Taiwan FSC Issues New Data Sharing Guidelines for FIs

Data may be shared between FIs, subject to consent, if it can enhance customer convenience, improve operations, or facilitate cooperative business arrangements or partnerships.

Taiwan’s FSC (Financial Supervisory Commission) has issued new guidelines for FIs on data sharing, permitting the exchange of customer information for KYC and account opening purposes.

The guidelines are aimed at responding to the development of financial technology, enhancing consumer convenience, strengthening risk controls, and promoting cross-industry cooperation among FIs, the FSC said.

The guidelines require FIs to establish internal control standards for data sharing within six months, approved by the board of directors, and to disclose their privacy policy on their websites.

Data may be shared among the business units and subsidiaries of financial holding companies and financial groups for risk identification and risk control, provided that customer consent is obtained and the rights and interests of customers are protected. For this purpose, such organisations may establish a centralized database for maintaining KYC records and performing AML/CTF risk assessments.

Data may also be shared between FIs – including securities firms and futures brokers – if it can enhance customer convenience, improve operations, or facilitate cooperative business arrangements or partnerships. This includes the exchange of KYC data, transaction records, account information and IP addresses for use in precision marketing – subject to customer consent and the establishment of time limits on data sharing arrangements.

“With the continuous development of financial innovation, the provision of financial services has crossed different institutions,” the FSC said. “However, in the past, some financial industry laws did not specifically regulate the sharing of customer data.”

As such, the guidelines seek to clearly specify a cross-institutional data sharing mechanism that enhances consumer rights, promotes the legal and reasonable use of customer data under the principle of information security, enhances the convenience of customer transactions, and reduces the need for repeated collection and maintenance of customer data by various FIs.

The data sharing mechanism will help to avoid having customers fill out new forms for account opening and streamline KYC review processes. FIs should still conduct their own KYC reviews, even if they have obtained another FI’s KYC data for a customer.

Under the guidelines, FIs can also share a customer’s negative information such as their default records, with consent, though each FI will be responsible for verifying the accuracy of such information.

“The guidelines will greatly help financial institutions improve customer experience and operational efficiency,” the FSC said, adding that they will help meet the needs of fintech development, enhance the value of data, and improve the competitiveness of the financial industry.

The guidelines also apply to branches and subsidiaries of foreign FIs and group companies operating in Taiwan.