Economic Factors >
Prevention of Money Laundering, Financial Fraud and Terrorism Financing
Prevention of Money Laundering, Financial Fraud and Terrorism Financing
The Group's AML / CFT Management Framework
◎ Anti-Money Laundering and Counter Terrorism Financing Organization Structure
Implementation of Anti-Money Laundering and Counter Terrorism Financing Education and training
To improve the abilities and performance of the group's employees in AML/CFT, categories of AML/CFT education and training courses organized by FFHC, First Bank, First Securities, First Securities Investment Trust, and AMC in 2024 are as follows:
Centralized suspicious transaction report (STR) project
First Bank began implementing the centralized suspicious transaction report (STR) project to effectively monitor suspicious transactions and implement reporting operations. The alerts produced in the SAR module of the AML system are now directed to the dedicated unit of the head office for investigation, identification, confirmation, and reporting to enhance investigations, improve the quality of reports, and ensure that there are no omissions.
Non-face-to-face customer due diligence
The bank subsidiary conducts a customer due diligence (CDD) procedure (as shown in the chart below) that has a similar effect to general CDD. Special and sufficient measures must be in place to mitigate risks and in principle, individual accounts must submit identification documents for the verification of identity, address, and to contact customers by phone or mail when necessary. In principle, non-individual accounts must submit business registration documents, operating permits, change of registration or similar documents, company policy, list of directors and shareholders, and evidence for the identity of substantial beneficiaries. Relevant specifications are set out in the "Group-wide AML/CFT Plan" and "Anti-Money Laundering and Countering Terrorism Financing Guidelines". Regulations on non-face-to-face account opening and transactions are explained below:
01. Digital deposit account
This service is limited to natural persons and sole proprietorship companies, but application is not limited to original customers of the bank. Online account opening requires ID authentication beforehand. Authentication methods vary between different types of customers, as described below:
A. Natural persons of Taiwanese nationality:
Natural persons of Taiwanese nationality aged seven or older with an ID card. When the applicant is not an existing customer, ID should be authenticated based on the deposit accounts opened over the counter at other banks; For an existing customer of that bank, authentication would be based on a valid, normal and active deposit account of the customer with that bank as well as a two-factor mobile number; When the applicant is a minor aged seven years or older, the party subject to authentication shall be the minor's legal guardian, with two types of ID and a household certificate transcription (or a household certificate) of that legal guardian attached.
B. Sole proprietorship corporate accounts:
This service is limited to Taiwanese sole proprietorship companies registered in accordance with the Business Registration Act, and the responsible person must be a natural person of Taiwanese nationality aged 18 or older. The responsible person should undergo ID authentication with his natural person certificate and MOEACA ID Card, and obtain the latest business registration data from the Ministry of Economic Affairs instantly. Account opening is complete after video authentication is concluded.
In addition to strengthening its ID authentication mechanism, the subsidiary bank also adopts appropriate measures to conduct customer due diligence, such as confirming the customer's purpose and nature of opening a new account, proof of actual business operations, the main source of funds, and the anticipated number of transactions and amount. The Bank should also understand the scope of economic activities involved, in addition to conducting name verification and risk assessment operations. The Bank also regularly identifies if information pertaining to the ID of the customer and his real beneficiary is complete every year, in order to ensure authenticity and accuracy for information updates.
◎ First Bank Customer Due Diligence (CDD) procedures are as follows:
02. e-speed loan
In response to changes in consumer behavior models, the subsidiary bank provides its customers with comprehensive online financing services. Every step of the way, from loan application, document uploading, notification of loan approval, verification, to funds being credited, can be operated online, without requiring the applicant to visit the bank counter. Application is only limited to adult natural persons of Taiwanese nationality. If the applicant is not an existing customer, ID authentication shall be conducted based on the deposit accounts opened over the counter at other banks. Aside from uploading ID certificates, the customer still needs to provide other authenticated banks, authenticated accounts (limited to accounts opened over the counter) and mobile number for the purpose of ID authentication. All data must be processed by the system for ID review, name verification and risk assessment. In case of doubt, the Bank can demand that the customer undergo video authentication, in an attempt to reinforce the strength of ID authentication.
