Risk Management
 

Risk Warning System

With becoming an excellent transportation group as a vision, Yang Ming is committed to sustainable operations and responsibilities to society by developing a comprehensive risk management mechanism to manage potential risks related to the overall operations and financial profits. Through strict risk control measures, all business risks are controlled to the extent that they are tolerable to ensure adequate corporate capital while increasing the Company’s operational quality and value. 
 

Risk Management Organization

The Company set up the “Risk Management Committee” subordinate to the Board of Directors in 2022. The committee is responsible for reviewing internal risk management policies, structures, systems and regulations as well as the review and response measures for material risk events. The “Risk Control Office” is in charge of formulating, revising, and abolishing risk management procedures, controlling the overall risk level and cross-departmental project risk management in accordance with the procedures, conducting annual risk assessments for the Group, and assisting business management departments in dealing with matters and providing education and training. The “Audit Department” takes charge of auditing risk management practices to ensure the effective operation of the Company’s risk management procedures. 

Risk Management Policy and Procedure

To provide a compliance basis for risk management practices, the Company has developed the “Risk Management Policy” as the norm for risk management and the highest guidelines for the standard procedures. The latest amendment to the policy was approved at the 357th board meeting on May 12, 2021. The Risk Control Office regularly identifies the risk factors that may influence the Company every year. After the possible frequency and range of loss are analyzed, the office formulates and assesses countermeasures and, in accordance with the latest internal audit requirements and standards, monitors potential risks continuously and implements the countermeasures to control all types of risks on an ongoing basis. Risk management strategies are formulated for different risks, including management objectives, organizational structures, responsibilities, and risk management procedures and other mechanisms, and are thoroughly implemented to control all types of risks arising from business activities to the extent that they are acceptable. 

Risk Management Procedure

Risk Management Scope

The Company’s risk management scope covers the departments of the headquarters, subsidiaries, branches, and regional centers, including Europe, the Mediterranean, the United States, Latin America, Western Asia, Asia, and China. After an integrated risk assessment is performed, the results are organized and presented to the headquarters to implement and reinforce corporate risk management. The Company completed an annual risk assessment for the Group and conducted risk tracking quarterly in 2022. Specifically, we also included whether there was any impact of capital expenditure on the overall operational structure as well as operational risks in the annual risk assessment to build reasonable models. Also, Yang Ming plans to develop quantitative risk indicators in 2023 to improve the existing management mechanisms for more effective risk management and corporate sustainable operations. 

Risk Assessment Results

Yang Ming focused on the five aspects, strategy, operation, finance, legal compliance, and climate change, during the annual risk assessment for the Group to review and assess the potential risks faced by the Group, their frequency of occurrence, and the severity of their impacts. The Company’s risk assessment for 2022 and the strategies for mitigation and response are described in the following table: 

