Contributed By Lee and Li, Attorneys-at-Law
Principal Laws and Regulations
The principal laws and regulations governing the Taiwan banking sector include the Banking Act, the Financial Holding Company Act, the Central Bank of the Republic of China (Taiwan) Act, the Regulations Governing Foreign Exchange Business of Banking Enterprises and the foreign exchange control-related laws and regulations, the Consumer Protection Act and the Financial Consumer Protection Act, and other related laws and regulations. Moreover, for banks concurrently conducting other businesses such as acting as a trust enterprise, electronic payment institutions, etc, the relevant laws and regulations governing such businesses also apply.
The Banking Act and the Financial Holding Company Act
The Banking Act is the primary law governing the Taiwan banking industry and provides rules for conducting banking business, including the setting up and dissolution of banks, the scope of banking business, compliance requirements for banks' business, finance, internal control and other matters, administration and supervision by the regulator, etc. In addition, for banks that are subsidiaries of financial holding companies, another of the major governing laws for the banking sector is the Financial Holding Company Act, which governs the establishment, business, finance, administration and supervision of financial holding companies.
The Central Bank of the Republic of China (Taiwan) Act, the Regulations Governing Foreign Exchange Business of Banking Enterprises and the Foreign Exchange Control-Related Laws and Regulations
Foreign exchange-related activity is governed by the Central Bank of the Republic of China (Taiwan) Act, the Regulations Governing Foreign Exchange Business of Banking Enterprises and the foreign exchange control-related laws and regulations, and is regulated by the Central Bank of the Republic of China (Taiwan) (CBC). Such laws and regulations also govern banks' business operations involving foreign exchange. For example, the Regulations Governing Foreign Exchange Business of Banking Enterprises provide the scope of foreign exchange business, requirements for managing foreign exchange business, and administration and supervision by the regulator, etc.
The Consumer Protection Act and the Financial Consumer Protection Act
The Consumer Protection Act provides the general rules and requirements for the protection of the interests of all consumers, and the Financial Consumer Protection Act focuses on the protection of consumers who deal with banks and other financial institutions. The Financial Consumer Protection Act provides, among others, requirements on the advertising of financial products and services, contracts with consumers, and the procedures for financial consumer dispute resolution in order to reasonably and effectively handle financial consumer disputes.
Regulators – FSC and CBC
The Financial Supervisory Commission (FSC) and the CBC are the major regulatory authorities regulating banks in Taiwan.
The FSC is the primary competent authority regulating the financial markets and financial institutions in Taiwan. It determines financial policy, issues regulations and rules, conducts financial examinations and supervises financial institutions. The FSC has four bureaus: the Banking Bureau, the Securities and Futures Bureau, the Insurance Bureau and the Financial Examination Bureau. While the FSC regulates financial markets and financial institutions generally, the Banking Bureau focuses on the banking sector, and the Financial Examination Bureau is in charge of financial examination of all financial institutions regulated by the FSC.
The CBC, Taiwan’s central bank, sets monetary policy to regulate the availability of money and credit. It also regulates foreign exchange activities and business, and conducts examinations on banks.
Types of Licences
According to the Banking Act, banks in Taiwan are categorised into three different types based on the main operations and purposes of the bank:
Commercial banks are the major and most common type of bank in Taiwan, and their principal function is to accept deposits and extend loans. Banks for a special business purpose are established primarily to facilitate the extension of specialised credit, such as agricultural credits, export-import credits, credits for medium and small-sized enterprises and real estate credits. However, as such functions may also be performed by commercial banks, the establishment of banks for a special business purpose has been gradually declining, and most such banks have transformed into commercial banks. Investment and trust companies act as trustee to accept, operate, manage and employ trust funds and manage trust properties, or act as an investment broker to invest in funds and capital markets for specific purposes. There is currently no investment and trust company as all such companies have transformed or merged into commercial banks. Therefore, the following discussion will focus on commercial banks.
In addition, in order to support and promote international financial activities, banks may apply to the FSC and CBC for a licence to establish Offshore Banking units, which can engage in foreign currency-denominated financing business in Taiwan without being subject to foreign exchange-related regulations.
