The Board of Directors is the highest authority responsible for risk management. Its goal is
to comply with regulations, promote and implement the overall risk management of the
company, thus, they must have a clear understanding of various risks faced by the company to
ensure the effectiveness of risk management. The Board of Directors is convened and led by
the CEO, who oversees and directs the implementation and operation of the risk management
plan, with the participation of other managers and all employees.
The risk management policy and related guidelines are approved by the Board of Directors and
serve as the guiding principles for risk management. They provide clear guidance on the
responsibilities and operational mechanisms for risk management. All employees are expected
to adhere to these policies and guidelines, ensuring that risk management is integrated into
Main risks can be categorized as market-wise, financial, operational, information security,
legal, and ESG (including incident) causes. The unit has to create guidelines and procedures
for all risks.
The management departments of each subsidiary have to develop guidelines based on their local
laws or business attributes.
Please also seeRisk Management Measures.
System and Operations
1. Schedule Meetings
The supervisor is required to attend scheduled meeting to monitor risk control and ensure the
proper functioning of the system.
To comply with legal requirements and facilitate the integration and monitoring of risk
exposures across subsidiary companies, a risk information communication system has been
created, enabling the reporting of operational and risk status.
Reports must be submitted to the Board of Directors in order to monitor risk status and
follow up on its improvement. Any major incidents must be reported by the risk management
unit, and corresponding plans must be launched.