
CG6013(2021) Corporate Governance System Evaluation Certification

Incorporating ESG Risks into Risk Management Policy
Overview of Operation
Cathay Financial Holdings ("Cathay FHC," includes Cathay Life, Cathay United Bank "CUB," Cathay Century, Cathay Securities, Cathay Securities Investment Trust “Cathay SITE,” and Cathay Venture) is committed to maximizing value for our shareholders, customers, and employees and upholding our core values of "Integrity, Accountability, and Innovation." We align our business strategy with market conditions, leverage our financial competencies, drive digital transformation, and achieve group synergies in order to provide financial services that are comprehensive, convenient, and personalized. Cathay FHC will continue to focus on our three engines of growth – “Insurance + Banking + Asset Management,” and advance toward our vision of becoming a “leading financial institution in the Asia-Pacific region.”
Despite the impact of tightened monetary policies in major economies, ongoing international geopolitical risks, and slowing momentum of global economic growth in 2023, Cathay FHC adhered to the sustainable operation strategy and recorded a consolidated after-tax profit of NT$51.5 billion (US$1.68 billion) and earnings per share of NT$3.24, thanks to the concerted efforts of our employees. In addition, our subsidiaries, CUB, and Cathay SITE, once again achieved record-high profits.Corporate Governance
At Cathay FHC, the board of directors serves as the highest decision-making body, with the chairman acting as its head. The chairman's role is to oversee the company's overall management operation and does not hold any senior leadership management positions. In 2023, the board of directors held 8 meetings with a board attendance rate of 92%. On average, board members have served for 10 years (five independent directors serve an average of 4.9 years). At Cathay FHC, the board of directors has established four functional committees: the audit committee, remuneration committee, corporate governance and nomination committee, and risk management committee. These committees are responsible for reviewing important proposals. To effectively implement independent supervision and checks and balances, all proposals at Cathay FHC are reported and discussed by the board of directors. If there is a conflict of interest with the director or the institution he/she represents, the director shall recuse him/herself from the proposal discussion to maximize the benefit of all stakeholders.
Cathay FHC has established several guidelines and regulations to improve the effectiveness of its board of directors. These include the "Guidelines for Evaluation of Directors' Performance" and "Guidelines for Directors' Remuneration," as well as the "Regulations Governing the Evaluation of the Board and Functional Committee's Performance." These guidelines incorporate indicators such as compliance, corporate governance, risk control, corporate sustainability and corporate social responsibility. In 2023, the results of the internal performance evaluation of Cathay FHC's board and functional committee showed that the performance "exceeded expectations." To strengthen the independence and effectiveness of the Board's performance evaluations, Cathay FHC has, since 2017, committed to appointing an external professional independent organization or experts at least once every three years to conduct an external performance evaluation of the Board of Directors. In 2022, the " Taiwan Institute of Ethical Business and Forensics " was commissioned to complete the external performance evaluation of the company's Board of Directors for the year 2021. Based on the association's optimization suggestions, improvement measures were discussed and implemented. For more information, please visit the Corporate Governance section The board of directors is re-elected on June 13, 2025. The term of office for the newly elected directors will be from June 13, 2025, to June 12, 2028. For more information, please refer to Implementation of board diversity policy at Cathay FHC.Remuneration of Senior Management
At Cathay, we have established the "Guidelines for Remuneration of Senior Management." The purpose of these guidelines is to create long-term shareholder value, implement a role-based remuneration mechanism, and provide incentives to attract talented individuals. The guidelines set out standards for compensation and bonuses. The fixed compensation for senior managers is determined based on their roles, responsibilities, performance, and expertise. It is benchmarked against market standards. The variable element of senior management compensation is tied to the company's annual performance and the manager's achievement of personal targets. Both the fixed and variable parts of the compensation are established according to the "Guidelines for Remuneration of Senior Management." They are approved by the remuneration committee and the board of directors. To ensure fair and reasonable compensation for senior managers, Cathay conducts an annual remuneration competitiveness analysis and evaluates each senior manager's fixed compensation individually. Additionally, we review the "Guidelines for Remuneration of Senior Management" every three years and submit them to the remuneration committee and board for approval.
