where customers are from a high risk country or region where no effective anti-money laundering or counter-financing terrorism measures are available; or b) where there is reasonable suspicion that the customer or transaction is implicated with money laundering or financing of terrorism.
In the case of an over-the-counter request for account-opening, a financial institution must conduct due diligence on whether a customer is a foreign PEP with a database established and maintained by the
financial institution, or outside information sources. Secondly, practical guidance requires that heightened risk control measures and regular review thereof must apply to such foreign PEPs.
Banks are required to: a) gather sufficient information about a respondent institution to fully understand the nature of the respondent’s business and to determine, from publicly available information, the reputation of the institution and the quality of supervision, including whether it complies with AML and counter financing of terrorism regulations; b) assess the respondent institution’s AML and counter financing of terrorism controls and effectiveness thereof; c) obtain approval from senior management before establishing new correspondent relationships; d) document the respective AML and counter financing of terrorism responsibilities of each institution; e) where a correspondent relationship involves “payable–through accounts”, it is necessary to ensure that the correspondent bank has strictly identified the customer’s identity and is able to provide the relevant identity information if necessary; and f) not to establish correspondent relationships with any shall banks or any foreign financial institution which allows a shell bank to open an account with it.
Banks are prohibited from establishing a correspondent relationship with any shell banks or any foreign financial organisation which allows a shell bank to open an account with it.
Banks are required to implement procedures that allow them to verify a customer’s identity for the purpose of non face-to-face transactions and/or relationships effectively conducted on a face-to-face basis.
Anti-Money Laundering Division, Investigation Bureau, Ministry of Justice
Yes. In addition to suspicious transactions, the following information must be reported: a) any currency transaction exceeding TWD500,000 (approx. USD15,000) (or the equivalent in foreign currency); and b) passengers or service crew on board who cross the border with the carrier and carry the following items shall make declarations to customs: a. cash of foreign currency with total amount exceeding a certain amount (approx. USD10,000); and b. securities with a face value exceeding a certain amount (approx. USD10,000). Customs shall report subsequently to the Investigation Bureau, Ministry of Justice.
Yes: a) any financial institution which violates its reporting obligation for failure to report any currency transaction exceeding TWD500,000 (approx. USD15,000), as required by relevant laws and regulations, shall be punished by a fine between TWD200,000 (approx. USD6000) and TWD1 million (approx. USD30,000); b) any financial institution which violates its reporting obligation for failure to report any suspicious transaction as required by relevant laws and regulation, shall be punished by a fine between TWD200,000 (approx. USD6,000) and TWD1 million (approx. USD30,000). However, if the violating financial institution is able to prove that the cause of this violation is not attributable to the intentional or negligent act of its employee(s), no fine shall be imposed.
Although there are no requirements to obtain authority in order to proceed with a current/ongoing transaction that is identified as suspicious, practical guidance requires that in case of abnormal transactions, the person designated as the AML responsible person (must be vice President or equivalent level of personnel) must submit such transactions as the report of the financial institution to the Investigation Bureau.
Under Taiwan’s Personal Data Protection Act, in order for transactions to be monitored outside Taiwan’s jurisdiction, either the prior written consent of the data subject must be obtained, or such monitoring outside the jurisdiction must be specifically required by law or to advance public interests. As of Nov 2014, there is no express law or regulation in Taiwan that authorises or requires the monitoring of transactions outside Taiwan’s jurisdiction. However, since Taiwan is a member of the Egmont Group and the Asia/Pacific Group on Money Laundering, and has executed cooperative memorandum of understanding with a number of countries for information exchange purpose, Taiwan’s Investigation Bureau, after receiving reports from financial institutions, has the discretion to share such information and transactions outside Taiwan’s jurisdiction. Therefore, while there is not yet express law or regulation in Taiwan that allows the monitoring of transactions outside Taiwan, such information is monitored outside Taiwan in practice by operation of law.
yes, for example, name, birthdate, ID card number, passport number, contact information, criminal records, and financial condition
Taiwan’s Personal Data Protection Act only applies to personal data. However, corporate data may be covered by a financial institution’s duty of confidentiality such as under the Banking Act
although there is no specific definition of “sensitive data” under Taiwan’s Personal Data Protection Act, the Personal Data Protection Act categorises medical data, genetic data, sex life, health examination or criminal records as having heightened sensitivity, which may not be collected, processed, or used unless with one of the four conditions below: a. express written legal requirement; b. necessary for the performance of duties by data controller which has adopted appropriate safety maintenance measures; c. personal data having been published by data subject or by way of other legal manner; or d. necessary to statistics and academic research within the purpose of medical, health or criminal prevention by public authority or academic research institutions, which has been collected, processed or used by way of standardised procedure.
