Mega Holdings

Mega Holdings prioritizes the establishment and implementation of the system in risk management and emphasizes that everyone should be held accountable for risk management. To ensure the sound operations of subsidiaries of the Group, quality and security of assets, and compliance of related regulations, Mega Holdings established unified guidelines on risk management and major operations in the Risk Management Policy and Guidelines adopted by the Board of Directors and other regulations governing risk management to require the establishment of effective mechanisms for the identification, measurement, monitoring and control, reporting, and responses to risks, and the establishment of risk management targets and regular follow-up of the implementation status. The Group also specified management principles for credit risks, market risks, operational risks, legal and compliance risks, human resources management risks, and information security management risks. Other emerging risks were included into the "Risk Management Policy and Guidelines" in June 2019 and related risks that may have impacts on the Company's businesses and finances such as climate change risks were gradually incorporated into existing risk management procedures. Each subsidiary has incorporated these guidelines and regulations into its policies and goals of risk management and related regulations in internal controls to build a complete risk management system.

The Board of Directors is the highest-ranking decision-making unit for risk management of the Company and subsidiaries. It is responsible for the approval of the risk management policy, guidelines, organizational structure, risk preferences, internal control system, and relevant material cases. It oversees the Risk Management Committee which is responsible for supervising the establishment of risk management mechanisms and ensuring the execution of the risk management policy. Mega Holdings and important subsidiaries have established risk management units as the staff organizations of the Risk Management Committee. They are responsible for the actual review of risk management operations, risk monitoring, and risk management evaluation and reports.

■ Risk management organizational structure and operations

■ Three Lines of Defense in Risk Management

■ Firewall Policy

Mega Holdings and subsidiaries have established the Firewall Policy to protect customer privacy and transaction security. The main protective measures are as follows: Management of the information security service system, confidentiality management of customer information privacy, cross selling and resource exchange restrictions, and prohibition on cross holding of shares.

■ Contingency Response

Mega Holdings has established the "Major Contingency Operating Procedure Guidelines" and "Major Credit Risk Incident Immediate Report Procedures" to quickly learn about major contingencies, evaluate the impact of the incident, formulate response measures, and effectively process major contingencies in the Group as well as critical breaches of contract or credit risk event exposed by the media or other sources of information.
In response to changes in the economic and finance environment and to protect the interests of customers and transaction counterparties, the Group has established the "Recovery Plan", "Bank Subsidiary US Branches Resolution Plan", and related response measures and management guidelines to establish appropriate corporate governance and internal procedures. The procedures provide instructions on the operations of the Crisis Response Team, business continuation coordination, emergency funding plans, information reporting and management, follow-up reviews, and other principles and methodology for processing issues in the event of a management crisis in Mega Holdings or a subsidiary that affects the sound operations of the Group. The procedures aim to resolve crises quickly and effectively in an orderly and rational fashion, instill confidence in the general public, restore normal operations, or quickly and effectively dispose of assets and implement debt repayment when overseas business units end operations.

The impact of the COVID-19 epidemic on Mega Holdings may include risks of the interruption of operations, defaults of loan customers, and investment risks. Mega Holdings has adopted the following measures to reduce the risks of interruption of operations:

• Established the Epidemic Response Working Group
  The Working Group supervises and executes related protective measures and is responsible for supporting staff members, receiving reports from all units, and adopting response measures. To reduce the risks of cluster infections, Mega Holdings requires all employees to wear masks and take temperatures, enhances office disinfection, and implement personnel entry/exit control. We also activated the "uninterrupted operation plan".

• Established the "COVID-19 Epidemic Response SOP and Backup Plan Manual"
  Mega Holdings established different response measures in three phases based on the severity of the epidemic in Taiwan and promptly activated remote work measures for core units (e.g., Data Processing & Information Department, Treasury Department, Trust Department, Operation Center, Card Department, and Anti-Money Laundering & Financial Crime Compliance Department) responsible for funding transactions, 24-hour customer services, concentrated operations, transaction monitoring, and list scanning.

• Implementation of the joint backup mechanisms
  The joint backup mechanisms (including the first and second backup and server room remote backup) are activated in the event the region of a branch is placed under lockdown. The operations of the branch can be continued in a nearby branch.

