Anti-money Laundering and Combating the Financing of Terrorism

AML/CFT management program and enhancement

E.SUN continually realizes internal and external regulations and treats AML/CFT compliance tasks as its long-term mission; continues to promote matters for strengthening AML/CFT; benchmarks against international AML laws and regulations; amends domestic and overseas AML policies and procedures; refines due diligence customer review and control measures, and constantly develops global AML monitoring systems, all for the benefit of AML/CFT in the overall financial environment. For the trend of international AML governance, the Company continually pays attention to the guidance announced by organizations such as the Financial Action Task Force on Money Laundering (FATF) and to the international money laundering and fraud trends, such as: environmental crimes, medical crimes, terrorism financing, expansion of arms, digitization, TBML, etc. E.SUN FHC adheres to competent authorities' rules and strengthens the AML/CFT mechanisms of each of its subsidiaries according to the policies and procedures of FATF Forty Recommendations. There are 6 dimensions under E.SUN FHC's AML/CFT management mechanisms: Policy and procedure, customer due diligence(CDD), watch list filtering, suspicious transaction reporting(STR), record keeping (at least 5 years), and annual independent assessment. Specific actions taken are described below:

Policies and Procedures

E.SUN FHC and its subsidiaries have established the AML/CFT policies and procedures with regard to aspects such as due diligence, name checks, transaction monitoring, and employee management. In 2021, E.SUN FHC amended “Guidelines on information sharing”, updating procedures for sharing customer due diligence information, and reported the overall implementation of information sharing to the board of directors.

In 2021, the subsidiary E.SUN Bank amended “Policy of Money Laundering and Counter Terrorism Risk Appetite”, setting the appetite standard for money laundering and terrorism financing institutional risk assessment. In addition, E.SUN Bank formulated "Guidelines on information sharing" to standardize the relevant operating procedures such as information sharing requests, provisions, and exchanges. The revised "Anti-Money laundering and countering terrorism financing guidelines on adverse media” in 2021 expands the scope of negative news by determining whether the customer is involved in crimes with a moderate (inclusive) threat level or above in the “Money Laundering and Terrorism Financing Threat Rating Scale" of national money laundering and terrorism financing risk assessment report.

The subsidiary E.SUN Securities regularly reviews the “Policy of risk appetite” ensuring the risk appetite index's appropriateness, and also amended the “E.SUN Securities' Notes on Anti-Money Laundering and Counter Terrorism Financing” and the “E.SUN Securities Concurrent Futures Commission Merchants' Notes on Anti-Money Laundering and Counter Terrorism Financing”. The “E.SUN Securities Control Mechanisms of AML/CFT” was revised to effectively conduct customer identity verification measures, transaction monitoring and ongoing review mechanisms using the risk-based approach and to verify the equity shareholding structure and beneficial owners of legal persons, groups or trust customers. The internal three lines of defense structure is used to ensure the effectiveness of the AML/CFT plan.

Customer Due Diligence (CDD)

Senior management approval and sign off

When assessing the customer's risk, the customer's occupation, job title, and industry characteristics should be considered. If the industry category is assessed by E.SUN as prone to be used to assist money laundering or terrorism financing, its strengthens EDD measures when establishing or adding new business relationships, and confirms the source of funds and wealth of customers, etc. The aforementioned customer transactions can only be undertaken following senior management approval. If there exists relationship establishment relating to extremely risk of money laundering and terrorism financing, such as Iran and DPRK etc., E.SUN would reject the business relationship and transactions. Moreover, E.SUN does not accept corporate customer whose main business items is related to virtual currency.

Non-face-to-face customer due diligence (CDD)

E.SUN's due diligence work for “non-face-to-face” customers, in principle, encompasses customer identification procedures that have the same effect as “face-to-face” due diligence, and special and sufficient measures have been formulated for “non-face-to-face” due diligence to reduce risks. For the digital accounts of the subsidiary E.SUN Bank and the online securities account opening/additional opening of futures, credit, lending, and re-entrustment accounts of the subsidiary E.SUN Bank, the feature is that the account is opened online, and is not limited by time and geography. It also specifically and clearly announces the relevant application procedures on the official website, including the information to be prepared, application qualifications, approval progress / additional document search, etc. In addition, in terms of customer periodical reviews, the subsidiary E.SUN Bank has set up an e-KYC customer identity update platform, and continues to encourage to use online banking/mobile banking to update online information on the official website.