Cathay also seeks to bolster the corporate governance structure and ensure effective oversight over Cathay managers. This can further advance the company's operational capacity and serve as factors when determining remuneration, positions, rotations, and bonuses to managers. To such ends, Cathay FHC has developed the Performance Management & Development Guidelines for Cathay Managers to instruct managers to formulate personal performance targets according to annual company/department strategies, focuses, and goals; their positions and responsibilities (incl. internal control and compliance implementation results); and other spotlights for the year (e.g., Corporate Sustainability indicators). Their personal performance targets can ensure that Cathay managers' KPIs are tied to the company and their unit's strategic goals.For more information on remuneration of Cathay FHC’s CEO, please refer to 《2024 Cathay FHC's Report on Remuneration of the President 》
To link the interests of management and stockholders, Cathay FHC has set stock ownership guidelines for Cathay’s executive officers. Please refer to 《Cathay Financial Holdings Stock Ownership Guidelines.》
As an example, the variable compensation of the Cathay FHC President is tied to performance in financial metrics, relative financial metrics, operational indicators on strategic developments, internal control and compliance, and corporate sustainability indicators. To further strengthen the company's long-term performance, a portion of the variable compensation for the Cathay FHC President is deferred. The long-term incentives structure involves a three-year deferral of the variable compensation rather than in full in the year of earnings. If there are occurrences of aggravated circumstances, such as intentional or material faults, professional activity leading to material risks for the company, or unethical actions during the deferred period, the remuneration committee and the board of directors have the authority to cancel the long-term incentives. The company operates primarily in Taiwan. In 2024, the total annual compensation of the highest-paid individual within the organization was 42.1 times the median of the total annual compensation of all other employees (excluding the highest-paid individual), and 33.2 times the average. Additionally, the year-over-year percentage increase in total compensation for the highest-paid individual was 2.5 times that of the median percentage increase for other employees. The president's performance indicators are further delegated to senior executives of relevant business units, such as the Risk Management Division, Corporate Sustainability Office, Human Resources Division, and the Responsible Investment Working Group. ESG-related issues account for approximately 10% to 90% of the performance indicators for senior management. Cathay FHC President's Performance IndicatorsWeight | Important Business Metrics | Details |
50% | Financial returns | Return on equity (ROE), after-tax EPS of common stock, etc. |
Relative financial metrics | Changes in shareholding ratio by foreign investors (relative to other financial institutions) | |
Other important financial metrics | Capital adequacy ratio, risk management, etc. | |
50% | Operational indicators on strategic developments | Digital transition and innovation, FinTech, corporate and brand image, etc. |
Corporate sustainability indicators | Operations environmental impact, talent and skill development, corporate governance, privacy and information security , etc. | |
Internal control & compliance metrics | Internal control & compliance implementation results |
1. Fixed compensation as a percentage of total remuneration | 32.4% |
2. Variable compensation as a percentage of total remuneration | 67.6% |
2-1 Cash compensation as a percentage of variable compensation (Note 1) | 71.4% |
2-2 Stock-based compensation as a percentage of variable compensation (Note 2) | 28.6% |
Aspect | Materiality Issue | Relevant Senior Executive Accountability | Percentage of Performance Indicators |
---|---|---|---|
E | Decarbonization Strategy for Financial Assets | Head of Digital and Data Development Center, Chief Investment Officer, Head of Administration Division | Approx. 10-90% |
Responsible Investment and Financing | |||
Financial products with environmental/social benefits | |||
Environmental Impact of Operations | |||
S | Financial Planning and Services | Head of Administration Division, Chief Financial Officer (Spokesperson), Head of Digital and Data Development Center | |
Financial Inclusion | |||
Employee health and well-being | |||
Helping the Underprivileged | |||
Customer Relationship Management | |||
Attracting and Retaining Talents | |||
Health promotion and life security | |||
Talent and skill development | G | Regulatory Compliance | Chief Financial Officer, Head of Digital and Data Development Center, Chief Risk Officer, Chief Compliance Officer, Chief Information Security Officer, Head of Administration Division |
Financial Crimes and Anti-Fraud | |||
Risk and Crisis Management | |||
Corporate Governance and Ethical Corporate Management | |||
Business Performance | |||
FinTech/Digital Transformation and Innovation | |||
Privacy and Information Security |
CEO Succession Plan
To ensure adequate bench strength at critical management levels and meet the talent needs for sustainable business operations, Cathay FHC has established a clear senior management succession plan that covers both planned and unplanned departures. It applies to all senior executives—including the President—and has built a comprehensive talent pool across every level. In evaluating potential successors, we consider not only their professional qualifications, experience, and leadership abilities, but also their fit with our corporate culture, familiarity with business operations, and grasp of subsidiary management. Through the Talent Development Committee, we review each level’s management talent in terms of performance, leadership potential, core competencies, and readiness of personal attributes. This enables us to maintain a robust succession pool and provide a full training and development framework for candidates at all levels. Beyond engaging top instructors and the latest learning resources—and designing programs that balance theory with practical application—we also broaden our leadership team’s business perspective and strategic insight through vertical (promotions) and horizontal (rotational) moves of internal talent. This further strengthens our bench for key management positions. These talent development initiatives are reviewed annually by the Board of Directors.
