Sustainable Risk Control
Opportunity is a double-edged sword. With opportunities for corporate development, come risks. Such risks can only be offset through control mechanism in order for opportunities to become means of fulfilling sustainable management.
To reinforce corporate governance and establish sound risk control to reach corporate targets, the Board approved Risk Control Policy on November 12, 2020. The objective is to ensure sustainable management, reduce damages and enhance corporate profit. The likelihood and magnitude of Risks and opportunities should be evaluated accordingly for all business conducts to identify, evaluate, monitor and control risks, keeping risks within manageable range to rationalize risks and benefits. The Company plans to amend the Risk Management Policies through the Board of Directors in November 2024, ensuring it reflects the existing risk management framework and practices.
⇥ Risk Management Policies
Risk control at FENC is governed by a 3-tierd framework that spans throughout the Corporate Management as well as all businesses and applicable units, Risk Management team, and internal audit. The obligations of each applicable entity are outlined within the Risk Control Policies. In the event of unanticipated major risks, an emergency response team shall be established to formulate immediate responses and handle the risk conditions to ensure regulatory compliance while minimizing potential damages and impacts. The Company holds monthly risk control briefings and are presented to the Board members and senior executives of business units. Risk issues discussed include management, sales, industry operation as well as energy and carbon reduction to keep the Board members and senior executives informed while making policy decisions, incorporating risk management indicators into performance evaluation criteria.
The Board of Directors serves as the highest decision-making entity regarding risk control and established functional committees dedicated to assisting in the oversight of risk management. The Audit Committee and Sustainability Committee oversee the control management of business risks as well as sustainability risks, respectively, to ensure the effectiveness of the risk control process and outcome.
Structure of Risk Control Organization
First Line | All Businesses and Applicable Units | All units (including administrative departments and business units) shall identify major risks and conduct risk planning. And all units directly participate in customer and production services in daily operations and are responsible for implementing necessary assessment and control of risk management. In addition, all businesses and applicable units need to report to the Risk Management team on a monthly basis. |
Second Line | Risk Management Team of Corporate Management and Executives of Operational Unit | The President of Corporate Management is responsible for the overall risk control, determine risk appetite standard, develop qualitative and quantitative risk warning indicators, and establishment of management standards. Regularly identify significant risks arising from changes in the economic environment and implement necessary risk management procedures. Monthly task: The units conduct regular meetings to review and examine the risk control status, monitor risk control implementation and coordination on the overall operation. Yearly task: The units shall present the risk control report to the Board and Audit Committee at least once a year. The 2023 report was represented to the Audit Committee on November 7, 2023 and to the Board on November 10, 2023. |
Third Line | Internal Audit | The Company internal audit unit conducts an annual evaluation on operational risks and develops the annual audit plan for the coming year with details listed. The plan is implemented upon the approval of the Audit Committee and the Board. Risk supervision and management are carried out through the internal control system. Any identified deficiencies or anomalies in internal controls are communicated with the audited units, and required to propose specific corrective procedures. These actions are continuously monitored until improvements are achieved. All risk auditing procedures are reported quarterly to the Audit Committee and the Board of Directors for review on the status of improvement measures. |
Management Principles, Mitigation and Control Measures, and Identification and Management Procedures
FENC establishes risk indicators and stays on top of environmental and regulatory changes through regular tracking. Once the risks are defined through internal meetings, evaluation is conducted by designated units on the potential threats and impacts on the Company to formulate action plans. Responses and control measures are carried out through special projects. The implementation and progress are reported to the highest governing entity on a regular basis.
Identification and Management of Major Risks
FENC identifies potential risks and their sources for all departments. For more details on measures established, please refer to the corresponding chapters in FENC Sustainability Report or FENC Annual Report.
