Section IV Compliance System
|Article 27|| The competent authority may, after having considered the size, business nature, and organizational characteristics of a securities firm, futures enterprise, securities finance enterprise, securities investment trust enterprise, securities investment consulting enterprise, credit rating agency, or any other service enterprise in the securities or futures market designated by the competent authority, order such an enterprise to establish a unit in a direct reporting line to the general manager, to be charged with the planning, management and execution of a compliance system.
The board of directors shall designate a member of senior management as the chief compliance officer, to be responsible for overseeing compliance matters and submit a report to the board of directors and to each and all supervisors at least semi-annually. If a material violation is discovered or there is a rating downgrade by the competent authority, the chief compliance officer shall immediately report to the directors and supervisors, and report to the board of directors any matters relating to compliance with applicable laws and regulations. The report shall, at the least, include analysis of the cause of the event, the potential impact, and recommendations for improvement.
Except as otherwise required by provisions governing securities or futures enterprises, the information on the compliance officer described in the preceding paragraph shall be filed with the competent authority for recordation, specifying the reason for such a designation and annexed with the minutes of the board of directors meeting, within 5 days from the date of passage by the board of directors.
|Article 28|| A unit responsible for legal and regulatory compliance shall carry out the following activities:
If a service enterprise has established a foreign branch office, the unit responsible for overseeing legal compliance matters shall supervise the foreign branch office in handling the following matters:
- Establish clear and adequate systems of advocacy of laws and regulations, consultation, coordination, and communication.
- Ensure that procedural and managerial bylaws are updated in a timely manner in response to applicable laws and regulations, so that operations are in compliance with all laws and regulations.
- Formulate the content of and procedures for assessing compliance with laws and regulations and monitor the periodic self-assessment of the implementation thereof by each unit.
- Administer adequate and proper legal training on laws and regulations to personnel of each unit.
- Monitor the compliance by domestic and foreign branch offices with the laws and regulations of the country in which they are located.
- Carry out such other activities as may be required by the competent authority.
Self-assessment of compliance with laws and regulations shall be performed no less frequently than annually, with the results delivered to the compliance unit for future reference. The head of a unit shall designate a person responsible for performing self-assessment within that unit.
- Matters to ensure compliance with local laws and regulations, including collecting information on local financial laws and regulations, implementing self-assessment of compliance with laws and regulations faithfully, ensuring suitability of the chief compliance officer and the adequacy of resources (including personnel, equipment, and training) for compliance with laws and regulations.
- Establishment of a mechanism for self-assessment and monitoring of legal compliance risks. If the scale of business is large, or the complexity or the degree of risk is high, a local external independent expert shall be engaged to verify the effectiveness of the mechanism for self-assessment and monitoring of legal compliance risks.
Working papers and materials in connection with the self-assessment under the preceding paragraph shall be retained for no less than 5 years.
|Article 28-1|| To promote sound corporate operations, a service enterprise shall set up a whistleblower system, and designate a unit with independent exercise of powers, to be responsible for the processing and investigation of whistleblower reports.
A service enterprise shall provide the following protections for whistleblowers:
Any person with a conflict of interest shall recuse himself or herself from the processing and investigation of the reported case.
- The identity information of the whistleblower shall be kept confidential, and no information may be disclosed that could be used to identify the whistleblower.
- The whistleblower may not be terminated, dismissed, demoted/relocated, or receive a reduction in pay, or impairment of any rightful entitlement under law or regulation, contract, or custom, or other unfavorable disposition due to the reported case.
The whistleblower system under paragraph 1 shall at least include the following matters, and be resolved by the board of directors:
If the alleged perpetrator is a director, supervisor, or management personnel at a level equivalent to or higher than vice president, the investigation report shall be submitted to and reviewed by the supervisors or the audit committee.
- The express provision that anyone who discovers any potential crime, misconduct, or legal violation may file a whistleblower report.
- The types of reports that will be accepted for processing.
- The establishment and making public of the channels for reporting.
- The procedures for investigation and collaborative support, rules of recusal, and standard operating procedures for follow-up and disposition of cases.
- Whistleblower protection measures.
- The documentation and preservation of records covering the acceptance of reported cases, the investigation process, investigation results, and the preparation of relevant documents.
- That the whistleblower shall be given appropriate notice in writing or by other means with respect to the progress of the reported case.
The service enterprise shall take the initiative to file a report or an information with the relevant authorities if any material contingency or legal violation is discovered in the investigation.
The service enterprise shall hold regular awareness programs and education and training in the whistleblower system for its personnel.
|Article 29|| An internal audit unit shall incorporate the implementation status of the compliance system into its audit of the business and management units.