FSC Outsourcing Regulations

The Financial Supervisory Commission (“FSC”) is responsible for the inspection and supervision of banks, insurance enterprises and financial institutions in Taiwan with the objective of improving business operations, maintaining financial stability, and promoting the development of financial markets.

Some of the key regulations for regulated entities to consider when outsourcing their information technology activities are:

• FSC Regulation Regulations Governing Internal Operating Systems and Procedures for the Outsourcing of Financial Institution Operation (“Banking Outsourcing Regulations”) on Financial Institutions and Regulations Governing Internal Operating Systems and Procedures for the Outsourcing of Insurance Enterprise Operation (“Insurance Outsourcing Directions”)

This regulation mandates a framework for financial institutions to manage outsourced services, ensuring operational soundness, customer interests, and regulatory compliance. It covers permissible outsourcing scope, internal risk management, customer protection rules, and strict requirements for service providers, especially for cloud-based services and debt collection, including ethical conduct.

• PDPC Regulation Personal Data Protection Act (PDPA)

The PDPA outlines Taiwan's comprehensive personal data regulations, defining broad data categories and granting data subjects non-waivable rights. It sets requirements and legal bases for data handling by government and non-government agencies, establishing a framework for civil liability, class action lawsuits, and penalties for violations.

• MoDA Regulation Cyber Security Management Act (CSMA)

The CSMA is enacted to secure the nation's digital environment, defines key terms and outlines responsibilities for government and specific non-government agencies. It mandates talent development, technology, and industry focus, along with audit and incident reporting mechanisms with penalties. This comprehensive law establishes a legal framework for national cybersecurity policies across Taiwan's public and critical private sectors.

Google Cloud’s contracts for financial institutions in Taiwan address the requirements in the Banking Outsourcing Regulations. We have also created mappings to the guidelines for both Google Cloud to assist you with understanding how we can support you with meeting the requirements and assess us as an outsourced service provider. Google Cloud is committed to addressing these requirements regardless of how financial institutions choose to use our services.