September 5,2008
Taiwan Outsourcing Guideline and Cross Border Data Transfer
Taiwan’s Financial institution ("FI") regulator, Financial Supervisory Commission (“FSC”), issued a revised outsourcing guideline in Sep 2006 which governs all local / foreign FI’s outsourcing activities in Taiwan.
According to the guideline, all cross-border outsourcing application or outsourcing activities not within the FSC pre-approved scope should be sent to FSC for approval prior to process. If the planned outsourcing activities involving foreign currency, Central Bank of China’s (“CBC”) approval is also required.
The illustrations below summarize Taiwanese outsourcing guideline and related issues. One should take them into consideration when preparing outsourcing project.
FI shall enter into an agreement with the relevant service providers. When FI outsource services to overseas, the FI shall obtain a letter of consent from the foreign competent authority agreeing to supervise and corporate. If aforementioned letter of consent cannot be obtained, the FI shall obtain a letter of consent from the service provider which agrees that, when necessary, the person designed by the FI may conduct audits regarding the outsourced matters.
If customer / employee data needs to be transmitted, according to Taiwan Computer-Processed Personal Data Protection Law (the "CPPDPL"), FI must:
1. Obtain customer's consents before collect / process / transmit their data
2. Obtain FSC's prior approval if the data is to be transmitted internationally
The illustrations below summarize Taiwanese outsourcing guideline and related issues. One should take them into consideration when preparing outsourcing project.
Outsourcing as a whole
According to the guideline, FI may outsource some supporting functions (e.g. operations and data processing) relating to financial institutions’ registered businesses or involving customer information, to third party service provider. However, FSC will not grant its approvals for outsourcing of risk management, compliance, or other core functions. When outsourcing functions/services to service providers,
FI shall enter into an agreement with the relevant service providers. When FI outsource services to overseas, the FI shall obtain a letter of consent from the foreign competent authority agreeing to supervise and corporate. If aforementioned letter of consent cannot be obtained, the FI shall obtain a letter of consent from the service provider which agrees that, when necessary, the person designed by the FI may conduct audits regarding the outsourced matters.
Data Privacy / Relocation Issue
If customer / employee data needs to be transmitted, according to Taiwan Computer-Processed Personal Data Protection Law (the "CPPDPL"), FI must:
1. Obtain customer's consents before collect / process / transmit their data
2. Obtain FSC's prior approval if the data is to be transmitted internationally
引用URL
http://cgi.blog.roodo.com/trackback/7121537
![[Syndicate this site]](http://cdn.rimg.tw/images/blog/rss.gif "Syndicate RSS feed"){kind=small}
![[Syndicate this site]](http://cdn.rimg.tw/images/blog/atom.gif "Syndicate ATOM feed"){kind=small}
