Jump to main content
Chang Hwa Bank logo
Right menu
For the best experience, change the screen to portrait mode.

For the best experience, change the screen to portrait mode.

:::
:::

Risk Management Mechanism

Policy

Overall Risk Management Policy (amended and approved by the Board of Directors on December 29, 2022)

The management policy includes a risk management framework, risk management scope (including credit, market, operation, interest rate in the banking book, liquidity, climate and other risks), and 3 lines of defense in risk management (including the risk tolerance unit, dedicated risk management unit, and independent internal audit unit as well as their responsibilities), and 5 major aspects of risk management procedures (identification, measurement, monitoring, reporting and implementation procedures).

Climate and Nature Risk Management Policy (amended and approved by the Board of Directors on March 20, 2025)

The Bank's "Climate and Nature Risk Management Policy" not only incorporates greenhouse gas inventory, disclosure, and verification as part of climate risk management, but also, in alignment with the Task Force on Nature-related Financial Disclosures (TNFD) framework, expands its scope to include the assessment and disclosure of natural environmental impacts. This aims to strengthen the management of natural-related issues and to pursue nature-positive goals with a gradual integration into practical operations in the future. These measures enhance nature-related risk management and support the Bank’s commitment to nature-positive outcomes.

Commitment

    1. Establish an independent and effective risk management mechanism of the Bank to assess and supervise the risk tolerance and the current risk tolerance situation, and determine the risk response strategy and compliance with risk management procedures, to effectively identify, measure, monitor and report various risks, and ensure sound management of the Bank.
    2. The Bank is committed to the long-term goal of achieving "2050 Net Zero Carbon Emissions" in accordance with national policies.
    3. In response to international initiatives and leveraging financial influence to establish a virtuous societal cycle, the Bank signed the SBTi commitment in June 2022, aiming to achieve Science-Based Targets initiative commitments. The Board of Directors approved the "SBTi Investment and Financing Portfolio Target Setting" on January 29, 2024, and passed the SBTi target setting review in May of the same year, demonstrating alignment with international standards in sustainability efforts. 
    4. In response to international initiatives and leveraging financial influence to establish a virtuous societal cycle, the Bank signed the Science Based Targets initiative (SBTi) commitment in June 2022. The Board of Directors approved the "SBTi Investment and Financing Portfolio Target Setting" on January 29, 2024. The Bank's targets passed the SBTi target setting review in May of the same year, demonstrating alignment with international standards in sustainability efforts.
    5. In 2022, the Bank co-signed the "1.5°C Climate Action Commitment" with Chinese National Association of Industry and Commerce, Taiwan (CNAIC) members: "To fulfill responsibilities as global citizens and actively respond to the global climate crisis, member companies of the Chinese National Association of Industry and Commerce, Taiwan respond to international net-zero sustainability trends, committing to cooperate with the government's 2050 net-zero pathway planning, integrate industrial and commercial resources to implement low-carbon industrial transformation, and achieve the Paris Agreement's goal of controlling temperature rise to 1.5°C."
    6. According to the latest 2024 survey results from CommonWealth Magazine's "Temperature Rising Index for Pathways" (TRIPs), based on the Bank's established carbon reduction targets and pathways, calculations using the AGTP climate model and parameter matrix determined the Bank's corporate carbon reduction thermometer temperature at 1.498°C, meeting the Paris Agreement's ambition to limit global warming to no more than 1.5°C by century's end. The Bank was awarded the 1.5°C certification (valid from June 1, 2024, to May 31, 2025), working together toward net-zero emissions/carbon neutrality.

Risk Management Organization

  1. The Bank's risk management organization is composed of the Board of Directors, the Audit Committee, the Senior Management Committee, and three-line defense of risk management (the risk-tolerance unit, the dedicated risk management unit, and the independent internal audit unit).

