• Font Size:
  • S
  • M
  • L

Amendments

Title:

Operation Directions for Electronic Certificate Delivery by Securities Firms and Futures Commission Merchants  CH

Amended Date: 2022.09.06 
Categories: Information Operations

Title: Operation Directions for Electronic Certificate Delivery by Securities Firms and Futures Commission Merchants(2017.08.29)
Date:
2     Securities firms and futures commission merchants shall adopt certificate delivery procedures to avoid receipt of the certificate by anyone other than the applicant, as follows:
  1. Delivery of the electronic transaction password in person or electronically, with subsequent delivery of the certificate based on the password and with relevant records retained.
  2. Delivery of the certificate by other means, in which the investor's or trader's identity must first be verified and relevant records retained by the securities firm or futures commission merchant before the certificate can be activated.
3     The following apply in case of electronic password:
  1. The initial electronic password shall be generated randomly, and shall not be related to the user's identity, account number, or other personal user information.
  2. The electronic password shall be a strong password as defined in the TWSE Rules for Establishing Information Security Inspection Mechanisms for Securities Firms.
  3. The electronic password shall be stored in encrypted form.
  4. The period of validity for any electronic password to be activated may not exceed one month, and if the password has not been activated after one month, a new application for a password must be made. The securities firm or futures commission merchant shall effectively verify the investor's or trader's identity and retain relevant records, before it may accept the investor or trader application.
4     When an electronic password has been entered incorrectly three times, the securities firm or futures commission merchant shall record the failed log-in attempts, lock the account to be logged in and terminate the data connection.
    In the event of an application by the investor or trader for releasing the lock, the securities firm or futures commission merchant shall effectively verify the investor's or trader's identity and retain relevant records before it may release the lock.