information technology governance policy, which contains at least the following requirements: (a) conduct internal audit and operation review, systematically; (b) correct deviation and follow up the result of
following requirements: (a) conduct internal audit and operation review, systematically; (b) correct deviation and follow up the result of correction, systematically. Chapter 2 Establishment of Policies
or order must be kept until the complaint has been completely dealt with; If the giving of advice or placing of order under the first paragraph has been made via telephone or by electronics mean, a
securities company shall keep all related documents until the handling of such complaint was completed. In case where an advice or a negotiation is made by mean of telephone or via electronics, the securities