Menu
Horizontal Wet Process Equipment for Advanced Substrates
Vertical Wet Process Equipment for Advanced Substrates
Product Search
Language selection

G–Governance

Information Security Risk Management Intellectual Property Management Program Corporate Governance Whistleblower System Implementation of Ethical Management Performance of Ethical Management Risk Management Policies & Procedures

Risk Management Policies & Procedures

Established on November 18, 2025

Article 1 Purpose

To strengthen corporate governance and establish a sound risk management framework in order to ensure the achievement of the Company’s operational objectives, this Risk Management Policy and Procedures (hereinafter referred to as the “Policy”) are hereby formulated.

Article 2 Scope of Application

This Policy applies to risk management operations at all levels of the Company.

Article 3 Objectives of Risk Management

The objectives of enterprise risk management are to manage various risks that may affect the achievement of corporate objectives through a comprehensive risk management framework, and to integrate risk management into operational activities and daily management processes in order to achieve the following objectives:
1. Achieve corporate objectives;
2. Enhance management effectiveness;
3. Provide reliable information;
4. Allocate resources effectively.

Article 4 Organizational Structure and Responsibilities

1. The Board of Directors is the highest authority responsible for risk management. It approves the risk management policy and related regulations, oversees the overall implementation of risk management, and ensures effective risk control.
2. To assist the Board of Directors in fulfilling its risk management responsibilities, the Audit Committee establishes a Risk Management Task Force, convened by the General Manager, to coordinate cross-departmental risk management interaction and communication. The Task Force conducts comprehensive assessments of operational risks and emerging risks and reports on risk management operations to the Audit Committee and the Board of Directors at least once a year.
3. Risk Management Task Force: Composed of the heads of each department as risk management members, ensuring that operational units effectively implement the risk management system. Each unit designates personnel as risk management executors to carry out risk management procedures in coordination with relevant operational staff.
4. Departments: Department heads are responsible for risk management within their respective units, shall clearly identify relevant risks faced by their departments, ensure effective implementation of risk control mechanisms and procedures, and regularly report risk management status to the Risk Management Task Force.
5. In the event of sudden major risks that may have a significant impact on the Company, the General Manager may establish an emergency response task force to promptly respond and manage risk situations and communicate with stakeholders to ensure legal compliance and minimize potential losses and impacts.

Article 5 Risk Management Process

The risk management process consists of five key elements: risk identification, risk analysis, risk assessment, risk response, and risk monitoring and review.

1. Risk Identification
Risk sources and categories include, but are not limited to:
(1) Strategic risks: industry development, technological changes, business models, etc.
(2) Operational risks: market supply and demand, operational disruptions, information security management, intellectual property, employee health, welfare, and training.
(3) Financial risks: interest rates, exchange rates, liquidity, leverage ratios, etc.
(4) Environmental risks: climate change, natural disasters, environmental protection, occupational safety and health.
(5) Regulatory risks: environmental regulations, personal data protection, corporate governance.

2. Risk Analysis
For identified risks, the impact scope and risk tolerance shall be evaluated:
(1) Analyze the probability and severity of risk events to determine priorities and response measures.
(2) Quantifiable risks shall be managed using statistical analysis methods.
(3) Risks that are difficult to quantify shall be analyzed qualitatively.

3. Risk Assessment
Each department shall compare risk assessment results with the Company’s acceptable risk thresholds, prioritize risks, and use the results as the basis for risk response actions.

4. Risk Response
Senior management shall report risk status to the Board of Directors at least once a year.

5. Risk Monitoring and Review
Each operational unit shall regularly monitor risks and report to the Risk Management Task Force, which shall submit consolidated risk information to the Audit Committee and the Board of Directors for review at least once a year.

Article 6 Information Disclosure

1. In addition to disclosures required by regulators, relevant risk management information shall also be disclosed on the Company’s website, annual report, or sustainability report.

2. Disclosure items include:
(1) Risk management policies and procedures;
(2) Risk governance and organizational structure;
(3) Risk management operations and implementation status.

Article 7 Supplementary Provisions

This Policy was established on November 18, 2025, approved by the Board of Directors, and shall take effect upon approval. The same applies to any amendments.