MAIN MENU

Limited Time Offer: $1 Trial for 45 Days

Legal and Compliance


    
I. Development and Establishment of a Legal Compliance System by Management

    
The development and establishment of a robust legal compliance system are paramount for Kea, ensuring the integrity and appropriateness of its operations. Management bears the responsibility of initiating and overseeing the legal compliance system, including defining a fundamental policy and creating an organizational framework.

    
The inspector's role is to assess the effectiveness of the legal compliance system, scrutinizing the Board of Directors' roles and responsibilities. Any identified issues should be thoroughly examined to understand their roots, and dialogue between the inspector and Kea should facilitate comprehensive reviews.

    
In cases where management fails to recognize identified weaknesses or problems, a careful exploration is necessary to ascertain the effectiveness of the Internal Control System.

    
The inspector must evaluate the progress made in addressing issues raised during previous inspections, focusing on substantial improvements and their implementation.

    
1. Policy Development

    
(1) Roles and Responsibilities of Directors

    
Kea's directors should prioritize legal compliance, recognizing its critical role in maintaining public trust and ensuring the soundness of the institution's business. Directors must be well-versed in legal matters relevant to their areas of responsibility, actively promoting legal business operations. The director overseeing legal compliance should possess a comprehensive understanding of applicable laws and actively contribute to the development of an effective legal compliance system.

    
(2) Development and Dissemination of Legal Compliance Policy

    
The Board of Directors, in alignment with corporate management policies, is responsible for formulating and disseminating a Legal Compliance Policy. This policy should guide the entire institution in adhering to legal standards.

    
(3) Revision of the Policy Development Process

    
The Board of Directors should periodically review the policy development process, ensuring its effectiveness through regular assessments and timely revisions.

    
2. Development of Internal Rules and Organizational Frameworks

    
(1) Development and Dissemination of Internal Rules

    
The Compliance Control Division, under the Board of Directors' supervision, must establish internal rules (Legal Compliance Rules) clearly outlining legal compliance arrangements. These rules should be approved by the Board of Directors after ensuring alignment with the Legal Compliance Policy.

    
(2) Establishment of a System of the Compliance Control Division

    
The Compliance Control Division, integral to enforcing legal compliance, must efficiently collect, manage, and analyze Compliance-related Information.

    
Adequate staffing, led by a qualified manager, should be allocated to the Compliance Control Division, ensuring independence from other divisions, particularly Marketing and Sales.

    
Mechanisms preventing interference from other divisions, especially in cases where the Compliance Control Division manages multiple responsibilities, must be in place.

    
(3) Development of Legal Compliance System in Operation Divisions and Sales Branches

    
A system should exist for disseminating internal rules and operational procedures to all operation divisions and sales branches.

    
The effectiveness of the compliance control system within these divisions should be ensured through regular monitoring by the Compliance Control Division.

    
Compliance officers may be allocated to critical divisions, maintaining coordination with the Compliance Control Division and ensuring independence from Marketing and Sales.
(4) Development and Dissemination of Compliance Manual

The Board of Directors should empower the Manager to establish a Compliance Manual, elucidating laws that officers and employees must comply with. This manual should undergo regular reviews and, upon approval, be disseminated throughout the institution.


(5) Development and Dissemination of Compliance Program

An annual Compliance Program, outlining specific measures for compliance, should be formulated by the Manager and disseminated throughout the institution upon approval by the Board of Directors.


(6) Arrangement for the System of Reporting to the Board of Directors or Equivalent Organization

Matters requiring reporting and approval must be clearly defined by the Board of Directors. The Manager should provide regular and timely reports to the Board of Directors on the institution's legal compliance status.


(7) Arrangement for System of Reporting to Corporate Auditor

In cases where specific matters are to be reported directly to a corporate auditor, the Board of Directors should appropriately specify these matters, ensuring a seamless reporting system.


(8) Development of Internal Audit Guidelines and Internal Audit Plan

The Internal Audit Division, under the Board of Directors, should develop guidelines and plans for auditing legal compliance matters. Approval by the Board of Directors is necessary for these guidelines and plans.


(9) Revision of the Development Process of Internal Rules and Organizational Frameworks

The Board of Directors should periodically revise the development process of internal rules and organizational frameworks, ensuring their effectiveness through regular assessments.


3. Assessment and Improvement Activities


Analysis and Assessment


The Board of Directors or equivalent organization should rigorously assess the legal compliance system's effectiveness, identifying weaknesses and determining their causes through precise analysis.


Periodic revisions of the analysis and assessment processes are essential for maintaining the system's relevance and effectiveness.


