Protection of Customer Rights - Taiwan Cooperative Financial Holding Co., Ltd

TCFHC upholds a customer-centric service philosophy and strictly adheres to relevant regulations to ensure transparency and fairness in all business activities. To enhance service quality and customer experience, we continue to provide comprehensive communication and complaint channels, ensuring that customer rights are not compromised while creating maximum value and trust for our clients.

Maintenance of Customer Relations

To improve the quality of customer service, TCFHC engages with consumers every year, listens attentively, and seeks to understand their opinions on ﬁnancial products and services. We have established a comprehensive tiered system and handling process for customer complaints to ensure effective resolution within the required time frame and to safeguard customer rights.

Customer Satisfaction

TCB, TCS, and BNP TCB Life conduct customer satisfaction surveys annually. Based on the survey results, we thoroughly review areas in the service process that require improvement to continuously enhance the overall service experience.

Customer Communication Channels

TCFHC has set up smooth communication and complaint channels, including a hotline and email. As soon as the Group receives a complaint case, it is registered and handled through the customer complaint operational procedure. The entire processing of any case is handled in accordance with the “Personal Information Protection Act” to protect customers’ privacy. The handling process and the resulting improvement measures are then reported to the president to ensure the reﬁnement of customer service. In 2024, the total number of customer complaint cases the Group received was 275. Among them, 5 cases were rated as Level D and the others as Level C, all of which were dealt with and closed.

Since 2023, TCB has adopted the international standard for customer complaint quality management—ISO 10002—from the British Standards Institution (BSI). By referencing global regulations and practices for complaint handling mechanisms, TCB has conducted a comprehensive review of customer complaints. Responsible departments are required to identify the root causes of complaints and implement corrective actions accordingly. Furthermore, to ensure that customer concerns are properly addressed or responded to, starting in 2024, TCB follows up within 30 days after case closure to check whether the customer has raised any further opinions regarding the same issue. For unresolved cases where consensus has not been reached, continued follow-up is conducted, demonstrating TCB’s commitment to protecting ﬁnancial consumers through concrete actions.

Combating Financial Fraud

In recent years, fraud schemes have become increasingly rampant and sophisticated. To protect the public’s ﬁnancial assets, TCB established a cross-departmental anti-fraud taskforce composed of representatives from sales, compliance, and technology teams. This taskforce collaborates across multiple areas to block fraudulent activities and has established an internal anti-fraud early warning system. Following the guidelines of the “Precautions for Suspicious Illegitimate or Obvious Abnormal Transactions of Savings Accounts” and “Caring Questions for Customers Seeking Counter Service,” TCB enhances KYC procedures, performs caring inquiries, and implements control measures for suspected mule accounts during in-person deposits, withdrawals, or remittances. Daily customer transaction monitoring is conducted via reports and fraud models to manage abnormal accounts in real time. A comprehensive abnormal transaction reporting mechanism is also in place, with the 24-hour customer service center responsible for receiving and handling joint fraud prevention reports. An “Early Warning Mechanism for Accounts Potentially Involved in Domestic and Cross-Border Fraud” has also been established, enabling cooperation with the police to prevent customers from falling victim to scams. To further strengthen technology-based fraud prevention, the AI Fraud Prevention and Early Warning Model was introduced in July 2024, using AI technology to analyze customer behavior and assist frontline staff in promptly intercepting illegal fraud. In addition, to ensure the effective implementation of fraud prevention measures, we completed “mystery shopper audits” in 2024 at 66 business units to verify and manage the early warning lists generated by the model, and also conducted on-site supervision of the top 10 business units with the highest number of newly ﬂagged accounts.

