Yuanta Financial Holdings' risk management structure covers the board of directors, the Audit Committee, the Risk Management Committee, company management, risk management units, legal and compliance units, as well as all business units.
The board of directors holds ultimate responsibility for risk management regarding all operations. Its major duties include approval of the Company’s risk management policy and risk management systems, approval of annual risk limits, and supervision of the management and implementation of the Company’s risk management systems.
The Audit Committee assists the board of directors in its risk management role. Its chief responsibilities include review of the Company’s risk management policies and risk management systems, review of annual risk limits, and assisting the board of directors in supervising the implementation of risk management systems.
The Risk Management Committee assists the Audit Committee and the board of directors in executing their risk management duties. Its main objectives include review of annual risks limits, review of risk management reports, integration and coordination Company subsidiaries risk management issues, and communication of other important matters relating to risk management.
Monitor risks associated with all Company business operations, and ensure that the Company’s risk management system can effectively control all relevant risks.
Independent and directly responsible to the board of directors, the Risk Management Department is responsible for the drafting of the Company’s risk management system, establishing effective methods and systems for measuring risks, controlling and analyzing risks, as well as the timely reporting and early warning of significant risks.
The Legal Compliance Department executes control over compliance risk, ensuring the compliance of business activities and risk management systems with relevant laws, and helping to evaluate any legal risks associated with the Company’s operations.
The Legal Affairs Department executes control over legal risk, and assists in evaluating business and legal documents, contracts, and other matters that may involve legal risk.
The Company’s business units are responsible for ensuring that all business activities and behavior adhere to the Company’s risk management guidelines.
The risk management organization of the Company follows a “three lines of defense” model, with each line having clearly defined organization, responsibilities, and functions to ensure the effective implementation of risk management mechanisms.
In order to establish the Company's risk management standards, and ensure that its risk management is comprehensive, effective, and reasonable, Yuanta has set in place its risk management policy to serve as guiding principles for its risk management system. The Company's risk management systems shall adhere to this policy, and shall be set after taking into consideration the various risk attributes faced and their potential impacts on the Company's operational stability and capital security.
Yuanta's risk management system covers market risk, credit risk, market liquidity risk, capital liquidity risk, interest rate risk, insurance risk, operational risk, compliance risk and legal risk, among others. Company subsidiaries shall adhere to the risk management policy as well as the guidelines of local regulators, in order to establish a risk management system appropriate to the business areas in which they are active, as well as their operational scale and asset scale. The Company periodically conducts reviews of the risk management systems of its subsidiaries to ensure that they are effectively managing the types of risk that they face.
Risk management principles of the Company and its subsidiaries are described below by category:
Market risk refers to the risk of market prices, volatility, or other related changes that can result in losses to the Company's financial position. Market prices can include indexes, stock prices, interest rates, exchange rates, products and credit premiums. The market risk management principles of the Company and its subsidiaries include the setting of risk early-warning indicators, risk limits and quantitative values of risk based on the Company’s risk tolerance level to accurately estimate potential losses and effectively control market risk. Our value at risk (VaR) measurement model uses as a risk measure the maximum expected loss over the next trading day, which is estimated at a 99% confidence level.
Credit risk refers to risk arising from the following situations:
- Instances in which a bond (bill) issuer, borrower, counterparty, or custodian violates their contract, experiences bankruptcy or liquidation, or otherwise fails to uphold their contractual obligation to discharge debt liabilities, resulting in the risk of losses;
- Instances in which a bond (bill) issuer, borrower, counterparty, or custodian violates their contract, experiences bankruptcy or liquidation, or otherwise fails to uphold their contractual guarantee liabilities, resulting in the risk of losses;
- Instances in which the underlying instrument of a financial product experiences weakened credit or has its credit rating reduced, or in which the issuance contract of a financial product is violated, resulting in the risk of losses.
The Company and its subsidiaries set separate credit risk management systems based on their respective risk attributes:
- Credit authorization risk: Using a credit rating or credit scoring model to classify and manage credit authorization cases and strengthen the credit risk measurement system, in order to increase credit asset quality; using an early warning system to integrate with the middle-term management platform, and immediately initiating post-authorization credit management and response measures, in order to reduce potential losses from credit risks.