Policy regarding high-risk clients such as politically exposed persons (PEPs) and related identification, regular reviews and monitoring
01. With respect to important political figures from domestic or foreign governments, terrorists or groups that have been sanctioned economically or identified/pursued by foreign governments or international anti-money laundering organizations, and individuals, legal persons or groups designated for sanction in accordance with the Counter-Terrorism Financing Act, the Company not only directly regards them as high-risk clients, but also requires approval from competent supervisors one grade higher than the original supervisors before new business dealings are added or new business relations are established. Each subsidiary may define the types of clients that should be directly regarded as high-risk clients in accordance with their own business patterns, and after taking into account related risk factors.
02. The subsidiary bank has formulated related guidelines targeting high-risk clients, such as the "Comprehensive Group-wide Plan for Preventing Money Laundering and Combating Terrorism Financing", "Anti-Money Laundering & Counter-Terrorism Financing Notice", and "Manuel of Due Diligence on High-Risk Clients for Preventing Money Laundering and Combating Terrorism Financing". Please refer to the followings for explanation:
A. Control measures to be enforced when a client is identified as a high-risk client during the course of establishing a new business relation: In addition to regular due diligence operations, it is necessary to adopt additional measures to further identify the client in question (such as doing a search with Google, or obtaining the client's work information, etc).
・The grade of supervisors responsible for approving a new business dealing should be raised to a higher rank.
・An intensified client due diligence form should be filled out, and transactions must be made on the system for the sake of preserving track records.
B. Control measures to be enforced when a client is identified as a high-risk client during the course of regular transaction monitoring:
・Supporting documents should be solicited for transactions involving high-risk clients.
・The grade of supervisors responsible for approving transactions involving high-risk clients should be raised to a higher rank.
C. In the event that high-risk clients are spotted in the transaction monitoring forms of the Company's various divisions, they should be submitted to the supervisors responsible for preventing money laundering and combating terrorism financing for review.
D. Increase the frequency of regular reviews: the frequencies of regular reviews for medium- and low-risk clients are 3 years and 5 years, respectively; the frequency is once per year for high-risk clients.
03. Identification method of politically exposed persons (PEPs)
A. Install a list examination system and comparison engine, whose database is sourced from external vendor Thomson Reuters (World Check) as well as the list it compiles on its own (PEPs gathered from publicly available information by itself). The list would be scanned through in batches and compared on a daily basis.
B. When new business dealings with a client are established or added, the system would conduct real-time list audit. If the system finds that the client is a PEP, it would adopt enhanced measures and continue monitoring.
Measures that go above and beyond regulatory regulations
01. To strengthen its anti-money laundering and counter-terrorism financing system and to optimize the system against money laundering, the Group strives to optimize methodology and reports relating to the institutional risk assessment (IRA) of its subsidiaries, review clients' risk factors and the rationality of the list scanning rules, and strengthen the client due diligence mechanism and the sharing of group information, etc. It has commissioned "Deloitte Touche Tohmatsu Limited" to create the "Anti-money laundering & counter-terrorism financing system consultation service project" to offer guidance and assistance in installing more comprehensive control measures for anti-money laundering & counter-terrorism financing.
02. In 2024, the Group's subsidiaries, including First Commercial Bank, First Securities, First Life Insurance and FSITC, continued to commission "PwC Taiwan" to audit assurance projects for anti-money laundering & counter-terrorism financing, which went above and beyond the Financial Supervisory Commission's existing regulatory requirement of demanding that banks and large insurance companies outsource the auditing of their assurance projects.
Monitoring of criminal offenses involving money laundering and terrorism financing
In addition to using the 53 suspicious transaction representations in the "Annex: Red Flags for Transactions Suspected to Involve Money Laundering or Terrorism Financing" published by the Bankers Association to monitor criminal behavior, the Group's subsidiary bank also compiles statistics from cases provided in letters from external inspection agencies to identify the crime risks that it faces. It has also adopted corresponding mitigating measures. The top 3 threats associated with money laundering and terrorism financing that the Bank identified in 2024 were fraud, tax crimes and narcotics, which were approximately consistent with the STR crime patterns that it declared.