Risk Source	Risks Assessed in 2022	Description	Countermeasures
Operation	Personnel safety risk	By organizing the risk assessment questionnaires and interviews with units, we were informed that traffic accidents during commuting constituted a majority of the Group’s personnel safety accidents. However, there were some due to operational errors leading to staff injury, which occurred mostly to on-site operators, according to the records.	As there is a high chance of accidents in terminal yards and on ships, we will increase the safety awareness of personnel before on-site operational practices for accident prevention, provide education and training periodically, and perform regular accident drills and machine maintenance. In case of problems like old machines, they are regularly renewed to reduce operator accidents caused due to the old machines.  The Company takes out corresponding insurance for shipyard supervisors and factory engineers and increases their insurance coverage, has more pre-operational simulations for personnel, puts on warning signs in dangerous areas and asks the personnel to follow them, and further communicates safety precautions in the workplace and the safety operating distance to reduce the probability of accidents.
Strategy	Vessel shortage risk	Failure to timely approve and perform vessel deployment planning may lead to a vessel shortage for not investing in vessel resources in a timely manner, resulting in the Company being unable to keep operating the lines, having a reduced shipping capacity, or even worse, and failing to fulfill the responsibilities under vessel sharing alliances and thereby causing the risk of failure to stay in the existing alliances for jointly operating lines. Failure to plan and make a response early will pose an extremely high risk to the Company’s negotiations with ship owners about contract renewal.	Medium-term/long-term development plans are formulated and approved after discussions at top management meetings. Regular discussion meetings are held to revise the vessel acquisition plan according to economic changes and the plan is then submitted to the competent unit. Subsequently, the plan is presented to the Advisory Committee and Board of Directors for discussion in accordance with the Company’s procedures after multiple discussions where relevant units exchange opinions.  If the vessel acquisition plan has been drawn up and there are institutional risks in the industry or economy, the Liner Planning Department will convene meetings of relevant units to come up with countermeasures. The department also assesses the feasibility of postponing the delivery of ships, if necessary, constantly adjusts and reviews medium-term/long-term vessel resource deployment planning, always keeps an eye on the vessel market, forms cross-departmental project teams according to the preparedness schedule, and proposes new ship construction or long-term ship rent projects to the Board of Directors to reduce the probability and severity of risks.
Finance	Exchange rate risk	Exchange rate fluctuations inevitably affect the profit and investment performance of transnational enterprises. For example, having well-allocated foreign currency assets not only helps the enterprises reduce the risk of exchange rate fluctuations, but also allows them to reap profits from the fluctuations, increasing operating revenue.	Exchange rate-sensitive risk positions are reduced to control transaction risks, adjust the foreign currency payment structure, and solidify the control mechanism for exchange rate risk transfer.  As assessed, there was a risk of the NTD strengthening and the USD weakening. The Company’s Finance Department proposed countermeasures: adjusting net USD-priced positions to reduce the risk of exchange rate pricing fluctuations, regulating the surplus foreign currencies for natural hedging, and performing cash flow hedging from time to time (lease liabilities and USD demand/time deposits) to mitigate the impact of exchange rate fluctuations on profits or losses.
Legal Compliance	Legal compliance risk	As the Company grows in scale, the operational methods become more complex and the Company is restricted and affected by laws and regulations to a larger extent, e.g., competition laws/antitrust laws/anti-monopoly laws/fair trading laws (hereinafter collectively referred to as the “Competition Laws”) and laws and regulations related to the Group’s operations, such as those on personal data protection, counter-terrorism, economic sanctions, embargos, securities trading and investment, taxation, environmental safety, labor, vessels, and ocean shipping. Being investigated by competent authorities or determined to have committed violations will generate legal, staff, time, and administrative costs.	Yang Ming raises the legal compliance awareness of the Group’s employees, e.g., by regularly providing education and training in the Group, communicating the concept of legal compliance (including the Taiwan Business Department, Keelung Branch, Taichung Branch, Kaohsiung Branch) to expatriated personnel as well, and periodically sending legal compliance reminders to the Group’s subsidiaries and agents around the world.  The Company attends World Shipping Council and THE Alliance meetings to gather information on regulations, conducts regular personal data inventories in accordance with the Personal Data Protection Act to control all departments and offices’ retention of personal information and provide improvement and adjustment suggestions, and develops an audit system for economic sanctions and embargos to give advice or commission external lawyers or experts to provide assistance and professional advice on changes in domestic and foreign regulations related to the Group.
Climate Change	Climate change risk	Climate change issues have drawn more and more attention from countries around the world. In addition to the losses that climate change itself may cause, the Company must pay attention to countries’ tightening environmental protection regulations and policies (e.g., levying carbon taxes) to enhance corporate sustainable development and facilitate a well-developed ecosystem.	The countermeasures have been developed. Please refer to 2.5 Climate Change Governance Strategies

