■ An inherent risk management culture
The vision of risk management is to protect assets, enhance clients service
quality and improve shareholders' values, while hoping to control the
possible risks generated in various business operations within a tolerable
range, and to achieve a reasonable balance between risks and returns while
securing adequate capital to back up business development. To effectively
identify, assess, monitor and control all types of risk, E.SUN has always
followed the philosophy of "no services or operations can be considered
beyond risk" while considering the balance between risk management and
performance assessment. The aspect of risk management has been included in
performance appraisal to uphold the highest guiding principles of risk
management: safety and liquidity first, profitability second, growth next,
and always pay attention to the public interest.
■ Risk management organization and management mechanisms
E.SUN FHC Board of Directors is the highest governing body in risk
management mechanism. The Board of Directors approves overall risk
management policies and important decisions based on the overall business
strategies and environment and takes ultimate responsibility for overall
risk management.
To strengthen communication, coordination, reporting, and recommendations on
risk governance with the Board of Directors, the company has established the
Board Risk Management Committee. In 2023, it held five meetings (1/4, 3/24,
4/19, 9/20, 11/8) to execute risk management decisions of the Board of
Directors, review risk management policies and implementation, supervise the
establishment and operation of risk management mechanisms, and examine risk
management reports, risk appetite, and limits. The Risk Management
Department of the company implements the risk management policies,
procedures, and frameworks approved by the Board of Directors, and
establishes an independent and effective risk management mechanism to
evaluate and monitor the overall risk-bearing capacity of the company and
its subsidiaries, current risks absorbed, devise risk response strategies,
and track the implementation of risk management procedures. It regularly
reports the implementation of risk management to the Board of Directors and
the Board Risk Management Committee to ensure the effective operation of the
risk management mechanism. And CRO serves as the top-ranking executive
responsible for risk management.
Risk management units at each level are responsible for identifying and
managing risks in their products, activities, processes, and systems, and
establishing risk appetite limits and monitoring indicators to monitor the
unit’s risks. They set operational standard procedures and provide risk
reports based on business content. When faced with major issues, each unit
needs to assess the potential impacts that E.SUN may face in overall
operations and formulate corresponding management policies to effectively
manage the impacts and achieve sustainable management goals.
■ Established the risk management awareness
To raise risk awareness and to systematically extend the risk horizon, E.SUN
ensures that every E.SUN employee starts learning about E.SUN's core
philosophy regarding risk, discipline and process since the first day on the
job. E.SUN employees in different departments and at different stages of
their careers are also provided with appropriate education and training on
risk management.
I. Orientation for new recruits
Every new recruit will complete basic risk management courses during
orientation in order to understand the risk management culture at E.SUN,
self-discipline and self-management principles.
II. Professional training
E.SUN implements business-related risk management in all professional
training programs, and continuously discusses and focuses on the important
and common risk issues among all product lines. This approach ensures that
risk management becomes an inherent key factor in all business processes.
III. Developing middle management
E.SUN employees gain a better understanding of E.SUN's organization and
products once they are familiar with product lines and business aspects.
They will thus understand the importance of balancing risk and opportunities
of product lines, Furthermore, the mid-level manager training program is
aimed to help employees better understand risk management of their own
business activities and understand the responsibilities of mid-level
managers.
IV. Continuing training for managers
These courses are designed to help managers respond to external challenges
and risks to lead reformations and formulate strategies that prioritize
cross-departmental integration within the group. The risk management culture
was ingrained on the basis of corporate governance, making risk awareness an
irreplaceable foundation stone. In addition, product benefits and
performance appraisal are included in risk management as a measuring factor.
In addition to the understanding of the risk costs behind each product
revenue, daily business operation risk control is also included in
performance assessment in order to ingrain the risk culture and awareness.