Codes of Conduct: Systems/ Procedure
Cathay FHC has adopted “Policy and Code of Operation Integrity” We implement the following management mechanism to review the implementation status of ethical corporate governance:
Responsibilities, accountabilities, and reporting lines
The Company has established business integrity practices and preventions against dishonest conducts based on its “Policy and Code of Operation Integrity.” Preventions of dishonest conduct include operating procedures, behavioral guidelines, and training programs, for which the Company has implemented through a separate policy called “Operational Procedures and Guidelines of Ethical Corporate Management Best Practice.” The Company is bound to comply with The Company Act, Securities and Exchange Act, Business Entity Accounting Act, Political Donations Act, Anti-Corruption Act, Government Procurement Act, Act on Recusal of Public Servants Due to Conflicts of Interest and any laws that pertain to business conduct of TWSE/TPEX listed companies. These regulations shall provide the foundation for the Company's integrity management.
Furthermore, the Company’s directors, managers, employees, and controllers are prohibited from offering, committing, requesting, or accepting any illegitimate benefits, or involving in any conducts that would be construed as dishonest, illegal or in breach of trust, whether directly or indirectly, while carrying out their duties. All reported cases of violation against business integrity shall be thoroughly investigated by the audit unit; any established cases of misconduct will be referred to the Administration Department and disciplined according to the Company’s policies. The Company has created a “Sustainable Governance Panel” under the “Corporate Sustainability Committee,” the latter reports directly to the board of directors. The panel is responsible for corporate governance-related matters within the group, such as business integrity, anti-corruption, anti-bribery, and compliance; it reports progress regularly (at least once a year to) the board of directors. The board of directors of the Company will exercise the duty of care as prudent managers to supervise and prevent dishonest conducts and ensure that the integrity policy is duly enforced. Furthermore, the Audit Division is required to include compliance with the code of conduct as part of its audits, and report regularly back to the board of directors on any defects found and any steps taken to improve.
Dedicated help desks, focal points, ombudsman, hotlines
We have established clear reporting channels following our " Procedure for handling cases of reporting unethical or dishonest conduct" and the group's reporting mechanism. We have also established a response protocol to ensure that all reports are thoroughly investigated, and that the legal rights of whistleblowers and any other relevant personnel are protected throughout the process. We are committed to protecting the identity of whistleblowers and any other individuals involved in the investigation to prevent any potential retaliation or unfair treatment. In 2023, there were no reported cases of insider trading, antitrust, monopoly, and market manipulation violations.
Channels for Reporting Cases
(1) For cases that involve crimes, frauds or violations of laws, our employees may report via the Cathay FHC group-level Whistleblower System in the forms of mail, email or telephone, which is publicly disclosed on our Chinese official website:https://www.cathayholdings.com/holdings/compliance/whistleblowing_system
(2) For incidents that involve sexual harassment or other violations of the principle of gender equality, our employees may report via Cathay FHC’s sexual harassment and gender equality violation complaint channels.