Other Non-high Risks of Continuous Conce

Risk Source	Risks Assessed in 2022	Description	Countermeasures
Finance	Customer credit risk/counterparty risk	If this risk is not controlled or there is any omission in the control, customers/counterparties may default on their contractual obligations due to the deterioration of their corporate structures or other factors (e.g., having disputes with their counterparties), which may result in the risk of default loss or the risk of bad debts and thereby cause financial losses to the Company.	Internally, the Company has control procedures specific to the customer credit risk/counterparty risk. Taking the business units as an example, new customers, collect information through on-site interviews and other channels; for credit customers, they review the credit conditions and sales contribution of the customers in many ways before offering credit and approve the credit terms on a case-by-case basis. For payment collection, the payment collectors are exempt employees responsible for performing reconciliation, making payments, and following up on payments at regular time intervals, regularly organizing the payments of the credit customers, and raising the level of control over key customers. Although this risk is a risk of significance, it has been controllable according to the feedback from units. Therefore, the Company will pay continuous attention to this issue and have further discussions with relevant units if there are practices requiring adjustments.
Strategy	Freight price change risk	The pandemic affected the economies worldwide. However, the shipping market benefited from the loose monetary policies and relief programs implemented by many countries around the world in the second half of 2020, promoting economic recovery. Meanwhile, as the demand of countries for pandemic prevention supplies and household necessities started to increase, the stock on the market progressively went up again and the freight price rose accordingly. However, between March and May 2022, as a result of the Ukraine-Russia war and China’s zero-COVID, energy rationing, and lockdown policies, the demand for containers dropped and the freight price went down. Also, in July of the same year, due to increasingly severe inflation leading to reduced spending power and a strong interest rate hike by the Federal Reserve System, the freight price was once again on the decline.	As this risk may affect the Company’s medium-term/long-term operations, the Company came up with subsequent response policies and asked all departments to review them in 2022. To mitigate the impact of this risk, the sales units have kept an eye on international shipping information (Global Supply Index, Alphaliner, etc.) at all times to look at the sales in Asia in the market. After changes in the demand and supply for TEUs next year are verified, we will make adjustments based on changes in market conditions and external factors, such as TEU diversion and the regular monthly analysis of profits and losses on routes.
Climate Change	Operational risk of newly-built ships	With the increasingly strict environmental protection regulations in the international community, failure to keep up with changes in the international environmental protection regulations will impose a certain level of impact on the companies in the shipping industry where vessels are used as revenue-generating vehicles and that produces a large amount of carbon emissions. Perhaps in the short run, there are other methods that can be used to avoid or reduce carbon emissions. At the end of the day, for long-term management, a timely reformation is a necessary approach for companies to achieve sustainable operations. Before such reformation, the companies must still assess their current operational status and see if there will be corresponding control measures to ensure future tolerance so as to reduce future operational risks.	The Company decided to build LNG dual-fuel vessels in 2022. In comparison to vessels using conventional fuels, LNG-fueled vessels can achieve a 20% reduction in GHG emissions. Moreover, as LNG virtually does not generate SOx and particles, which can significantly cut NOx emissions, the LNG dual-fuel vessels not only meet the IMO’s latest ship type requirements for carbon emissions in 2023, but also help the Company avoid paying carbon border taxes that will be levied by the EU, starting from October 2023.   Although the vessels using the new fuel can create new operational opportunities and activities for the Company, they also bring a lot of new challenges, such as deploying sufficient seafarers, possessing a certain level of management capabilities or experiences for the new vessels, and sourcing the fuel subsequently. In addition to compliance with environmental protection laws and regulations in the future, the Company must take into account market conditions when expanding the fleet afterwards. Even though more vessels lead to more revenue, from a balance sheet perspective, the vessels are the Company’s assets requiring depreciation. Fleet expansion means an increase in operational costs. As the construction and operation of new ships are important decisions for the Group, expanding the Company’s shipping capacity needs careful, comprehensive consideration of whether there is an excess difference between demand and supply in the market to reduce subsequent operational risks.

