To integrate and promote the establishment and operation of overall risk management mechanism, E.SUN has set up its risk management department, which is responsible for formulating risk management policies and procedures, supervising the implementation of each subsidiary, and regularly reporting to the board of directors, audit committee, and risk management committee.
The AML/CFT management mechanism and structure of E.SUN's subsidiaries are as follows:
E.SUN continually realizes internal and external regulations and treats AML/CFT compliance tasks as its long-term mission; continues to promote matters for strengthening AML/CFT; benchmarks with international AML laws and regulations; review regularly on AML policies and procedures of domestic and overseas affiliates; refines due diligence customer review and control measures, and constantly develops global AML monitoring systems, all for the benefit of better AML/CFT in the overall financial environment. In terms of international regulatory trends, guidelines issued by organizations such as the Financial Action Task Force on Money Laundering (FATF) are closely followed, as well as international trends in money laundering, emerging technologies and frauds, covering environmental crime, medical crime, terrorism financing, arms proliferation, trade-based money laundering, digitalization, virtual currency, and dummy accounts, etc. E.SUN FHC complies with the regulations of competent authorities, and strengthens various AML/CFT mechanisms of its subsidiaries in line with FATF's "Forty Recommendations". The implemented AML/CFT management mechanisms can be divided into six dimensions, including policies and procedures, customer due diligence, watch list filtering, suspicious transaction reporting, technology application, and annual independent assessment, with specific actions and achievements illustrated as follows:
E.SUN FHC and its subsidiaries have established AML/CFT policies and procedures with regard to aspects such as due diligence, name screenings (watch list filtering), transaction monitoring, employee management, and record keeping. In 2023, E.SUN conducted regular review on relevant policies and procedures. The company has formulated "Guidelines on Group-wide Information Sharing" to set up procedures of group-wide customer due diligence information sharing, and include the overall implementation as a part of the annual performance report to the board of directors. Additionally, based on the "Risk Appetite Declaration for Money Laundering and Financing of Terrorism", the risk appetite standards of institutional risk assessment are precisely defined. Key risk indicators are monitored by the AML/CFT Risk Dashboard.
In 2023, subsidiary E.SUN Bank amended the "Anti-Money Laundering and Combating the Financing of Terrorism Policy", adjusting the criteria of customer involved with virtual currency and definition of virtual currency activities referring to the "Regulations Governing Anti-Money Laundering and Countering the Financing of Terrorism for Enterprises Handling Virtual Currency Platform or Transaction". Regulations and guidelines related to customer due diligence are also revised to include Third-Party Payment Providers (TPPP) as industry/occupation of high-risk, and online lending platform operators (P2P) as well as Virtual Asset Service Providers (VASP) as special high risk. Exceptions for beneficial owner identification of are also added.
For subsidiary E.SUN Securities, in 2023, the "Risk Appetite Declaration for Money Laundering and Financing of Terrorism" is revised to include the FATF grey list as high risk countries, in line with the Country Risk Assessment methodology of the parent company. Additionally, the "Anti-Money Laundering and Counter-Terrorism Financing Guidelines" and the "Anti-Money Laundering and Counter-Terrorism Financing Guidelines for Concurrent Futures Brokers" will be revised to establish a consistent approach and principles for accepting VASPs within the group.
E.SUN's due diligence procedures are as follows:
E.SUN continuously develops its IT systems, optimizes operational processes, and integrates customer information to improve Customer Due Diligence (CDD) / Enhanced Due Diligence (EDD) operations. Subsidiary E.SUN Bank has launched its self-developed CDD/EDD system, "Customer Due Diligence Platform (CAML)". CAML provides one-stop service for various due diligence scenarios, covering onboarding stage, ongoing stage and trigger events, with a view to increase the mastery of customers' identification. The platform allows employees to access up-to-date customer information as well as retained documents, and automatically integrates external public equity structure information to assist in identification of ultimate beneficial owners. Subsidiary E.SUN Securities has also launched its self-developed "Account Review Platform" to complete account review operations and access up-to-date customer information and retained documents.
When assessing customer risk, various factors such as background, industry, socioeconomic activity characteristics, region, organization type, and structure of non-natural person customers must be considered. This includes whether the customers are from high-risk money laundering and terrorism financing countries or industries prone to money laundering and terrorism financing. For customers identified as high risk or possessing specific high-risk factors, enhanced due diligence will be executed, including verification on the source of funds and wealth. The aforementioned customer transactions can only be undertaken with the approval of senior management. Moreover, transactions involving extremely high-risk jurisdictions such as Iran and DPRK are prohibited, nor are onboarding entity customers whose business involves certain virtual currency activities acceptable.
For due diligence measures of customers from "non-face-to-face" channels, E.SUN has both applied confirmation procedures equivalent to those for face-to-face customers, and adopted adequate measures to mitigate risk. E.SUN Bank and E.SUN Securities provide specific, clear instructions for applying for digital bank accounts and online securities accounts on their official websites, including the required documents, application qualifications, and inquiry instructions on approval progress and supplementary document. Furthermore, both subsidiaries continually encourage customers to use online banking, mobile banking, or the "Personal Basic Information Update Platform (eKYC)" for online data updates to assist customers in completing account reviews. For entity customers, online data updates for account reviews are also available in 2023.
E.SUN improves its watch list filtering operations through the continuous development of IT systems. E.SUN Bank has launched its self-developed "Name Screening System (SAML)". SAML enhances the update frequency of important sanction lists by directly connecting to relevant official websites, prevents duplicate case reviews, and increases matching accuracy with scanning engines utilizing big data and language analysis. In 2023, the system further integrates SWIFT message screening of overseas units. E.SUN Securities strengthens its efficiency and effectiveness of watch list filtering operations by utilizing the AML/CFT query system established by the Taiwan Depository & Clearing Corporation with the aid of Dow Jones Risk & Compliance database.
