Loading
Loading
The vision of risk management is to protect assets, enhance clients service quality and improve shareholders' values, while hoping to control the possible risks generated in various business operations within a tolerable range, and to achieve a reasonable balance between risks and returns while securing adequate capital to back up business development. To effectively identify, assess, monitor and control all types of risk, E.SUN has always followed the philosophy of "no services or operations can be considered beyond risk" while considering the balance between risk management and performance assessment. The aspect of risk management has been included in performance appraisal to uphold the highest guiding principles of risk management: safety and liquidity first, profitability second, growth next, and always pay attention to the public interest.
The E.SUN FHC Board of Directors is the highest authority in risk management, approving policies and key decisions aligned with business strategies and bearing ultimate responsibility.
To enhance oversight and communication, the Board established the Board Risk Management Committee, which held five meetings in 2024 (1/17, 3/13, 5/8, 8/14, 11/6) to review policies, supervise risk mechanisms, and evaluate risk reports, appetite, and limits. To improve Board efficiency, on June 23, 2025, the Board merged the Risk Management Committee into the Audit Committee, renaming it the "Audit and Risk Management Committee," where all members are independent directors. The Risk Management Division implements Board-approved policies and frameworks, maintaining an independent system to assess and monitor the company's overall risk capacity, develop response strategies, and track execution. It regularly reports to the Board and Committee to ensure effectiveness. The Chief Risk Officer (CRO) leads risk management at the executive level.
Risk units across the organization identify and manage risks within their domains, set risk appetite limits, monitor indicators, establish procedures, and provide risk reports. In major risk events, units assess potential impacts on E.SUN's overall operations and develop management policies to mitigate risks and support sustainable growth
Every new recruit will complete basic risk management courses during orientation in order to understand the risk management culture at E.SUN, self-discipline and self-management principles.
E.SUN implements business-related risk management in all professional training programs, and continuously discusses and focuses on the important and common risk issues among all product lines. This approach ensures that risk management becomes an inherent key factor in all business processes.
E.SUN employees gain a better understanding of E.SUN's organization and products once they are familiar with product lines and business aspects. They will thus understand the importance of balancing risk and opportunities of product lines, Furthermore, the mid-level manager training program is aimed to help employees better understand risk management of their own business activities and understand the responsibilities of mid-level managers.
These courses are designed to help managers respond to external challenges and risks to lead reformations and formulate strategies that prioritize cross-departmental integration within the group. The risk management culture was ingrained on the basis of corporate governance, making risk awareness an irreplaceable foundation stone. In addition, product benefits and performance appraisal are included in risk management as a measuring factor. In addition to the understanding of the risk costs behind each product revenue, daily business operation risk control is also included in performance assessment in order to ingrain the risk culture and awareness.
We maintain continuous partnerships with leading universities to shape the necessary abilities for our leadership pipeline through various development modules, aiming to continuously enhance the leadership and professional capabilities of our senior executives. We also invite directors to participate in these programs, fostering a culture of risk management and embodying the spirit of entrepreneurship through mutual teaching and learning.
In devising regulations for evaluation, the Company places special emphasis on considering performance in both business endeavors and risk management. Of the three key gauges for evaluating employee performance, “core and management competences” takes account of awareness of risk management and the three lines of defense model as well as risk control in daily operations. Likewise, risk management is a key measure for evaluating the performance of senior managers. A well-defined reward and penalty scheme is thus adopted to incentivize managers and high-performing employees to strive for risk management over the long term, thereby bolstering the Company's risk awareness throughout.
Before launching new products or services, the development team must identify potential market risk, liquidity risk, credit risk, operational risk, and emerging risks, and plan or utilize existing related control mechanisms. New products and services will be jointly reviewed by the Risk Management Division and the Compliance Division to ensure compliance with internal and external laws and regulations and controllable risk levels before they can be officially offered to customers. If existing products or services undergo adjustments or improvements that may affect compliance, internal controls, or risk management, risk assessments must also be conducted. In 2024, a total of 423 risk review assessments for domestic and overseas businesses were completed.
