1
|
1.Objective
The Rules are enacted for the purpose of regulating exchanges of negative credit data on credit extension businesses (the Exchanged Data) by financial institutions through the Joint Credit Information Center (JICC) and securities firms through the Taiwan Stock Exchange Corporation (TWSE) to ensure collection, processing, use, management and safety maintenance of such data conforms to the Personal Data Protection Act, Trade Secrets Act and laws and regulations relating to finance and securities, enforcing information security measures, preventing data misuse or breach, and protecting data subjects’ rights and interests.
|
|
2
|
2.Organization Involved
- Supervisor: The supervisor refers to the Financial Supervisory Commission and is responsible for supervising managers and inquirers to comply with the Rules.
- Manager: A manager refers to the JICC or TWSE which handles data exchange, and is responsible for managing and auditing data exchange between the managers and between a manager and an inquirer, and shall ensure data security.
- Inquirer: An inquirer refers to an institution inquiring data through its manager and shall collect, process and use data in accordance with the Rules.
|
|
3
|
3.Business Scope, Contents and Disclosure Period of the Exchanged Data:
- For purposes of the Rules, the business scope of the Exchanged Data is as below:
- Negative data on credit extension businesses of financial institutions includes extending loans, extending overdraft facilities, discounting bills and notes, extending guarantees, accepting drafts and others, excluding credit card and non-recourse factoring of accounts receivable.
- Negative data on credit extension businesses of securities firms includes margin trading, excluding short sales, securities business money lending, non-restricted purpose loans and more.
- Contents of the Exchanged Data mentioned in the preceding subparagraph are as described in Appendix 1 and Appendix 2.
- JICC’s records of non-performing loans, non-accrual loans and bad debts are disclosed for three years from the date of repayment, provided the maximum period of disclosure of bad debt records may not exceed five years from the date of write-off. TWSE’s records of investor margin trading defaults (excluding short sales), securities business money lending defaults and non-restricted purpose loan defaults that have been reported by the securities firm as settled are disclosed for three years from the date of the settlement.
|
Info
|
4
|
4.Requirements for inquiring about the Exchanged Data
- An inquirer may inquire about and obtain a data subject’s negative credit data only for the purpose of credit extension business. It shall obtain the written or electronic consent in advance from the data subject agreeing to the collection, processing and use of its exchanged credit data by a manager and an inquirer, and shall expressly inform the data subject of the contents of the consent and the information required under the Personal Data Protection Act, Consumer Protection Act, and the laws and regulations relating to finance and securities.
- A template of the terms of the data subject’s consent mentioned in the preceding subparagraph, as amended from time to time, is jointly drafted by the managers, the Bankers Association of the Republic of China and Taiwan Securities Association, and submitted to the competent authority for approval.
- For purpose of subparagraph (1), credit extension business refers to extending loans, extending overdraft facilities, discounting bills and notes, extending guarantees, accepting drafts plus more by financial institutions (excluding credit card and non-recourse factoring of accounts receivable), and to margin trading, securities business money lending, and non-restricted purpose loans along with others by securities firms.
- An inquirer having inquired about and obtained the data shall, whether the transaction is approved or not, retain for five years from the date of inquiry the data subject’s consent mentioned in subparagraph (1) and data sufficient to prove it is in connection with the data subject’s credit extension business, and provide said consent and data at the request of the relevant manager.
|
Info
|
5
|
5.Inquiries about and Exchanges of Negative Credit Data
- Data inquiries made by an inquirer to the relevant manager shall be made through a network approved by the manager (a VPN as requested by the JICC, or the securities trading network).
- The inquiry application mentioned in the preceding subparagraph will, upon receipt by the relevant manager, be forwarded to a manager of another industry by a dedicated network through a credit inquiry gateway developed by Taiwan-CA Inc. (TWCA) and responded to by the same route upon production of the result of the inquiry.
|
|
6
|
6.Correction Procedure of Negative Credit Data
An inquirer shall ensure the data it reports to the relevant manager is correct and complete and shall rectify the data, upon discovery of any omission, mistake or doubt about the credit data it reported, through the data correction procedure prescribed by the relevant manager. In the event there is any doubt about the correctness of the exchanged negative credit data, the inquirer shall, of its own accord or at the data subject’s request, seek through the relevant manager to receive assistance and clarification from the manager providing the data, in order to protect the data subject’s rights and interests.
|
|
7
|
7.Independent Credit Appraisals by an Inquirer
An inquirer engaging in credit investigation and credit extension shall keep its appraisals objective and independent without being bound by data obtained from the manager. Credit data obtained is only for the inquirer’s reference to the extent necessary for the purposes of credit extension businesses and compliance with financial and securities laws and regulations and may not serve as the sole basis for the approval or rejection of financial and securities transactions.
|
|
8
|
8.Fee Schedule of Negative Credit Data
An inquirer shall pay a fee for inquiring credit data, in accordance with the fee schedule established by the manager based on the user-pays principle.
The above fee schedule shall take effect after having been submitted to and approved by the competent authority. Subsequent amendments thereto shall be affected in the same manner.
|
Info
|
9
|
9.Duty of Confidentiality and Data Protection
- The Exchanged Data shown on a computer monitor and printed by the computer shall contain an electronic watermark identifying the inquirer’s name or code, and printed exchanged negative credit data shall contain the inquiring personnel’s code, name or signature/stamp, for identification purposes. Negative credit data obtained shall be controlled, retained and destroyed in accordance with the relevant rules to prevent data breach.
- An inquirer shall keep the obtained credit data confidential, may not use such data for purposes other than the credit extension businesses contemplated by the Rules unless the data is subject to inspection and perusal in accordance with laws and regulations, and is forbidden to transmit the data internationally and, except where the data subject inquiries about its own data according to the law, may not make the data public or transfer the data to others.
|
|
10
|
10.Disposition for Violations and Data Breaches
- In the event of a violation of law or the Rules by an inquirer, the supervisor and the relevant manager may impose a disposition in accordance with the relevant rules and stipulations and immediately terminate or suspend all of the rights of the inquirer to make data inquiries; if the inquirer infringes upon the rights of the data subject or a third person thereby causes losses to the data subject or a third person, the inquirer shall also be held legally responsible or compensate the third party for the losses.
- An inquirer shall give immediate notice to the relevant manager and the data providing manager in the event of a leak or relevant data security incident in regard to the Exchanged Data.
|
|
11
|
11.Safety Control, Inspection and Audit
- Manager
A manager may inspect a relevant inquirer. Such inspection may be conducted in the form of a written review or on-site.
- Non-manager inspector
Taipei Exchange (TPEx) may inspect a TWSE inquirer. Such inspection may be conducted in the form of a written review or on-site.
- Inquirer
- With regard to relevant databases or files, storing negative credit data obtained from a manager, a data access tracking record shall be created and data security management and control measures and rules shall be devised, including human resource security, physical and environmental security, information exchange, communication and operations management, access control etc.
- Each inquirer shall incorporate items for internal audit or inspection in its enforcement of the Rules and report the result of internal audit or inspection to the relevant manager according to schedule.
- An inquirer shall cooperate and furnish relevant data in inspections by the supervisor, relevant manager and TPEx.
- TWCA
The TWSE may inspect the TWCA in regard to the credit inquiry gateway to develop for data exchange with the JICC, which may cooperate by inspecting the TWCA jointly with the TWSE.
|
|
12
|
12.Effect
The Rules are drafted by the JICC in concert with the TWSE and shall take effect after having been submitted to and approved by the competent authority. Subsequent amendments thereto shall be affected in the same manner.
|
|