AML/CFT management program and enhancement
E.SUN continually realizes internal and external regulations and treats AML/CFT compliance tasks as its long-term mission; continues to promote matters for strengthening AML/CFT; benchmarks against international AML laws and regulations; amends domestic and overseas AML policies and procedures; refines due diligence customer review and control measures, and constantly develops global AML monitoring systems, all for the benefit of AML/CFT in the overall financial environment. For the trend of international AML governance, the Company continually pays attention to the guidance announced by organizations such as the Financial Action Task Force on Money Laundering (FATF) and to the international money laundering and fraud trends, such as: environmental crimes, medical crimes, terrorism financing, expansion of arms, digitization, TBML, etc. E.SUN FHC adheres to competent authorities' rules and strengthens the AML/CFT mechanisms of each of its subsidiaries according to the policies and procedures of FATF Forty Recommendations. There are 6 dimensions under E.SUN FHC's AML/CFT management mechanisms: Policy and procedure, customer due diligence(CDD), watch list filtering, suspicious transaction reporting(STR), record keeping, and annual independent assessment. Specific actions taken are described below:
|
|
(1)Policies and Procedures
E.SUN FHC and its subsidiaries have established the AML/CFT policies and procedures with
regard to aspects such as due diligence, name checks, transaction monitoring and employee
management. The subsidiary E.SUN Bank has newly established the "E.SUN Bank Money Laundering
and Terrorism Financing Risk Appetite Policy" in 2020 with added quantitative indicators
stating the level and type of the risk of money laundering and terrorism financing that
E.SUN is willing to bear. Regarding due diligence, relevant internal regulations were
amended to strengthen the risk evaluation mechanisms of the identification of the beneficial
owner and politically exposed persons. Internal policies and procedures were formulated and
revised in 2020, and the key points are listed below.
The “E.SUN Bank Money Laundering and Terrorism Financing Risk Appetite Policy” was
formulated with qualitative and quantitative risk appetite indicators, and periodical
monitoring and mid-term management mechanisms were realized.
The “Guidelines on Know Your Customer and Customer Due Diligence of E.SUN Bank” was
revised with adjustments on the identification rules of beneficial owners, including the
addition of review procedures and authority level of customers' undisclosed equity and the
specification on the time frame for customer periodical reviews.
The “E.SUN Bank's Principles for the Identification of Politically Exposed Persons and the
Evaluation of Their Influence” was formulated to regulate the key factors for consideration
when evaluating the influence and risk level of politically exposed persons, the
implementation procedures and the ongoing customer due diligence review mechanisms.
The “E.SUN Bank's List Selection, Renewal and Effectiveness Review Procedures” was revised
and the “E.SUN Bank's Guidelines on AML/CFT
and Name Check System” was formulated to regulate the procedures related to name checks,
including the update frequency of lists and alert releasing procedures.
The subsidiary E.SUN Securities has revised the “E.SUN Securities Notes on AML/CFT” and the “E.SUN Securities' Concurrent Futures
Commission Merchants' Notes on AML/CFT”, the
“E.SUN Securities Control Mechanisms of AML/CFT” was revised to effectively conduct customer identity verification measures,
transaction monitoring and continual mechanisms using the Risk Based Approach and to verify
the equity, shareholding structure and beneficial owners of legal persons, groups or trust
customers. All in all, the internal three lines of defense structure is used to ensure the
effectiveness of the AML/CFT plan.
(2)Customer Due Diligence (CDD)
Measures are taken to identify customers, including collecting, updating, and verifying
customer information and saving customer information, confirming that relevant data sources
and documents are reliable, independent source documents, such as official documents, data
or information, etc. The identity verification procedures include identifying the beneficial
owners of entity clients, politically exposed persons (PEPs) and their relatives and close
associates (RCAs). E.SUN adopts the risk based approach (RBA) for performing CDD and
requires enhanced due diligence (EDD) to be conducted for high risk customers by verifying
the source of wealth and funds. The business relationships with high risk customers should
be approved by senior management. Ongoing customer due diligence (CDD), in principle, can be
divided into categories such as periodical review based on customer risk levels after the
business relationship is established, new business relationship establish, and trigger event
reviews. In order to understand the newest status and changes of customer risks, when there
is a significant change in customers' identity or when suspicious transactions occur,
trigger event customer due diligence will be initiated. In the future, the procedures will
be continually refined.
