CG6013(2021) Corporate Governance System Evaluation Certification
Incorporating ESG Risks into Risk Management Policy
Overview of Operation
Cathay Financial Holdings ("Cathay FHC," includes Cathay Life, Cathay United Bank "CUB," Cathay Century, Cathay Securities, Cathay Securities Investment Trust “Cathay SITE,” and Cathay Venture) is committed to maximizing value for our shareholders, customers, and employees and upholding our core values of "Integrity, Accountability, and Innovation." We align our business strategy with market conditions, leverage our financial competencies, drive digital transformation, and achieve group synergies in order to provide financial services that are comprehensive, convenient, and personalized. Cathay FHC will continue to focus on our three engines of growth – “Insurance + Banking + Asset Management,” and advance toward our vision of becoming a “leading financial institution in the Asia-Pacific region.”
Despite the impact of tightened monetary policies in major economies, ongoing international geopolitical risks, and slowing momentum of global economic growth in 2023, Cathay FHC adhered to the sustainable operation strategy and recorded a consolidated after-tax profit of NT$51.5 billion (US$1.68 billion) and earnings per share of NT$3.24, thanks to the concerted efforts of our employees. In addition, our subsidiaries, CUB, and Cathay SITE, once again achieved record-high profits.Corporate Governance
At Cathay FHC, the board of directors serves as the highest decision-making body, with the chairman acting as its head. The chairman's role is to oversee the company's overall management operation and does not hold any senior leadership management positions. In 2023, the board of directors held 8 meetings with a board attendance rate of 92%. On average, board members have served for 10 years (five independent directors serve an average of 4.9 years). At Cathay FHC, the board of directors has established four functional committees: the audit committee, remuneration committee, corporate governance and nomination committee, and risk management committee. These committees are responsible for reviewing important proposals. To effectively implement independent supervision and checks and balances, all proposals at Cathay FHC are reported and discussed by the board of directors. If there is a conflict of interest with the director or the institution he/she represents, the director shall recuse him/herself from the proposal discussion to maximize the benefit of all stakeholders.
Cathay FHC has established several guidelines and regulations to improve the effectiveness of its board of directors. These include the "Guidelines for Evaluation of Directors' Performance" and "Guidelines for Directors' Remuneration," as well as the "Regulations Governing the Evaluation of the Board and Functional Committee's Performance." These guidelines incorporate indicators such as compliance, corporate governance, risk control, corporate sustainability and corporate social responsibility. In 2023, the results of the internal performance evaluation of Cathay FHC's board and functional committee showed that the performance "exceeded expectations." To strengthen the independence and effectiveness of the Board's performance evaluations, Cathay FHC has, since 2017, committed to appointing an external professional independent organization or experts at least once every three years to conduct an external performance evaluation of the Board of Directors. In 2022, the " Taiwan Institute of Ethical Business and Forensics " was commissioned to complete the external performance evaluation of the company's Board of Directors for the year 2021. Based on the association's optimization suggestions, improvement measures were discussed and implemented. For more information, please visit the Corporate Governance sectionRemuneration of Senior Management
At Cathay, we have established the "Guidelines for Remuneration of Senior Management." The purpose of these guidelines is to create long-term shareholder value, implement a role-based remuneration mechanism, and provide incentives to attract talented individuals. The guidelines set out standards for compensation and bonuses. The fixed compensation for senior managers is determined based on their roles, responsibilities, performance, and expertise. It is benchmarked against market standards. The variable element of senior management compensation is tied to the company's annual performance and the manager's achievement of personal targets. Both the fixed and variable parts of the compensation are established according to the "Guidelines for Remuneration of Senior Management." They are approved by the remuneration committee and the board of directors. To ensure fair and reasonable compensation for senior managers, Cathay conducts an annual remuneration competitiveness analysis and evaluates each senior manager's fixed compensation individually. Additionally, we review the "Guidelines for Remuneration of Senior Management" every three years and submit them to the remuneration committee and board for approval.