The Culture of Risk Management

The Bank creates a corporate culture throughout the organization that emphasizes the importance of risk management through training, self-assessments of risks, and performance evaluations:

Education Training of Risk Management

The Bank arranges in-person or online risk management training from top to bottom by role and responsibility to shape the risk awareness and culture of the Bank.

  1. Directors:
    Directors are encouraged to engage courses from external professional training institutions on topics such as legal compliance, information risk, digital governance risk, financial crime risk, corporate operational risks and opportunities related to climate change and net-zero emissions. These courses aim to enhance the governance capabilities of the Board of Directors in managing various types of risks.
  2. All employees:
    We provide a wide array of risk management training courses to all employees, covering legal compliance, AML, Business Integrity, the Equator Principles, credit risk, operational risk management, and high-frequency mistakes patterns. The training aims to instill the importance of risk management and enhance the ability to handle risks and emergencies in the course of duty.
  3. Business executives:
    Organize credit risk weight seminars and online courses for managers and reviewers, risk management education and training for overseas branch staffs before their assignments.
  4. Auditors:
    Conduct annual education and training for auditors. 

Operational Risk Control and Self-Assessment

The Bank conducts two annual operational risk controls and self-assessments. The self-assessment unit can propose risk points and specific improvement suggestions regarding the results of residual risk identification and evaluation. The respective management units evaluate and analyze the feasibility, formulate improvement plans as needed, and select appropriate risk strategies (including risk taking, risk avoidance, risk transfer/offset, risk control) to control operational risks within a tolerable range. Before the launch of new products, activities, processes, or systems, the inherent operational risks should be identified and assessed. Appropriate control measures and risk indicators should be developed, and incorporate them into the most recent self-assessment operation after implementation to detect and control associated operational risks.

Establishment of Risk Management Performance Evaluation Criteria

  1. Risk management indicators are developed for the senior management (including the President) based on responsibilities. These indicators may include asset quality, return on assets, various risk limits, risky assets, credit cost control, effectiveness of credit card scoring models, external credit ratings. The achievement of these objectives will affect individual annual performance bonuses.
  2. Performance assessment criteria for the regional centers and business units incorporate risk indicators (including asset quality for the current year, capital return ratio, risk-based internal audit system, legal compliance, and business controls). These criteria will affect the annual performance bonus of the respective units.
  3. Performance evaluation scoring criteria for risk-management-related units include indicators such as return on capital, NPL ratio, containment of new delinquent loans, monitoring of various risk limits, and operational risk controls. The results will affect the annual performance bonuses of the evaluated units.
  4. To optimize resource allocation, short-term loan control measures for business units are implemented as part of the scoring criteria for performance evaluation.
  5. Compliance awareness campaigns by all units throughout the Bank, and their evaluation procedures conducted serve as the basis for personnel performance evaluation. 

Set Up Operational Risk Manager

To incorporate operational risk management into daily operations, the Bank has appointed operational risk managers in all units. These managers act as the contact point for operational risk management, aiding in the implementation and promotion of operational risk management policies. They are accountable for reporting operational risk events and disruptions, as well as conducting operational risk control and self-assessment.

Three-Line Defense of Risk Management

圖片範例

1st Line of Defense

Identify and Implement Risk Management

  1. All units outside of the second and third lines of defense function as the initial risk tolerance unit. They are responsible for the daily management and selfassessment of business risks. This includes identifying sources of risk, assessing the impact of risks, implementing risk response measures (such as risk offsetting, avoidance, reduction, and acceptance), regularly reviewing the risks and control points of business operations, establishing and enhancing risk management awareness, and achieving a balance between risk tolerance and annual profit targets.

2nd Line of Defense

Monitor, Plan and Establish Policy

  1. The independent risk management unit is responsible for risk monitoring, strategy development, and policy formulation to ensure the neutrality and consistency of the Bank in identifying, assessing, monitoring, and reporting risks. Risk Management Committee is held monthly for management purposes. (Compliance with related laws and regulations pertaining to AML/CFT mechanisms, including the identification, measurement, and monitoring for the risks of AML/CFT management mechanisms, is the responsibility of the EVP & Chief Compliance Officer.)

