Fintech 2024 Comparisons

Cryptocurrency

Due to the insolvency of FTX, as well as certain reported defrauding activities in Taiwan, the Financial Supervisory Commission (FSC) introduced a set of guidelines for virtual asset service providers (VASPs) under the Money Laundering Control Act (“Taiwan AML Act”) in September 2023. Moreover, based on related news coverage, the FSC is contemplating the possibility of introducing a crypto-specific law, with a potential draft scheduled for announcement around September 2024. Please see 7.3 Impact of the Emergence of Cryptocurrency Exchanges for further information.

Open banking

The FSC has instituted a three-phase approach to the implementation of open banking, and Phase III, which focuses on transaction-related information, was just launched in January 2024. Please see 13.1 Regulation of Open Banking.

Commonly observed fintech applications in Taiwan include peer-to-peer lending, electronic payment solutions, robo-advisers and cryptocurrencies.

Please see below a brief introduction to the regulatory regimes applicable to certain commonly seen fintech applications:

Peer-to-Peer Lending

As of the time of writing, there are no specific laws or regulations governing peer-to-peer lending in Taiwan. However, the Bankers Association has introduced the “Self-Disciplinary Rules of Business Co-operation Between Member Banks of the Bankers Association and Peer-to-Peer Lending Operators”. These rules, filed with the FSC, outline areas in which banks can collaborate with peer-to-peer lending operators, such as fund custodian services, cash flow services, credit review and rating services, extending facilities to customers (peer-to-bank model), advertising and marketing activities, and credit document custody services.

Additionally, the FSC expressed its stance in related press releases that platform operators involved in matching peer-to-peer lending should not be regulated by the FSC at this time. Nevertheless, the FSC issued guidelines for peer-to-peer lending platform operators in October 2023 (“P2P Guidelines”). Key aspects of those P2P Guidelines include the prohibition of regulated activities (eg, deposit taking, issuing of securities), implementation of a risk control mechanism (covering aspects such as real-name basis for lenders and borrowers, fund flow control, criteria for reviewing loan applications, and loan amount limits) and the inclusion of consumer protection measures.

Electronic Payment (or E-payment)

In 2015, Taiwan introduced the Electronic Payment Institutions Act (the “E-payment Act”) to regulate the online payment sector. Subsequently, in December 2020, the Legislative Yuan, Taiwan’s congress, implemented an amendment to the E-payment Act, which officially came into effect on 1 July 2021. The modified E-payment Act outlines the business scope for e-payment institutions, covering both “core businesses” and ancillary and derivative businesses.

The core businesses of an e-payment institution include (i) collecting and making payments for real transactions as an agent, (ii) accepting deposits of funds as stored-value funds, (iii) small-amount domestic and cross-border remittance services and (iv) foreign exchange services relating to the core businesses. The ancillary and derivative businesses of an e-payment institution include (a) assisting the contracted merchants with integration and transmission of acquiring and payment information, (b) sharing terminal equipment at the contracted merchants, (c) assisting the information exchange between the users and the contracted merchants, (d) providing an electronic Uniform Invoice system and its value-added services, (e) taking custody of the paid price of vouchers/tickets of goods/services, and assisting in the issuance, sales, validation and related services for vouchers/tickets, (f) providing services for integration of bonus points and offsetting/settling payments for real transactions with bonus points, (g) providing value-storing blocks in electronic stored-value cards or application programs for use by others, and (h) providing any planning, instalment, maintenance or consultancy services for the information system and facilities in relation to the above seven ancillary and derivative businesses of e-payment institutions.

The amended E-payment Act also permits qualified non-e-payment institutions to apply to become a cross-border small-amount remittance service provider exclusively for foreign workers in Taiwan.

Robo-adviser

In June 2017, the Securities Investment Trust and Consulting Association of Taiwan, the self-disciplinary body for the asset management industry, introduced the Operating Rules for Securities Investment Consulting Enterprises Using Automated Tools to Provide Consulting Service (the “Robo-Adviser Rules”), as approved by the FSC. According to these rules, securities investment consulting enterprises (SICEs) are permitted to offer online securities investment consulting services through automated tools utilising algorithms (“Robo-Adviser Services”). SICEs are obligated to adhere to specific regulations, including the following: (i) conducting periodic reviews of the algorithm; (ii) completing relevant know-your-customer procedures before providing advice; (iii) establishing a special committee to supervise the adequacy of the Robo-Adviser Services; and (iv) informing customers of precautions before utilising Robo-Adviser Services.

For the purpose of “rebalancing transactions” by robo-advisers, the FSC relaxed certain restrictions in 2021. This enables the execution of rebalancing transactions based on pre-agreed investment portfolios between the robo-adviser and its clients, involving securities investment trust funds or offshore funds (approved by or registered with the FSC), subject to the following conditions: (a) following the pre-agreed funds list with the client (up to 30 funds); and (b) aggregation of the absolute value of the change in the investment proportion for each portfolio, not exceeding 60%.

