infrastructure risk. Compliance Guideline · Segregating l the developer from the system administrator that perform in the production environment. · Providing a written job description which identified clearly

. However, in the case where there is a complaint on the advise, trading instruction or negotiation and the case of the complaint has not yet been finished within such period, the securities company shall

date of the complaint received. And if the derivatives broker has not yet finished its solution to the complaint, a progress report shall be delivered to the Office every thirty days until the

or promissory notes shall not have any restriction to redeem before date of maturity; (b) segregated by its own custody which must be done in a manner that such money can be clearly identified without

complaint rapidly and report the results to the SEC Office within thirty days from the date of the complaint received. If the securities company has not finished its solution to the complaint, a progress

clearly be identified that they are forged; (5) a client whose transaction has been reported by the securities company as a suspicious transaction; (6) a client whose occupation or business is classified by

asset used as a collateral shall be identified together with the limit of the obligations. In cases where the Company or a subsidiary has intangible assets which are significant to business undertaking

systems assets or equipment assets shall be identified and inventory of these assets should be drawn up an maintained. Such inventory shall be reviewed at least once a year or upon any material change

the appendix attached herein; (2) a person identified by a management company as a connected person in accordance with the nature of conflicts of interest which the management company is required to

to be in the enterprise’s acceptable range (risk appetite); (4) establishment of IT risk indicators for risks identified under (1) and arrangement of monitoring and reports of such indicators for