AML/CFT

AML/CFT management program and enhancement

E.SUN continually realizes internal and external regulations and treats AML/CFT compliance tasks as its long-term mission; continues to promote matters for strengthening AML/CFT; benchmarks against international AML laws and regulations; amends domestic and overseas AML policies and procedures; refines due diligence customer review and control measures, and constantly develops global AML monitoring systems, all for the benefit of AML/CFT in the overall financial environment. For the trend of international AML governance, the Company continually pays attention to the guidance announced by organizations such as the Financial Action Task Force on Money Laundering (FATF) and to the international money laundering and fraud trends, such as: environmental crimes, medical crimes, terrorism financing, expansion of arms, digitization, TBML, etc. E.SUN FHC adheres to competent authorities' rules and strengthens the AML/CFT mechanisms of each of its subsidiaries according to the policies and procedures of FATF Forty Recommendations. There are 6 dimensions under E.SUN FHC's AML/CFT management mechanisms: Policy and procedure, customer due diligence(CDD), watch list filtering, suspicious transaction reporting(STR), record keeping, and annual independent assessment. Specific actions taken are described below:

(1)Policies and Procedures

E.SUN FHC and its subsidiaries have established the AML/CFT policies and procedures with regard to aspects such as due diligence, name checks, transaction monitoring and employee management. The subsidiary E.SUN Bank has newly established the "E.SUN Bank Money Laundering and Terrorism Financing Risk Appetite Policy" in 2020 with added quantitative indicators stating the level and type of the risk of money laundering and terrorism financing that E.SUN is willing to bear. Regarding due diligence, relevant internal regulations were amended to strengthen the risk evaluation mechanisms of the identification of the beneficial owner and politically exposed persons. Internal policies and procedures were formulated and revised in 2020, and the key points are listed below.

The “E.SUN Bank Money Laundering and Terrorism Financing Risk Appetite Policy” was formulated with qualitative and quantitative risk appetite indicators, and periodical monitoring and mid-term management mechanisms were realized.

The “Guidelines on Know Your Customer and Customer Due Diligence of E.SUN Bank” was revised with adjustments on the identification rules of beneficial owners, including the addition of review procedures and authority level of customers' undisclosed equity and the specification on the time frame for customer periodical reviews.

The “E.SUN Bank's Principles for the Identification of Politically Exposed Persons and the Evaluation of Their Influence” was formulated to regulate the key factors for consideration when evaluating the influence and risk level of politically exposed persons, the implementation procedures and the ongoing customer due diligence review mechanisms.

The “E.SUN Bank's List Selection, Renewal and Effectiveness Review Procedures” was revised and the “E.SUN Bank's Guidelines on AML/CFT and Name Check System” was formulated to regulate the procedures related to name checks, including the update frequency of lists and alert releasing procedures.

The subsidiary E.SUN Securities has revised the “E.SUN Securities Notes on AML/CFT” and the “E.SUN Securities' Concurrent Futures Commission Merchants' Notes on AML/CFT”, the “E.SUN Securities Control Mechanisms of AML/CFT” was revised to effectively conduct customer identity verification measures, transaction monitoring and continual mechanisms using the Risk Based Approach and to verify the equity, shareholding structure and beneficial owners of legal persons, groups or trust customers. All in all, the internal three lines of defense structure is used to ensure the effectiveness of the AML/CFT plan.

(2)Customer Due Diligence (CDD)

Measures are taken to identify customers, including collecting, updating, and verifying customer information and saving customer information, confirming that relevant data sources and documents are reliable, independent source documents, such as official documents, data or information, etc. The identity verification procedures include identifying the beneficial owners of entity clients, politically exposed persons (PEPs) and their relatives and close associates (RCAs). E.SUN adopts the risk based approach (RBA) for performing CDD and requires enhanced due diligence (EDD) to be conducted for high risk customers by verifying the source of wealth and funds. The business relationships with high risk customers should be approved by senior management. Ongoing customer due diligence (CDD), in principle, can be divided into categories such as periodical review based on customer risk levels after the business relationship is established, new business relationship establish, and trigger event reviews. In order to understand the newest status and changes of customer risks, when there is a significant change in customers' identity or when suspicious transactions occur, trigger event customer due diligence will be initiated. In the future, the procedures will be continually refined.