(3) For other issues not mentioned above, our employees can reach out to the human resources department.
Compliance/codes of conduct linked to employee remuneration and performance appraisal systems
The results of internal control implementation and compliance implementation are integrated into the performance evaluation criteria for managers and employees. This approach aims to link employee remuneration and performance assessment with the effectiveness of our risk management system, ensuring its robust operation.
Disciplinary actions in case of breach
Cathay FHC encourages both internal and external personnel to report any dishonest or inappropriate behavior. The relevant reporting channels and handling procedures are managed according to the Company's " Procedure for handling cases of reporting unethical or dishonest conduct." If the reported misconduct is found to be true, it will be used as a reference for adjusting employee salaries, positions, and issuing bonuses according to the relevant regulations.
Furthermore, Cathay FHC “ Declaration of Sustainability Values” clearly states that “The Company strictly prohibits any behavior or events that violate professional ethics. If there is a violation of the laws of a country or of the Company’s Code of Ethics, such breaches will be subject to impartial treatment without tolerance.”
Compliance system audited by third party
Cathay FHC engages third-party auditors to review the company's codes of conduct and compliance systems for enforcing these codes, including tracking and reporting of breaches. Auditors then provide an opinion statement based on their review. Please see" Cathay FHC Systems & Procedures of Codes of Conduct Audit Opinion Report ".
Conduct regular self-evaluations and review for unethical risk behavior
We conduct an annual ethical management risk assessment. Items evaluated include offering or accepting improper benefits (offering/accepting bribes), illegal political contributions, unethical charitable contributions, violation of recusals, violation of stakeholder interests, violation of intellectual property rights and information confidentiality, etc. If the review identifies existing or potential unethical behavior, corrective and remedial action must be taken immediately.
We conducted the unethical conduct risk assessment for 2022 in 2023 and presented the assessment results to the board; the same assessment for 2023 was conducted in Q1 of 2024.
Training
Employee ethics and code of conduct training is a required annual course. The training lasts one hour. The training completion rate for 2023 was 100%.
Reporting on breaches
Cathay FHC has established clear reporting channels following our “Procedure for handling cases of reporting unethical or dishonest conduct” and the group’s reporting mechanism. We have also established a response protocol to ensure that all reports are thoroughly investigated, and that the legal rights of whistleblowers and any other relevant personnel are protected throughout the process. We are committed to protecting the identity of whistleblowers and any other individuals involved in the investigation to prevent any potential retaliation or unfair treatment. In 2023, there were no reported cases of insider trading, antitrust, monopoly and market manipulation violations. Please see Cathay FHC 2024 CS Report Chapter 4.1 Workplace Empowerment for discrimination or harassment and Chapter 6.5 Service Quality & Customer Rights for customer privacy data cases.
Area of breaches | FY2024 |
Corruption or Bribery | 0 |
Discrimination or Harassment | 9 |
Customer Privacy Data | 18 |
Conflicts of Interest | 0 |
Money Laundering or Insider trading | 1 |
Total number of cases | 28 |
Improvement Measures for Breaches
Discrimination or Harassment
Cathay supports a workplace of equality and inclusion. To prevent workplace discrimination and harassment, we instituted the "Regulations for Establishing Measures of Prevention, Correction, Complaint and Punishment of Sexual Harassment at Workplace" and set up a dedicated sexual harassment mailbox and the Sexual Harassment Grievance and Investigation Committee to investigate reported instances of sexual harassment. If the report is found to be true, the accused will be subject to disciplinary action in accordance with company policy, while the victim will receive all necessary support, including psychological counseling. Other colleagues will be asked to increase their education and training on sexual harassment to prevent such incidents in the future. In 2024, there were nine reported cases of sexual harassment or gender equality violation, all of which were appropriately addressed based on the procedures outlined.
Customer Privacy Data
In 2024, a total of 199 customers were affected by the 18 personal data breaches. Upon further investigation, the incident was found to be due to individual negligence during information communication and email delivery by a financial advisor and sales representative. The matter has since been properly handled with the understanding of the parties involved. Cathay Financial Holdings will continue to promote employee training and enhance internal awareness to ensure that all personnel fully recognize the importance of personal data protection. We will also continue to strengthen and monitor the use of customers’ personal data, improve relevant protection measures, and supervise third-party partners to properly manage customer information, in order to reduce the occurrence of data leakage incidents.