Watch list filtering

Countering financing of terrorism and combating proliferation financing

When a customer establishes a business relationship with E.SUN or E.SUN provides new services to customers, the name of the customer and their associates are checked immediately, and the checking list is updated daily and batch scanning operations are performed. When doing a specific transaction, the name filtering is also performed on the relevant parties of the transaction (such as the payee of the outgoing remittance transaction or the remitter of the inward remittance transaction, etc.). The list selected by E.SUN for filtering includes but is not limited to the Taiwan Ministry of Justice (MOJ) sanctions List, the United Nations Security Council (UNSC) comprehensive sanction list, the U.S. Treasury Department's Office of Foreign Assets Control (OFAC) designated sanctions list (SDN-List), and the list issued by the competent authorities of the country/region where E.SUN's overseas branches are located, etc. Moreover, E.SUN has also established a group information sharing mechanism. Subsidiaries and branches provide a list of high-risk and rejected accounts that can be shared and included in the group's self-built list for screening to help the group as a whole effectively identify, evaluate, and manage customers' ML/FT risk. At the same time, responsible unit pays attention to sanctions-related information published by FATF, the United Nations, and competent authorities of various countries, and national transparency and corruption-related indicators, etc., and regularly update the country risk list to control relevant regional risks.

When establishing and adding new business relationships or conducting periodical review and triggering event review, to screen whether customers and their beneficial owners and senior managers are PEPs/RCAs, E.SUN uses the information system to assist in the verification of identities against watch lists in the database. If the aforementioned person is confirmed to be PEPs/RCAs, E.SUN will conduct EDD and strengthen transaction monitoring to confirm the source of funds and wealth of customers, etc., and the approval of senior management is required before business relationships are established. The periodical review for high risk PEPs/RCAs customer would be conducted every year, and their transactions would be more strictly monitored.

Suspicious Transaction Report

Refer to the scenarios published by the government and with the assistant of the system and dedicated personnel's monitoring, the scope of monitoring includes customers, employees, and financial institutions that deal with E.SUN. When conducting transactions or establishing a business relationship with the aforementioned parties, dedicated personnel reviews their potential involvement in money laundering or terrorism financing. E.SUN also conducts an enhanced analysis and information collection on potential high risk customers based on the philosophy of prioritizing risks. The review process includes determining whether occupation, industry, source of fund, purpose of transaction and transaction activities are consistent with past activities. The record of investigation process should be kept.

After the investigation, the dedicated personnel submit suspicious transactions reports to the Investigation Bureau of the Ministry of Justice with information on customers or transactions suspicious of money laundering or terrorism financing. All suspicious transaction reports are filed on a designated computer, where the use of portable devices is prohibited. Every staff in the AML department is required to sign a confidentiality agreement to ensure that filed information cannot be transferred to an unrelated third party to prevent information leakage. Regarding the monitoring of transactions suspicious of money laundering, in 2021, the functional modules of the system were optimized, including the addition of monitoring of suspicious money laundering typologies to expand the monitored targets and business scopes, the adjustments on monitoring logic and parameter threshold, transaction analysis function and managerial reports to enhance the monitoring effect.

Technology Application

Through the self-developed Robotic Process Automation (RPA) program, the highly repetitive routine operations can be processed in an automated or semi-automated way to improve the operation efficiency or reduce the risk of human error. Also, E.SUN developed the machine learning model and platform, the application includes adverse media collection, watch list filtering, and abnormal transaction detection, etc., combined with business logic or manual operations, to improve the efficiency of case review.