Improvement Activities


The Board of Directors should establish a system for timely and appropriate implementation of improvements based on identified weaknesses or problems. Regular follow-ups on improvement efforts are necessary, reviewing progress status in a timely and thorough manner.


Continuous improvement of the improvement process is essential, ensuring its effectiveness through regular reviews.


II. Development and Establishment of Legal Compliance System by Manager


1. Roles and Responsibilities of Manager


Development of Internal Rules


(1) Development and Dissemination of Legal Compliance Rules

The Manager, aligned with the Legal Compliance Policy, is responsible for creating Legal Compliance Rules. These rules should be disseminated institution-wide upon approval by the Board of Directors.


(2) Legal Compliance Rules

The Legal Compliance Rules should comprehensively cover arrangements for compliance with laws, specifying roles, responsibilities, and organizational frameworks of the Compliance Control Division, among other vital aspects.


(3) Development and Dissemination of Compliance Manual

The Manager should develop a Compliance Manual, outlining laws officers and employees must adhere to, and disseminate it upon approval by the Board of Directors.


(4) Compliance Manual

The Compliance Manual, reflecting the social responsibilities of financial institutions, must elucidate laws in a detailed yet understandable manner, specifying actions to be taken upon detecting illegal acts.


(5) Development of Compliance Program

The Manager should formulate a Compliance Program annually, aligning with the Legal Compliance Policy and Legal Compliance Rules. After approval by the Board of Directors, this program should be disseminated throughout the institution.


2. Development of Framework


(1) Development of the System of the Compliance Control Division by Manager

The Manager, by the Legal Compliance Policy and Rules, should establish a system for the Compliance Control Division, ensuring its effectiveness in pre-empting law violations and preventing their recurrence. Adequate training and education systems must be in place to enhance the abilities and knowledge of compliance officers within the division.


(2) Development of a System of Reporting to the Board of Directors or Equivalent Organization

The Manager should ensure the establishment of a reporting system, clearly defining matters requiring reporting and approval by the Board of Directors.


(3) Development of a System of Reporting to the Corporate Auditor

The Manager should establish a system for reporting specific matters directly to a corporate auditor, as specified by the Board of Directors.


(4) Development of Internal Audit Guidelines and Internal Audit Plan

The Manager, working with the Internal Audit Division, should develop guidelines and plans for auditing legal compliance matters, ensuring Board approval for these guidelines and plans.


3. Assessment and Improvement Activities


(1) Analysis and Assessment

The Manager, through periodic assessments, should meticulously analyze the legal compliance system's effectiveness, identifying weaknesses and their causes. Also, periodic revision of the analysis and assessment processes should be done to maintain the system's relevance and effectiveness.


(2) Improvement Activities

The Manager is responsible for implementing timely and appropriate improvements based on identified weaknesses or problems. Regular follow-ups on improvement efforts should be conducted, reviewing progress status in a timely and thorough manner. Continuous improvement of the improvement process is essential, ensuring its effectiveness through regular reviews.


III. Development and Establishment of a Legal Compliance System by the Compliance Control Division


1. Roles and Responsibilities of Compliance Control Division


(1) Development and Dissemination of Internal Rules

The Compliance Control Division, under the guidance of the Manager, is responsible for creating and disseminating internal rules that align with the Legal Compliance Policy and Rules.


(2) Development of System of the Compliance Control Division

The Compliance Control Division should establish an efficient system for collecting, managing, and analyzing Compliance-related Information, ensuring its independence from other divisions, especially Marketing and Sales. Adequate staffing, led by a qualified manager, should be allocated to the Compliance Control Division.


Mechanisms preventing interference from other divisions should be in place, particularly in cases where the Compliance Control Division manages multiple responsibilities.


(3) Development and Dissemination of Compliance Manual

The Compliance Control Division, in collaboration with the Manager, should develop and disseminate a Compliance Manual, elucidating laws that officers and employees must comply with.


(4) Development and Dissemination of Compliance Program

The Compliance Control Division, in coordination with the Manager, should formulate an annual Compliance Program, aligning with the Legal Compliance Policy and Legal Compliance Rules.


Dissemination of the Compliance Program throughout the institution should follow Board approval.


(5) Development and Dissemination of Internal Audit Guidelines and Internal Audit Plan

The Compliance Control Division, in collaboration with the Internal Audit Division, should develop guidelines and plans for auditing legal compliance matters, obtaining Board approval for these guidelines and plans.


2. Development of Framework


(1) Development of a Legal Compliance System in Operation Divisions and Sales Branches by the Compliance Control Division

The Compliance Control Division should oversee the development of legal compliance systems within operation divisions and sales branches, ensuring the effective dissemination of internal rules and operational procedures.


