Sustainability Risk Management

  • Fubon Financial Holdings has instituted a robust risk management structure and sound risk management policies and regulations. In a report issued on Nov. 27, 2018, Taiwan Ratings Corp. noted that “Fubon Financial Holdings’ enterprise risk management is adequate with strong risk controls.”
  • The Company has continued to enhance management of emerging risk and climate-related risk. In 2018, the major emerging risks identified at the financial holding company-level were “data fraud or theft” and “cyberattacks” in the “technological risk” category and “asset bubbles in a major economy” in the “economic risk” category, and appropriate risk response measures were devised.

Risk Management Structure and Policies

Risk Management Structure

Fubon Financial Holdings has established a sound risk management framework consisting of the Board of Directors, an Audit Committee, a Risk Management Committee under the chairman of the board, a Personal Information Protection Committee and a Risk Management Division. The board is responsible for overseeing the effective implementation of risk management systems and control mechanisms. The Audit Committee assists the board in supervising risk management practices.





Risk Management Policies

The Company has formulated comprehensive risk management systems, policies, and rules encompassing the entire spectrum of risk management systems including market risk, credit risk, country risk, operational risk, asset and liability risk, liquidity risk, insurance risk, reputation risk, emerging risk, and climate change risk. These are consistently followed by subsidiaries, ensuring that various types of risk are effectively identified, measured, monitored, and managed.

Risk Management Policies

Risk Management Model: Three Lines of Defense

The Company has adopted a risk management model consisting of three lines of defense, implemented comprehensive risk management, and established relevant risk indicators, risk monitoring points, and an early-warning mechanism. In addition, the Company has formulated limit controls based on risk attributes and adopted a dual qualitative and quantitative approach to regularly evaluate various risks. It also actively monitors and manages various types of significant risk, and risk management reports are presented to the Risk Management Committee, Audit Committee, and Board of Directors on a regular basis.

Three Lines of Defense

Enterprise Risk Management (ERM) Model

ERM Model

Fubon Financial Holdings has adopted an integrated enterprise risk management framework. The scope of risk management encompasses various risks, including market risk, credit risk, country risk, operational risk, asset and liability risk, liquidity risk, insurance risk, reputation risk, emerging risk, and climate change risk. Fubon Financial Holdings’ enterprise risk management is adequate with strong risk controls.


Risk Type Management Strategies Risk Management Results in 2018
Market Risk
  • Market risk limit management and back testing
  • Valuation and risk measurement of derivatives
  • Market liquidity -adjusted VaR and stress test
  • Quantitative integrated risk analysis and macroeconomic analysis used to assess the impact of major and potential financial events.
  • Built a reverse stress test model to bolster extreme risk management mechanism.
  • Enhanced the market risk management system to strengthen its efficiency and dynamic risk analysis.
  • Strengthened the escalation mechanism for reporting market risk events.
Credit Risk
  • Credit risk concentration management
  • Credit risk limit management
  • Asset quality monitoring and management
  • Adjusted and upgraded the financial holding company’s credit risk management system to meet IFRS 9 standards.
  • Engaged in dynamic monitoring of industry risk and increased monitoring frequency; set credit limits for industries of concern.
  • Monitored quality of subsidiaries’ financial assets, regularly analyzed changes to the financial holding company’s overall asset quality.
Country Risk
  • Country risk grading management
  • Country risk limit management
  • Country risk indicator monitoring and management
  • Reviewed country risk grading on monthly basis using sovereign credit ratings and economic data.
  • Completed review and revision of country risk limits, and regularly reported and monitored exposure levels.
  • Followed changes in monitoring indicators for country risk and adopted appropriate response measures in real time.
Operational Risk
  • Key risk indicator monitoring, control self-assessment
  • Interested party transactions management
  • Personal information protection management
  • Key risk indicators and criteria used in control self-assessments reviewed, revised and monitored regularly.
  • Reviewed and revised guidelines on management of transactions with interested parties; reviewed transactions with interested parties that did not have standing pre-approval; optimized interested party database functions.
  • Responded to the implementation of the EU’s General Data Protection Regulation (GDPR) by setting up a "GDPR privacy protection mechanism and personal information certification project" to create a GDPR privacy protection mechanism.
Asset/ liability Risk & Liquidity Risk
  • Capital adequacy management
  • Funding and market liquidity risk management
  • Monitored asset/liability and liquidity risk management of the financial holding company and its subsidiaries.
  • Strengthened escalation mechanism for asset/ liability and liquidity risk events.
Insurance Risk
  • Product design and pricing risk management
  • Risk management for underwriting/claims/ catastrophes/reinsurance
  • Reserve risk management
  • Strengthened management of major insurance risk events by establishing operating procedures and reporting major insurance risk events in real time (including extreme weather events such as typhoons and the potential claims for damage).
  • Regularly checked and reported on the insurance risk management of insurance subsidiaries.
Climate Change Risk
  • Climate Change Risk
  • Devise measures to mitigate those risks
  • Assess business and financial impact of potential risks
  • Installed the TCFD (Task Force on Climate-related Financial Disclosures) framework issued by the Financial Stability Board.
  • Completed the identification of climate change risks and opportunities and response measures and reported them to management.
Reputation and Emerging Risk
  • Identify emerging risks and stipulating response measures
  • Reputation risk management
  • Completed the identification of emerging risks; developed appropriate mitigation measures and reported them.
  • Regularly reviewed reputation risk events and monitored the handling of those situations.