PSMC stipulates the company's "Risk Management Policies and Procedures" and "Risk Management Committee Organization Regulations" in accordance with the "Risk Management Code of Practice for Listed OTC Companies" announced by Taiwan Stock Exchange Co., Ltd. on August 8, 2022, and approved by the board of directors on December 20, 2022, as the highest guiding principle of the company's risk management.

The risk management process of PSMC covers five major elements, and internal audits and reviews of the risk identification process are conducted regularly each year to ensure the effectiveness of the risk management process and related controls.

The members of the PSMC risk executive team include marketing/business, R&D, strategic planning, intellectual property, legal affairs, operating center, factory affairs, procurement, human resources, finance, accounting, risk control, industrial safety and environmental protection, and information security. Comprehensively evaluate the risks of enterprises based on the four aspects of strategy, operation, finance and labor security. The audit office will conduct effectiveness review of risk management activities.

The Company operates systematically to promote and implement risk management mechanisms and regularly reports to the Audit Committee and the Board of Directors on the operation of the Risk Management Committee and the schedule of risk management activities for the next year. The key operations of the Risk Management Committee in 2024 are as follows:

• In June - Identify emerging risks and identify high-level internal and external risk items.
• In August - Report to the Audit Committee on the implementation of the first half of the year, including the progress of risk management activities tracked in the previous year and the key risk projects identified in the current year.
• In December - Report to the Audit Committee and the Board of Directors, explain the annual risks of concern and related action plans summarized by each unit in 2024, complete the annual risk management report and the schedule of risk management activities for the next year.

In the future, it will follow the relevant management policies, procedures and procedures, and announce the relevant operation status.

We use the operational impact analysis method to identify the Company's key operations and the possible impact these operations may cause and to establish an optimal operation recovery time. We analyze these key operations using operation impact.

Through risk assessment charts, we analyze the potential threats, weaknesses and consequences of these hazards individually within operations, and understand the existing prevention and detection control measures. Then according to the seriousness level of the analysis level chart, occurrence analysis chart, risk level judgment standards, we can determine and grasp the operating risks and establish risk control policies to reduce risks.

Operational risk diagnosis is made by the joint evaluation and diagnosis of all units; these include plant affairs, risk management, manufacturing, engineering, automation, information management, property management, purchasing, sales, production management, finished products, finance, human resources, and quality customer service.

With the aim of building up various units' ability to respond to and handle crisis incidents, the Business Continuous Plan (BCP) and themed drills are carried out has been formulated for specific risk scenarios such as prolonged power supply interruptions, water outages, fire accidents, earthquakes, climate change, raw materials supply interruptions, labor shortages, information system hacking, critical equipment failure, etc. to ensure that in the events of major accidents or crisis incidents, the normal operations can be resumed as soon as possible.

The President serves as the top commander, with the spokesperson, staff team (encompassing units of finance, information technology, and strategic planning) and fab executive officers serving as assistants to promote relevant affairs. Several functional teams have been set for different emergencies and incidents, including legal affairs team, public relations team, support team, coordination team, and contact team.

The annual drills focus on the pre-emptive measures for handling operational shocks, conducting operational shock analysis, risk assessment, and selecting recovery strategies. The internal departments of PSMC prepare Standard Operating Procedures (SOPs) for emergency events and initiate emergency response plans immediately upon the occurrence of the event. If the emergency is so severe that production is interrupted for more than half a day, a crisis management plan will be conducted to eliminate the crisis and eventually resume operations in the shortest time possible.

Interest expense as a percentage of net operating income for 2023 and 2024 is 1.42% and 3.43%, respectively, which is a small percentage for each period. This is mainly due to the interest incurred by the Company in financing its borrowings from financial institutions for operating needs and capital expenditures, and although market interest rates fluctuate, they do not yet have a significant adverse effect on all revenue and profitability. PSMC will monitor and analyze in a timely manner the cash flow impact generated from interest rate changes in the financial market on all of the Company's interest bearing liabilities, maintain good relationships with banks, and conduct timely assessment of the potential interest rate risks which the interest-bearing liabilities are subject to, thereby reducing the impact of interest rate changes on the year's profit / loss.

