Corporate Sustainability

Risk Management

GRI 2-23, 2-24; SASB TC-SI-550
Climate & Nature Risk
Information Security Risk
Human Rights Risk
Health Risk

In view of the global trend of emphasis on risk management, SYSTEX has improved the risk management mechanism to reduce the impact of risks, improve operational efficiency and corporate resilience in response to risks, and increase competitive advantages to implement sustainable operations. In 2022, SYSTEX has established a cross-divisional Risk Management Committee under the Board of Directors, and formulated “Risk Management Best Practice Principles“, “Risk Management Policies and Procedures“, “Rules of Risk Management”, “Rules of Strategic Investment Management” and “Rules of Supervision and Management of Subsidiaries” to effectively control risks and improve management efficiency.

Risk Management Policy and Principle
 

Risk Management Goal

 

The SYSTEX Risk Management goals aim to consider and manage various risks that may affect the achievement of corporate goals through a complete risk management structure, and to achieve the following goals by integrating risk management into operational activities and daily management processes:

  • Achieve corporate goals
  • Improve management efficiency
  • Provide reliable information
  • Allocate resources efficiently
 

Risk Management Principle

 
  • Integrated
  • Customized
  • Dynamic
  • Inclusive
  • Employee and cultural
  • Structured and comprehensive
  • Effective use of information
  • Keep improve
Risk Management Organization

SYSTEX strengthens risk management with the Board of Directors as the highest governing body. A Risk Management Committee is established under the Board’s supervision to integrate risk management and supervision into daily activities and achieve sustainable operations.

Risk Management Organizational Structure

Board of Directors

As the highest governance unit for risk management of SYSTEX Group, the responsibilities of the board of directors are:

  • Approve the “Risk Management Policies and Procedures” and risk management structures.
  • Ensure that the operational strategic direction is consistent with risk management policies.
  • Ensure that risk management mechanisms and risk management culture have been established.
  • Supervise and ensure the effective operation of the overall risk management mechanism.
  • Allocate and assign sufficient and appropriate resources to enable risk management to operate effectively.

Risk Management Committee

The Risk Management Committee executes risk management policies and reviews them periodically, and is accountable to the Board. They determine risk tolerance, prioritize risk management, and report on progress to the Board at least once a year or submit proposals for Board approval. Risk management matters and the 2024 implementation status were reported to the Board on December 17, 2024.

Crisis Management Group

The Crisis Management Group develops risk policies, procedures, and frameworks. They establish risk metrics and tolerance levels, analyze company risks, and oversee and coordinate risk management activities across departments. The Crisis Management Group is responsible for enhancing risk awareness among the entire organization with training programs. The Group is consisted of a number of functional division head of “Financial Division, Business Management Division, Legal Division, HR Division, Data & Info. R&D Division and BU/BI”. As a result, the Crisis Management Group held a meeting quarterly, with a total of 4 meetings in 2024.

Crisis Response Team

The Crisis Management Group has set up the Crisis Response Teams, grouping by crisis events. These teams are immediately activated when a crisis may occur, and are responsible for identifying the main causes of the crisis and dealing with the situation according to the “Rules of Risk Management.”

Team Person in Charge Leader Responsibility
Regulatory Compliance Legal Division head or his assignee Legal Division head
  • Responsible for regulatory compliance-related controls, such as contract disputes, government penalties, trade secrets, serious corruption and labor issues, etc.
Biz. Continuity Business Identity head or his assignee Business Identity head
  • Responsible for business operation-related controls, such as market upheavals, severe defaults, loss of key operating resources, severe data center disruptions, etc.
Disaster Response Human Capital Center head or his assignee Human Capital Center head
  • Responsible for disaster-related controls, such as natural disasters, asset loss, infrastructure failure, personal safety and infectious diseases, etc.
Information Security Protection Information Security Technology Department head Data & Info. R&D Division head
  • Responsible for information security-related controls, such as enterprise information security, customer data security, data center test failure and personal information infringement, etc.
Social Media Marketing & PR Division head or his assignee Marketing & PR Division head
  • Responsible for corporate image-related controls, such as negative media reports and spread of negative social remarks, etc.
Crisis Management Procedures
For more detail about crisis management procedures of each “Crisis Resolution Team”, please refer to “Crisis management procedures“.
Risk Trends and Material Issues

According to the development trends outlined in the Global Risk Report 2025 published by the World Economic Forum, five of the top ten long-term global risks are environmental in nature. These include: extreme weather events, biodiversity loss and ecosystem collapse, major disruptions to Earth systems, natural resource shortages, and pollution. Recognizing that employees are the core competitive strength of SYSTEX, the company places significant emphasis on risk issues closely related to its workforce. Accordingly, SYSTEX has developed targeted mitigation measures and management strategies for the following risk categories: “climate and nature risks,” “information security risks,” “human rights risks” and “health risks”.

For more details on these risks, please click the following links:

Climate-Related Risk 
Information Security Risk 
Human Rights Risk 
Health Risk