Annual independent assessments

Item Description
Comprehensive evaluation Internal control
statement and
independent assurance report
The chairmen, president, chief auditor and dedicated AML/CFT responsible officer of the respective local subsidiaries shall jointly issue a statement on internal control for AML/CFT, which will be filled via a website designated by the competent financial authority of the Company's host country, the FSC.E.SUN Bank commissioned PricewaterhouseCoopers (PwC) to conduct auditing of AML/CFT-related internal control in 2021 to enhance the preciseness and efficiency.
Institutional Risk
Assessment, IRA
For this year's IRA, E.SUN selected a suitable consulting company to carry out a risk assessment methodology improvement project, strengthened the introduction of quantitative data and the assessment of anti-bribery and corruption (ABC), and the management and control of weapons proliferation. E.SUN reported to the Board of Directors upon completing the institutional risk evaluation report and submitted the report to competent authorities. Furthermore, the "The Risk Appetite Declaration for Money Laundering and Financing of Terrorism" specifies the organization's appetite for money laundering and terrorist financing risk assessment standards, which includes the minimum level of control measures that should be achieved and the maximum level of residual risk that can be tolerated, so as to improve the overall risk assessment framework.
Effectiveness verification of the systems Transaction monitoring To ensure the appropriateness of the transaction monitoring system, E.SUN selected a suitable advisory company to evaluate the consistency, correctness and reasonableness of transaction monitoring data. By analyzing the statistical distribution of customer transaction data, the bank reviewed the reasonableness of threshold settings to evaluate whether the transaction detection logic is effective in detection and meets the needs of E.SUN.
Watch list Filtering Every year, E.SUN engages an independent third party, the world-leading Society Worldwide Interbank Financial Telecommunication, to assist of the implementation of sanctions list screening system testing services. Through two major testing aspects: precise comparison and fuzzy comparison, use of watch list filtering system in customer filtering and transaction filtering is observed to determine its performance and confirm that the effectiveness of watch list filtering meets requirements.
risk rating
In 2021, the E.SUN conducted verification of the system correctness and model suitability of the customer risk rating model by an independent third-party consultant, to ensure that the current risk rating model setting conforms to the requirements of the regulations, and to effectively detect the potential high risk customers by the risk-based method. The final verification result is that there is no difference, and there are no major deficiencies found. In the future, we will refer to the consultant's advice, re-examine the customer risk factor items and continue to optimize the customer risk rating system model.

Reinforcement through Training

To reinforce AML/CFT training and to increase staff awareness of AML, appropriate contents and hours of training on AML/CFT are arranged annually by categories based on the roles of employees, which include new employees, AML officers at the accountable unit, AML supervisory officers of each unit, Board of Directors, senior management, legal and compliance personnel, internal auditors, and the front-line staff. During 2021, a series of video conference training has been rolled out by the AML Department, for domestic and overseas units to attend. During the more difficult stages of the COVID-19 pandemic, pre-recorded online courses were provided instead to avoid morning gatherings in cooperation with the pandemic control measures. The courses focus on topics with high connection to business unit practices, including international AML trend or practical cases. In addition, E.SUN invited professional supervisors or senior managers from the same field with practical experiences to provide training in order for employees to understand the AML and CFT responsibilities and to acquire the relevant expertise. In addition, E.SUN Bank has joined the enterprise membership of ACAMS. Benefits include online training as well as access to a forward-looking global news database on AML/CFT, thereby providing additional overseas and domestic training materials, enhancing the depth and breadth of employees' expertise, and shaping the AML/CFT awareness and culture among our units. Furthermore, E.SUN continues to promote obtaining AML certification, and certified global sanctions specialist (CGSS) has been added to the special certification that can apply for allowance in 2021. By the end of 2021, 98.5% of the AML/CFT supervisory officers of the subsidiary E.SUN Bank has been AML certified, which is a 32.5% increase as compared to the end of 2019.

AML/CFT training

Training 2021
Number of employees Class hours
Annual online training and exam 8,524 17,048
Groupwide compliance training (AML/CFT relevant topics) 8,964 4,482

Groupwide AML/CFT certification in 2019-2021

Certification 2019 2020 2021
Domestic professional AML/CFT certification 217 548 1,201
Certified Anti-Money Laundering Specialist(CAMS) 322 336 337
Certified Global Sanction Specialist (CGSS) - - 5

Disclosure of information related to AML

Subsidiary E.SUN Bank has set up an AML section on its official website to disclose related information and the AML Questionnaire (Wolfsberg AML Questionnaire) signed by the dedicated supervisor to enhance information transparency.