PSMC's net foreign currency exchange gain (loss) in 2023 and 2024 accounted for (0.19) % and 2.74 % of the year's net operating revenue respectively. Since the Company's capital expenditure and manufacturing costs are mainly paid in US dollars or Japanese yen, and most revenue comes from US-dollar income, its revenue performance is significantly influenced by exchange rate fluctuations. In response to this risk, by considering exchange rate changes in the market and the Company's actual positions and funding status, PSMC adopts natural hedging strategies and uses spot foreign exchange transactions and forward foreign exchange contracts to hedge exchange rate risks within the scope permitted by the Company's policies.

With the interference by factors such as inflation, destocking, etc. in the industries, the global market demand became slacked in 2024. In response to this situation, PSMC keeps monitoring price fluctuations in the market, and maintaining good interactions and relationships with suppliers and customers to actively adapt to the slack-off impact caused by inflation to the Company's overall profit performance.

The 12-inch wafer fab constructed in Tongluo Science Park, Miaoli officially commenced mass production in 2024. However, demand forecasts may undergo significant changes due to fluctuations in the market environment. In the event of reduced demand, the purchased equipment and additional hired personnel may impact PSMC's profitability.

In the medium to long term, foundry capacity is still a key resource for customers' growth, and customers will actively acquire more capacity. However, in 2024, there is significant pressure in the mature semiconductor process market, due to weak demand in the end-consumer electronics market and the aggressive capacity expansion of mature processes in China. PSMC will continue to observe market changes and closely collaborate with customers. In the events when market demand keeps falling short of the expected level, the Company shall adjust production capacity plans on a rolling basis. In principle, plant and production capacity expansion projects shall be carried out throughout several phases or stages within the Company's affordable budget and the minimum risk level to concurrently achieve stable corporate growth and meet customers' production capacity needs.

Geopolitics

The U.S. chip sanctions on China's semiconductors might work to a certain extent, yet they have forced Chinese government to expand investment in the semiconductor industry. As a result, the local momentum in China has increased rapidly, particularly the mature processes above 28nm, which have already posed a threat to Taiwan's second-line wafer fab.

Product lines' total demand amount is shared by competitors, which will affect the long-term growth of the businesses between the Company and customers. If the development timeline cannot be properly managed, it will impact the Company's mid-term order intake and wafer production.

1. Continue to develop customized processes based on current technology level and customers' needs to enhance customer stickiness.
2. Plan the development of advanced process platforms to widen the competitive gap.
3. Pay regular visits to customers (and customers' customers) to understand market status and stay on top of customers' needs in a timely manner, which will help the Company stay one jump ahead of competitors to launch new products and enjoy the bonuses for first movers.
4. Optimize processes based on existing platforms to meet customers' needs and optimize cost competitiveness.
5. Establish a dedicated organization to strengthen progress tracking for engineering horizontal deployment.
6. Provide indicators regarding evaluation project to assist senior management in decision-making and focus development resources.

Environment

Failure to monitor and reduce greenhouse gas emissions, and lack of a specific, effective carbon reduction plan.

If the Company fails to formulate response strategies in accordance with government-promoted policies (such as internal carbon pricing, carbon fees, and net-zero pathways), subsequent input costs will gradually increase.

1. Formulate and implement corporate responsibility and sustainable development policy regulations.
2. Continuously monitor legal regulations and promptly update corporate policies and planning.
3. Establish an ESG project team for improvement initiatives.
4. Incorporate greenhouse gas considerations into technology development to minimize emissions.
5. Enhance awareness of greenhouse gases, such as the EU's emission reduction timeline.

Information Technology

When introducing data, inadequate analysis and risk assessment are conducted, leading to the direct adoption of information without proper evaluation.

Bias in machine learning affects data prediction results, leading to misinformed decision-making.