Money Laundering or Insider trading
In 2024, there were one reported cases of insider trading. Cathay Financial Holdings requires all employees to comply with the Securities and Exchange Act and relevant regulations. Employees are strictly prohibited from engaging in insider trading by using undisclosed information about the company or its clients, or any other information that may have a material impact on securities trading prices. Additionally, employees must not directly or indirectly disclose such information to others to prevent its misuse for insider trading.
Preventing Insider Trading
Cathay FHC submits “Notes on Reporting of Insider's Equity Change in the Company” when the insiders such as directors, managers and others take office to comply with it, so as to avoid violations or occurrences of insider transactions. In addition, Cathay FHC also files the "Director's Manual" and the "Compliance Brochure for Directors and Supervisors of TWSE/TPEx-Listed and Emerging Market Companies", "Directions of Securities Market Regulatory for the TWSE/TPEx-Listed company and its directors, supervisors and major shareholders" and "Compliance Brochure for Independent Directors" and other information which are compiled by the Taiwan Stock Exchange Corporation when the Directors take office to assist Directors in understanding the laws and regulations related to securities transactions and listing rules and other relevant reporting matters and legal responsibilities
In addition, in order to standardize the procedures of disclosure and management mechanisms of Cathay FHC and its subsidiaries’ material information, Cathay FHC established “Guidelines/Regulations of Disclosure of Cathay FHC and its subsidiaries’ Material Information ”and “Regulations of Press Conferences Concerning Material Information of Cathay FHC and its subsidiaries” by referring to the“ Taiwan Stock Exchange Corporation Procedures for Verification and Disclosure of Material Information of Companies with Listed Securities”. Through disclosing those rules mentioned above in the rules and regulations zone of Cathay FHC’s internal website, personnel throughout all levels of the Company can enquiry at any time, so as to avoid violating or occurring insider trading.
Cathay FHC also has stipulated “Policy and Code of Operation Integrity”, “Procedures and Guidelines of Integrity Management Operation”, “Code of Ethics” and “Code of Conduct of Employees”, all of which contain the relevant provisions of “Prohibition of Insider Trading”. Cathay FHC holds educational trainings annually for directors, managers, and employees on the "Code of Integrity, Ethics, and Conduct." The 2023 education training was completed in December 2023 with 668 participants for a total of 668 person-hours.
For understanding and complying Cathay FHC’s "Policy and Code of Operation Integrity", " Procedures and Guidelines of Integrity Management Operation" and "Code of Ethics", the Company submits those rules and policies to the Directors, and publishes on the internal educational training platform for employees to check at any time. Besides to the prohibition of insider trading, the educations and trainings include the contents and cases of anti-money laundering, prohibition of getting gifts and hospitality, participation in public affairs, political contributions, etc.Cathay FHC has notified the directors not to trade the company's stocks during the closed period of 30 days before the announcement of the annual financial report and 15 days before the announcement of the quarterly financial report in accordance with " The Policy of Prevention of Insider Trading ". The date when the financial report is scheduled to be submitted to the board of directors and the closed period of the company's stock trading are notified to the directors to follow, so as to prevent the directors from violating The Policy.
Risk Governance
Board level responsibility
Effective August 16, 2025, the scope of the Risk Management Committee was expanded to include information security, and it was renamed the “Risk Management and Information Security Committee.” The Committee comprises three independent directors appointed by the Board of Directors.All members have expertise in “risk management” and “corporate governance”, and all members have the professional skills required by the committee, and its responsibilities include:
(1) Review the Company’s risk management and information security policies and guidelines.
(2) Review the Company’s annual risk appetite or limit that needs to be approved by the Board of Directors.
(3) The Risk Management Department reviews the Company’s risk management practices and reports to the Board of Directors on a quarterly basis.
(4) Review the Company’s information security implementation status, which shall be consolidated by the Information Security Division and report to the BOD on an annually basis;
(5) Review of other risk management and information security related proposals to be reported to the Board of Directors.
