Risk Management

I. Risk Management Organization and Structure

1. The Company’s risk management policies, organization & structure, risk control and management and relating disclosures shall be approved by the Company’s Board of Directors (“BOD”) in accordance with applicable laws and regulations. Thereafter, the implementation and/or enforcement of such BOD approved items shall be supervised by the Audit Committee of the BOD (“AC”), which shall also propose to BOD its recommendations to the required disclosure and/or improvement.
2. All departments of the Company shall take risks into consideration for their business operations and daily management, and to implement the risk management policies and practices approved by the BOD. Also, the management team shall regularly and at least once per year, reports the results and performance of risk management implementation to the AC and the BOD.

II. Risk Management Policy

1. To ensure sound operations of and sustainable development, the BOD approved the Risk Management Principles on October 24, 2023, which serve as the highest guiding principles for the Company’s risk management.
2. For purpose of effective risks control, the Company shall identify strategic risks, operational risks, financial risks, legal compliance risks, cybersecurity risks, climate-related risks as well as geopolitical risks; and shall analyze, assess, monitor, record, manage such risks as well as make disclosure in accordance with applicable laws and regulations.

III. Risk Management Procedures

1. Risk Identification
   Each divisions of the Company shall, based on the risk management policies and procedures approved by the BOD, identify its short-term, medium-term, and long-term risks as well as targets within its responsibilities. In conducting such identification, both internal and external risk factors, as well as key stakeholder concerns, are taken into consideration. Through a combination of bottom-up and top-down analysis and discussion, and by integrating strategic risks and operational risks, the Company may comprehensively identifies potential risk events that may prevent the achievement of corporate objectives or result in losses or adverse impacts.
2. Risk Analysis
   The Company will examine the nature and characteristics of identified risk events and analyze their likelihood of occurrence as well as potential impacts. Relevant units shall assess the likelihood and impacts of such risk events by taking into account existing control measures, as well as relevant cases and experience.
3. Risk Assessment
   The Company will establish, based on the characteristics of each risk, appropriate quantitative and/ or qualitative measurement criteria, standards for risk analysis. Such assessment may include but is not limited to, descriptive evaluations of the likelihood and impact of risk events, as well as the use of specific numeral indicators (such as days, percentages, monetary amounts, or number of affected persons) to express the probability and severity of potential impacts.
4. Risk Monitoring
   The President of the Company is responsible for the ongoing monitoring of risks, and shall report the identified risks as well as corresponding mitigation measures to the AC and BOD.
5. Risk Documentation
   The President of the Company is responsible for documenting the implementation process and results of risk management, and shall properly retaining all records for reference and review.
6. Risk Disclosure
   The Company shall disclose risk management information on its website in accordance with applicable laws, regulations and the Company’s Risk Management Principles.

IV. Risk Management Implementation and Reporting