Cryptocurrency

Cryptocurrency with the nature of securities (ie, security tokens) is subject to the rules and regulations governing security token offerings (STOs), while cryptocurrency without the nature of securities is subject to anti-money laundering related regulations. Please see 2.13 Impact of AML and Sanctions Rules, 7.1 Permissible Trading Platforms, 12.3 Classification of Blockchain Assets and 12.4 Regulation of “Issuers” of Blockchain Assets.

Please see below our understanding of the basic compensation models that may be adopted by certain fintech industry players:

Peer-to-peer lending: Charges by platform operator for matching the lenders and borrowers.

E-payment: Charges from contracted merchants for carrying out the transactions.

Robo-adviser: The SICEs charge consulting fees for rendering online securities investment consulting services through automated tools utilising algorithms.

Cryptocurrency: Depending on the business models adopted, exchanges/platform operators would require the handling fees or other charges for transactions/orders matched, or earn bid-ask spread.

There is no single set of regulations governing fintech industry participants. Whether and which specific financial laws and regulations will apply would depend on the business models, the products/services and even the operations of the industry players.

Taiwan has implemented a regulatory sandbox framework. The Fintech Development and Innovation and Experiment Act (“Sandbox Act”) was enacted on 31 January 2018 and came into effect on 30 April 2018.

This regulatory sandbox serves as a testing ground for new fintech applications. Under the Sandbox Act, applicants, whether entities or individuals, must obtain approval from the FSC before entering the sandbox for experimentation. Throughout the experimental period, certain legal requirements, such as FSC licensing and specific liability exemptions, may be waived. Upon completion of the approved experiments, the FSC reviews the results. If the results are favourable, the FSC might contemplate revising current financial laws and regulations that impede the adoption of innovative financial practices in practical scenarios. Nevertheless, contingent upon the outcome of the FSC’s evaluation, the entity or individual from the sandbox could still be obligated to seek pertinent licences or approvals for the formal undertaking of activities previously implemented in the sandbox.

In Taiwan, the FSC is the government entity responsible for overseeing and regulating all financial products and services. Within the FSC, there are four bureaus: the Banking Bureau (BB), the Securities and Futures Bureau (SFB), the Insurance Bureau (IB) and the Financial Examination Bureau (EB). The BB, SFB and IB each have their own area of authority, that is, banking, securities or insurance, while the EB handles financial inspection and audits for all types of institutions regulated by the FSC. At present, there is no designated bureau responsible for overseeing fintech products and services. Consequently, the determination as to which bureau should regulate the respective fintech offerings is contingent upon the nature and characteristics of the products and services.

Also, the Central Bank of the Republic of China (Taiwan) (the “Central Bank”) will have the authority if foreign exchange will be involved.

The regulations governing outsourcing by financial services companies depend on the type of the company. For instance, banks must comply with the Regulations Governing Internal Operating Systems and Procedures for the Outsourcing of Financial Institution Operation, which only allow outsourcing of activities specified in those regulations. Some activities may require prior approval from the FSC. Other types of financial services companies (eg, securities firms, insurance companies, etc) have their own sets of outsourcing regulations.

Generally speaking, financial services companies conducting outsourcing should supervise the service providers (ie, outsourced entities), and there are provisions that are required to be specified in the outsourcing agreement. In the case of banks, for example, a bank’s outsourcing agreement shall specify the following contents:

• The scope of outsourcing and the responsibilities of service provider.
• A provision requiring the service provider to comply with certain laws and regulations.
• Consumer protection, including the confidentiality of customer data and adoption of security measures.
• A requirement for the service provider to carry out consumer protection, risk management, and internal control and internal audit in accordance with its standard operating procedures established under the supervision of the bank.
• Consumer dispute resolution mechanisms, including the timetable and procedure for handling disputes, and remedial measures.
• Management of a service provider’s employees, including employee recruitment, promotion, performance reviews and discipline.
• Material events that lead to the termination of an outsourcing agreement with the service provider, including a provision on termination or revocation of the agreement if so instructed by the competent authority.
• An agreement by the service provider to allow the competent authority and the Central Bank to access relevant data or reports and conduct financial examinations with respect to the outsourced items, or to provide relevant data or reports within a prescribed time period pursuant to an order of the competent authority or the Central Bank.
• An agreement by the service provider not to use the name of the outsourcing bank in the course of handling the outsourced items, nor to use untruthful advertising or charge the customers any fees when marketing loan services.
• A requirement for the service provider to inform the bank if the outsourced operation involves any material irregularities or deficiencies.

In Taiwan, the term “gatekeeper” lacks an official definition, but within the area of capital markets/IPOs, securities underwriters are commonly regarded as fulfilling the gatekeeper role. The regulation of securities underwriters falls under the Securities and Exchange Act, and there is currently no legislation specifically addressing securities underwriters in the context of fintech.