Risk Management Committee

  1. To establish an independent and effective risk management mechanism, improve the quality of the Bank's risk management, and ensure the stable operation of the Bank, the Risk Management Committee is set up to be responsible for the review and supervision of risk management matters. The Chairperson chairs the Risk Management Committee, which is held regularly each month and submits risk management reports to the Audit Committee and the Board of Directors quarterly. The main committee members are the President, Executive Vice Presidents, the EVP & Chief Compliance Officer, and the heads of the Credit Management Division, Risk Management Division, Loan Asset Management Division, Financial Management Division, Operations Division, and Information Security Division.

Risk Identification

  1. To establish an independent and effective risk management mechanism of the Bank to assess and supervise the risk tolerance and the current risk tolerance situation, and determine the risk response strategy and compliance with risk management procedures, to effectively identify, measure, monitor and report various risks, the Bank has developed the "Overall Risk Management Policy" which has been approved by the Board of Directors as the highest level of internal risk management guidelines. Each year, the Board of Directors approves the "Risk Appetite Statement" which is jointly prepared by senior management. This statement serves as a link between the bank's business strategy, operational plans, and risk management, and also forms the basis for setting internal risk limits and ensuring policy compliance within the Bank. The Risk Identification and Appetite Process and Method is explained as follows.
  1. Risk Identification Method and Procedure Identification method and risk ranking
  2. Major Risks, Risk Appetite and Management/Mitigation Measures
    The Bank establishes a Material Risk Matrix (as shown in the diagram below) by categorizing the likelihood of risk occurrence (Highly Unlikely, Unlikely, Possible, Likely, Almost Certain) and the impact on the Bank (Minor, Moderate, Major, Significant, Extreme) into five levels on an annual basis. From the 16 types of business risks, the top six major risk items are identified to enhance the risk management mechanism. The ranking of materiality from highest to lowest is: Credit Risk, Market Risk, Information Technology Risk, Strategic Risk, Liquidity Risk, and Operational Risk.significant risk matrixThe Bank monitors risk appetite indicators for the top six material risks on a quarterly basis and assesses whether the risks remain within acceptable limits.The major risk items identifiedThe major risk items identified

Systemic Risk Assessment

Stress Test

  1. Frequency
    1. Irregular: supervisory stress test conducted by the competent authority.
    2. Regular: Conduct quarterly and annual self-conducted stress tests.
  2. Risk Factors
    1.  Financial risk factors: credit risk, market risk, liquidity risk.
    2. Non-financial risk factor: operational risk of incidents of fraudulent or information security breaches. 
  3. The Bank selects the scenario where the stress test has the greatest impact on the Bank's capital to calculate the amount of the loss on our own qualified capital, which serves as the basis for assessment and planning of the Bank's internal capital adequacy. The Bank conducts an annual review, considering factors such as the overall economy and financial environment, to assess the suitability of stress test scenario parameter settings. This evaluation gauges the Bank's risk tolerance and capital adequacy in stressful situations.
  4. The annual stress test results are regularly reported to the Board of Directors, submitted to the competent authority, and disclosed to the public on a regular basis. 
    1. ►The Bank's 2024 stress test results showed that all ratios meet the minimum statutory capital requirements set by the Financial Supervisory Commission (that is, common equity ratio, tier 1 capital ratio, capital adequacy ratio and leverage ratio are 7.0%, 8.5%, 10.5%, and 3.0% respectively, both of which are above the minimum statutory capital requirement.

