On May 16, 2025, TAI EXC updated Standard specification for internal control systems of securities firms re addition of operational requirements on customer data protection.
Securities firms must inform new clients of data collection purposes and usage scope at the time of contract signing, and disclose this information via public channels.
Any updates to data usage must be promptly disclosed, with firms ensuring relevance to original purposes, preventing data leaks via FSC-compliant security, access controls.
Clients must be given accessible means (e.g., hotlines) to exercise their rights under the Personal data protection act, including access, correction, and deletion requests.
The amendments will be effective from Jul. 1, 2025.
On Apr. 11, TAI EXC revised internal specification for securities, FCMs.
TAI EXC revised Standard specification for internal control systems of securities firms.
In addition, it revised Standard specification for internal control systems of futures commission merchants (FCMs) operating securities trading auxiliary business.
Amendments
Amend the internal audit rules in standard specifications to align with practical work.
Make amendments to the internal control system of depository clearing operations of the standard specification to align with TAI DCC's letter re customer data, #223887.
Amend the working papers, review checklist and other checklists accordingly.
Effectiveness
The amendments will be effective from Jun. 1, 2025.
May 2025 Further Amendments
On May 5, 2025, TAI EXC updated Standard specification for internal control systems of securities firms re internal audit implementation rules for TAI DCC, checklist.
The amendments will be effective from Jun. 1, 2025.
Document dated May 5, 2025, received from TAI EXC May 6, summarized on May 7.
May 16, 2025 Customer Data Protection
On May 16, 2025, TAI EXC updated Standard specification for internal control systems of securities firms re addition of operational requirements on customer data protection.
Securities firms must inform new clients of data collection purposes and usage scope at the time of contract signing, and disclose this information via public channels.
Any updates to data usage must be promptly disclosed, with firms ensuring relevance to original purposes, preventing data leaks via FSC-compliant security, access controls.
Clients must be given accessible means (e.g., hotlines) to exercise their rights under the Personal data protection act, including access, correction, and deletion requests.
The amendments will be effective from Jul. 1, 2025.