◎ Letters from external inspection agencies and STR crime patterns declared by First Commercial Bank in 2024
Application of regulatory / technology (Regtech)
Artificial intelligence and machine learning (AI/ML) technology is at the heart - and an important part - of regulatory technology, and the subsidiary bank has utilized or adopted the following technologies and control measures, in order to lower regulatory cost while enhancing regulatory performance:
・Leveraging robotics process automation (RPA) to boost efficiency while reducing various business workload.
・Full implementation of AML system in regular customer review operations. Corresponding investigation frequencies are issued according to the money laundering risk level of customers. The AML system automatically initiates investigations and generates MIS reports to reinforce surveillance and management, thereby reducing the possibility of human error within operations.
・Designing a digital smart equity calculation tool in-house, using automated system tools to calculate the equity structure and to generate an equity structure chart, in hopes of increasing operational efficiency and accuracy in identifying senior management personnel and real beneficiaries.
・Referencing red flag indicators identified by American financial regulatory agencies, as well as typology examples for monitoring what is suspected to be money laundering, terrorism financing or weapons proliferation and transaction associated with virtual currency platforms and transaction-based businesses, which have been promulgated by the FSC; adding a new typology to the AML system for customers who frequently change their emails; lowering money-laundering risks associated with providers of virtual asset services through utilizing system automation monitoring and controls.
・To align with the Society for Worldwide Interbank Financial Telecommunication's (SWIFT) adoption of the ISO 20022 message specifications standardized format (MX messaging), the Bank has added an audit module for MX messaging to its domestic AML system, which audits the names of incoming or outgoing MX messages. By doing so, the Bank hopes to strengthen the operating mechanism for anti-money laundering and counter-terrorism financing.
・The Bank has incorporated transactions involving frequent deposits into personal accounts in the AML system for monitoring & control, in order to enhance our tax risk management.
・The New Actimize System has been installed for overseas branches and AI monitoring technology has also been introduced, in order to enhance control over related accounts and detect potential risks of money-laundering transactions.
Preventing financial fraud
As financial fraud incidents are quite rampant recently, the subsidiary bank has joined the Criminal Investigation Police Office's "Eagle Eye Anti-Fraud Alliance" to prevent customers from sustaining property losses. The Bank has developed an AI-enabled early-warning mode for account warning, enhanced monitoring and control over transactions, and signed a "Letter of Intent for Cooperation in the Anti-Fraud Project" with the Criminal Investigation Police Office on March 25, 2025, in order to jointly counter financial fraud. The Bank also plans to introduce the "associated network and dynamic money flow" analytical tool, and establish a "Bank-wide Joint Defense Mechanism", as part of its efforts to stay on top of all accounts with suspicious money flow while improving the successful rate of fraud interception. For over-the-counter operations, the Bank has formulated the "Gentle Reminders & Questions for Over-the-Counter Operations" and "Notices for Business Units to Protect Account Holders from Fraud & Be Mindful of Large Sums of Over-the-Counter Cash Withdrawals". With respect to customers who are making a withdrawal/remittance, applying for designated account transfer, elderly customers making a withdrawal exceeding a certain amount, or those who have manifested early warning signs or suspicious signs of fraud, the Bank would reach out to them with gentle reminders and questions. We would also notify the local prescient in a timely fashion for on-site investigation or police escort. Furthermore, the Bank has enhanced its employee education training to reach out to customers over the counter, as we properly utilize case studies provided by the National Police Agency as well as media reports of the latest fraud schemes, in order to boost interception effectiveness. In 2024, our performance in countering financial fraud continued to grow, as the number of cases and the amount were up by 3% and 34.3% respectively from 2023.
◎ Results of our anti-financial fraud efforts over the past 3 yearsUnit: Case/NT$10,000
Apart from enhancing employee education training and raising their regulatory compliance awareness, subsidiary companies, including First Securities, FSITC and First Life Insurance, have also disseminated anti-financial fraud information and financial knowledge to our customers and the public via their official websites, social media platforms, apps, and digital channels.