To strengthen anti-money laundering (AML) management, the Money Laundering Control Act was amended and announced on July 31, 2024. A new provision, Article 6, Paragraph 1, requires businesses or individuals providing virtual asset services to complete AML registration. Under Paragraph 2 of the same article, the Financial Supervisory Commission (FSC) is authorized to establish relevant guidelines, including application conditions, procedures, rules for revocation, and termination of registration. Other requirements include virtual asset listing and delisting mechanisms, measures to prevent unfair trading, segregation of client and company assets, information system and security standards, and wallet management protocols.
On November 26, 2024, the FSC officially released the Regulations Governing AML Registration for VASPs and revised the AML/CFT Regulations for VASPs (Virtual Asset Service Providers). These measures aim to ensure the effective implementation of anti-money laundering (AML) and combating the financing of terrorism (CFT) efforts.
As of November 30, 2024, Taiwan’s virtual asset industry will transition from the current AML compliance declaration system to a registration system. The FSC stated that the 26 businesses that have already completed compliance declarations can make necessary adjustments during a transition period. New applicants intending to operate in the virtual asset industry must complete AML registration with the FSC before commencing operations. Failure to do so could result in a maximum of two years of imprisonment.
This article provides an in-depth analysis of the required documents for registration and explores how identity verification solutions can ensure compliance with regulations.
Key Points of the AML Registration Guidelines:
A. Registration System Implementation
As of November 30, 2024, VASPs are required to apply for AML registration with the FSC in accordance with the Anti-Money Laundering Act. Only upon successful registration can they legally provide virtual asset services.
• Non-compliance penalties: Individuals face up to two years of imprisonment and a fine of up to NT$5 million. Corporations face fines of up to NT$50 million.
B. Scope of Virtual Asset Services
The following services are included:
1. Exchange between virtual assets and fiat currencies.
2. Exchange between virtual assets.
3. Transfer of virtual assets.
4. Custody or management of virtual assets.
5. Financial services related to the issuance or sale of virtual assets.
C. Registration Process and Required Documents
VASPs must submit the following to the FSC for registration:
1. VASP Information Form: Detailed company information and operational scope.
2. Company Registration Documents: Including business registration and other valid documentation.
3. Articles of Association or Operational Rules: Describing the company’s structure and regulations.
4. Shareholder or Partner List: Including shareholding percentages or partnership details.
5. Responsible Persons and Beneficiaries List: Identification and control information.
6. Compliance Statement: Confirmation that responsible persons and beneficiaries are compliant with Article 4 of the AML Act.
7. Internal AML Control and Audit Documents: Clear descriptions of management systems, audit procedures, and measures.
8. CPA-Approved Internal Control Report: A certified review of internal controls.
9. Complaint Handling Procedures: Policies for addressing customer disputes.
10. Declaration Statement: Confirmation of authenticity in all submitted documents.
Failure to complete registration will result in legal penalties, including up to two years of imprisonment.
D. Application Submission
1. Submission Method:
Applicants must send the application form and supporting documents to the designated FSC agency for processing.
2. Review Process:
• Upon receiving the application, the FSC will conduct a document review.
• If the documents are incomplete or insufficient, the FSC will notify the applicant to provide corrections within a specified timeframe.
• Failure to submit corrections within the timeframe will result in the application being denied.
3. Mandatory Membership:
After completing AML registration, VASPs must join the Taiwan Virtual Currency Business Association; failure to do so will bar them from operating.
E. Transitional Provisions
Existing 26 businesses with completed compliance declarations must adhere to the following timeline:
1. By March 31, 2025: Complete registration application.
2. By September 30, 2025: Finalize formal registration.
Failure to meet these deadlines will result in a prohibition on business operations.
AML/CFT Regulations for VASPs
A. Key Highlights
1. Annual Risk Assessments:
VASPs must complete an annual risk assessment report and file it with the FSC by March 31 of the following year (amended Article 14).
2. Appointment of Compliance Officers:
In line with FATF’s risk-based approach, VASPs are required to appoint adequate and qualified compliance officers responsible for supervising AML and CFT matters (Article 15, Paragraph 5).
3. Abolishment of Compliance Declarations:
With the implementation of the registration system, compliance declarations are no longer required (Article 17 removed).
4. Transaction Monitoring and Reporting:
VASPs must establish robust transaction monitoring policies and report suspicious transactions promptly.