It is important to highlight, as mentioned in 7.1 Permissible Trading Platforms and 7.8 Rules of Payment for Order Flow, that as to security tokens/security token offerings (STOs), the platform operator is required to obtain a securities dealer licence rather than a securities underwriter licence. According to the STO regulations, after receipt of the application for issuance of an STO, a platform operator (ie, securities dealer) will need to conduct due diligence investigation and confirm that the issuer meets certain conditions, which include, among others, the following: (a) the issuer has established an internal control system and implements it effectively; (b) the accounting treatment complies with the Business Entity Accounting Act; (c) the fundraising items and the business items operated by the issuer comply with the law; (d) the fundraising plan and its effects/benefits are necessary, reasonable and feasible; and (e) any programmed auto-execution that is done with respect to the security tokens offered is consistent with the description in the prospectus.

Enforcement actions often occur during criminal investigation procedures. News reports indicate that certain peer-to-peer lending platforms and cryptocurrency operators have been involved in illegal deposit-taking. Additionally, offences such as fraud and money laundering may be associated with e-payment and crypto-related activities.

In Taiwan, the Personal Data Protection Act (PDPA) governs the collection, use and processing of personal data. According to the PDPA, unless specified otherwise by law, a business entity must notify and obtain consent from an individual before collecting, processing or using their personal data, subject to certain exemptions. Therefore, if a fintech company will collect, process or use personal data, it must comply with the obligations specified in the PDPA.

Different financial service entities or their products and services may be subject to various cybersecurity regulations or standards. For example, if a fintech business operates in the e-payment sector, it must meet the relevant licensing requirements and adhere to security control rules specific to this type of business.

Also, according to the Cyber Security Management Act (CSMA), financial services firms classified as “critical infrastructure providers” (CIPs) by the Taiwanese government have certain obligations to fulfil. These include maintaining specific security levels, establishing internal information security rules, and reporting cybersecurity incidents to the government. While it is less likely for a fintech business to be designated as a CIP, the CSMA still applies if the financial service entities conducting these activities are regulated by the FSC and designated as CIPs by the Taiwanese government.

The requirements regarding the involvement of accounting/auditing firms or other vendors would depend on the individual fintech applications. For example, e-payment operators are required to place funds from their users in a bank’s trust account in full or obtain a full performance guarantee from a bank for the stored-value funds, and an accountant must be appointed to conduct quarterly audits of the state of compliance. As regards cryptocurrency, any business operator would be required to submit a “compliance declaration” (indicating that it complies with the applicable anti-money laundering regulations) to the FSC before such operator may officially carry out its crypto-related business in Taiwan, and an accountant’s report on such compliance should be attached to the declaration.

In general, financial services companies are prohibited from providing unregulated (non-financial) products or services, making it generally impractical to engage in such practices.

If fintech companies engage in financial services, such as e-payment or robo-advisory, they are subject to the Taiwan AML Act and its associated regulations.

Regarding cryptocurrency, the Taiwan AML Act now includes “virtual currency platforms and trading businesses” in its anti-money laundering regulatory framework, under which enterprises falling within this category must comply with the relevant rules applicable to financial institutions under the Taiwan AML Act. To enforce this framework, the FSC issued the Regulations Governing Anti-Money Laundering and Countering the Financing of Terrorism for Enterprises of Crypto-asset Platforms and Trading Business (the “Crypto AML Regulations”) in 2021. According to the Crypto AML Regulations, operators providing relevant services must establish various measures, including an internal control and audit mechanism, a procedure for reporting suspicious transactions and a know-your-customer procedure. Additionally, these operators must submit a “compliance declaration” to the FSC, indicating their compliance with the Taiwan AML Act and Crypto AML Regulations.

In Taiwan, Robo-adviser Services are rendered by FSC-licensed SICEs, so the applicable asset classes would be limited to the types for which SICEs are permitted to provide their consulting services, especially the funds (with the nature of securities investment trust funds defined in Taiwan law) and exchange-traded funds approved by the FSC.

As indicated in 3.1 Requirement for Different Business Models, Robo-adviser Services are rendered by FSC-licensed SICEs.

There is no rule specifically governing “best execution” under the Robo-Adviser Rules.

However, the Robo-Adviser Rules provide for certain rules regarding “fair and objective implementation”, which require a robo-adviser service provider to faithfully place customers’ interests as its top priority, avoid conflicts of interest, prohibit unjust enrichment, provide fair treatment etc as principles. A robo-adviser service provider shall not be involved in any situation that may potentially result in a conflict of interest against its customers in respect of the portfolio-planning process. For example, when the objectivity of a robo-adviser’s suggestion is affected by any compensation or interest that such robo-adviser service provider receives from a product supplier, then such robo-adviser service provider shall ensure that its robo-adviser system is capable of performing the following functions fairly and objectively: (i) determining parameters for the investment portfolios such as investment return, dispersion, credit risk and liquidity risk; (ii) establishing criteria for selection of securities in investment portfolios such as transaction cost, liquidity risk, credit risk, etc; (iii) selecting appropriate securities in investment portfolios; if such securities are selected by algorithms, those algorithms shall be reviewed and audited as well; and (iv) examining whether the default investment portfolio recommendations are appropriate for the risk tolerance of the corresponding customers.

