Risk Management and Internal Control
Risk Management System
Operations of Risk Management Committee
Taishin FHC has a Risk ManRisk Management Policyace. According to "Organization Rules of Risk Management Committee" Taishin FHC Risk Management Committee Foundation Principles," the committee shall have at least 3 members, chosen from existing directors with more than half of whom being independent directors. The committee's duties are to review the Risk Management Policy, risk appetite, limit transfer, and the integrated risk management report.
Day-to-day risk management is spearheaded by the Chief Risk Officer (CRO) and executed through the CRO Office. The CRO Office communicates with corresponding units of the 3 lines of defense to enforce risk management within the organization. The average attendance rate of Risk Management Committee is 100% in 2022.
Risk Management Policy and Measures
Taishin has risk management policy in place to control primary risks associated with business operations. The policy also takes into account climate change and emerging risks associated with the prevailing trends. The Company include mandatory and voluntary stress test results into the capital adequacy plan and implement quarterly stress tests on risks and scenarios in the overall and individual business environment. We shall also report the results to the Board of Directors and the annual stress test results shall be reported to the competent authority and disclosed on the website. We also incorporated the results of the stress tests into our longterm strategies. We adjusted asset allocation and continued to increase profitability and capital utilization to enhance the overall financial structure and capital adequacy ratio of Taishin FHC.
In terms of risk control, the Company first identifies risks associated with relevant issues and then assesses the level of risks involved before proceeding with risk control and reporting. Afterwards, reports on risk management practices are consolidated to enable further enhancement to risk management.
Risk Incident Reporting Channel
In the event of a risk incident or discovery of potential risks, the unit must report
immediately and clarify the reasons of occurrence, potential losses, and impact as quickly as possible. It must also formulate improvement plans. It must continue to follow up on improvement measures till the improvement is completed. Taishin has adopted three lines of defense to implement continuous management of related risks in business activities, formulate overall policies, and establish management systems. We also ensure effective control of and response to risks with the internal audit system.
Internal Audit
Taishin has an internal audit system in place and an Audit Division that reports directly to the Board of Directors in regard to its audit practices. Apart from the Chief Auditor, the Audit Division also has 7 full-time audit personnel who are responsible for audit of the Company and its subsidiaries business and operational practices, management of subsidiaries, supervising internal control self-audits, evaluating internal audit practices of subsidiaries, coordination of financial examination, tracking, management and reporting of identified defects, and consultation from other units. The audits on the Company and
subsidiaries in 2022 showed that there were no discrepancies or irregularities with material impact in the systems of the Company and subsidiaries. The audit opinions proposed and the improvement measures formulated by the inspected units were included as items to be tracked in routine audits to follow up on the improvements of the audited units.
Management of Emerging Risks
Taishin FHC implements procedures specifically to identify, manage and respond to emerging risks, and prepares assessment worksheets based on documents published by local and foreign institutions. All subsidiaries are required to assess emerging risks associated with their business activities to assess the possible impacts and devise response measures, which are consolidated by Taishin Holdings to facilitate ongoing monitoring on the effectiveness of risk control and mitigation measures.
-
1.Identification
Taishin FHC has designed assessment worksheets based on documents published by local and foreign institutions
-
2.Assessment
Subsidiaries are required to assess impacts of emerging risks and devise response measures based on the state of their business activities.
-
3.Integration
Based on subsidiaries' assessments, Taishin reports impacts and mitigation measures
-
4.Observation
Impacts and mitigation measures of identified risks are monitored on an ongoing basis.
-
[Geoeconomic confrontation] - Geopolitical
With the expected conflicts of the trade war being continuined to expand, maor countries have adopted new economic and trade protection policies. In the short-term, it has been directly increased to intensified government intervention in the market and result in the reshaping of existing industrial chains and trade flows that have destoryed globalization which promotes productivity and economic growth and reduce the cross-border investment activities. In the long run, it will lead to global economic downturn, increase the risk of business operation and investment, and affect the uncertainty of financial stability.
-
- The increase in production costs of enterprises due to changes in the supply chain has forced product prices to increase, and the slowdown in consumption has affected the growth momentum of operating profits and the solvency of enterprises, which may make the rise in debt unfavorable to the development of financing.
- The escalation in regional conflicts has led to instability in the supply of energy and raw materials, affecting financial market volatility and liquidity, and leading to an overall increase in the risk of overseas investment exposure.
-
- Continuously monitoring regional exposures and risk assessment, setting country risk limits including single country limits, Obligor Risk Rating (ORR) limits, and overall country risk limits to avoid the level of risk in the bank's portfolio arising from concentration to a single counterparty or country.
- Establish early warning and implement response measures, establish more rapid and intensive notification and tracking, and strengthen post-loan management of credit customers to reduce credit risk.
-
[Cost-of-living burden] - Economic
The sharp rise in the inflation rate of the world's major economies forced the central banks to start a cycle of interest rate hikes, resulting in a significant economic recession. If the high inflation rate persists, the money supply will continue to be tightened in the short term, which will increase the funding costs for companies and cost of living and investment momentum slowed down. In the long run, it affects on debt repayment capacity and push to raise economic pressure and hence increase the liquidity crunch in the financial markets.
