Risk Management

Operating System of Risk Management

Organization of Risk Management

Risk control at CSC is divided into three levels with different mechanisms. The company adopts comprehensive risk control over all employees, which is executed level by level in normal times, rather than assigns control to a single department.

Risk assessment data is summarized for the first half of each year and the entire year, and then reported to the Corporate Governance and Sustainability Committee/Board of Directors. The frequency (monthly/quarterly) for evaluating issues is decided by the responsible unit and then reported to the functional committee.

With the aim of ensuring robust operations and sustainable development at CSC, the Board of Directors approved the formulation of the “Risk Management Policy and Procedures” as the highest guiding principle for risk management. According to the Risk Management Policy and Procedures, business units are in charge of identifying and assessing risk factors as well as drawing up relevant response strategies or measures, while the Board of Directors. President level and functional committees are responsible for risk monitoring and control, where proper monitoring and control of relevant risks are conducted by means of regular reporting.

In 2022, CSC performed risk identification covering operational risk, financial risk, information security risk, environmental risk, and compliance risk, from the economic, environmental, and social aspects, and classified risk levels into five levels to prioritize risk management strategies. Risks classified as high risk after evaluation include major occupational accidents, unstable energy supply, carbon control, air pollution fines, and construction manpower shortage; there were 15 medium risks, including procurement risk, inflation risk, extortion by hackers, intellectual property infringement, and carbon neutrality. For the risk items identified and analyzed, personnel from the relevant departments is responsible for drawing up and implementing subsequent risk management strategies and plans.

The rapid global economic, social, and environmental changes have derived diverse and complex risks. The Company established a emerging risk management system and responds and manages potential threats in a timely manner through identification, assessment, response, and supervision mechanisms. After collecting information on internal and external emerging risks, we identified a total of 7 emerging risk issues in 2022 and management assessed the potential impact of each issue. Survey results show that the Company's top 3 emerging risks are low carbon production technology, carbon pricing controls, and information security; response measures have been formulated for the risks.

The Secretariat Dept. leads to set ten years strategies and targets, while the Industrial Engineering Dept. leads to set yearly guideline and objectives for management. Risk assessment is included in the setting and tracking of guideline and objectives for management for each department by the Industrial Engineering Dept. Cross-departmental task forces may be set to perform risk detection, assessment, and prevention. IA periodically audits operational items of business cycles for identification, adjustment, and prevention of risks. The risk management in CSC is rigorous and effective. We compiled a control table of material risks and opportunities related to business policies, and evaluated the effectiveness of risk identification, management, and implementation measures related to business policies. CSC receives annual evaluations by the BSI for steel product systems (IATF 16949+ISO 9001+QC 080000).

CSC established the “Rules for the Identification and Management of Amendments to Laws and Regulations” as the basis for identifying, reviewing, and verifying laws and regulations within CSC, in order to comply with domestic laws and regulations and prevent the risk of violation. This allows CSC to fulfill its compliance obligation mentioned in ISO 9001/ISO 14001/ISO 45001. The online platform "Regulation Identification and Management System" tracks whether 376 domestic regulations have been revised each month, and completes the identification process and response actions. CSC, inter alia, has reviewed and revised a total of 8 internal rules and regulations subject to amendments of external laws and regulations. The Compliance and Standardization Committee monitors the effectiveness of legal compliance and draws up relevant decisions every six months, and then submits them to the Total Quality Management Committee for approval. Ongoing optimization of compliance practices is carried out via internal audits and training each year. The overseas production bases follow CSC's management system to respond to legal changes.


The Implementation of Risk Management

CSC identified risks from issues with high impacts and with the highest stakeholders' concerns through materiality analysis. The issues are categorized into economy/governance aspect, environmental aspect, and social aspect. Risk evaluation and risk management strategies are further made. CSC's emerging risks, major risks and response measures are as follows:

