Emerging Risks

We learned from the WEF The Global Risks Report of 2021 that COVID-19 directly affected human resource and economic costs more than any pandemic in the past. The entire world saw a negative growth in its development. The disparity between the rich and the poor, technological application, social cohesion and global cooperation are now more valued than ever. Faced with the worsening environmental and climate challenges, E.SUN identified 4 key emerging risks and developed the corresponding mitigation measures and response policies to continue to work towards sustainable development and contribute to our beloved country.

■ Emerging risk matrix diagram

The dedicated personnel for risk management selects risks related to the banking industry and to E.SUN based on the WEF The Global Risks Report of 2021 and sends questionnaires to risk management persons to conduct a survey on the possibility and level of impact. The questionnaire results are ranked to generate the emerging risk matrix diagram. Among which, those with the highest possibility and level of impact are further managed (for climate change, please see the relevant content in Chapter 5):
Emerging Risk Description of risk Potential business impact of the risk Mitigating actions
Risks in using emerging technology Improper usage of emerging technology may bring risks related to personal data leakage, information security and operating procedures. The improper usage of emerging technology will cause damages to customers' rights and severe impact on the Company's system operation and reputation.
  • For emerging technology to be used in financial services, three lines of defense shall be applied to review legal compliance, risk control, information security and AML.
  • For model application, there is the Model Risk Management Principles to establish the overall management of model application.
  • Establish a contingency process and conduct regular drills.
Information security risk Risks, damages, and losses resulting from the confidentiality, integrity, and availability of information assets in an organization's hardware/network configuration, software application, information and media access, and management process. An information security incident may cause business interruption and subject the Company to sanctions by the competent authority. In severe cases, the Company will suffer reputation or property loss.
  • Organization and system: E.SUN has established an Information Security Management Division that oversees the information security operations of E.SUN FHC, as well as an E.SUN FHC Information Security Management Committee, which inspects the subsidiaries' information security governance policy, supervises operations, and regularly reports to the board of directors.
  • Protection mechanism: E.SUN has deployed relevant defense mechanisms in response to the constantly changing hacking techniques and commissioned external information security experts to collaborate in penetration tests and attack/defense drills with different scenarios and to examine the effectiveness of the Bank's defense and the Bank's ability to respond to events. At each stage of system development and operation, weakness identification and correction are conducted using various types of testing technologies to ensure that the Bank is completely protected.
  • Education and training: The Bank regularly provides information security education and training. Personnel training includes professional training and awareness campaigns on information security. Social interaction project drills and online tests are conducted regularly to raise employees' security awareness.
Infectious disease risk
  • The risks of employees being isolated or quarantined or the risk of infection due to communicable and infectious diseases.
  • Manufacturing shutdowns, impact on tourism, entertainment, and consumption, slowing down of economic growth, and credit risks faced by corporate customers due to disruption of operations.
  • Losses caused by cancellation or early termination of contracts due to disease outbreaks.
  • Disruption of operations caused by isolation or quarantine of employees.
  • Loss of revenue due to restriction on entry and exit of personnel under disease control.
  • Immediately assemble an Emergency Response Team, pay attention to the development of disease outbreaks, and establish a reporting mechanism and protection measures.
  • Implement health management and backup mechanisms, those in important positions work in separate places to ensure the continuity of corporate operations.
  • Pay close attention to the operations of industries that are highly sensitive to disease outbreaks. Risk of money laundering or financing terrorism The Company or its subsidiaries may be used for money laundering or financing terrorism. If transactions
Risk of money laundering or financing terrorism The Company or its subsidiaries may be used for money laundering or financing terrorism. If transactions or products of the Company and its subsidiaries are used for money laundering or financing terrorism, the Company may be penalized by the competent authority or sanctioned by international organizations. In severe cases, there is the risk of severely impacting the Company's reputation.
  • Regulation: We established the AML/CFT Policy of E.SUN FHC and Subsidiaries, and verified its compliance with internal/external regulations and requirements of international guidelines.
  • Framework:
    • The customer dimension: We have established an approach to verifying customers' identity and conducting due diligence, and also verified the shareholding structure and beneficial owner of legal entities, organizations or trust customers.
    • The product / service dimension: Prior to launching new products, services or businesses, the ML/TF risk assessment shall be conducted and corresponding risk mitigation and management measures shall be established for the position of the specific product.
    • The geographical dimension: Establish a list of countries or regions with high ML/FT risks and specify the countries or regions forbidden for contact while enhancing the verification measures for countries or regions with high risks.
  • Education and training: Regularly or non-periodically organize or appoint personnel to participate in AML/CFT on-job training based on the current business needs and laws and regulations to raise the entire personnel's AML awareness.
  • Overall evaluation mechanism: An annual evaluation on institutional risks of money laundering and financing terrorism shall be conducted to identify the risks of money laundering and financing terrorism that the Company is faced with and to evaluate the existing control measures in order to understand the residual risks and adopt further control measures to effectively manage the risks of money laundering and financing terrorism.