Monitoring

    1. Assist each indicative management unit in keeping abreast of the important information on business activities, overall situation of business, and changes in the financial environment, so as to identify and control operating risks in real time.
    2. Track and examine the political & economic situation of various countries from time to time to keep abreast of downgrade of credit rating or changes in major events and take necessary measures accordingly.
    3. In order to identify and manage the overall operational risks of the Bank, as well as to keep abreast of the important information on business activities, overall situation of business, and changes in the financial environment, a quarterly "Operational Risk Detection Report" is prepared and submitted to the Risk Management Committee, Audit Committee, and Board of Directors.
    4. The Bank continues to integrate all kinds of risk indicators assessment and information and the subsequent notification mechanism so as to take early countermeasures to control the quality of the Bank's credit assets effectively.
    5. Keep abreast of the situation of various national risk limits immediately and accurately and regularly report the country's national risk exposure values and monitoring status of the Bank.
    6. Monitor the risk exposure of various financial product positions traded and the situation of risk limits every day, and reports to the Risk Management Committee monthly, to the Audit Committee and the Board of Directors on the relevant risk exposure situations quarterly.
    7. The Bank continues to optimize risk measurement indicators and monitoring, strengthen the operational risk identification by all units of the Bank, collect and analyze operational risk events and track improvements to improve the effectiveness of operational risk management.
    8. In response to the evolution of market risk monitoring because of the implementation of the New Basel Capital Accord, the Bank continues to study and strengthen the management efficiency of systems related to market risks.
    9. Monitor the risk exposure of various financial product positions traded and the situation of risk limits every day, and reports to the Risk Management Committee monthly, to the Audit Committee and the Board of Directors on the relevant risk exposure situations quarterly. 

Implementation

  1. The Bank's risk management unit reports to the Board of Directors on the Bank's risk environment and risk control measures adopted by the Bank on a quarterly basis to coordinate and integrate the review, supervision, and operation of the Bank's risk management issues, and implements the risk management policies and procedures, risk appetite statement, and risk management mechanism approved by the Board of Directors while reviewing the risk management process, monitoring its appropriateness, and ensuring effective communication and coordination of relevant risk management functions.
    1. The quarterly reports with data of March, June, September and December were submitted to Audit Committee and Board of Directors respectively. The content of the quarterly report in 2024 included "Situations of the Implementation of the Basel Capital Accord," "Credit Risk Management Situations," "Financial Counterparty and Country Risk Management Situations," "Market Risk Management Situations," "Operational Risk Management Situations," "Loan Management Situations," "Information Security Management Situations," "Overseas Branches Risk Management Situations," "Climate Risk Management," and other issues related to risk, etc.
    2. The Bank's 2024 Emerging Risk Management Implementation Report was submitted to the 3rd meeting of the Risk Management Committee in 2025 (March 26, 2025) for review and included in the first quarterly risk report submitted to the Audit Committee and the Board of Directors.

3rd Line of Defense

Audit and Inspect

The Internal Audit

    1. The Bank's internal auditing unit performs the audit business in the spirit of independence, and provides timely suggestions about improvement to reasonably ensure the continuous and effective implementation of the internal control system while reporting on the audit business to the Board of Directors and the Audit Committee quarterly so that the Board of Directors and senior managers can learn about the effectiveness of the Bank's internal control system and risk management system.
    2. The Bank adopts a risk-based internal audit system. In addition to determining the frequency of audits for subjects based on comprehensive risk assessment results, the Bank also takes into account the exposure situation of various identified operational risk types of the subjects, as well as high-risk issues related to core business and operational processes when conducting audits. This enables the Bank to plan audit focus areas and delve into audit matters. Secondly, the Bank's internal audit also considers the key aspects of financial supervision and inspection, as well as the changes in the internal and external environment. This enables us to develop targeted project audit items for high-risk businesses and processes. The purpose of this is to assess the overall risk exposure and management of these matters.
    3. The Bank's internal auditing unit continues to follow up on the opinions and deficiencies put forth by the financial inspection agencies and accountants during inspections and by the internal auditing unit and business units during the self-audit, as well as the "improvements" listed in the statement on the internal control system, and to track the improvement situation. 

The External Audit

  1. The External Audit
  • ::: © All rights reserved.
  • Customer service center single representative number:412-2222
  • Mobile please dial 02-412222/0800-365-889(Local call only)