Risk Management

■ An inherent risk management culture

The vision of risk management is to protect assets, enhance customer service quality and improve shareholders' values, while hoping to control the possible risks generated in various business operations within a tolerable range, and to achieve a reasonable balance between risks and returns while securing adequate capital to back up business development. To effectively identify, assess, monitor and control all types of risk, E.SUN has always followed the philosophy of "no services or operations can be considered beyond risk" while considering the balance between risk management and performance assessment. The aspect of risk management has been included in performance appraisal to uphold the highest guiding principles of risk management: safety and liquidity first, profitability second, growth next, and always pay attention to the public interest.

■ Risk management organization and management mechanisms

E.SUN FHC Board of Directors is the highest governing body in risk management mechanism. The Board of Directors approves overall risk management policies and important decisions based on the overall business strategies and environment and takes ultimate responsibility for overall risk management.

To strengthen risk governance communication, coordination, reporting, and recommendation within the Board of Directors, the Company has established a boardlevel Risk Management Committee responsible for reviewing business risk management policies, ensuring compliance with international risk management regulations, promoting and creating risk management systems, and reinforcing the functions and duties of the Risk Management Committee over time. For example, recently climate change risk factor has been incorporated in the risk appetite mechanism, and stress tests have been performed to evaluate the impact on the Company's overall risk level to decide the quotas for the Company's various business operations. We also has the Risk Management Committee under the management level and convenes quarterly and when necessary, subject to the needs for strategic development or environmental changes. The RMC reviews the appropriateness of risk mitigation measures proposed by risk management units at every level. The Committee is responsible for matters pertaining to credit risk, market risk, operational risk, and asset & liability risks. Reports of overall risk management implementation status are made to the Board of Directors periodically

Risk management units at every level are responsible for identifying and managing risks related to their products, activities, processes and systems as well as for establishing a risk tolerance limit and monitoring indicators to monitor risks of the unit. The units will draft an SOP and submit risk reports based on their business content.

■ The three lines of defense in risk management

■ Established the risk management awareness

Extend risk horizon through training

To raise risk awareness and to systematically extend the risk horizon, E.SUN ensures that every E.SUN employee starts learning about E.SUN's core philosophy regarding risk, discipline and process since the first day on the job. E.SUN employees in different departments and at different stages of their careers are also provided with appropriate education and training on risk management.

Orientation for new recruits

Every new recruit will complete basic risk management courses during orientation in order to understand the risk management culture at E.SUN, self-discipline and self-management principles.

Professional training

E.SUN implements business-related risk management in all professional training programs, and continuously discusses and focuses on the important and common risk issues among all product lines. This approach ensures that risk management becomes an inherent key factor in all business processes.

Developing middle management

E.SUN employees gain a better understanding of E.SUN's organization and products once they are familiar with product lines and business aspects. They will thus understand the importance of balancing risk and opportunities of product lines, Furthermore, the mid-level manager training program is aimed to help employees better understand risk management of their own business activities and understand the responsibilities of mid-level managers.

Continuing training for managers

These courses are designed to help managers respond to external challenges and risks to lead reformations and formulate strategies that prioritize cross-departmental integration within the group. The risk management culture was ingrained on the basis of corporate governance, making risk awareness an irreplaceable foundation stone.

In addition, product benefits and performance appraisal are included in risk management as a measuring factor. In addition to the understanding of the risk costs behind each product revenue, daily business operation risk control is also included in performance assessment in order to ingrain the risk culture and awareness.