Jump to main content
Chang Hwa Bank logo
For the best experience, change the screen to portrait mode.

For the best experience, change the screen to portrait mode.


Risk Management Policy and Commitment


Overall Risk Management Policy (amended and approved by the Board of Directors on December 29, 2022)

The management policy includes a risk management framework, risk management scope (including credit, market, operation, interest rate in the banking book, liquidity, climate and other risks), and 3 lines of defense in risk management (including the risk tolerance unit, dedicated risk management unit, and independent internal audit unit as well as their responsibilities), and 5 major aspects of risk management procedures (identification, measurement, monitoring, reporting and implementation procedures).

Climate Risk Management Policy

In order to align with international practices and strengthen the management and response of the Bank (including its subsidiaries) to climate risks, the Bank adopted a new climate risk management policy on December 29, 2022 by the Board of Directors to face the challenges of climate change.

The Bank signed up to the SBTi in 2022 and is committed to aligning its business development strategies with the requirements of the SBTi (to limit global warming well-below 2°C) and actively reviewing its investing and financing portfolio and the carbon reduction strategies of the businesses in that portfolio.


Establish an independent and effective risk management mechanism of the Bank to assess and supervise the risk tolerance and the current risk tolerance situation, and determine the risk response strategy and compliance with risk management procedures, to effectively identify, measure, monitor and report various risks, and ensure sound management of the Bank.

Risk Management Organization

The risk management organization is composed of the Board of Directors, high-level management committees (the Asset and Liability Management Committee and the Risk Management Committee), and three-line defense of risk management (the risk-tolerance unit, the dedicated risk management unit, and the independent internal audit unit), of which the high-level management committees are governed by the President.

Risk Management Committee

To establish an independent and effective risk management mechanism, improve the quality of the Bank's risk management, and ensure the stable operation of the Bank, the Risk Management Committee is set up to be responsible for the review and supervision of risk management matters. The President chairs the Risk Management Committee, which is held regularly each month and report to the Audit Committee and the Board of Directors quarterly. The main committee members are the Executive Vice Presidents, the EVP & Chief Compliance Officer, and the heads of the Credit Management Division, Risk Management Division, Loan Asset Management Division, Financial Management Division, Operations Division, and Information Security Division.


The Culture of Risk Management

The Bank creates a corporate culture throughout the organization that emphasizes the importance of risk management through training, self-assessments of risks, and performance evaluations:

  1. Education Training of Risk Management
    1. The Bank arranges in-person or online risk management training from top to bottom by role and responsibility. For instance, we organize in-house training or arrange external professional training courses for directors. Courses cover information risk, digital governance risks, financial crime risks, and corporate operational risks and opportunities related to climate change and net-zero policies. This aims to enhance Board governance in the face of various forms of risks.
    2. We provide a wide array of risk management training courses to all employees, covering the Equator Principles, credit risk, operational risk management, and high-frequency mistakes patterns. The training aims to instill the importance of risk management and enhance the ability to handle risks and emergencies in the course of duty. In addition, training programs are organized for auditors participating on overseas inspections, managers and reviewers on credit risk weight, and online courses. Overseas branch staffs also receive risk management training before their assignments. These training programs help shape a risk-aware culture throughout the organization.
  2. Operational Risk Controls and Self-assessments
    1. The Bank conducts two annual operational risk controls and self-assessments. The self-assessment unit can propose risk points and specific improvement suggestions regarding the results of residual risk identification and evaluation. The respective business units evaluate and analyze the feasibility, formulate improvement plans as needed, and select appropriate risk strategies (including risk taking, risk avoidance, risk transfer/offset, risk control) to control operational risks within a tolerable range. Prior to the launch of new products, activities, processes, or systems, it is important to identify and assess the inherent operational risks. Appropriate control measures and risk indicators should be developed to detect and control associated operational risks.
  3. Establishment of Risk Management Performance Evaluation Criteria
    1. Risk management indicators are developed for the senior management, including the President, based on responsibilities. These indicators may include asset quality, return on assets, various risk limits, risky assets, credit cost control, effectiveness of credit card scoring models, external credit ratings. The achievement of these objectives will affect individual annual performance bonuses.
    2. Performance assessment criteria for the regional centers and business operations incorporate risk indicators (including asset quality for the current year, average risk weight, capital return ratio, risk-oriented internal audit system, legal compliance, and business controls). These criteria will affect the annual performance bonus of the respective units.
    3. Performance evaluation scoring criteria for risk-management-related units include indicators such as return on capital, delinquency rate, containment of new delinquent loans, monitoring of various risk limits, and operational risk controls. The results will affect the annual performance bonuses of the evaluated units.
    4. To optimize resource allocation, short-term loan control measures for business units are implemented as part of the scoring criteria for performance evaluation.
    5. Compliance awareness campaigns by all units throughout the Bank, and their evaluation procedures conducted serve as the basis for personnel performance evaluation.

Three-Line Defense of Risk Management


1st Line of Defense

Identify and Implement Risk Management. (Divisions and business units)

  1. Through the industrial characteristics of financial intermediaries, potential social or environmental impacts are taken into account as consideration factors for cases, or prudent evaluation of investment and financing for industries that have a significant adverse impact on social sustainable development (such as: non-public welfare gaming, arms, tobacco and special entertainment industries, etc.) , proper use of bank funds, and implementation of environmental protection and social sustainability responsibilities.

