Risk Management
 

Risk Management Vision

With becoming an excellent transportation group as a vision, Yang Ming is committed to sustainable operations and responsibilities to society by developing a comprehensive risk management mechanism to manage potential risks related to the overall operations and financial profits. Through strict risk control measures, all business risks are controlled to the extent that they are tolerable to ensure adequate corporate capital while increasing the Company's operational quality and value.

 

Risk Management Organization

The Company set up the "Risk Management Committee" subordinate to the Board of Directors in 2022. The committee is responsible for reviewing internal risk management policies, structures, systems and regulations as well as the review and response measures for material risk events. The "Risk Control Office" is in charge of formulating, revising, and abolishing risk management procedures, controlling the overall risk level and cross-departmental project risk management in accordance with the procedures, conducting annual risk assessments for the Group, and assisting business management departments in dealing with matters and providing education and training. The "Audit Department" takes charge of auditing risk management practices to ensure the effective operation of the Company's risk management procedures.


Risk Management Policy and Procedure

To provide a compliance basis for risk management practices, the Company has developed the "Risk Management Policy" as the norm for risk management and the highest guidelines for the standard procedures. The latest amendment to the policy was approved at the 357th board meeting on May 12, 2021. The Risk Control Office regularly identifies the risk factors that may influence the Company every year. After the possible frequency and range of loss are analyzed, the office formulates and assesses countermeasures and, in accordance with the latest internal audit requirements and standards, monitors potential risks continuously and implements the countermeasures to control all types of risks on an ongoing basis. Risk management strategies are formulated for different risks, including management objectives, organizational structures, responsibilities, and risk management procedures and other mechanisms, and are thoroughly implemented to control all types of risks arising from business activities to the extent that they are acceptable. To implement a risk management mechanism, the Company conducts group risk assessments on an annual basis. The results of the risk assessments, as well as the subsequent quarterly risk follow-up reports, are submitted to the Risk Management Committee and then to the Board of Directors. In accordance with the actual operation schedule, the 2023 group risk assessment results and follow-up reports were submitted to the Risk Management Committee in March, June, and December and to the 383rd board meeting on May 12, 2023, the 385th board meeting on August 11, 2023, and the 389th board meeting on January 31, 2024.


Risk Management Procedure

CH2 Stable Navigation - Corporate Governance and Resilient Operations_page-0013


Risk Management Scope

The Company's risk management scope covers the departments of the headquarters, subsidiaries, branches, and regional centers, including Europe, the Mediterranean, the United States, Latin America, Western Asia, Asia, and China. After an integrated risk assessment is performed, the results are organized and presented to the headquarters to implement and reinforce corporate risk management. The Company includes the entire Group in the scope of risk assessment and establishes a risk assessment management system to monitor and assess the effectiveness of existing control measures. The Company regularly reviews various risk management procedures and assessment standards based on changes in the market economy and adjustments to the Group's business policies, and assess major risks every year to improve the existing management mechanism and achieve more effective risk management, ensuring corporate sustainable operations.


Risk Assessment Results

Yang Ming focused on the five aspects, strategy, operation, finance, legal compliance, and climate change, during the annual risk assessment for the Group to review and assess the potential risks faced by the Group, their frequency of occurrence, and the severity of their impacts. The Company's risk assessment for 2023 and the strategies for mitigation and response are described in the following table:
 

High Potential Risks Assessed in Five Aspects

Risk Source / Risks Assessed in 2023 Description  Countermeasures 
Operation
Personnel safety risk 
By organizing the risk assessment questionnaires and interviews with units, the Company was informed that operational errors and physical diseases constituted a majority of the Group's personnel safety accidents, which occurred mostly in subsidiaries and to seafarers.
  1. As there is a high chance of accidents in terminal yards and on ships, the Company will increase the safety awareness of personnel before on-site operational practices for accident prevention, provide education and training periodically, and perform regular accident drills and machine maintenance. In case of problems like old machines, they are regularly renewed to reduce operator accidents caused due to the old machines.
  2. Regarding physical and mental health care and follow-up care for seafarers, the Marine Department has launched a plan for the prevention of abnormal workload-induced diseases for seafarers. The plan is formulated with reference to the Seafarer Act, the International Maritime Labor Convention (MLC) and other relevant guidelines. The Company hopes that feasible assessment procedures can identify potential high-risk groups as early as possible. The Company has also planned to implement relevant health management measures to prevent diseases caused by workload and ensure the physical and mental health of workers.
Strategy