Also, apart from traditional banks with physical branches, the FSC has recently agreed to the establishment of three online-only banks, and it is anticipated that such online-only banks may start to offer deposit, debit card and small loan services by the end of this year.
Scope of Services and Restrictions on Licensed Banks’ Activities
According to Article 71 of the Banking Act, the main business activities of a commercial bank include accepting deposits, issuing bank debentures, investing in securities, handling domestic and foreign remittances, offering loans and credit, providing guarantees, and acting as the agency bank in related banking business.
Besides the normal scope of services set forth in the Banking Act, a bank may also concurrently conduct other business upon the approval of the FSC. For instance, a bank may concurrently operate trust enterprise business, insurance agent or insurance broker business, financial advisory services, electronic payment business, etc.
Statutory and Other Conditions for Authorisation
The statutory restrictions on and implications of authorisation could be found in three major aspects: the paid-in capital, responsible persons of the bank, and the ownership.
The minimum paid-in capital requirement for establishing a commercial bank is NTD10 billion (approximately USD350 million), and the contribution must be made in cash only.
According to the Regulations Governing Qualification Requirements and Concurrent Serving Restrictions and Matters for Compliance by the Responsible Persons of Banks, the general restrictions and requirements for the responsible persons of a bank include that the person must not have been sentenced to imprisonment for certain financial crimes or in violation of financial regulations, must not concurrently hold positions that may be in conflict of interest, must have adequate knowledge, capability and experience in banking business, etc.
A person must obtain the FSC's approval before it acquires more than 10%, 25% or 50% of the issued voting shares of a bank. There is no restriction on foreign ownership and the FSC is generally receptive to foreign investors. However, PRC investors are subject to the PRC ownership restriction and a different approval process.
Process for Applying for Authorisation, Including Timelines, Costs and Engagement with the Regulators
According to the Standards Governing the Establishment of Commercial Banks, the following are the major steps and regulatory approvals generally required for the establishment of a bank.
Firstly, the founders of the bank shall subscribe up to 80% of the total paid-in capital of the bank at the time of initiation. Secondly, the founders are required to submit an application for the FSC’s approval; the application documents shall include a business plan, founder's qualification declaration, source of funds, articles of association, the paid-in capital and equity instruments of the bank, etc. After the establishment is approved by the FSC and within three months after completing the incorporation registration with the Ministry of Economic Affairs, the bank shall apply to the FSC for its business licence. The licence fee is one-four thousandth of the total capital specified in the articles of association of the bank.
During the establishment process of the bank, the FSC or other competent authorities may designate its personnel to examine the matters relevant to the bank establishment, and may order the applicant to provide certain supporting documents or make explanations at any time. Also, if the bank's shareholders, directors, supervisors or managers do not meet the requirement, if the bank fails to complete preparation before start of business, or if any condition the FSC deems might lead to unsound and inefficient business operations of the bank occurs, the FSC may decide not to issue the business licence to the bank.
Requirements Governing Change in Control, Shareholding Thresholds and Other Restrictions
An investor of a bank would be subject to reporting requirements and/or the FSC's prior approval if its stake reaches a certain level.
If an investor and his/her spouse and children under 20 years of age (if any) in aggregate hold 1% or more of the voting shares in a bank, such investor shall notify the bank of this.
A report to the FSC will be required if an investor (together with its/his/her related parties provided under the Banking Act) acquires or holds more than 5% of the voting shares of a bank. Any subsequent change in the shareholding by more than 1% is also required to be reported to the FSC.
A person (together with its/his/her related parties) must obtain the FSC's approval before its/his/her acquisition of 10%, 25% or 50% of the issued voting shares of a bank.
In addition, the shares held by a third party for or on behalf of the investor or its/his/her related parties in trust, by mandate or through other types of contract, agreement or authorisation should be aggregated with the shareholdings held by such investor or the related parties.
Regulatory Filings and Related Obligations
The application documents sent to the FSC for the acquisition of 10% or more of the issued voting shares of a bank should include documents and information regarding the investor's existing shareholding, the proposed acquisition, the source of funds, and other documents and information that may be required by the FSC on a case-by-case basis.