Emergency Handling Procedure

Yang Ming has formulated emergency handling procedures for various operations, detailing the reporting and handling procedures for relevant events to control subsequent improvements. Drills are carried out regularly as well. 

Emergency Handling Procedures for Operations	Description
Yang Ming Group’s Working Procedure for Reporting and Handling Major Incidents	The procedures govern the items to be reported, parties to be notified, content, and handling of major incidents with the Group, or those upon reception of crisis notice prior to a potential major incident, for effective control and handling before or after a major incident.
Major Accident Report & Response Procedure	The procedure ensures the Company’s early knowledge of a vessel marine incident (accident) so as to take proper risk prevention and response measures for the ultimate goal of damage mitigation.
Procedure for Work-related Accident and Emergency Response Plans	The procedure requires workplaces to formulate emergency response plans in effective response to work-related accidents or incidents in the workplaces, reducing the harm and damage caused.
Procedure for Handling Serious Crew Injury/Illness (Death)	The procedure dictates the regulations for the elimination or mitigation of damages in the event of accidents/disasters arising from dangerous goods/ materials onboard Yang Ming’s vessels or during shipping.
Emergency Procedure for  Shipboard Hazardous Goods	The procedure dictates the regulations for the elimination or mitigation of damages in the event of accidents/disasters arising from dangerous goods/ materials onboard Yang Ming’s vessels or during shipping.
Procedure for Emergency Preparedness & Response Plans for Office Buildings and Premises	The procedure is formulated for disaster prevention and emergency relief to minimize life-threatening injuries to staff and property loss.
Information Security Incident Management Procedures	The procedures ensure the effective reporting of information security incidents as well as crisis handling and prevention in the event that the core activities in the server room and network room of the Information Technology Department of Yang Ming are subject to force majeure or man-made sabotage.
Epidemic Prevention and Response Procedures	The procedures are to enhance the monitoring and risk assessment of epidemics in locations where Yang Ming operates and to improve the preparedness and response mechanisms so as to reduce the risk of personnel infection and ensure the normal operations of the Company.
Procedures for Reporting High-risk Communicable Diseases by Agents	The procedures dictate the procedures for Yang Ming’s agents to report their office operations and employee status to the headquarters in the event of a high-risk communicable disease outbreak in order to allow the headquarters, agents and offices to carry out effective response and handling measures before and after the outbreak to reduce the operational risks of the Company.
Procedures for Handling (Container Yard) Accidents	The procedures govern the handling of accidents taking place in the container yard of Yang Ming, covering the appraisal of damages to personnel, containers, cargo, machinery or facilities, the attribution of liabilities, notarization, indemnity claims, insurance claims, etc.

 

Organization Structure of the Risk Management

The Company established the risk management department in accordance with the latest Criteria for Corporate Governance and Internal Auditing on July 1st,2004. Afterward, it was restructured into Risk Control & Legal Affairs Dept., Risk Control & Insurance Dept. In March 2022, the Company established the Risk Control Office independently, directly under the President, to regularly conduct risk assessment and the analysis and handling that follow. This department oversees all risk management matters in the Company, including regular risk assessments, and subsequent analysis and measures.  
The organizational structure in relation to risk management is delivered by the character of risks. While the Risk Control Office oversees all risk management related matters, the initial identification of general risks, the assessment, and the control method provided by each department. Cases of significant risks will be sent to special review committees and the auditing office, based on their nature and the monetary sum involved. Reviewed cases that meet the standard will then be sent to the Board of Directors for approval.  

