Newsletter
The Fraud Prevention Act and the Communications Security and Surveillance Act Amendments Enacted
The Fraud Prevention Act and the Communications Security and Surveillance Act Amendments Enacted
Ken-Ying Tseng / Derrick Yang
To prevent and deter fraud, the Fraud Prevention Act (“FPA”) and the amendments to the Communications Security and Surveillance Act (“CSSA”) passed the third reading at the Legislative Yuan on July 12, 2024.
The FPA establishes fraud prevention measures and imposes anti-fraud obligations on financial service providers (including virtual asset service providers (“VASP”)), telecom and digital economic related industries (including online advertising platforms of a certain scale, third-party payment services, e-commerce and online game). The CSSA amendments include the notification, remedy, and supervision procedures concerning Internet traffic records access warrant issued by prosecutors or judicial police officers.
According to the FPA, financial institutions and VASPs should enhance customer due diligence, strengthen control mechanisms and collaborate with judicial police agencies on establishing a joint prevention and reporting mechanism. In addition, telecom operators should implement a real-name certification system for subscribers, cooperate with competent authorities or judicial police agencies to restrict or cease the provision of services to subscribers, and strengthen the identity and exit/entry record verification mechanism for international roaming services. Violation of such obligations would be subject to consecutive fines from competent authorities.
Particularly, the FPA strengthens the supervision of digital economic industries. An online advertising platform provider without a local office, residence, or branch must designate a local legal representative. An online advertising platform provider should verify the identities of advertisers and sponsors, disclose the information on the publishers, and cooperate with the competent authorities or the judicial police agencies on take-down request or other anti-fraud measures. Third-party payment providers should also strengthen customer due diligence, implement control measures, and retain relevant information and transaction records. E-commerce and online game operators should take reasonable measures to prevent the abuse of their services for fraudulent purposes, and cooperate with the notifications of judicial police agencies or the competent authorities of the target business to suspend provision of services to subscribers. Additionally, online advertising platforms, e-commerce platforms, and online gaming service providers should provide the requested fraud-related documents within three days after receiving information requests from the courts, the prosecutors' office or judicial police agencies. Violation of such obligations would incur consecutive fines, and the competent authorities may further impose internet traffic control measures, domain name seizure (stop resolution) or access restriction.
Aside from the internet traffic control measures, domain name seizure (stop resolution) or access restriction and certain telecom-related anti-fraud measures, other provisions of the FPA will take effect on the third day following the President's official announcement of the FPA. Thereafter, the competent authorities will establish ancillary tiles for the implementing anti-fraud measures.
If digital economic service providers, telecom operators, financial service providers or VASPs have any questions regarding anti-fraud measures, please do not hesitate to contact our Corporate and Investment Practice Group, Digital, TMT and Data Privacy Practice Group, Banking and Finance Practice Group, or Capital Markets Practice Group for more information.