Jump to main content
Chang Hwa Bank logo
For the best experience, change the screen to portrait mode.

For the best experience, change the screen to portrait mode.

:::

Risk Management Policy and Commitment

Policy

Overall Risk Management Policy (amended and approved by the Board of Directors on December 29, 2022)

The management policy includes a risk management framework, risk management scope (including credit, market, operation, interest rate in the banking book, liquidity, climate and other risks), and 3 lines of defense in risk management (including the risk tolerance unit, dedicated risk management unit, and independent internal audit unit as well as their responsibilities), and 5 major aspects of risk management procedures (identification, measurement, monitoring, reporting and implementation procedures).

Climate Risk Management Policy

In compliance with recent domestic regulatory amendments, the Bank revised its "Climate Risk Management Policy" on December 4, 2023, which was approved by the Board of Directors, integrating greenhouse gas inventory, disclosure, and verification into the climate risk management framework.

In response to international initiatives and leveraging financial influence to establish a virtuous societal cycle, the Bank signed the SBTi commitment in June 2022, aiming to achieve Science-Based Targets initiative commitments. The Board of Directors approved the "SBTi Investment and Financing Portfolio Target Setting" on January 29, 2024, and passed the SBTi target setting review in May of the same year, demonstrating alignment with international standards in sustainability efforts.

The Bank is committed to the long-term goal of achieving "2050 Net Zero Carbon Emissions" in accordance with national policies.

Commitment

Establish an independent and effective risk management mechanism of the Bank to assess and supervise the risk tolerance and the current risk tolerance situation, and determine the risk response strategy and compliance with risk management procedures, to effectively identify, measure, monitor and report various risks, and ensure sound management of the Bank.

Risk Management Organization

  1. The Bank's risk management organization is composed of the Board of Directors, the Audit Committee, the Senior Management Committee*, and three-line defense of risk management (the risk-tolerance unit, the dedicated risk management unit, and the independent internal audit unit).
  2. *Note: The Senior Management Committee refers to a committee under the supervision of the President, chaired and led by the President, including the Asset and Liability Management Committee, the Risk Management Committee, the Information Technology Project Committee, and the Treat Customers Fairly Facilitating Committee.
圖片範例

The Culture of Risk Management

The Bank creates a corporate culture throughout the organization that emphasizes the importance of risk management through training, self-assessments of risks, and performance evaluations:

  1. Education Training of Risk Management
    The Bank arranges in-person or online risk management training from top to bottom by role and responsibility to shape the risk awareness and culture of the Bank.
    1. Directors: Directors are encouraged to engage courses from external professional training institutions on topics such as legal compliance, information risk, digital governance risk, financial crime risk, corporate operational risks and opportunities related to climate change and net-zero emissions. These courses aim to enhance the governance capabilities of the Board of Directors in managing various types of risks.
    2. All employees: We provide a wide array of risk management training courses to all employees, covering legal compliance, AML, Business Integrity, the Equator Principles, credit risk, operational risk management, and highfrequency mistakes patterns. The training aims to instill the importance of risk management and enhance the ability to handle risks and emergencies in the course of duty.
    3. Business executives: Organize credit risk weight seminars and online courses for managers and reviewers, risk management education and training for overseas branch staffs before their assignments.
    4. Auditors: Conduct annual education and training on overseas inspections for auditors.
  2. Operational Risk Control and Self-Assessment
    The Bank conducts two annual operational risk controls and self-assessments. The self-assessment unit can propose risk points and specific improvement suggestions regarding the results of residual risk identification and evaluation. The respective business management units evaluate and analyze the feasibility, formulate improvement plans as needed, and select appropriate risk strategies (including risk taking, risk avoidance, risk transfer/offset, risk control) to control operational risks within a tolerable range. Before the launch of new products, activities, processes, or systems, the inherent operational risks should be identified and assessed. Appropriate control measures and risk indicators should be developed, and incorporate them into the most recent self-assessment operation after implementation to detect and control associated operational risks.
  3. Establishment of Risk Management Performance Evaluation Criteria
    1. Risk management indicators are developed for the senior management (including the President) based on responsibilities. These indicators may include asset quality, return on assets, various risk limits, risky assets, credit cost control, effectiveness of credit card scoring models, external credit ratings. The achievement of these objectives will affect individual annual performance bonuses.
    2. Performance assessment criteria for the regional centers and business units incorporate risk indicators (including asset quality for the current year, capital return ratio, risk-based internal audit system, legal compliance, and business controls). These criteria will affect the annual performance bonus of the respective units.
    3. Performance evaluation scoring criteria for risk-management-related units include indicators such as return on capital, delinquency rate, containment of new delinquent loans, monitoring of various risk limits, and operational risk controls. The results will affect the annual performance bonuses of the evaluated units.
    4. To optimize resource allocation, short-term loan control measures for business units are implemented as part of the scoring criteria for performance evaluation.
    5. Compliance awareness campaigns by all units throughout the Bank, and their evaluation procedures conducted serve as the basis for personnel performance evaluation.
  4. Set Up Operational Risk Manager
    To incorporate operational risk management into daily operations, the Bank has appointed operational risk managers in all units. These managers act as the contact point for operational risk management, aiding in the implementation and promotion of operational risk management policies. They are accountable for reporting operational risk events and disruptions, as well as conducting operational risk control and self-assessment.

