Risk Management Governance Structure
The FHC has set up an independent Risk Management Division to implement governance and ensure measured risk-taking. The division is responsible for establishing the related policies and guidelines and also for executing risk management practices throughout the Group.
Each subsidiary has set up its risk management department based on the regulatory laws or business nature to control and integrate risk management according to various respects of FHC’s risk management procedures and policies.
To oversee the implementation of risk management, the FHC has established the Risk Management and Information Security Committee, and major subsidiaries have also set up the risk management committees. The Committee is responsible for monitoring the Group’s risk exposure, and ensuring proper functioning of the risk management system.
Each subsidiary has set up its risk management department based on the regulatory laws or business nature to control and integrate risk management according to various respects of FHC’s risk management procedures and policies.
To oversee the implementation of risk management, the FHC has established the Risk Management and Information Security Committee, and major subsidiaries have also set up the risk management committees. The Committee is responsible for monitoring the Group’s risk exposure, and ensuring proper functioning of the risk management system.
Risk Management Procedure
1.Group Risk Management and Information Security Committee and Risk Management Executive Committee
The FHC's Risk Management Committee was upgraded to become a functional committee under the Board of Directors on April 1, 2023. Effective August 16, 2025, the scope of the Committee was expanded to include information security, and it was renamed the “Risk Management and Information Security Committee”. It comprises at least three directors, of which at least half are independent directors. The committee oversees risk management-related operating mechanisms. Risk Management Executive Committee are attended by the highest level supervisors of risk management units of the FHC and its major subsidiaries. These meetings serve as a risk management exchange platform, and supervise the implementation of the Group’s risk management.
2.Risk Management System
The FHC and the subsidiaries have developed or applied risk management information systems for VaR calculation, credit scoring, credit risk alerting, conglomerate credit/investment limit, and operational event reporting.
3.Risk Management Reporting
The risk management units of the FHC and its subsidiaries periodically submit risk management reports to the Board of Directors to fully disclose various risk exposure and compliance status(Note 1). The company's risk management report includes: regular reviews of the implementation of various risk management mechanisms (such as risk measurement indicators, concentration exposure, stress testing, etc.), and summary assessments of major risk events.
Note1: Reports were submitted to the Board of Directors on March 6, May 15, August 15, and November 13 in 2025.
Note1: Reports were submitted to the Board of Directors on March 6, May 15, August 15, and November 13 in 2025.
4.Material Risk Management
Each year, Cathay FHC identifies and assesses material risks using both qualitative and quantitative methods, referencing leading practices from leading institutions and industry peers. This process evaluates the potential impact and likelihood of risks that may affect the company in the future and establishes a prioritized list of material risks. Through risk correlation analysis, the company also identifies secondary risks associated with material risks to help prevent potential chain reactions. Based on the comprehensive assessment for 2025, the identified material risks are "Political and Economic Risks" and "Climate Transition Risks." Cathay FHC and its subsidiaries will continue to strengthen their risk response and management efforts, and report progress regularly to the Risk Management and Information Security Committee and the board of directors.
Risk Management Policy
The risk management policy and the related guidelines, which are the mainstay of risk management, are all scrutinzed by the Risk Management and Information Security Committee and approved by the Board of Directors after review. They clearly delineate the
responsibilities and operating mechanisms of risk management. Our employees are required to follow the policies and the guidelines, especially for the
transactions related to investment and loan business.
The Company's main risk sources can be categorized into market risk, credit
risk, operational risk, insurance risk, liquidity risk, emerging risk, ESG and
climate risk, reputation risk, and capital adequacy. The Risk Management
Division is responsible for developing management guidelines, rules, and
compliance policies for each risk type of risk concerned. The subsidiaries also
set the criteria based on the policies set by the Company and authority for risk
management activities.
responsibilities and operating mechanisms of risk management. Our employees are required to follow the policies and the guidelines, especially for the
transactions related to investment and loan business.
The Company's main risk sources can be categorized into market risk, credit
risk, operational risk, insurance risk, liquidity risk, emerging risk, ESG and
climate risk, reputation risk, and capital adequacy. The Risk Management
Division is responsible for developing management guidelines, rules, and
compliance policies for each risk type of risk concerned. The subsidiaries also
set the criteria based on the policies set by the Company and authority for risk
management activities.