■ Non-face-to-face customer due diligence (CDD)
E.SUN's due diligence work for “non-face-to-face” customers, in principle, encompasses
customer identification procedures that have the same effect as face-to-face due diligence,
and special and sufficient measures have been formulated for “non-face-to-face” due
diligence to reduce risks. Similar to the due diligence of face-to-face customers, due
diligence of “non-face-to-face” customers, in principle, requires natural person customers
to provide identification documents for verifying their identity and address, etc., and
customers are contacted by phone or mail if necessary. Corporate customers, in principle,
must provide company establishment registration documents, business licenses, registration
forms of changes or similar documents, company articles of association, directors and
shareholders lists, and beneficial owner identification documents, etc. To perform
verification of corporate customer information, E.SUN accesses the official website of the
place of registration to verify that the registration information is consistent with the
information provided by the customer and is still valid, and there is no registration of
dissolution, liquidation, closure or abolition, etc.
Digital accounts opened with the subsidiary E.SUN Bank are characterized by the fact that
account opening is conducted online, and not restricted by time or geography. E.SUN also
specifically and clearly announces the relevant application process on the official website,
including the required information, application qualifications, and approval progress/
request of additional documentation platform query, etc.
In addition, in terms of customer periodical reviews, the subsidiary E.SUN Bank has set up
an e-KYC customer identity update platform, and continues to urge customers to use online
banking/mobile banking to update online information on the official website.
The relevant
operating procedures are also clearly disclosed for customers to understand while a new
service channel "Personal Basic
Information Update Platform" has been added on the official
website, so that customers who do not use digital channels can also update online data, thus
improving customer service experience.
(3)Watch list filtering
■ Terrorist financing
Watch list filtering should be conducted for customers and their associates before E.SUN
establishes new business relationships or provides new services to customers. Watch list
batch filtering mechanism has been established with determined alert releasing time limit,
and the watch lists are updated daily. Group lists information sharing mechanism has been
developed for sharing high risk customer and rejected lists among affiliates by adding the
lists into the screening system. The watch list screening system has been validated
regularly by an effectiveness validation mechanism. Moreover, in 2020, E.SUN Bank has
continuously reviewed the logic and set in the watch list filtering system to strive for a
better accuracy of matching. Meanwhile, E.SUN keeps an eye on the sanction related
information released by FATF, UN and other competent authorities, and relevant indexes
concerning country's transparency and corruption, in an effort to regularly update an
appropriate country risk list to effectively manage geography risk.
In general, the list selected by E.SUN for filtering includes but is not limited to the
Taiwan Ministry of Justice (MOJ) sanctions list, the United Nations Security Council (UNSC)
comprehensive sanctions list, the U.S. Treasury Department’s Office of Foreign Assets
Control (OFAC) Specially Designated Nationals List (SDN-List), and the lists issued by the
competent authorities of countries/regions where E.SUN overseas business locations are
located.
■ PEP/RCA
When establishing and adding new business relationships or conducting periodical review and triggering event review, to screen whether customers and their beneficial owners and senior managers are PEP/RCA, E.SUN uses the information system to assist in the verification of identities against watch lists in the database. If the aforementioned person is confirmed to be PEP/RCA, E.SUN will conduct EDD and strengthen transaction monitoring to confirm the source of funds and wealth of customers, etc., and the approval of senior management is required before business relationships are established. The periodical review for high risk PEP/RCA customer would be conducted every year, and their transactions would be more strictly monitored.
