To align with the newly amended Fraud Crime Hazard Prevention Act and Money Laundering Control Act, Ministry of Digital Affairs announced three new regulations on November 29, 2024:

1. Regulations Governing the Identification and Control Measures for Customers Suspected of Fraud for Third-Party Payment Service Providers
2. Regulations Governing Anti-Money Laundering and Countering the Financing of Terrorism for Enterprises and Personnel Providing Third-Party Payment Services, and
3. Regulations Governing Anti-Money Laundering and Service Capacity Registration for Enterprises and Personnel Providing Third-Party Payment Services.

These regulations came into effect on November 30, 2024, and are primarily aimed at strengthening oversight and management of third-party payment service providers  in the fields of fraud prevention and anti-money laundering. The following are the key points of each regulation:

1. Pursuant to Paragraph 1, Article 6 of the Money Laundering Control Act, third-party payment providers must complete the Anti-Money Laundering (AML) and Service Capability Registration prior to providing third-party payment services. Ministry of Digital Affairs, in accordance with paragraph 3, Article 6 of the same act, has formulated the Regulations Governing Anti-Money Laundering and Service Capacity Registration for Enterprises and Personnel Providing Third-Party Payment Services, with the key highlights summarized as follows:

• Ministry of Digital Affairs, referencing the qualification requirements for the responsible persons of banks and specialized electronic payment institutions, stipulates that the responsible persons or beneficial owners of third-party payment service providers must not have any criminal records related to fraud, money laundering, or similar offenses. This measure aims to prevent criminal organizations from obtaining service capability registration.
• When applying for service capability registration, businesses are required to establish internal control and audit systems for anti-money laundering. These systems must include essential components such as risk assessment indicators, customer identification mechanisms, and requirements for customer’s business certification.
• Ministry of Digital Affairs’ review process includes assessing the financial soundness of business, their capability to provide third-party payment services, and their ability to implement anti-money laundering (AML) and counter-terrorism financing (CTF) measures. Regarding financial soundness, Ministry of Digital Affair stated that a credit investigation will be initiated during the application process, which focuses on whether the business has been blacklisted, experienced bounced checks, holds check accounts, or has chattel mortgage. Additionally, the Ministry will enhance its scrutiny of the applicant’s financial statements.

2. Regulations Governing Anti-Money Laundering and Countering the Financing of Terrorism for Enterprises and Personnel Providing Third-Party Payment Services, formerly titled Regulations Governing Anti-Money Laundering and Countering the Financing of Terrorism for the Third-Party Payment Enterprises, was originally enacted and promulgated in 2022. Its name has been revised in alignment with the recent amendments. The key highlights of this revision are as follows:

• This revision introduces the definition of a risk-based approach, requiring third-party payment service providers to identify, assess and understand the money laundering and terrorist financing risks they are exposed to. Third-party payment service providers must adopt appropriate measures based on the level of risk identified.
• The revision expands the customer identification measures of third-party payment service providers to include the understanding and verification of the beneficial owners of their customers.
• To assist third-party payment service providers in identifying whether actual online transactions are suspected cases of money laundering or terrorism financing, the third-party payment service providers are required to mandate their sellers to retain relevant certificates of actual online transactions and conduct regular inspections of such records. If sellers fail to provide proof of an actual online transaction, or if the contents of the transaction appear to be untrue and the transaction is suspected to be a money laundering or terrorist financing, the providers must report these cases to the Ministry of Justice Investigation Bureau.

3. According to Article 34 and 35 of Fraud Crime Hazard Prevention Act, third-party payment service providers shall enhance identity verification processes for customers suspected of fraud and may implement appropriate control measures. Regulations Governing the Identification and Control Measures for Customers Suspected of Fraud for Third-Party Payment Service Providers was established to clarify the criteria for identifying such customers and to outline the subsequent procedures. The key highlights of these measures are as follows:

• Defining customers suspected of fraud includes the following:

1. Customers holding accounts reported as suspected of fraud by courts, prosecutors’ offices, or judicial police authorities.
2. Customers whose accounts have been flagged as suspected of fraud by financial institutions or other third-party payment service providers.

• Other customers identified by third-party payment service providers as potentially involved in fraud after comprehensive consideration.
• Specifying the concrete measures that third-party payment service providers may adopt to enhance customer identification procedures. These measures include on-site visits, video calls, or voice calls to verify the customer’s status. If a customer refuses to cooperate with the enhanced identification procedure, or if the documents provided are found to be forged, suspicious, or unclear, third-party payment service providers may refuse to establish business relationships or provide services.
• In cases where an account is reported by judicial authorities as being involved in fraud, third-party payment service providers are required to suspend services or postpone appropriation. The control period may last up to two years but may be extended if necessary, with a maximum of one extension of up to one year per notification. This measure is designed to prevent the rapid transfer of funds to scam syndicates and to provide additional time to recover the misappropriated funds.