The Robo-Adviser Rules also put in place certain rules for the implementation of “rebalancing transactions” by robo-advisers as indicated in 2.2 Regulatory Regime.

Given the above, so long as the above-mentioned rules are followed, there should be no issue relating to best execution from the perspective of the Robo-Adviser Rules.

A local licensed bank may engage in lending business. However, conducting lending activities as a company’s registered business item is still not permitted in Taiwan currently, although lending does not fall within the type of business that may only be carried out by a local licensed bank.

Under Taiwan law, a bank’s lending to small businesses or individuals may be subject to stricter rules from the perspective of financial consumer protection.

As indicated in 4.1 Differences in the Business or Regulation of Loans Provided to Different Entities, if a fintech company is not a licensed bank, then it may not register lending as one of its registered business items.

In the case of peer-to-peer lending, as indicated in 2.2 Regulatory Regime, pursuant to the P2P Guidelines, a peer-to-peer lending platform operator would need to have in place and implement relevant risk control mechanisms such as establishing criteria for reviewing loan applications and limits on loan amounts.

For bank loans, the funds are acquired through conventional means, similar to other traditional lending practices.

In peer-to-peer lending, the funds originate from lenders who are connected through the platform.

As far as we know, there have been no instances of syndicated loans being arranged entirely online in Taiwan. However, please note that according to the news in January 2024, the FSC has approved a digital-only bank’s trial application to participate in a syndicated loan.

Please see 2.2 Regulatory Regime regarding the e-payment businesses.

Traditionally, only licensed banks may handle cross-border remittances, and payments through cheques and credit cards are also handled by banks.

However, the E-payment Act now allows Taiwan e-payment operators to offer cross-border payment services in collaboration with non-Taiwan e-payment providers. Also, as mentioned in 2.2 Regulatory Regime regarding e-payment businesses, the revised E-payment Act allows licensed non-e-payment institutions to apply to render cross-border small-amount remittance services exclusively for foreign workers in Taiwan.

There is no official definition of fund administrators in Taiwan law. However, if a fund administrator refers to an entity that provides services of fund asset valuation and NAV calculation, it can be outsourced by securities investment trust enterprises (SITEs) in accordance with the Directions Governing Outsourcing of Securities Investment Trust Enterprises and Securities Investment Consulting Enterprises Operation (the “SITE Outsourcing Regulations”).

According to the SITE Outsourcing Regulations, any entity can act as a service provider as long as it is considered “professional” (ie, it has the necessary competence to handle the outsourced operations). However, in practice, it may be difficult to prove professional competence if the entity is not a locally licensed bank regulated by the FSC in Taiwan.

As advised in 2.7 Outsourcing of Regulated Functions, generally speaking, financial services companies conducting outsourcing should supervise the service providers (ie, outsourced entities), and there are provisions that are required to be specified in the outsourcing agreement. Pursuant to the SITE Outsourcing Regulations, a SITE’s outsourcing agreement shall specify the following contents:

• The scope and period of outsourcing and the responsibilities of the service provider.
• A provision requiring the service provider to comply with certain laws and regulations.
• An agreement that the SITE may instruct the service provider at any time on the outsourced operations and the service provider may not refuse.
• Beneficiary or customer dispute resolution mechanisms, including the timetable and procedure for handling disputes, and remedial measures.
• Protection of beneficiary or customer rights and interests, including data confidentiality and security measures.
• A requirement for the service provider  to implement protection of beneficiary or customer interests, risk management, and internal control systems in accordance with the standard operating procedures established under the supervision or instructions of the SITE.
• A list of the material events that lead to the termination of an outsourcing agreement with the service provider, including a provision on termination or revocation of the agreement if so instructed by the competent authority.
• An agreement by the service provider to allow the competent authority and the Central Bank to access relevant data or reports and conduct financial examination or auditing with respect to the outsourced items, or to provide relevant data or reports within a prescribed time period pursuant to an order thereby.
• An agreement by the service provider not to use the name of the outsourcing SITE in the course of handling the outsourced items, nor to use untruthful advertising or collect fees from beneficiaries or customers.
• A requirement for the service provider to inform the SITE if the outsourced operation involves any material irregularities or deficiencies.
• Applicable law and jurisdiction for litigation.

In Taiwan, the main stock exchanges are the Taiwan Stock Exchange and the Taipei Exchange. The Taiwan Futures Exchange is specifically for trading exchange-traded futures and options. These exchanges are established and regulated under Taiwan’s securities and futures regulations, and they typically offer online trading services.

Regarding cryptocurrency trading, security tokens can only be traded by licensed securities dealers in accordance with the STO regulations. However, for cryptocurrencies that do not possess the characteristics of securities, crypto exchanges or trading platforms must comply with the Crypto AML Regulations, as mentioned in 2.13 Impact of AML and Sanctions Rules.

Please see 7.1 Permissible Trading Platforms.

As specified in 2.2 Regulatory Regime, 2.13 Impact of AML and Sanctions Rules and 7.1 Permissible Trading Platforms, assuming no STOs are involved, crypto exchanges are subject to the Crypto AML Regulations which took effect in 2021, while STOs should follow STO regulations (please see 12.4 Regulation of “Issuers” of Blockchain Assets).