V. Leading with Excellence-Senior Manager Cultivate
We maintain continuous partnerships with leading universities to shape the
necessary abilities for our leadership pipeline through various development
modules, aiming to continuously enhance the leadership and professional
capabilities of our senior executives. We also invite directors to
participate in these programs, fostering a culture of risk management and
embodying the spirit of entrepreneurship through mutual teaching and
learning.
On top of physical courses, E.SUN also draws on digital technology to
organize online training or tests. In particular, the Covid-19 pandemic
prompted the introduction of a wide range of online training and interactive
courses in 2023. A total of 3,700 E.SUN employees completed risk management
training by taking both e-learning and physical courses. Of the trainees,
97-100% passed the e-learning tests conducted afterwards. Separately, the
Company's Risk Management Division publishes a quarterly bulletin to
introduce the latest risk management regulations, trends, or practices. From
time to time, departments responsible for product lines also offer
educational materials for internal training at business units.
In devising regulations for evaluation, the Company places special emphasis
on considering performance in both business endeavors and risk management.
Of the three key gauges for evaluating employee performance, “core and
management competences” takes account of awareness of risk management and
the three lines of defense model as well as risk control in daily
operations. Likewise, risk management is a key measure for evaluating the
performance of senior managers. A well-defined reward and penalty scheme is
thus adopted to incentivize managers and high-performing employees to strive
for risk management over the long term, thereby bolstering the Company's
risk awareness throughout.
■ Accomplishments in Risk Management in 2023
(1) Risk assessment for (new) product and service
Before launching innovative products or services, the development team must
list all potential risks, such as market risk, liquidity risk, credit risk,
operational risk and emerging risk, to further devise or use existing
relevant control mechanisms. The Risk Management Division and the Compliance
Division will jointly review the new products and services to ensure that
they have complied with internal and external laws and regulations and the
risks are controllable before providing them to clients. In the cases of
product or service adjustment or refinement where compliance, internal
control or risk management is likely to be affected, risk assessment must
also be conducted. In 2023, 315 domestic and oversea business risk
evaluations were completed.
(2) Reporting Mechanisms and Communication Channels
To undertake risk management efficiently in a timely manner, E.SUN has
established a series of reporting mechanisms and communication channels.
Upon detecting risk events or potential risks in daily operations, employees
are encouraged to notify departmental supervisors right away. They can also
present risk management observations and recommendations in work journals.
In 2023, a total of 601 work journal entries had to do with risk management
or internal control, with 81 coming with specific suggestions. All E.SUN
departments are supposed to conduct risk management and internal control
self-evaluation each quarter. In 2023, the Risk Management Division analyzed
more than 3,000 evaluation reports from product lines, based on which it
went on to compile the most important and common risk types and cases for
presentation to managers and mid-ranking officers during E.SUN's annual
conference. At year's end, the Company routinely conducts a survey to
canvass the opinions of all employees. Of the 7,556 questionnaires thus
collected in 2023, 150 touched on risk management. The Chief Risk Officer
and the Risk Management Division then went on to make improvement based on
survey results, report this to the President and other senior managers, and
respond by videoconference to employees who had given their opinions
previously.
(3) Basel Capital Accord - Internal Ratings-Based (IRB) Approach
Implementation
E.SUN has enhanced its credit risk management through the development of its
internal rating systems, the improvement of credit rating models, and the
establishment of operational guidelines based on regulations issued by the
Financial Supervisory Committee. E.SUN’s employs concepts such as internal
credit ratings, exposure at default, and expected loss in credit granting,
risk management, and capital allocation. Furthermore, to ensure the
relevance, completeness, and accuracy of data collection, storage, and
handling procedures, E.SUN has implemented comprehensive data management
guidelines. To promote understanding among the Board of Directors and senior
management regarding the operation of the internal rating system and changes
in risk, important information on credit rating model management in 2023 has
been reported to the Board of Directors and the Risk Management Committee on
twelve occasions. Additionally, periodic courses on the Basel Framework are
held for directors and senior management to reinforce corporate governance.