Cathay also seeks to bolster the corporate governance structure and ensure effective oversight over Cathay managers. This can further advance the company's operational capacity and serve as factors when determining remuneration, positions, rotations, and bonuses to managers. To such ends, Cathay FHC has developed the Performance Management & Development Guidelines for Cathay Managers to instruct managers to formulate personal performance targets according to annual company/department strategies, focuses, and goals; their positions and responsibilities (incl. internal control and compliance implementation results); and other spotlights for the year (e.g., Corporate Sustainability indicators). Their personal performance targets can ensure that Cathay managers' KPIs are tied to the company and their unit's strategic goals.For more information on remuneration of Cathay FHC’s CEO, please refer to 《2023 Cathay FHC's Report on Remuneration of the President 》
To link the interests of management and stockholders, Cathay FHC has set stock ownership guidelines for Cathay’s executive officers. Please refer to 《Cathay Financial Holdings Stock Ownership Guidelines.》
As an example, the variable compensation of the Cathay FHC President is tied to performances in financial returns, relative financial metrics, operational indicators on strategic developments, internal control and compliance, and corporate sustainability indicators. To further strengthen the company's long-term performance, a portion of the variable compensation for the Cathay FHC President is deferred. The long-term incentives structure involves the payout of the variable compensation over three years rather than in full in the year of earnings. If there are occurrences of aggravated circumstances, such as intentional or material faults, professional activity leading to material risks for the company, or unethical actions during the deferred period, the remuneration committee and the board of directors have the authority to cancel the long-term incentives. Cathay's operations are primarily based in Taiwan. The compensation of the highest-paid individual within the organization is 38.3 times the median compensation of the organization's employees (excluding the highest-paid individual). In addition, the annual compensation growth rate of the highest-paid individual is negative 14.2 times the annual median compensation growth rate of the remaining employees. The performance indicators for the President are additionally taken on by senior executives of relevant business units within each company, such as the Risk Management Department, Corporate Sustainability Office, Human Resources Department, and Responsible Investment Team. Among these, ESG (Environmental, Social, and Governance) issues account for approximately 10% to 90% of the senior managers' performance indicators. Cathay FHC President's Performance IndicatorsWeight | Important Business Metrics | Details |
50% | Financial returns | Return on equity (ROE), after-tax EPS of common stock, etc. |
Relative financial metrics | Changes in shareholding ratio by foreign investors (relative to other financial institutions) | |
Other important financial metrics | Capital adequacy ratio, risk management, etc. | |
50% | Operational indicators on strategic developments | Digital transition and innovation, FinTech, corporate and brand image, etc. |
Corporate sustainability indicators | Operations environmental impact, talent and skill development, corporate governance, privacy and information security , etc. | |
Internal control & compliance metrics | Internal control & compliance implementation results |
1. Fixed compensation as a percentage of total remuneration | 40.1% |
2. Variable compensation as a percentage of total remuneration | 59.9% |
2-1 Cash compensation as a percentage of variable compensation (Note 1) | 79.0% |
2-2 Stock-based compensation as a percentage of variable compensation (Note 2) | 21.0% |
Aspect | Materiality Issue | Related Senior Manager/ Executive | Percentage |
---|---|---|---|
E | Sustainable Financial Products | Chief Investment Officer, Administrative Division Director, Senior Manager of relevant departments of each subsidiary | 10%~90% |
Responsible Finance | |||
Carbon Emissions in Financial Assets | |||
Environmental Impact of Operations | |||
S | Health promotion and life security | Administrative Division Director、Chief Financial Officer (Spokesperson), Senior Manager of relevant product departments of each subsidiary | |
Financial Planning and Services | |||
Talent Skills & Development | |||
Attracting and Retaining Talents | |||
Customer Relationship Management | |||
Occupational Safety and Health | |||
Inclusive Workplace | |||
Youth Empowerment | G | Business Performance | Chief Financial Officer (Spokesperson), Digital, Data & Technology Center Director, Chief Risk Officer, Chief Compliance Officer, Chief Information Officer, Administrative Division Director, senior executives from the digital product and service departments of each subsidiary |
Digital Transition and Innovation | |||
Business Continuity | |||
Ethics and Compliance | |||
Privacy and Information Security | |||
Risk Management | |||
Corporate governance |
Codes of Conduct: Systems/ Procedure
Cathay FHC has adopted “Policy and Code of Operation Integrity” We implement the following management mechanism to review the implementation status of ethical corporate governance:
Responsibilities, accountabilities, and reporting lines
The Company has established business integrity practices and preventions against dishonest conducts based on its “Policy and Code of Operation Integrity.” Preventions of dishonest conduct include operating procedures, behavioral guidelines, and training programs, for which the Company has implemented through a separate policy called “Operational Procedures and Guidelines of Ethical Corporate Management Best Practice.” The Company is bound to comply with The Company Act, Securities and Exchange Act, Business Entity Accounting Act, Political Donations Act, Anti-Corruption Act, Government Procurement Act, Act on Recusal of Public Servants Due to Conflicts of Interest and any laws that pertain to business conduct of TWSE/TPEX listed companies. These regulations shall provide the foundation for the Company's integrity management.