Given the rise of new types of fraud crimes, we have used multiple channels in 2024 to raise awareness and show concern for customers. For example, specially designed reminder cards for “in-person caring questions” are placed at NTD counters to enhance caring and questioning skills of business unit personnel and help customers use the National Police Agency’s “3-Step Investment Scam Self-Check” to determine whether they are being scammed. For customers aged 55 and above, the system automatically prompts tellers to ask caring questions when they conduct deposits, withdrawals, remittances, or terminate time deposits. For withdrawals exceeding NT$1 million, real-time SMS alerts are sent. We have also enhanced risk parameter controls for transaction types related to credit card fraud. When a customer applies to designate a receiving account and the “total number of times it has been designated” reaches a risk threshold, additional care is required. Real-time SMS notiﬁcation service has also been added for lost ﬁnancial card reports to protect customer rights and interests. In addition, TCB periodically publishes the latest anti-fraud awareness videos, real-case examples, and level-based online fraud detection games on its Facebook page, official website, branches, and ATMs to strengthen fraud prevention education.

To enhance employees’ awareness of fraud prevention, we held 4 deposit and remittance teller training sessions and 14 sessions on fraud prevention case studies and ﬁnancial fraud trends in 2024, with a total of 1,898 participants. To raise public awareness of fraud prevention and enhance efforts to prevent financial fraud in remote areas, we collaborated with police departments and people in these regions and held 11 sessions of the “Fraud Prevention and Financial Literacy Enhancement” campaign, with a total of 261 participants. Additionally, 3 campus events titled “Fraud Prevention Pioneers: Stay Safe in Your Youth” were held at universities, educating 376 students on anti-fraud knowledge and skills.

To encourage staff to help prevent the public from falling victim to fraud, TCB has established an incentive mechanism for employees who intervene in fraud attempts. Based on the amount prevented, employees are either awarded bonuses or given commendations. In 2024, a total of 344 cases were stopped, preventing approximately NT$270 million in losses. A total of 67 commendations were granted, and NT$591,000 in bonuses was awarded. In addition to individual bonuses, business units that successfully intercepted fraud cases also received additional points in regulatory compliance evaluations. Moreover, a TCB employee was recognized in the 2024 “Senior Forum on Financial Fraud Prevention” as an outstanding frontline bank teller for effective caring questions made at the counter.

Fair Customer Treatment

TCFHC incorporates the spirit of fair treatment into its service processes and corporate culture, while continuously strengthening employee training to ensure that all customers are treated without discrimination, thereby fulﬁlling its duty to protect every customer.

Principles for Treating Customers Fairly

To effectively protect the rights and interests of ﬁnancial consumers, TCB established the “Consumer Protection and Fair Customer Treatment Promotion Committee” in 2019, with the president serving as the convener. The committee is composed of an executive vice president, a chief compliance officer, and 22 supervisors from the business management units of the headquarters as committee members. They are responsible for formulating policies and strategies concerning the Principles of Treating Customers Fairly, handling significant consumer disputes, and reviewing the progress and evaluation results of promoting fair customer treatment. They also periodically compile customer complaints and Financial Ombudsman Institution (FOI) cases, as well as reﬂections on and improvements made regarding respective cases, and submit them to the Board of Directors.

TCB, TCS, BNP TCB Life, and TCBF have all established policies and implementation regulations relevant to the Principles for Treating Customers Fairly, added friendly financial service regulations, and coordinated the implementation efforts of relevant departments. A dedicated unit centrally manages implementation and compiles how the regulations are enforced before reporting to the Board of Directors, so that colleagues honor the principles of being honest and truthful in various aspects, namely, the distribution of products and services, advertising and soliciting, protection of the right to complain, and professionalism of salespersons, and abide by the “Ethical Corporate Management Best Practice Principles”, “Financial Consumer Protection Act”, and “Financial Service Industry Principles for Treating Customers Fairly”. We also require our financial consultants to sign the “Code of Behavior for Wealth Management Employees” before onboarding or conducting business to ensure the rights and interests of customers, and we conduct annual credit audits on the ﬁnancial consultants.

