Taishin FHC Corporate Social Responsibility Report 2019

37 Sustainable Governance Results in AML and CFT Taishin Bank has signed the USA Patriot Act and made relevant announcements on its website. Note: Anti-Money Laundering Division (AMLD) of Investigation Bureau, AMLD is the Financial Intelligence Unit in Taiwan. AMLD will accept the STRs by financial institutions to analysis and distribute these STRs to the related responsible units. Note: Due to the turnover issue, we use the enrollments of courses as the display unit. Training of AML and CFT in 2019 Participants Hours Coverage rate(%) Completion rate(%) 15,509 9,996 100 100 All staff 33 705 100 100 Board of Directors and AML officers/employees 1-5 Information and Transaction Security Information Security Management Mechanisms Suspicious Transaction Report (STR) 2017 2018 2019 21 21 16 Distribution Rate of Taishin STR by AMLD （％） (Note) Signed the USA Patriot Act Wolfsberg To enhance the management’s and employees’ understanding of anti-money laundering and combating the financing of terrorism (AML/CFT), the total training hours are 705 of AML and CFT for Board of Directors and AML officers/employees in 2019. Also, our education and training methods in 2019 provided to the staff in our holding, subsidiaries, banks, securities, investment banking, investment consulting, insurance agency and leasing, included offline and online internal training as well as external education and training courses. The total number of education and training hours was 9,996 and the number of participating employees was 15,509. The course content of nearly 60 sessions covered legal compliance, auditing and communica - tion, trends in counter-proliferation of weapons, AML/CFT, customer risk assess - ment, system operations, points of attention during business operations, suspicious transaction patterns, case studies and clarification of notifications, and explanations for common oversights. The Company achieved 100% completion rate for AML/CFT training in 2019. Taishin FHC has implemented "Information Security Policy" and "Taishin Holdings Internet Security Management Guidelines" to serve as guiding principles for security protection. Meanwhile, an "Information Security Committee" comprising the Group Director expert at information/information security, the Group President, the Group CIO, Taishin Bank Presi dent and level-1 managers has been assembled within the organization. The committee holds quarterly meetings to discuss information security issues and improvement measures; in the first half of each year, a report on the overall information security governance situation and an annual security managementplanissubmittedtotheBoardofDirectorsandtheimplemen ta- tion results of the annual plan are reported to the Board in the second half of the year. Also, trends in security awareness promotion are reported to the Board and the Board offers guidance for information security governance semi-annually. An Information Security Department comprising employees from various fields of expertise was established to oversee the planning and execution of Taishin Bank's information security policy. Meanwhile, an Information Security Specialist Team comprising employees who are information security contacts of various units has been established to facilitate more efficient management of information security risks from an organizational perspec - tive. The Information Security Department oversees the information security management system and related internal and external issues and responds to stakeholders' requests. It coordinates with relevant departments to assess and manage related issues, and constantly searches for internal and external threats from a risk perspective to create an information security system that supports development of FinTech. Taishin Bank first passed certification for ISO/IEC 27001 ISMS in 2010. Since then, the Bank has been engaging an independent thir d party to conduct half-yearly reviews and re-certification once every three years to optimize information security management, and thereby ensure effective functioning of the information security management system. In 2015, the company passed the PCI-DSS payment card industry data security certification. To keep the security of card payments at optimum levels, PCI-DSS is evaluated every year by a fair and independent third-party organization to ensure effective and safe card payments.