https://www.ocam.org.tw/
Please Select
Risk Management


Risk Management
 

Risk Management Vision

With becoming an excellent transportation group as a vision, Yang Ming is committed to sustainable operations and responsibilities to society by developing a comprehensive risk management mechanism to manage potential risks related to the overall operations and financial profits. Through strict risk control measures, all business risks are controlled to the extent that they are tolerable to ensure adequate corporate capital while increasing the Company’s operational quality and value.

 

Risk Management Organization and Structure

The Company establishes an independent Risk Control Office reporting directly to the President, which regularly conducts risk assessments and subsequent analysis and handling.

Organization Functions
Risk Management Committee
  • Review internal risk management policies, frameworks, systems, regulations, and response measures for major risk events.
Risk Control Office
  • Formulate, revise, and abolish risk management operating procedures.
  • Control overall risk levels and cross-departmental project risk management according to procedural requirements; Conduct annual Group risk assessments.
  • Assist business management departments in handling affairs and related education and training.
Audit Department
  • Audit risk management operations to ensure effective operation of the Company's risk management procedures.


Risk Management Policy and Procedure

To provide a compliance basis for risk management practices, the Company has developed the “Risk Management Policy” as the norm for risk management and the highest guidelines for the standard procedures. This policy was last revised and reported to the Board of Directors at the 357th meeting on May 12, 2021. The Risk Control Office regularly identifies the risk factors that may influence the Company every year. After the possible frequency and range of loss are analyzed, the office formulates and assesses countermeasures and, in accordance with the latest internal audit requirements and standards, monitors potential risks continuously and implements the countermeasures to control all types of risks on an ongoing basis. Risk management strategies are formulated for different risks, including management objectives, organizational structure, responsibility allocation, and risk management procedures, to ensure effective implementation and control of various risks arising from business activities within acceptable ranges. To implement risk management mechanisms, the Company regularly conducts annual Group risk assessments and reports the risk assessment results and subsequent quarterly risk tracking reports to the Risk Management Committee before reporting to the Board of Directors. The 2024 Group Risk Assessment Report was reported to the 399th Board of Directors meeting on November 11, 2024, in accordance with actual operational schedules.


Risk Management Procedure

YM_2024ESG-EN_CH2_page-0016_01


Risk Management Scope

The Company's risk management scope covers headquarter departments, subsidiaries, branch offices, and regional centers.


Risk Assessment Results

Yang Ming focused on the five aspects, strategy, operation, finance, legal compliance, and climate change, during the annual risk assessment for the Group to review and assess the potential risks faced by the Group, their frequency of occurrence, and the severity of their impacts. The assessment content includes high-risk items evaluated in previous years, as well as new risks arising from changes in market economic conditions or adjustments to Group business policies.

In 2024, there were 43 units under evaluation (including headquarters, Keelung/Taichung/Kaohsiung branch offices, subsidiaries, and regional centers). The assessment content covered multiple aspects including various operational activities, regulatory compliance, climate change, international geopolitics, information security, and integrity management, totaling 520 risk assessment items. After consolidation, there were seven high-risk items for this year: vessel alliance risks, international geopolitical risks, new vessel operational risks, seafarer management risks, information and communication security risks, risks of high fines and negative image from antitrust violations, and climate change risks. Among these, new vessel operational risks, seafarer management risks, and information and communication security risks are emerging risk items newly added this year.


 