To implement the principle of friendly ﬁnancial services, TCB regularly reviews the causes handling methods of cases involving messages left by senior and disabled customers. TCB continues to optimize the operating system for messages and the webpage of the website’s mailbox for the public to ensure its products and services meet customer needs and protect ﬁnancial consumers’ rights. The “Advanced Workshop on the Principles for Treating Customers Fairly” was held in August 2024. Members of the FOI were invited to share and discuss ﬁnancial laws, regulations, and cases with high-ranking managers such as directors, vice presidents, the chief compliance ofﬁcer, the general auditor, and unit heads. Topics included “Insights of Reviewed Cases”, “Financially Friendly Services”, and the “Convention on the Rights of Persons with Disabilities (CRPD)”, to strengthen and consolidate the protection of customer rights.

The subsidiaries also regularly organize employee education and training, conduct internal evaluations, or initiate secret customer testing to understand the implementation of the Principles for Treating Customers Fairly and to formulate improvement measures. No major deﬁciencies were found in the internal audit results for 2024.

Procedures for Product Review

All the ﬁnancial products or services introduced by the Group, including design and planning, promotion, marketing, fulfillment of contract requirements, service consultation, handling of customer complaints, and financial consumption disputes, take into consideration the needs of customers to ensure they are treated fairly and reasonably. In addition to complying with the Financial Consumer Protection Act and the regulatory requirements deﬁned for the speciﬁc type of business, internal reviews are required to ensure the absence of improper content, untruthful statements, and other conditions that may mislead consumers or violate applicable laws and self-regulatory rules associated with the products. If the said products require approval from competent authorities before being made available for sale, they shall still be adequately examined for appropriateness in light of actual sales of ﬁnancial products, consumer feedback, and applicable laws. Before the Group enters into a contract to provide ﬁnancial products or services to customers, it adheres to the principles of fairness, reasonableness, equality, reciprocity, and good faith, fully explains the important contents of the ﬁnancial products, services and contracts, and fully discloses risks.

Privacy Protection Policies and Management

As the financial businesses operated by each subsidiary involve a large amount of personal information, the Group has improved the content of privacy protection through 3 aspects: “Customer Information Conﬁdentiality”, “Privacy Statement on the Sharing of Customer Information”, and “Protection of Personal Information”. Related management measures have been incorporated into the dedicated unit’s “Checklist of Self-Evaluation on Legal Compliance”, which is conducted every 6 months to enable regular self-assessment and ensure compliance.

Customer Information Conﬁdentiality

To provide customers with more complete and diverse ﬁnancial products or services, the Company has formulated the “TCFHC Customer Information Confidentiality Measures” and published them on the official websites of the respective subsidiaries. These measures include specific information on how customer data are collected, stored, and retained, data security and protection, data classification, scope and items of utilization, purpose of data utilization, to whom the data are disclosed, how to change and modify customer data, what to do if customers are unwilling to receive information on shared marketing events of the Group or unwilling to allow inter-utilization of their data throughout the Group, and disclosure of the subsidiaries among which customer data are disclosed and utilized interchangeably.

Customer Data Sharing Privacy Protection Statement

To improve customer convenience, strengthen the Company’s risk management, and promote cooperation among ﬁnancial institutions to ensure consumer rights, the Company has formulated the “Customer Data Sharing Privacy Protection Statement” under the principle of information security, allowing appropriate use of customer data. The Company has established a control mechanism for sharing data among financial institutions within the Group. It has also disclosed the “Privacy Statement on the Sharing of Customer Information” on its official website, which includes customer protection measures when sharing data and methods for protecting customer rights and interests, thereby improving the Group’s transparency in data sharing and enhancing customer trust.