Furthermore, the Company’s directors, managers, employees, and controllers are prohibited from offering, committing, requesting, or accepting any illegitimate benefits, or involving in any conducts that would be construed as dishonest, illegal or in breach of trust, whether directly or indirectly, while carrying out their duties. All reported cases of violation against business integrity shall be thoroughly investigated by the audit unit; any established cases of misconduct will be referred to the Administration Department and disciplined according to the Company’s policies. The Company has created a “Sustainable Governance Panel” under the “Corporate Sustainability Committee,” the latter reports directly to the board of directors. The panel is responsible for corporate governance-related matters within the group, such as business integrity, anti-corruption, anti-bribery, and compliance; it reports progress regularly (at least once a year to) the board of directors. The board of directors of the Company will exercise the duty of care as prudent managers to supervise and prevent dishonest conducts and ensure that the integrity policy is duly enforced. Furthermore, the Audit Division is required to include compliance with the code of conduct as part of its audits, and report regularly back to the board of directors on any defects found and any steps taken to improve.
Dedicated help desks, focal points, ombudsman, hotlines
We have established clear reporting channels following our " Procedure for handling cases of reporting unethical or dishonest conduct" and the group's reporting mechanism. We have also established a response protocol to ensure that all reports are thoroughly investigated, and that the legal rights of whistleblowers and any other relevant personnel are protected throughout the process. We are committed to protecting the identity of whistleblowers and any other individuals involved in the investigation to prevent any potential retaliation or unfair treatment. In 2023, there were no reported cases of insider trading, antitrust, monopoly, and market manipulation violations.
Channels for Reporting Cases
(1) For cases that involve crimes, frauds or violations of laws, our employees may report via the Cathay FHC group-level Whistleblower System in the forms of mail, email or telephone, which is publicly disclosed on our Chinese official website:https://www.cathayholdings.com/holdings/compliance/whistleblowing_system
(2) For incidents that involve sexual harassment or other violations of the principle of gender equality, our employees may report via Cathay FHC’s sexual harassment and gender equality violation complaint channels.
(3) For other issues not mentioned above, our employees can reach out to the human resources department.
Compliance/codes of conduct linked to employee remuneration and performance appraisal systems
The results of internal control implementation and compliance implementation are integrated into the performance evaluation criteria for managers and employees. This approach aims to link employee remuneration and performance assessment with the effectiveness of our risk management system, ensuring its robust operation.
Disciplinary actions in case of breach
Cathay FHC encourages both internal and external personnel to report any dishonest or inappropriate behavior. The relevant reporting channels and handling procedures are managed according to the Company's " Procedure for handling cases of reporting unethical or dishonest conduct." If the reported misconduct is found to be true, it will be used as a reference for adjusting employee salaries, positions, and issuing bonuses according to the relevant regulations.
Furthermore, Cathay FHC “ Declaration of Sustainability Values” clearly states that “The Company strictly prohibits any behavior or events that violate professional ethics. If there is a violation of the laws of a country or of the Company’s Code of Ethics, such breaches will be subject to impartial treatment without tolerance.”