Additional documents and information would be required in an application for the acquisition of 25% or 50% of the issued voting shares of a bank, including documents and information regarding the following:
Relevant Statutory and Regulatory Requirements
In addition to the board of directors, a bank must set up an audit committee comprised of its independent directors to review important matters and transactions (including related parties transactions). Also, according to the Banking Act and the Implementation Rules of Internal Audit and Internal Control System of Financial Holding Companies and Banking Industries, a bank shall establish an internal audit system and internal control system comprising three main elements: a self-inspection system, a legal compliance system and a risk management mechanism to ensure effective corporate governance.
The internal control system of a bank should be approved by its board of directors. The internal control system shall cover all banking business activities and incorporate five major components. The first element and the basis for the implementation of an internal control system is the "control environment", which encompasses the integrity and ethical values of the bank, the supervision responsibilities of the directors and supervisors, the organisational structure, the assignment of authority and responsibility, human resources policies, performance measurements, awards and disciplines, and the code of conduct for all directors and employees. Second, the internal control system shall adopt a "risk assessment" procedure. The risk assessment results can assist the bank in designing, correcting and implementing the necessary controls in a timely manner. Third, the internal control system shall include various "control operations", namely to implement proper policies and procedures at all levels, business processes, and subsidiaries of the bank based on the risk assessment results to control risks. Fourth, the internal control system shall ensure an effective internal and external "information sharing and communication" mechanism. Last but not least, the bank shall constantly "monitor" all operations. Any findings of deficiencies by the internal control system shall be reported to the appropriate management levels.
To implement the internal control system, a bank shall establish an internal audit unit and have sufficient and competent personnel as full-time internal auditors performing internal control duties independently and impartially. The internal audit unit is directly under the board of directors and is required to report its audit matters to the board of directors and audit committee at a minimum period of every six months. In addition, a bank should appoint a chief auditor to manage all audit matters. The chief auditor is not allowed to take a job that will cause conflicts or limitations to the audit work. The employment, dismissal or transfer of the chief auditor should be approved by the consent of the majority of audit committee members as well as the consent of more than two-thirds of the board of directors, and should be reported to the FSC for ratification.
According to the Banking Act, a bank that fails to establish or diligently implement the internal control and audit systems should be subject to an administration fine of between NTD2 million and NTD50 million.
Voluntary Codes and Industry Initiatives
The Bankers Association of Taiwan (BA) may issue various discipline rules based on the authorisation of the applicable laws and regulations. Those discipline rules issued by the BA should be submitted to the FSC for ratification. A bank that fails to meet the requirements under the discipline rules would be deemed by the FSC as failing to establish or diligently implement the internal control and audit systems, and should be subject to the administration fine as mentioned above.
Directors’ and Senior Managers' Designation and the Regulatory Approval of Appointments
The Banking Act and the Regulations Governing Qualification Requirements and Concurrent Serving Restrictions govern the designation of the responsible persons of a bank (including board members and senior managers). Generally, the responsible persons of a bank shall have good moral character and full competence serving in their positions, and must not have been sentenced to imprisonment for certain crimes.
Chairperson of Board of Directors and Directors
Directors of the bank are elected by shareholders. Although it is not required to obtain prior approval from the FSC to be nominated or elected as the director of the bank, the FSC has stipulated relevant requirements to ensure the chairperson of the board and the directors are capable of managing and operating a bank. One of the FSC's main focuses on the supervision of chairpersons and the directors is the restriction on holding concurrent positions. The chairperson may not concurrently act as the general manager of the same bank, nor act as the chairperson of another financial institution (eg, bank, financial holding company, insurance company, securities firm, etc), nor act as the chairperson, general manager or equivalent role of a non-financial institution unless otherwise approved by the FSC. If the chairperson is allowed to hold concurrent positions in other companies, he/she must ensure that all positions are managed effectively and may not be in conflict of interest.
In addition, except for the banks that are 100% owned by the government or a single corporate shareholder, at least two of the directors of the bank shall meet any of the following qualifications:
The minimum number of directors required to meet said qualifications would increase according to the total number of directors and the total assets held by the bank.
