|
3
|
III Complementary measures for work-from-home management of securities firms
- Brokerage trading and transactions
(1) Brokerage trading personnel shall conduct business honestly and in good faith and avoid misusing non-public information and conflicts of interest.
(2) Personal computers for use at home shall all be allocated by the company. Use of a personal computer not provided by the company is subject to company approval and information security testing in advance. Relevant computer equipment may be used only for official business purposes during work-from-home hours.
(3) Work-from-homers may not proceed with transactions until after authorized log-in through a safe remote access system. All user log-ins and transactions shall be fully tracked in writing.
(4) A principal shall dial the brokerage order number of the place of business to have the call transferred to the mobile phone or home phone of abrokerage trading representative (the call to be recorded by company equipment). If existing company equipment cannot recordthe entire call, it will be recorded either by the mobile phone of, or by, saidrepresentative, with the following measures adopted: After placing the order, the representative must, as soon as possible,make an audiorecording of the time and content of the order and file such recordingwith the recording equipment of the companyor email the recording to the company and client.
(5) Personnel responsible for reviewing and monitoring the activities of work-from-home employees must verify the audio recordings of work-from-homers periodically to ensure both conformance to those kept at the place of business and that the audio recordings of work-from-homers are distinguishable as such.
(6) Brokerage trading personnel will access the order system of the company’s personal computer through a safe remote access system. Trading limits of principals are governed by existing mechanisms.
(7) Express modes of operation and management methods shall be in place for personal transactions of work-from-home employees, including communications and activities pertaining to brokerage trading etc.
- Dealer trading and transactions
(1) Dealer trading personnel shall conduct business honestly and in good faith and avoid misusing non-public information and conflicts of interest.
(2) Personal computers for use by dealer trading personnel at home shall all be allocated by the company, with hardware and software appropriate for the business performed by the personnel installed for management purposes.
(3) Work-from-homers may not proceed with transactions until after authorized log-in through a remote access system. All user log-ins and transactions shall be fully tracked in writing.
(4) The company shall install video equipment at the work-from-home space of a trader,andensure unimpeded communications andvideotape and document whole transactionsthroughout the trading hours. If videotaping is difficult in practice, the company may, upon risk evaluation, adopt other appropriate measures (for example by turning on the camera multiple times a day or conducting online meetings, at scheduled hours etc.). The company shall further strengthen inspection to ensure work-from-home traders comply strictly with their duty of confidentiality during their decision-making process in regard to trading and neither engage in trading of TWSE- or TPEx-listed securities nor perform other acts against securities laws and regulations with news they become aware of in their performance of duties.
(5) Such personnel shall be prohibited from accessing the system during non-trading hours or their off hours.
(6) Personnel responsible for reviewing and monitoring the activities of work-from-home employeesverify the audio recordings of transactions of work-from-homers periodically to ensure both conformance to the audio recordings kept at the place of business and that the audio recordings of work-from-homers are distinguishable as such.
(7) With regard to the risk exposure of a close position, the company shall be able to control trading limits and position risks, whether in the event of working at the place of business or from home.
(8) Controlof personal transactions of work-from-homers: The company may allow or prohibit personal transactions of work-from-homers upon careful assessment in accordance with company management policies. If it so allows,the ways of control of such transactions shall include prescribing express modes of operation and management methods in regard to communications and activities pertaining to brokerage trading (e.g., stipulating that audio recordings be made of whole telephone orders, recordings be made of all electronic orders placed on computers allocated by the company).
- Clearing and reporting
(1) A securities firm shall complete clearing and settlement in accordance with the TWSE Operating Rules and relevant regulations and also complete all clearing procedures and the reporting that is required by laws and regulations. Said firm shall in principle handle the above at the place of business (including an outside backup place of business) or assign work-from-homers to assist in handling.
(2) When performing procedures pertaining to settlement of payment, non-trading activities of a credit transaction (such as demand of payment, cash repayment, return of securities), and borrowing and transfer of securities, a principal shall in principle do so at the place of business (including an outside backup place of business) or assign work-from-homers to assist in doing so.
- Information Security
(1) The company shall provide work-from-homers with access in accordance with the information security control measures in force at the time of application.
(2) Specific information security software shall be installed on computer equipment, including notebooks and tablets, used by work-from-homers, to control access authority to applications. Authorizations for non-essential services and operating systems on the computer shall be disabled. For remote work, a mechanism whereby technical means is employed to prohibit transmission and saving of files to work-from-homers’ computer equipmentshall be implemented to mitigate the risk of data breaches.
(3) Log-insto major systems and transactions by all work-from-homers shall be fully tracked and documented.
(4) Control of remote access security shall be strengthened where a work-from-homer is required to conduct a video conference.
- Prevention of conflicts of interest and violations of rules and regulations
(1) To ensure confidentiality of trading information, a work-from-homer mustconduct business in an independent instead of public space
(2) A work-from-homer must properly retain all transaction related records as requested by competent authorities, the TWSE, and the company.
(3) The company shall appoint a senior officer as chiefsupervisor responsible for implementing relevant monitoring measures during trading hours.
(4) The company shall ascertain whether a work-from-homer is in violation of measures to prevent conflicts of interest and violations of rules and regulations.
- In regard to the work-from-home procedures of a securities firm, appropriate control mechanisms and inspection procedures shall be devised in the company’s internal controlsystems.Work-from-home related data shall be properly kept to facilitate audits.
|