Criminal records and medical data shall not be used with the exceptions of the following: a) when in accordance with law; b) when it is necessary for the government agency to perform its duties or for the non-government agency to fulfil the legal obligation, and when there are proper security measures; c) when the individual has disclosed such information by himself, or when the information concerned has been publicised legally; and d) when the personal information is collected, processed or used under certain methods by a government agency or an academic research institution based on the purpose of medical treatment, personal hygiene or crime prevention statistics and/or study. For a government agency, credit reports shall be used in accordance with the scope of its job functions provided by laws and regulations, and in compliance with the specific purpose of collection. However, the information may be used outside the scope upon the occurrence of one of the following conditions: a) where in accordance with law; b) where it is for national security or to promote public interests; c) where it is to prevent harm on the life, body, freedom or property of the individual; d) where it is to prevent harm on the rights and interests of other people; e) where it is necessary for public interests on statistics or the purpose of academic research conducted by a government agency or an academic research institution, respectively. The information may not lead to the identification of a certain person after the treatment of the provider or the disclosure of the collector; f) where such use may benefit the individual; or g) a written consent of the individual has been obtained. For a non-government agency, credit reports shall be used in accordance with the scope of the specific purpose of collection provided. However, the information may be used outside the scope upon the occurrence of one of the following conditions: a) where in accordance with law; b) where it is to promote public interests; c) where it is to prevent harm on the life, body, freedom or property of the individual; d) where it is to prevent harm on the rights and interests of other people; e) where it is necessary for public interests on statistics or the purpose of academic research conducted by a government agency or an academic research institution, respectively. The information may not lead to the identification of a certain person after the treatment of the provider or the disclosure of the collector; or f) where a written consent of the individual has been obtained.
Getting express consent to do business electronically is particularly important in Taiwan. Taiwanese law does not view a party’s name on an email as an adequate electronic signature. A number of government agencies have issued bulletins excepting themselves from the law.
Article 9 states that electronic signatures may replace handwritten signatures. Article 4 provides that if a law or regulation requires information be provided in writing, the requirement may be satisfied with an electronic record.
Summary of law
Taiwan follows the UNCITRAL model law and is similar to the laws of many European Union member states. It is considered a two-tier jurisdiction because it gives digital signatures the same status as handwritten signatures but also recognizes simple electronic signatures as legal and enforceable. Countries that follow this model give companies the opportunity to select different forms of signatures and customize their business processes based on the form that is most convenient and appropriate for each use case.
Yes. The measures to verify customer identity and continuous monitoring are implemented in accordance with risk-based approach, under which verification of customer identity or continuous monitoring are
strengthened for high risk circumstances and simplified measures are taken for low risk circumstances.
In case where a customer is a corporation, the following information must be acquired to identify the beneficiary of the customer:
a) the identity of ultimate individual beneficiary in control (such as name, birth date, nationality, and ID number). Control means any person holding 25% or more of the shares or capital of a
b) in case where there is no individual beneficiary in control or suspicion whether the individual beneficiary in control is the ultimate beneficiary, inquiries should be made as to whether there is any
individual who exercise control over the customer in any other manner. When necessary, the customer must be required to issue declaration to verify the identity of ultimate beneficiary; and
c) in case where no individual beneficiary in control is found in accordance with a) and b) above, a financial institution must adopt reasonable measures to verify the identity of individual holding highlevel
executive positions (such as director, president, or other equivalent or similar positions).
Article 48 of Taiwan’s Banking Act requires that a bank keep confidential record of a customer’s deposit, loan, or remittance information, unless with exceptions specified under the same article