The general manager of the bank shall meet any of the following qualifications:
The relevant qualification documents shall be submitted to the FSC for approval before the appointment of the general manager of a bank.
Other senior managers, such as a vice general manager, assistant vice general manager and manager, are subject to other applicable qualification requirements regarding experience and expertise.
Directors’ and Senior Managers' Roles and any Accountability Requirements
The board of directors shall be responsible for the bank's overall business strategies and major policies, supervising the senior managers, and shall be accountable to all shareholders. The board of directors is also responsible for the implementation and supervision of the bank's internal control system.
Senior managers are appointed by and under the supervision of the board of directors. The general manager is responsible for handling the general operation of a bank. Other senior managers are delegated certain authority to assist the general manager in managing and operating the bank.
Individuals Subject to the Remuneration Requirements
According to the Corporate Governance Best-Practice Principles for Banks issued by the BA and ratified by the FSC, banks in Taiwan are advised to establish a remuneration committee led by and consisting of independent directors. In practice, all banks in Taiwan have independent directors serving on the board of directors, and most banks have set up a remuneration committee. The primary responsibility of the remuneration committee is to establish performance appraisal standards and remuneration standards for managers as well as sales persons, and the remuneration structure and system for directors.
Relevant Remuneration Principles
The remuneration standard and payment shall be based on performance, adjusted considering future risks and the long-term profitability challenges facing the banking industry and shareholders’ interests to avoid inappropriate loss to the bank. Moreover, remuneration rewards should have a significant proportion paid in deferred or equity-related payment. Also, when assessing the contribution of individual directors, managers and employees, an overall assessment of the banking industry should be carried out to clarify that such profits are not due to advantages such as the lower capital cost of the banking industry. In addition, the remuneration system should not incentivise directors, managers and employees to engage in acts that exceed the risk appetite of the banking industry in order to pursue remuneration. Last but not least, the remuneration system and performance should be reviewed regularly.
Regulators' Supervisory Approach
A bank is required to disclose the remuneration of directors, supervisors, general managers, vice general managers, and chairpersons of the board and general managers rehired as consultants by disclosing the aggregate remuneration information, with the name(s) indicated for each remuneration bracket, or to disclose the name of each individual and the corresponding remuneration amount (as applicable) in its annual report.
Consequences of Breaching the Requirements
A bank that fails to comply with the disclosure requirement for the annual report should be subject to an administration fine of between NTD500,000 and NTD10 million.
Principal Laws and Regulations
In Taiwan, the primary regulators for AML and CTF are the Investigation Bureau under Ministry of Justice (IBMOJ) and the FSC. The FSC has promulgated specific regulations governing AML and CFT in the banking sector, including the Regulations Governing Anti-Money Laundering of Financial Institutions, and the Regulations Governing Internal Audit and Internal Control System of Anti-Money Laundering and Countering Terrorism Financing of Banking Business and Other Financial Institutions.
First, a bank shall conduct due diligence on both new and existing customers taking a risk-based approach. The bank shall properly identify and verify the identity of the customer as well as the beneficial owner of the customer, and shall keep records on all relevant information. In particular, when the customer is a juristic person, the bank shall understand the business nature, equity structure and controlling person of the customer. Under a higher risk circumstance, the bank shall conduct enhanced customer due diligence. For ongoing customer due diligence, the bank shall regularly update all information at least once a year to ensure the business relationship with the customer is consistent with the bank's risk profile. The bank shall also understand the source of funds of the customer when necessary.
In addition, the bank shall verify the identity of the customer and keep relevant records of large cash transactions and report such transactions to the IBMOJ, with certain exceptions for government department and fund arrangements between financial institutions.
Suspicious Activity and Transaction Reporting
Last, the bank shall report to the IBMOJ all suspicious transactions, including attempted transactions. When reporting to the IBMOJ, the bank shall use the Suspicious Activity Report (SAR) form prescribed by the IBMOJ, covering, among others, the following information:
If a transaction triggers the red flags (see below), it shall be reviewed under the risk-based assessment to decide whether it is a SAR transaction. If the financial institution holds the view that such red-flagged transaction has nothing to do with any AML and CTF activity based on the relevant facts and its assessment, the financial institution is not required to report the transaction to the IBMOJ. However, it must retain records of the determination and assessment on such transaction.