Compliance system audited by third party
Cathay FHC engages third-party auditors to review the company's codes of conduct and compliance systems for enforcing these codes, including tracking and reporting of breaches. Auditors then provide an opinion statement based on their review. Please see" Cathay FHC Systems & Procedures of Codes of Conduct Audit Opinion Report ".
Conduct regular self-evaluations and review for unethical risk behavior
We conduct an annual ethical management risk assessment. Items evaluated include offering or accepting improper benefits (offering/accepting bribes), illegal political contributions, unethical charitable contributions, violation of recusals, violation of stakeholder interests, violation of intellectual property rights and information confidentiality, etc. If the review identifies existing or potential unethical behavior, corrective and remedial action must be taken immediately.
We conducted the unethical conduct risk assessment for 2022 in 2023 and presented the assessment results to the board; the same assessment for 2023 was conducted in Q1 of 2024.
Training
Employee ethics and code of conduct training is a required annual course. The training lasts one hour. The training completion rate for 2023 was 100%.
Reporting on breaches
Cathay FHC has established clear reporting channels following our “Procedure for handling cases of reporting unethical or dishonest conduct” and the group’s reporting mechanism. We have also established a response protocol to ensure that all reports are thoroughly investigated, and that the legal rights of whistleblowers and any other relevant personnel are protected throughout the process. We are committed to protecting the identity of whistleblowers and any other individuals involved in the investigation to prevent any potential retaliation or unfair treatment. In 2023, there were no reported cases of insider trading, antitrust, monopoly and market manipulation violations. Please see Cathay FHC 2023 CS Report Chapter 4.1 Workplace Empowerment for discrimination or harassment and Chapter 6.5 Service Quality & Customer Rights for customer privacy data cases.
Area of breaches | FY2023 |
Corruption or Bribery | 0 |
Discrimination or Harassment | 7 |
Customer Privacy Data | 14 |
Conflicts of Interest | 0 |
Money Laundering or Insider trading | 0 |
Total number of cases | 21 |
Improvement Measures for Breaches
Discrimination or Harassment
Cathay supports a workplace of equality and inclusion. To prevent workplace discrimination and harassment, we instituted the "Regulations for Establishing Measures of Prevention, Correction, Complaint and Punishment of Sexual Harassment at Workplace" and set up a dedicated sexual harassment mailbox and the Sexual Harassment Grievance and Investigation Committee to investigate reported instances of sexual harassment. If the report is found to be true, the accused will be subject to disciplinary action in accordance with company policy, while the victim will receive all necessary support, including psychological counseling. Other colleagues will be asked to increase their education and training on sexual harassment to prevent such incidents in the future. In 2023, there were seven reported cases of sexual harassment or gender equality violation, all of which were appropriately addressed based on the procedures outlined.
Customer Privacy Data
In 2023, all 14 personal data breaches were reported by customers through complaint channels. A total of 61 customers were affected by the 14 personal data breaches mentioned above. Upon further investigation, Cathay FHC identified the case as personal negligence from financial advisors and sales agents in handling customer information. None of the cases were material data breaches or infringements on customer privacy. Cathay FHC has been able to settle the cases with customers and handled the situation accordingly. We will continue to organize employee training and strengthen awareness programs to ensure related employees fully recognize the importance of personal information protection. In addition, the group will continue to strengthen and monitor the use of customers' personal information and improve related protection measures to reduce future data breaches.