(6) Carry out other matters as instructed by the Board of Directors to be handled by the Committee.
(For more details, please see:https://www.cathayholdings.com/holdings/eng/governance/committee/risk_management)
Three Lines of Defense Model
To implement robust risk management and internal control, Cathay FHC utilizes the Three Lines of Defense model to manage, monitor, and audit operational risks through structured processes and management frameworks:
(1) First line of defense: Operational and management units ensure that operating risks are effectively controlled and responded to.
(2) Second line of defense: The independent Risk Management Division, Compliance Department, and Information Security Department assist with risk system planning, assessment, management , and monitoring. Supervision and management is provided by senior management, including the Chief Risk Officer (CRO), Chief Compliance Officer (CCO), and Chief Information Security Officer (CISO), as well as the Risk Management Executive Committee and Information Security Committee.
(3) Third Line of Defense: Audit Division established directly under the board of directors to oversee organization and responsibilities of the internal audit system. A chief auditor has been assigned to oversee audit tasks and make quarterly reports to the Audit Committee and the board of directors on the audit progress.
Risk Management Processes
Risk Review
The Company's main sources of risk can be categorized as market risk, credit risk, operational risk, liquidity risk, insurance risk, capital adequacy management, emerging risk, ESG and climate risk, and credit risk. Risk identification is carried out through the following methods:
(1) Impact and likelihood:Cathay FHC identifies and evaluates risks based on qualitative and quantitative assessments of their potential impact and likelihood of occurrence. This process prioritizes the material risks and assesses their potential effects on business operations, forming the basis for corresponding mitigation measures.
(2) Stress testing and sensitivity scenario analyses: In the context of market and credit risk, Cathay FHC regular conducts stress testing by performing sensitivity scenario analysis under various scenarios.
(3) Risk appetite:The Risk Management Division defines the company’s overall risk appetite based on its capacity to absorb risk and other relevant risk control factors. The risk appetite is then approved by the Board and serves as the foundation for subsequent risk assessment and response. Additionally, Cathay reviews its risk appetite annually and reports the findings to the Risk Management Committee and the Board of Directors. Based on this risk appetite, Cathay FHC sets limits and thresholds for different risk types and regularly monitors and manages key risk indicators. When these indicators reach or exceed specified risk levels, appropriate risk mitigation measures are developed and implemented.
Risk Exposure
Cathay FHC conducts monthly monitoring of group-wide exposures and risk indicators. On a quarterly basis, the results of risk management activities are reported to the Risk Management Committee and the Board of Directors to ensure effective oversight and management of the group’s overall risk level. For examples of market and credit risk exposure monitoring.
(1) Market Risk: Regularly assesses and monitors value-at-risk (VaR) and conducts sensitivity analyses of positions to strengthen market risk management.
(2) Credit Risk: Periodically reviews group-wide concentration limits—such as by country, industry, or corporate group—to effectively monitor and manage concentration risk.
Risk Management Process Audit
(1) Internal audit:The Company has developed an effective internal control system. Internal audit units are required to perform audits on employees’ compliance with the above system, including general audits at least once a year, and special audits on finance, risk management and compliance for the Company and subsidiaries at least once every six months. Half-yearly special audits can be exempted if the general audit already covers the scope of the special audit and no major defect is found.
(2) External audit:Cathay FHC engages third-party auditors every two years to review the methods, tools, and processes for identifying, assessing, controlling, monitoring, and reporting major risks. Auditors then provide an opinion statement based on their review. Please see "Cathay FHC Risk Management Process Audit Opinion Report."
Regular risk management education for all non-executive directors
To enhance the group’s overall risk awareness and management capabilities, Cathay FHC provides annual risk management training programs for all directors, including executive and non-executive members. The programs are designed to enhance the directors' understanding of current risk developments and strengthen their governance responsibilities. In 2024, Cathay FHC conducted a series of training courses covering the following topics: Cathay FHC’s risk management framework and operations, operational risk incident reporting mechanisms, business continuity management and emergency response to wartime scenarios, climate change risk management, and emerging and evolving risk landscapes.
