元大金控 元大金控 元大金控

Market risk refers to the risk of market prices, volatility, or other related changes that can result in losses to the Company's financial position. Market prices can include indexes, stock prices, interest rates, exchange rates, products and credit premiums. The market risk management principles of the Company and its subsidiaries include the setting of risk early-warning indicators, risk limits and quantitative values of risk based on the Company’s risk tolerance level to accurately estimate potential losses and effectively control market risk. Our value at risk (VaR) measurement model uses as a risk measure the maximum expected loss over the next trading day, which is estimated at a 99% confidence level.

Credit risk refers to risk arising from the following situations:

• Instances in which a bond (bill) issuer, borrower, counterparty, or custodian violates their contract, experiences bankruptcy or liquidation, or otherwise fails to uphold their contractual obligation to discharge debt liabilities, resulting in the risk of losses;
• Instances in which a bond (bill) issuer, borrower, or counterparty’s guarantor violates their contract, experiences bankruptcy or liquidation, or otherwise fails to uphold their contractual guarantee liabilities, resulting in the risk of losses;
• Instances in which the underlying instrument of a financial product experiences weakened credit or has its credit rating reduced, or in which the issuance contract of a financial product is violated, resulting in the risk of losses.

The Company and its subsidiaries set separate credit risk management mechanisms based on their respective risk attributes:

• Credit authorization risk: Using a credit rating or credit scoring model to classify and manage credit authorization cases and strengthen the credit risk measurement mechanism, in order to increase credit asset quality; using an early warning mechanism to integrate with the middle-term management platform, and immediately initiating post-authorization credit management and response measures, in order to reduce potential losses from credit risks.
• Financial transaction credit risk: in order to effectively integrate the Company and its subsidiaries' financial transaction credit risk distribution pattern, closely monitor any changes to the financial transaction credit exposure of the Company or its subsidiaries, the Company has not only implemented internal credit rating systems and credit risk classification and management to effectively evaluate and control financial transaction credit exposure, but has also established a credit early warning system and notification procedures to effectively respond to credit incidents.

Large exposure concentration risk refers to business concentration resulting in a specific risk factor, resulting in situations in which an unanticipated change in said risk factor can lead to the risk of significant losses for the Company. The Company and its subsidiaries have established large risk exposure management systems, which include credit authorization, investment and business transaction risks, and monitor overall risk exposure concentration levels on a same person (enterprise), same Group, same industry, and same country basis.

Market liquidity risk refers to insufficient market trading volume continuity or market disorder leading to a clear decline in trading volume, causing asset sales or closure of positions currently in progress to face the risk of potential losses. To reduce market liquidity risks, the Company and its subsidiaries have set specific guidelines for liquidity positions and potential loss limits based on their respective business areas and financial product characteristics, in order to ensure the market liquidity of the Company's overall positions.

Asset-liability matching risk includes asset liquidity risks and interest rate risks. Asset liquidity risk refers to situations in which assets cannot be sold in a timely manner or external financing cannot raise sufficient capital, causing a risk of inability to meet scheduled payment obligations. Interest rate risk refers to fluctuations in market interest rates which cause the net interest income of interest-bearing assets and interest-bearing debts to face risks from adverse changes.

The Company and its subsidiaries’ asset liquidity risk management is based on the characteristics of its various business areas, and sets in place appropriate asset liquidity risk monitoring standards, pre-assessment of potential funding gaps, effective control of overall asset liquidity risks, as well as setting in advance capital movement plans sufficient to respond to systematic risk events, in order to strengthen the asset liquidity risk management capabilities of the Company and its subsidiaries.

The Company and its subsidiaries’ interest rate risk management includes identification and measurement of interest rate repricing, yield curve risk, basis risk, options features, and other sources of risk, as well as using quantified monitoring indicators to set early warning values for evaluation, in order to effectively control the negative impact of interest rate changes on the net interest income of the Company’s interest-bearing assets and interest-bearing debts.

Insurance risk refers to the risk of loss due to unanticipated changes when the insurance business is operated and assumes the risk of transferring the insured after receiving the premiums and paying the claims and related expenses according to the contract. Insurance risk management includes product design, pricing, policy underwriting, reinsurance, catastrophe insurance, claims, reserves, and other types of risk.

The Company's insurance subsidiary has managed insurance risks by setting standard operating procedures and management mechanisms, and implementing a monitoring mechanism to effectively strengthen the Company's insurance risk management abilities.

Operational risk refers to the risk of losses arising directly or indirectly from negligence or errors in internal operations, staff or systems, or from external events. The Company and its subsidiaries’ operational risk management is based on the principle of implementing the standard operating procedures and control points established in the internal control and internal audit systems, and ensuring the functioning and effectiveness of control points and check points through regular self-assessments of internal controls. Additionally, the Company strengthens its overall operational risk management through the gradual establishment of operational risk management mechanisms such as operational risk incident reporting, standard operating procedure reviews, operational risk measurement, risk control, and self-assessments.

Information security risk refers to the extent to which the normal operation of business-related information systems is affected or jeopardized by improper use, leakage, tampering, or destruction of information assets due to human negligence, intentional, or natural disasters.

Human resources risk refers to the risk related to human rights issues of employees and the development and management of human resources of the Company, such as attracting, retaining, and developing talents.

Emerging risks refer to new types of business or new types of risks that may have adverse effects on future business operations due to the failure to identify and evaluate risks.

Compliance risk refers to the risk of incurring penalties from the regulatory authorities, resulting in significant financial or reputational loss, when the Company engages in business activities without fully complying with relevant laws and regulations. The Compliance Affairs Department of the Company and its subsidiaries is responsible for the planning, management, and implementation of the legal compliance system and the establishment of the legal dissemination, consultation, coordination, and communication system. The department is also responsible for: ensuring that all operational and management guidelines comply with the law and are updated in a timely matter; producing opinions on the legality of and granting approval to the Company’s internal regulations; analyzing each department’s legal compliance material weaknesses or malpractice, and submitting improvement plans; assessing the effectiveness of each department’s legal compliance procedures, in order to ensure the effective implementation of the Company’s legal compliance system.

Legal risk refers to the risk of potential loss due to invalidation of the contract due to its lack of legal validity, ultra vires acts, omission of terms and conditions, and inadequate regulations. The Legal Affairs Department of the Company is responsible for the preparation, review, and management of external contracts, legal disputes, and consultation and handling of legal matters related to non-litigation and litigation cases.

Risks of money laundering and financing of terrorism refer to the risks that the business is abused for money laundering or financing of terrorism activities.

Integrity management risk refers to the risk that a director of the board, supervisor, manager, employee, or person with substantial control over the Company will directly or indirectly offer, promise, request, or receive any improper benefit or commit other unethical conduct such as breach of good faith, wrongfulness, or breach of fiduciary duty in the course of engaging in business activities in order to obtain or maintain benefits.

Environmental risk refers to the risk of greenhouse gas emissions management, carbon rights management, energy management, and other related issues in response to climate change and natural disasters, as well as the risk of compliance with international and local environmental regulations such as the management of air, water, waste, toxic substances, noise, and emissions or environmental impact assessment (EIA) requirements.