• Remote work for employees
  Mega Holdings and subsidiaries adopted remote backup work and video conferences, and implemented VPN remote monitoring exercises and office work for transactions and important operations. We also review and amend the contents of the business continuity plan. Overseas branches (subsidiaries) also activated related response measures such as working from home based on local conditions of the epidemic and the requirements of the competent authority. Each business unit also consulted related support units to process business operations on behalf of other units in the event of an emergency.

• Maintain instant communication of information on the epidemic
  In the event of cluster infections in Taiwan, confirmed cases of COVID-19 in a branch, or lockdown of an office area for any reason, emergency isolation measures shall be activated and the competent authority shall be notified immediately.

In response to the spread of the COVID-19 epidemic, many countries have adopted lockdown measures to prevent the spread of the disease. Companies face difficulties in large-scale suspension of operations and reduced shifts, which resulted in a sharp decline of demand. These developments have impacted the profitability of banks, reduced the solvency of bank customers, and increased the default risks of loan customers. Mega Holdings has adopted the following response measures:

• Survey of operations of Taiwanese business borrowers
  MICB focuses first on important overseas Taiwanese customers to explore response measures and learn about the views of upstream and downstream industries as well as those of competitors for combined analysis to determine risks. MICB formulates interview records and analysis conclusions.

• Closely monitor credit risks in Mainland China
  MICB monitors the proportion of credit risks in high-risk industries in Mainland China each month and implements flexible adjustments for high-risk industries, if necessary. It established the concentration limit ratios and early warning ratios for all high-risk industries. MICB carefully reviews high-risk industries and those with unknown outlook, requires borrowers, and implements post-loan management to reduce credit risks.

• Provide borrowers with relief and reduce the pressure of repayment
  Fulfill corporate social responsibility and cooperate with government policies to extend repayment or interest payment schedule to help borrowers reduce the pressure of repayment.

The COVID-19 epidemic has caused severe fluctuations in the global financial market. The market risks and liquidity risks of risk assets have increased significantly and affected the stability of profitability of Mega Holdings. Related response measures are described below:

• Enhanced management for the investments and fund deposits in China
  The targets consist mainly of government bonds, five major commercial banks, or companies with guarantees provided by central or national enterprises. More rigorous standards are adopted for credit limit allocation and flexible adjustments are implemented based on the latest conditions.

• Equity products
  For medium to long-term positions, we take the opportunity to enter the market and purchase high-quality medium to large-scale equities with superior cash dividend yield, stable dividends, good circulation, and relatively stable stock prices based on overall market conditions and the changes in the industries of individual stocks. For positions held for short-swing trading, we take the opportunity to reduce weak positions and gain strong positions and focus on structural adjustments.

• Interest rate products
  As the decline of RP costs for the NTD is limited, we focus on corporate bond positions with higher yields and take this opportunity to dispose of existing bond positions. With regard to foreign currency bonds, as short-term rates of the USD remain low, the proceeds of bonds are expected to grow. We therefore added financial bonds and corporate bonds with greater interest spread and take this opportunity to dispose of existing bond positions.

• Enhance investment risk management
  In response to changes in industries that have suffered greater impact of the epidemic (e.g., gambling, aviation, tourism, catering, and energy) and news announcements, the Company reviews the changes of stock prices of investees on the TWSE, TPEx, and emerging stocks at all times to replace weak positions with stronger positions. If conditions continue to worsen, we will conduct scenario analyses and stress tests based on actual conditions.

The uncertainties caused by FinTech innovations and climate change on the finance industry have become increasingly prominent and they have become emerging risks in the operations of the finance industry. To ensure the quality of financial services and the security of customers' assets, Mega Holdings included emerging risks in the Risk Management Policy and listed the maintenance of system security, prevention of technology crimes, and network invasion as important items in regular risk management. In response to the impact of climate change on bank buildings, personnel, and corporate customer production activities, Mega Holdings adopted preventive measures on risks that may affect its own operations and actively support important projects or programs of enterprises or social organizations that improve the environment. The Company continues to provide opportunities for business collaboration and collect and monitor risk reports published by important institutions across the world as well as messages from personal and corporate customers to determine the latest development trends for emerging risks and adopt effective tiered management. Subsidiaries are required to report material risk issues (including emerging risks) to the Board of Directors of Mega Holdings and the Risk Management Committee.