■ AML/CFT Management Program and Enhancement
E.SUN continually realizes internal and external regulations and
treats AML/
CFT compliance tasks as its long-term mission; continues to promote
matters for
strengthening AML/CFT; benchmarks with international AML laws and
regulations;
review regularly on AML policies and procedures of domestic and
overseas affiliates;refines due diligence customer review and
control measures, and constantly develops
global AML monitoring systems, all for the benefit of better AML/CFT
in the overall financial
environment. In terms of international regulatory trends, guidelines
issued by organizations
such as the Financial Action Task Force on Money Laundering (FATF)
are closely followed,
as well as international trends in money laundering, emerging
technologies and frauds,
covering environmental crime, medical crime, terrorism financing,
arms proliferation, tradebased
money laundering, digitalization, and virtual currency, etc. E.SUN
FHC complies with
the regulations of competent authorities, and strengthens various
AML/CFT mechanisms
of its subsidiaries in line with FATF's "Forty Recommendations". The
implemented AML/
CFT management mechanisms can be divided into six dimensions,
including policies and
procedures, customer due diligence, watch list filtering, suspicious
transaction reporting,
technology application, and annual independent assessment, with
specific actions and
achievements illustrated as follows:
|
|
Policies and Procedures
E.SUN FHC and its subsidiaries have established AML/CFT policies and procedures with
regard to aspects such as due diligence, name screenings (watch list filtering),
transaction monitoring, employee management, and record keeping. In 2022, E.SUN
conducted regular review on relevant policies and procedures. The company has
formulated "Guidelines on Group-wide Information Sharing" to set up procedures of
group-wide customer due diligence information sharing, and include the overall
implementation as a part of the annual performance report to the board of directors.
Additionally, based on the "Risk Appetite Declaration for Money Laundering and
Financing of Terrorism", the risk appetite standards of institutional risk
assessment are precisely defined.
In 2022, subsidiary E.SUN Bank amended the "Anti-Money Laundering and Combating
the Financing of Terrorism Policy", adjusting the customer acceptance principles for
virtual currency companies; the "Anti-Money Laundering and Combating the Financing
of Terrorism Precautions" was revised in line with the changes in external
regulations, such as the integration of electronic payment and electronic ticket
business, and the inclusion of combating proliferation financing in insurance agent
business. The "Procedure for Selection, Update and Validation of the Black List
Database" was also amended with adjusted procedure of external name list updating,
and addition of verification record keeping for name lists shared group-widely.
In line with the changes in futures commissions merchant AML/CFT typologies by
regulatory authorities, subsidiary E.SUN Securities amended relevant policies and
procedures for concurrent futures commission merchants in 2022, including
"Anti-Money Laundering and Combating the Financing of Terrorism Precautions",
"Anti-Money Laundering Risk Assessment Plan", and "Typologies of Suspicious Money
Laundering, Terrorism Financing, and Proliferation Financing Transactions".
Additionally, under the guidance of the risk appetite of E.SUN FHC, E.SUN Securities
revised its "Anti-Money Laundering and Combating the Financing of Terrorism Policy",
clarifying its standards of risk appetite of institutional risk assessment and
periodic review on their appropriateness.
Customer Due Diligence
Senior Management Approval and Sign Off
When assessing customer risk, various factors such as background, industry,
socioeconomic activity characteristics, region, organization type, and structure of
nonnatural
person customers must be considered. This includes whether the customers
are from high-risk money laundering and terrorism financing countries or industries
prone to money laundering and terrorism financing. For customers identified as
high-risk
or possessing specific high-risk factors, enhanced due diligence will be executed,
including verification on the source of funds and wealth. The aforementioned
customer
transactions can only be undertaken with the approval of senior management.
Moreover, transactions involving extremely high-risk jurisdictions such as Iran and
DPRK are prohibited, nor are onboarding customers whose business involves virtual
currencies acceptable.
Non-Face-to-Face Due Diligence
For due diligence measures of customers from "non-face-to-face" channels, E.SUN has both applied confirmation procedures equivalent to those for face-to-face customers, and adopted adequate measures to mitigate risk. E.SUN Bank and E.SUN Securities provide specific, clear instructions for applying for digital bank accounts and online securities accounts on their official websites, including the required documents, application qualifications, approval progress, and supplementary document inquiries. Furthermore, both subsidiaries continually encourage customers to use online banking, mobile banking, or the "Personal Basic Information Update Platform (eKYC)" for online data updates to assist customers in completing account reviews.
Watch List Filtering
Combating the Financing of Terrorism and
Countering Proliferation Financing
For establishing business relationship or providing new services, E.SUN conducts
real-time
checks on customer names and those of their associates, as well as daily batch
scanning
and name list updates. When conducting specific transactions, the related parties,
such
as remitters and beneficiaries, are also checked. The lists adopted by E.SUN
include, but
are not limited to, the Taiwan Ministry of Justice (MOJ) Sanctions List, the United
Nations
Security Council (UNSC) Comprehensive Sanctions List, the U.S. Department of the
Treasury's Office of Foreign Assets Control (OFAC) Specially Designated Nationals
List
(SDN-List), and lists published by the local regulatory authorities of overseas
branches.
