We learned from the WEF The Global Risks Report of 2021 that
COVID-19 directly affected human resource and economic
costs more than any pandemic in the past. The entire world
saw a negative growth in its development. The disparity
between the rich and the poor, technological application,
social cohesion and global cooperation are now more valued
than ever. Faced with the worsening environmental and
climate challenges, E.SUN identified 4 key emerging risks
and developed the corresponding mitigation measures and
response policies to continue to work towards sustainable
development and contribute to our beloved country.
The dedicated personnel for risk management selects
risks related to the banking industry and to E.SUN based
on the WEF The Global Risks Report of 2021 and sends
questionnaires to risk management persons to conduct a
survey on the possibility and level of impact. The questionnaire
results are ranked to generate the emerging risk matrix
diagram. Among which, those with the highest possibility
and level of impact are further managed (for climate change,
please see the relevant content in Chapter 5):
Emerging Risk |
Description of risk |
Potential business impact of
the risk
|
Mitigating actions
|
Risks in using
emerging
technology |
Improper usage of emerging
technology may bring
risks related to personal data
leakage, information security and
operating procedures.
|
The improper usage of emerging
technology will cause damages
to customers' rights and severe
impact on the Company's system
operation and reputation. |
-
For emerging technology to be used in financial services, three lines of
defense shall be applied to review
legal compliance, risk control, information security and AML.
-
For model application, there is the Model Risk Management Principles to
establish the overall management of
model application.
-
Establish a contingency process and conduct regular drills.
|
Information
security risk |
Risks, damages, and losses
resulting from the confidentiality,
integrity, and availability
of information assets in an
organization's hardware/network
configuration, software application,
information and media access,
and management process.
|
An information security incident may
cause business interruption and
subject the Company to sanctions
by the competent authority. In
severe cases, the Company will
suffer reputation or property loss. |
-
Organization and system: E.SUN has established an Information Security
Management Division that oversees
the information security operations of E.SUN FHC, as well as an E.SUN FHC
Information Security Management
Committee, which inspects the subsidiaries' information security governance
policy, supervises operations,
and regularly reports to the board of directors.
-
Protection mechanism: E.SUN has deployed relevant defense mechanisms in
response to the constantly
changing hacking techniques and commissioned external information security
experts to collaborate in
penetration tests and attack/defense drills with different scenarios and to
examine the effectiveness of the
Bank's defense and the Bank's ability to respond to events. At each stage of
system development and
operation, weakness identification and correction are conducted using
various types of testing technologies
to ensure that the Bank is completely protected.
-
Education and training: The Bank regularly provides information security
education and training. Personnel
training includes professional training and awareness campaigns on
information security. Social interaction
project drills and online tests are conducted regularly to raise employees'
security awareness.
|
Infectious
disease risk |
-
The risks of employees being
isolated or quarantined or
the risk of infection due to
communicable and infectious
diseases.
-
Manufacturing shutdowns,
impact on tourism,
entertainment, and consumption,
slowing down of economic
growth, and credit risks faced
by corporate customers due to
disruption of operations.
|
-
Losses caused by cancellation or
early termination of contracts due
to disease outbreaks.
-
Disruption of operations caused
by isolation or quarantine of
employees.
-
Loss of revenue due to restriction
on entry and exit of personnel
under disease control.
|
-
Immediately assemble an Emergency Response Team, pay attention to the
development of disease
outbreaks, and establish a reporting mechanism and protection measures.
-
Implement health management and backup mechanisms, those in important
positions work in separate
places to ensure the continuity of corporate operations.
-
Pay close attention to the operations of industries that are highly
sensitive to disease outbreaks.
Risk of money
laundering
or financing
terrorism
The Company or its subsidiaries
may be used for money laundering
or financing terrorism.
If transactions
|
Risk of money
laundering
or financing
terrorism |
The Company or its subsidiaries
may be used for money laundering
or financing terrorism.
|
If transactions or products of the
Company and its subsidiaries
are used for money laundering
or financing terrorism, the
Company may be penalized by the
competent authority or sanctioned
by international organizations. In
severe cases, there is the risk of
severely impacting the Company's
reputation. |
-
Regulation: We established the AML/CFT Policy of E.SUN FHC and Subsidiaries,
and verified its compliance
with internal/external regulations and requirements of international
guidelines.
-
Framework:
- The customer dimension: We have established an approach to verifying
customers' identity and conducting
due diligence, and also verified the shareholding structure and
beneficial owner of legal entities, organizations
or trust customers.
- The product / service dimension: Prior to launching new products,
services or businesses, the ML/TF risk
assessment shall be conducted and corresponding risk mitigation and
management measures shall be
established for the position of the specific product.
- The geographical dimension: Establish a list of countries or regions
with high ML/FT risks and specify the
countries or regions forbidden for contact while enhancing the
verification measures for countries or regions
with high risks.
-
Education and training: Regularly or non-periodically organize or appoint
personnel to participate in AML/CFT
on-job training based on the current business needs and laws and regulations
to raise the entire personnel's
AML awareness.
-
Overall evaluation mechanism: An annual evaluation on institutional risks of
money laundering and financing
terrorism shall be conducted to identify the risks of money laundering and
financing terrorism that the
Company is faced with and to evaluate the existing control measures in order
to understand the residual
risks and adopt further control measures to effectively manage the risks of
money laundering and financing
terrorism.
|