For establishing business relationship or providing new services, E.SUN conducts real-time checks on customer names and those of their associates, as well as daily batch scanning and name list updates. When conducting specific transactions, the related parties, such as remitters and beneficiaries, are also checked. The lists adopted by E.SUN include, but are not limited to, the Taiwan Ministry of Justice (MOJ) Sanctions List, the United Nations Security Council (UNSC) Comprehensive Sanctions List, the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) Specially Designated Nationals List (SDN-List), and lists published by the local regulatory authorities of overseas branches. In response to the recent international sanctions against Russia, subsidiary E.SUN Bank has announced relevant information on the official website, reminding customers to be cautious of whether their counter parties and goods are involved with sanctions regimes in order to ensure the transactions are clear of sanctions.
To verify whether customers and the corresponding ultimate beneficial owner belong to PEP/RCA, identifications are conducted via IT systems with name list databases during specific events, including the establishment of business relationships, the addition of new relationships, regular reviews, and trigger event reviews. If confirmed as PEP/RCA, enhanced due diligence and strengthened transaction monitoring will be conducted. Verification on source of funds and wealth along with senior management approval are also required before proceeding. Moreover, high-risk PEP/RCA customers must undergo annual reviews, and related transactions will be subject to enhanced monitoring.
In terms of suspicious transaction monitoring, E.SUN refers to typologies published by regulatory authorities, and conducts transaction monitoring for all transactions through system assistance and manual processes, covering customers, employees, and financial institutions involved with E.SUN. Alerts generated by the system are investigated by dedicated personnel to verify the reasonableness of customer occupation/industry, source of funds, purposes of transactions, and whether transaction activities are consistent with past patterns, while also retaining investigation records. Suspicious transactions discovered by branch staffs and relevant information are reported to dedicated units via internal reporting mechanism, and further investigations will be conducted by dedicated personnel.
IIf deemed suspicious, the transactions will be reported to the Financial Intelligence Center (FIU). The entire reporting processes are conducted through a dedicated computer with all portable devices blocked. All personnel in dedicated units are obliged to confidentiality agreements with a view to ensure reporting information cannot be leaked to unrelated third parties. In 2023, subsidiary E.SUN Bank has launched it self-built "Internal Suspicious Transaction Report Platform (ISTR)", optimizing the process of filing internal STR from business units to the dedicated unit. ISTR is also connected with the "Transaction Monitoring System (GAML)" for enhancements in the accuracy and efficiency of case management.
In order to enhance operational efficiency and reduce the risk of manual error, E.SUN has self-developed Robotic Process Automation (RPA) programs to handle highly repetitive, routine tasks through automation or semi-automation. Machine learning models and platforms are also applied in practical scenarios, including adverse media collection, watch list filtering, and abnormal transaction detection, combined with business logic or manual operations to improve case review efficiency. Moreover, E.SUN has exploited the technology of Artificial Intelligence (AI) by integrating self-built model into the transaction monitoring system. To assist in case investigation and analyze of customer abnormal behaviors, Alert Model and Customer Cohort Model are developed and launched at the end of 2023.
E.SUN maintains records and files related to the implementation of AML/CFT, as well as records and vouchers of customer transactions, for at least five years after the end of customer business relationships or temporary transactions. This is done to facilitate future inspections and inquiries, and to provide evidence of efforts in AML/CFT.
Item |
Description |
|
Overall Assessment |
Internal Control System Statement and Independent Assurance Report |
Each subsidiary issues a statement on the internal control system for AML/CFT, jointly signed by the chairman, general manager, chief auditor, and the dedicated AML/CTF supervisor. The statement is filed on the website of supervisory authorities and on the company's official website. In 2023, subsidiary E.SUN Bank continues to commission PricewaterhouseCoopers (PwC) to conduct auditing of the AML/CFT internal control system, and the assurance report is issued with opinion of fair presentation in material aspects. |
Institutional Risk Assessment (IRA)
|
In 2023, E.SUN continues to improve its risk assessment methodology by strengthening the analysis of quantitative data and control effectiveness. In response to recent trend of crimes and financial regulatory requirements, new control points are added for the evaluation of control effectiveness. The methodology enables a holistic understanding to the money laundering and terrorist financing risk faced by E.SUN. The results are reported to the board of directors and filed with the supervisory authorities. Additionally, the "Risk Appetite Declaration for Money Laundering and Financing of Terrorism" clarifies the acceptable minimum control measures and maximum residual risk levels for the institution's AML/CTF risk assessment, further enhancing the overall risk assessment framework. |
|
Various control mechanism effectiveness verification |
Transaction Monitoring |
To ensure the appropriateness of the transaction monitoring system, the dedicated unit assesses the consistency, accuracy, and rationality of transaction monitoring data under the guidance of external consultant's methodology. Through analyzing the statistical distribution of customer transaction data, the reasonableness of threshold settings is examined to evaluate whether the transaction detection logic is effective and meets the needs of E.SUN./p> |
Watch List Filtering |
E.SUN continues to engage with independent third-party, the Society for Worldwide Interbank Financial Telecommunication (SWIFT), to verify the effectiveness of its watch list filtering system. The major testing aspects include previse matching and fuzzy matching, with a view to evaluate the system performance in customer and transaction scanning, ensuring that the requirements on system effectiveness are met. |
E.SUN FHC discloses its AML/CFT policies, risk appetite, and AML questionnaires (Wolfsberg CBDDQ Questionnaire) on its official website, while subsidiary E.SUN Bank and E.SUN Securities also disclose internal control statements for AML/CFT on their official websites to enhance transparency.