1. Privacy – Commit to safe and reliable artificial intelligence (AI) while ensuring compliance with relevant laws and fulfilling corporate, social, and ethical responsibilities.
2. Accountability and governance – Apply principles that prioritize social and ethical responsibilities in AI applications to prevent any human rights violations.
3. Apply review mechanism to continuously verify and supervise AI applications, implementing strong security controls to prevent accidental harm and malicious threats.
4. Ensure human oversight of AI. Help users understand AI functions and provide a transparent data process.
   1. Data identification – Machine learning outcomes, derived from historical data, will be regularly reviewed and verified with users.
   2. Identifying incorrect data and models – System personnel will make necessary corrections.
   3. Updating incorrect data and models – Re-run predictions after corrections to reduce biases generated by the model.

Social

When faced with Chinese national industries' talent attraction policies and the active talent recruitment strategies adopted by leading companies in the industry, if the Company fails to attract and retain employees, manpower loss will occur and the organization's operations and production will be affected.

1. Key talent drain or gap
2. The lack of required talents or skills shall impact the Company's operations.
3. Decreased business competitiveness
4. Failure to attract and retain talents shall affect the implementation of business plans.

1. Higher level managerial personnel nominate succession candidates in writing on a yearly basis based on candidates' work performance and personal characteristics. HR units provide planned training to strengthen the candidates' strengths for them to meet succession requirements.
2. Activate headhunting projects, and optimize recruitment plans to recruit key talents from external human resources.

PSMC is a technology-intensive company. We are well aware that our competitiveness is built on the security of our intellectual properties. PSMC set up an “Information Security Office”, which directly reports to the President. They have formulated "Information Security Policies" and "Information Security Management Measures" to regulate relevant measures undertaken to protect important information, including trade secrets and intellectual properties, while protecting correspondences with our customers. All information and documents sent between the Company and customers are strictly controlled and documented under the internal system. The approval and activation of the access level of personnel are handled in accordance with the relevant operational procedures of the systems.

Ensure the information security of the correspondences between the Company and its customers/partners, and thus protecting the interest of the Company and its stakeholders.

PSMC follows ISO 27001 to formulate information security policies and information security management methods, information security incident reporting and response procedures, and refers to government regulations to formulate business secret management methods, personal data management methods, etc. PSMC collects and analyzes the latest domestic and foreign information security-related information and regulations at any time to formulate or revise relevant management measures. We also regularly review the information security-related operating requirements to ensure compliance with security policies, continuously improving the company's information security management measures as the information risk situation evolves. Since the introduction of ISO 27001 Information Security Management System (ISMS), PSMC has established an active monitoring and reporting mechanism to respond to cybersecurity threats in a timely manner and ensure transparent communication with stakeholders, PSMC has aimed to establish the highest standards of information security that comply with international security regulations, customer requirements, relevant stakeholders expectations, and internal control.

PSMC has obtained ISO 27001 certification. The current certificate is valid from April 2023 to October 2025 and we pass the annual review and verification of ISO 27001. PSMC implements control measures from policy, management, system control and other aspects, follows the "Plan-Do-Check-Act" (PDCA) method, and establishes a multi-layered structure of defense in depth and key performance indicators for information security. Through continuous improvement, we ensure the integrity, confidentiality and availability protection of the company's information, prevent unauthorized access and tampering, and reduce information security risks caused by human negligence or malicious attacks.

The information security policy applies to all employees, and we regularly promote information security education, training, and responsibility advocacy to strengthen employees’ information security awareness and execution capabilities, and to ensure that all employees clearly understand their information security responsibilities. For third parties (including suppliers, outsourced service providers, etc.), the company has established information security contract terms and management requirements to ensure the security of shared information and infrastructure.

According to the "Information Security Policies", the Information Security Committee is composed of the representatives appointed by all relevant units who are responsible for formulating and implementing the Company's security control operations. The Committee holds meetings regularly to discuss and resolve issues related to information security, covering aspects on human resources, physical security, and information security. To ensure alignment between information security management and the Company’s operational goals, the Information Security Committee also regularly reports to the Sustainable Development Committee, which in turn presents relevant matters to the Audit Committee and the Board of Directors to strengthen the information security management mechanism. When major changes or an incident involving information security occurs, an emergency meeting is held. Each year, via training and internal announcements, the Company promotes and communicates the importance of information security to all its employees to implement its information security policy.