Alliance risk
It was confirmed on October 11, 2023 that the Consortia Block Exemption Regulation (CBER) will not be extended, which will increase the legal risk of alliance operations. In sum, the overall shipping alliance will face the risk of restructuring or disintegration after 2024. This will have a significant impact on the maintenance of the Company's future transportation capacity and profitability.
  1. In order to reduce the alliance risk and maintain the operational capacity of the fleet, the Company will be more careful in terms of the selection of alliance partners. In addition to business considerations, it is necessary to mainly focus on carriers with a better market reputation and financial credit, and seek external legal consulting services as necessary. 
  2. To comply with the investigation and reporting requirements of the US Federal Maritime Commission (FMC), the Company reviews the mid- and long-term shipping capacity planning of the alliance routes on an annual basis with the carriers in the alliance. The Company also plans the medium and long-term ship resources according to business plans and market growth, and increase the shipping capacity in a timely manner.
Strategy

International geopolitical risk
In recent years, the wrestling between the U.S. and China and the economic restrictions imposed by governments around the world have been exacerbated by the COVID-19 pandemic and the Russia-Ukraine war. Geopolitical factors have even greater influence than economic factors. Geopolitical developments have brought both challenges and opportunities to the world. Enterprises need to formulate a more strategic approach in response.
  1. The Company will propose corresponding control measures for the operational policy and collection and payment process of the Company's agent in each country (e.g. for countries subject to foreign exchange controls, decreasing the risk exposure position by offsetting revenue against expenditure, signing letters of guarantee with local banks, or negotiating a change to a third place payment with customers) to reduce risks.
  2. For oil price fluctuations caused by international disputes, the Company will proceed with the purchase of fuel oil according to the provisions of the contract. The Company will lock in the purchase price based on the quoted price at the time of signing the contract, or use other financial derivatives to reduce the impact of oil price fluctuations.
Legal Compliance

Legal compliance risk
As the Company grows in scale, the operational methods become more complex and the Company is restricted and affected by laws and regulations to a larger extent, e.g., those related to competition, personal data protection, counter-terrorism financing, economic sanctions, embargos, and other legal compliance risks associated with the Group's operations.
  1. Yang Ming raises the legal compliance awareness of the Group ’s employees, e.g., by regularly providing education and training in the Group, communicating the concept of legal compliance (including the Taiwan Operations Group, Keelung Branch, Taichung Branch, Kaohsiung Branch) to expatriates as well, and periodically sending legal compliance reminders to the Group ’s subsidiaries and agents around the world.
  2. The Company has participated in international conferences such as the World Shipping Council or shipping alliances to gather legal information, and increase the frequency of self-assessment in response to the changes in the Consortia Block Exemption Regulation (CBER).
  3. The Legal Compliance Office conducts regular education and training on personal data inventory, and develops the "personal data file security maintenance plan" as required by the competent authorities to further control personal data protection and other related legal risks.
  4. For risks such as economic sanctions/embargoes, the Company will use an external sanction list database and query platform to obtain more complete information to facilitate the preliminary know-your-customer (KYC) procedures by the personnel of relevant departments before trading.
Operation
Risk of falling freight rates 
The shipping market experienced a two-year extreme freight peak from 2022. However, between March and May 2022, as a result of the Ukraine-Russia war and China's zero-COVID, energy rationing, and lockdown policies, the demand for containers dropped and the freight price went down. Also, in July of the same year, as increasingly severe inflation led to reduced spending power, a strong interest rate hike by the Federal Reserve System, and decreasing consumer buying power, the freight price was on the decline.
  1. The Company will expand the business scope to mitigate the reduction in revenue caused by falling freight rates (e.g. by investing in other industries, building a complete transportation network system, or signing long-term collaboration contracts) to reduce the potential impact of falling freight rates on operations.
  2. In addition to paying attention to international shipping information (Global Supply Index, Alphaliner, etc.) at all times, all sales units hold weekly sales meetings to observe the overall freight rate trend in the market, continue to monitor market conditions, and make adjustments to sales strategies and directions based on market condition and external factor changes.
  3. Through industry-academia collaboration projects, the Company plans to study freight price hedging strategies, hoping to have other hedging strategies available to reduce the impact of falling freight rates on operations.
Climate Change

