The Cathay FHC Board of Directors is the highest decision-making authority among our risk management organizations, and is in charge of the supervision and approval of the Risk Management Policy as well as other major risk management systems. Cathay established its Risk Management Committee as well as independent risk management units. We adopt Three Lines of Defense to implement risk management and internal control.



Cathay FHC's risk management is based on the Enterprise Risk Management (ERM) framework, under which we established our Risk Management Policy. It stipulates management guidelines and various risk assessment indicators in terms of market, credit, operational, liquidity risk and capital adequacy, implementing risk management via relevant businesses related to investments and credit loans. Cathay FHC established reporting systems for our credit and operational risks to improve the effectiveness of management. Meanwhile, Cathay FHC and its major subsidiaries also regularly submit reports on risk management implementation to our Risk Management Committee and Board of Directors, thereby fully disclosing the extent of Cathay's exposure to risks and reviewing the compliance with risk management systems.


Risk Management and Internal Control

Through sound internal control systems, Cathay adopts three lines of defense in risk management and control. The first line of defense is the business operations and management units, which are responsible for controlling operational risks effectively. The second line of defense is risk management units, which are responsible for the planning, assessment, and supervision of risk management and compliance mechanisms as well as giving recommendations. Lastly, the audit units are responsible for reviewing compliance issues in accordance with regulations and the performance of the risk measures in place. Furthermore, Cathay Financial Holdings Policy for Employee Performance Management and Development includes indicators as "Performance on Internal Controls" and "Performance on Compliance." All of the company’s directors participated in corporate governance or risk management training courses. 


Managing Emerging Risks

Cathay FHC includes identified emerging risks in its risk management in the face of global emerging risks such as FinTech, extreme weather, and drastic changes in demographics. We review and establish response measures to risks on an annual basis, and will strengthen their connection with our operation plans. Our risk governance will be further enhanced with the official incorporation of emerging risks into our Risk Management Policy in 2019.

Risk items Impact Response measures
Cyber-attacks Inadequate design of the information security framework, or insufficient control of management mechanisms regarding the systems, networks and privacy may lead to higher risk of information systems being hacked, as well as increase the probability of personal information leakage. This creates the risk of potential lawsuits, fines, and suspension of operations.
  1. Review the information security blueprint and strengthen the anti-hacking mechanism of the information framework to ensure the security of internal and external services
  2. Continue to implement social engineering drills and information security training programs
  3. Implement on-site and remote backup drills as well as information security event response drills to ensure the continuity of corporate operations
  4. Strengthen the information security protection mechanisms of overseas offices and implement information security inspections for overseas offices
Climate-related risks

Refers to the global warming that leads to sea level rise and higher frequency of extreme weather, as well as more violent atmospheric circulation. Such developments have not only brought extreme weather to locations hitherto unhit by climate disasters, but may also produce risks threatening Cathay's business development.

  1. Pay attention to various requests from stakeholders regarding climate change, and take responsive actions in due time
  2. Develop qualitative or quantitative tools for assessing the impact of climate change on Cathay's finance or operations
  3. Establish emergency response teams for disasters, organize disaster management training and drills, and enhance equipment safety examination

Cathay FHC is committed to development of our compliance culture centering on our core values of "Integrity, Accountability, and Innovation”. Cathay FHC established the Compliance Department in 2015 to ensure that each of business consistently adhere to laws and regulations. Our Guidelines for Implementing Compliance Policies have been established to ensure that all employees comply with the laws and regulations applicable to their businesses. The Chief Compliance Officer of Cathay FHC is in charge of the management and implementation of group-level compliance policies, the planning and supervision of matters regarding Cathay FHC's compliance, as well as semiannual reports on compliance implementation to the Board of Directors and the Audit Committee. We also convene group-level Compliance Committee; 3 meetings have been convened in 2018. We semiannually implement compliance self-evaluations and self-inspections to ensure that all business units comply with and effectively implement relevant laws and regulations.


