Sustainable Risk Control

Opportunity is a double-edged sword. With opportunities for corporate development, come risks. Such risks can only be offset through control mechanism in order for opportunities to become means of fulfilling sustainable management.

To reinforce corporate governance and establish sound risk control to reach corporate targets, the Board approved Risk Control Policy on November 12, 2020. The objective is to ensure sustainable management, reduce damages and enhance corporate profit. Risks and opportunities should be evaluated accordingly for all business conducts to identify, evaluate, monitor and control risks, keeping risks within manageable range to rationalize risks and benefits.

The Board amended the Risk Management Policies on November 8, 2024. The amendment focuses on the organizational structure of risk management, which is divided into three tiers. At the first tier are all Businesses, administrative departments and applicable units; the second is the Risk Management Team; the third is the Internal Audit. Their duties and responsibilities are stated in the Risk Management Policies, and an emergency response team is to be established to form immediate responses to sudden material risk events, ensure regulatory compliance and minimize potential losses and impacts.

Monthly briefings covering issues such as management, sales, industrial operations, energy conservation and carbon reduction are held to keep the Board and senior executives informed and maintain sound decision-making. Risk management indicators have been incorporated as part of the performance review.

The Board of Directors serves as the highest decision-making entity regarding risk control and established functional committees dedicated to assisting in the oversight of risk management. The Audit Committee and Sustainability Committee oversee the control management of business risks as well as sustainability risks, respectively, to ensure the effectiveness of the risk control process and outcome.

⇥ Risk Management Policies

Structure of Risk Control Organization

First line of defense	All Businesses, administrative departments and applicable units	All Businesses, administrative departments and applicable units shall clearly identify major risks associated with their operations, conduct risk management and implement appropriate risk assessments in response to factors such as changes in the internal, external and regulatory environments. Regular reports on the risk management status shall be presented to the Risk Management Team under Corporate Management.
Second line of defense	Risk Management Team	The Risk Management Team under Corporate Management oversees the entire risk management practices at FENC. The team is responsible for developing risk management policies, frameworks and mechanisms as well as qualitative and quantitative management standards. The team also conducts monthly reviews over risk control measures reported by various units in line with their assigned responsibilities. Additional tasks include examining issues related to risk management, monitoring the implementation and coordination of overall risk management initiatives, and presenting the risk management report to the Board at least once a year.
Third line of defense	Internal audit	FENC’s internal audit units conduct operational risk assessments and audits through the internal control system and provide improvement recommendations in the audit report. In addition to the three lines of defense, an emergency response team shall be established in the event of a sudden material risk event with the potential of major impacts on the Company. The response team shall address risk situations immediately and communicate with internal and external stakeholders to ensure regulatory compliance and minimize potential losses and impacts.

Identification and Management of Major Risks

FENC identifies potential risks and their sources for all departments. For more details on measures established and mitigating actions, please refer to the corresponding chapters in FENC Sustainability Report or FENC Annual Report.

Major Risk and Response

Risk Type	Detail	Potential Impact If Unaddressed	Strategy
Financial Risk	Risks affecting financial targets caused by fluctuations in domestic and foreign interest rates, exchange rates and customer credit	Liquidity issues caused by insufficient cash positions Profit decline caused by exchange losses Increase in capital costs due to high borrowing rates	Maintain a sound financial structure through flexible fund allocation. Track daily changes in exchange rates and adjust foreign exchange positions accordingly. Maintain a good credit rating and strive for preferential borrowing rates.
Strategic and Operational Risk	Risks caused by business strategies, domestic and international market competition, industry cooperation and changes in policies and regulations.	Misplaced resources and decline in competitiveness caused by wrongful investment decisions Interrupted production and delivery as well as uncollectable accounts due to possible supply chain disruption caused by geopolitical conflicts Increase in operational costs resulting from regulatory changes, such as the Carbon Border Adjustment Mechanism (CBAM) in the EU and rising minimum wages	Conduct regular business review meetings and discussions on industry strategies to address changes in the external environment by adjusting operational strategies. Closely monitor international political and economic development and evaluate the need to suspend or discontinue direct credit transactions or trade in high-risk countries. Stay updated on and prepared for regulatory changes applicable to the markets and production sites.
Environmental, Carbon Reduction and Energy Risk	Risks caused by climate change, geographical resources, global carbon-reduction progress, energy and applicable fiscal and tax policies	Fines, lawsuits, protests, boycotts, market pressure or competitive disadvantages due to inadequate management of GHG as well as energy and resource consumption, damage to ecosystems and violations of environmental regulations	Promote carbon reduction and energy conservation programs. Develop green products and reduce carbon emissions during production. Strengthen pollution management and comply with regulatory requirements.
ESG Risks	Risks caused by the inability to meet stakeholder expectations in ESG performance	Rise in capital costs due to capital withdrawal, downgraded credit rating, price increase or refusal made by capital sources, such as investors and banking institutions Loss of employees, partners and customers due to impacts on profitability and competitiveness caused by damages to the corporate image and reputation	Value stakeholder communication, engagement and response. Participate in sustainability programs and keep abreast of issues and trends. Strive for domestic and international corporate sustainability awards and improve performance in international ESG evaluation.