Climate change risk
The issue of climate change has received the attention of countries around the world. For example, the European Union launched the Emissions Trading System (ETS) and Carbon Border Adjustment Mechanism (CBAM) in 2005, and Taiwan passed the "Climate Change Response Act" in the 3rd reading on January 10, 2023. These regulations mean that all enterprises must face the pressure of carbon reduction.
  1. The countermeasures have been developed. Please refer to 2.5 Climate Change Governance Strategies .

 

Emerging Risks

Risks Assessed in 2023 Description  Countermeasures 

Artificial intelligence risk
In the past year, due to the advancement of generative AI technology, the technology has frequently been abused by hackers, resulting in more automated and customized cyberattacks, and enterprises will face greater information security control pressure and risks.
  1. Create a web application firewall.
  2. Introduce the MDR threat detection and response service, an intrusion prevention system, and a security information and event management system to detect, analyze, and respond to security threats before they harm corporate operations.
  3. Continue to strengthen information security education and training, so that employees can stay alert at all times and has a high awareness of information security


Major Incident Emergency Handling Procedure

Yang Ming has formulated emergency handling procedures for various operations, detailing the reporting and handling procedures for relevant events to control subsequent improvements. Drills are carried out regularly as well.

Emergency Handling Procedures for Operations  Description 
Yang Ming Group's Working Procedure for Reporting and Handling Major Incidents  The procedures govern the items to be reported, parties to be notified, content, and handling of major incidents with the Group, or those upon reception of crisis notice prior to a potential major incident, for effective control and handling before or after a major incident.
Major (Vessel) Accident Report & Response Procedure  The procedure ensures the Company's early knowledge of a vessel marine incident (accident) so as to take proper risk prevention and response measures for the ultimate goal of damage mitigation.
Procedure for Work-related Accident and Emergency Response Plans  The procedure requires workplaces to formulate emergency response plans in effective response to work-related accidents or incidents in the workplaces, reducing the harm and damage caused.
Procedure for Handling Serious Crew Injury/Illness (Death)  The procedure ensures that the Company's ships can take timely and effective measures in the event of a major accident/injury/illness (death) to the personnel on board in order to minimize the injury to the personnel.
Emergency Procedure for 
Shipboard Hazardous Goods 
The procedure dictates the regulations for the elimination or mitigation of damages in the event of accidents/disasters arising from dangerous goods/ materials seafarers Yang Ming’s ships or during shipping.
Procedure for Emergency Preparedness & Response Plans for Office Buildings and Premises  The procedure is formulated for disaster prevention and emergency relief to minimize life-threatening injuries to staff and property loss.
Information Security Incident Management Procedures  The procedures ensure the effective reporting of information security incidents as well as crisis handling and prevention in the event that the core activities in the server room and network room of the Information Technology Department of Yang Ming are subject to force majeure or man-made sabotage.
Epidemic Prevention and Response Procedures  The procedures are to enhance the monitoring and risk assessment of epidemics in locations where Yang Ming operates and to improve the preparedness and response mechanisms so as to reduce the risk of personnel infection and ensure the normal operations of the Company.
Procedures for Reporting High-risk Communicable Diseases by Agents  The procedures dictate the procedures for Yang Ming's agents to report their office operations and employee status to the headquarters in the event of a high-risk communicable disease outbreak in order to allow the headquarters, agents and offices to carry out effective response and handling measures before and after the outbreak to reduce the operational risks of the Company.
Procedures for Handling (Container Yard) Accidents  The procedures govern the handling of accidents taking place in the Container Yard of Yang Ming, covering the appraisal of damages to personnel, containers, cargo, machinery or facilities, the attribution of liabilities, notarization, indemnity claims, insurance claims, etc.
 