High Potential Risks Assessed in Five Aspects

Risk Source /
2024 Risk Assessment Items		 Description Countermeasures
Strategy
Vessel alliance risks		 The 2M Alliance cooperation will end in 2025, and the Consortia Block Exemption Regulation (CBER) expired in 2024, increasing the legal operational risks of alliance operations. After 2024, due to regulatory changes, the overall shipping alliance faces risks of reorganization or dissolution. According to the latest EU announcement, the CBER regulation was confirmed not to be extended on October 11, 2023. Since this regulatory reform has significant impact on the Company's future capacity maintenance and profitability, this risk is assessed as a high-risk item for the Group.
  1. In order to reduce the alliance risk and maintain the operational capacity of the fleet, the Company will be more careful in terms of the selection of alliance partners. In addition to business considerations, it is necessary to mainly focus on carriers with a better market reputation and financial credit, and seek external legal consulting services as necessary.
  2. To comply with the investigation and reporting requirements of the US Federal Maritime Commission (FMC), the Company reviews the mid- and long-term shipping capacity planning of the alliance routes on an annual basis with the carriers in THE Alliance. The Company also plan the medium and long-term ship resources according to business plans and market growth, and increase the shipping capacity in a timely manner.
Strategy
International geopolotical risks		 The Russia-Ukraine war remains unresolved, and if the Israel-Hamas war escalates into a regional conflict, it will lead to regional powers such as Iran being directly or indirectly involved in the war, severely impacting Middle Eastern oil production and transportation. If the war escalates, it will not only impact corporate and consumer confidence but also increase supply chain disruption risks.
  1. For waters affected by war, respond with vessel rerouting (such as rerouting around the Cape of Good Hope due to the Red Sea crisis). Regarding cargo volume, temporarily suspend collection due to vessel port call adjustments and supplement with cargo from other ports. Continuously monitor situation changes in high-risk areas (such as the Red Sea Gulf of Aden, Middle East Persian Gulf) and insurance market high-risk area assessment information to incorporate into comprehensive evaluation for decisions on whether to reroute or purchase additional premiums or arrange armed escort for direct navigation through high-risk areas.
  2. To avoid vessel attacks when navigating through the Gulf of Aden, shield Israel-related information on the Company's official website to reduce the risk of armed groups targeting vessels for attack.
Legal Compliance
Risks of high fines and negative image from antitrust violantions		 The shipping industry has a high degree of globalization, and various regulatory restrictions and impacts are not limited to a single country. Additionally, negative media reports may lead to increased negative perceptions from customers and partners toward the Company, thereby affecting intangible assets such as corporate reputation. Based on the above, the Group's future regulatory compliance risks derived from global operations are expected to increase day by day.
  1. Strengthen Group personnel's compliance awareness by conducting annual educational training for headquarters staff (including Taiwan Business Department, Keelung/Taichung/Kaohsiung branch offices) and expatriates, and provide training materials for reference by regional centers, requesting their assistance in conducting outreach to subordinate agencies; send quarterly compliance reminders via email to headquarters personnel, global subsidiaries, and agencies.
  2. Participate in international conferences such as the World Shipping Council or shipping alliances to collect regulatory information, continuously research and track competition laws regulations in Taiwan, EU, USA, China, and other important maritime countries, and collaborate with competent authorities or law firms to conduct course lectures to help personnel understand recent issues of concern to competent authorities and practical operations.
Climate Change
Climate change risks		 The World Economic Forum's "2024 Global Risks Report" indicates that extreme weather disasters rank second among short-term risks, and if the timeframe is extended to the next decade, the top four risks are all related to climate and environment.
Recent environmental regulations and policies strengthened by various countries (such as carbon tax collection), as well as physical impacts that may be caused by climate change risks themselves (such as: canal water level drops that may require vessels to detour or use other transshipment methods for transportation, operational equipment damage that may be caused by earthquakes, disasters brought by floods, etc.), are all issues that need attention regarding climate change.
  1. Response strategies have been formulated, please refer to Section 3.3 Natural and Climate Change Governance Strategy for details.

 

Emerging Risks

Risk Source/2024 Risk Assessment Items Description Countermeasures
Operation
Imformation and communication security risks		 The World Economic Forum's "2024 Global Risks Report" indicates that in the short-term risk rankings, misinformation and disinformation are considered the number one global risk in short-term risk ranking. In addition to preventing harm that false information may cause to operations (such as reputation), the preservation of sensitive data, server maintenance, and uninterrupted network system services are all important keys for enterprises to maintain operations.
  1. Establish "Web Application Firewall" (WAF), introduce "Intrusion Prevention System" (IPS), "MDR Threat Detection and Response Services", and "Security Information and Event Management System" (SIEM) to detect, analyze, and respond to security threats before they harm enterprise operations.
  2. Regularly conduct information security education and training to strengthen colleagues' information security awareness and maintain vigilance through social engineering exercises to deeply root information security concepts.
  3. For information security management on vessels, information security officers (Chief Officer and Chief Engineer) are assigned to the deck department and engine department of each vessel to manage and handle various technologies used for information and coordinate with headquarters’ information security management units for related matters, responsible for reporting and handling information security incidents.
Operation
New vessel operational risks		 The shipping industry is facing increasing decarbonization pressure. Uncertain regulatory guidelines, including what clean fuels large vessels should use, make the path to achieving net-zero emissions more complex. Since most large vessels use very low sulfur fuel oil and most ship engines are designed to use one type of fuel, adopting new fuels may lead to more unpredictable risks. The operation and management of new fuel vessels require consideration of qualified crew members, onshore management, and maintenance engineers in terms of both quality and quantity.
  1. To reduce this risk, the Company conducts low-carbon energy supply information integration and supply chain layout planning. On May 31, 2023, it signed a contract with Korea's Hyundai Shipyard for five 15,500 TEU LNG dual-fuel container ships, which will be delivered sequentially from Q2 2026. Future shipbuilding will dynamically select green fuels based on regulatory requirements, technological development, and fuel supply drivers.
  2. In response to the LNG-powered dual-fuel container ship construction plan, actively contact external units with LNG vessel management experience to assist the Company in conducting relevant training for onshore employees and seafarers to strengthen the professionalism and safety of future crew operations.
Operation
Seafarer management risks		 In addition to onshore employees, the Company's workforce mainly consists of seafarers. Compared to onshore employees, the allocation of seafarers manpower will directly affect the operational risks of vessels, including not only crew allocation but also management capabilities, experience, and qualified crew members.
  1. To reduce seafarers management risks, the Company continues to conduct industry-academia cooperation projects with various universities and colleges, strictly following the crew manpower replenishment plan.
  2. Through vessel outsourcing management, container shipping companies can focus more on their core business, obtain the best experience and competitiveness through third-party services, separate vessel management rights from ownership, and enhance vessel profitability and shipping companies' international competitiveness through professional managers. Although this approach can reduce seafarers manpower risks, the quality and quantity of the appointed "ship management company" and the supervision of the appointed "ship management company" remain key influencing factors in selecting ship management companies.