Preventing Insider Trading
Cathay FHC submits “Notes on Reporting of Insider's Equity Change in the Company” when the insiders such as directors, managers and others take office to comply with it, so as to avoid violations or occurrences of insider transactions. In addition, Cathay FHC also files the "Director's Manual" and the "Compliance Brochure for Directors and Supervisors of TWSE/TPEx-Listed and Emerging Market Companies", "Directions of Securities Market Regulatory for the TWSE/TPEx-Listed company and its directors, supervisors and major shareholders" and "Compliance Brochure for Independent Directors" and other information which are compiled by the Taiwan Stock Exchange Corporation when the Directors take office to assist Directors in understanding the laws and regulations related to securities transactions and listing rules and other relevant reporting matters and legal responsibilities
In addition, in order to standardize the procedures of disclosure and management mechanisms of Cathay FHC and its subsidiaries’ material information, Cathay FHC established “Guidelines/Regulations of Disclosure of Cathay FHC and its subsidiaries’ Material Information ”and “Regulations of Press Conferences Concerning Material Information of Cathay FHC and its subsidiaries” by referring to the“ Taiwan Stock Exchange Corporation Procedures for Verification and Disclosure of Material Information of Companies with Listed Securities”. Through disclosing those rules mentioned above in the rules and regulations zone of Cathay FHC’s internal website, personnel throughout all levels of the Company can enquiry at any time, so as to avoid violating or occurring insider trading.
Cathay FHC also has stipulated “Policy and Code of Operation Integrity”, “Procedures and Guidelines of Integrity Management Operation”, “Code of Ethics” and “Code of Conduct of Employees”, all of which contain the relevant provisions of “Prohibition of Insider Trading”. Cathay FHC holds educational trainings annually for directors, managers, and employees on the "Code of Integrity, Ethics, and Conduct." The 2023 education training was completed in December 2023 with 668 participants for a total of 668 person-hours.
For understanding and complying Cathay FHC’s "Policy and Code of Operation Integrity", " Procedures and Guidelines of Integrity Management Operation" and "Code of Ethics", the Company submits those rules and policies to the Directors, and publishes on the internal educational training platform for employees to check at any time. Besides to the prohibition of insider trading, the educations and trainings include the contents and cases of anti-money laundering, prohibition of getting gifts and hospitality, participation in public affairs, political contributions, etc.Cathay FHC has notified the directors not to trade the company's stocks during the closed period of 30 days before the announcement of the annual financial report and 15 days before the announcement of the quarterly financial report in accordance with " The Policy of Prevention of Insider Trading ". The date when the financial report is scheduled to be submitted to the board of directors and the closed period of the company's stock trading are notified to the directors to follow, so as to prevent the directors from violating The Policy.
Risk Governance
Board level responsibility
The Company has established the Risk Management Committee since April 1, 2023, which consists of 3 directors (including 2 independent directors). All members have expertise in “risk management” and “corporate governance”, and all members have the professional skills required by the committee, and its responsibilities include:
(1) Review the Company’s risk management policies and guidelines.
(2) Review the Company’s annual risk appetite or limit that needs to be approved by the Board of Directors.
(3) The Risk Management Department reviews the Company’s risk management practices and reports to the Board of Directors on a quarterly basis.
(4) Review of other risk management related proposals to be reported to the Board of Directors.
(5) Carry out other matters as instructed by the Board of Directors to be handled by the Committee.
Three Lines of Defense Model
To implement robust risk management and internal control, Cathay FHC utilizes the Three Lines of Defense model to manage, monitor, and audit operational risks through structured processes and management frameworks:
(1) First line of defense: Operational and management units ensure that operating risks are effectively controlled and responded to.
(2) Second line of defense: The independent Risk Management Division, Compliance Department, and Information Security Department assist with risk system planning, assessment, management , and monitoring. Supervision and management is provided by senior management, including the Chief Risk Officer (CRO), Chief Compliance Officer (CCO), and Chief Information Security Officer (CISO), as well as the Risk Management Executive Committee and Information Security Committee.
(3) Third Line of Defense: Audit Division established directly under the board of directors to oversee organization and responsibilities of the internal audit system. A chief auditor has been assigned to oversee audit tasks and make quarterly reports to the Audit Committee and the board of directors on the audit progress.