■ Non-face-to-face customer due diligence (CDD)

E.SUN's due diligence work for “non-face-to-face” customers, in principle, encompasses customer identification procedures that have the same effect as face-to-face due diligence, and special and sufficient measures have been formulated for “non-face-to-face” due diligence to reduce risks. Similar to the due diligence of face-to-face customers, due diligence of “non-face-to-face” customers, in principle, requires natural person customers to provide identification documents for verifying their identity and address, etc., and customers are contacted by phone or mail if necessary. Corporate customers, in principle, must provide company establishment registration documents, business licenses, registration forms of changes or similar documents, company articles of association, directors and shareholders lists, and beneficial owner identification documents, etc. To perform verification of corporate customer information, E.SUN accesses the official website of the place of registration to verify that the registration information is consistent with the information provided by the customer and is still valid, and there is no registration of dissolution, liquidation, closure or abolition, etc.

Digital accounts opened with the subsidiary E.SUN Bank are characterized by the fact that account opening is conducted online, and not restricted by time or geography. E.SUN also specifically and clearly announces the relevant application process on the official website, including the required information, application qualifications, and approval progress/ request of additional documentation platform query, etc. In addition, in terms of customer periodical reviews, the subsidiary E.SUN Bank has set up an e-KYC customer identity update platform, and continues to urge customers to use online banking/mobile banking to update online information on the official website. The relevant operating procedures are also clearly disclosed for customers to understand while a new service channel "Personal Basic Information Update Platform" has been added on the official website, so that customers who do not use digital channels can also update online data, thus improving customer service experience.

(3)Watch list filtering

■ Terrorist financing

Watch list filtering should be conducted for customers and their associates before E.SUN establishes new business relationships or provides new services to customers. Watch list batch filtering mechanism has been established with determined alert releasing time limit, and the watch lists are updated daily. Group lists information sharing mechanism has been developed for sharing high risk customer and rejected lists among affiliates by adding the lists into the screening system. The watch list screening system has been validated regularly by an effectiveness validation mechanism. Moreover, in 2020, E.SUN Bank has continuously reviewed the logic and set in the watch list filtering system to strive for a better accuracy of matching. Meanwhile, E.SUN keeps an eye on the sanction related information released by FATF, UN and other competent authorities, and relevant indexes concerning country's transparency and corruption, in an effort to regularly update an appropriate country risk list to effectively manage geography risk. In general, the list selected by E.SUN for filtering includes but is not limited to the Taiwan Ministry of Justice (MOJ) sanctions list, the United Nations Security Council (UNSC) comprehensive sanctions list, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) Specially Designated Nationals List (SDN-List), and the lists issued by the competent authorities of countries/regions where E.SUN overseas business locations are located.

■ PEP/RCA

When establishing and adding new business relationships or conducting periodical review and triggering event review, to screen whether customers and their beneficial owners and senior managers are PEP/RCA, E.SUN uses the information system to assist in the verification of identities against watch lists in the database. If the aforementioned person is confirmed to be PEP/RCA, E.SUN will conduct EDD and strengthen transaction monitoring to confirm the source of funds and wealth of customers, etc., and the approval of senior management is required before business relationships are established. The periodical review for high risk PEP/RCA customer would be conducted every year, and their transactions would be more strictly monitored.

■ Senior management approval and sign off

In addition to business relationships with PEP/RCA customers that require senior management approval, when assessing the customer’s geographic risk, E.SUN considers the customer’s nationality and the country or region involved in the place of registration. For customers from countries or regions with a high risk of money laundering or terrorism financing, enhanced measures commensurate with such risks are adopted. When assessing the customer’s risk, the customer’s occupation, job title, and industry characteristics should be considered. If the industry category is assessed by E.SUN as prone to be used to assist money laundering or terrorism financing, it strengthens EDD when establishing or adding new business relationships, and confirms the source of funds and wealth of customers, etc. The aforementioned customer business relationship establishment can only be undertaken following senior management approval. If there exists transaction relating to extremely risk of money laundering and terrorism financing, such as Iran and DPRK etc., E.SUN would reject the business relationship and transactions. Moreover, E.SUN does not accept corporate customer whose main business items is related to virtual currency.

(4)Suspicious Transaction Reporting

For transaction monitoring, the scope of monitoring includes customers, employees, and financial institutions that deal with E.SUN. When conducting transactions or establishing a business relationship with the aforementioned parties, dedicated personnel reviews their potential involvement in money laundering or terrorism financing. E.SUN also conducts an enhanced analysis and information collection on potential high risk customers based on the philosophy of prioritizing risks. The review process includes determining whether occupation, industry, source of fund, purpose of transaction and transaction activities are consistent with past activities. The record of investigation process should be kept. After the investigation, the dedicated personnel submit suspicious transactions reports to the Investigation Bureau of the Ministry of Justice with information on customers or transactions suspicious of money laundering or terrorism financing. All suspicious transaction reports are filed on a designated computer, where the use of portable devices is prohibited. Every staff in the AML department is required to sign a confidentiality agreement to ensure that filed information cannot be transferred to an unrelated third party to prevent information leakage. Regarding the monitoring of transactions suspicious of money laundering, in 2020, the functional modules of the system were optimized, including the addition of monitoring of suspicious money laundering typologies to expand the monitored targets and business scopes, the adjustments on monitoring logic and parameter threshold, transaction analysis function and managerial reports to enhance the monitoring effect.

