|
2
|
Securities firm work-from-home application process and application documents
- Application process
- A securities firm applying for working from home to handle brokerage trading and transactions, dealer trading and transactions, and clearing and reporting etc. shall make the application to the Taipei Stock Exchange Corporation for special transfer to the competent authority for approval, in accordance with Article 1.(5) of the Securities Firms COVID-19 Response Measures. Notwithstanding, the securities firm may prepare the relevant documents to apply to the TWSE for preliminary examination to shorten the application procedure; if prevented by an emergency (e.g., lockdown, any confirmed case among employees etc.) from making a written application according to normal procedure, said firm may make a report to the TWSE by special means (e.g., email), followed by the submission of the relevant documents to the TWSE for the record after the incident.
- A securities firm applying for working from home to handle businesses other than brokerage trading and transactions, dealer trading and transactions, and clearing and reporting etc. shall make a report to the TWSE for recordation purposes, with the relevant documents (including the period, personnel deployment, business activities, and management measures in regard to the work-from-home arrangement) submitted, within three days prior to the, or from the date of, work-from-home.
- Application documents
A securities firm applying for working from home shall make a special application to the TWSE in advance, with a contingency plan and case list (as attached) containing the following presented:
- Availability period: The period available for work-from-home being sought may not exceed three months, provided an application with good cause may be made prior to expiration to the TWSE for special transfer to the competent authority for approval of a three-month extension. If prevented by an emergency from making a written application according to normal procedure, a securities firm may make a report to the TWSE by special means, followed by the submission of the relevant documents to the TWSE for the record after the incident.
- Personnel deployment: Information such as the names and residential addresses of the personnel. A senior officer must be designated as a point of contact with the TWSE. Changes shall be reported to the TWSE in advance for recordation.
- Business activities: Businesses handled during the work-from-home period are limited to those stated in the application (e.g., transactions, clearing). If the work-from-home application is to handle transactions only, clearing not covered by the application may be handled at the place of business only. If changes are necessary, an application shall be made to the TWSE for special transfer to the competent authority for approval. If prevented by an emergency from making a written application according to normal procedure, a securities firm may make a report to the TWSE by special means, followed by the submission of the relevant documents to the TWSE for the record after the incident.
- Operation and procedure: The operation and procedure of work-from-home must expressly describe the differences with working at the place of business.
- Management measures:
- The company shall establish measures to monitor the activities and communications of employees working from home. Work-from-home activities are limited to those approved by the company. Stricter reviews shall be conducted of the personal transactions of work-from-home employees, including that methods for managing the employees’ communications and activities in connection with brokerage trading etc. shall be expressly prescribed. In principle no personnel responsible for reviewing and monitoring the activities of work-from-home employees may work from home, unless such personnel’s review and monitoring will not be hindered by their working from home.
- The company shall inform work-from-homers of their rights and obligations and explain the importance of legal compliance fully.
- The company shall adopt measures to protect and expressly prescribe management measures for client privacy and the safety of client data and records etc.
- The company must verify client identity (e.g., when accepting orders) and step up measures to manage client accounts.
- The company shall publish an outline of the work-from-home arrangement on the company website (home page) and assist clients in understanding company operations and risk of suspension of transactions etc.
- Test report: The company must first test the remote access system for work-from-home purposes and ensure employees may access the company system only through safe connection.
- Information security measures:
- The company must update the security measures concerning connection to the virtual private network, VPN, and other remote access systems, adopt multi-factor authentication, and educate work-from-homers on cyber vigilance etc.
- The company must establish safe channels for remote access, restrict log-in to company employees only, fully track in writing operation of equipment, and prescribe regulations governing the hours that connection is available subject to the schedule of the employees’ performance of duties.
- Issue a statement on the Establishment of Information Security Inspection Mechanisms.
- Measures for the prevention of conflicts of interest and violations of rules and regulations: Prescribe comprehensive and express measures to prevent conflicts of interest and violations of rules and regulations by work-from-homers.
- Minutes of the board of directors’ meeting where the board of directors agrees to the work-from-home, or in lieu thereof, the consent of the head office or regional center of the group.
|