The facilities used in PSMC's daily production are in compliance with the domestic and foreign regulations and reference with actual needs of various plants. Security standards and control measures of plant machinery and equipment are compiled by the professionals of the Risk Department; ensuring industrial safety risks are controlled from the source.

Further, an Emergency Response Center (ERC) is established in all factories. Through an integrated disaster monitoring system, PSMC has more time to respond when disasters occur. Proper early response can not only reduce casualties and environmental pollution to the minimum, it can also substantially reduce equipment loss and increase the recovery of the factories.

To apply the correct and effective response measures in case of an emergency so as to minimize the casualties, property damage and impact on the environment due to an accident, PSMC has established the "Plant Disaster Emergency Response Measures" and formed and trained an emergency response team. The team is subjected to a departmental drill at least once every six months and a comprehensive (cross-departmental) drill once a year. General employees are subjected to one evacuation drill every year.

In response to the occurrence of abnormal accidents, it is necessary to evacuate the entire plant area and take attendance. In 2019, PSMC introduced an attendance taking system for emergency evacuation which assisted the commander to confirm whether the entire plant area has indeed been evacuated in 2019 for 12 inch fab (P1/2/3). After evaluating, in 2022, PSMC introduced the same system into 8A fab to strengthen the attendance taking for emergency evacuation at 8A Fab, and to reduce the search and rescue time of rescuers.

The progress of system introduction 12 inch fab (P1/2/3) in 2019 → 8 inch fab (8A) in 2022

In January 2018, in order to meet customer expectations and maintain the company's sustainable competitiveness, Powerchip Semiconductor Manufacturing Corporation (PSMC) launched a company-wide trade secrets protection project, under the direct supervision of the president and supervisors at all levels, to conduct a comprehensive inventory, classification and ranking of the company's trade secrets protection according to the six major aspects of the company's trade secrets protection, including production、sales、HR、R&D and finance information. We have established the management rules of trade secrets and the management rules of trade secrets of each unit. In addition, we also plan and implement systematic control measures for possible information leakage channels (see the figure below) and establish a weekly information security report mechanism to assist supervisors in early detection of abnormalities and prevention of leakage.

The Information Security Office will continue to educate and train employees to strengthen the awareness of trade secrets protection and continuously supervise and audit the implementation of trade secrets management in each unit.

In 2019, to reduce information security management costs and improve information security detection capabilities, PSMC has developed and built its own artificial intelligence robot security system(AIRS) using artificial intelligence technology, which can detect not only deliberately hidden, altered, or tampered trade secrets, but also similar trade secrets design drawings, test programs, and key intellectual property. When employees send out information (including printing and photocopying) containing suspected trade secrets, AIRS will take the initiative to notify the supervisor and the Information Security Office for confirmation and disposal.

Since 2019, AIRS has included 50,000 trade secret documents and 2,500 design drawings (see the figure below). During the covid-19 pandemic in Taiwan from 2021 to 22, PSMC implemented work from home (WFH) schedules to protect the health of employees and reduce the risk of operational disruption. During the WFH period, the remote working platform (Pteam) was designed and developed by PSMC to videotape the whole process during the work from home and integrate AIRS to carry out automatic intelligent detection. Taking into account the efficiency of work and the protection of trade secrets, PSMC has established a unique management model in the industry.

Since 2019, AIRS has included 50,000 trade secret documents and 2,500 design drawings (see the figure below). During the severe covid-19 epidemic in Taiwan from 2021 to 22, PSMC implemented several home work groups to protect the health of employees and reduce the risk of operational disruption. During the home office period, the remote working platform (Pteam) was designed and developed by PSMC to videotape the whole process during the work from home and integrate AIRS to carry out automatic intelligent detection. Taking into account the efficiency of work and the protection of trade secrets, PSMC has established a unique management model in the industry.

PSMC's sophisticated trade secret protection mechanism protects PSMC's intellectual assets as well as the intellectual crystals that PSMC works with its customers. This allows PSMC to maintain its competitive advantage and the motivation for sustainable innovation.