(5)Record keeping

All documents and information obtained for the implementation of customer identity verification and due diligence measures, including relevant identification and verification of customer identity information, are stored by E.SUN for at least five years after the end of the business relationship with the customer or the end of the temporary transaction.

(6)Annual independent assessments

■ AML/CFT Annual Assurance Reports

The chairmen, president, chief auditor and dedicated AML/CFT responsible officer of the respective local subsidiaries shall jointly issue a statement on internal control for AML/CFT, which will be filed via a website designated by the competent financial authority of the Company's host country, the FSC. E.SUN Bank commissioned PricewaterhouseCoopers (PwC) to conduct auditing of AML/CFT related internal control in 2020.

■ Institutional Risk Assessment (IRA)

E.SUN has in recent years cooperated with an internationally renowned institution to introduce a group-wide methodology for implementing institutional AML/CFT risk assessments. The methodology includes the dimensions of geography, customers, products and services, delivery and payment channels, and assesses the inherent risk, control measures, and residual risks of the entire institution. E.SUN initiates action plans based on the assessment, reports to the Board of Directors upon completing the institutional risk evaluation report, and submits the report to competent authorities. For this year’s IRA, E.SUN selected a suitable consulting company to carry out a risk assessment methodology improvement project, strengthened the introduction of quantitative data and the assessment of anti-bribery and corruption (ABC), and the management and control of weapons proliferation. An evaluation method that gives equal emphasis to quality and quantity was applied to understand the money laundering and terrorism financing risks faced by E.SUN, strengthen supervision of projects with higher residual risks, and track the implementation of proposed action plans.

■ Transaction monitoring effectiveness verification

To ensure the appropriateness of the transaction monitoring system, E.SUN selected a suitable advisory company to evaluate the consistency, correctness and reasonableness of transaction monitoring data. By analyzing the statistical distribution of customer transaction data, E.SUN reviewed the reasonableness of threshold settings to evaluate whether the transaction detection logic is effective in detection and meets the needs of E.SUN FHC.

■ Watch list filtering effectiveness verification

Every year, E.SUN engages an independent third party, the world-leading Society for Worldwide Interbank Financial Telecommunication, to assist in the implementation of sanctions list screening system testing services, targeting Taiwan’s specially designated sanctions announced based on the Counter-Terrorism Financing Act, the United Nations Security Council (UNSC) sanctions resolutions, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) Specially Designated Nationals List (SDN-List) and sanctions lists issued by the competent authorities of the countries/regions where E.SUN’s overseas business locations are located. Through two major testing aspects: precise comparison and fuzzy comparison, use of the watch list filtering system in customer filtering and transaction filtering is observed to determine its performance and confirm that the effectiveness of watch list filtering meets requirements.

■ Reinforcement through Training

To reinforce AML/CFT training and to increase staff awareness of AML, appropriate contents and hours of training on AML/CFT are arranged annually by categories based on the roles of employees, which include new employees, AML officers at the accountable unit, AML supervisory officers of each unit, Board of Directors, senior management, legal and compliance personnel, internal auditors, and the front-line staff. During 2020, a series of video conference training has been rolled out by the AML Department, for domestic and overseas units to attend. During the more difficult stages of the COVID-19 pandemic, pre-recorded online courses were provided instead to avoid morning gatherings in cooperation with the pandemic control measures. The speakers are mainly the managers from the AML Department, and the courses focus on topics with high connection to business unit practices, including laws on repatriated offshore funds, guidelines on the due diligence review of triggering events, identifying the beneficial owner, AML trends, Investigation Bureau investigation and analysis on dummy accounts and identification of beneficial owners. In addition, E.SUN invited investigators or prosecutors qualified as international AML/CFT evaluation assessors with practical experience to provide training in order for employees to understand the AML and CFT responsibilities and to acquire the relevant expertise. In addition, E.SUN has joined the enterprise membership of ACAMS. Benefits include online training as well as access to a forward-looking global news database on AML/CFT, thereby providing additional overseas and domestic training materials, enhancing the depth and breadth of employees' expertise, and shaping the AML/CFT awareness and culture among our units. Furthermore, E.SUN continues to promote obtaining AML certification. By the end of 2020, 66% of the AML/CFT supervisory officers of the subsidiary E.SUN Bank has been AML certified, which is a 30% increase as compared to the end of 2019.