Risk ManagementRisk Management

Board of Directors (the top risk management unit)

Risk Management Committee (supervision) 3 people

Risk Management Department(Risk management operation and measure formulation)
Supervisor: 2 persons + Departmental dedicated personnel: 5 persons

• There are internal operating measures in place.
• A rigorous credit review and approval system and a complete examination process are in place to implement and enforce risk management
• Identify, analyze and monitor assets and changes in the external environment, and adjust strategies flexibly.
• Continue to improve and expand the knowledge of credit investigation techniques and other related aspects of loan management so as to reduce loan defaults.

• Establish statistical models for applicants’ credit ratings and calculate the probability of the default risk.
• Monitor the Company's asset quality and development trends, submit a monitoring report to the Risk Management Committee every six months, and discuss the countermeasures against the asset quality trends and study feasible credit and overdue receivable collection policies in the future with relevant departments at the Asset Quality Management Meeting every six months.

• Implement the protection of customer data in accordance with the Personal Data Protection Act and related internal regulations.
• Other businesses comply with applicable economic, social and environmental regulations
• HFC complies with government laws and regulations, and internally supervises various businesses and contracts to comply with laws and regulations.
• In 2023, there was one case of violation of governmental regulations that resulted in a fine: At the beginning of the year, our subsidiary, Hoing Mobility Service Co., Ltd. (hereinafter referred to as “iRent”), was fined by the Taiwan Stock Exchange Corporation for the leakage of user information. Upon receipt of the relevant notice, HFC proactively urged its subsidiary, iRent, to establish relevant management standards.
• The fine of $470,000 imposed by various authorities on the subsidiary iRent was entirely withdrawn after the appeal.

• Taking into account the development and needs of related businesses, we have formulated the "Information Security Policy" and established the "Personal Information File Management Standards" and other management standards and control systems in accordance with the relevant matters stated in the policy.
• In order to strengthen information security management, we established a secure and trustworthy information operating environment to ensure the safety of data, system, equipment and network.

• To enhance the control of suppliers, we inspect new suppliers through Taiwan Depository & Clearing Corporation's anti-money laundering and counter-terrorism financing (AML/CTF) screening system to confirm if they are blacklisted.
• In addition to the annual monitoring of high-risk cases, we also manage high-, medium- and low-risk cases with different intensity according to their risk levels:
• [Inspection Frequency]: high-risk cases: once per year; medium-risk cases: once every three years; low-risk cases: once every five years
• We de-identified AML/CTF cases used in education and training and shared them with our subsidiaries to enhance the Group's awareness of AML/CTF.
• We set the audit indicators, perform audits regularly, and prepare audit reports according to the internal regulations.

• First line of defense: AML Task Force
• Second line of defense: AML personnel
• Third line of defense: Audit Department

• Maintain a certain percentage of medium to long-term financing to avoid the risk of market interest rate fluctuations.
• Undertake foreign exchange swap and interest rate swap contracts to hedge the exchange rate risk of foreign currency loans from financial institutions and effectively reduce the risk of future exchange rate fluctuations.
• Adjust the structure of long-term and short-term borrowings to ensure sufficient funds to meet operating needs and reduce liquidity risk.