■ Senior management approval and sign off
In addition to business relationships with PEP/RCA customers that require senior management approval, when assessing the customer’s geographic risk, E.SUN considers the customer’s nationality and the country or region involved in the place of registration. For customers from countries or regions with a high risk of money laundering or terrorism financing, enhanced measures commensurate with such risks are adopted. When assessing the customer’s risk, the customer’s occupation, job title, and industry characteristics should be considered. If the industry category is assessed by E.SUN as prone to be used to assist money laundering or terrorism financing, it strengthens EDD when establishing or adding new business relationships, and confirms the source of funds and wealth of customers, etc. The aforementioned customer business relationship establishment can only be undertaken following senior management approval. If there exists transaction relating to extremely risk of money laundering and terrorism financing, such as Iran and DPRK etc., E.SUN would reject the business relationship and transactions. Moreover, E.SUN does not accept corporate customer whose main business items is related to virtual currency.
(4)Suspicious Transaction Reporting
For transaction monitoring, the scope of monitoring includes customers, employees, and
financial institutions that deal with E.SUN. When conducting transactions or establishing a
business relationship with the aforementioned parties, dedicated personnel reviews their
potential involvement in money laundering or terrorism financing. E.SUN also conducts an
enhanced analysis and information collection on potential high risk customers based on the
philosophy of prioritizing risks. The review process includes determining whether
occupation, industry, source of fund, purpose of transaction and transaction activities are
consistent with past activities. The record of investigation process should be kept. After
the investigation, the dedicated personnel submit suspicious transactions reports to the
Investigation Bureau of the Ministry of Justice with information on customers or
transactions suspicious of money laundering or terrorism financing. All suspicious
transaction reports are filed on a designated computer, where the use of portable devices is
prohibited. Every staff in the AML department is required to sign a confidentiality
agreement to ensure that filed information cannot be transferred to an unrelated third party
to prevent information leakage. Regarding the monitoring of transactions suspicious of money
laundering, in 2020, the functional modules of the system were optimized, including the
addition of monitoring of suspicious money laundering typologies to expand the monitored
targets and business scopes, the adjustments on monitoring logic and parameter threshold,
transaction analysis function and managerial reports to enhance the monitoring effect.
(5)Record keeping
All documents and information obtained for the implementation of customer identity
verification and due diligence measures, including relevant identification and verification
of customer identity information, are stored by E.SUN for at least five years after the end
of the business relationship with the customer or the end of the temporary transaction.
(6)Annual independent assessments
■ AML/CFT Annual Assurance Reports
The chairmen, president, chief auditor and dedicated AML/CFT responsible officer of the respective local subsidiaries shall jointly issue a statement on internal control for AML/CFT, which will be filed via a website designated by the competent financial authority of the Company's host country, the FSC. E.SUN Bank commissioned PricewaterhouseCoopers (PwC) to conduct auditing of AML/CFT related internal control in 2020.
■ Institutional Risk Assessment (IRA)
E.SUN has in recent years cooperated with an internationally renowned institution to
introduce a group-wide methodology for implementing institutional AML/CFT risk assessments.
The methodology includes the dimensions of geography, customers, products and services,
delivery and payment channels, and assesses the inherent risk, control measures, and
residual risks of the entire institution. E.SUN initiates action plans based on the
assessment, reports to the Board of Directors upon completing the institutional risk
evaluation report, and submits the report to competent authorities. For this year’s IRA,
E.SUN selected a suitable consulting company to carry out a risk assessment methodology
improvement project, strengthened the introduction of quantitative data and the assessment
of anti-bribery and corruption (ABC), and the management and control of weapons
proliferation. An evaluation method that gives equal emphasis to quality and quantity was
applied to understand the money laundering and terrorism financing risks faced by E.SUN,
strengthen supervision of projects with higher residual risks, and track the implementation
of proposed action plans.
■ Transaction monitoring effectiveness verification
To ensure the appropriateness of the transaction monitoring system, E.SUN selected a
suitable
advisory company to evaluate the consistency, correctness and reasonableness of transaction
monitoring data. By analyzing the statistical distribution of customer transaction data,
E.SUN reviewed the reasonableness of threshold settings to evaluate whether the transaction
detection logic is effective in detection and meets the needs of E.SUN FHC.
