ESG Risk Management

Fubon Financial Holdings puts the highest priority on risk management. It aggressively identifies potential environmental, social and governance risks it faces in its daily operations, including emerging risk, climate change risk, information security risk and human rights risk, and adopts corresponding responses. Effective ESG risk management mechanisms and mitigation measures have also been put in place as part of the Company’s robust risk management system.

Risk Management Structure and Policies

Risk Management Structure and Systems

The Company has established a sound risk management structure and comprehensive risk management systems, policies and rules featuring mechanisms that cover credit risk, country risk, market risk, operational risk, insurance risk, asset and liability and liquidity risk, reputational risk, emerging risk and climate change risk. These are followed consistently across all subsidiaries, ensuring that risks are effectively identified, measured, monitored and managed.

Enterprise Risk Management (ERM) Model and Three Lines of Defense

The Company has put in place a comprehensive risk management system encompassing risk identification, measurement, response, monitoring and reporting that is founded on an enterprise risk management framework and three lines of defense. Related risk indicators, risk monitoring points and an early-warning mechanisms along with risk controls based on risk attributes have been developed to support the system. The Company has adopted a dual qualitative and quantitative approach to regularly evaluate risk, and it actively monitors and manages various types of significant risk. Risk management reports are presented to the Risk Management Committee, Audit Committee, and Board of Directors on a regular basis.

Emerging Risk Management

Fubon Financial Holdings has in place a comprehensive management system to deal with traditional risks that it is building on to address the widening array of emerging risks that are surfacing around the globe with increasing frequency. Emerging risks have been incorporated into Fubon’s overall risk structure and procedures have been established for identifying emerging risk that are adjusted based on observations of global risk developments. At the beginning of every year, Fubon Financial Holdings refers to the World Economic Forum’s Global Risks Report to compile an emerging risk assessment table. Then through a bottom-up approach, subsidiaries evaluate and identify their main emerging risks based on how each risk is related to their business, the likelihood of the risks occurring and the potential degree of impact. The financial holding company then compiles the information and after assessing the chances of such risks occurring and their potential impact, it selects the major emerging risks at the financial holding company-level, develops corresponding mitigation measures, and reports the findings to upper management.

In 2019, the financial holding company-level emerging risks were identified as “cyberattacks” in the “technological risk” category and “asset bubbles in a major economy” in the “economic risk” category. Appropriate measures were adopted to mitigate those risks, which are regularly monitored and managed.

2019 financial holding company-level emerging risks and Mitigation Measures

(* swipe to see more about this chart)

Risk Type Risk Impact Mitigation Measures
Asset Bubbles in a Major Economy Could lead to increased turmoil in financial markets (stock, bond, forex markets), bringing the Company added risk and bigger profit and loss fluctuations, affecting its financial stability.
  • Regular assessments of the country risk of major economies conducted based on data related to each economy’s finances,balance of payments, markets and overall economy.
  • When an economic entity or country experiences a major political or economic change or a sudden market event, an assessment is done and appropriate risk control measures are taken to lessen the impact of a potential risk occurring.
  • Financial markets are monitored around the clock. Among the financial indicators monitored are interest rates, exchange rates and stock prices in major economies. If changes occur that exceed monitoring thresholds, a warning mechanism for management is activated immediately.
  • Financial market risk indicators, such as increases in the value of the US dollar or US bond yields, monitored that before triggering asset bubbles in major economies could first result in capital outflows from emerging markets, leading to major emerging market volatility; emerging market interest and exchange rates and other risk factors added to monitoring system to accurately gauge downside risk in advance.
  • Forward-looking model created to estimate volatility of stocks, interest rates, exchange rates and products on a daily basis.
  • Early warning indicators and risk limits are set for various types of risk and regularly monitored; value at risk, stress tests and other risk management mechanisms used regularly and results reported to the Board of Directors.
Technological Risk Cyberattacks Could disrupt regular online business operations, transactions and services, and affect the Company’s information security, and could trigger a reputation crisis.
  • For internet connections used for important business functions,backup connections have been developed and a system to detect and prevent DDoS (distributed denial of service) attacks, including a traffic scrubbing service, has been put in place. When a cyberattack is detected, the system will immediately block the attack and scrub traffic. Drills are conducted regularly to ensure a rapid response whenever an attack occurs.
  • Suspicious findings or potential attacks detected by network firewalls, application firewalls or network intrusion detection systems are monitored and analyzed and sources of the attacks blocked.
  • Threat intelligence in information security equipment regularly updated to ensure the detection and blocking of cyberattacks in real time.
  • Business impact analysis used to identify risk levels for major business lines and their information systems; software and hardware resources, backup systems and alternative measures planned, designed and upgraded; goal is to lessen the impact of a cyberattack that causes an interruption in service.

Emergency Response Measures for Handling Disasters

Fubon Financial Holdings has established “Disaster and Emergency Response Measures Guideline” approved by the President that in response to disaster prevention systems and preventive measures to deal with major disasters (climate disasters, infectious disease epidemics). Based on the Guideline, the Company has developed plans for each department’s operations and business promotion methods in an emergency and a sequence for notifying different departments in an emergency so that the response mechanism can be activated without any glitches if a disaster occurs or there are concerns one will occur. This approach will protect the rights and interests of Fubon customers and keep the Company’s operations running normally.

On Jan. 15, 2020, Taiwan’s Ministry of Health and Welfare designated the novel coronavirus that broke out in Wuhan as a Category 5 notifiable communicable disease, and Fubon responded by establishing the “Fubon Financial Holding Co., Ltd. and Subsidiaries Emergency Response Mechanism for the Severe Pneumonia with Novel Pathogens Epidemic.” Its provisions included setting epidemic contingency measures based on the severity of outbreaks in different areas and international travel advisories, devising internal epidemic categories, standards, backup office plans and other major response measures, as well as internal and external notification procedures, and creating a novel pathogens task force. These were all aimed at strengthening epidemic prevention and ensuring that the businesses of the Company and its subsidiaries could operate without interruptions.