It is crucial to be aware that, in response to FTX’s insolvency as well as certain reported defrauding activities in Taiwan, the FSC introduced a set of guidelines for VASPs under the Taiwan AML Act in September 2023 (“VASP Guidelines”). These guidelines encompass various aspects, including (i) the responsibilities that an issuer must fulfil when issuing virtual assets, such as announcing the “whitepaper” on their website; (ii) the mechanism by which a VASP reviews the launch of virtual assets; (iii) the safekeeping and separation of assets belonging to the VASP and its customers; (iv) ensuring that transactions are conducted in a fair and transparent manner; (v) the management system for operations, information security and wallets (cold and hot); (vi) disclosing relevant information to the public; (vii) implementing internal controls and conducting audits; and (viii) the extent to which these guidelines apply to VASPs operating from outside Taiwan. While these guidelines do not carry the force of “hard law”, there is a general expectation that the FSC will progressively mandate compliance with these rules.

Moreover, according to related news coverage, the FSC is contemplating the possibility of introducing a crypto-specific law, with a potential draft scheduled for announcement around September 2024. Industry participants are advised to closely monitor the prospective regulatory changes in Taiwan.

Please see 12.4 Regulation of “Issuers” of Blockchain Assets for certain regulations regarding listing of security tokens and non-security tokens.

For security tokens (STOs):

The STO regulations provide for the following trading rules, which may be relevant to order handling:

(i) A securities firm (ie, platform operator) shall adopt rules for the negotiated trading of security tokens and know-your-customer procedures, and publish them on its trading platform and incorporate them into its internal control system. Such negotiated trading rules shall include the trading platform’s business days and trading hours, price quote method, trade execution principles, price stabilisation mechanism, trading procedures, method for the advance collection of purchase prices and security tokens to be sold, and the handling of settlement and default.

(ii) The price quotes provided by the securities firm are nominal quotes, and the securities firm shall provide two-way (buy and sell) quotes. The trade price shall be negotiated between the securities firm and the customer.

(iii) A securities firm shall provide reasonable price quotes based on its professional judgement, and shall efficiently adjust demand and supply in the market depending on the market situation, and may not give a quote that deviates from a reasonable price, thereby impairing the formation of fair prices.

(iv) When making price quotations for and engaging in negotiated trading of security tokens that the securities firm issued itself, the securities firm shall pay special attention to reasonableness of price, and shall adopt in its internal control system a basis for the determination of price quotes and principles for negotiated trades.

For tokens without the nature of securities:

There is no law or regulation specifically governing how to handle trading orders. However, pursuant to the VASP Guidelines, a VASP should ensure that transactions are conducted in a fair and transparent manner. Specifically, a VASP should establish mechanisms to ensure fair market transactions, including measures such as abnormal price alerts, as well as regulations to prevent market abuse and avoid conflicts of interest.

Please see 2.2 Regulatory Regime, 2.13 Impact of AML and Sanctions Rules, 7.1 Permissible Trading Platforms and 7.3 Impact of the Emergence of Cryptocurrency Exchanges regarding crypto exchanges and trading platforms.

For peer-to-peer lending platforms, please refer to 2.2 Regulatory Regime.

For security tokens (STOs):

There is no rule specifically governing “best execution” under the STO regulations. However, the STO regulations provide for relevant trading rules (see 7.5 Order Handling Rules), so as long as such trading rules are followed, there should be no issue from the perspective of the STO regulations.

For tokens without the nature of securities:

As indicated in 7.5 Order Handling Rules, pursuant to the VASP Guidelines, a VASP should ensure that transactions are conducted in a fair and transparent manner. Specifically, a VASP should establish mechanisms to ensure fair market transactions, including measures such as abnormal price alerts, as well as regulations to prevent market abuse and avoid conflicts of interest. As long as the rules stated in the VASP Guidelines are followed, there should be no issue from the perspective of the current Taiwan regulatory regime.

We assume that “payment for order flow” refers to a fee/compensation received by an exchange or trading platform for routing/connecting a buy/sell order to a specific market maker/trader, who takes the other side of the order, and in such case, such market maker would be the seller to any buy order or buyer to any sell order.

For security tokens (STOs):

Trading (secondary market) for security tokens must completely follow the STO regulations, so the trading mechanism may not be freely structured as the “payment for order flow” method indicated above. Pursuant to the STO regulations, the platform operator should obtain a securities dealer licence and handle the trading by way of price negotiation. The platform operator should be the counterparty to every transaction and should offer a reasonable reference quotation based on the market conditions. Also, each security token under an STO programme may be traded only on a single platform.

For tokens without the nature of securities:

The VASP Guidelines are silent in this regard. Please, however, note that pursuant to the VASP Guidelines, a VASP should ensure that transactions are conducted in a fair and transparent manner. Specifically, a VASP should establish mechanisms to ensure fair market transactions, including measures such as abnormal price alerts, as well as regulations to prevent market abuse and avoid conflicts of interest. Therefore, as long as the rules outlined in the VASP Guidelines are followed, such practice should be allowed.