Major Risk and Response
Risk Type | Assessed Likelihood of Occurrence | Assessed Degree of Impact | Detail | Potential Impact If Unaddressed | Strategy |
Financial Risk | Low | Low | Risks affecting financial targets caused by fluctuations in domestic and foreign interest rates, exchange rates and customer credit |
|
|
Strategic and Operational Risk | Low | Low | Risks caused by business strategies, domestic and international market competition, industry cooperation and changes in policies and regulations |
|
|
Environmental, Carbon Reduction and Energy Risk | Low | Low | Risks caused by climate change, geographical resources, global carbon-reduction progress, energy and applicable fiscal and tax policies | Fines, lawsuits, protests, boycotts, market pressure or competitive disadvantages due to inadequate management of GHG as well as energy and resource consumption, damage to ecosystems and violations of environmental regulations |
|
ESG Risks | Low | Low | Risks caused by the inability to meet stakeholder expectations in ESG performance |
|
|
Significant Emerging Risks
Emerging Risk | Risk Description | Impact on the Company | Mitigating Actions |
Geopolitics | Geopolitical instability in recent years has its roots in several key events. It began with the US-China trade war that erupted in 2018, which evolved into a broader technological and economic rivalry. The instability is further exacerbated by persistent nuclear concerns involving Iran and North Korea, Russia's ongoing invasion of Ukraine, and the conflict between Israel and Hamas. Additionally, cross-strait tensions between China and Taiwan threaten to escalate into military confrontation. These political conflicts have not only interfered with the free flow of goods and technology but have also disrupted the existing global order and international trade. The evolving nature of geopolitical risks has significantly hampered market efficiency, profoundly impacting Taiwan's overall economy and security. Moreover, these developments have repeatedly challenged businesses’ long-standing operational models and imposed numerous unnecessary costs. | The main impacts of geopolitical risks on the Company include:
| To manage geopolitical risks, the Company has re-evaluated its market strategy and adjusted the deployment of its operating sites across seven countries, including the United States, Japan, and Vietnam, whereas they were previously concentrated in Taiwan and China. By diversifying its geographic presence, the Company aims to mitigate these risks. Additionally, the Company has developed operational strategies to enhance risk management, including establishing diversified production and sales models, improving supply chain resilience and flexibility, strengthening regulatory compliance, and hedging against currency exchange rate fluctuations. These measures have effectively reduced the current geopolitical impact, and we will remain vigilant and cautious against future risks. |
Cybersecurity | The rapid advancement of technology, particularly in the realm of the Internet, has led to increasingly diverse and complex cybersecurity vulnerabilities and threats for businesses. Common risks now include ransomware attacks, phishing websites, and social engineering hacks, etc. Recently, a new type of video scam using Deepfake technology has emerged, causing damage to several companies as reported in the news. These threats not only expand the scope of potential attacks but also increase the difficulty of protection, posing a severe threat to the day-to-day operations of enterprises. This is especially true in terms of data protection and prevention of operational disruptions. As remote working and cloud technology become more prevalent, these threats are becoming increasingly difficult to predict and manage. | Cybersecurity risks impact the Company in the following aspects:
| The Company has established a comprehensive and robust information security management system. In 2022, it created an information security department and appointed a Chief Information Security Officer to actively implement security measures. To effectively mitigate information security risks, the Company has taken the following five key actions:
|
Risk Management Mechanism
The Company’s risk management mechanism consists of risk alert system, regulatory compliance system,and etc. The Company offers the staff regular training to be risk awareness. Furthermore, risk control is implemented in conjunction with the internal audit system and is conducted through various monthly meetings, covering risk issues such as management and sales, industry management, environment sustainability and GHG reduction, etc.
1. Risk Alert System: Conduct regular follow-ups and examine corporate risks to establish advanced corresponding measures.
2. Regulatory Compliance System: Regularly implement self-evaluation on compliance to reduce risk of violation
3. Risk Ranking Project: Regularly conduct plant risk ranking projects to reduce operational risks.
4. Risk Control Training: Implement staff training to increase risk awareness.
5. Internal Control System: Oversee and manage risks through internal control system.
6. Regular Meeting: Conduct multiple monthly meetings to ensure management of and focus on risk issues from the highest governing entity.
FENC Regular Meetings
The risk management and implementation of 2023 have been reported in the Audit Committee on November 7, 2023 and the Board meeting on November 10, 2023.
■ Environment ● Social ◆ Governance
Important Meeting | Interval | Corresponding Issue | Highest Ranking Attendee | |
Board Meeting | Board Meeting | Quaterly | ■ ● ◆ | Chairman |
Audit Committee | Quaterly | ◆ | Independent Directors and Directors | |
Remuneration Committee | Semi-Annual | ◆ | ||
Sustainability Committee | Semi-Annual | ■ ● ◆ | ||
Themed Meeting | Management Meeting | Annual | ■ ● ◆ | Chairman |
Human resources management and development | Semi-Annual | ● ◆ | ||
Special report on R&D | Annual | ■ ◆ | ||
Seminar on industry strategies | Semi-Annual | ◆ | ||
Budget review | Annual | ◆ | ||
Environment sustainability | Annual | ■ | ||
Regular Meeting | Operation review meeting | Monthly | ■ ● ◆ | |
Sales Meeting | Semi-Monthly | ◆ | ||
Risk management meeting | Monthly | ■ ● ◆ | President of Corporate Management |