Three-Line Defense of Risk Management

圖片範例

1st Line of Defense

Identify and Implement Risk Management

  1. All units outside of the second and third lines of defense function as the initial risk tolerance unit. They are responsible for the daily management and selfassessment of business risks. This includes identifying sources of risk, assessing the impact of risks, implementing risk response measures (such as risk offsetting, avoidance, reduction, and acceptance), regularly reviewing the risks and control points of business operations, establishing and enhancing risk management awareness, and achieving a balance between risk tolerance and annual profit targets.

2nd Line of Defense

Monitor, Plan and Establish Policy

  1. The independent risk management unit is responsible for risk monitoring, strategy development, and policy formulation to ensure the neutrality and consistency of the Bank in identifying, assessing, monitoring, and reporting risks. Risk Management Committee is held monthly for management purposes. (Compliance with related laws and regulations pertaining to AML/CFT mechanisms, including the identification, measurement, and monitoring for the risks of AML/CFT management mechanisms, is the responsibility of the EVP & Chief Compliance Officer.)

Risk Management Committee

  1. To establish an independent and effective risk management mechanism, improve the quality of the Bank's risk management, and ensure the stable operation of the Bank, the Risk Management Committee is set up to be responsible for the review and supervision of risk management matters. The President chairs the Risk Management Committee, which is held regularly each month and submits risk management reports to the Audit Committee and the Board of Directors quarterly. The main committee members are the Executive Vice Presidents, the EVP & Chief Compliance Officer, and the heads of the Credit Management Division, Risk Management Division, Loan Asset Management Division, Financial Management Division, Operations Division, and Information Security Division.

Risk Identification

  1. To establish an independent and effective risk management mechanism of the Bank to assess and supervise the risk tolerance and the current risk tolerance situation, and determine the risk response strategy and compliance with risk management procedures, to effectively identify, measure, monitor and report various risks, the Bank has developed the "Overall Risk Management Policy" which has been approved by the Board of Directors as the highest level of internal risk management guidelines. Each year, the Board of Directors approves the "Risk Appetite Statement" which is jointly prepared by senior management. This statement serves as a link between the bank's business strategy, operational plans, and risk management, and also forms the basis for setting internal risk limits and ensuring policy compliance within the Bank. The Risk Identification and Appetite Process and Method is explained as follows.
  2. Identification Method and Procedure
  3.  Identification method and risk ranking
  4. Major Risks, Risk Appetite and Management/Mitigation Measures
  5. The Bank establishes a significant risk matrix (as shown in the diagram below) by categorizing the likelihood of risk occurrence (Highly Unlikely, Unlikely, Possible, Very Likely, Highly Likely) and the impact on the bank (Mild, Moderate, Great, Significant, Extreme) into five stages on an annual basis. From the 16 types of operational risks, the top six major risk items are identified to enhance the risk management mechanism. Among these risks, credit risk poses the highest possibility of occurrence and impact on the Bank. It is followed by market risk and operational risk, which have comparable possibilities. However, market risk has a greater impact on the Bank.
  6. To evaluate the risk appetite for identified major risks, the Bank conducts quarterly monitoring and review of indicators to determine if the risks are still within acceptable limits. The table below provides an explanation of the risk appetite and mitigation measures for the first six major risks:
  7. significant risk matrix
  8. The major risk items identified
  9. The major risk items identified

Systemic Risk Assessment

  1. In addition to the supervisory stress test conducted by the competent authority from time to time, the Bank performs a stress test quarterly, including financial risk factors of credit risk, market risk, liquidity risk, and the non-financial risk factor of operational risk of incidents of fraudulent or information security breaches when filing a report on the supervisory review implementation principles to the competent authority every year, and selects the scenario where the stress test has the greatest impact on the Bank's capital to calculate the amount of the loss on our own qualified capital, which serves as the basis for assessment and planning of the Bank's internal capital adequacy. The annual stress test results are regularly reported to the Board of Directors, submitted to the competent authority, and disclosed to the public on a regular basis.
    1. The Bank conducts an annual review, considering factors such as the overall economy and financial environment, to assess the suitability of stress test scenario parameter settings. This evaluation gauges the Bank's risk tolerance and capital adequacy in stressful situations. 
    2. The Bank's 2023 stress test results showed that all ratios meet the minimum statutory capital requirements set by the Financial Supervisory Commission (that is, common equity ratio, tier 1 capital ratio, capital adequacy ratio and leverage ratio are 7.0%, 8.5%, 10.5%, and 3.0% respectively, both of which are above the minimum statutory capital requirement.

