Loading
Loading
The vision of risk management is to protect assets, enhance clients service quality and improve shareholders' values, while hoping to control the possible risks generated in various business operations within a tolerable range, and to achieve a reasonable balance between risks and returns while securing adequate capital to back up business development. To effectively identify, assess, monitor and control all types of risk, E.SUN has always followed the philosophy of "no services or operations can be considered beyond risk" while considering the balance between risk management and performance assessment. The aspect of risk management has been included in performance appraisal to uphold the highest guiding principles of risk management: safety and liquidity first, profitability second, growth next, and always pay attention to the public interest.
The Board of Directors of E.SUN FHC is the highest authority in risk management, approving policies and key decisions aligned with business strategies and carrying ultimate responsibility.
To enhance oversight and communication, the Board established the Board Risk Management Committee, which held three meetings in 2025 (January 8th, March 5th, May 7th). On June 23, 2025, the Board of Directors approved the merger of the Board Risk Management Committee into the Audit Committee, renaming it the Audit and Risk Management Committee. This committee is composed entirely of independent directors and held four meetings following the restructuring in the remainder of 2025 (August 13th , September 17th, November 5th, and December 12th). Its primary functions include executing Board decisions, overseeing risk management policies, supervising the establishment and operation of risk mechanisms, and reviewing risk reports, appetite, and limits. The Risk Management Division implements Board-approved policies and frameworks, maintaining an independent system to assess and monitor the company's overall risk capacity, develop response strategies, and track execution. The Risk Management Division regularly reports to the Board and Audit and Risk Management Committee to ensure operational effectiveness, with the Chief Risk Officer (CRO) leading risk management at the executive management level.
Risk management units at all levels are responsible for identifying and managing risks associated with their products, activities, processes, and systems. These units establish risk limits and monitoring indicators, define standard operating procedures, and submit risk reports. In response to major issues, units evaluate potential impacts on E.SUN's overall operations and formulate management strategies to effectively mitigate impacts and achieve sustainable management objectives.
Every new recruit will complete basic risk management courses during orientation in order to understand the risk management culture at E.SUN, self-discipline and self-management principles.
E.SUN implements business-related risk management in all professional training programs, and continuously discusses and focuses on the important and common risk issues among all product lines. This approach ensures that risk management becomes an inherent key factor in all business processes.
E.SUN employees gain a better understanding of E.SUN's organization and products once they are familiar with product lines and business aspects. They will thus understand the importance of balancing risk and opportunities of product lines, Furthermore, the mid-level manager training program is aimed to help employees better understand risk management of their own business activities and understand the responsibilities of mid-level managers.
These courses are designed to help managers respond to external challenges and risks to lead reformations and formulate strategies that prioritize cross-departmental integration within the group. The risk management culture was ingrained on the basis of corporate governance, making risk awareness an irreplaceable foundation stone. In addition, product benefits and performance appraisal are included in risk management as a measuring factor. In addition to the understanding of the risk costs behind each product revenue, daily business operation risk control is also included in performance assessment in order to ingrain the risk culture and awareness.
We maintain continuous partnerships with leading universities to shape the necessary abilities for our leadership pipeline through various development modules, aiming to continuously enhance the leadership and professional capabilities of our senior executives. We also invite directors to participate in these programs, fostering a culture of risk management and embodying the spirit of entrepreneurship through mutual teaching and learning.
In devising regulations for evaluation, the Company places special emphasis on considering performance in both business endeavors and risk management. Of the three key gauges for evaluating employee performance, “core and management competences” takes account of awareness of risk management and the three lines of defense model as well as risk control in daily operations. Likewise, risk management is a key measure for evaluating the performance of senior managers. A well-defined reward and penalty scheme is thus adopted to incentivize managers and high-performing employees to strive for risk management over the long term, thereby bolstering the Company's risk awareness throughout.
Before launching new products or services, the development team must identify potential market, liquidity, credit, operational, and emerging risks, and plan or utilize existing related control mechanisms. New products and services are jointly reviewed by the Risk Management Division and the Compliance Division to ensure compliance with internal and external laws and regulations and controllable risk levels before they can be officially offered to customers. If existing products or services undergo adjustments or improvements that may affect compliance, internal controls, or risk management, risk assessments must also be conducted.