For security tokens (STOs):

According to the STO regulations, when a customer defaults on a settlement obligation, the securities firm (ie, platform operator) shall cancel the trade and, after immediately notifying the customer, shall itself pursue compensation.

There is no other rule specifically governing market integrity and market abuse on the part of the traders under the STO Regulations.

For tokens without the nature of securities:

As was similarly stated in 7.5 Order Handling Rules, there is no law or regulation specifically governing market integrity and market abuse. However, pursuant to the VASP Guidelines, a VASP should ensure that transactions are conducted in a fair and transparent manner. Specifically, a VASP should establish mechanisms to ensure fair market transactions, including measures such as abnormal price alerts, as well as regulations to prevent market abuse and avoid conflicts of interest.

To our knowledge, no regulations have been issued specifically for the creation and usage of technologies regarding high-frequency and algorithmic trading by securities brokers. Securities brokers would be required to have in place internal control systems and risk control systems in line with applicable rules and regulations of the FSC.

Under Taiwan law, no entity may conduct securities dealing as its business unless it has obtained prior approval from the FSC to act as a securities dealer.

As regards local funds, the most prevalent form of collective investment scheme in Taiwan is securities investment trust funds, which may be either offered to the general public or privately placed with specified individuals. Securities investment trust funds are managed by SITEs, which business may not be carried out without prior approval/licence from the FSC.

With respect to dealers, please see 8.2 Requirement to Register as Market Makers When Functioning in a Principal Capacity.

Given the above, in Taiwan, SITEs and securities dealers are subject to different sets of regulations.

No regulations have been issued for programmers who develop and create trading algorithms and other electronic trading tools, assuming such programmers do not carry out any activities that may only be conducted by FSC-licensed financial services entities. However, financial services entities’ purchase and use of the services provided by such programmers might be subject to relevant outsourcing regulations, depending on the individual circumstances.

It seems that the Taiwan government has not officially expressed its stance on DeFi activities. However, it is important to consider the classification of DeFi activities on an individual basis, as there are no specific laws or regulations in place to govern or establish a legal framework alongside the growth of DeFi. It is necessary to review existing laws related to banking, trusts and futures to ensure adherence to applicable existing laws and regulations.

Entities providing securities investment consulting or futures consulting services are subject to prior approval/licence from the FSC.

Illegal spreading of rumours and other unverified information may result in criminal liabilities under the Securities and Exchange Act and the Futures Trading Act (as applicable).

Pursuant to the newly revised Securities Investment Trust and Consulting Act, an internet platform provider, internet application service provider, internet access service provider or other network communication media enterprise may not publish or broadcast any advertisement that involves, among others, (i) unauthorised use of the name of any well-known person or company from the political, financial, monetary, video or film, or any other domain to recommend, solicit or induce investment in securities; or (ii) any other inappropriate recommendation/promotional conduct related to the above.

Also:

(a) If it subsequently becomes aware of a violation after publishing or broadcasting an advertisement, it shall, at its own initiative or within a deadline as notified by a judicial police authority, remove the advertisement, restrict browsing of it, cease broadcasting it, or take other necessary measures.

(b) In case of any violation, it shall be jointly and severally liable with the commissioning publisher and sponsor of the advertisement for damages to anyone who suffers damage because of mistaken belief in the advertisement’s content or because of being defrauded, subjection to certain exceptions.

In Taiwan, underwriting processes are governed by the Regulations Governing Business Solicitation, Policy Underwriting and Claim Adjusting of Insurance Enterprises (“Underwriting Regulations”). According to the Underwriting Regulations, an insurance company shall establish internal systems and procedures for policy underwriting, which shall include, among others, the following:

• The qualifications, job descriptions, on-the-job training and reward/discipline of underwriters.
• Procedure and flow chart covering the process from acceptance of application to agreeing to underwrite a policy, including at least underwriting guidelines, financial underwriting mechanism, survival analysis and physical examination standards, insurance reporting mechanism, hierarchy of authority, and arrangement of reinsurance.
• The policy of understanding and evaluating the needs and suitability of the applicant and the insured.
• The operating procedure for evaluating whether the insured amount and premium payment are commensurate with the income, financial situation and occupation of the applicant or the insured.
• The operating procedure for evaluating the suitability of selling insurance products with surrender value (excluding small-amount whole-life insurance, group annuity insurance and accident insurance with an insurance period of less than three years) to customers over 65 years of age and considering whether the customer has the ability to distinguish situations that are disadvantageous to his or her rights and interests as an insured.
• The operating procedure for evaluating whether the sources of funding for payment of insurance premiums is from a terminated insurance contract, loan or policy loan.
• The operating procedure for confirming the identity of the applicant and that he or she has indeed purchased a policy, the identity of the insured and that the insured has given his or her consent to the policy purchased.
• The operating procedure for confirming that a designation or change of beneficiary has been consented to by the insured.
• The operating procedure for confirming that the applicant has indeed applied for a change to the content of the insurance contract that would affect risk assessment, and the identity and signature of the applicant and the insured.
• The operating procedure for the manner and duration of retaining and disposing of the personal data of the applicant, the insured and the beneficiary of policy applications, whether they were underwritten or not.
• The operating procedure for evaluating risks and the calculation and collection of insurance premiums shall be based on actuarial science and statistical data.

