Sustainable Risk Control

Opportunity is a double-edged sword. With opportunities for corporate development, come risks. Such risks can only be offset through control mechanism in order for opportunities to become means of fulfilling sustainable management.

To reinforce corporate governance and establish sound risk control to reach corporate targets, the Board approved Risk Control Policy on November 12, 2020. The objective is to ensure sustainable management, reduce damages and enhance corporate profit. The likelihood and magnitude of Risks and opportunities should be evaluated accordingly for all business conducts to identify, evaluate, monitor and control risks, keeping risks within manageable range to rationalize risks and benefits.
⇥ Risk Management Policies

Risk control at FENC is governed by a 3-tierd framework that spans throughout the Corporate Management as well as all businesses and applicable units, Risk Management team, and internal audit. The obligations of each applicable entity are outlined within the Risk Control Policies. In the event of unanticipated major risks, an emergency response team shall be established to formulate immediate responses and handle the risk conditions to ensure regulatory compliance while minimizing potential damages and impacts. The Company holds monthly risk control briefings and are presented to the Board members and senior executives of business units. Risk issues discussed include management, sales, industry operation as well as energy and carbon reduction to keep the Board members and senior executives informed while making policy decisions, incorporating risk management indicators into performance evaluation criteria.

The Board of Directors serves as the highest decision-making entity regarding risk control and established functional committees dedicated to assisting in the oversight of risk management. The Audit Committee and Sustainability Committee oversee the control management of business risks as well as sustainability risks, respectively, to ensure the effectiveness of the risk control process and outcome.

Structure of Risk Control Organization

First Line

All Businesses and Applicable Units

All units (including administrative departments and business units) shall identify major risks and conduct risk planning. And all units directly participate in customer and production services in daily operations and are responsible for implementing necessary assessment and control of risk management. In addition, all businesses and applicable units need to report to the Risk Management team on a monthly basis.

Second Line

Risk Management Team of Corporate Management and Executives of Operational Unit

The President of Corporate Management is responsible for the overall risk control, determine risk appetite standard, develop qualitative and quantitative risk warning indicators, and establishment of management standards. Regularly identify significant risks arising from changes in the economic environment and implement necessary risk management procedures.

Monthly task: The units conduct regular meetings to review and examine the risk control status, monitor risk control implementation and coordination on the overall operation.

Yearly task: The units shall present the risk control report to the Board and Audit Committee at least once a year.

The 2023 report was represented to the Audit Committee on November 7, 2023 and to the Board on November 10, 2023.

Third Line

Internal Audit

The Company internal audit unit conducts an annual audit on operational risks and develops the annual audit plan for the coming year with details listed. The plan is implemented upon the approval of the Audit Committee and the Board. Risk supervision and management are carried out through the internal control system. Any identified deficiencies or anomalies in internal controls are communicated with the audited units, and required to propose specific corrective procedures. These actions are continuously monitored until improvements are achieved. All risk auditing procedures are reported quarterly to the Audit Committee and the Board of Directors for review on the status of improvement measures.

Management Principles, Mitigation and Control Measures, and Identification and Management Procedures

FENC establishes risk indicators and stays on top of environmental and regulatory changes through regular tracking. Once the risks are defined through internal meetings, evaluation is conducted by designated units on the potential threats and impacts on the Company to formulate action plans. Responses and control measures are carried out through special projects. The implementation and progress are reported to the highest governing entity on a regular basis.

Identification and Management of Major Risks

FENC identifies potential risks and their sources for all departments. For more details on measures established, please refer to the corresponding chapters in FENC Sustainability Report or FENC Annual Report.

