Risk Management Policy and Procedures

NANPAO has established "Risk Management Policy and Procedures" which is approved by the Board of Directors by resolution and serves as the highest guiding principle for risk management. From 2021 onward, risk assessment is performed regularly each year, whilst different risk management policies are formulated and implemented to mitigate different risk type, covering management goals, organizational structure, accountability and risk management procedures. Furthermore, effective identification, measurement and mitigation of various risks must be performed to contain risks produced by various business activities within a manageable scope.

 

Scope and Organizational Structure of Risk Management

The Company starts off from three risk issues of concern pertaining to ESG to further identify risk items. The main scope of risk management includes four aspects, namely “environmental safety”,“information security”, “legal compliance”, and “corporate governance”.

                                        

 

Our company has established a multi-level risk management organizational structure, approved by the Board of Directors. The "Risk Management Team" regularly reports on the company's risk environment, key risk management areas, risk assessments, and response measures during risk management meetings. Additionally, the team reports at least once a year to the Audit Committee and the Board of Directors on the implementation status of the company's risk management.

 

 

                                     

 

 

Risk and Oppertunities of Climate Change

 

According to the Intergovernmental Panel on Climate Change (IPCC), the global average temperature has risen by nearly 1.1 degrees, and in recent years, natural disasters caused by extreme weather have become more frequent worldwide. Controlling climate change has become one of the most important global actions, and NANPAO is also doing its best to mitigate the impacts of climate change. NANPAO combines its existing governance framework and follows the recommendations of the Task Force on Climate-related Financial Disclosures (TCFD) to disclose the company's four core governance, strategy, risk management, and indicators and targets related to climate change, and effectively carry out responsive management.

       

 

 

Emerging Risk

 

Emerging Risks in 2023 at Nan Pao	Key Talent Risk	Risks Associated with Adopting Generative AI
Risk Description	Located near the Southern Taiwan Science Park, Nan Pao faces increasing competition for talent from the semiconductor industry, which has attracted a significant portion of the local workforce. This has led to higher recruitment costs and challenges in securing skilled employees.	Generative AI, a technology capable of generating human-like text, images, and other media, has gained traction in recent years. While it offers potential benefits in terms of efficiency, it also poses several risks:  Inaccurate Output: Generative AI models trained on biased or inaccurate data can produce misleading or harmful content, leading to incorrect business decisions and reputational damage.  Data Security and Privacy: The development and deployment of generative AI models require large amounts of data. Without robust data security measures, there is a risk of data breaches and model exploitation.
Potential Business Impact	Increased Recruitment Costs: The fierce competition for talent has driven up Nan Pao's recruitment costs by 23% in 2023. To attract and retain employees, the company must offer competitive compensation and benefits.	Misinformation: Employees who rely on generative AI for information may be misled by inaccurate or false outputs, leading to operational errors.  Unauthorized Use: Unauthorized use of generative AI tools by employees can expose the company to legal and reputational risks, such as the creation of copyrighted content without proper licensing.
Mitigation Strategies	Talent Management: Implement talent retention programs, employee stock ownership plans, and campus recruitment to attract and retain key personnel.	Cybersecurity: Strengthen cybersecurity measures, including data protection and privacy controls. Conduct regular social engineering and data breach response drills. Generative AI Governance: Establish guidelines for the use of generative AI, including data quality checks and risk assessments for specific applications.