top of page
分析數據的人

Financial Information and Services Security
Comparison of the United States and Taiwan

Author: Jou Ting Wu
Professor: Prof. Andrea Matwyshyn

Timeline

有組織的文件

Financial information

USA

  • The Glass-Steagall Act
    *was passed in 1933
    *1980s, the banking system had been seeking to repeal it

     

  • The Gramm-Leach-Bliley Act (GLBA)
    *was passed in 1999
    *requires companies defined under the law as financial institutions to ensure the security and confidentiality of this type of information

Taiwan

  • Protection of Computer Processed Personal Data
    *was passed in 1995
    *in order to join WTO
    *refer to Directive 95/46/EC, predecessor of GDPR (General Data Protection Regulation)
    *not every industry can use, people always lost the lawsuit

     

  • Personal Data Protection Act
    *was passed in 2010
    *every kind of personal information include computer and paper processed personal data

股票交易

Personal data in a bank: Collection, Processing, Use

Bank itself:

  1. Personal Data Protection Act

  • collection: Article 8

  • processing and use: Article 9

 

Non-government agency:

  • collection and processing: Article 19

  • use: Article 20

Government agency:​

  • collection and processing: Article 15

  • use: Article 16

Report to the Investigation Bureau of the Ministry of Justice:

  2. Money Laundering Control Act

  • equal to or above the applicable designated threshold:
    *
    Article 9

  • economic crimes:
    Article 10

工作中
網路銀行

NYDFS fines Mega Bank $180 million

​Key deficiencies:

  1. Lack of Oversight by the Head Office.

  2. Lack of Compliance Expertise.

  3. Conflicts of Interest

  4. Poor Internal Controls

  5. Suspicious Activities Involving Mega Bank’s Panama Branches

  6. Failure to Conduct Adequate Customer Due Diligence

 

Conclusion

  • fine $180 million for violation Anti-Money Laundering Laws

  • establish effective compliance controls

  • retain independent monitor for two years

Time:

  • 19 August 2016

NYDFS:

  • New York State Department of Financial Services

  • responsible for regulating financial services and products, including those subject to the New York insurance, banking and financial services laws
     

Mega Bank:

  • Mega International Commercial Bank

  • a Taiwan-based international financial institution 

服務器

Third party data company

USA

The GLBA Safeguards Rule

Taiwan

Personal Data Protection Act

  • Article 4

系統室團隊合作

Chief Information Security Officer (CISO)

The GLBA Safeguards Rule: Article 314 Paragraph (a)

  1. 2003

  • financial institution's information security program

  • The financial institution must also designate an employee or employees to coordinate the information security program

  • employee or employees to coordinate your information security program

  2. 2021

  • need only be “qualified”, no particular level of education, experience, or certification is prescribed by the Rule.

  • financial institutions may designate any qualified individual who is appropriate for their business, only if the complexity or size of their information systems require the services of an expert

  • this individual was referenced in the Proposed Rule as a Chief Information Security Officer or “CISO”

USA

Taiwan

Implementation Rules of Internal Audit and Internal Control System of Financial Holding Companies and Banking Industries: Article 38-1

  • 2021

  • banking businesses shall assign a manager ranked vice president or above or an individual with equivalent powers to serve concurrently as the chief information security officer

  • shall oversee the implementation and coordination of the information security policy and resource allocation

  • banking businesses shall set up a dedicated information security office, and appoint the chief officer, who shall not be appointed to other posts of information, or tasks with conflict of interest, and shall arrange suitable workforce and equipment

備案

Resources

bottom of page