Risk Management

■ An inherent risk management culture

The vision of risk management is to protect assets, enhance customer service quality and improve shareholders' values, while hoping to control the possible risks generated in various business operations within a tolerable range, and to achieve a reasonable balance between risks and returns while securing adequate capital to back up business development. To effectively identify, assess, monitor and control all types of risk, E.SUN has always followed the philosophy of "no services or operations can be considered beyond risk" while considering the balance between risk management and performance assessment. The aspect of risk management has been included in performance appraisal to uphold the highest guiding principles of risk management: safety and liquidity first, profitability second, growth next, and always pay attention to the public interest.

■ Risk management organization and management mechanisms

E.SUN FHC Board of Directors is the highest governing body in risk management mechanism. The Board of Directors approves overall risk management policies and important decisions based on the overall business strategies and environment and takes ultimate responsibility for overall risk management. To strengthen risk governance communication, coordination, reporting, and recommendation within the Board of Directors, the Company has established a board level Risk Management Committee responsible for reviewing business risk management policies, ensuring compliance with international risk management regulations, promoting and creating risk management systems, and reinforcing the functions and duties of the Risk Management Committee over time. For example, recently climate change risk factor has been incorporated in the risk appetite mechanism, and stress tests have been performed to evaluate the impact on the Company's overall risk level to decide the quotas for the Company's various business operations. We also have the Risk Management Committee under the management level and convenes quarterly and when necessary, subject to the needs for strategic development or environmental changes. The RMC reviews the appropriateness of risk mitigation measures proposed by risk management units at every level. The Committee is responsible for matters pertaining to credit risk, market risk, operational risk, and asset & liability risks. Reports of overall risk management implementation status are made to the Board of Directors periodically.

■ Established the risk management awareness

To raise risk awareness and to systematically extend the risk horizon, E.SUN ensures that every E.SUN employee starts learning about E.SUN's core philosophy regarding risk, discipline and process since the first day on the job. E.SUN employees in different departments and at different stages of their careers are also provided with appropriate education and training on risk management.

I. Orientation for new recruits

Every new recruit will complete basic risk management courses during orientation in order to understand the risk management culture at E.SUN, self-discipline and self-management principles.

II. Professional training

E.SUN implements business-related risk management in all professional training programs, and continuously discusses and focuses on the important and common risk issues among all product lines. This approach ensures that risk management becomes an inherent key factor in all business processes.

III. Developing middle management

E.SUN employees gain a better understanding of E.SUN's organization and products once they are familiar with product lines and business aspects. They will thus understand the importance of balancing risk and opportunities of product lines, Furthermore, the mid-level manager training program is aimed to help employees better understand risk management of their own business activities and understand the responsibilities of mid-level managers.

IV. Continuing training for managers

These courses are designed to help managers respond to external challenges and risks to lead reformations and formulate strategies that prioritize cross-departmental integration within the group. The risk management culture was ingrained on the basis of corporate governance, making risk awareness an irreplaceable foundation stone. In addition, product benefits and performance appraisal are included in risk management as a measuring factor. In addition to the understanding of the risk costs behind each product revenue, daily business operation risk control is also included in performance assessment in order to ingrain the risk culture and awareness.

In addition to courses attended in person, E.SUN is also leveraging digital technologies to organize online education, training or examination, especially during the Covid-19 pandemic last year. In 2021, a total of 3,661 participants completed relevant risk management courses through e-learning. The pass rate was 97%–100%. The Risk Management Division sends and receives notifications every season to communicate the latest risk management rules, trends or practices. All product lines create promotional materials on an ad hoc basis to facilitate internal education and training for business units. Moreover, the balance between performance and risk management has been taken into consideration during the development of appraisal rules. The performance appraisal of E.SUN employees consists of three main categories. In particular, the category of “E.SUN Value/Management Practice” assesses the risk management of daily operations, and employees’ concept and awareness of risk management and the three lines of defense. Risk management is also included as necessary criteria in the performance appraisal of senior managers. Our reward structure encourages managers and outstanding key talent to improve their risk management, and by doing so deepens the risk culture and awareness.

■ 2021 risk management performance

(1) Risk assessment for (new) product and service

Before launching innovative products or services, the development team must list all potential risks, such as market risk, liquidity risk, credit risk, operational risk and emerging risk, to further devise or use existing relevant control mechanisms. The Risk Management Division and the Compliance Division will jointly review the new products and services to ensure that they have complied with internal and external laws and regulations and the risks are controllable before providing them to customers. In the cases of product or service adjustment or refinement where compliance, internal control or risk management is likely to be affected, risk assessment must also be conducted. In 2021, 210 domestic and oversea business risk evaluations were completed.