Under the Insurance Act, insurance is classified into two main categories: “non-life insurance” (covering fire, marine, land and air, liability, bonding and other non-life insurances) and “insurance of the person” (covering life, health, personal injury and annuity insurances), depending on the nature of the insured subject. As stipulated by the Insurance Act, a “non-life insurance” enterprise is exclusively involved in non-life insurance activities, and an “insurance of the person” enterprise solely engages in insurance of the person. Simultaneous involvement in both non-life insurance and insurance of the person by the same insurance enterprise is generally prohibited, except when a non-life insurance enterprise is granted approval by the FSC to carry out the businesses of personal injury insurance or health insurance.

From a regulatory perspective, certain insurance laws and regulations are applicable to both “non-life insurance” and “insurance of the person” enterprises. However, distinct principles and specific regulations may be applicable based on the nature of each insurance product involved, etc.

There are no specific laws or regulations governing regtech providers (assuming they are not financial services entities). However, if any regulated financial services entity wishes to outsource its operation to a regtech provider, outsourcing regulations governing financial services entities may apply. Please see 2.7 Outsourcing of Regulated Functions for outsourcing.

Please see 2.7 Outsourcing of Regulated Functions and 11.1 Regulation of Regtech Providers.

The rise of blockchain technology has led to financial institutions actively researching how to incorporate it into their products and services. Some have even established dedicated research and development departments for this purpose. However, since the financial industry is heavily regulated, the implementation of blockchain in this sector would need to overcome certain existing legal restrictions. Examples of the solutions to deal with such restrictions include applying to enter a regulatory sandbox, with two approved applications related to blockchain: (a) using blockchain for fund transfer information between financial institutions; and (b) providing a “fund exchange” service using blockchain technology. With the emergence of new business models and regulatory amendments, it is expected that the financial services industry will have even more applications of this technology in the future.

Apart from the regulations relating to cryptocurrencies mentioned in this article, the Taiwan government has not introduced any new regulations following the emergence of blockchain. However, two policy trends have been reported in local news:

(a) The Central Bank has established a special task force to study Central Bank Digital Currency (CBDC), which is commonly referred to as the digital New Taiwan Dollar. The task force has completed two exploratory projects on the possibility of issuing “wholesale CBDC” for financial institutions and “retail CBDC” for the general public. Regarding “wholesale CBDC”, the Central Bank has observed that a platform built with distributed ledger technology (DLT) does not necessarily outperform a platform with a centralised system.

(b) In March 2024, the Chairperson of the FSC, Mr Huang, stated to the Legislative Yuan that the FSC is examining the feasibility of tokenising real-world assets, with the most likely application being the tokenisation of fund interests.

Therefore, it is recommended that industry participants closely monitor the progress of these developments.

In December 2013, the Central Bank and the FSC initially conveyed the government’s stance on bitcoin through a joint press release (the “2013 Release”). As outlined in the 2013 Release, both authorities asserted that bitcoin does not qualify as “legal tender”, “currency” or a “generally accepted medium of exchange”. Instead, they classified it as a highly speculative digital virtual commodity. Furthermore, in March 2022, the FSC issued another press release affirming that crypto-assets, including bitcoin, are not recognised as currencies within the existing regulatory framework in Taiwan. Instead, these assets are considered digital virtual commodities.

Addressing the proliferation of initial coin offerings (ICOs) and other fundraising and investment activities involving virtual currencies or cryptocurrencies, the FSC released a press statement in December 2017 (the “2017 Release”) articulating its stance on ICOs. According to the 2017 Release, an ICO involves the issuance and sale of virtual commodities (such as digital interests, assets or virtual currencies) to investors. The categorisation of an ICO is contingent on a case-by-case assessment. If an ICO encompasses the offer and issuance of securities, it falls under the purview of Taiwan’s Securities and Exchange Act (SEA). Whether tokens in an ICO are deemed securities under the SEA is contingent on the specific circumstances of each case.

In July 2019, the FSC officially designated cryptocurrencies as having the nature of securities (ie, so-called “security tokens”) under the SEA (the “2019 Ruling”). According to the 2019 Ruling, security tokens refer to those that: (1) utilise cryptography, DLT or other similar technologies to represent their value that can be stored, exchanged or transferred through digital mechanisms; (2) are transferable; and (3) encompass the following attributes of an investment: (a) funding provided by investors; (b) funding provided for a common enterprise or project; (c) investors expecting to receive profits; and (d) profits generated primarily on the efforts of the issuer or third parties.