Since 2006, our subsidiary E.SUN Bank has developed its Internal Rating System, continuously refining credit models in alignment with regulatory standards and risk trends. Risk components, including internal ratings, Exposure at Default (EAD), and Loss Given Default (LGD), are systematically integrated into credit approvals, risk management, capital allocation, and corporate governance. Enhanced real-estate reappraisal mechanisms ensure precise collateral valuation. To uphold data integrity, a Data Management Committee oversees governance, while the Board and Bank Risk Management Committee receive regular reports on model validation and stress testing. Furthermore, Basel-specific training for directors and senior management fosters a robust risk culture.
Through learning journey design, we continuously enhance overseas risk management expertise via online courses and in-person exchanges. By 2025, subsidiary E.SUN Bank has cumulatively launched 20 e-Learning training courses covering a wide range of risk management topics, including climate risk. On-site exchanges emphasize strengthening two-way interaction and experience sharing to enhance the Head Office's understanding of potential risks at overseas units (subsidiaries and branches. Simultaneously, to enhance operational resilience in overseas units, we reviewed drill plans and reports from each unit while progressively establishing operational continuity management mechanisms. After assisting branches in Hong Kong, Singapore, Vietnam, and other regions in implementing these management frameworks, in 2025, the Bank assisted the Japan regional branch in completing Business Continuity Management Risk Assessments (BA) and Business Impact Analyses (BIA), followed by on-site drills to enhance capabilities in addressing potential risks and challenges.
In compliance with Basel III, our subsidiary E.SUN Bank deepened its credit risk management by establishing a dynamic stress testing framework in 2022. This framework simulates the impact of macroeconomic shifts on retail and corporate risk components annually. In 2025, the Bank refined these protocols by defining thresholds for significant variances and initiating ad-hoc stress tests regarding U.S. tariff shifts. These findings are reported to the Board to ensure capital resilience and long-term stability.
To enhance market risk efficiency, our subsidiary E.SUN Bank launched a Market Risk Management Platform project in 2024, completing it in Q3 2025. This platform integrates treasury positions with market data and optimizes calculations for complex products. It generates key metrics—including VaR, Marginal VaR, Component VaR, Expected Shortfall (ES), and Fundamental Review of the Trading Book (FRTB) capital requirements—enabling comprehensive impact analysis of market volatility and improved early-warning capabilities.
To navigate volatile interest rate environments, subsidiary E.SUN Bank has enhanced controls for securities trading. By integrating diverse system data, the Bank implemented multi-dimensional, real-time limit monitoring and automated alerts, enabling agile responses to rapid market fluctuations.
As of 2025, subsidiary E.SUN Bank adopted the New Standardized Approach (SMA) for operational risk, utilizing loss events as capital calculation parameters. Simultaneously, the Operational Risk Appetite stress scenarios were updated to include business growth indicators and loss estimations aligned with the new regulatory framework.
In 2025, the Company strengthened its control over interest rate and liquidity risks in its subsidiary E.SUN Bank. Key enhancements included recalibrating interest rate gaps and banking book stress test limits to align with market trends. To support overseas branches, the Head Office developed dedicated risk reports and assisted in setting localized interest rate limits, significantly refining the granularity and efficiency of global ALM oversight.
The Company reviewed and adjusted risk categories and monitoring indicators in 2025 to ensure continued effectiveness. In response to IRB refinements, technological advancements, and ESG trends, new indicators were added, including NPL management, open-source code leak frequency, cybersecurity training completion for new hires, personal data protection, and sustainable bond management.
The Company integrates ESG risks into its existing risk management framework, strengthening the management of ESG and climate-related risks. It has established a financial carbon emissions system and a physical risk database, implementing risk management and internal controls based on scientific methods and data to effectively respond to and monitor significant climate and natural risks. In 2025, subsidiary E.SUN Bank adopted the advanced methodology for physical and transition risks outlined in the “Guidelines for Domestic Banks Conducting Climate Change Scenario Analysis” to perform climate scenario analysis. This will significantly enhance the granularity and accuracy of assessments, with results published in the Company’s 2024 Climate and Nature Report.