(4) Enhancing Overseas Branch Risk Management
To enhance the risk management capabilities of overseas units, in 2023,
seven risk management education and training courses were made available on
the e-learning platform. The reading rate reached 97%. In the first half of
the year, assistance was provided to the Singapore branch in implementing
the Business Continuity Management (BCM) mechanism within the set timeframe,
in compliance with local regulatory requirements. The Hong Kong branch has
also completed the first phase of implementation. Additionally, this year,
senior executives from the head office and overseas branches have
participated in exchanges on risk management topics by visiting overseas or
coming to Taiwan. This has been helpful in understanding the operational
risks of overseas units and enhancing risk control capabilities.
(5) Credit risk management mechanism
Since 2022, E.SUN has implemented its credit risk stress testing model based
on credit risk factors, scenario setting, and risk grouping, in alignment
with the Basel Capital Accord, to continually enhance its credit risk
management mechanism. This model enables to simulate changes in risk factors
and calculate expected losses under stressed scenarios. Additionally, risk
appetite management and concentration risk management are conducted
regularly to ensure the risk distribution and level of risk align with its
business objectives. Furthermore, the Bank considers climate change risk in
its assessment of overall risks and its impact on the bank. The Board of
Directors establishes risk limits for each business sector accordingly.
(6) Market risk management mechanism
E.SUN has completed the LIBOR transition work in 2023, successfully amending
the contracts linked to the LIBOR indicator to link alternative interest
rates (such as SOFR, CMS Fallback Rate), and continue to improve the
valuation complex financial products. In 2023, to built SOFR CMS Spread
Range Accrual Note, ESG-linked structured note and other valuation
templates, and through the valuation model verification plan to confirm that
the valuation model used to comply with market convention and is free from
bias. In addition, in order to strengthen the complex financial product
valuation capabilities, a third-party valuation verification project
launched in 2023 to ensure the correctness and applicability of the
valuation model through an independent third-party unit.
(7) Counterparty Risk Management Mechanism
We continuously adjust the monitoring indicators of financial institutions
and introduces a negative information detection mechanism to more promptly
and accurately capture the credit risk changes of major financial
institutions to reduce the impact of abnormal events. This year, the Bank
established a client’s investment concentration management mechanism to
regularly monitor whether clients’ investments are concentrated in a single
product or single issuer to avoid excessive concentration of clients’
investments and protect the rights of clients.
(8) Operational risk management mechanism
We enhance the Operational Risk Management Tools for the application of new
technology in business. For monitoring and early warning Key Risk Indicators
has adjusted accordingly to capture abnormal alerts in a timely manner and
plan for management measures. The overall renovation rate is close to 50% in
order to better align with current business areas and new business
developments. Additionally, by cross-examining between various tools, the
potential high-risk processes for the year can be identified more
effectively, enabling a better understanding of risk changes and support for
business development.
(8) Asset liability risk management mechanism
In 2023, E.SUN introduce the automation report for all currencies liquidity
gap to improve the immediacy of reporting and effectively manage the
possible impact on the E.SUN’s liquidity during the cycle of interest rate
hikes initiated by local central banks. At the same time, we continue to
optimize and allocation of assets and liabilities, including the interest
rate period structure allocation and capital allocation of reserves, and in
response to global monetary tightening policies, we enhance the liquidity
risk management and interest rate risk management.
(9) Indicators for Detecting Operating Risk
In order to implement the execution of detecting business risk indicators in
banks, additional regulations on detecting business risk management were
established in 2023. These regulations clarify the operational processes of
sending, reporting, collecting and reviewing, analyzing and reporting, and
monitoring changes in business risk indicators. Operational flowcharts are
also provided to enhance the operation of detecting business risks. The
focus of improving monitoring indicators throughout the bank continues to be
on the effectiveness of these indicators, with the main goal of enhancing
the effectiveness of detecting business risk monitoring. Currently, the
number of important risk monitoring indicators has been reduced from the
original 66 to 51.