Major Incident Emergency Handling Procedure

Yang Ming has formulated emergency handling procedures for various operations, detailing the reporting and handling procedures for relevant events to control subsequent improvements. Drills are carried out regularly as well.

Emergency Handling Procedures for Operations Procedure Description Implementation Drill/Promotion Frequency
Yang Ming Group's Working Reporting and Handling Major Incidents The procedures govern the items to be reported, parties to be notified, content, and handling of major incidents with the Group, or those upon reception of crisis notice prior to a potential major incident, for effective control and handling before or after a major incident. Irregular promotion
Major (Vessel) Accident Reporting & Response Procedure Accidents are classified into different levels according to definitions, with corresponding response teams assigned. After an accident occurs, relevant departments are notified, international conventions and local regulations, flag state regulations are complied with, and subsequent investigations are cooperated with and necessary assistance provided. Finally, corrective measures are developed to prevent recurrence. According to SOPEP oil pollution emergency plan and safety management plan requirements, regular drills are implemented, and ship-shore exercises are irregularly conducted according to regulatory requirements, simulating different scenario accidents for onboard and shore responses to disaster accidents.
Procedure or Work-related Accident and Emergency Response  Plans Each workplace should formulate emergency response plans so that when occupational disasters or accidents occur in the workplace, effective responses can be carried out according to the emergency response plan to minimize injuries and losses. Regular implementation
Procedure for Handling Serios Crew Injury / Illness Death) The procedure ensures that the Company’s ships can take timely and effective measures in the event of a major accident/injury/illness (death) to the personnel on board in order to minimize the injury to the personnel. Irregular drills
Emergency Procedure for Shipboard Hazardous Goods The procedure dictates the regulations for the elimination or mitigation of damages in the event of accidents/disasters arising from dangerous goods/ materials seafarers Yang Ming’s ships or during shipping. The onboard SMS (Safety Management System Activity Schedule) has established hazardous cargo loading and leakage handling to be implemented every 2 months.
Procedure for Emergency Preparedness & Response Plans for Office Buildings and Premises To prevent various disasters (natural disasters and fires, etc.) and emergency rescue, so that personnel life injury losses can be reduced, this procedure is formulated.
  • Fire drills: Conducted according to fire protection regulations (once every six months)
  • Qidu Building: Typhoon and flood prevention drills (once a year)
Information Security Incident Management Procedure To ensure that the Company's information and information communication assets can quickly and effectively handle information security incident reporting, take necessary response measures, reduce damage that incidents may bring, and prevent related matters when information security incidents occur. Annual regular disaster recovery drill once a year
Epidemic Prevention and Response Procedures The procedures are to enhance the monitoring and risk assessment of epidemics in locations where Yang Ming operates and to improve the preparedness and response mechanisms so as to reduce the risk of personnel infection and ensure the normal operations of the Company.
  1. Irregular promotion
  2. When competent authorities announce that the company or branch office location is an epidemic area and may affect normal company operations, it should be reported according to the " Yang Ming Group’s Working Procedure for Reporting and Handling Major Incidents" and establish an epidemic prevention response team and designate a convener according to severity, planning various epidemic prevention response plans.
Procedures for Reporting High risk Communicable Diseases by Agents To regulate the process for agencies to report to headquarters when high-risk infectious diseases occur, including office operations and employee conditions, so that headquarters and agencies can effectively respond and handle during infectious disease periods, reducing the Company's operational risks. Irregular promotion
Procedures for Handling (Container Yard) Accidents The procedures govern the handling of accidents taking place in the Container Yard of Yang Ming, covering the appraisal of damages to personnel, containers, cargo, machinery or facilities, the attribution of liabilities, notarization, indemnity claims, insurance claims, etc. Hold 1 hazardous goods training session and 2 emergency response training exercises annually, with time adjustments or increases as necessary.
 