Organization Structure of the Risk Management

The Company established the risk management department in accordance with the latest Criteria for Corporate Governance and Internal Auditing on July 1st, 2004. Afterward, it was restructured into Risk Control & Legal Affairs Dept., Risk Control & Insurance Dept. In March 2022, the Company established the Risk Control Office independently, directly under the President, to regularly conduct risk assessment and the analysis and handling that follow. This department oversees all risk management matters in the Company, including regular risk assessments, and subsequent analysis and measures.  

The organizational structure in relation to risk management is delivered by the character of risks. While the Risk Control Office oversees all risk management related matters, the initial identification of general risks, the assessment, and the control method provided by each department. Cases of significant risks will be sent to special review committees and the auditing office, based on their nature and the monetary sum involved. Reviewed cases that meet the standard will then be sent to the Board of Directors for approval.  



The organizational structure of the company's risk management is as follows:  
 

A.  All divisions/departments of the Company(including branches and affiliates) shall follow ISO regulations to evaluate risk and assist in implementing Annual Group Risk Evaluations.  
 

B.  The Risk Control Office will be responsible for drafting and amending ISO regulations on Risk Management Operating Procedure, managing overall and cross department risk-control projects as well as performing Annual Group Risk Evaluations.  
 

C.  The Audit Dept. will audit all Risk Management Operations to ensure the Risk Management Policies are efficiently implemented and followed.  

 

Current Operation

The Company's risk management process consists of risk identification, risk measurement, risk response, risk monitoring, and risk management information communication and handling. In addition to compiling the overall impact that each risk may have on the Company through cross-departmental communication and data collection, this process also correlates the degree of impact of each risk with the short-, medium-, and long-term operational objectives of the Company in order to determine the Company's level of tolerance to the impact of the risk.

In order to implement the risk management mechanism, the Group's risk assessment is conducted on a regular basis every year, and the reports of the risk assessment are regularly (at least once a year) submitted to the Risk Management Committee (consisting of three independent directors) and the Board of Directors (the Group's risk assessment tracking report was submitted to the 383rd meeting of the Board of Directors on May 12, 2023, 385th meeting of the Board of Directors on August 11, 2023, and the 3rd meeting of the Risk Management Committee on June 29, 2023, respectively). The latest report on the results of the Group's risk assessment was presented to the Risk Management Committee at its 5th meeting on December 13, 2023, and to the Board of Directors at its 389th meeting on January 31, 2024, which included a compilation of the various risks faced by the Company during the year, including, for example, risks to the safety of personnel, the decline in freight rates, the risk of vessel affiliation, the risk of internationalization, and the risk of the loss of the Group's assets. The report includes a summary of the various risks faced by the Company in the current year, for example, in year 2023, including personnel safety risk, freight price decline risk, vessel joint venture risk, international geopolitical risk, compliance risk, climate change risk, etc., as well as the risk response measures and the expected improvement plan. The Company will continue to track these risks on a quarterly basis and report to the Risk Management Committee and the Board of Directors. In addition, the audit office will be notified of the tracking results and will conduct risk management audits of the risk management operations to ensure the effective operation and execution of the Company's risk management.

The Company continue to oversee and manages issues relevant to climate change and set up the Environmental Sustainability Division, promotes environmental, social, and corporate governance issues through the ESG framework, and strengthens the company's mitigation and adaptation strategies for climate change. 
In order to strengthen the risk concepts of the Group's employees and implement risk control concepts in their daily business management work, the regular risk management education and training has been completed in 2023, with the completion of a practical experience-sharing course on risk management of project investment-related issues, inviting the participation of colleagues from the project investment-related departments, with a total of 48 participants and a training time of 2 hours, sharing the contents of the course with actual cases. The course content is based on actual case studies to enhance the risk management capability of our employees in handling project investments.  

 

Risk Management Policy

 

Chapter 1 General Provisions 

 Article 1 Purpose 

  In order to allow the company's risk management operations to follow and properly manage risks, this policy is formulated to standardize the standard procedures for risk identification, assessment, decision-making and effect monitoring and improvement, as the company's risk management guidelines and ensure the company's operational goals are achieved. 