Risk Management Processes
Risk Review
The Company’s main risk sources can be categorized into market risk, credit risk, operational risk, liquidity risk, insurance risk, capital adequacy management, emerging risk, ESG and climate risk, and reputation risk. The Company regularly report the progress of risk management tasks to the Risk Management Committee. Our assessment methods:
(1) Impact and likelihood:The Company takes into account of various risks and identifies, assesses the impact and likelihood of occurrence by qualitative and quantitative evaluations, and generate the Company’s top risks ranking and risk matrix. Political and economic risks, as well as talent retention risks, are also considered major risks. The top risks are managed and mitigated by appropriate actions.
(2) Framework to determine the risk appetite for identified risks: Using subsidiary Cathay Life Insurance as an example, the company annually defines risk appetite and establishes corresponding risk limits and levels. It calculates and monitors various risk indicators, planning response measures when specific risk levels are reached. Additionally, the capital adequacy ratio and net worth ratio are regularly calculated according to the risk-based capital (RBC) to meet statutory minimum requirements. The company also performs regular calculations of reserve-weighted interest rates, the value of new business, and liability figures to inform decision-making.
(3) Stress testing and sensitivity scenario analyses:For market and credit risks, the Company regularly conducts stress testing by various scenario sensitivity analysis. Additionally, Cathay annually reviews its risk appetite to establish risk limits and levels. Risk control indicators are regularly calculated and monitored, and response measures are devised for specific risk thresholds.
Risk Exposure
Cathay FHC's Risk Management Policy sets forth rules and standards for managing major risks. Implementation results are reported to the Risk Management Committee and the board at least every quarter to ensure comprehensive oversight of the group's risk exposure. Market and credit risk examples:
(1) Market Risk: Assess and monitor Value at Risk (VaR) and perform sensitivity analysis on positions to fully implement market risk management in response to price fluctuations in the financial market.
(2) Credit Risk: Regularly monitor risk exposure by reviewing the risk concentration limit for Cathay, different sectors, specific high-risk sectors, and countries to effectively supervise and ensure the diversification of credit risk.
Risk Management Process Audit
(1) Internal audit:The Company has developed an effective internal control system. Internal audit units are required to perform audits on employees’ compliance with the above system, including general audits at least once a year, and special audits on finance, risk management and compliance for the Company and subsidiaries at least once every six months. Half-yearly special audits can be exempted if the general audit already covers the scope of the special audit and no major defect is found.
(2) External audit:Cathay FHC engages third-party auditors to review the methods, tools, and processes for identifying, assessing, controlling, monitoring, and reporting major risks. Auditors then provide an opinion statement based on their review. Please see "Cathay FHC Risk Management Process Audit Opinion Report."
Risk Culture
Regular risk management education for all non-executive directors
Cathay FHC plans appropriate risk management training courses for the Board of Directors based on changes in internal and external environmental conditions and company operational needs. Five online training courses, totaling 5.4 hours, were held by Cathay FHC in 2023, including "Opportunities and Risks of Generative AI for the Financial Industry," "Network Supply Chain Risk Management," "Financial Cloud Security Practices," "Geopolitical Judgments and Cross-Strait Security Situation Analysis," and "Common External Fraud Cases in the Financial Industry."
Additionally, diverse course information from various training institutions is periodically provided to the directors, allowing them to evaluate and arrange corresponding courses based on their professional backgrounds and needs. The courses cover fields such as risk management, corporate governance, and information security, etc. According to “Directors’ and supervisors’ ongoing education in 2023” in 2023 Cathay FHC Annual Report, five non-executive directors (independent directors) of Cathay FHC have all received education and training related to risk management, trainings included “How to supervise the Company’s corporate risk management and crisis management”, “The Opportunities and Risks of Generative AI in the Financial Industry”, “Climate Change Stress Testing of Financial Institutions”, and “ChatGPT’s impact on the industry and countermeasures”, etc.
Focused training throughout the organization on risk management principles
The Company annually implement general education courses on risk management for all employees of Cathay FHC and its subsidiaries. In 2023, our completion rate is 100%.