Major Risk and Response

Risk Type	Assessed Likelihood of Occurrence	Assessed Degree of Impact	Detail	Potential Impact If Unaddressed	Strategy
Financial Risk	Low	Low	Risks affecting financial targets caused by fluctuations in domestic and foreign interest rates, exchange rates and customer credit	Liquidity issues caused by insufficient cash positions Profit decline caused by exchange losses Increase in capital costs due to high borrowing rates	Maintain a sound financial structure through flexible fund allocation. Track daily changes in exchange rates and adjust foreign exchange positions accordingly. Maintain a good credit rating and strive for preferential borrowing rates.
Strategic and Operational Risk	Low	Low	Risks caused by business strategies, domestic and international market competition, industry cooperation and changes in policies and regulations	Misplaced resources and decline in competitiveness caused by wrongful investment decisions Interrupted production and delivery as well as uncollectable accounts due to possible supply chain disruption caused by geopolitical conflicts Increase in operational costs resulting from regulatory changes, such as the Carbon Border Adjustment Mechanism (CBAM) in the EU and rising minimum wages	Conduct regular business review meetings and discussions on industry strategies to address changes in the external environment by adjusting operational strategies. Closely monitor international political and economic development and evaluate the need to suspend or discontinue direct credit transactions or trade in high-risk countries. Stay updated on and prepared for regulatory changes applicable to the markets and production sites.
Environmental, Carbon Reduction and Energy Risk	Low	Low	Risks caused by climate change, geographical resources, global carbon-reduction progress, energy and applicable fiscal and tax policies	Fines, lawsuits, protests, boycotts, market pressure or competitive disadvantages due to inadequate management of GHG as well as energy and resource consumption, damage to ecosystems and violations of environmental regulations	Promote carbon reduction and energy conservation programs. Develop green products and reduce carbon emissions during production. Strengthen pollution management and comply with regulatory requirements.
ESG Risks	Low	Low	Risks caused by the inability to meet stakeholder expectations in ESG performance	Rise in capital costs due to capital withdrawal, downgraded credit rating, price increase or refusal made by capital sources, such as investors and banking institutions Loss of employees, partners and customers due to impacts on profitability and competitiveness caused by damages to the corporate image and reputation	Value stakeholder communication, engagement and response. Participate in sustainability programs and keep abreast of issues and trends. Strive for domestic and international corporate sustainability awards and improve performance in international ESG evaluation.

Significant Emerging Risks

Emerging Risk

Risk Description

Impact on the Company

Mitigating Actions

Geopolitics

Geopolitical instability in recent years has its roots in several key events. It began with the US-China trade war that erupted in 2018, which evolved into a broader technological and economic rivalry. The instability is further exacerbated by persistent nuclear concerns involving Iran and North Korea, Russia's ongoing invasion of Ukraine, and the conflict between Israel and Hamas. Additionally, cross-strait tensions between China and Taiwan threaten to escalate into military confrontation.

These political conflicts have not only interfered with the free flow of goods and technology but have also disrupted the existing global order and international trade. The evolving nature of geopolitical risks has significantly hampered market efficiency, profoundly impacting Taiwan's overall economy and security. Moreover, these developments have repeatedly challenged businesses’ long-standing operational models and imposed numerous unnecessary costs.

The main impacts of geopolitical risks on the Company include:

Supply chain disruptions: In a globalized economy, businesses have relied heavily on cross-border supply chains. However, geopolitical conflicts can lead to shortages of raw materials, production delays, and failure to deliver products on time. This increases market uncertainty and affects FENC’s investment decisions and financial planning.
Trade policy changes: Geopolitical tensions may alter trade policies in various countries, such as the removal of tariff preferential treatments or the tightening of export control regulations. These changes can significantly impact FENC’s cost structure and overall competitiveness.
Increased investment risk: Geopolitical instability affects businesses’ direct investments in high-risk areas. As a result, FENC must seek additional insurance protection or adjust our investment and resource deployment strategies to mitigate these risks.
Currency fluctuations: Geopolitical events can cause significant currency value fluctuations. This affects FENC’s exchange rate risk management and increases international transaction costs.

To manage geopolitical risks, the Company has re-evaluated its market strategy and adjusted the deployment of its operating sites across seven countries, including the United States, Japan, and Vietnam, whereas they were previously concentrated in Taiwan and China. By diversifying its geographic presence, the Company aims to mitigate these risks. Additionally, the Company has developed operational strategies to enhance risk management, including establishing diversified production and sales models, improving supply chain resilience and flexibility, strengthening regulatory compliance, and hedging against currency exchange rate fluctuations. These measures have effectively reduced the current geopolitical impact, and we will remain vigilant and cautious against future risks.