B. Establishing Internal Control Mechanisms
1. Regulatory Basis:
Internal control mechanisms must align with the AML Act, CFT Act, and FSC guidelines, as well as the Taiwan Virtual Currency Business Association’s self-regulatory rules.
2. Audit Mechanisms and Assigned Personnel:
Designate compliance officers to oversee and test AML systems, conduct independent audits, and provide audit findings.
3. Training:
Compliance officers must complete at least 12 hours of AML training annually. Employees must also receive relevant training tailored to their roles to ensure professionalism and compliance awareness.
C. Customer Due Diligence (KYC) and Transaction Monitoring
1. Customer Identification:
Anonymous or pseudonymous transactions are prohibited. VASPs must verify customer identities and beneficial owners, applying enhanced or simplified measures based on risk levels.
2. Transaction Monitoring:
Implement risk-based monitoring systems to identify unusual transactions, review them promptly, and trace the source of funds.
D. Data Retention and Suspicious Transaction Reporting Requirements
1. Data Retention:
Retain customer identity information and transaction records for at least five years from the termination of business or completion of transactions. Retained data includes identification documents (e.g., passports, IDs), contracts, and unusual transaction analysis reports.
2. Reporting Thresholds:
• Cash transactions exceeding NT$500,000 must be reported to the Ministry of Justice Investigation Bureau within five business days.
• Suspected money laundering or terrorism financing transactions must be reported within two business days.
3. Real-Time Audits:
Regulatory authorities may conduct on-the-spot audits of AML implementation. VASPs must provide relevant records and electronic files as requested.
Key Conclusions and Recommendations
1. Strengthen Internal Control Mechanisms:
Ensure audit systems and compliance frameworks are fully implemented.
2.Enhance KYC and Monitoring Processes:
Identify high-risk customers and suspicious transactions promptly.
3.Prepare Compliance Documentation and Reports:
Complete annual risk assessment reports and retain and submit relevant data within deadlines.
4.Personnel Training and Allocation:
Assign qualified compliance officers and conduct regular training sessions.
Regulatory Enforcement and Its Impact on Businesses
Penalties for Non-Compliance:
1. Criminal Liability:
A minimum of two years’ imprisonment and heavy fines (up to NT$50 million for corporations).
2. Reputation Damage:
Loss of market trust, customer attrition, and restricted access to international markets.
Business Advantages of Compliance:
1. Enhanced Reputation:
Gain support from the public, partners, and regulatory bodies.
2. Increased Customer Attraction:
Customers are more likely to choose businesses that comply with regulations.
3. Access to Global Markets:
Compliance opens new opportunities for international collaborations.
Your Compliance Partner: Authme KYC Solutions
As the virtual asset industry faces increasingly stringent regulatory environments, meeting compliance requirements quickly has become a critical challenge. Selecting a secure and reliable KYC solution not only reduces compliance costs but also accelerates identity verification processes, enhances regulatory efficiency, and mitigates risks.
▶︎ Transforming Financial Compliance: The Role of KYC in Crypto Sphere
Comprehensive Integration for Holistic Compliance
Authme offers a one-stop KYC solution with the following key features:
1. Global Document Recognition:
Supports document identification and anti-counterfeit checks for over 190 countries, including Taiwan’s ID verification.
2. Advanced Biometrics:
Authme’s leading identity matching technology integrates passive liveness detection certified under ISO 30107 to prevent fraud, including Deepfake scams.
3. Proven Market Validation:
Authme’s solutions are deployed in major financial institutions and virtual currency exchanges and are certified under ISO 27001 (Information Security) and ISO 27701 (Privacy Management).
Flexible Integration Options for Businesses:
1. No-Code Integration:
Allows smaller businesses to implement solutions easily via URL-based methods, reducing technical barriers.
2. SDK Modular Technology:
Quickly integrates into existing systems, ensuring scalability and fast deployment.
3. Hybrid Cloud Solutions:
Balances security and performance, ideal for large-scale enterprise deployments.
Customer Success Story: Global Virtual Currency Exchange
A leading international cryptocurrency exchange, facing increased regulatory demands and challenges in user conversion rates, selected Authme’s KYC solution to enhance compliance processes and platform security. Post-implementation, the exchange achieved remarkable results, including:
• Improved risk mitigation through robust identity verification.
• Increased trust among users and regulators.
Take Action Now: Apply for a Free Consultation!
Let Authme be your trusted partner. With our effective eKYC solutions, cryptocurrency institutions can streamline compliance processes, verify user identities efficiently, reduce fraud risks, and build trust with both users and regulators.
