| Year | Assessment Grade |
|---|---|
| 2022 | Level 1 (Excellent) |
| 2019 | Level 1 (Excellent) |
| 2016 | Level 1 (Excellent) |
The Company's risk management objectives focus on balancing risk and profit. In overall asset allocation, risk assets should be prudently identified with full information disclosure to the management team. The Company evaluates its risk tolerance and response strategies when risks occur based on the overall economic environment, enabling the management team to develop business activities under acceptable risk conditions. Therefore, in the Company's overall operational planning, in addition to increasing stable income, it also flexibly adjusts the allocation of risk assets to pursue favorable returns.
Risk Management Policy
In accordance with the Securities Firm Risk Management Practice Guidelines and Mega Financial Holding Co., Ltd.'s Risk Management Policy and Guidance Principles, the policy implementation is reviewed regularly and irregularly each year. Amendments to this policy are reviewed by the Risk Management Committee (hereinafter referred to as "the Committee") and the Risk Control Department of the financial holding parent company, approved by the Board of Directors, and reported to the Risk Management Committee of the financial holding parent company for record.
Risk Management Objectives
In accordance with Mega Financial Holding Co., Ltd.'s Risk Management Policy and Guidance Principles, annual risk management objectives are established, reviewed by the Committee and the Risk Control Department of the financial holding parent company, approved by the Board of Directors, and reported to the Risk Management Committee of the financial holding parent company for record.
Risk Management Rules
To effectively manage the Company's overall risk and regulate the risk management system, these rules are established in accordance with the Securities Firm Risk Management Practice Guidelines, Mega Financial Holding Co., Ltd.'s Risk Management Policy and Guidance Principles, and the Company's Risk Management Policy. The content consists of nine chapters: General Provisions, Risk Management Organizational Structure and Responsibilities, Risk Management Process, Definition and Management Mechanisms of Various Risk Types, Risk-based Performance Management, Risk Management Information System, Risk Information Disclosure, Business Crisis Response Measures, and Supplementary Provisions. These rules are approved by the Board of Directors after review and approval by the Committee, and reported to the financial holding parent company for record.
Risk Management Committee Organizational Charter
The Committee is established in accordance with the Company's Risk Management Rules to oversee the planning, supervision, and implementation effectiveness of company-wide risk management policies. This organizational charter is approved by the Board of Directors after review and approval by the Committee, and reported to the financial holding parent company for record.
Risk Management Implementation Guidelines
Each department of the Company shall conduct various businesses in
accordance with the Risk Management Rules, and may consider business
characteristics and complexity to formulate risk management
implementation guidelines for internal departmental risk management
measures, which shall be approved by the General Manager. However,
regulations that are required by the Risk Management Rules and
applicable company-wide shall be approved by the Chairman.
When the Company launches new business types, in addition to requiring
Board of Directors approval, departments must conduct various risk
assessments and review amendments to the Risk Management Rules or Risk
Management Implementation Guidelines.
Overall Risk Tolerance and Capital Adequacy Ratio Control for the Company and Each Department or Product Line
The Company has established product line authorization limits, total loss limits, and total risk value limits in its Risk Management Rules, which have been approved by the Board of Directors. Risk limits for each product line and department are allocated and approved through coordination among relevant departments convened by the General Manager, and are implemented accordingly for control purposes. Additionally, the Company's capital adequacy ratio management target must not fall below 250%.
Credit Risk
The Company has established appropriate credit risk management systems, including authorization structures and reporting processes at all levels, operational content, pre-transaction credit assessment, credit rating management, post-transaction credit monitoring, and procedures for handling limit breaches. The Risk Management Office supervises the implementation of risk management mechanisms and systems across all departments in accordance with the Risk Management Rules and Credit Supervision Management Measures.
Market Risk
Annual risk limits, loss limits, and Value at Risk limits (VaR 99%, 1
day) for holding securities and derivative financial instruments must be
allocated with reference to various quantitative indicators of each
department or product line, and are approved after coordination among
relevant departments convened by the General Manager.