Aspect Type Potential Risk Control Strategies and Measures
Economy/Governance Low carbon production technology (emerging risk) Barriers to the development of proprietary low carbon processes and low carbon energy and carbon capture technologies
  1. Low carbon processes and production technologies
    1. First develop production technologies that increase the use of scraps, and then increase the types and quantity of recycled steel supplied in the short-term.
    2. The "Advanced Technology Industry-Academia Collaboration Project – Development of Low Carbon Iron Making Technology for Blast Furnace" was approved by the National Science and Technology Council in November 2022. The project will be implemented over a three-year period.
    3. Low carbon raw materials that contain iron are recycled within the Company and used in the blast furnace process to reduce expenses from purchasing raw materials with low carbon emissions.
    4. Search for multiple channels for purchasing raw materials, build partnerships, and sign contracts with stable raw material sources.
    5. Evaluate the connection of electric furnace and basic oxygen furnace and plan the technology development schedule.
  2. Low carbon energy and carbon capture technologies
    1. Plan and develop low carbon fuel application technologies.
    2. Develop highly effective carbon capture technologies with low energy consumption, and formulate a long-term carbon reduction plan for planning the installation of carbon capture equipment.
    3. Work with other organizations in adopting commercial carbon capture technologies with a proven track record, and work with petrochemical companies for co-production between steel and petrochemical plants.
Carbon pricing (emerging risk) Collection of carbon fees/tax in Taiwan and overseas
will put pressure on operations and weaken competitiveness of exports
  1. Continue to monitor implementation regulations and details for carbon fees collected by the government, as well as the reporting and taxation method and legislation process of the EU CBAM and US CCA.
  2. Plan the implementation of product carbon emission inventory and continue to develop and adopt low carbon/zero carbon technologies, continue to develop innovative carbon reduction technologies, and adopt feasible carbon reduction plans to mitigate the impact of carbon taxes and fees.
Information security risk (emerging risk) As company operations become more dependent on digital systems, companies are more frequently being attacked and extorted by hackers, which not only impacts companies internally, but also impacts the brand's reputation and result in distrust from customers when personal data is leaked.
  1. Implement end-point protection for important information assets and prevent advanced persistent threat.
  2. Block information security threats through intelligence update, and strengthen the network firewall and intrusion detection equipment.
  3. Continue to manage and patch vulnerabilities to reduce the chance of being attacked and prevent viruses.
  4. Periodically conduct social engineering drills to make employees more alert of phishing e-mails.
  5. Promote information security and organize training courses on information security to raise employees' information security awareness.
Procurement Delays or Interruptions in Supply of Materials
  1. Subscribe to real-time and regular reports on the raw material market to strengthen daily tracking of market and miner developments.
  2. Maintain a good relationship with miners and constantly keep in touch with them to obtain advance or early information on possible market changes.
  3. Conduct raw material procurement, transportation, and storage meetings within the company on a weekly basis to regularly review the status of raw material procurement, transportation, and storage; and make timely revisions to material consumption, pickup, and delivery plans in line with the company's operating policies.
  4. Develop new sources of materials at all times to meet future needs.
  5. Establish backup raw materials inventories in the hinterlands of transshipment ports.
Finance Inflation risk
  1. Adopt natural hedging measures, review the company's foreign currency positions at all times, and make appropriate adjustments to ensure that sources of funds denominated in major foreign currencies are used for the procurement or payment of raw materials and equipment as far as possible.
  2. Lock in exchange rate costs by means of purchasing forward exchanges in advance according to payment schedules in the event of major capital expenditures, with the aim of reducing risks arising from exchange rate fluctuations. Inject capital by means of cash purchase, pre-purchase or bank financing in foreign currencies upon internal assessment of exchange rate trends when there is an evident need for capital for overseas investment projects.
  3. Hold foreign exchange group meetings to draw up strategies aimed at minimizing exchange rate risks in the event of severe exchange rate fluctuations, and engage finance professionals outside the company on an ongoing basis to analyze macroeconomic and foreign exchange trends to strengthen the company's foreign exchange management.
  4. Flexibly use short-term commercial paper based on capital requirements and cost of capital, in order to lower the impact of short-term fluctuations in cost of capital in TWD.
Investment Investment Risk
  1. Regularly conduct risk assessment for investment.
Technology R&D Demand for the Development of High-value Utilization Technologies Using By-product Gases
  1. Invest more R&D resources and incorporate external resources into the development of high-value utilization and carbon reduction technologies using by-product gases to shorten technology development time.
