Anti-money Laundering and Combating the Financing of Terrorism

■ AML/CFT Management Program and Enhancement

E.SUN continually realizes internal and external regulations and treats AML/ CFT compliance tasks as its long-term mission; continues to promote matters for strengthening AML/CFT; benchmarks with international AML laws and regulations; review regularly on AML policies and procedures of domestic and overseas affiliates;refines due diligence customer review and control measures, and constantly develops global AML monitoring systems, all for the benefit of better AML/CFT in the overall financial environment. In terms of international regulatory trends, guidelines issued by organizations such as the Financial Action Task Force on Money Laundering (FATF) are closely followed, as well as international trends in money laundering, emerging technologies and frauds, covering environmental crime, medical crime, terrorism financing, arms proliferation, tradebased money laundering, digitalization, and virtual currency, etc. E.SUN FHC complies with the regulations of competent authorities, and strengthens various AML/CFT mechanisms of its subsidiaries in line with FATF's "Forty Recommendations". The implemented AML/ CFT management mechanisms can be divided into six dimensions, including policies and procedures, customer due diligence, watch list filtering, suspicious transaction reporting, technology application, and annual independent assessment, with specific actions and achievements illustrated as follows:


Policies and Procedures

E.SUN FHC and its subsidiaries have established AML/CFT policies and procedures with regard to aspects such as due diligence, name screenings (watch list filtering), transaction monitoring, employee management, and record keeping. In 2022, E.SUN conducted regular review on relevant policies and procedures. The company has formulated "Guidelines on Group-wide Information Sharing" to set up procedures of group-wide customer due diligence information sharing, and include the overall implementation as a part of the annual performance report to the board of directors. Additionally, based on the "Risk Appetite Declaration for Money Laundering and Financing of Terrorism", the risk appetite standards of institutional risk assessment are precisely defined.


In 2022, subsidiary E.SUN Bank amended the "Anti-Money Laundering and Combating the Financing of Terrorism Policy", adjusting the customer acceptance principles for virtual currency companies; the "Anti-Money Laundering and Combating the Financing of Terrorism Precautions" was revised in line with the changes in external regulations, such as the integration of electronic payment and electronic ticket business, and the inclusion of combating proliferation financing in insurance agent business. The "Procedure for Selection, Update and Validation of the Black List Database" was also amended with adjusted procedure of external name list updating, and addition of verification record keeping for name lists shared group-widely.


In line with the changes in futures commissions merchant AML/CFT typologies by regulatory authorities, subsidiary E.SUN Securities amended relevant policies and procedures for concurrent futures commission merchants in 2022, including "Anti-Money Laundering and Combating the Financing of Terrorism Precautions", "Anti-Money Laundering Risk Assessment Plan", and "Typologies of Suspicious Money Laundering, Terrorism Financing, and Proliferation Financing Transactions". Additionally, under the guidance of the risk appetite of E.SUN FHC, E.SUN Securities revised its "Anti-Money Laundering and Combating the Financing of Terrorism Policy", clarifying its standards of risk appetite of institutional risk assessment and periodic review on their appropriateness.


Customer Due Diligence

Senior Management Approval and Sign Off

When assessing customer risk, various factors such as background, industry, socioeconomic activity characteristics, region, organization type, and structure of nonnatural person customers must be considered. This includes whether the customers are from high-risk money laundering and terrorism financing countries or industries prone to money laundering and terrorism financing. For customers identified as high-risk or possessing specific high-risk factors, enhanced due diligence will be executed, including verification on the source of funds and wealth. The aforementioned customer transactions can only be undertaken with the approval of senior management. Moreover, transactions involving extremely high-risk jurisdictions such as Iran and DPRK are prohibited, nor are onboarding customers whose business involves virtual currencies acceptable.


Non-Face-to-Face Due Diligence

For due diligence measures of customers from "non-face-to-face" channels, E.SUN has both applied confirmation procedures equivalent to those for face-to-face customers, and adopted adequate measures to mitigate risk. E.SUN Bank and E.SUN Securities provide specific, clear instructions for applying for digital bank accounts and online securities accounts on their official websites, including the required documents, application qualifications, approval progress, and supplementary document inquiries. Furthermore, both subsidiaries continually encourage customers to use online banking, mobile banking, or the "Personal Basic Information Update Platform (eKYC)" for online data updates to assist customers in completing account reviews.

Watch List Filtering

Combating the Financing of Terrorism and Countering Proliferation Financing

For establishing business relationship or providing new services, E.SUN conducts real-time checks on customer names and those of their associates, as well as daily batch scanning and name list updates. When conducting specific transactions, the related parties, such as remitters and beneficiaries, are also checked. The lists adopted by E.SUN include, but are not limited to, the Taiwan Ministry of Justice (MOJ) Sanctions List, the United Nations Security Council (UNSC) Comprehensive Sanctions List, the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) Specially Designated Nationals List (SDN-List), and lists published by the local regulatory authorities of overseas branches.