■ Watch list filtering effectiveness verification
Every year, E.SUN engages an independent third party, the world-leading Society for Worldwide
Interbank Financial Telecommunication, to assist in the implementation of sanctions list
screening system testing services, targeting Taiwan’s specially designated sanctions
announced based on the Counter-Terrorism Financing Act, the United Nations Security Council
(UNSC) sanctions resolutions, the U.S. Treasury Department’s Office of Foreign Assets
Control (OFAC) Specially Designated Nationals List (SDN-List) and sanctions lists issued by
the competent authorities of the countries/regions where E.SUN’s overseas business locations
are located. Through two major testing aspects: precise comparison and fuzzy comparison, use
of the watch list filtering system in customer filtering and transaction filtering is
observed to determine its performance and confirm that the effectiveness of watch list
filtering meets requirements.
■ Reinforcement through Training
To reinforce AML/CFT training and to increase staff awareness of AML, appropriate contents
and hours of training on AML/CFT are arranged annually by categories based on the roles of
employees, which include new employees, AML officers at the accountable unit, AML
supervisory officers of each unit, Board of Directors, senior management, legal and
compliance personnel, internal auditors, and the front-line staff. During 2020, a series of
video conference training has been rolled out by the AML Department, for domestic and
overseas units to attend. During the more difficult stages of the COVID-19 pandemic,
pre-recorded online courses were provided instead to avoid morning gatherings in cooperation
with the pandemic control measures. The speakers are mainly the managers from the AML
Department, and the courses focus on topics with high connection to business unit practices,
including laws on repatriated offshore funds, guidelines on the due diligence review of
triggering events, identifying the beneficial owner, AML trends, Investigation Bureau
investigation and analysis on dummy accounts and identification of beneficial owners. In
addition, E.SUN invited investigators or prosecutors qualified as international AML/CFT
evaluation assessors with practical experience to provide training in order for employees to
understand the AML and CFT responsibilities and to acquire the relevant expertise. In
addition, E.SUN has joined the enterprise membership of ACAMS. Benefits include online
training as well as access to a forward-looking global news database on AML/CFT, thereby
providing additional overseas and domestic training materials, enhancing the depth and
breadth of employees' expertise, and shaping the AML/CFT awareness and culture among our
units. Furthermore, E.SUN continues to promote obtaining AML certification. By the end of
2020, 66% of the AML/CFT supervisory officers of the subsidiary E.SUN Bank has been AML
certified, which is a 30% increase as compared to the end of 2019.
2019
|
- All AML dedicated personnel and supervisory officers met
statutory requirements on eligibility.
- Board of Directors, Presidents, legal compliance personnel,
internal audit personnel, AML dedicated personnel, AML
supervisory officers and business operation employees all met
the requirement of regulatory training hours.
- Adequate training and courses have been arranged based on
employee's occupation.
- 483 employees have attended the seminar for AML/CFT officers
organized by Taiwan Academy of Banking and Finance and have met
the regulatory qualification of AML/CFT officers.
- 332 employees have acquired certification of Certified
Anti-Money Laundering Specialist (CAMS).
- 217 employees have acquired the AML/CFT professional test
certification.
|
|
2020
|
- All AML dedicated personnel and supervisory officers met
statutory requirements on eligibility.
- Board of Directors, Presidents, legal compliance personnel,
internal audit personnel, AML dedicated personnel, AML
supervisory officers and business operation employees all met
the requirement of regulatory training hours.
- Adequate training and courses have been arranged based on
employee's occupation.
- 600 employees have attended the seminar for AML/CFT officers
organized by Taiwan Academy of Banking and Finance. Participants
include the AML/CFT supervisory officers of each unit, the AML
Department, the Compliance Division, and audit units.
- 336 employees have acquired certification of Certified
Anti-Money Laundering Specialist (CAMS).
- 548 employees have acquired the AML/CFT professional test
certification.
|
|