The Company has established appropriate market risk management
systems, including authorization structures and reporting processes at
all levels, operational content, trading scope, market risk measurement
methods, market risk limits and their approval levels, and procedures
for handling limit breaches. The Risk Management Office supervises the
implementation of risk management mechanisms and systems across all
departments in accordance with the Risk Management Rules.
Liquidity Risk
Regarding proprietary positions, to avoid concentration risk, the Company
has established limits and early warning mechanisms in its Risk
Management Rules for securities balances issued by single companies and
single industries, as well as total credit risk exposure to single
clients, single groups, and single countries, and ensures effective
implementation.
Regarding funding liquidity, the Company establishes liquidity risk
management mechanisms based on principles including business
characteristics and scale, asset-liability structure, funding deployment
strategy, diversification of funding sources and terms, and legal
regulations, to ensure maintenance of adequate liquidity under both
normal and stress scenarios and control cash flow gaps across all
periods within established limit ranges.
Operational Risk
Each department establishes standard operating procedures according to their product risk characteristics, trading operation controls, and related procedures to establish internal control standards and control points.
Climate Risk
The Company has established appropriate climate risk management systems, including authorization structures and reporting processes, operational content, pre-transaction risk assessment, climate sensitivity classification management, post-transaction monitoring, and procedures for handling limit breaches. The Risk Management Office supervises the implementation of risk management mechanisms and systems across all departments in accordance with the Risk Management Rules.
Legal and Regulatory Compliance
Regular and irregular maintenance of the legal compilation system, updating regulatory amendments from competent authorities and tracking the impact of regulatory changes on the Company and its business, while strengthening legal consultation, coordination, and communication channels and conducting regulatory education and training programs.
Information Security Risk
- In accordance with Article 36-2 of the Financial Supervisory Commission's "Regulations Governing the Establishment of Internal Control Systems by Service Enterprises in Securities and Futures Markets," the Company has established the position of Chief Information Security Officer and set up a cross-departmental information security team. The Company has formulated an information security policy that is disclosed on its official website and reviewed annually. Any amendments must be approved by the Board of Directors. Annual comprehensive information security implementation reports are integrated into the matters to be declared in the Internal Control System Declaration and reported to the Board of Directors. In accordance with the Taiwan Stock Exchange's "Establishment of Information and Communication Security Inspection Mechanisms for Securities Firms," information security policies and related management standards have been formulated.
- To ensure the Company's information and communication security, the
Company has established various information and communication
security
management measures including:
- The core system has implemented an Information Security Management System and passed SGS ISO 27001 certification; the core system has implemented a Business Continuity Management System and passed BSI ISO 22301 certification, with continuous maintenance of certificate validity.
- Implementation of IDS/IPS (Intrusion Detection and Prevention Systems), WAF (Web Application Firewall), and SOC (Security Operations Center) to enhance security monitoring and defense. Regular execution of system and webpage vulnerability scanning and penetration testing to ensure system security protection.
- Annual commissioning of information vendors to conduct third-party laboratory security testing for mobile applications to strengthen APP information security.
- Enhancement of staff security awareness: conducting education, training, and promotion on information security-related topics for all staff, and regularly conducting email social engineering drills for all staff to maintain a deception success rate below 5%.
Other Risks
To respond to major contingent events and enhance response capabilities,
the Company has established Major Contingent Event Operating Procedures
and built a notification management system.
Serves as the Company's risk management decision-making body, responsible for approving risk management policies, ensuring the effectiveness of risk management, and bearing ultimate responsibility for risk management.
The Committee has integrated risk management functions, overseeing the planning,
supervision, and implementation effectiveness of company-wide risk management
policies, managing overall risk limits and departmental risk limits, reviewing
regulations approved by the Board of Directors, supervising the implementation
of the Company's risk management system, and conducting early warning and
stop-loss tracking procedures.
Under authorization from the Board of Directors, executes management of market risk, credit risk, operational risk, and their correlations with climate risk. The Risk Management Office is responsible for monitoring, managing, and reporting overall risk positions, establishing risk management information systems, conducting necessary model validation, and performing quarterly stress testing and backtesting, reporting to the Committee and Board of Directors.
