Risk Management

■ An inherent risk management culture

The vision of risk management is to protect assets, enhance customer service quality and improve shareholders' values, while hoping to control the possible risks generated in various business operations within a tolerable range, and to achieve a reasonable balance between risks and returns while securing adequate capital to back up business development. To effectively identify, assess, monitor and control all types of risk, E.SUN has always followed the philosophy of "no services or operations can be considered beyond risk" while considering the balance between risk management and performance assessment. The aspect of risk management has been included in performance appraisal to uphold the highest guiding principles of risk management: safety and liquidity first, profitability second, growth next, and always pay attention to the public interest.

■ Risk management organization and management mechanisms

E.SUN FHC Board of Directors is the highest governing body in risk management mechanism. The Board of Directors approves overall risk management policies and important decisions based on the overall business strategies and environment and takes ultimate responsibility for overall risk management. To strengthen risk governance communication, coordination, reporting, and recommendation within the Board of Directors, the Company has established a board level Risk Management Committee responsible for reviewing business risk management policies, ensuring compliance with international risk management regulations, promoting and creating risk management systems, and reinforcing the functions and duties of the Risk Management Committee over time. For example, recently climate change risk factor has been incorporated in the risk appetite mechanism, and stress tests have been performed to evaluate the impact on the Company's overall risk level to decide the quotas for the Company's various business operations. We also have the Risk Management Committee under the management level and convenes quarterly and when necessary, subject to the needs for strategic development or environmental changes. The RMC reviews the appropriateness of risk mitigation measures proposed by risk management units at every level. The Committee is responsible for matters pertaining to credit risk, market risk, operational risk, and asset & liability risks. Reports of overall risk management implementation status are made to the Board of Directors periodically.