PEP / RCA
To verify whether customers and the corresponding ultimate beneficial owner belong to
PEP/RCA, identifications are conducted via IT systems with name list databases
during
specific events, including the establishment of business relationships, the addition
of
new relationships, regular reviews, and trigger event reviews. If confirmed as
PEP/RCA, enhanced due diligence and strengthened transaction monitoring will be
conducted.
Verification on source of funds and wealth along with senior management approval are
also
required before proceeding. Moreover, high-risk PEP/RCA customers must undergo
annual
reviews, and related transactions will be subject to enhanced monitoring.
Suspicious Transaction Reporting
In terms of suspicious transaction monitoring, E.SUN refers to typologies published
by
regulatory authorities, and conducts transaction monitoring for all transactions
through
system assistance and manual processes, covering customers, employees, and financial
institutions involved with E.SUN. Alerts generated by the system are investigated by
dedicated personnel to verify the reasonableness of customer occupation/industry,
source of
funds, purposes of transactions, and whether transaction activities are consistent
with past
patterns, while also retaining investigation records. Suspicious transactions
discovered by
branch staffs and relevant information are reported to dedicated units via internal
reporting
mechanism, and further investigations will be conducted by dedicated personnel.
If deemed suspicious, the transactions will be reported to the Financial Intelligence
Center
(FIU). The entire reporting processes are conducted through a dedicated computer
with
all portable devices blocked. All personnel in dedicated units are obliged to
confidentiality
agreements with a view to ensure reporting information cannot be leaked to unrelated
third
parties. In 2022, various system optimization and improvement projects had been
completed
to strengthen the monitoring mechanisms, including enhancing integrity in data
display,
monitoring logic and parameter thresholds, adding and adjusting management reports,
etc.
Technology Application
In order to enhance operational efficiency and reduce the risk of manual error, E.SUN has self-developed Robotic Process Automation (RPA) programs to handle highly repetitive, routine tasks through automation or semi-automation. Machine learning models and platforms are also applied in practical scenarios, including adverse media collection, watch list filtering, and abnormal transaction detection, combined with business logic or manual operations to improve case review efficiency. Moreover, E.SUN has exploited the technology of Artificial Intelligence (AI) by integrating self-built model into the transaction monitoring system. Launched at the end of 2022, the AI model enables risk-scoring on alerts by analyzing risk factors, further assisting dedicated personnel in focusing on investigation of alerts with higher predicted risk.
Record Keeping
E.SUN maintains records and files related to the implementation of AML/CFT, as well as records and vouchers of customer transactions, for at least five years after the end of customer business relationships or temporary transactions. This is done to facilitate future inspections and inquiries, and to provide evidence of efforts in AML/CFT.
Annual Independent Assessment
Item |
Description |
Overall Assessment |
Internal Control System Statement and Independent Assurance Report |
Each subsidiary issues a statement on the internal control system for AML/CFT, jointly signed by the chairman, general manager, chief auditor, and the dedicated AML/CTF supervisor. The statement is filed on the website of supervisory authorities and on the company's official website. In 2022, subsidiary E.SUN Bank continues to commission PricewaterhouseCoopers (PwC) to conduct auditing of the AML/CFT internal control system, and the assurance report is issued with opinion of fair presentation in material aspects. |
Institutional Risk Assessment(IRA) |
In 2022, E.SUN continues to improve its risk
assessment methodology by strengthening the analysis of quantitative
data and control effectiveness. In line with supervisory requirements and business development, E.SUN incorporates
risk factors such as high net-worth clients, payment platform operators, and refines assessments on control effectiveness. The methodology enables a holistic understanding to the money laundering and terrorist financing risk faced by E.SUN.
The results are reported to the board of directors and filed with the supervisory authorities. Additionally, the "Risk Appetite Declaration for Money Laundering and Financing of Terrorism" clarifies the acceptable minimum control measures and maximum residual risk levels for the institution's AML/CTF
risk assessment, further enhancing the overall risk assessment framework. |
Various control mechanism effectiveness verification |
Transaction Monitoring |
To ensure the appropriateness of the transaction monitoring system, the dedicated unit assesses the consistency, accuracy, and rationality of transaction monitoring data under the guidance of external consultant's methodology. Through analyzing the statistical distribution of customer transaction data, the
reasonableness of threshold settings is examined to evaluate whether the transaction detection logic is effective and meets the needs of E.SUN. |
Watch List Filtering |
E.SUN continues to engage with independent
third-party, the Society for Worldwide Interbank Financial
Telecommunication (SWIFT), to verify the effectiveness of its
watch list filtering system. The major testing aspects include previse matching and fuzzy matching, with a view to evaluate the system performance in customer and transaction scanning, ensuring that the requirements on system effectiveness are met. |