To effectively implement the promotion and execution of the Company's legal compliance system and achieve the goal of independently identifying, assessing, and supervising legal compliance risks, under authorization from the Board of Directors, continuously optimizes the legal compilation management system to ensure timely internalization of external regulations for staff compliance, and strengthens the execution of various legal compliance education and training programs to reduce non-compliance risks.
In accordance with the Company's risk management policy, handles company-wide legal compliance and legal risk-related matters.
Capital Adequacy Ratio
By calculating the equivalent amounts of various operational risks (market risk, credit risk, operational risk) and qualified net capital, the Company evaluates overall risk tolerance and appropriateness of risk management as a basis for adjusting risk positions and risk management policies. As of December 31, 2024, the Company's capital adequacy ratio was 338%, with market risk equivalent amount of NT$3,031,267,356, credit risk equivalent amount of NT$1,284,463,255, and operational risk equivalent amount of NT$930,288,540. The annual capital adequacy ratio ranged from 299% to 352%, all meeting the early warning threshold of above 270%. The capital adequacy ratios from January to December 2024 are shown in the following table:
| Jan. | Feb. | Mar. | Apr. | May | Jun. | Jul. | Aug. | Sep. | Oct. | Nov. | Dec. |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 334% | 321% | 311% | 303% | 302% | 299% | 327% | 339% | 338% | 352% | 345% | 338% |
Credit Risk
Before executing transactions, the Company conducts credit investigations on counterparties and provides appropriate transaction limits. Post-transaction monitoring is also conducted regularly to ensure no changes in counterparty creditworthiness. Credit transactions in brokerage business require clients to provide collateral securities and margin deposits approved by the Company, while conditional transactions require clients to provide collateral securities with credit ratings above a certain level or endorsement by guarantee institutions.
Market Risk
Risk quantification models are established to measure risk, including (but not limited to) traditional position/notional principal restrictions and profit/loss information, while also covering risk factor analysis and VaR calculation and management. Authorization limits, loss limits, risk value limits, and other related quantitative indicators for each department and product line are planned based on capital adequacy ratios. Market risk limits are controlled through risk management systems, with each department operating (or disposing) according to relevant market risk implementation guidelines to effectively control market risk.
Liquidity Risk
Total amount (New Taiwan Dollar plus various foreign currencies) cumulative maturity structure analysis reports are compiled regularly to track and control risk management target indicators and are reported to the Committee. As of December 31, 2024, the Company's total cumulative maturity structure analysis report is as follows. The results show that when extreme market conditions occur, the Company's cumulative funding gap as a percentage of total assets does not exceed the limits.
Base Date: December 31, 2024 | Unit: NT$ Million
| Stress Test Funding Liquidity Gap Management Report | Base Date: December 31, 2024 | Unit: NT$ Million | ||||||
|---|---|---|---|---|---|---|---|
| Item | 1-10 days (inclusive) | 1-30 days (inclusive) | 1-90 days (inclusive) | 1-181 days (inclusive) | 1 day -1 year (inclusive) | 1 day-over 1 year | Total |
| Total Cash Inflow | 36,997 | 51,213 | 57,036 | 60,778 | 87,096 | 97,497 | 97,497 |
| Total Cash Outflow | 36,138 | 53,380 | 68,197 | 69,934 | 81,012 | 82,286 | 82,286 |
|
Cumulative Maturity Gap (negative indicates gap) |
859 | -2,167 | -11,161 | -9,156 | 6,084 | 15,211 | - |
| Stress Test Impairment | 0 | -908 | -1,141 | -1,146 | -1,293 | -2,459 | -2,459 |
| Cumulative Maturity Gap Under Stress Test | 859 | -3,075 | -12,302 | -10,302 | 4,791 | 12,752 | - |
| Cumulative Maturity Gap Under Stress Test as % of Total Assets | 0.82% | -2.94% | -11.75% | -9.84% | 4.58% | 12.18% | - |
| Cumulative Maturity Gap as % of Total Assets Limit >= | -20% | -25% | -30% | -35% | -40% | -45% | - |
| Limit Exceeded | No | No | No | No | No | No | - |
Value at Risk
For products with different risk characteristics, appropriate quantitative models are adopted respectively to conduct risk assessments and regular comparisons with actual profit and loss to verify model appropriateness. As of December 31, 2024, the Company's overall position Value at Risk (VaR) calculated using the simple average method (1-DAY, 99%) was NT$237,485,091, with an annual average of NT$217,085,778 and an annual peak of NT$250,465,046, all complying with the regulation of not exceeding 3% of the Company's net worth at the end of the previous year.