Incorporation of risk criteria in the development of products and services
Cathay FHC places significant emphasis on the potential risks during new product development. Relevant management mechanisms are established both before and after the product launch, ensuring compliance with regulatory standards and adherence to the principles of treating customers fairly. This approach aims to mitigate financial, regulatory, and operational risks. For example, in the case of life insurance products developed by Cathay Life:
(1) Financial Risk: Each year, profit standards and sales limits for products are set based on the company’s overall risk appetite. Before product launch, the profitability is assessed to ensure it meets these standards. Afterward, sales volume and claims experience are continuously tracked to ensure that expected profitability is achieved.
(2) Regulatory Risk: In accordance with the "Regulations Governing Pre-sale Procedures for Insurance Products" and the "Guidelines for the Review of Life Insurance Products" issued by regulatory authorities, products are submitted to the Insurance Product Review Committee (convened by senior executives) for review before being submitted for regulatory approval. Qualified product signatories, including actuaries, risk managers, legal advisors, underwriters, claims, policy administration, and investment personnel, review the product for legal compliance.
(3) Operational Risk: Before the sale of any insurance product, senior executives convene the Insurance Product Management Committee meeting to ensure the appropriateness of various aspects such as information disclosure, actuarial data alignment and verification, information system setup and testing, risk control mechanisms, reinsurance arrangements, and sales channel training. Additionally, post-sale, the Insurance Product Management Committee meets every six months to review compliance with relevant regulations, consumer rights protection, asset-liability adequacy, and sales quota tracking, thereby reducing the likelihood of operational risk occurrence.
Financial incentives which incorporate risk management metrics
Cathay FHC regularly identifies and assesses material risks confronting the company's future with the help of reports from authoritative organizations and benchmark companies, and then determine mitigating actions. In 2023, we identified emerging risks in the Geopolitical risk & regional confrontation, talent cultivation & retention and information security categories. Cathay FHC evaluates the potential impact the risks may pose on the company's operation and establishes the mitigating actions.
The management effectiveness of risks such as Talent Cultivation & Retention and Information Security are included in the KPIs of the senior executives of the responsible units and are linked to their variable compensation.
Risk Type | Senior Executives | Performance Indicators Description |
Talent cultivation & retention | Head of Administration Division | Talent Experience and Development Program: Establishing a comprehensive talent development plan to create diverse growth opportunities for employees, enhancing irreplaceable skills, and ensuring a continuous cycle of sustainable talent development. |
Information security | Chief Information Security Officer | Cloud Security Management Operations: Aligning with the group’s digital transition plan to complete management procedures related to Cathay's cloud environment. Establishing a Data Classification System: Completed the formulation of the "Data Classification Management Guidelines," and all departments have implemented the data classification and grading system. |
Emerging Risks
Facing the increasingly complex global financial operating environment, as well as the increasing issues such as technological development and population aging with rising probability of occurrence. In response, Cathay FHC regularly identifies and assesses material risks confronting the company's future with the help of reports from authoritative organizations and benchmark companies, and then determine mitigating actions. The risk exposure and risk management system are then presented to the Risk Management Committee and the Board of Directors. Cathay FHC evaluates the potential impact the risks may pose on the company's operation and establishes the mitigating actions.
Tax Governance
IT Security/ Cybersecurity Governance
In compliance with the “Financial Cyber Security Action Plan” promoted by the Financial Supervisory Commission (FSC) of Taiwan, Cathay Financial Holdings Co., Ltd. (Cathay FHC) continues to strengthen its information security and protection capabilities to deliver secure, convenient, and uninterrupted financial services. Cathay FHC and its key subsidiaries have established Chief Information Security Officers or dedicated information security units as required by regulations. These units are responsible for planning, monitoring, and implementing information security management operations, and report on the previous year’s information security performance to the Board of Directors annually.
