To integrate and promote the establishment and operation of overall risk management mechanism, E.SUN has set up its risk management department, which is responsible for formulating risk management policies and procedures, supervising the implementation of each subsidiary, and regularly reporting to the board of directors, audit committee, and risk management committee.
The AML/CFT management mechanism and structure of E.SUN's subsidiaries are as follows:
E.SUN continually realizes internal and external regulations and treats AML/CFT compliance tasks as its long-term mission; continues to promote matters for strengthening AML/CFT; benchmarks with international AML laws and regulations; review regularly on AML policies and procedures of domestic and overseas affiliates; refines due diligence customer review and control measures, and constantly develops global AML monitoring systems, all for the benefit of better AML/CFT in the overall financial environment. In terms of international regulatory trends, guidelines issued by organizations such as the Financial Action Task Force on Money Laundering (FATF) are closely followed, as well as international trends in money laundering, emerging technologies and frauds, covering environmental crime,medical crime, terrorism financing, arms proliferation, trade-based money laundering, digitalization, virtual assets, and dummy accounts, etc. E.SUN FHC complies with the regulations of competent authorities, and strengthens various AML/CFT mechanisms of its subsidiaries in line with FATF's "Forty Recommendations". The implemented AML/CFT management mechanisms can be divided into six dimensions, including policies and procedures, customer due diligence, watch list filtering, suspicious transaction reporting, technology application, and annual independent assessment, with specific actions and achievements illustrated as follows.
E.SUN FHC and its subsidiaries have established AML/CFT policies and procedures with regard to aspects such as due diligence, name screenings (watch list filtering), transaction monitoring, employee management, and record keeping. The key achievements in 2024 as follows: |
|
E.SUN FHC |
|
E.SUN Bank |
|
E.SN Securities |
|
E.SUN's due diligence procedures are as follows:
E.SUN continuously develops its IT systems, optimizes operational processes, and integrates customer information to improve CDD/EDD operations. Subsidiary E.SUN Bank has launched its self-developed CDD/EDD system, "Customer Due Diligence Platform (CAML)". CAML provides one-stop service for various CDD scenarios, covering onboarding stage, ongoing stage and trigger events, with a view to increase the mastery of customers' identification. The platform allows employees to access up-to-date customer information as well as retained documents, and provides online submission services for natural person customers during CDD. Subsidiary E.SUN Securities has also launched its self-developed "Account Review Platform" to complete account review operations and access up-to-date customer information and retained documents.
When assessing customer risk, various factors such as background, industry, socioeconomic activity characteristics, region, organization type, and structure of non-natural person customers must be considered. For customers identified as high risk or possessing specific high-risk factors, enhanced due diligence will be executed, including verification on the source of funds and wealth. The aforementioned customer transactions can only be undertaken with the approval of senior management. Moreover, transactions involving extremely high-risk jurisdictions such as Iran and DPRK are prohibited.
For due diligence measures of customers from "non-face-to-face" channels, E.SUN has applied confirmation procedures equivalent to those for face-to-face customers and adopted adequate measures to mitigate risk. E.SUN Bank and E.SUN Securities provide specific, clear instructions for applying for digital bank accounts and online securities accounts on their official websites, including the required documents, application qualifications, and inquiry instructions on approval progress and supplementary document. Furthermore, both subsidiaries continually encourage customers to use online banking, mobile banking, or the "Personal Basic Information Update Platform (eKYC)" for online data updates to assist customers in completing account reviews.
E.SUN improves its watch list filtering operations through the continuous development of IT systems. E.SUN Bank has launched its self-developed "Name Screening System (SAML)". SAML enhances the update frequency of important sanction lists by directly connecting to relevant official websites and prevents duplicate case reviews. The parameter setting and adopted watch lists are also continuously checked to ensure accuracy and efficiency. E.SUN Securities strengthens its efficiency and effectiveness of watch list filtering by utilizing the AML/CFT query system established by the Taiwan Depository & Clearing Corporation with the aid of Dow Jones Risk & Compliance database.
For establishing business relationship or providing new services, E.SUN conducts real-time checks on customer names and those of their associates, as well as daily batch screening and name list updates. When conducting specific transactions, the related parties, such as remitters and beneficiaries, are also checked. The lists adopted by E.SUN include, but are not limited to, the Taiwan Ministry of Justice (MOJ) Sanctions List, the United Nations Security Council (UNSC) Comprehensive Sanctions List, the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) Specially Designated Nationals List (SDN-List), and lists published by the local regulatory authorities of overseas branches. In response to the recent international sanctions against Russia, subsidiary E.SUN Bank has announced relevant information on the official website, reminding customers to be cautious of whether their counter parties and goods are involved with sanctions regimes in order to ensure the transactions are clear of sanctions.