Emerging Material Risk

Emerging Risk

Detail

Impact

Mitigating Actions

Geopolitical Risk

The geopolitical climate has been clouded with uncertainties in recent years. The trade war between U.S. and China has not subsided since 2018, triggering the tech war that followed. The tipping geopolitical balance is exacerbated by the nuclear crises in Iran and North Korea as well as the war between Ukraine and Russia and the Israeli-Hamas conflict. The free flow of goods and technologies have been severely impeded, upending the order that had supported the globalized economy and international trade. These geopolitical risks are clogging market efficiency. While posing profound influence on the overall economy and the security of Taiwan, they have also been hammering the stability of conventional business models, resulting in burdening costs.

Supply chain disruption: In the past, corporations relied on international supply chains to operate in a globalized economy. Geopolitical conflicts may lead to shortages of raw materials, production delays and the inability to make on-time delivery, which increase market uncertainties, impacting investment decisions and financial planning at the corporate level.
Trade policy changes: Geopolitical tensions may alter the course of international trade policies, such as tariffs and export restrictions, which would affect FENC’s cost structures and competitiveness.
Higher investment risks: Geopolitical instability would affect direct investments in high-risk areas. FENC must seek insurance protection or adjust investment and network strategies.
Currency Fluctuations: Geopolitical events may cause volatility in currency values, affecting risk management regarding foreign exchange rates and international transaction costs.

Mitigate geopolitical risks through dispersed global growth by expanding business and production sites from Taiwan and mainland China to global locations such as Vietnam, Japan and the U.S.
Develop operating strategies accordingly and strengthen risk management, including establishing diversified production and sales models as well as building supply chain resilience and agility.
Implement measures to reinforce regulatory compliance and avert the impact of fluctuating exchange rates.

Information Security Risk

Network technology is progressing at an expeditious rate. With the prevalence of remote work and cloud computing, the corporate world is facing cybersecurity threats that are growing in diversity and complexity. Common threats such as ransomware, phishing and social engineering attacks are also striking wider targets with more sophistication , adding hurdles when it comes to defending corporate operations and data security.

Business interruption and higher operating costs: Ransomware attacks or accidental clicks on phishing links may lead to the leakage of confidential information, affect the routine system operation or even interrupt production and marketing activities, which may require considerable manpower and costs to formulate a response.
Risks of non-compliance and pecuniary penalties: As information security regulations grow stringent, government authorities may impose heavy pecuniary penalties for leaking personal data and other serious violations.
Damages to brand image and market confidence: When mishandled, information security incidents may draw negative press coverage that harms the corporate image and market confidence. Consequently, such incidents may lead to the loss of customer trust and weaken market competitiveness.

FENC has a strong information security management system in place. In 2022, the Company created the Information Security Department and appointed the Chief Information Security Officer to oversee measures aiming to safeguard information security. To tackle information security risks, FENC has implemented the following five mitigating actions:

Establish standard procedures for handling information security incidents.
Fully implement the reporting and handling of information security incidents.
Reinforce information security management training among staff.
Establish response mechanisms to guard the information security protection system.
Implement supply chain information security management.

Principles, Mitigation and Control Measures, and Identification and Management Procedures

FENC establishes risk indicators and stays on top of environmental and regulatory changes through regular tracking. Once the risks are defined through internal meetings, evaluation is conducted by designated units on the potential threats and impacts on the Company to formulate action plans. Responses and control measures are carried out through special projects. The implementation and progress are reported to the highest governing entity on a regular basis.

Risk Control Mechanism

The Company’s risk management mechanism consists of risk alert system, regulatory compliance system,and etc. The Company offers the staff regular training to be risk awareness. Furthermore, risk control is implemented in conjunction with the internal audit system and is conducted through various monthly meetings, covering risk issues such as management and sales, industry management, environment sustainability and GHG reduction, etc.

1. Risk Alert System: Conduct regular follow-ups and examine corporate risks to establish advanced corresponding measures.
2. Regulatory Compliance System: Regularly implement self-evaluation on compliance to reduce risk of violation
3. Risk Ranking Project: Regularly conduct plant risk ranking projects to reduce operational risks.
4. Risk Control Training: Implement staff training to increase risk awareness.
5. Internal Control System: Oversee and manage risks through internal control system.
6. Regular Meeting: Conduct multiple monthly meetings to ensure management of and focus on risk issues from the highest governing entity.

FENC Regular Meetings

The risk management and implementation of 2024 have been reported in the Audit Committee on November 6, 2024 and the Board meeting on November 8, 2024.

■ Environment ● Social ◆ Governance

Important Meeting		Interval	Corresponding Issue	Highest Ranking Attendee
Board Meeting	Board Meeting	Quaterly	■ ● ◆	Chairman
	Audit Committee	Quaterly	◆	Independent Directors and Directors
	Remuneration Committee	Semi-Annual	◆
	Sustainability Committee	Semi-Annual	■ ● ◆
Themed Meeting	Management Meeting	Annual	■ ● ◆	Chairman
	Human resources management and development	Semi-Annual	● ◆
	Special report on R&D	Annual	■ ◆
	Seminar on industry strategies	Semi-Annual	◆
	Budget review	Annual	◆
	Environment sustainability	Annual	■
Regular Meeting	Operation review meeting	Monthly	■ ● ◆
	Sales Meeting	Semi-Monthly	◆
	Risk management meeting	Monthly	■ ● ◆	President of Corporate Management