PEP / RCA

To verify whether customers and the corresponding ultimate beneficial owner belong to PEP/RCA, identifications are conducted via IT systems with name list databases during specific events, including the establishment of business relationships, the addition of new relationships, regular reviews, and trigger event reviews. If confirmed as PEP/RCA, enhanced due diligence and strengthened transaction monitoring will be conducted. Verification on source of funds and wealth along with senior management approval are also required before proceeding. Moreover, high-risk PEP/RCA customers must undergo annual reviews, and related transactions will be subject to enhanced monitoring.


Suspicious Transaction Reporting

In terms of suspicious transaction monitoring, E.SUN refers to typologies published by regulatory authorities, and conducts transaction monitoring for all transactions through system assistance and manual processes, covering customers, employees, and financial institutions involved with E.SUN. Alerts generated by the system are investigated by dedicated personnel to verify the reasonableness of customer occupation/industry, source of funds, purposes of transactions, and whether transaction activities are consistent with past patterns, while also retaining investigation records. Suspicious transactions discovered by branch staffs and relevant information are reported to dedicated units via internal reporting mechanism, and further investigations will be conducted by dedicated personnel.


If deemed suspicious, the transactions will be reported to the Financial Intelligence Center (FIU). The entire reporting processes are conducted through a dedicated computer with all portable devices blocked. All personnel in dedicated units are obliged to confidentiality agreements with a view to ensure reporting information cannot be leaked to unrelated third parties. In 2022, various system optimization and improvement projects had been completed to strengthen the monitoring mechanisms, including enhancing integrity in data display, monitoring logic and parameter thresholds, adding and adjusting management reports, etc.


Technology Application

In order to enhance operational efficiency and reduce the risk of manual error, E.SUN has self-developed Robotic Process Automation (RPA) programs to handle highly repetitive, routine tasks through automation or semi-automation. Machine learning models and platforms are also applied in practical scenarios, including adverse media collection, watch list filtering, and abnormal transaction detection, combined with business logic or manual operations to improve case review efficiency. Moreover, E.SUN has exploited the technology of Artificial Intelligence (AI) by integrating self-built model into the transaction monitoring system. Launched at the end of 2022, the AI model enables risk-scoring on alerts by analyzing risk factors, further assisting dedicated personnel in focusing on investigation of alerts with higher predicted risk.


Record Keeping

E.SUN maintains records and files related to the implementation of AML/CFT, as well as records and vouchers of customer transactions, for at least five years after the end of customer business relationships or temporary transactions. This is done to facilitate future inspections and inquiries, and to provide evidence of efforts in AML/CFT.


Annual Independent Assessment

Item Description
Overall Assessment Internal Control System Statement and Independent Assurance Report Each subsidiary issues a statement on the internal control system for AML/CFT, jointly signed by the chairman, general manager, chief auditor, and the dedicated AML/CTF supervisor. The statement is filed on the website of supervisory authorities and on the company's official website. In 2022, subsidiary E.SUN Bank continues to commission PricewaterhouseCoopers (PwC) to conduct auditing of the AML/CFT internal control system, and the assurance report is issued with opinion of fair presentation in material aspects.
Institutional Risk Assessment(IRA) In 2022, E.SUN continues to improve its risk assessment methodology by strengthening the analysis of quantitative data and control effectiveness. In line with supervisory requirements and business development, E.SUN incorporates risk factors such as high net-worth clients, payment platform operators, and refines assessments on control effectiveness. The methodology enables a holistic understanding to the money laundering and terrorist financing risk faced by E.SUN. The results are reported to the board of directors and filed with the supervisory authorities. Additionally, the "Risk Appetite Declaration for Money Laundering and Financing of Terrorism" clarifies the acceptable minimum control measures and maximum residual risk levels for the institution's AML/CTF risk assessment, further enhancing the overall risk assessment framework.
Various control mechanism effectiveness verification Transaction Monitoring To ensure the appropriateness of the transaction monitoring system, the dedicated unit assesses the consistency, accuracy, and rationality of transaction monitoring data under the guidance of external consultant's methodology. Through analyzing the statistical distribution of customer transaction data, the reasonableness of threshold settings is examined to evaluate whether the transaction detection logic is effective and meets the needs of E.SUN.
Watch List Filtering E.SUN continues to engage with independent third-party, the Society for Worldwide Interbank Financial Telecommunication (SWIFT), to verify the effectiveness of its watch list filtering system. The major testing aspects include previse matching and fuzzy matching, with a view to evaluate the system performance in customer and transaction scanning, ensuring that the requirements on system effectiveness are met.