Mega Holdings

Mega Holdings prioritizes the establishment and implementation of the system in risk management and emphasizes that everyone should be held accountable for risk management. To ensure the sound operations of subsidiaries of the Group, quality and security of assets and finances, and compliance of related regulations, Mega Holdings established unified guidelines on risk management and major operations in the Risk Management Policy and Guidelines adopted by the Board of Directors and other regulations governing risk management. Each subsidiary has been requested to incorporate these guidelines and regulations into its policies, goals, and internal control regulations, so as to build a sound risk management system.

Mega Holdings established the Risk Management Committee under the Board of Directors to ensure the effective implementation of the Group's risk management system and designated the Risk Management Department as the unit responsible for risk management.

■ Three Lines of Defense in Risk Management

■ Firewalls

To prevent any conflict of interest in businesses, transactions, joint promotion of business activities, exchange and use of information, joint use of business equipment, venues, or personnel, and provision of cross-sector consolidated financial products or services between the Company and subsidiaries that may jeopardize the Company's sound operations or customer interests, the Company has established a firewall policy for compliance by the Company and subsidiaries.

■ Major Contingencies

Mega Holdings has established the "Major Contingency Report Guidelines" and "Major Credit Risk Report Operations" to quickly learn about major contingencies, evaluate the impact of the incident, formulate response measures, and effectively process major contingencies in the Group as well as critical breaches of contract or credit risks exposed by the media or other sources of information.

The Group's subsidiaries maintain numerous service locations in Taiwan and foreign countries and their businesses have broad influence on social and economic activities. To protect the interests of customers and transaction counterparties, the Group has established the "Recovery Plan", "Subsidiary Bank US Branches Resolution Plan", and related response measures and management guidelines to establish appropriate corporate governance and internal procedures. the procedures provide instructions on the operations of the Crisis Response Team, business continuation coordination, emergency funding plans, information reporting and management, follow-up reviews, and other principles and methodology for processing issues in the event of a management crisis in the Company or a subsidiary that affects the sound operations of the Group. The procedures aim to resolve crises quickly and effectively in an orderly and rational fashion, instill confidence in the general public, restore normal operations, or quickly and effectively implement debt repayment when overseas business units end operations.

■ Management of Emerging Risks

The impact of FinTech innovation and climate change on the finance industry has become increasingly prominent and they have become emerging risks in the operations of the finance industry. To ensure the quality of financial services and the security of customers' assets, the Company included emerging risks in the Risk Management Policy and listed the maintenance of system security, prevention of technology crimes, and network invasion as important items in regular risk management. In response to the impact of climate change on bank buildings, personnel, and corporate production activities, the Company and subsidiaries adopted preventive measures on risks that may affect their operations and actively support important projects or programs in the industry that improve the environment. The Company continues to collect and monitor risk reports published by important institutions across the world as well as messages from personal and corporate customers to determine the latest development trends for emerging risks and adopt effective countermeasures. MICB regularly reports emerging risks (e.g. information security risks) and other material issues to the Board of Directors and the Risk Management Committee.