Cybersecurity

The rapid advancement of technology, particularly in the realm of the Internet, has led to increasingly diverse and complex cybersecurity vulnerabilities and threats for businesses. Common risks now include ransomware attacks, phishing websites, and social engineering hacks, etc. Recently, a new type of video scam using Deepfake technology has emerged, causing damage to several companies as reported in the news. These threats not only expand the scope of potential attacks but also increase the difficulty of protection, posing a severe threat to the day-to-day operations of enterprises. This is especially true in terms of data protection and prevention of operational disruptions. As remote working and cloud technology become more prevalent, these threats are becoming increasingly difficult to predict and manage.

Cybersecurity risks impact the Company in the following aspects:

Business disruption and increased operating costs: Ransomware attacks or an employee inadvertently clicking on a phishing link can lead to the leakage of confidential company information. This can disrupt normal ERP system operations and potentially halt production and sales activities. Decrypting and recovering compromised files and data requires significant human resources and operational costs, hampering business continuity.
Compliance and fine risks: As information security laws and regulations become increasingly stringent, any personal data breaches or other serious violations could result in substantial fines from regulatory authorities. Beyond financial penalties, such incidents can damage corporate reputation, erode customer trust, and ultimately weaken the Company’s market competitiveness.
Compromised brand image and market confidence: Mishandling cybersecurity incidents can lead to negative media coverage, further tarnishing the Company’s brand image. This can seriously erode market confidence in the Company.

The Company has established a comprehensive and robust information security management system. In 2022, it created an information security department and appointed a Chief Information Security Officer to actively implement security measures. To effectively mitigate information security risks, the Company has taken the following five key actions:

Establishing standard operating procedures for handling information security incidents: A standardized process has been put in place to ensure swift response and effective solutions in the event of information security incidents, minimizing their impact on the business.
Implementing incident reporting for information security breaches: A well-defined incident reporting mechanism has been set up to ensure that information security breaches are detected and addressed immediately, reducing the risk of further escalation.
Strengthening employee training on information security management: Regular training sessions are conducted to raise awareness and improve employees’ ability to prevent common threats, such as phishing attacks, thereby reducing incidents caused by human error.
Establishing a contingency mechanism for the information security protection system: A multi-level information security protection system has been deployed, along with a contingency mechanism. Regular drills are conducted to ensure the system’s stability in the event of an attack.
Enhancing supply chain information security management in business partnerships: Supply chain partners are required to strengthen their information security measures to align with the Company’s standards, thereby reducing potential risks within the supply chain.

Risk Management Mechanism

The Company’s risk management mechanism consists of risk alert system, regulatory compliance system,and etc. The Company offers the staff regular training to be risk awareness. Furthermore, risk control is implemented in conjunction with the internal audit system and is conducted through various monthly meetings, covering risk issues such as management and sales, industry management, environment sustainability and GHG reduction, etc.

1. Risk Alert System: Conduct regular follow-ups and examine corporate risks to establish advanced corresponding measures.
2. Regulatory Compliance System: Regularly implement self-evaluation on compliance to reduce risk of violation
3. Risk Ranking Project: Regularly conduct plant risk ranking projects to reduce operational risks.
4. Risk Control Training: Implement staff training to increase risk awareness.
5. Internal Control System: Oversee and manage risks through internal control system.
6. Regular Meeting: Conduct multiple monthly meetings to ensure management of and focus on risk issues from the highest governing entity.

FENC Regular Meetings

The risk management and implementation of 2024 have been reported in the Audit Committee on November 6, 2024 and the Board meeting on November 8, 2024.

■ Environment ● Social ◆ Governance

Important Meeting		Interval	Corresponding Issue	Highest Ranking Attendee
Board Meeting	Board Meeting	Quaterly	■ ● ◆	Chairman
	Audit Committee	Quaterly	◆	Independent Directors and Directors
	Remuneration Committee	Semi-Annual	◆
	Sustainability Committee	Semi-Annual	■ ● ◆
Themed Meeting	Management Meeting	Annual	■ ● ◆	Chairman
	Human resources management and development	Semi-Annual	● ◆
	Special report on R&D	Annual	■ ◆
	Seminar on industry strategies	Semi-Annual	◆
	Budget review	Annual	◆
	Environment sustainability	Annual	■
Regular Meeting	Operation review meeting	Monthly	■ ● ◆
	Sales Meeting	Semi-Monthly	◆
	Risk management meeting	Monthly	■ ● ◆	President of Corporate Management