  2. Establish partnerships with relevant manufacturers to promote coproduction between steel and petrochemical plants.
Technology R&D Shortage or Unstable Quality of Refractory Materials
  1. Establish the company's own technology for the development of refractory materials and its own refractory material production line.
  2. Set up a quality assessment system for refractory material suppliers and conduct regular inspections on these suppliers.
Technology R&D The Quality of Straight Bar Steel Fail to Meet The Requirement of Premium Steel
  1. Planning and constructing the new PH.C straight bar finishing line.
  2. Planning and adding a hot circular saw cutting system to replace cold shearing and improve hydrogen-induced cracks.
Intellectual Property Rights(IPR) Intellectual Property Infringement in Product or Manufacturing Process.
  1. Review the status of patent applications related to relevant technologies and report any patent that hinder development.
  2. Conduct analyses of industry technology development trends.
Intellectual Property Rights(IPR) Trademark and copyright disputes
  1. Establish an electronic trademark management system.
  2. Periodically convene cross-departmental trademark strategy meetings.
  3. Organize training courses or seminars on trademark and copyright.
Information Security Ransomware Attacks
  1. Deploy endpoint detection and response.
  2. Adopt two-factor authentication for virtual private networks.
  3. Build network packet encryption and decryption.
  4. Implement privileged account management.
  5. Ban private internet access.
  6. Assess the purchase of application firewalls.
Legal Compliance Software Infringement
  1. Strengthen the promotion of information security to enhance employees' awareness of information security.
  2. Implement control of software installation to prevent installation of illegal software among employees.
Information Security Personal Data Breach
  1. Conduct regular web and system vulnerability scans and penetration testing.
  2. Enforce system access control and permission management.
Information Security Social Engineering
  1. Regularly conduct social engineering drills.
  2. Deploy firewalls, intrusion detection systems, and spam filters.
  3. Engage a cybersecurity monitoring firm to monitor and alert on security incidents.
  4. Implement Endpoint Detection and Response (EDR) solutions.
  5. Enhance cybersecurity awareness among employees through education and training programs.
Environment Climate Change Transition Carbon Neutrality
  1. Strengthen communication with EPA by introducing examples of international carbon reduction regulations in pursuit of reasonable regulations.
  2. Continue to propose suggestions for reasonable regulations to the competent authorities in combination with the opinions of the peers and industry via TSIIA and the Chinese National Federation of Industries (CNFI).
  3. Establish the “Task Force on Energy Saving & Carbon Reduction and Carbon Neutrality” under the Corporate Governance and Sustainability Committee to lead company-wide carbon reduction policies and short-, medium-, and long-term carbon reduction strategies.
Climate Change Transition Unstable Energy Supply
  1. Continue to to make improves to reinforce electricity generation, strengthen defenses, and diversify energy sources to increase the resilience of the power system.
  2. Continue to improve and enhance equipment, with plans already put in place to replace old equipment (e.g., completion of the replacement and upgrading of No. 1 to 5 boilers and No. 1 to 3 generators and trial operations are scheduled for 2026), with a view to enhancing equipment efficiency and operation stability.
  3. Carry out daily maintenance, truly keep track of equipment conditions, and maintain the stability of water, power, oil, and gas supply.
  4. Formulate annual maintenance plans for equipment to enhance preventive maintenance.
  5. Hold emergency response drills on a regular basis.
Climate Change Transition Carbon Regulation
  1. Enhancing external communication on carbon pricing mechanisms
Legal Compliance Air Pollution Penalties
  1. Reduce the frequency of in-plant pollution by enhancing plant inspections and CCTV surveillance.
Society Hazardous Events Major Occupational Accidents
  1. Improve employees' safety knowledge and skills via training.
  2. Perform effectiveness audits to enhance audit capacity.
  3. Conduct reviews to ensure that improvement and corrective measures are constantly effective.
Hazardous Events Infectious Diseases
  1. Convene an infectious disease emergency response meeting based on the company's "Statutory Infectious Disease and Emergency Response Management Guidelines" to establish company's epidemic prevention policies and measures. Adhere to the epidemic control measures announced by the Centers for Disease Control and Prevention (CDC) and implement necessary controls accordingly.
Economy/Governance, Society Project Management Employer's obligation and additional requirements
  1. Request EOT (Extension of Time) to avoid liquidated damage for delay attributable to contractor.
  2. Consistently manage the documentary evidence through the projects to win claims.
Project Management Underestimation of costs (of External projects)
  1. Propose a well-defined procedure to approve and control increasing budgets. Negotiate with sub-contractors, therefore the surplus can be allocated toward emerging risks.
Project Management Construction Labor Shortage
  1. Implement a rewarding system that incentivizes newly recruited workers to adhere to safety and health protocols, and to enhance their willingness to stay on.
  2. Introduce foreign workers to alleviate the construction labor shortage.