Stress Testing
Based on December 31, 2024, the Company's stress test capital adequacy ratio was 277%, which is greater than the statutory capital adequacy ratio, and the test passed.
Unit Currency: NT$ Billion
| Test Date | December 31, 2024 |
|---|---|
| Qualified Net Capital Amount | 177.39 billion |
| Operating Risk Equivalent Amount | 52.46 billion |
| Capital Adequacy Ratio | 338% |
| Loss of Qualified Net Capital Due to Extreme Market Risk | 30.05 billion |
| Loss of Net Capital Due to OTC Stock Liquidity Risk | 1.54 billion |
| Increase in Operating Risk Equivalent Due to 2-Level Downgrade in Counterparty Credit Rating | 0.21 billion |
| Post-Stress Test Capital Adequacy Ratio | 277% |
| Statutory Capital Adequacy Ratio Standard | 150% |
| Test Conclusion | Post-stress test BIS ratio exceeds test standard, test passed |
High Carbon Emission Industry Statistics
As of December 31, 2024, the Company's proprietary trading and underwriting holdings in high carbon emission industry securities totaled NT$3.24 billion in cost, representing 8.38% of the Company's total proprietary trading and underwriting securities investment of NT$38.668 billion, complying with the regulation of not exceeding 27% of the Company's total proprietary trading and underwriting securities investment. Statistics are shown in the following table:
Unit Currency: NT$ Billion
| Industry Code | Industry name | Fixed income securities | Equity securities | Total |
|---|---|---|---|---|
| 0500 | Oil and Natural Gas Mining |
0.00 |
0.00 |
0.00 |
| 1500 | Pulp, Paper, and Paper Products Manufacturing |
0.00 |
1.60 |
1.60 |
| 1700 | Petroleum and coal products Manufacturing |
5.01 |
0.00 |
5.01 |
| 1810 | Chemical Materials Manufacturing |
1.00 |
3.35 |
4.35 |
| 1841 | Manufacture of Plastic Materials |
0.00 |
0.00 |
0.00 |
| 2331 | Cement Manufacturing |
0.00 |
2.75 |
2.75 |
| 2411 | Smelting and Refining of Iron and Steel |
1.00 |
1.43 |
2.43 |
| 3510 | Electricity Supply |
16.25 |
0.00 |
16.25 |
| Total High Carbon Emission Industry Positions |
23.26 |
9.14 |
32.40 |
|
| Total Proprietary Trading and Underwriting Investment Positions |
296.86 |
89.82 |
386.68 |
|
| High Carbon Emission Industry Investment Position Ratio to Total Investment Positions |
7.83% |
10.17% |
8.38% |
|
| High Carbon Emission Industry Limit as Percentage of Total Investment Positions | 27% | |||
| Early Warning/Limit Breach | No | |||
- The Risk Management Office regularly reports risk management implementation status to the financial holding parent company's Risk Management Committee and the Company's Board of Directors, with content including at least overall risk exposure status, fund utilization and credit situations, TCFD-related progress and key points, and other major exceptional risk management project reports.
- The Risk Management Office prepares quarterly derivative financial instrument transaction valuation reports to the Board of Directors to review whether derivative financial instrument transactions comply with established business strategies and whether the risks undertaken are within the company's acceptable range.
- The Risk Management Office regularly reports to the Committee on risk
management policy and objective implementation status, risk management
execution status, funding liquidity risk, and various credit and fund
utilization situations. To effectively enable the financial holding parent
company to understand the Company's risk management implementation status,
the Committee's agenda and minutes are also reported to the financial
holding parent company for record. The Company's overall risk management
implementation status includes at least:
- Credit Risk: Companies with newly identified credit risk concerns, holdings of securities with credit risk concerns, and counterparties with credit risk concerns in transactions.
