Yuanta Financial Holdings' risk management structure covers the board of directors, the Audit Committee, the Risk Management Committee, company management, CRO, risk management units, legal and compliance units, information units, as well as all business units.
- Investor Relations
- Corporate Governance
- Risk Management
The board of directors holds ultimate responsibility for risk management regarding all operations. Its major duties include approval of the Company’s risk management policy and risk management systems, approval of annual risk limits, monitoring of indicator thresholds, and supervision of the implementation of the Company’s risk management systems.
The Audit Committee assists the board of directors in its risk management role. Its chief responsibilities include review of the Company’s risk management policies and risk management systems, review of annual risk limits and assisting the board of directors in overseeing the management of the Company’s existing or potential risks.
The Risk Management Committee assists the Audit Committee and the board of directors in executing their risk management duties. Its main objectives include review of annual risks limits, monitoring of indicator thresholds, review of risk management reports, assistance in supervising the implementation of risk management systems, integration and coordination of Company subsidiaries risk management issues, and communication of other important matters relating to risk management.
Company management monitors risks associated with all Company business operations, and ensures that the Company’s risk management system can completely and effectively control all relevant risks.
Directly responsible to the board of directors, the Risk Management Department is responsible for the drafting of the Company's risk management system, establishing effective methods and risk management systems for measuring risks, monitoring and analyzing risks, as well as the timely reporting and early warning of significant risks.
The Compliance Affairs Department executes control over compliance risk, ensuring that all operations and management rules and regulations are updated in a timely manner in accordance with relevant laws and regulations, supervising legal compliance managers of each unit to implement the introduction, establishment, and execution of the relevant internal regulations, and helping to evaluate any legal risks associated with the Company’s operations.
The Legal Affairs Department executes control over legal risk, and assists in evaluating business and legal documents, contracts, and other matters that may involve legal risk.
Implement information security risk control to help avoid information security risks that could jeopardize the normal operation of related information systems due to intentional external intrusion or internal misuse, leakage, tampering, or destruction of information assets.
Each business unit shall review each risk management specification in its entirety and comply with each risk management specification prior to the execution of each operation.
In order to achieve effective risk dispersion, transfer, or reduction and create a win-win-win situation for customers, shareholders, and employees, the objective of the Company's risk management is to serve customers, while taking into account finance-related business objectives, overall risk appetite, and external legal restrictions. The Company follows a “Three Lines of Defense” model, with each line having clearly defined organization, responsibilities, and functions to ensure the effective implementation of risk management mechanisms.


In order to establish the Company’s risk management standards, and ensure that its risk management is comprehensive, effective, and reasonable, Yuanta has set in place its risk management policy to serve as guiding principles for its risk management system. The Company's risk management systems shall adhere to this policy, and shall be set after taking into consideration the various risk attributes faced and their potential impact on the Company's operational stability and capital security.
The Company’s risk management system shall cover market risk, credit risk, market liquidity risk, asset and liability coordination risk (including capital liquidity risk, interest rate risk), large-amount risk insurance, insurance risk, operation risk, legal compliance risk, legal risk and other related operations, legal and Risks related to legal compliance and the environment (including climate risks). Subsidiaries shall establish a risk management system in accordance with the Company's risk management policy and the regulations of the local competent authorities that is consistent with their business portfolio, business scale, and capital size in order to effectively manage the various risks they undertake.Each subsidiary has established an appropriate risk management policy based on its business portfolio, business scale, and capital size. The Company continuously reviews the risk management policies of each subsidiary to ensure that it can effectively manage the various types of risks to which it is exposed.
The major categories and components of the Company’s and each subsidiary’s operational risk are as follows:
Market risk refers to the risk of market prices, volatility, or other related changes that can result in losses to the Company's financial position. Market prices can include indexes, stock prices, interest rates, exchange rates, products and credit premiums. The market risk management principles of the Company and its subsidiaries include the setting of risk early-warning indicators, risk limits and quantitative values of risk based on the Company’s risk tolerance level to accurately estimate potential losses and effectively control market risk. Our value at risk (VaR) measurement model uses as a risk measure the maximum expected loss over the next trading day, which is estimated at a 99% confidence level.
Credit risk refers to risk arising from the following situations:
- Instances in which a bond (bill) issuer, borrower, counterparty, or custodian violates their contract, experiences bankruptcy or liquidation, or otherwise fails to uphold their contractual obligation to discharge debt liabilities, resulting in the risk of losses;
- Instances in which a bond (bill) issuer, borrower, or counterparty’s guarantor violates their contract, experiences bankruptcy or liquidation, or otherwise fails to uphold their contractual guarantee liabilities, resulting in the risk of losses;
- Instances in which the underlying instrument of a financial product experiences weakened credit or has its credit rating reduced, or in which the issuance contract of a financial product is violated, resulting in the risk of losses.
The Company and its subsidiaries set separate credit risk management mechanisms based on their respective risk attributes:
- Credit authorization risk: Using a credit rating or credit scoring model to classify and manage credit authorization cases and strengthen the credit risk measurement mechanism, in order to increase credit asset quality; using an early warning mechanism to integrate with the middle-term management platform, and immediately initiating post-authorization credit management and response measures, in order to reduce potential losses from credit risks.
- Financial transaction credit risk: in order to effectively integrate the Company and its subsidiaries' financial transaction credit risk distribution pattern, closely monitor any changes to the financial transaction credit exposure of the Company or its subsidiaries, the Company has not only implemented internal credit rating systems and credit risk classification and management to effectively evaluate and control financial transaction credit exposure, but has also established a credit early warning system and notification procedures to effectively respond to credit incidents.
