Taiwan’s Money Laundering Control Act (MLCA) establishes the legal framework to combat money laundering and related crimes. The MLCA broadly defines money laundering as activities that conceal, disguise or use proceeds from specified unlawful activities, or that obstruct the investigation and seizure of such proceeds (Article 2). “Specified unlawful activities” cover a wide range of serious offenses – from major fraud, tax evasion and organized crime to drug trafficking, smuggling and financial market crimes – essentially matching the FATF concept of predicate offenses. The Act targets proceeds of crime and even applies extraterritorially to Taiwanese nationals (Article 23); it also mandates enhanced international cooperation.Regulated EntitiesUnder the MLCA, “financial institutions” include all banks (commercial, credit unions, farmers’ associations, postal financial services, etc.), securities firms, insurance companies, trust companies, credit card companies and other financial businesses (MLCA Article 5). The law also covers designated non-financial businesses and professions (DNFBPs) such as jewelry dealers, real estate brokers, lawyers, accountants and others when they handle large or high-value transactions. Since 2017, the MLCA explicitly brings virtual asset service providers (VASPs) – i.e. cryptocurrency exchanges, custodians and payment platforms – under the AML regime. All these entities, whether supervised by the Financial Supervisory Commission (FSC) or other regulators, are subject to AML obligations.Customer Due Diligence and RecordkeepingAll obligated institutions must follow a risk-based approach to customer due diligence (CDD). This means identifying and verifying customers and beneficial owners, understanding the nature of the customer’s business, and keeping records of identification data. Enhanced due diligence is required for higher-risk situations, such as customers who are politically exposed persons (PEPs) or those from high-risk jurisdictions. Firms must retain CDD records – such as identity documents and ownership information – for at least five years after the business relationship ends (MLCA Article 8). In addition, they must keep detailed transaction records (domestic and cross-border) for at least five years (MLCA Article 10). These requirements are reinforced by FSC rules that define the scope and procedures for record-keeping and customer verification.Suspicious and Large Currency Transaction ReportsAll financial institutions and DNFBPs must report any suspicious transaction or attempted transaction to the Financial Intelligence Unit (FIU), which is Taiwan’s Anti-Money Laundering Division within the Ministry of Justice (MLCA Article 13). In practice, firms file Suspicious Transaction Reports (STRs) whenever transactions raise red flags. Institutions also must file Currency Transaction Reports (CTRs) for cash transactions above the regulatory threshold (MLCA Article 12). (The threshold and reporting forms are set by statute and regulation.) Reporting officers are legally protected, and those who submit STRs/CTRs in good faith are exempt from confidentiality rules. Failure to report required transactions – whether suspicious activities or large cash movements – may result in fines under the MLCA, which can be applied per violation.Internal Controls and TrainingAll covered institutions must maintain a robust internal control and audit system. This system must include written AML/CFT policies, a designated compliance officer, risk assessments, periodic audits and staff training. FSC regulations further require regular training of personnel and formal management oversight. For example, banks are required to conduct regular tests of their AML systems and to have senior executives formally certify that controls are in place. In short, institutions must embed AML compliance into their operations and ensure that policies are effectively implemented.Regulator OversightThe Financial Supervisory Commission (FSC) enforces AML compliance for financial institutions. Its Banking, Securities and Futures, and Insurance Bureaus each examine institutions, require periodic AML reports, and can impose administrative sanctions for non-compliance. In recent years, Taiwan has increased enforcement: for example, in 2025 the FSC fined Bank of Taiwan (a major state-owned bank) about NT$22 million for AML control failures, including inadequate monitoring of employee transactions. Beyond administrative action, Taiwan’s laws also carry criminal penalties: under the MLCA, money laundering (Article 19) is punishable by up to ten years’ imprisonment (with lower terms for lesser amounts), and breach of reporting obligations can carry fines. These penalties apply even if the underlying crime happened overseas. The threat of both fines and prosecution drives firms to stay vigilant.Enforcement in the Virtual Asset SectorIn recent years Taiwan has tightened AML rules for cryptocurrency and other digital assets. New FSC regulations (effective 2025) require VASPs to meet the same AML standards as banks: obligations include full CDD, record-keeping, filing STRs/CTRs, and securing customer assets. VASPs must also collect and share originator and beneficiary information for all transfers (implementing the FATF “travel rule”). Importantly, the MLCA now provides criminal penalties for virtual-asset violations: VASP operators who knowingly break AML laws – such as operating without proper registration or intentionally ignoring suspicious transactions – can face up to two years in prison or heavy fines. In sum, virtual-asset transactions are squarely subject to Taiwan’s AML laws.Key Compliance PillarsPutting it all together, the pillars of AML compliance in Taiwan are:• Risk-Based Customer Due Diligence: Verify all customers and beneficial owners; update their information regularly; apply enhanced scrutiny to PEPs or other high-risk clients.