Organization Structure of the Risk Management

The Company established the risk management department in accordance with the latest Criteria for Corporate Governance and Internal Auditing on July 1st, 2004. Afterward, it was restructured into Risk Control & Legal Affairs Dept., Risk Control & Insurance Dept. In March 2022, the Company established the Risk Control Office independently, directly under the President, to regularly conduct risk assessment and the analysis and handling that follow. This department oversees all risk management matters in the Company, including regular risk assessments, and subsequent analysis and measures.  

The organizational structure in relation to risk management is delivered by the character of risks. While the Risk Control Office oversees all risk management related matters, the initial identification of general risks, the assessment, and the control method provided by each department. Cases of significant risks will be sent to special review committees and the auditing office, based on their nature and the monetary sum involved. Reviewed cases that meet the standard will then be sent to the Board of Directors for approval.  



The organizational structure of the company's risk management is as follows:  
 

A.  All divisions/departments of the Company(including branches and affiliates) shall follow ISO regulations to evaluate risk and assist in implementing Annual Group Risk Evaluations.  
 

B.  The Risk Control Office will be responsible for drafting and amending ISO regulations on Risk Management Operating Procedure, managing overall and cross department risk-control projects as well as performing Annual Group Risk Evaluations.  
 

C.  The Audit Dept. will audit all Risk Management Operations to ensure the Risk Management Policies are efficiently implemented and followed.  

 

Current Operation

The Company's risk management process consists of risk identification, risk measurement, risk response, risk monitoring, and risk management information communication and handling. In addition to compiling the overall impact that each risk may have on the Company through cross-departmental communication and data collection, this process also correlates the degree of impact of each risk with the short-, medium-, and long-term operational objectives of the Company in order to determine the Company's level of tolerance to the impact of the risk.

In order to implement the risk management mechanism, the Group's risk assessment is conducted on a regular basis every year, and the reports of the risk assessment are regularly (at least once a year) submitted to the Risk Management Committee (consisting of three independent directors) and the Board of Directors (the Group's risk assessment tracking report was submitted to the 383rd meeting of the Board of Directors on May 12, 2023, 385th meeting of the Board of Directors on August 11, 2023, and the 3rd meeting of the Risk Management Committee on June 29, 2023, respectively). The latest report on the results of the Group's risk assessment was presented to the Risk Management Committee at its 5th meeting on December 13, 2023, and to the Board of Directors at its 389th meeting on January 31, 2024, which included a compilation of the various risks faced by the Company during the year, including, for example, risks to the safety of personnel, the decline in freight rates, the risk of vessel affiliation, the risk of internationalization, and the risk of the loss of the Group's assets. The report includes a summary of the various risks faced by the Company in the current year, for example, in year 2023, including personnel safety risk, freight price decline risk, vessel joint venture risk, international geopolitical risk, compliance risk, climate change risk, etc., as well as the risk response measures and the expected improvement plan. The Company will continue to track these risks on a quarterly basis and report to the Risk Management Committee and the Board of Directors. In addition, the audit office will be notified of the tracking results and will conduct risk management audits of the risk management operations to ensure the effective operation and execution of the Company's risk management.

The Company continue to oversee and manages issues relevant to climate change and set up the Environmental Sustainability Division, promotes environmental, social, and corporate governance issues through the ESG framework, and strengthens the company's mitigation and adaptation strategies for climate change. 
In order to strengthen the risk concepts of the Group's employees and implement risk control concepts in their daily business management work, the regular risk management education and training has been completed in 2023, with the completion of a practical experience-sharing course on risk management of project investment-related issues, inviting the participation of colleagues from the project investment-related departments, with a total of 48 participants and a training time of 2 hours, sharing the contents of the course with actual cases. The course content is based on actual case studies to enhance the risk management capability of our employees in handling project investments.  

