Undertaking risks and safeguarding the rights and interests of the policyholders is an important key to maintaining stable operations. In order to ensure the rights and interests of the vast number of policyholders and shareholders, in addition to financial aspects, we will also keep pace with the times and incorporate issues such as climate change risks, emerging risks and ESG into risk management, so as to build a solid and efficient risk management mechanism for all risks that may be faced by the overall operation and to continue creating value for our shareholders and policyholders.

Risk management organizational structure and system

To effectively plan, supervise, and implement risk management, and also establish an effective risk management organizational structure, a three-line-of-defense structure has been adopted for internal control, with the Board of Directors serves as the highest supervision and decision-making unit for risk management. The Risk Management Committee was established under the Board of Directors. An independent director serves as the convener of the committee, and members meet once a quarter in principle, elevating risk management to a strategic position to show our determination to implement risk management. For the main risks faced by business operations, relevant risk indicators are formulated, included in the overall risk management report of the Risk Management Committee, and reported to the Board of Directors on a quarterly basis. The implementation of risk management has also been reflected to the Board of Directors to makes necessary improvement suggestions.

SKL Risk Management Committee

Main risk management measures

Shin Kong Life Insurance established its risk management policy as the highest guiding principles for the Company's implementation of risk management. The policy is aligned with the Company's business goals, has clear implementation guidelines, and emphasizes operational risk management. The four pillars of risk management were established on this basis, and operational risks are managed in response to changes in external regulations or the environment. Furthermore, Shin Kong Life Insurance periodically prepares Own Risk and Solvency Assessment (ORSA) reports, and assesses its current risk management and solvency. We defined material and relevant risks based on the nature, scale, and complexity of risks related to our business, and carried out risk identification, quantified assessment, supervision and management, and results reporting.

The Pillar of Risk Management

Business continuity management mechanism

We are committed to reviewing the possible impacts of changes in the internal and external environments to ensure business continuity. Regular drills are also conducted to make sure that business continuity plans are appropriate and effective and continuously enhanced.

When multiple major emergency events (such as: suspension of information services, large-scale epidemics, and earthquakes) occur, it may cause Shin Kong Life Insurance to suspend operations or prevent a portion of key services from operating. Shin Kong Life Insurance has a Business Crisis Response Team, crisis response measures, and emergency event reporting regulations to minimize the impact of accidents. The Company also established a business continuity management system (BCMS) to lower the probability of operations being suspended or reduce losses. The system strengthens the Company's ability to respond and rapidly recover from material events, allowing the Company to maintain sustainable operation, and thereby protect the interests of customers and all stakeholders.

Shin Kong Life Insurance has formulated relevant regulations such as guiding principles for business continuity management and has obtained ISO 22301 BCMS certification from BSI. We continue to improve such mechanisms and expand the scope of certification, while maintaining the effectiveness of the certification after being certified by BSI in 2023. We identified key operating activities and determined the resources (such as personnel and equipment) required for recovery of the activities through operational impact and risk analysis, formulating a recovery strategy and business continuity plan (BCP) on this basis. Every year, we conduct business continuity drills and tests, increase the breadth and depth of drills, and increase the number of on-site drills; for the company's external partners / suppliers, we have strengthened the business continuity capability assessment to ensure that the business continuity plan meets the company's business continuity goals.