Risk Management

Risk Management Regulations

Article 1 Purpose

These Regulations are designed to address the risk management of uncertainties that may threaten business operations.

Article 2 Scope

These Regulations are applicable to all levels of the Company's risk management operations.

Article 3 Risk Management Policy

The risk management policy of the Company and its subsidiaries is to define various types of risks in line with the Company's overall operating policy, establish a risk management mechanism with early identification, accurate measurement, effective monitoring and strict control, within the tolerable range of risk, to prevent possible losses, and based on changes in the internal and external environment, to continuously adjust and improve the best risk management practices to protect the interests of employees, shareholders, partners and clients, to increase the value of the Company, and to achieve the principle of optimizing the allocation of corporate resources.

Article 4 Organizational Structure and Administration of Risk Management

The risk response organization of the Company is set up under the risk management measures instituted by the board of directors of the Company and its subsidiaries, with the general manager acting as the convener to coordinate and direct the promotion and operation of the risk management plan, and the managers and employees of all departments under the Company participating in the implementation.

1. Board of Directors:
The Board of Directors of the Company and its subsidiaries is the highest authority for risk management and by complying with laws and regulations, promotes and implements the Company's overall risk management, clearly understands the risks faced by the Company's operations, ensures the effectiveness of risk management, and assumes the ultimate responsibility for risk management.

2. Auditing Office:
The Auditing Office of the Company is an independent department under the Board of Directors, which conducts internal audits to assist the Board and managers in examining and reviewing the deficiencies in internal control system, measuring the effectiveness and efficiency of the operations, and providing timely suggestions for improvement to ensure the continuous and effective implementation of the internal control system and to serve as a basis for reviewing and revising the internal control system.

3. General Manager Office:
The Company's General Manager's Office is responsible for risk assessment of operating decisions and implementation of strategies.

4. CEO Office:
Media public relations and external liaison.

5. Department of Management:
Human resources allocation and response.

6. Department of Finance and Accounting:
The Company's finance and accounting department is responsible for assessing financial risk.

7. Various business and management units:
Each department and unit head shall carry out risk assessment and control in their daily management operations, emphasizing comprehensive risk control by all staff and implementing preventive measures at all levels on a regular basis for effective risk management.

Article 5 Risk Management Process

1. Risk identification:
Overall, the Company's risk exposure falls into seven broad categories, which are described below:

Risk Type Description
Hazard risk Safety precautions and emergency response, refers to the probability of a major hazard event occurring and the risk of loss.
Business risk Risks related to sales concentration, procurement concentration, protection of intellectual property rights, compliance with laws and regulations, recruitment and retention of talent, and corporate image building and maintenance.
Financial risk Market risk, credit risk, liquidity risk and operational risk.
Strategic risk Including the risk of over-concentration in a single region, customer concentration/large customer impact, agency concentration/large product line impact, industry concentration, and mergers and acquisitions.
Contractual risk It refers to the possible loss caused by failure to comply with relevant laws and regulations set by the competent authorities. Contractual risk means the possibility of loss due to the invalidity of the contract, ultra vires, clause omissions, or inadequate provisions.
Information security risk It means that an enterprise's information assets may be subjected to unbearable risks, and the confidentiality, integrity and availability of information may not be ensured, including the possibility of unauthorized access to information, the inability to ensure the accuracy and completeness of information content and information processing methods, and the inability of authorized users to access information and use related assets in a timely manner, resulting in possible losses.
Other risks
  1. 1. The risk of environmental, social and corporate governance issues related to the Company's operations in accordance with the principle of materiality.
  2. 2. In addition to the above-mentioned risks, if there are other risks, appropriate risk control and management procedures shall be established based on the characteristics of the risks and the degree of exposure.

2. Risk measurement
Each functional unit of the Company identifies the types of risks it may face and establishes appropriate measurement methods for risk management.

1) Risk measurement includes the analysis and evaluation of risk. It is based on the analysis of the likelihood of the occurrence of a risk event and the degree of negative impact if it occurs, etc., to evaluate the impact of the risk on the Company and serve as a reference for the subsequent prioritization of risk control and the selection of response measures.

2) For quantifiable risks, stringent statistical analysis methods and techniques shall be adopted for analysis and management.

3) Other risks that are difficult to quantify are measured in qualitative terms. Qualitative risk measurement refers to the use of textual descriptions to express the likelihood of the occurrence of a risk and the extent of its impact.

3. Risk control
Each functional department shall monitor the risks of its business. When the exposure exceeds its risk limit, the department shall provide countermeasures and report the risk and countermeasures to senior management.

4. Risk reporting and disclosure
In order to adequately document the risk management process and the results of its implementation, the Company shall regularly report its risk profile to its Board of Directors for management reference.

5. Risk response
After evaluating and aggregating the risks, each functional department shall take appropriate measures to respond to the risks faced.

Article 6 Implementation of Risk Management

1. The implementation of risk management is based on a three-tier work division structure.

Risk Management Level Risk Management Operations
First-line responsibility Each unit or staff member handling the business is responsible for the risk of the business it undertakes and is required to carry out its activities in accordance with the internal control system and internal standards and is the direct entity for initial risk identification, assessment and control.
Second-line responsibility The department heads and the risk management personnel assigned shall be responsible for the risk management of the relevant business, and shall pay attention to the latest additions/amendments to regulations and business-related correspondence announced by the competent authorities, and may add/amend relevant internal standards if necessary.
Third-line responsibility The General Manager's Office shall review the integrity of the Company's key risk management mechanisms relating to hazards, operations, finance, strategy, compliance and contracts, and shall ensure that the relevant risks of each unit are monitored and controlled in accordance with these Regulations and relevant risk management regulations.

2. Oversight of risk management execution:
The Auditing Office actively supervises each executive unit to follow the approval authority and relevant management rules and procedures to ensure the awareness of risk management among all staff and their enforcement.

Article 7 Disclosure of Risk Information

In addition to disclosing relevant information in accordance with the regulations of the competent authorities, the Company publishes information on risk management in its annual report and on its website.

Article 8 Amendment to the Risk Management Regulations

The Company shall review the contents of the Risk Management Regulations annually and keep abreast of the development of international and domestic risk management systems to review and improve the Regulations so as to enhance the effectiveness of the Company's risk management implementation.

Article 9 The Regulations are implemented upon approval by the Board of Directors and the same applies when an amendment is made.

The Regulations were laid down on September 2, 2020.

Circumstances of Operation and Execution
2022-Risk Management
2023-Risk Management
2024-Risk Management