To ensure the healthy development of the Group, ensure capital adequacy, and achieve reasonable risk and benefit targets, the Company follows the “ Implementation Rules of Internal Audit and Internal Control System of Financial Holding Companies and Banking Industries ” to formulate the “ Risk Management Policy and Guidelines ” as a basis for risk management.
TCFHC and major subsidiaries are equipped with risk management committees that are responsible for designing risk management systems, policies, and indicators for monitoring and for carrying out risk management activities. The purpose is to ensure healthy development of the Group, ensure capital adequacy, and achieve reasonable risk and return targets.
Risk Management Strategy and Structure
The Company’s Board of Directors serves as the highest decision making body and the final bearer of the Group’s risk management and “Risk Management Committee” consisting of the chairman, president, executive vice presidents, heads of unit, and president of each subsidiary is set up to establish connections with risk management units (2nd line of defense) and business operation units (1st line of defense) of TCFHC and each of its subsidiaries.
The highest management level of risk management is the Risk Management Committee. The Risk Management Committee is chaired by the chairman of TCFHC. The highest management level of the highest risk monitoring and auditing is the chief auditor, who all report to the Board of Directors. The Risk Management Committee is held quarterly and reported by the Company and its subsidiaries. Overview of current risk management, changes in capital adequacy, handling of major abnormal events, risk analysis of key monitoring objects and industries, and tracking of the progress of matters that should be implemented in previous meeting resolutions, etc..
Major Risk and Emerging Risk Management
Major Risks
The TCFHC Group assesses the internal and external operational risks when providing financial-related services every year. The Group reports the risk-bearing capacity, response measures, and implementation of risk management to the Board of Directors and senior management, which are managed by looking into authorization mechanisms, limit management, indicator monitoring, and risk report. In addition, the subsidiaries are required to establish risk indicators and control procedures based on nature of product, size of business, and risk attributes. To monitor risk management, the Company regularly monitors the Group’s credit risk exposures and relevant limit controls on a monthly basis. This includes the categories of industries, industries of concerns, high-risks in mainland areas, country risks, risk-bearing capacity in mainland areas, limits for large groups, and other information on limit controls. In addition, the Company also uploads statutory statements to the FSC website on a monthly basis according to the prescribed deadlines to regularly monitor changes in exposures and risk management. After assessing internal and external risks and considering the potential impacts on the Company’s business, the 2 major risks in 2022 are credit risk and operating risk. The relevant risk appetite and mitigation measures are explained as follows:
Sensitivity Analysis and Stress Test
We regularly conduct sensitivity analysis and stress testing on financial and non-financial risks to review the risk management mechanism and risk tolerance. In terms of financial risk, based on the content set in the stress test scenario meeting, TCB conducts market risk factors (including interest rates and equity securities prices) inspection. If the interest rate curve rises by 100 basis points, the value of the transaction book will drop by NT$ 51.733 million; if the equity security price increases by 15%, the trading book value will increase by NT$72.875 million. In terms of non-financial risks, TCB analyzes the operational risk impact in the event of misappropriation of customer deposits. The test results show that the capital adequacy ratio, first-class capital ratio, common equity ratio and leverage ratio all meet the requirements of the competent authorities.
Organization and Functioning of Internal Audit
To establish an effective internal audit system and ensure risk management is carried out, the Company has a set of “ Audit Guidelines ” in place and also follows the “ Implementation Rules of Internal Audit and Internal Control System of Financial Holding Companies and Banking Industries ” promulgated by the Financial Supervisory Commission to create a general audit system for overseeing audit operations. The Auditing Department, established under the Board of Directors, performs internal audits on the Company and each subsidiary every 6 months. It assists the Board of Directors and the management in inspecting and evaluating the internal control system operates effectively and provides timely improvement advice, so as to both ensure internal control system can be effectively operated and make it as the reference for further review and revision. Furthermore, the competent authority (FSC) conducts regular inspections every 2 years as well as irregular project inspections of the Company. The Company is committed to cooperating with the inspection opinions to improve its practices and establish appropriate risk management mechanisms. Regarding this, internal audit units continue to follow up on review opinions of or deficiencies identified by FSC, accountants, internal audit units and internal units as well as improvements listed in internal control statements. Improvements are submitted in writing to the Board of Directors and the Audit Committee and used as an important item for penalties and rewards and performance evaluations of related units. This further promotes the benefits of the Group’s overall operations and risk management.
In 2022, the Auditing Department of Board of Directors had not just accomplished all the tasks scheduled to complete in the year, but also made a list to track improvement status as being required by each unit of TCFHC and each subsidiary, so as to prompt the gains on overall operational and risk management of the Group.
Shaping Risk Culture
In order to improve the Group's risk management, establish a climate governance culture, enhance the Group's directors, supervisors and senior managers' awareness of risks and the latest international development trends and concept changes, risk management courses are arranged every year. In 2022, education and training on “ Climate Change International Development Trends and Response Strategies ” for the Group’s directors and senior managers was held. In addition, in order to enhance employees' risk awareness, strengthen their awareness of laws and regulations related to preventing money laundering and combating terrorism, and enhance their information security protection capabilities and awareness, in order to establish an overall risk management culture, and effectively implement the group's risk management policies, we encourage employees to participate in various internal and external risk management-related education and training. Not only physical courses, but also digital technology is used to hold online education and training. On the other hand, the latest risk management regulations, trends or practices are also communicated to facilitate internal educational training use.
To strengthen crisis management mechanism, resolve and alleviate emergency events quickly or resume operations to manage time and minimize losses, TCFHC has the “ Regulations Governing Emergency and Crisis Management” in place to activate the group-wide emergency reporting and communication system in the event of a manmade or natural disaster, faulty internal control, employee fraud, security maintenance, significant financial loss in business, or negative media coverage that can affect the Company’s reputation and normal operation. The Crisis Management Taskforce is also in place to be in charge of handling emergencies, giving instructions and speak on behalf of the Company to outsiders according to the guidelines for spokespersons as needed.
Refining Risk Culture
The Group encourages employees to provide optimization suggestions for the operation process. If the suggestions are adopted, bonuses will be given to employees. In 2022, a total of NT$148,000 are awarded and 253 proposals provided by employees including branch terminal system transaction optimization, mobile online banking optimization, credit card reconciliation system improvement, and credit collection system optimization, etc., to strengthen operational management efficiency and enhance risk management.
The Group has formulated the "Operational Risk and Control Assessment Management Directions", and colleagues who are familiar with the business process are responsible for the operation process analysis and risk identification. The operation risk self-assessment process completed in 2022 includes 116 from head office management units and 60 from business units. Through the self-assessments results of risk control, the operational risks that should be paid attention to are summarized, and for projects with high risks, action plans are developed to respond in advance to reduce possible future operational losses, improve colleagues' awareness and attention to risks, and integrate risk management awareness into in daily business processes.