To verify whether customers and the corresponding ultimate beneficial owner belong to PEP/RCA, identifications are conducted via IT systems with name list databases during specific events, including the establishment of business relationships, the addition of new relationships, regular reviews, and trigger event reviews. If confirmed as PEP/RCA, enhanced due diligence and strengthened transaction monitoring will be conducted. Verification on source of funds and wealth along with senior management approval are also required before proceeding. Moreover, high-risk PEP/RCA customers must undergo annual reviews, and related transactions will be subject to enhanced monitoring.
In terms of suspicious transaction monitoring, E.SUN refers to typologies published by regulatory authorities, and conducts transaction monitoring for all transactions through system assistance and manual processes, covering customers, employees, and financial institutions involved with E.SUN. Alerts generated by the system are investigated by dedicated personnel to verify the reasonableness of customer occupation/industry, source of funds, purposes of transactions, and whether transaction activities are consistent with past patterns, while also retaining investigation records. Suspicious transactions discovered by branch staffs and relevant information are reported to dedicated units via internal reporting mechanism, and further investigations will be conducted by dedicated personnel.If deemed suspicious, the transactions will be reported to the Financial Intelligence Center (FIU). The entire reporting processes are conducted through a dedicated computer with all portable devices blocked. All personnel in dedicated units are obliged to confidentiality agreements with a view to ensure reporting information cannot be leaked to unrelated third parties. In 2024, subsidiary E.SUN Bank has kicked-off the rebuild project on its transaction monitoring system with completion expected in 2025, in order to enhance its transaction monitoring and reporting mechanisms.
In order to enhance operational efficiency and reduce the risk of manual error, E.SUN has self-developed Robotic Process Automation (RPA) programs to handle highly repetitive, routine tasks through automation or semi-automation. Machine learning models and platforms are also applied in practical scenarios, including adverse media collection, watch list filtering, and abnormal transaction detection, combined with business logic or manual operations to improve case review efficiency. Moreover, subsidiary E.SUN Bank as self-developed its visualization module for transaction monitoring, enabling interactive cash flow visualization to assist in the identification of abnormal transactions.
E.SUN maintains records and files related to the implementation of AML/CFT, as well as records and vouchers of customer transactions, for at least five years after the end of customer business relationships or temporary transactions. This is done to facilitate future inspections and inquiries, and to provide evidence of efforts in AML/CFT.
Item |
Description |
|
Overall Assessment |
Internal Control System Statement and Independent Assurance Report |
Each subsidiary issues a statement on the internal control system for AML/CFT, jointly signed by the chairman, general manager, chief auditor, and the dedicated AML/CTF supervisor. The statement is filed on the website of supervisory authorities and on the company's official website. In 2024, subsidiary E.SUN Bank continues to commission PricewaterhouseCoopers (PwC) to conduct auditing of the AML/CFT internal control system, and the assurance report is issued with opinion of fair presentation in material aspects. |
Institutional Risk Assessment (IRA) |
In 2024, E.SUN continues to improve its risk assessment methodology by strengthening the analysis of quantitative data and control effectiveness. In response to recent trend of crimes and financial regulatory requirements, new control points are added for the evaluation of control effectiveness. The methodology enables a holistic understanding to the money laundering and terrorist financing risk faced by E.SUN. The results are reported to the board of directors and filed with the supervisory authorities. Additionally, the "Risk Appetite Declaration for Money Laundering and Financing of Terrorism" clarifies the acceptable minimum control measures and maximum residual risk levels for the institution's AML/CTF risk assessment, further enhancing the overall risk assessment framework. |
|
Various control mechanism effectiveness verification |
Transaction Monitoring |
To ensure the appropriateness of the transaction monitoring system, the dedicated unit assesses the consistency, accuracy, and rationality of transaction monitoring data under the guidance of external consultant's methodology. Through analyzing the statistical distribution of customer transaction data, the reasonableness of threshold settings is examined to evaluate whether the transaction detection logic is effective and meets the needs of E.SUN. |
Watch List Filtering |
E.SUN continues to engage with independent third-party, the Society for Worldwide Interbank Financial Telecommunication (SWIFT), to verify the effectiveness of its watch list filtering system. The major testing aspects include previse matching and fuzzy matching, with a view to evaluate the system performance in customer and transaction scanning, ensuring that the requirements on system effectiveness are met. |
E.SUN FHC discloses its AML/CFT policies, risk appetite, and AML questionnaires (Wolfsberg CBDDQ Questionnaire) on its official website, while subsidiary E.SUN Bank and E.SUN Securities also disclose internal control statements for AML/CFT on their official websites to enhance transparency.