Monitoring

    1. Assist each indicative management unit in keeping abreast of the important information on business activities, overall situation of business, and changes in the financial environment, so as to identify and control operating risks in real time.
    2. Keep abreast of the situation of various national risk limits immediately and accurately and regularly report the country's national risk exposure values and monitoring status of the Bank. 
    3. The Bank continues to integrate all kinds of risk indicators assessment and information and the subsequent notification mechanism so as to take early countermeasures to control the quality of the Bank's credit assets effectively.
    4. Track and examine the political & economic situation of various countries from time to time to keep abreast of downgrade of credit rating or changes in major events and take necessary measures accordingly.
    5. The Bank continues to optimize risk measurement indicators and monitoring, strengthen the operational risk identification by all units of the Bank, collect and analyze operational risk events and track improvements to improve the effectiveness of operational risk management. 
    6. Continue to improve the performance of existing personal credit rating and corporate credit rating models to achieve the best results of credit risk management.
    7. In response to the evolution of market risk monitoring because of the implementation of the New Basel Capital Accord, the Bank continues to study and strengthen the management efficiency of systems related to market risks.
    8. Monitor the risk exposure of various financial product positions traded and the situation of risk limits every day, and reports to the Risk Management Committee monthly, to the Audit Committee and the Board of Directors on the relevant risk exposure situations quarterly.
    9. In order to identify and manage the overall operational risks of the Bank, as well as to keep abreast of the important information on business activities, overall situation of business, and changes in the financial environment, a quarterly "Operational Risk Detection Report" is prepared and submitted to the Risk Management Committee, Audit Committee, and Board of Directors.

Strategy

    1. In response to climate change, continue to cooperate with green industries and carbon-intensive emission industries to monitor and manage industry-specific quotas; and cooperate with the climate change voluntary reduction cooperation mechanism to reduce credits and investment quota ratios for carbon-intensive emission industries year by year.
    2. Based on the definition of the green electricity and renewable energy industry in the government's Six Core Strategic Industries Promotion Plan, as well as the Bank's Green Enterprise Project Loans, we will be increasing the credit limit for the industry classification portfolio involved.

Implementation

  1. The Bank's risk management unit reports to the Board of Directors on the Bank's risk environment and risk control measures adopted by the Bank on a quarterly basis to coordinate and integrate the review, supervision, and operation of the Bank's risk management issues, and implements the risk management policies and procedures, risk appetite statement, and risk management mechanism approved by the Board of Directors while reviewing the risk management process, monitoring its appropriateness, and ensuring effective communication and coordination of relevant risk management functions.
    1. The quarterly reports with data of March, June, September and December were submitted to Board of Directors respectively. The content of the quarterly report in 2023 included "Situations of the Implementation of the Basel Capital Accord," "Credit Risk Management Situations," "Financial Counterparty and Country Risk Management Situations," "Market Risk Management Situations," "Operational Risk Management Situations," "Loan Management Situations," "Information Security Management Situations," "Overseas Branches Risk Management Situations," "Climate Risk Management," and other issues related to risk, etc.
    2. The Bank's 2023 Emerging Risk Management Implementation Report was submitted to the 4th meeting of the Risk Management Committee in 2024 (April 29, 2024) for review and included in the first quarterly risk report submitted to the Audit Committee and the Board of Directors.

3rd Line of Defense

Audit and Inspect

The Internal Audit

    1. The Bank's internal auditing unit performs the audit business in the spirit of independence, and provides timely suggestions about improvement to reasonably ensure the continuous and effective implementation of the internal control system while reporting on the audit business to the Board of Directors and the Audit Committee quarterly so that the Board of Directors and senior managers can learn about the effectiveness of the Bank's internal control system and risk management system.
    2. The Bank adopts a risk-based internal audit system. In addition to determining the frequency of audits for subjects based on comprehensive risk assessment results, the Bank also takes into account the exposure situation of various identified operational risk types of the subjects, as well as high-risk issues related to core business and operational processes when conducting audits. This enables the Bank to plan audit focus areas and delve into audit matters. Secondly, the Bank's internal audit also considers the key aspects of financial supervision and inspection, as well as the changes in the internal and external environment. This enables us to develop targeted project audit items for high-risk businesses and processes. The purpose of this is to assess the overall risk exposure and management of these matters. 
    3. The Bank's internal auditing unit continues to follow up on the opinions and deficiencies put forth by the financial inspection agencies and accountants during inspections and by the internal auditing unit and business units during the self-audit, as well as the "improvements" listed in the statement on the internal control system, and to track the improvement situation.

The External Audit

The Bank is audited quarterly by accountants on relevant management and internal control mechanisms such as market risk and credit risk disclosed in financial reports.