• Suspicious Transaction Reporting: Monitor accounts and report any activity that raises money-laundering or terrorism-financing concerns to the AML Division (FIU), without tipping off the customer.• Currency Transaction Reporting: Report large cash transactions above statutory thresholds to the FIU, ensuring records are accurate and timely.• Record-Keeping: Maintain comprehensive files (identity documents, contracts, transaction logs, etc.) for at least five years after the transaction or end of the relationship.• Robust Internal Controls: Implement written policies and procedures, appoint a compliance officer, conduct regular risk assessments and audits, and provide ongoing training.Regulators scrutinize each pillar. If any element is missing or weak, firms may face enforcement action. For example, examiners now pay particular attention to how banks monitor cross-border and crypto-related transactions, expecting proof that AML checks are actually performed.Institutional RolesTaiwan’s AML framework relies on coordination among agencies. The FIU (the AML Division of the Ministry of Justice) receives and analyzes STRs/CTRs, generating intelligence. It works with prosecutors to investigate suspicious funds. The FSC and its bureaus supervise covered institutions, conducting AML exams and imposing fines or directives for procedural lapses. Meanwhile, prosecutors charge individuals and firms with money laundering and related offenses under the MLCA. Criminal convictions can bring heavy imprisonment and fines. In practice, an STR from a bank might trigger an FIU investigation, then a prosecutor might seize illicit assets and prosecute the case. This coordinated system ensures that both regulators and law enforcement play roles in preventing and punishing money laundering.Illustrative CasesRecent cases show how the system works. In banking, regulators penalized Bank of Taiwan for weak due diligence and failure to act on alerts – including suspicious transfers involving cryptocurrency purchases. This fine highlighted that even internal misuse of accounts must be caught by AML systems. In the crypto sphere, prosecutors in 2025 dismantled what they called Taiwan’s largest cryptocurrency money-laundering ring. Fourteen suspects allegedly ran a scheme collecting over NT$2.3 billion from investors via virtual-currency sales, then layered the proceeds through crypto exchanges. They were charged with organized fraud and money laundering. These examples underline that Taiwan’s authorities treat crypto laundering as seriously as any financial crime.Takeaways for ProfessionalsFor lawyers and compliance officers, Taiwan’s AML framework demands vigilance and adaptation. Key takeaways include:• Holistic Risk-Based Compliance: Understand the institution’s business model and risk profile. Tailor CDD and monitoring to those risks, especially in emerging sectors like fintech or crypto.• Rigorous CDD: Obtain solid proof of identity and beneficial ownership. Beware of shell companies or complex ownership structures. Apply enhanced due diligence for PEPs or unusual accounts.• Timely Reporting: Ensure systems are in place to flag and report suspicious activities (STRs) and large cash transactions (CTRs) quickly. Remember, timely good-faith reporting is protected by law.• Strong Controls and Governance: Keep AML manuals and policies updated. Assign clear roles (AML officer, auditors). Provide ongoing staff training and test your systems through audits or external reviews.• Stay Current: AML rules in Taiwan evolve. Keep up with new laws or amendments (for example, updates to CTR thresholds or new regulations on virtual assets) and international standards (FATF). Also be alert for updates from regulators (which may be published in Chinese-language guidance).• Enforcement Awareness: Recognize that lapses can lead to both regulatory sanctions and criminal charges. Recent actions in Taiwan show regulators and prosecutors following through on violations. Compliance teams should view examinations as key opportunities to demonstrate that their controls are effective.In summary, Taiwan’s AML regime combines detailed legal definitions with sector-specific regulations and active enforcement. The MLCA and FSC rules set concrete expectations for due diligence, monitoring and reporting. For compliance teams, the message is clear: build a culture of AML compliance across the organization and continuously improve controls. By doing so, firms protect themselves and contribute to Taiwan’s integrity in global financial markets.