Additionally, Cathay FHC has set up an inter-company Information Security Committee, chaired by the Chief Information Security Officer, with the President invited to attend and provide guidance. This committee is responsible for proposing and promoting the group’s information security policies and management systems, meeting biannually to review and report on the overall information security performance for the previous year to the Board of Directors. Furthermore, the company has a Risk Management Committee within the Board of Directors, consisting of three directors who regularly review the company’s risk management operations. This includes mechanisms for managing reputational risk events and major crisis incidents, which encompass information security issues. If any such events occur in the company or its subsidiaries, they are compiled into the risk management operations report and presented to the Risk Management Committee and the Board of Directors. One of the board members, Mr. Fong-Chiang Miau, previously served as Chairman of the Mitac-Synnex Group and has extensive experience in IT research and development, software development, systems integration, and information security, contributing significantly to Cathay’s information security management and development. Mr. Lee Chang-Ken, a member of the Risk Management Committee, currently serves as the President and one of the Directors of Cathay FHC. He attends the Information Security Committee meetings every six months to provide guidance. Additionally, he is briefed on the overall execution of the group's information security during Board of Directors meetings, where he offers recommendations. To ensure effective horizontal communication and consistency in information security management across Cathay FHC and its subsidiaries, an inter-company Information Security Communication Committee has been established, holding monthly meetings to fully commit to information security control and quality enhancement. Mr. Chang-Ken Lee, President of Cathay Financial Holdings was Cathay FHC Chief Risk Officer from 2006 to 2009 , responsible for supervising Group Information security management, to ensure in compliance with Group Risk Management Policy, Information Security Policy and Management Guidelines for Establishing Internal Control System of Public Offering Companies. Cathay FHC Information Security Committee is the highest governance body of Cathay FHC information security, which was established in 2018. The President of Cathay FHC attends the Committee and supervise Group information security. Please refer to the document for Verification of Information Security Mechanisms & Cyberattack Management of Cathay FHC.Human Rights
Active Corporate Governance Measures To enforce human rights protection, Cathay FHC complies with local laws and regulations for human rights protection across all business locations and also formulated the "Cathay FHC Human Rights Policy" in compliance with international frameworks, including the UN's "Universal Declaration of Human Rights," "Guiding Principles on Business and Human rights," "United Nations Global Compact," and the International Labour Organization's regulations.
Cathay employees are also asked to comply with the "Code of Conduct for Employees" and shall not discriminate or infringe on the human rights of others. To ensure all employees understand and comply with the policies above, Cathay conducts training on the "Code of Conduct for Employees" and regulatory compliance each year. In 2022, all employees received and completed training on the "Code of Conduct for Employees." Complaint/Reporting Channels
2. Sexual Harassment and Gender Equality Violations The "Guidelines for Sexual Harassment Prevention, Reporting, and Disciplinary Actions" and "Rules for Sexual Harassment Prevention, Reporting, and Investigations" are in place to govern sexual harassment and gender equality violations. Cathay also set up a dedicated sexual harassment mailbox and the Sexual Harassment Grievance and Investigation Committee to investigate reported instances of sexual harassment. If the sexual harassment report is confirmed, the perpetrator will be sent to the Personnel Evaluation Committee for disciplinary action. Cathay will provide psychological counseling and care to the victim and strengthen training on sexual harassment to prevent future incidents. Cathay also welcomes employees to report sexual harassment from outside parties. The company will assist employees in safeguarding their interests by, for example, filing formal complaints on behalf of the employee to related organizations.
3. Other For complaints or reports that do not fall under the topics listed above, employees may also report to audit or administrative units.
In 2022, Cathay FHC concluded investigations on all five internal reported incidents, of which two occurred at Cathay FHC and one occurred at a domestic subsidiary - no evidence of illegal activity was found. Two incidents occurred at overseas branches and investigations revealed the allegations to be true - both incidents have been handled according to internal regulations. In addition, Cathay handled seven incidents of sexual harassment or gender equality violation, two of which were dismissed due to lack of evidence, and the remainder handled accordingly.
Management of Human Rights Risks Cathay has established a human rights due diligence workflow. We regularly conduct impact assessments and improve the management on specific focus stakeholder/s. When establishing human rights management workflow, Cathay references international human rights frameworks, our development strategy and external trends. We also consult Cathay FHC's Corporate Sustainability Committee, employees and external consultants on the identification of stakeholder risk issues. Finally, we review the risk ratings to identify high-risk groups before implementing management measures.