The FSC amended the aforementioned Regulations on September 30, 2019. Key points of the amendments are as follows:

1. The amendments lay down the compliance requirements for financial institutions with outsourced operations that involve use of cloud service, including (1) assurance of proper operational risk control by the financial institutions; (2) undertaking of ultimate responsibility by financial institutions on monitoring of the cloud service provider; (3) assurance of the rights of the financial institutions, the competent authorities, the Central Banks or its designated person to access information about the outsourced operation and to carry out onsite audit; (4) measures to protect customer information such as encryption or encoding/tokenization; (5) customer’s information processing and storage shall be in Taiwan in principle and unless otherwise approved, backup copies of customer’s critical data shall be maintained in Taiwan; and (6) an appropriate contingency plan shall be in place.

2.The amendments lay down the criteria of outsourced material operations that involve cloud service and documentation requirements on applications submitted for related approval or for the authority’s reference.