Additionally, diverse course information from various training institutions is periodically provided to the directors, allowing them to evaluate and arrange corresponding courses based on their professional backgrounds and needs. The courses cover fields such as risk management, corporate governance, and information security, etc. According to “Directors’ and supervisors’ ongoing education in 2024” in Annual Report P.47-52. Non-executive directors of Cathay FHC have all received education and training related to risk management, trainings included “Analysis of geopolitical judgments and Taiwan Strait security situation”, “Internal ratings-based (IRB) for credit risk”, “Promoting corporate sustainability through risk management”, and “AI and the open source era - analysis of corporate legal risks”, etc.
Focused training throughout the organization on risk management principles
The Company mandates annual general education courses on risk management for all employees of Cathay FHC and its subsidiaries. In 2024, the completion rate reached 100%.
Incorporation of risk criteria in the development of products and services
Cathay FHC places significant emphasis on the potential risks during new product development. Relevant management mechanisms are established both before and after the product launch, ensuring compliance with regulatory standards and adherence to the principles of treating customers fairly. This approach aims to mitigate financial, regulatory, and operational risks. For example, in the case of life insurance products developed by Cathay Life:
(1) Financial Risk: Each year, profit standards and sales limits for products are set based on the company’s overall risk appetite. Before product launch, the profitability is assessed to ensure it meets these standards. Afterward, sales volume and claims experience are continuously tracked to ensure that expected profitability is achieved.
(2) Regulatory Risk: In accordance with the "Regulations Governing Pre-sale Procedures for Insurance Products" and the "Guidelines for the Review of Life Insurance Products" issued by regulatory authorities, products are submitted to the Insurance Product Review Committee (convened by senior executives) for review before being submitted for regulatory approval. Qualified product signatories, including actuaries, risk managers, legal advisors, underwriters, claims, policy administration, and investment personnel, review the product for legal compliance.
(3) Operational Risk: Before the sale of any insurance product, senior executives convene the Insurance Product Management Committee meeting to ensure the appropriateness of various aspects such as information disclosure, actuarial data alignment and verification, information system setup and testing, risk control mechanisms, reinsurance arrangements, and sales channel training. Additionally, post-sale, the Insurance Product Management Committee meets every six months to review compliance with relevant regulations, consumer rights protection, asset-liability adequacy, and sales quota tracking, thereby reducing the likelihood of operational risk occurrence.
Financial incentives which incorporate risk management metrics
Cathay FHC regularly identifies and assesses material risks confronting the company's future with the help of reports from authoritative organizations and benchmark companies, and then determine mitigating actions. In 2024, we identified material and emerging risks in the areas of climate transition risk, AI risk, and social isolation and loneliness risk. Cathay FHC evaluates the potential impact the risks may pose on the company's operation and establishes the mitigating actions.
The effectiveness of risk management for issues such as climate transition, AI, and social isolation and loneliness is incorporated into the KPIs of the senior executives of the responsible units and is directly linked to their variable compensation.
Risk Type | Senior Executives | Performance Indicators Description |
Climate Transition | Head of the Legal and Administration Division, Chief Risk Officer (Chief Climate Officer) | |
AI | The Chief Technology Officer, Head of the Human Resources Division, and Chief Compliance Officer | |
Social Isolation and Loneliness | Chief Technology Officer, Head of the Human Resources Division | |
Emerging Risks
Facing the increasingly complex global financial operating environment, as well as the increasing issues such as technological development and population aging with rising probability of occurrence. In response, Cathay FHC regularly identifies and assesses material risks confronting the company's future with the help of reports from authoritative organizations and benchmark companies, and then determine mitigating actions. The risk exposure and risk management system are then presented to the Risk Management Committee and the Board of Directors. Cathay FHC evaluates the potential impact the risks may pose on the company's operation and establishes the mitigating actions.
Tax Governance
IT Security/ Cybersecurity Governance
In compliance with the “Financial Cyber Security Action Plan” promoted by the Financial Supervisory Commission (FSC) of Taiwan, Cathay Financial Holdings Co., Ltd. (Cathay FHC) continues to strengthen its information security and protection capabilities to deliver secure, convenient, and uninterrupted financial services. Cathay FHC and its key subsidiaries have established Chief Information Security Officers or dedicated information security units as required by regulations. These units are responsible for planning, monitoring, and implementing information security management operations, and report on the previous year’s information security performance to the Board of Directors annually.