Protection of Personal Information

The Company has formulated the “Personal Data Protection Management Policy”, which applies to the Company, its subsidiaries, and suppliers entrusted by the Company and its subsidiaries to collect, process, or use personal data, to implement the Group’s protection of personal data and privacy rights. Meanwhile, there are also the “Personal Data File Security Maintenance Measures” and the “Personal Data File Security Audit Mechanism”. In addition, all subsidiaries are equipped with personal data protection management policies or utilization guidelines. For example, TCB governs the “nature of customer data”, “method of use”, “retention period”, “access, transfer, amendment, and deletion”, “disclosure to third parties”, and “freedom of choice whether to provide relevant personal data and types of data”, among other customer rights and interests, and fully discloses them on its ofﬁcial website to inform customers. Full disclosures or notiﬁcations are also provided through the products or services. In addition, guidelines are in place for changing related information, cancelling utilization, and ﬁling grievances.

The Company and its subsidiaries have also set up an operational organization for personal data protection management to promote and handle the security audit of personal data files, develop acceptable risk values for personal data ﬁles, and conduct risk assessment and self-assessment operations for personal data ﬁles. In addition, according to the “Personal Data Protection Management Policy”, the Company is required to conduct internal audits on a regular basis to check the effectiveness of the personal data protection management system and its implementation. In accordance with regulatory requirements, subsidiaries are required to engage external institutions to conduct audits. For example, TCB and TCBF include personal data protection management in the annual internal control system audits conducted by certiﬁed public accountants, while BNP TCB Life engages accountants annually to perform compliance assessments. These measures help monitor and improve the effectiveness of personal data protection management. In 2024, TCB and BNP TCB Life obtained the “BS 10012:2017 Personal Information Management System” international standard certiﬁcation and maintained the validity of the certiﬁcate. TCS also completed external veriﬁcation by the Taiwan Personal Information Protection & Administration System (TPIPAS), successfully passed the veriﬁcation update, and continued to maintain the validity of the TPIPAS veriﬁcation.

Procedures for Handling Privacy Protection

In response to security breaches, including personal data being stolen, altered, damaged, destroyed, or disclosed, the Company has established the “Response Notifications and Preventions of Personal Information Breach”. Each subsidiary has also implemented personal data incident response and reporting procedures. For example, TCB follows the “Guidelines for Handling and Reporting Personal Information Security Incidents” when handling personal information incidents involving information leaks. For general personal information incidents, the units in charge should be notiﬁed ﬁrst, and the response procedure includes investigating the cause, notifying the parties involved, and discussing corrective and preventive measures. Where customer information is involved and the incident is classified as a material event, the Crisis Management Taskforce will be assembled to perform post-incident response measures while maintaining close communication with the customer and issuing a standard news release if necessary. In addition, the Group also has regulations such as the “Personal Data Protection Management Policy” and “Employee Reward and Punishment Points”. Any employee found leaking business secrets or violating internal regulations will receive reprimands, demerits, or even termination of their labor contracts as punishment. In addition, if suppliers or their staff violate applicable regulations governing personal data protection or agreements concerning the protection of personal data, resulting in damages borne by the Company or its subsidiaries, they will be responsible for indemniﬁcation. In 2024, within the Group, only TCB had 1 case in which a staff member failed to handle and safeguard customer information in accordance with internal regulations, resulting in the disclosure of a customer’s account information to a third party and affecting 1 customer(the percentage of data leakage related to personal information is 100%). As a result, the Financial Supervisory Commission imposed a ﬁne of NT$20,000 in 2025. All other subsidiaries reported no incidents of data leakage, no affected customers, no penalties for violations of personal data protection regulations, and no related complaints. In addition, in terms of the use of TCB’s customer personal data, approximately 55.34% of customer data was reused for secondary purposes under conditions that did not violate relevant regulations or agreements with customers.

Training and Education on Privacy Protection

The Group regularly organizes personal information protection training. For example, TCB provided the “Awareness Promotion and Educational Training on Personal Data Protection Management”, and BNP TCB Life rolled out “Personal Information Protection Courses” on its digital learning platform to raise security and legal awareness regarding the use of personal information in daily operations.