The BA implemented the red flags list for suspicious money laundering and terrorism financing transactions. However, such items are not exhaustive in their coverage. A bank should select or create suitable red flags based on its assets scale, geographic areas, business profile, customer-base profile, characteristics of transactions, and its internal money laundering/terrorism financing risk assessment or information on daily transactions, to identify red flag transactions of potential money laundering/terrorism financing.
Administrator of the Depositor Protection Scheme
The Deposit Insurance Act mainly governs the depositor protection regime in Taiwan. The Central Deposit Insurance Corporation (CDIC) was established on 27 September 1985, and is responsible for the management of the deposit insurance system.
Classes of Deposits Covered by the Depositor Protection Scheme
Currently, the following deposits are covered by deposit insurance:
Limits Apply to the Amount of the Depositor Protection Scheme
If an insured institution is ordered to cease its business operations or is unable to pay off its deposits, CDIC compensates each depositor up to NTD3 million, including principal and interest.
Funding of the Depositor Protection Scheme
The share capital of CDIC shall be subscribed by the Ministry of Finance, CBC and the insured financial institutions. The total capital subscribed by the Ministry of Finance and CBC shall exceed 50%. Financial institutions duly authorised to take deposits must take part in deposit insurance provided by CDIC and pay premiums for deposit insurance.
The Banking Act
The Banking Act requires banks in Taiwan to keep the information regarding their customers and the relevant transactions (eg, deposit, loan or remittance) in strict confidence, unless the disclosure is otherwise permitted by applicable laws or the FSC, or unless the customers default on the repayment of debt. Violators will be subject to an administrative fine ranging from NTD2 million to NTD50 million.
The Personal Data Protection Act
When collecting, processing and using personal data, Taiwanese banks also need to follow the requirements under the Personal Data Protection Act (PDPA). "Personal data” means any information that is sufficient to directly or indirectly identify an individual, such as name, date of birth, ID Card number, passport number, financial conditions, and data concerning a person's social activities.
The collection, processing (including storage), use and cross-border transmission of personal data by banks are subject to the PDPA, which includes obligations relating to consent securing, limitations on use, and notification requirements, etc. Disclosure is permitted if personal data has become public due to disclosure by the data subject or in a legitimate manner.
Banks must comply with the PDPA and establish security measures to protect personal data and dispose of it once the business relationship or need for the information ends. Failure to comply with the PDPA will result in a fine ranging from NTD50,000 to NTD500,000.
Adherence to Basel III Standards
The principal rule regarding the capital adequacy of a bank is the Regulations Governing the Capital Adequacy and Capital Category of Banks, which adopted a number of elements of the Basel III framework.
Risk Management Rules
A bank is required to self-assess its capital adequacy and establish its strategy to maintain its capital adequacy. Based on a bank's self-assessment, the FSC may request a bank to improve its risk management. If the bank fails to comply with such request, the FSC may order the bank to adjust its regulatory capital and risk-weighted assets, or to submit a capital restructuring plan within a certain period.
The minimum paid-in capital for establishing a commercial bank in Taiwan is NTD10 billion. The promoters of the bank shall subscribe up to 80% of the total paid-in capital of the bank and the remaining shares shall be publicly offered; the capital contribution shall be made in cash.
Subject to certain exceptions, a branch of a foreign bank in Taiwan must allocate the minimum operating capital of NTD250 million if the Taiwan branch plans to conduct retail deposit business.
Capital Adequacy Requirement
The current capital adequacy requirements are generally in line with the standards under the Basel III framework, including:
Countercyclical Capital Buffer
To enhance the risk-bearing capacity and international competitiveness of domestic banks, the FSC has authorised the implementation of countercyclical capital buffers. The FSC will consult with the CBC and other relevant authorities, when necessary, to impose on banks an additional provision of a countercyclical capital buffer of up to 2.5%.
