Chapter II Finances and Business |
Article 12 | A securities firm that operates only the business of proprietary trading of security tokens shall, within 3 months after the end of each fiscal year, file with the TPEx and publicly announce its annual financial report audited and attested by CPAs. The auditing and attestation of the aforesaid financial report shall be performed by practicing CPAs of a joint accounting firm approved by the FSC in accordance with the Regulations Governing Approval of Certified Public Accountants to Audit and Attest to the Financial Reports of Public Companies.
A securities firm that operates only the business of proprietary trading of security tokens shall, by the 7th day of each month, file with the TPEx in the prescribed format its monthly accounting summary and income statement for the preceding month.
The periods for which a securities firm keeps its accounting reports, account books, and accounting documents shall comply with the Business Entity Accounting Act, and additionally shall comply with the Required Periods for Preservation of Accounting Statements and Vouchers by Securities Firms Trading on the TPEx adopted by the Taipei Exchange.
|
|
Article 13 | By the 10th day of the month after completion of the fundraising in a securities token offering, the securities firm shall compile and file with the TPEx a summary of the data relevant to the security tokens that it has issued for an issuer or on its own.
|
|
Article 14 | In the case of a securities firm that operates only the business of proprietary trading of security tokens, the total amount of the securities firm's external liabilities may not exceed its net worth.
|
|
Article 15 | In the case of a securities firm that operates only the business of proprietary trading of security tokens, its capital may not be loaned to others nor used for other purposes. The utilization of its capital shall be limited to the following:
- NTD dollar bank deposits.
- Purchase of government bonds or financial bonds.
- Purchase of treasury bills, negotiable certificates of deposit, or commercial paper.
- Other uses approved by the TPEx.
|
|
Article 16 | A securities firm that operates only the business of proprietary trading of security tokens may not make any equity investment in other securities, futures, financial or other enterprises.
A securities firm may invest in security tokens issued on its trading platform, and shall comply with the following requirements:
- Except when it buys back, under Article 36, paragraph 1 of these Rules, security tokens issued itself, the total cost of its holdings in the security tokens of any single issuer may not exceed the limit set out in Article 19 of the Regulations Governing Securities Firms.
- It shall adopt a trading policy and related procedures, which shall cover operational procedures for trade analysis, decision-making, execution, change, and review, and incorporate them into its internal control system.
A securities firm may not invest in security tokens that were not issued on its trading platform.
|
Info |
Article 17 | A securities firm operating the business of proprietary trading of security tokens shall do so on a single trading platform.
|
|
Article 18 | A securities firm operating the business of proprietary trading of security tokens shall conduct business in accordance with the principles of honesty and good faith.
A securities firm operating the business of proprietary trading of security tokens may not engage in any of the following conduct:
- Failing to duly fulfill its duty of due diligence when issuing security tokens for an issuer.
- Agreeing to or providing any specific interest or sharing of losses, or providing any judgment regarding whether a certain security token will rise or fall in price, or providing any investment recommendation, or providing investment consulting service, to induce investors to trade.
- Misappropriating security tokens or funds owned by a customer or temporarily kept under the custody of the securities firm in the course of business.
- Any agreement between the securities firm or any insider thereof and the issuer or relevant personnel thereof for purposes of improper profit.
- Any serving, by the securities firm or any insider thereof, in a position such as a director, supervisor, or managerial officer of an issuer that issues security tokens on the securities firm's trading platform; however, this rule does not apply in the case of security tokens issued by the securities firm itself on its trading platform.
- Concealing or omitting important financial or business information of an issuer that issues security tokens on its trading platform.
- Arranging for the issuance of security tokens for an issuer through any channel other than the securities firm's trading platform.
- Keeping custody of security tokens that are not issued or not traded through price negotiation on its trading platform.
- Concealing or making a false entry regarding information on any changes in security tokens.
- Any other matter injurious to the rights and interests of investors or in violation of any relevant law or regulation.
|
|
Article 19 | The securities firm shall faithfully fulfill its obligation to maintain the confidentiality of any non-public financial or business information of the issuer that it learns in the course of handling security token business, and shall strictly implement firewall mechanisms between its various units.
|
|
Article 20 | The securities firm shall carry out to the full its responsibility to make a reasonable investigation of the qualifications required of a professional investor, and shall obtain reasonable and reliable supporting evidence from the investor.
The securities firm's method for evaluation of whether a professional investor possesses adequate professional knowledge and trading experience with respect to financial products shall be included in its know-your-customer procedures and submitted for adoption by the board of directors.
|
|
Article 21 | A securities firm's collection, processing, use, or provision for use by the competent authority, the TPEx, and the centralized securities depositary enterprise, of the personal information of investors shall comply with the Personal Information Protection Act.
|
|
Article 22 | When the securities firm applies to the TPEx to establish or relocate its place of business, and within 3 months after the end of each fiscal year, it shall have an evaluation report issued by a CPA on the information systems and security control operations in accordance with the Principles for Information System and Security Control Operation Evaluation Reports Issued by Certified Public Accountants, as published by the TPEx.
The content of the evaluation report under the preceding paragraph shall at least include the qualifications of the evaluator, scope of the evaluation, deficiencies found in the evaluation, severity of deficiencies, types of deficiencies, description of associated risks, specific recommendations for corrections, and the results of related exercises. Furthermore, the securities firm shall have its internal audit unit carry out follow-up review of the correction of the deficiencies. The aforementioned report and related documents including those regarding correction of the deficiencies shall be kept for at least 2 years.
When the securities firm engages the CPA to handle the procedures under paragraph 1, the contract for the engagement shall specify that the competent authority or the TPEx, when necessary, may request the CPA to provide explanations or to hand over the CPA's working papers from the evaluation report for review, and the CPA must comply with such requests.
To ensure the privacy and security of data and maintain the accuracy of data transmission, exchange, or processing, the TPEx when necessary may require the securities firm to raise its information system standards and strengthen its security control procedures.
|
|
Article 23 | A securities firm shall adopt an information security policy in accordance with applicable laws and regulations, its internal control systems, and its business needs, and the policy shall serve as a basis for evaluating risks and establishing various information security management mechanisms, to ensure the effectiveness of security measures for the offering and trading of security tokens.
|
|
Article 24 | The securities firm shall adopt procedures for handling information security incidents. The procedures shall at least include incident confirmation and troubleshooting mechanisms, incident reporting mechanisms, emergency response mechanisms, occasions for suspension of trading and the handling thereof, compensation measures with respect to the rights and interests of investors, and procedures for handling resumption of trading. The securities firm furthermore shall be diligent about effectively preserving a trail log and evidence, and set up business continuity management mechanisms.
When there occurs any incident of irregularity in information services, or any cyber security incidents, that materially affects customer rights or interests or normal operation, the securities firm shall make a preliminary notification through the Cyber Security Notification System for Securities and Futures Industry within 30 minutes after the incident takes place , and shall make a formal notification and an incident resolution notification, respectively, at the time the incident has been investigated and understood and after the handling of the incident is finished.
When trading is suspended because of an information security incident, the securities firm shall wait until after the incident has been resolved and it has taken preventive and corrective measures before it may resume trading. However, if trading is suspended twice or more within half a year, an incident evaluation and correction report shall be issued by a CPA, to confirm that the preventive and corrective measures taken can effectively prevent recurrence of incidents of the same kind, and the report shall be filed with the TPEx before the resumption of trading.
|
|