-
- The prolonged period of high inflation rate will affect the momentum of economic growth, resulting in the continuous rise of prices and unemployment rate, the economic pressure of the people and the increase cost of living, which exacerbates the debt burden and increases the risk of a
larger wave of defaults. - The tightening of monetary policies in major economies will exacerbate the downside risks of the global economy and affect the volatility of the stock/exchange/ bond markets and the stability of financial assets.
- The prolonged period of high inflation rate will affect the momentum of economic growth, resulting in the continuous rise of prices and unemployment rate, the economic pressure of the people and the increase cost of living, which exacerbates the debt burden and increases the risk of a
-
- Continuously monitor the credit market conditions, establish early warning reports to regularly review the market and the bank's credit profile, and implement relevant action plans.
- Implement multi-dimensional risk classification and strengthen credit policy for customers, and dynamically adjust various risk management indicators and segmentation management through regular asset quality analysis and default commonality analysis.
- Trading units implement pre-investment assessment and post[1]investment management as the first line of defense, and monitor various risk indicators through complete program planning and reporting mechanisms to establish a mastery of the overall investment portfolio.
-
[Risks of FinTech] - Technologic
In response to the rapid development of the digital age, financial institutions improve customer experience by introducing financial technology. However, when customers use financial services such as smart devices and electronic payments, they are also accompanied by potential Cyber-security risks. If the company fails to implement cyber-security governance in the short term, it will face the hidden worry of insufficient FinTech competitiveness in the long run in the future, which will affect the operational risks of the company.
-
- The maturity of artificial intelligence (AI) and machine learning(ML) technologies has strengthened the development of deepfake technology, making counterfeiting incidents difficult to prevent and seriously affecting banking operations.
- If an unexpected event triggers a temporary panic in the market, with the convenience of mobile banking, a large number of depositors quickly transfer funds in a short period of time, causing the bank to face a crisis of liquidity risk.
- The introduction of cloud technology and data sharing increases the difficulty of personal data protection, and it is easy to violate customer privacy and steal customer data.
-
- Improve the digital identification technology of customers, and adopt native biometric identification technology that has a dedicated unit to provide regular inspection reports on biometric verification feature technology.
- Strengthen employee cyber- security education and training, and discover and improve security gaps by implementing "weakness scanning", "intrusion penetration", "distributed denial of service attack (DDOS) protection" and "social engineering attack" drills.
- Continuously monitor liquidity risk management and regularly review liquidity risk management indicators.
Establish the Culture of Risk Sensitivity
A culture of risk awareness is an important foundation for Taishin's sustainable development. In addition to introducing the loss event database (LED), key risk indicators (KRIs), risk and control self-assessment (RCSA), and regular reporting to senior management and the Board of Directors, we continue to expand risk education and training to embed the culture of risk awareness in our operations and increase the risk awareness of all employees.
Taishin uses the creative reform proposal platform to encourage employees to come up with improvement proposals during work. The managers of business units lead employees on business process management (BPM) projects each year to review all end-to-end procedures between customers and the Bank through the Company's strategic development and process improvement strategies. They seek to identify opportunities for optimization and risk management points in business and operation processes to implement prevention measures and monitor risks. These measures help the Company focus on the risk awareness culture and increase the number of proposals. The number of risk proposals increased to 1,196 in 2021 which was 19.4% growth from the previous year. We organize the process improvement proposal contest each year. The "best risk management" award is given to the best proposals of the year (including creative reforms and BPM projects). We encourage employees to establish risk control points in the processes to address operational risks and credit risks, propose specific recommendations, establish more efficient and adequate risk management, and enhance the culture of risk awareness.
Best risk management proposals in recent years
-
2020
-
NT$2.2 million
-
The development of the mortgage onsite GPS photography app won 2 utility model patents and the 2020 Digital Transformation Award in the IDC DX Awards.
-
2021
-
NT$0.9 million
-
The credit card credit extension strategy is included in the strategy engine. The system shall replace manual assessments to accelerate the review process and implement real-time risk management.
-
2022
-
NT$1.36 million
-
Use AI and big data to identify credit card customers, and add a NCCC ACS system module verification process. No password verification is required for low risk network transactions, providing customers with a faster purchase experience.
Note: Due to COVID-19, the Company supported government policies (relief loans and redemption of the Triple Stimulus Voucher) and the 2019 and 2020 "best risk management proposals" were combined for evaluation.
Legal Compliance
Compliance Rating System
Taishin FHC and its subsidiaries conduct "Internal Compliance Selfassessment" semiannually to evaluate the effective of compliance. Legal Compliance Division reviews these self-assessments of the units and reports to the President for rating reference. This practice helps enforce a compliance culture. In addition, the assessment of the management and the supervisors of each unit now also include the compliance unit's assessment opinions on the degree of compliance of their units.
Whistleblower System
Taishin has implemented a whistleblower system to protect whistleblowers and support a corporate culture of integrity and transparency. Any person who discovers crime, fraud or violation is entitled to report misconduct according to the system. Once accepted and investigated, the informant is a Director, Supervisor or a management level equivalent to or above Vice President, the informant will be escalated to the Audit Committee for review. In subsidiary, the informant shall be reviewed by the Supervisor.
Compliance Training
In 2022, the compliance training courses were focused on the following topics: protection of financial consumers' rights, fair treatment of customers policy, protection of personal information, transactions other than the credit extension with the related persons, internal control and audit system, anti-money laundering, and the most recent amendments to finance-related related laws and regulations.