To enhance banks' short-term liquidity recovery ability, the FSC implemented the liquidity coverage ratio (LCR) framework in 2015. The LCR is calculated by dividing a bank's high-quality liquid assets by its total net cash flows over a 30-day period. Since 1 January 2019, banks incorporated under the laws of Taiwan must maintain an LCR of at least 100%.
The LCR requirement is not applicable to a branch office of a foreign bank in Taiwan. However, a foreign bank applying to establish a branch office in Taiwan must specify the liquidity risk management framework adopted by the head office and the liquidity risk management measures applicable to the Taiwan branch.
Additional Requirements Applicable to Systemically Important Banks
In 2019, the FSC announced the supervisory measures for systemically important banks in Taiwan, which are required to meet 4% additional capital buffer requirements with their Common Equity Tier 1 capital in the four years after designation. The 4% additional capital buffer includes a 2% additional regulatory capital buffer and a 2% bank’s internal capital buffer.
Systemically important banks in Taiwan are required every year to submit their contingency action plans for dealing with situations where the capital is not sufficient. They are also required to conduct and report two-year stress test results to the FSC.
Five banks are currently designated as systemically important banks: CTBC Bank, Cathay United Bank, Taipei Fubon Commercial Bank, Mega International Commercial Bank, and Taiwan Cooperative Bank.
In response to the COVID-19 pandemic, the requirements of banks’ internal capital buffer and the contingency action plans of the systemically important banks were postponed by one year, to 2021.
Principal Means of Resolving a Failing Bank
The FSC may take over a bank if any of the following occur:
If the FSC places a bank in receivership, the duties and powers of the bank's shareholders' meeting, board of directors, directors, supervisors and audit committee shall be suspended. The receiver as appointed by the FSC has the power to manage the bank's business and to dispose of the bank's properties.
The FSC has the power to resolve failing banks in an orderly manner. In local practice, seven banks were placed under receivership from 2006 to 2008. The FSC divided their assets into non-performing assets and other assets, and sold them separately. The non-performing assets were sold to asset management companies while the other assets were sold to other banks, with a certain amount of compensation agreed to be paid by the FSC. The depositors, employees and non-deposit creditors suffered little hurt.
FSB Key Attributes of Effective Resolution Regimes
Following the crisis management guidance under the FSB Key Attributes of Effective Resolution Regimes, systemically important banks in Taiwan are required every year to submit their contingency action plans for dealing with situations where the capital is not sufficient. They are also required to conduct and report two-year stress test results to the FSC. However, there is no special resolution regime for systemically important banks in Taiwan.
Insolvency Preference Rules Applicable to Deposits
If the failing bank is ordered by the FSC to cease its business operations, deposit debts shall precede non-deposit debts.
Taiwan banks are adapting to the “Open Banking” trend. The FSC encourages banks to voluntarily open up their application programming interfaces (APIs) for programmatic access by third-party financial service providers (TSPs). The ultimate goal is to provide TSPs with open access to consumer banking, transaction and other financial data from banks and non-bank financial institutions through the use of APIs.
The FSC adopts a three-phase approach for open banking:
Phase I was launched in October 2019. As of March 2020, 25 banks have offered access to information on banking products and services to TSPs, such as deposit interest rate, foreign exchange rate information, location of branches and loan product comparison. No personal data provided by customers is available at this stage.
Phases II and III
Phases II and III involve access to customer data and the processing of transactions. In Phase II, information on bank accounts and applications for bank products will be made available. In Phase III, the open API functions will include bill payment, fund transfer, credit card rewards redemption, loan repayment, etc.
As the complexity and risk of releasing personal data and transaction data of customers increase, and the technology to support, monitor and secure the open API access is more complex and critical, the timelines to launch Phases II and III are under discussion.
The FSC emphasises that banks must (i) collaborate with TSPs with sound management and security controls; (ii) establish internal policies and procedures; and (iii) apply the risk-based approach to use their own authentication methods for bank customers. In order to ensure consumer protection, the Bankers Association of the Republic of China is discussing the internal self-regulatory rules for banks' partnering TSPs, including security, authentication and authorisation.