 

Risk Management Policy

 

Chapter 1 General Provisions 

 Article 1 Purpose 

  In order to allow the company's risk management operations to follow and properly manage risks, this policy is formulated to standardize the standard procedures for risk identification, assessment, decision-making and effect monitoring and improvement, as the company's risk management guidelines and ensure the company's operational goals are achieved. 


 Article 2 Definition of risk 

  Risks are caused by various human-made, natural disasters, climate change, global economic and political situations. Events that will adversely affect the business operation, and the frequency of occurrence and the severity of the risk. 
  Severity is used as a measure of risk. 

 

Chapter 2 Risk Management Structure and Powers and Responsibilities 

 Article 3 Risk Management Structure and Powers and Responsibilities 

  1. All business management units/departments (including branches and affiliated enterprises) of the group shall comply with the provisions of the procedures. Cooperate with the implementation of the risk management of its business management work and the group's annual risk assessment operations.

  2. The Risk Control Office is responsible for the formulation, revision and abolition of the risk management operating procedures. The procedure book stipulates that it is responsible for the management and control of the company's overall risk level and cross-departmental project risks manage, handle the group's annual risk assessment operation and assist the business management unit to handle the risk assessment related matters.

  3. Audit Office: Perform audits on risk management operations to monitor the company's risk management effective operation and execution.
 

Chapter 3 Risk Management Process 

 Article 4 The risk management process is from risk identification, risk analysis, risk evaluation to risk decision-making. 

  1. Risk identification: each unit uses internal control operation cycle analysis, scenario simulation analysis, and consider practical experience (including external information) and the impact on internal and external stakeholders, discover and list all risk factors within the scope of management. The company's risk sources are divided into:
    • Strategic risk: including resource allocation, business expansion or contraction, market Dynamics, public and investor relations, market environment changes, national policies and politics risk etc. 
    • Operational Risks: sales and marketing, supply chain, employees, information technology, cybersecurity attack host computer poisoning, information room disaster, huge disaster, physical assets, force majeure risks (such as natural disasters, major epidemics and infectious diseases, terrorist attacks), etc. 
    • Financial risk: liquidity and credit, financial statements, taxation, capital structure, etc. 
    • Legal Compliance Risks: Corporate Governance System, Code of Conduct, National Laws and International Regulations, etc. 
    • Climate Change Risk: Risks and opportunities of climate change for business. 

  2. Risk analysis: analyze the identified risk factors through data statistics and scenario simulation. Analysis and other methods and refer to external information collected from practical experience (such as industry cases or data) to analyze and record loss frequency and magnitude.

  3. Risk assessment and response: Risk assessment is based on the established assessment standards, and the risk is divided into frequency and magnitude of losses analyzed in the analysis step are classified and the degree of risk is calculated. Finally, according to this, the risk factors are positioned in the risk matrix, and the response measures to face the risks implement: risk retention, risk transfer, risk avoidance and risk prevention, as a risk decision policy reference. 

  4. Risk monitoring: The responsible units are responsible for the smooth operation of the risk management process and cooperate with the internal. The external audit achieves the purpose of monitoring, and the results of the annual group risk report should be submitted to the board of directors.
 

Chapter 4 Supplementary Provisions 

 Article 5 The revision of this policy will take effect after the resolution of the board of directors is adopted, and the revision will also be the same. 

 

(This risk management policy has been2021/05/12 submit to the board of directors for approval) 


 
We are committed to protecting your personal data and providing you with access to your personal data in accordance with the personal data protection laws in force in the European Union.
By clicking "Accept All", you are giving us permission to place cookies to enhance your experience on this website, to help us analyze site performance and usage, and to allow us to deliver relevant marketing content. You can manage your cookie settings below. By clicking "Confirm" you agree to the current settings.
Manage Cookies Accept All

Privacy preferences

We are committed to protecting your personal data and providing you with access to your personal data in accordance with the personal data protection laws in force in the European Union.
By clicking "Accept All", you are giving us permission to place cookies to enhance your experience on this website, to help us analyze site performance and usage, and to allow us to deliver relevant marketing content. You can manage your cookie settings below. By clicking "Confirm" you agree to the current settings.
Privacy Policy Accept All

Manage preferences

Necessary cookie

Always on
網站運行離不開這些 Cookie 且您不能在系統中將其關閉。通常僅根據您所做出的操作(即服務請求)來設置這些 Cookie,如設置隱私偏好、登錄或填充表格。您可以將您的瀏覽器設置為阻止或向您提示這些 Cookie,但可能會導致某些網站功能無法工作。
Confirm