Large exposure concentration risk refers to business concentration resulting in a specific risk factor, resulting in situations in which an unanticipated change in said risk factor can lead to the risk of significant losses for the Company. The Company and its subsidiaries have established large risk exposure management systems, which include credit authorization, investment and business transaction risks, and monitor overall risk exposure concentration levels on a same person (enterprise), same Group, same industry, and same country basis.
Market liquidity risk refers to insufficient market trading volume continuity or market disorder leading to a clear decline in trading volume, causing asset sales or closure of positions currently in progress to face the risk of potential losses. To reduce market liquidity risks, the Company and its subsidiaries have set specific guidelines for liquidity positions and potential loss limits based on their respective business areas and financial product characteristics, in order to ensure the market liquidity of the Company's overall positions.
Asset-liability matching risk includes asset liquidity risks and interest rate risks. Asset liquidity risk refers to situations in which assets cannot be sold in a timely manner or external financing cannot raise sufficient capital, causing a risk of inability to meet scheduled payment obligations. Interest rate risk refers to fluctuations in market interest rates which cause the net interest income of interest-bearing assets and interest-bearing debts to face risks from adverse changes.
The Company and its subsidiaries’ asset liquidity risk management is based on the characteristics of its various business areas, and sets in place appropriate asset liquidity risk monitoring standards, pre-assessment of potential funding gaps, effective control of overall asset liquidity risks, as well as setting in advance capital movement plans sufficient to respond to systematic risk events, in order to strengthen the asset liquidity risk management capabilities of the Company and its subsidiaries.
The Company and its subsidiaries’ interest rate risk management includes identification and measurement of interest rate repricing, yield curve risk, basis risk, options features, and other sources of risk, as well as using quantified monitoring indicators to set early warning values for evaluation, in order to effectively control the negative impact of interest rate changes on the net interest income of the Company’s interest-bearing assets and interest-bearing debts.
Insurance risk refers to the risk of loss due to unanticipated changes when the insurance business is operated and assumes the risk of transferring the insured after receiving the premiums and paying the claims and related expenses according to the contract. Insurance risk management includes product design, pricing, policy underwriting, reinsurance, catastrophe insurance, claims, reserves, and other types of risk.
The Company's insurance subsidiary has managed insurance risks by setting standard operating procedures and management mechanisms, and implementing a monitoring mechanism to effectively strengthen the Company's insurance risk management abilities.
Operational risk refers to the risk of losses arising directly or indirectly from negligence or errors in internal operations, staff or systems, or from external events. The Company and its subsidiaries’ operational risk management is based on the principle of implementing the standard operating procedures and control points established in the internal control and internal audit systems, and ensuring the functioning and effectiveness of control points and check points through regular self-assessments of internal controls. Additionally, the Company strengthens its overall operational risk management through the gradual establishment of operational risk management mechanisms such as operational risk incident reporting, standard operating procedure reviews, operational risk measurement, risk control, and self-assessments.
Information security risk refers to the extent to which the normal operation of business-related information systems is affected or jeopardized by improper use, leakage, tampering, or destruction of information assets due to human negligence, intentional, or natural disasters.
Human resources risk refers to the risk related to human rights issues of employees and the development and management of human resources of the Company, such as attracting, retaining, and developing talents.
Emerging risks refer to new types of business or new types of risks that may have adverse effects on future business operations due to the failure to identify and evaluate risks.
Compliance risk refers to the risk of incurring penalties from the regulatory authorities, resulting in significant financial or reputational loss, when the Company engages in business activities without fully complying with relevant laws and regulations. The Compliance Affairs Department of the Company and its subsidiaries is responsible for the planning, management, and implementation of the legal compliance system and the establishment of the legal dissemination, consultation, coordination, and communication system. The department is also responsible for: ensuring that all operational and management guidelines comply with the law and are updated in a timely matter; producing opinions on the legality of and granting approval to the Company’s internal regulations; analyzing each department’s legal compliance material weaknesses or malpractice, and submitting improvement plans; assessing the effectiveness of each department’s legal compliance procedures, in order to ensure the effective implementation of the Company’s legal compliance system.
Legal risk refers to the risk of potential loss due to invalidation of the contract due to its lack of legal validity, ultra vires acts, omission of terms and conditions, and inadequate regulations. The Legal Affairs Department of the Company is responsible for the preparation, review, and management of external contracts, legal disputes, and consultation and handling of legal matters related to non-litigation and litigation cases.
Risks of money laundering and financing of terrorism refer to the risks that the business is abused for money laundering or financing of terrorism activities.
Integrity management risk refers to the risk that a director of the board, supervisor, manager, employee, or person with substantial control over the Company will directly or indirectly offer, promise, request, or receive any improper benefit or commit other unethical conduct such as breach of good faith, wrongfulness, or breach of fiduciary duty in the course of engaging in business activities in order to obtain or maintain benefits.
Environmental risk refers to the risk of greenhouse gas emissions management, carbon rights management, energy management, and other related issues in response to climate change and natural disasters, as well as the risk of compliance with international and local environmental regulations such as the management of air, water, waste, toxic substances, noise, and emissions or environmental impact assessment (EIA) requirements.
With the increasing global regulatory requirements, the rapid development of emerging technologies and the threat of climate change, risk management in the financial industry will change dramatically in the future. In order to address this trend as early as possible, the Company has completed the identification of emerging risks and subsequent plans and actions to further improve the efficiency and effectiveness of risk control.