Regarding credit risk management processes, the subsidiary E.SUN Bank has developed an internal rating system since 2006, continuously building and refining credit rating models. In accordance with regulatory requirements and risk management trends, relevant internal operational specifications and procedures have been established. Based on internal ratings, exposure at default, and loss estimates, these are applied in credit approval, risk management, internal capital allocation, and corporate governance. To ensure data collection, storage, and processing comply with relevance, completeness, and accuracy principles, data management systems and disciplines have been progressively enhanced. To keep the Board of Directors and senior management informed about the rating system operations, risk changes, and provide professional guidance, in 2024, critical credit rating model management information was reported to the Board and the Risk Management Committee eight times. Additionally, the Bank and the Taiwan Academy of Banking and Finance have jointly conducted Basel courses for directors and senior management for three consecutive years to strengthen understanding of the IRB approach, estimation process, management mechanisms, and risk governance.
To continuously improve the professional capability of overseas units in risk management, 17 risk management training courses have been launched on the e-learning platform in 2024, and course feedback questionnaires have been used to refine teaching materials. This year, head office and overseas branch supervisors continue to conduct on-site exchanges to mutually understand head office policies and overseas operational risks. Currently, the Singapore Branch has completed the third-party independent audit verification of business continuity management (BCM); the Hong Kong Branch has completed the key business scenario testing report and conducted on-site drills; the Dong Nai Branch has completed risk assessment (RA) and major contingency plans and carried out tabletop exercises. Follow-up will assist overseas units in continuously strengthening operational resilience.
Aligned with the Basel accords and ongoing deepening of credit risk management mechanisms, since 2022, stress testing models have been constructed based on credit rating model risk factors by scenario setting and risk segmentation to simulate changes in risk factors and calculate expected loss under stress scenarios. Regular execution of risk appetite and concentration limit management is performed to assess E.SUN’s exposure distribution and the risk levels endured to achieve business objectives. The subsidiary E.SUN Bank incorporates climate change risk factors into the risk appetite mechanism and uses stress testing to assess the impact on overall risk levels to set business limits. In 2024, responding to continuous growth in domestic bank real estate loans and rising concentration risk, a real estate concentration stress test was initiated to evaluate the impact of external environments and refine related management measures.
In 2024, in response to the continuous growth and diversification of the Group’s bond investment business, bond business processes were reorganized, and the OneView system’s Trading module was implemented. By enhancing evaluation complexity and model support flexibility, the time required for bond valuation and market risk sensitivity factor generation has been significantly shortened, enabling more real-time market risk management and early warning capabilities for bond investments.
In response to wealth management business development, the parent company requires the banking subsidiary to continuously improve the wealth customer concentration management mechanism. The overall concentration of wealth customers investing in a single product, high-risk products, or a single issuing institution is regularly monitored to avoid customers investing excessively in a single aspect and to protect customer interests. The concentration monitoring results are reported quarterly to the Board of Directors’ Risk Management Committee to facilitate management’s evaluation of overall business concentration risk profiles.
With the new advanced operational risk standards applicable from 2025, operational risk data quality validation was completed in 2024, and data verification specifications established to obtain high-quality operational risk data in line with international standards. Regarding outsourcing risk management, considering increasingly stringent management, new regulatory requirements in 2024 established quantitative risk assessment and materiality confirmation mechanisms for outsourcing items. Each entrusted project must undergo corresponding review and verification according to its risk level to grasp the overall outsourcing business risk profile of E.SUN.
In 2024, the parent company supervised the banking subsidiaries to improve liquidity management mechanisms, which mainly include contingency funding plan drills and the review and setting of liquidity stress testing methodology parameters. Improvements were also made to overseas liquidity management mechanisms, focusing on diversifying overseas funding sources to meet liquidity needs. For interest rate risk management, the appropriateness of interest rate risk indicators for asset-liability portfolios was re-examined, including asset-liability duration gaps, deposit and loan durations, bond portfolio durations, and the economic value of banking book interest rate risk, to continually optimize the overall asset-liability risk mechanism.
To improve operational risk detection processes, in 2024 the focus was maintained on the effectiveness of monitoring indicators to enhance operational risk detection. Qualitative indicators have been reviewed and suitably converted into quantitative indicators, which now account for 90% of all monitoring indicators. Furthermore, improvements and refinements have been made for high-risk items. The review of major operational risk detection indicators over the past four quarters shows a gradual reduction trend in high-risk items.