2nd Line of Defense

Monitor, Plan and Establish Policy. (Risk management unit)

  • Identify the risk
  1. 1. Identification method and risk ranking
  2.  Identification method and risk ranking
  3. 2. Significant risks, risk appetite and management/mitigation measures
  4. The major risk items identified by the Bank and their order are as follows:
  5. The major risk items identified
    1. Systemic Risk Assessment
      1. In addition to the supervisory stress test conducted by the competent authority from time to time, the Bank performs a stress test including Financial risk factors of credit risk, market risk, and liquidity risk, and non-financial risk factors such as operational risk when filing a report on the supervisory review implementation principles to the competent authority every year, and selects the scenario where the stress test has the greatest impact on the Bank’s capital to calculate the amount of the loss on our own qualified capital, which serves as the basis for assessment and planning of the Bank's internal capital adequacy.
      2. The Bank’s 2022 stress test results showed that all ratios meet the minimum statutory capital requirements set by the Financial Supervisory Commission (that is, common equity ratio, tier 1 capital ratio, capital adequacy ratio and leverage ratio are 7.0%, 8.5%, 10.5%, and 3.0% respectively, both of which are above the minimum statutory capital requirement.
    2. Monitor
      1. Assist each indicative management unit in keeping abreast of the important information on business activities, overall situation of business, and changes in the financial environment, so as to identify and control operating risks in real time.
      2. Keep abreast of the situation of various national risk limits immediately and accurately and regularly report the country's national risk exposure values and monitoring status of the Bank.
      3. The Bank continues to integrate all kinds of risk indicators assessment and information and the subsequent notification mechanism so as to take early countermeasures to control the quality of the Bank's credit assets effectively.
      4. Track and examine the political & economic situation of various countries from time to time to keep abreast of downgrade of credit rating or changes in major events and take necessary measures accordingly.
      5. The Bank continues to optimize risk measurement indicators and monitoring, strengthen the operational risk identification by all units of the Bank, collect and analyze operational risk events and track improvements to improve the effectiveness of operational risk management.
      6. Continue to improve the performance of existing personal credit rating and corporate credit rating models to achieve the best results of credit risk management.
      7. In response to the evolution of market risk monitoring because of the implementation of the New Basel Capital Accord, the Bank continues to study and strengthen the management efficiency of systems related to market risks.
    1. Strategy
      1. In response to climate change, continue to cooperate with green industries and high-carbon-emitting industries to monitor and manage industry-specific quotas; and cooperate with the climate change voluntary reduction cooperation mechanism to reduce accounting credits and investment quota ratios for high-carbon-emitting industries by 11%.
      2. Referring to the government’s “Six Core Strategic Industries Promotion Plan” for green power and renewable energy industry and the Bank’s green enterprise project loans, the credit limit was increased by 1%.
    2. Implementation
      1. The Bank's risk management unit reports to the Audit Committee and the Board of Directors on the Bank's risk environment and risk control measures adopted by the Bank on a quarterly basis to coordinate and integrate the review, supervision, and operation of the Bank's risk management issues, and implements the risk management policies and procedures, risk appetite statement, and risk management mechanism approved by the Board of Directors while reviewing the risk management process, monitoring its appropriateness, and ensuring effective communication and coordination of relevant risk management functions.
        ► The quarterly reports with data of March, June, September and December were submitted to Board of Directors respectively. The content of the quarterly report in 2022 included “Situations of the Implementation of the Basel Capital Accord,” “Credit Risk Management Situations,” “Financial Counterparty and Country Risk Management Situations,” “Market Risk Management Situations,” “Operational Risk Management Situations,” “Loan Management Situations,” “Information Security Management Situations,” “Overseas Branches Risk Management Situations,” ”Climate Risk Management,” and other issues related to risk, etc.
        ► The Bank's 2022 Emerging Risk Management Implementation Report was submitted to the 4th meeting of the Risk Management Committee in 2023 (April 27, 2023) for review and included in the first quarterly risk report submitted to the Board of Directors (See Chapter 2.5.5 for details).
      2. Monitor various financial product positions traded and the situation of risk limits every day, and reports to the Board of (Managing) Directors on the relevant risk exposure situations regularly.

3rd Line of Defense

Audit and Inspect. (Audit unit)

  1. The Bank adopts a risk-oriented internal audit system starting from 2022, and the frequency of internal audits to the subjects will be determined according to the results of risk assessment results. We pay close attention to changes in the overall environment, laws and regulations, organizational scale, business management, and other internal and external situations, thereby keeping abreast of risks immediately and revising the audit content in due course. The internal auditing unit continues to follow up on the opinions and deficiencies put forth by the financial inspection agencies and accountants during inspections and by the internal auditing unit and business units during the selfaudit, as well as the "improvements” listed in the statement on the internal control system, and to track the improvement situation.
    1. The internal audit
      The Bank's internal auditing unit performs the audit business in the spirit of independence, and provides timely suggestions about improvement to reasonably ensure the continuous and effective implementation of the internal control system while reporting on the audit business to the Board of Directors and the Audit Committee quarterly so that the Board of Directors, the Audit Committee, and senior managers can learn about the effectiveness of the Bank's internal control system and risk management system.
      The internal audit includes the inspection unit and the number of inspections (annual or semiannual inspection according to the unit), as well as the improvement of internal control deficiencies or abnormalities found.
    2. The external audit
      The Bank is audited quarterly by accountants on relevant management and internal control mechanisms such as market risk and credit risk disclosed in financial reports.

Credit Risks Arising from Major Business Activities

In accordance with the financial asset classes and their methodologies specified in the PCAF International Standards, the Bank uses the list of high carbon emission industries approved by the Board of Directors as the basis for calculating the risk of high carbon emission industries of the Bank as the limit plan. The following were the high carbon emission industry risk data for 2022:

Credit Risks Arising from Major Business Activities