Additionally, Cathay FHC has set up an inter-company Information Security Committee, chaired by the Chief Information Security Officer, with the President invited to attend and provide guidance. This committee is responsible for proposing and promoting the group’s information security policies and management systems, meeting biannually to review and report on the overall information security performance for the previous year to the Board of Directors. Furthermore, Cathay FHC has established a Risk Management and Information Security Committee within the Board of Directors, composed of three non-executive directors. The Committee regularly reviews the Company’s risk management and information security operations. This review covers topics such as the management mechanisms for reputational risk events and major crisis incidents, as well as the overall implementation of information security. One of the board members, Mr. Chang-Ken Lee, President of Cathay Financial Holdings was Cathay FHC Chief Risk Officer from 2006 to 2009 , responsible for supervising Group Information security management, to ensure in compliance with Group Risk Management Policy, Information Security Policy and Management Guidelines for Establishing Internal Control System of Public Offering Companies. Cathay FHC Information Security Committee is the highest governance body of Cathay FHC information security, which was established in 2018. The President of Cathay FHC attends the Committee and supervise Group information security. To ensure effective horizontal communication and consistency in information security management across Cathay FHC and its subsidiaries, an inter-company Information Security Communication Committee has been established, holding monthly meetings to fully commit to information security control and quality enhancement. Please refer to the document for Information Security Management Programs of Cathay FHC..Human Rights
Active Corporate Governance Measures To enforce human rights protection, Cathay FHC complies with local laws and regulations for human rights protection across all business locations and also formulated the "Cathay FHC Human Rights Policy" in compliance with international frameworks, including the UN's "Universal Declaration of Human Rights," "Guiding Principles on Business and Human rights," "United Nations Global Compact," and the International Labour Organization's regulations.
Cathay employees are also asked to comply with the "Code of Conduct for Employees" and shall not discriminate or infringe on the human rights of others. To ensure all employees understand and comply with the policies above, Cathay conducts training on the "Code of Conduct for Employees" and regulatory compliance each year. In 2022, all employees received and completed training on the "Code of Conduct for Employees." Complaint/Reporting Channels
2. Sexual Harassment and Gender Equality Violations The "Guidelines for Sexual Harassment Prevention, Reporting, and Disciplinary Actions" and "Rules for Sexual Harassment Prevention, Reporting, and Investigations" are in place to govern sexual harassment and gender equality violations. Cathay also set up a dedicated sexual harassment mailbox and the Sexual Harassment Grievance and Investigation Committee to investigate reported instances of sexual harassment. If the sexual harassment report is confirmed, the perpetrator will be sent to the Personnel Evaluation Committee for disciplinary action. Cathay will provide psychological counseling and care to the victim and strengthen training on sexual harassment to prevent future incidents. Cathay also welcomes employees to report sexual harassment from outside parties. The company will assist employees in safeguarding their interests by, for example, filing formal complaints on behalf of the employee to related organizations.
3. Other For complaints or reports that do not fall under the topics listed above, employees may also report to audit or administrative units.
In 2022, Cathay FHC concluded investigations on all five internal reported incidents, of which two occurred at Cathay FHC and one occurred at a domestic subsidiary - no evidence of illegal activity was found. Two incidents occurred at overseas branches and investigations revealed the allegations to be true - both incidents have been handled according to internal regulations. In addition, Cathay handled seven incidents of sexual harassment or gender equality violation, two of which were dismissed due to lack of evidence, and the remainder handled accordingly.
Management of Human Rights Risks Cathay has established a human rights due diligence workflow. We regularly conduct impact assessments and improve the management on specific focus stakeholder/s. When establishing human rights management workflow, Cathay references international human rights frameworks, our development strategy and external trends. We also consult Cathay FHC's Corporate Sustainability Committee, employees and external consultants on the identification of stakeholder risk issues. Finally, we review the risk ratings to identify high-risk groups before implementing management measures.