- Financial transaction credit risk: in order to effectively integrate the Company and its subsidiaries' financial transaction credit risk distribution pattern, closely monitor any changes to the financial transaction credit exposure of the Company or its subsidiaries, the Company has not only implemented internal credit rating systems and credit risk classification and management to effectively evaluate and control financial transaction credit exposure, but has also established a credit early warning system and notification procedures to effectively respond to credit incidents.
Large exposure concentration risk refers to business concentration resulting in a specific risk factor, resulting in situations in which an unanticipated change in said risk factor can lead to the risk of significant losses for the Company. The Company and its subsidiaries have established large risk exposure management systems, which include credit authorization, investment and business transaction risks, and monitor overall risk exposure concentration levels on a same person (enterprise), same Group, same industry, and same country basis.
Market liquidity risk refers to insufficient market trading volume continuity or market disorder leading to a clear decline in trading volume, causing asset sales or closure of positions currently in progress to face the risk of potential losses. To reduce market liquidity risks, the Company and its subsidiaries have set specific guidelines for liquidity positions and potential loss limits based on their respective business areas and financial product characteristics, in order to ensure the market liquidity of the Company's overall positions.
Asset and liabilities risk includes asset liquidity risks and interest rate liquidity risks. Asset liquidity risk refers to situations in which assets cannot be sold in a timely manner or external financing cannot raise sufficient assets, causing a risk of inability to meet scheduled payment obligations. Interest rate risk refers to fluctuations in market interest rates which cause the net interest income of interest-bearing assets and interest-bearing debts to face risks from adverse changes.
The Company and its subsidiaries' asset liquidity risk management is based on the characteristics of its various business areas, and sets in place appropriate asset liquidity risk monitoring standards, pre-assessment of potential funding gaps, effective control of asset liquidity risks, as well as setting in advance capital movement plans sufficient to respond to systematic risk events, in order to strengthen the asset liquidity risk management capabilities of the Company and its subsidiaries.
The Company and its subsidiaries' interest rate risk management includes identification and measurement of interest rate repricing, yield curve risk, basis risk, options features, and other sources of risk, as well as using quantified monitoring indicators to set early warning values for evaluation, in order to effectively control the negative impact of interest rate changes on the net income interest of the Company’s interest-bearing assets and interest-bearing debts.
Insurance risk refers to the risk in insurance business activities in which, because of changes in specified risk types unanticipated at the time the insurance contract was initiated, result in insurance claims, payments, or listed costs which exceed insurance premiums. Insurance risk management includes product design, pricing, policy underwriting, reinsurance, catastrophe insurance, claims, reserves, and other types of risk.
The Company's insurance subsidiary has managed insurance risks by setting standard operating and management procedures and management systems, and implementing a monitoring system to effectively strengthen the Company's insurance risk management abilities.
Operational risk refers to the risk of losses arising directly or indirectly from negligence or errors in internal operations, staff or systems, or from external events. The Company and its subsidiaries' operational risk management is based on the principle of implementing the standard operating procedures and control points established in the internal control and internal audit systems, and ensuring the functioning and effectiveness of control points and check points through regular self-assessments of internal controls. Additionally, the Company is utilizes operational risk incident reporting, standard operating procedure reviews, operational risk measurement, risk control and self-assessments to strengthen its overall operational risk management.
Compliance risk refers to the risk of incurring penalties from the regulatory authorities when the Company engages in business activities without fully complying with relevant laws and regulations. The Company and its subsidiaries have given the Legal Compliance Department responsible for legal compliance system guidelines, management, and execution, as well as for establishing a system for consultation, coordination, dissemination, and communication of matters relating to legal compliance. The department is also responsible for: ensuring that all operational and management guidelines comply with the law and are updated in a timely matter; producing opinions on the legality of and granting approval to the Company's internal regulations; analyzing each department's legal compliance material weaknesses or malpractice, and submitting improvement plans; assessing the effectiveness of each department's legal compliance procedures, in order to ensure the effective implementation of the Company's legal compliance system.
Legal risk refers to the risk of potential losses arising from possible punishment or corrective action imposed by the competent authority for failure to fully comply with its laws and regulations, or from contracts whose terms are found to be incomplete and therefore lack full legal force. The Company’s dedicated legal department is in charge of managing the legal compliance of all business activities as well as the in-depth assessment and management of all facets of the Company’s legal and regulatory risks.