| Content |
Order of the Financial Supervisory Commission
Issue date: 8 June 2018
Issue No.: Financial-Supervisory-Securities-Firms-1070320242
- This order is issued on the basis of Articles 36-2 and 37 of the Regulations Governing the Establishment of Internal Control Systems by Service Enterprises in Securities and Futures Markets.
- A service enterprise shall allocate adequate human resources and equipment for the planning and monitoring of the information security system and the implementation of information security management operations. The expression "allocate adequate human resources" means that the following requirements shall be met:
- If the service enterprise is a securities firm, futures enterprise, securities finance enterprise, securities investment trust enterprise, securities investment consulting enterprise providing discretionary investment services for customers ("securities investment consulting enterprise"), or credit rating agency, with paid-in capital of no less than NT$20 billion, it shall establish a dedicated information security unit and shall for that unit allocate a dedicated chief officer and at least 2 dedicated personnel, who shall be specifically responsible for performing tasks and functions related to information security, and may not concurrently conduct any information or other operations that could involve conflict of interest with their information security functions.
- If the service enterprise is a securities firm, futures enterprise, securities finance enterprise, securities investment trust enterprise, securities investment consulting enterprise, or credit rating agency, with paid-in capital of less than NT$20 billion:
- If its paid-in capital is no less than NT$10 billion and less than NT$20 billion, it shall allocate a chief information security officer and at least 2 information security personnel.
- If its paid-in capital is no less than NT$4 billion and less than NT$10 billion, it shall allocate a chief information security officer and at least 1 information security personnel member.
- If its paid-in capital is less than NT$4 billion, it shall allocate at least 1 information security personnel member.
- The Taiwan Stock Exchange (TWSE), the Taipei Exchange (TPEx), the Taiwan Futures Exchange (TAIFEX), and the Taiwan Depository & Clearing Corporation (TDCC) shall each establish a dedicated information security unit and shall for that unit allocate a dedicated chief officer and necessary dedicated personnel, who shall be specifically responsible for performing tasks and functions related to information security, and may not concurrently conduct any information or other operations that could involve conflict of interest with their information security functions.
- The chief information security officer and the personnel referred to in subparagraph (2) of the preceding Point are allowed to concurrently perform information functions, but may not concurrently conduct any other operations that could involve conflict of interest with their information security functions.
- Where a foreign financial institution, securities firm, futures enterprise, or credit rating agency establishes or has established a branch unit domestically to operate or concurrently operate securities, futures, or credit rating business in accordance with the Standards Governing the Establishment of Securities Firms, the Standards Governing the Establishment of Futures Commission Merchants, or the Regulations Governing the Administration of Credit Rating Agencies, the paid-in capital referred to in Point 2 shall be calculated based on the allocated operating capital.
- A securities firm, futures enterprise, securities finance enterprise, securities investment trust enterprise, securities investment consulting enterprise, or credit rating agency shall make the necessary adjustments within 6 months from the time it reaches a given applicability threshold, while the TWSE, the TPEx, the TAIFEX, and the TDCC shall make the necessary adjustments within 3 months from the effective date of this Order.
- A service enterprise shall, following the format set out in the appendix attached hereto, issue a written statement on the overall implementation status of information security, submit the written statement to its board of directors for approval, and, within 3 months after the end of the given financial year, disclose the content of the written statement on the Market Observation Post System (MOPS).
- This Order is effective from this day forward.
Official versions: Post on the public notice boards of the FSC and the Securities and Futures Bureau, FSC
Copies (including attachments): Legal Affairs Committee, Executive Yuan; Financial Supervisory Commission (FSC Department of Legal Affairs and FSC Department of Information Management); FSC Financial Examination Bureau; Taiwan Stock Exchange Corporation; Taipei Exchange; Taiwan Futures Exchange Corporation; Taiwan Depository & Clearing Corporation; Taiwan Securities Association; Chinese National Futures Association; Securities Investment Trust & Consulting Association of the R.O.C.; Taiwan Ratings Corporation; Fitch Australia Pty Ltd, Taiwan Branch; Global Securities Finance Corporation; Yuanta Securities Finance Co., Ltd.; Lex Data Information Inc.; Root International Information Co., Ltd.; Winkler Partners, Attorneys at Law
|