Regular monitoring by the Compliance Control Division should verify the effectiveness of the compliance control system within these divisions.


(2) Arrangement for the System of Reporting to Board of Directors or Equivalent Organization to Board of Directors and Approval by Compliance Control Division

The Compliance Control Division should define the system for reporting to the Board of Directors, specifying matters requiring approval.


(3) Arrangement for System of Reporting to Corporate Auditor by Compliance Control Division

The Compliance Control Division, in collaboration with the Manager, should establish a system for reporting specific matters directly to a corporate auditor, following the Board's specifications.


(4) Development and Dissemination of Internal Audit Guidelines and Internal Audit Plan by Compliance Control Division

The Compliance Control Division, working with the Internal Audit Division, should develop guidelines and plans for auditing legal compliance matters, ensuring Board approval for these guidelines and plans.


3. Assessment and Improvement Activities


(1) Analysis and Assessment by Compliance Control Division

The Compliance Control Division, under the guidance of the Manager, should rigorously assess the legal compliance system's effectiveness, identifying weaknesses and determining their causes through precise analysis.


Periodic revisions of the analysis and assessment processes are essential for maintaining the system's relevance and effectiveness.


(2) Improvement Activities by Compliance Control Division

The Compliance Control Division, in collaboration with the Manager, is responsible for implementing timely and appropriate improvements based on identified weaknesses or problems.


Regular follow-ups on improvement efforts should be conducted, reviewing progress status in a timely and thorough manner. Continuous improvement of the improvement process is essential, ensuring its effectiveness through regular reviews.


IV. Specific Issues


Here are the keynotes for the inspector to review specific issues related to legal compliance at Kea. It emphasizes the importance of not only identifying problems but also understanding the underlying causes. The review involves a comprehensive examination of elements listed previously, with a focus on effective systems and processes.


1. Customer Identity Verification:


(1) Development of Internal Rules/Operational Procedures:

Are Customer Identity Verification Rules established by the Board of Directors or an equivalent organization?


Are these rules legally reviewed, approved, and comprehensive, covering aspects like account opening criteria?


(2) Development of Customer Identity Verification System:

Is there a designated person or department for customer identity verification?


Is there a system to report identity verification matters affecting corporate management promptly?


Does the institution maintain records on customer identity verification and transactions appropriately?


(3) Guidance and Training:

Are Customer Identity Verification Rules regularly disseminated through training to ensure timely and proper identity verification?


(4) Points of Attention:

Does the institution verify the identity of the person in charge of transactions for corporate customers?


Is identity verification conducted for both the customer and agent in transactions through an agent?


Are re-checks performed when required by laws and ordinances?


2. Suspicious Transactions:


(1) Development of Internal Rules and Operational Procedures:

Are there internal rules (Suspicious Transaction Rules) for money laundering and suspicious transactions?


Are these rules legally reviewed, approved, and comprehensive, covering judgment criteria and reporting measures?


(2) System for Handling Suspicious Transactions:

Is there a designated person or department for handling suspicious transactions?


Does the institution have a reporting system for suspicious transactions to relevant authorities?


Are key points regularly reported to the Board of Directors or equivalent organization?


(3) Guidance and Training:

Is there ongoing training to ensure timely reporting and appropriate handling of suspicious transactions?


(4) Points of Attention:

Is there a comprehensive database of suspicious transactions?


Does the institution collect and accumulate information on parties and transactions deemed suspicious?


3. Handling of Anti-Social Forces:


(1) Development and Dissemination of Policy:

Do directors understand the importance of prohibiting association with anti-social forces?


Has a clear policy been disseminated to all employees through the Compliance Manual?


(2) Development of System:

Is there a department collecting and analyzing information on anti-social forces?


Is there a screening system to prevent transactions with anti-social forces?


(3) Roles of Department:

Does the department guide employees on handling anti-social forces?


Are relevant internal rules disseminated to all employees?


4. Handling of Violation of Laws:


(1) Clarification of Responsibility:

Is there an independent entity to investigate violations, hold individuals accountable, and clarify supervisory responsibility?


(2) Reward and Punishment:

Is legal compliance considered in rewarding, punishing, and evaluating employee performance?


5. Legal Checks System:


(1) Development of Legal Checks System:

Is there a system for legal checks by Legal Compliance Rules?


Are legal checks conducted, especially for high-risk matters, and are responsibilities clearly specified?


(2) Points of Attention:

Are background information and underlying facts provided for legal checks?


Is the examination of legal opinions from outside lawyers thorough before implementation?