For security tokens (STOs):

In 2020, the FSC, in collaboration with the Taipei Exchange (TPEx), embarked on the development of regulations governing tokens having the nature of security tokens. Below are certain key rules under the STO regulations:

(1) For STOs with a value of TWD30 million or less, the issuance may be carried out following the STO regulations. For STOs exceeding TWD30 million in value, the issuing entity must first undergo evaluation within the regulatory sandbox as discussed in 2.5 Regulatory Sandbox.

(2) Qualifications of the issuer: The issuer must be a Taiwan-incorporated company limited by shares not listed on the Taiwan Stock Exchange or TPEx, or the Emerging Stock Market of the TPEx. Foreign entities are barred from acting as issuers in STO programmes.

(3) Types of security tokens: Permissible security tokens are limited to profit-sharing or debt tokens without shareholder rights.

(4) Eligible investors and amount limits: Professional investors are eligible to participate in STOs, with a maximum subscription amount of TWD300,000 per STO for natural persons. To promote STO development, the FSC adjusted the policy in a January 2022 press release. Subsequently, TPEx expanded the scope of eligible foreign investors meeting specific criteria under the STO rules in 2022.

(5) Issuance process: STOs must be conducted on a single platform, with the platform operator responsible for ensuring the issuer meets qualification requirements and prepares a required prospectus. In instances where the platform operator is itself an STO issuer, launching an STO requires prior review by TPEx.

For tokens without the nature of securities:

As indicated in 2.13 Impact of AML and Sanctions Rules and 7.1 Permissible Trading Platforms, for cryptocurrencies that do not possess the characteristics of securities, crypto exchanges or trading platforms must comply with the Crypto AML Regulations. However, the Crypto AML Regulations do not have in place specific regulations on token issuers and regulations on token issuance.

Also, as indicated in 7.3 Impact of the Emergence of Cryptocurrency Exchanges, the VASP Guidelines encompass various aspects, including the obligations of an issuer related to the issuance of virtual assets, necessitating actions such as publishing a “whitepaper” on the issuer’s website. Additionally, the VASP Guidelines outline the mechanism for VASPs to review the launch of virtual assets.

Please see 2.2 Regulatory Regime, 2.13 Impact of AML and Sanctions Rules, 7.1 Permissible Trading Platforms and 7.3 Impact of the Emergence of Cryptocurrency Exchanges.

Currently, blockchain assets, including bitcoins, may not be invested in funds registered with or approved by the FSC.

The term “virtual currency” is defined in the Crypto AML Regulations (as indicated in 2.13 Impact of AML and Sanctions Rules) as a digital representation of value with the use of cryptography, DLT or other similar technology that can be digitally stored, exchanged or transferred, and can be used for payment or investment purposes. However, virtual currencies do not include digital representations of the New Taiwan Dollar, foreign currencies, currencies issued by Mainland China (ie, the PRC), Hong Kong or Macao, securities, and other financial assets issued in accordance with laws. There is no official/separate definition of “blockchain assets” under current Taiwan laws and regulations.

Please see 8.5 Decentralised Finance (DeFi).

Currently, there are no specific laws or regulations pertaining to NFTs, which are commonly structured to represent digital art, music, collectibles, sports cards, photo albums, and more. Therefore, the applicable laws and regulations should be determined based on their individual characteristics.

The most recent discussions surrounding NFTs have focused on what an NFT holder owns or obtains. It is important to review and examine the classification of each individual NFT on a case-by-case basis. Specifically, despite the “non-fungible” nature of NFTs, we cannot completely rule out the possibility of financial laws, such as securities regulations, applying to NFTs or their offerings.

Responding to the call for “open banking” from industry players and experts, the FSC has requested the Bankers Association to establish self-regulatory rules relating to the implementation of open banking in Taiwan. Choosing not to impose mandatory disclosure rules on banks, the FSC instead requested the self-regulatory organisation (ie, the Bankers Association) and the Financial Information Service Co. (FISC) to develop pertinent rules and information security standards for banks to follow.

The FSC has instituted a three-phase approach to the implementation of open banking. Phase I, which commenced in late 2019 permitted the accessibility of public product information by third parties, specifically third-party service providers (TSPs). Phase II involved gaining access to customer data, and according to related FSC press releases, multiple TSPs were granted approval to collaborate with certain banks during this phase. Phase III, which commenced in January 2024, focuses on transaction-related information. Scope included in Phase III encompass deposits, credit cards, loans, payments, and remittances via mobile phone numbers.

Any open banking project, if it involves transfer of personal data, is subject to Taiwan’s PDPA. Please see 2.10 Implications of Additional, Non-financial Services Regulations.

As regards data security, any project is required to follow the self-regulatory rules set out by the Bankers Association as well as the rules and security standards of the FISC, as specified in 13.1 Regulation of Open Banking.

In Taiwan, criminal fraud typically occurs when an actor intentionally carries out fraudulent activities, leading victims to give away their belongings/properties.

In the context of fintech, fraud may occur in circumstances such as illegal fundraising associated with cryptocurrency, where the token issuer provides investors with misleading or false information that misrepresents the rights and interests in the tokens being issued.