- Market Risk: Early warning and stop-loss implementation status, exception management tracking, and other limit breach situations.
- Operational Risk: Statistics and implementation status of operational risk loss events in each department.
- Climate Risk: Statistics of the Company's proprietary trading and underwriting high carbon emission industry securities and TCFD implementation status.
- The Compliance Office regularly reports legal compliance risk management reports to the Compliance Committee.
- The Risk Management Office prepares weekly risk management reports for review by the Chairman and General Manager, including calculation and disclosure of the Company's capital adequacy ratio, overall profit and loss situation, risk limits for various product lines, and tracking of exceptional situations.
- The Risk Management Office conducts daily monitoring through the risk management system, with risk management summary reports submitted daily to the Chairman and General Manager. The content includes profit and loss situations for each department and product line, quota utilization status, risk values for each department, and proprietary and client position holdings of targets and counterparties with credit risk concerns. In case of exceptional situations, immediate reports are submitted to the Chairman and General Manager.
- Risk management personnel in each department conduct daily monitoring according to their established risk management implementation guidelines for each product line, preparing daily risk management reports for review by departmental supervisors.
To effectively manage the Company's credit risk, Credit Supervision Management Measures are established based on the Risk Management Rules to introduce an internal rating system linked by probability of default, and credit risk control is implemented for investment targets and counterparties with reference to major market information and relevant institutional research reports.
In the Company's investments in various businesses and products, in addition to complying with the Company's Credit Supervision Management Measures, the credit rating levels of investment targets and counterparties must also be reviewed before considering undertaking (or trading) or requiring credit enhancement, with regular tracking of changes in their credit risk.
For brokerage business, in addition to complying with the Company's Credit Supervision Management Measures, relevant research reports or warning lists issued by market regulatory institutions are also referenced as control basis. On the client side, credit investigation is conducted based on financial proof provided before trading, with regular review of whether credit status has changed. If credit trading is involved, sufficient collateral must be provided to effectively control credit risk in the brokerage business.
Assess the product lines that need to be hedged, and check daily whether the operation is within the scope of authorization. In addition, in response to emergencies, the Company conducts hedging operations for interest rate and equity derivatives to reduce position losses caused by abnormal market fluctuations. The Risk Management Office analyzes data such as various financial instrument positions, assessed gains and losses, analysis of sensitive risk factors, and stress testing on a regular or unscheduled basis, and reports to the chairman and the general manager as a reference for business decision-making.
In the event of sustained capital tightening, continuously rising interest rates, or sudden financial events that seriously affect liquidity risk, the Finance Department should consult with the Risk Management Office for opinions and report to the General Manager for approval to adopt measures such as disposing of commercial paper under repurchase agreements or other short-term investments on the books, expeditiously disposing of assets with better liquidity, and utilizing financial holding group resources to borrow from relevant financial institutions or issue commercial paper to obtain funds. When the company encounters a business crisis requiring emergency fund deployment, it shall be handled in accordance with the Company's Business Crisis Response Measures Operating Rules.
Annual operational risk self-assessments are conducted to effectively control and implement risk self-assessment mechanisms that reflect and resolve practical operational issues in each department to achieve risk control, mitigation, transfer, and avoidance.
When operational risk loss events occur due to inappropriate or erroneous internal operational processes, personnel, and systems, or direct or indirect losses caused by external events, the loss-bearing department should accurately record the occurrence date, time, incident details, and subsequent handling, conduct thorough reviews and formulate improvement plans to improve operational processes and reduce the possibility and severity of operational losses.
In accordance with the Company's Risk Management Rules, the total cost of high carbon emission industry securities held by the Company's proprietary trading and underwriting shall not exceed a certain percentage of the total cost of securities held by the Company's proprietary trading and underwriting, which is listed as an annual risk management objective. The 2025 risk management target is 26%.
Mega Group signed the Science Based Targets initiative (SBTi) commitment in April 2023 and sets carbon reduction pathways using Science Based Targets (SBT), committing to achieve a 39.56% proportion of positions completing SBT target setting by 2028. Official confirmation from SBTi was received on June 5, 2024, confirming passage of the target review.