(2) Active reporting mechanism and exchange channels

To handle risk management in real time and maximize time efficiency, E.SUN has established various reporting mechanisms and feedback exchange channels to encourage employees to actively report risk events or potential risks found in daily business operations to unit supervisors. Insights and suggestions for risk management can also be proposed through work journals. Statistics show that in 2020, a total of 1,212 journal contents related to risk management or internal control were proposed, 42 of which were specific suggestions. Every unit conducts quarterly self-assessment of risk management and internal control. Over 3,000 self-assessment results from all product lines were analyzed to compile the most important and common risk statuses and cases in 2020, which were reported during the annual banking business conference. At year end, a comprehensive questionnaire survey is conducted to collect feedback of all supervisors and employees. In 2020, a total of 5,631 questionnaires were collected, more than 148 of which were related to risk management. The implementation measures were then fine tune in accordance with questionnaire results. Responses were provided to supervisors and employees via teleconferencing, thus achieving the goal of mutual exchange.

(3) Implementing Basel's IRB Approach

In 2021, the Company ushered in the internal ratings-based (IRB) approach proposed by the Basel Committee on Banking Supervision across the board. With 26 credit rating models (PD, LGD, EAD) refined and verified to ensure their compliance and insulation, credit ratings thus obtained were applied to lending authority and responsibility, rate setting, exposure/limit management, post-loan management, and performance review. To date a total of 40 internal regulatory amendments, have been completed in order to conform to the minimum IRB requirements. In terms of corporate governance, one report to the Board of Directors, three reports to the Risk Management Committee, and one special audit in 2021 all helped the Company move toward a better-rounded IRB management mechanism.

(4) Risk template for overseas branches and subsidiaries

Monthly risk template of overseas branches/subsidiaries, covering credit, market, operational and liquidity risks. Through the risk indicators in the monthly risk template, the risk orientation of overseas branches/subsidiaries can be grasped; at the same time, the interaction with the supervisors of overseas branches/subsidiaries can be strengthened to keep abreast of trends, effectively control operation risks, and implement hierarchical management of overseas branches and subsidiaries.

(5) Credit risk management mechanism

Calculate and provide the standard method risk asset value of the credit risk of each business units, and add the IRB method risk weight asset calculation result from 2021, so that each unit can grasp the risk distribution of the business under its control; and regularly implement risk appetite and concentration ratio Limit management enables the entire bank to take into account the degree of risk involved in achieving business objectives.

(6) Market risk management mechanism

To accommodate the shift away from LIBOR in 2022, the market risk management system was modified by adding the capacity for calculating compound alternative reference rates (ARR) and ISDA Fallback rates to facilitate the migration of LIBOR-linked products to ones tied to alternative rates (such as SOFR) without fail. While the latest adjustment also makes it possible to price new products linked to the said alternative rates, the pricing and risk calculation thus amended promises to help manage market risk with precision. Meanwhile, E.SUN also reexamined verification and management of its financial product pricing model. Improvement was made to the verification mechanism prior to applying the said model and to the routine inspection mechanism in the wake of applying it.

(7) Operational risk management mechanism

In order to effectively reflect the application of the new standard method for capital use and operational risk capital provision, the Criterion of E.SUN’s Operational Risk Allocation of Loss Reserves and Authorization Process and policy has revised. Clearly stipulated that the compensation for losses caused by the execution of various business processes shall be handled by the relevant regulations as previously mentioned.

(8) Asset liability risk management mechanism

Using the simulation function of the new asset and liability management system, through the interest rate pattern, cash flow pattern, target interest rate, currency, principal and other information of each transaction to estimate the entire asset and liability position of E.SUN, net interest income and Liquidity gap forecast and simulation results serve as a reference for the Company to formulate business strategy development and asset liability risk management.

(9) Indicators for Detecting Operating Risk

To accommodate organizational shifts, the Risk Management Division and Audit Division were joined by 34 departments of E.SUN Bank's head office to review risk monitoring indicators, which were then adjusted to a total of 539. Likewise, the number of indicators for monitoring operating risk was adjusted to 62. To secure a firmer grip of operating risk, these divisions analyze abnormal readings out of high-risk indicators and present their findings to senior managers and the Board of Directors on a quarterly basis.