KTB lays great emphasis on the rule of law, pays close attention to the financial laws and regulations, and ethical rules newly issued by the competent authorities. KTB strictly abides by relevant regulations when expanding its business. Relevant action plans and results are as follows:

Material and Other Violated Items and Improvement Measures

• In 2024, KTB did not receive any significant penalties from competent authorities. (Note)
• No penalties were imposed in 2023; other violated items and improvement measures for 2024 are shown in the table below.

AML/CFT Management Policy

As the world is paying more and more attention to the prevention of money laundering. As criminals often use financial institutions to transfer illegal proceeds, financial institutions play an important role as the front-line gatekeeper in the money laundering process. To effectively implement and strengthen anti-money laundering and counter-terrorism financing control mechanisms, the Company strictly follows international standards by establishing relevant policies and procedures. Through annual institutional risk assessments and improve education training, the Company continuously enhance its prevention capabilities. To further strengthen the overall anti-money laundering and counter-terrorism financing mechanisms of the group, the "King’s Town Bank Anti-Money Laundering and Countering Terrorism Financing Policy" has been established, which has been approved by the Board of Directors and serves as the basis for compliance by the Company and its subsidiaries. We formulate relevant risk prevention plans, regulations, or templates in accordance with the competent authorities or industry associations of the respective industry sectors. Additionally, we establish identification, assessment, and management plans for money laundering and counter-terrorism financing risks, implement comprehensive control measures, and review and revise them in a timely manner.

The Company shall allocate adequate dedicated personnel and resources for AML/CFT based on its scale and risk. The Board of Directors shall appoint one senior manager to serve as the designated officer, granting them sufficient authority to coordinate and supervise AML/CFT. Furthermore, it shall ensure that such personnel and the manager do not hold any concurrent positions that present a conflict of interest with their AML/CFT responsibilities. The designated manager shall report to the Board of Directors and the Audit Committee at least semi-annually. In the event of any significant violations of laws and regulations, an immediate report shall be made to the Board of Directors and the Audit Committee.

Contents of Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) Control Regulations

The Company's contents of control regulations/mechanisms for AML/CFT include, but are not limited to, the following:

Three Defensive Lines of Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT)

The Company is committed to fostering a compliance mindset and core cultural values regarding AML/CFT, ensuring that all employees understand their responsibilities in AML/CFT. At the same time, we implement internal control operations as the first line of defense, supervisory mechanisms as the second line of defense, and independent supervision as the third line of defense, thereby building the most robust and reliable AML/CFT protection network.

Relevant Regulations on AML/CFT

To ensure the effective implementation of Anti-Money Laundering and Countering the Financing of Terrorism, KTB has established various regulations approved by the Board of Directors, including the "King’s Town Bank Anti-Money Laundering and Countering Terrorism Financing Policy," "King's Town Bank Directions Governing Anti-Money Laundering and Countering-Terrorism Financing," and "King’s Town Bank Anti-Money Laundering and Countering Terrorism Financing Risk Identification and Assessment Procedure." Each subsidiary follows internal regulations based on industry regulatory requirements and guidelines provided by regulatory authorities and associations relevant to their respective business sectors. Such regulations set out the implementation procedures, contents include the procedures for identification and verification of customers with documents from reliable and independent sources, identification of beneficial owner, face-to-face and non-face-to-face customer due diligence (CDD), anti-terrorism list review, monitoring and regular review of the list of politically exposed persons (PEPs), participation in the review of customers with high money laundering risk and terrorism financing risk by senior management, etc.

To comprehensively eliminate illegal transactions related to AML/CFT, the Company has established the "King’s Town Bank Anti-Money Laundering and Countering Terrorism Financing Risk Identification and Assessment Procedure" approved by the Board of Directors, in accordance with the "Regulations Governing Anti-Money Laundering of Financial Institutions," the "Regulations Governing Internal Audit and Internal Control System of Anti-Money Laundering and Countering Terrorism Financing of Banking Business and Other Financial Institutions Designated by the Financial Supervisory Commission," the "Template of AML/CFT Guidelines for Banks," and the "Guidance for Banks to Assess AML/CFT Risks and Establish Related Prevention Plans" stipulated by the Bankers Association of the Republic of China. The content includes conducting regular assessments of AML/CFT risks, and prepare risk reports to enable management to understand the Company's overall AML/CFT risk response measures in a timely and effective manner. It also includes reassessing threats of emerging risks and significant events in operations management, as well as analyzing and establishing customer risk factors, levels, and rules of risk grading.

The President shall supervise each unit to carefully assess and review the implementation of the internal control system for AML/CFT. A joint statement of the internal control system for AML/CFT shall be issued by the Chairman, the President, Chief Auditor, and the designated manager for AML/CFT, and submitted to the Board of Directors for approval. Within three months after the end of each fiscal year, the contents of the internal control system declaration shall be disclosed on the Company's website and announced on the website designated by the Financial Supervisory Commission. Each year, external CPAs are engaged annually to conduct assurance and audit on AML/CFT, in order to verify relevant design of procedures and effectiveness of the implementation.

Information Sharing

In compliance with the data confidentiality regulations where the Company and its subsidiaries operate, and for the purposes of preventing AML/CFT, the Company and its subsidiaries may share information with each other; however, they must maintain the confidentiality of the exchanged information and implement appropriate security measures.

/upload/image/2025/09-03/14761363a05f46519fc5892dbcb9d469.png

The Company establishes and maintains the AML/CFT database in accordance with relevant information security regulations of the Company. The database primarily covers the following information:

1. When establishing a business relationship or conducting transactions with a customer, the Company must verify whether the customer, the senior management of the customers, beneficial owners, or other related parties are individuals, legal entities, or groups designated for sanctions under the Counter-Terrorism Financing Act, or are persons currently or formerly politically exposed persons in domestic or foreign governments or international organizations as defined under the Money Laundering Control Act.

2. The Accuity system is utilized to conduct verification operations through the "Customer Name Verification System" (LexisNexis-Accuity C-LINK). This system performs checks on the names of customers and related transaction parties. Information on Politically Exposed Persons (PEPs) and individuals associated with negative news, which has been collected but not published in the C-LINK list, is submitted to the manager of the Compliance Department for approval. Upon approval, the Compliance Department either processes the request independently or fills out a computer operation request form to seek assistance from the IT Department to update the list to the C-LINK system. Once completed, the Compliance Department reviews the integrity and accuracy of the data to enhance the completeness of the database.

3. Utilizing keyword to search for relevant negative news and examining whether it meets the relevant definitions. If matching negative news is found: in addition to retaining the search records, it should be confirmed whether the individuals involved in the negative news have business dealings with the Company, and information on relevant transactions should be reviewed to determine if there is a need to report suspicious transactions to the Ministry of Justice Investigation Bureau. Customer risk identification should be re-evaluated, and customer risk levels should be adjusted in a timely manner.

4. Establish a regulatory compliance platform to integrate relevant customer information for the purpose of querying, reviewing, or assessing the effectiveness of the Company's implementation.