 Article 2 Definition of risk 

  Risks are caused by various human-made, natural disasters, climate change, global economic and political situations. Events that will adversely affect the business operation, and the frequency of occurrence and the severity of the risk. 
  Severity is used as a measure of risk. 

 

Chapter 2 Risk Management Structure and Powers and Responsibilities 

 Article 3 Risk Management Structure and Powers and Responsibilities 

  1. All business management units/departments (including branches and affiliated enterprises) of the group shall comply with the provisions of the procedures. Cooperate with the implementation of the risk management of its business management work and the group's annual risk assessment operations.

  2. The Risk Control Office is responsible for the formulation, revision and abolition of the risk management operating procedures. The procedure book stipulates that it is responsible for the management and control of the company's overall risk level and cross-departmental project risks manage, handle the group's annual risk assessment operation and assist the business management unit to handle the risk assessment related matters.

  3. Audit Office: Perform audits on risk management operations to monitor the company's risk management effective operation and execution.
 

Chapter 3 Risk Management Process 

 Article 4 The risk management process is from risk identification, risk analysis, risk evaluation to risk decision-making. 

  1. Risk identification: each unit uses internal control operation cycle analysis, scenario simulation analysis, and consider practical experience (including external information) and the impact on internal and external stakeholders, discover and list all risk factors within the scope of management. The company's risk sources are divided into:
    • Strategic risk: including resource allocation, business expansion or contraction, market Dynamics, public and investor relations, market environment changes, national policies and politics risk etc. 
    • Operational Risks: sales and marketing, supply chain, employees, information technology, cybersecurity attack host computer poisoning, information room disaster, huge disaster, physical assets, force majeure risks (such as natural disasters, major epidemics and infectious diseases, terrorist attacks), etc. 
    • Financial risk: liquidity and credit, financial statements, taxation, capital structure, etc. 
    • Legal Compliance Risks: Corporate Governance System, Code of Conduct, National Laws and International Regulations, etc. 
    • Climate Change Risk: Risks and opportunities of climate change for business. 

  2. Risk analysis: analyze the identified risk factors through data statistics and scenario simulation. Analysis and other methods and refer to external information collected from practical experience (such as industry cases or data) to analyze and record loss frequency and magnitude.

  3. Risk assessment and response: Risk assessment is based on the established assessment standards, and the risk is divided into frequency and magnitude of losses analyzed in the analysis step are classified and the degree of risk is calculated. Finally, according to this, the risk factors are positioned in the risk matrix, and the response measures to face the risks implement: risk retention, risk transfer, risk avoidance and risk prevention, as a risk decision policy reference. 

  4. Risk monitoring: The responsible units are responsible for the smooth operation of the risk management process and cooperate with the internal. The external audit achieves the purpose of monitoring, and the results of the annual group risk report should be submitted to the board of directors.
 

Chapter 4 Supplementary Provisions 

 Article 5 The revision of this policy will take effect after the resolution of the board of directors is adopted, and the revision will also be the same. 

 

(This risk management policy has been2021/05/12 submit to the board of directors for approval) 


 
We are committed to protecting your personal data and providing you with access to your personal data in accordance with the personal data protection laws in force in the European Union.
By clicking "Accept All", you are giving us permission to place cookies to enhance your experience on this website, to help us analyze site performance and usage, and to allow us to deliver relevant marketing content. You can manage your cookie settings below. By clicking "Confirm" you agree to the current settings.

Privacy preferences

We are committed to protecting your personal data and providing you with access to your personal data in accordance with the personal data protection laws in force in the European Union.
By clicking "Accept All", you are giving us permission to place cookies to enhance your experience on this website, to help us analyze site performance and usage, and to allow us to deliver relevant marketing content. You can manage your cookie settings below. By clicking "Confirm" you agree to the current settings.

Manage preferences

Necessary cookie

Always on
網站運行離不開這些 Cookie 且您不能在系統中將其關閉。通常僅根據您所做出的操作(即服務請求)來設置這些 Cookie,如設置隱私偏好、登錄或填充表格。您可以將您的瀏覽器設置為阻止或向您提示這些 Cookie,但可能會導致某些網站功能無法工作。