The organizational structure of the company's risk management is as follows:  

        本公司風險管理之組織架構如下: In order to respond to changes in the environment in a timely manner, risk assessments are carried out on a regular basis every year. We minimize possible losses through risk self-retention, risk transfer, risk aversion, and risk prevention. All responsible divisions/departments are to ensure a smooth risk management operation and to cooperate in the external/internal audits for monitoring purposes. The Annual Group Risk Assessment Report is to be submitted to the Board of Directors.  
The Company continue to oversee and manages issues relevant to climate change and set up the Environmental Sustainability Division, promotes environmental, social, and corporate governance issues through the ESG framework, and strengthens the company's mitigation and adaptation strategies for climate change.  
The Risk Control Office continuously improves the personnel’s awareness of risk control: plan to organize risk management education once every two quarters in line with risk management projects. In 2021, 3 sessions (3 hours each) of risk management education and training were organized for 108 participants in total. And a 3hrs risk management experience sharing course was held by CTBC in 2022 to strengthen the implementation of the company's risk control concept, with a total of 128 participants.  
 

Risk Management Policy

 

Chapter 1 General Provisions 

Article 1 Purpose 

In order to allow the company's risk management operations to follow and properly manage risks, this policy is formulated to standardize the standard procedures for risk identification, assessment, decision-making and effect monitoring and improvement, as the company's risk management guidelines and ensure the company's operational goals are achieved. 

Article 2 Definition of risk 

Risks are caused by various human-made, natural disasters, climate change, global economic and political situations. Events that will adversely affect the business operation, and the frequency of occurrence and the severity of the risk. 
Severity is used as a measure of risk. 
 

Chapter 2 Risk Management Structure and Powers and Responsibilities 

Article 3 Risk Management Structure and Powers and Responsibilities 

1. All business management units/departments (including branches and affiliated enterprises) of the group shall comply with the provisions of the procedures. Cooperate with the implementation of the risk management of its business management work and the group's annual risk assessment operations. 
2. The Risk Control Office is responsible for the formulation, revision and abolition of the risk management operating procedures. The procedure book stipulates that it is responsible for the management and control of the company's overall risk level and cross-departmental project risks manage, handle the group's annual risk assessment operation and assist the business management unit to handle the risk assessment related matters. 
3. Audit Office: Perform audits on risk management operations to monitor the company's risk management effective operation and execution. 
 

Chapter 3 Risk Management Process 

Article 4 The risk management process is from risk identification, risk analysis, risk evaluation to risk decision-making. 

1.Risk identification: each unit uses internal control operation cycle analysis, scenario simulation analysis, and consider practical experience (including external information) and the impact on internal and external stakeholders, discover and list all risk factors within the scope of management. The company's risk sources are divided into: 

• Strategic risk: including resource allocation, business expansion or contraction, market Dynamics, public and investor relations, market environment changes, national policies and politics risk etc. 
• Operational Risks: sales and marketing, supply chain, employees, information technology, cybersecurity attack host computer poisoning, information room disaster, huge disaster, physical assets, force majeure risks (such as natural disasters, major epidemics and infectious diseases, terrorist attacks), etc. 
• Financial risk: liquidity and credit, financial statements, taxation, capital structure, etc. 
• Legal Compliance Risks: Corporate Governance System, Code of Conduct, National Laws and International Regulations, etc. 
• Climate Change Risk: Risks and opportunities of climate change for business. 

2.Risk analysis: analyze the identified risk factors through data statistics and scenario simulation. Analysis and other methods and refer to external information collected from practical experience (such as industry cases or data) to analyze and record loss frequency and magnitude. 
3.Risk assessment and response: Risk assessment is based on the established assessment standards, and the risk is divided into frequency and magnitude of losses analyzed in the analysis step are classified and the degree of risk is calculated. Finally, according to this, the risk factors are positioned in the risk matrix, and the response measures to face the risks implement: risk retention, risk transfer, risk avoidance and risk prevention, as a risk decision policy reference. 
4.Risk monitoring: The responsible units are responsible for the smooth operation of the risk management process and cooperate with the internal. The external audit achieves the purpose of monitoring, and the results of the annual group risk report should be submitted to the board of directors. 
 

Chapter 4 Supplementary Provisions 

Article 5 The revision of this policy will take effect after the resolution of the board of directors is adopted, and the revision will also be the same. 

(This risk management policy has been2021/05/12 submit to the board of directors for approval)