Group-level Whistleblowing Program

Cathay FHC implements a corporate culture of integrity and transparency by establishing the group-level whistleblowing program in 2018, which is supervised and directed by our independent directors, and planned and implemented by Compliance Dept., which reports respective implementation to the Board of Directors and Audit Committee every six months. The system clearly specifies the handling and investigation units, processing procedures, and reporting channels (including internal and external channels as well as hotlines). It also specifies the protection measures for whistleblowers, including ensuring the confidentiality of their identities and protecting them from unfair treatment provoked by their whistleblowing actions. From its initiation in October 2018 to the end of December of the same year, Cathay has received 0 reports from internal and external whistleblowers, and officially launched investigation for 0 cases. No illegal activities have been found.


Enhancing AML/CFT Mechanism

In response to the global AML/CFT trends and supervisory requirements in Taiwan and abroad, Cathay established its Guidelines Governing Anti-Money Laundering and Combating the Financing of Terrorism, according to which the Chief Compliance Officer of Cathay FHC acts as the AML/CFT Compliance officer and convenes committees for Cathay's AML/CFT matters. In 2018, 5 meetings have taken place. Cathay FHC and all of its subsidiaries continue to develop AML/CFT systems by adopting the risk-based approach; we have also included relevant SOPs in the items of self-inspection and internal audit, and enhanced customer due diligence and continuous monitoring measures in terms of high risks.


We established Cathay FHC Guidelines for Information Sharing on Anti-Money Laundering and Combating the Financing of Terrorism to effectively implement risk management and enhance the monitoring of risk control across Cathay’s companies. The Cathay FHC Guidelines for Money Laundering and Terrorist Financing Risk Appetite Management specifies details about the zero-tolerance policy concerning our employees’ money laundering and terrorist financing activities, as well as the matrix-based risk appetites on FHC and subsidiary levels, key risk indicators and handling procedures, and the enhancement of management mechanisms for early warning. In accordance with Taiwan's first National Risk Assessment Report, we also adjusted risk methodologies, and our subsidiaries’ annual institutional risk assessment reports have been incorporated. We have formed several group-level task forces in charge of reviewing the effectiveness of risk control and modifying methodologies and risk standards to perfect Cathay's AML/CFT governance.


The incessant natural and man-made disasters worldwide underscore the importance of effectively tackling risks, which can pose a threat to a country, a company or an individual at any time. With risk management being the top priority of every sustainability-minded business, Cathay FHC introduced standardized processes based on the “Emergency Management Policy” and “Procedure for Reporting Credit Risk-related Emergencies” to guide its staff through emergencies. Also, an ad-hoc committee of crisis management would be ready to prevent, or minimize, losses incurred from emergency situations.

Furthermore, Responding to the company’s overseas expansion in 2014, we added Guidelines for Handling of Major Emergency Incidents in Overseas Branches of Cathay FHC and Subsidiaries, improving risk control of overseas branches.

Major Event Reporting Guidelines

1. Cathay Financial Holdings has formulated the Major Event Reporting Guidelines to establish notification and response procedures when significant events occur so as to minimize the effects of such events on the company and its subsidiaries. The guidelines clearly specify the notification and response procedures for handling various unexpected events, and provide a reference for each subsidiary for processing.

2. When a major event occur at the company , in addition to taking required contingency measures, the unit to which the event occurs should promptly report the event to the unit’s direct manager and the subsidiary should inform Cathay FHC.

3. When an extraordinary event occur that requires the careful notification of each unit of preventative measures, all relevant units must be contacted to prevent the spread of event.

Credit Event Control

To refine our risk management and minimize adversity caused by sudden credit events among our debtors or investees, we have developed “the Credit Emergency Reporting Guideline” for appropriate reporting procedures.

Reporting Items

Warning event reporting and major event reporting.

Reporting Procedure

The business unit should report to both the subsidiary’s risk management department and the Cathay Financial Holdings’ risk management division immediately when warning or major event occurs among debtors or investees. The Risk Management Division should aggregate the Group’s exposure amount and provide solution, when needed.


Please let us know your precious opinions.

Contact US


Happiness is how you think of what you have.


News Center

For more information, please visit our News Center.