PSMC stipulates the company's "Risk Management Policies and Procedures" and "Risk Management Committee Organization Regulations" in accordance with the "Risk Management Code of Practice for Listed OTC Companies" announced by Taiwan Stock Exchange Co., Ltd. on August 8, 2022, and approved by the board of directors on December 20, 2022, as the highest guiding principle of the company's risk management.

The risk management process of PSMC covers five major elements, and internal audits and reviews of the risk identification process are conducted regularly each year to ensure the effectiveness of the risk management process and related controls.

The members of the PSMC risk executive team include marketing/business, R&D, strategic planning, intellectual property, legal affairs, operating center, factory affairs, procurement, human resources, finance, accounting, risk control, industrial safety and environmental protection, and information security. Comprehensively evaluate the risks of enterprises based on the four aspects of strategy, operation, finance and labor security.

PSMC Risk Management Committee Organization has approved by the board of directors on December 20, 2022. July 2023 - The progress of risk management and risk identification projects of high-level concern have been reported to the Sustainable Development Committee for the first time. September 2023 - In order to strengthen the functions of the board of directors and improve the company's risk management and control, the organization structure of Risk Management Committee was adjusted and the Audit Committee was appointed to supervise the corporate risk management. December 2023 - The Audit Committee and the board of directors have completed the annual risk management report based on the annual risks of concern and related action plans summarized by each unit in 2023. In the future, it will follow the relevant management policies, procedures and procedures, and announce the relevant operation status.

We use the operational impact analysis method to identify the Company's key operations and the possible impact these operations may cause and to establish an optimal operation recovery time. We analyze these key operations using operation impact.

Through risk assessment charts, we analyze the potential threats, weaknesses and consequences of these hazards individually within operations, and understand the existing prevention and detection control measures. Then according to the seriousness level of the analysis level chart, occurrence analysis chart, risk level judgment standards, we can determine and grasp the operating risks and establish risk control policies to reduce risks.

Operational risk diagnosis is made by the joint evaluation and diagnosis of all units; these include plant affairs, risk management, manufacturing, engineering, automation, information management, property management, purchasing, sales, production management, finished products, finance, human resources, and quality customer service.

To restore operations back to normal in the shortest time possible in the event of a major incident or crisis, PSMC has formulated crisis management plans and recovery plans on certain crises such as power and water shut-down for an extensive period, severe fires, destructive earthquakes, climate changes, interruption of raw material supplies, shortage of labor, hacking of the information system and key equipment malfunctioning; themed drills are carried out each year.

Interest expense as a percentage of net operating income for 2021 and 2022 is 1.06% and 0.92%, respectively, which is a small percentage for each period. This is mainly due to the interest incurred by the Company in financing its borrowings from financial institutions for operating needs and capital expenditures, and although market interest rates fluctuate, they do not yet have a material adverse effect on the Company's revenue and profitability. The Company observes and analyzes the impact of interest rate changes in the financial market on the cash flows generated from all interest-bearing liabilities, maintains good relationships with banks, and evaluates the interest rate risk of all interest-bearing liabilities in a timely manner in order to reduce the impact of interest rate changes on the Company's profit or loss.

The Company's net foreign currency exchange gain (loss) as a percentage of net operating revenues for 2021 and 2022 is (0.32)% and 1.61%, respectively. Since the Company's capital expenditures and production costs are mostly paid in U.S. dollars or Japanese yen, and its revenues are mainly in U.S. dollars, excessive fluctuations in exchange rates will have an adverse impact on the Company. Therefore, depending on the changes in the exchange rate market, physical location and capital position, the Company adopts a natural hedge position and uses spot foreign exchange transactions and forward exchange agreements to hedge the exchange rate risk to the extent permitted by the policy.

The Company has not been materially affected by inflation, and the Company keeps an eye on market price fluctuations and maintains good interactions with suppliers and customers to avoid inflation affecting overall profitability.

PSMC has established "Procedures for Lending Funds to Other Parties", "Procedures for Endorsements/Guarantees" and "Procedures for the Acquisition or Disposal of Assets" which serve as the basis of compliance for the Company. PSMC has not engaged in high-risk and high-leverage investments, lending funds to other parties and extending endorsements/guarantees.

PSMC mainly engages in derivative transactions to mitigate the exchange rate risks for USD-NTD and JPY-NTD. The risk arises from assets and liabilities in foreign currencies. The derivative transactions are risk mitigating in nature and are strictly subjected to the "Procedures for the Acquisition or Disposal of Assets", which serves as the basis of compliance for these transactions. As such, PSMC is not exposed to major risks.

The facilities used in PSMC's daily production are in compliance with the domestic and foreign regulations and reference with actual needs of various plants. Security standards and control measures of plant machinery and equipment are compiled by the professionals of the Risk Department; ensuring industrial safety risks are controlled from the source.

Further, an Emergency Response Center (ERC) is established in all factories. Through an integrated disaster monitoring system, PSMC has more time to respond when disasters occur. Proper early response can not only reduce casualties and environmental pollution to the minimum, it can also substantially reduce equipment loss and increase the recovery of the factories.

To apply the correct and effective response measures in case of an emergency so as to minimize the casualties, property damage and impact on the environment due to an accident, PSMC has established the "Plant Disaster Emergency Response Measures" and formed and trained an emergency response team. The team is subjected to a departmental drill at least once every six months and a comprehensive (cross-departmental) drill once a year. General employees are subjected to one evacuation drill every year.

In response to the occurrence of abnormal accidents, it is necessary to evacuate the entire plant area and take attendance. In 2019, PSMC introduced an attendance taking system for emergency evacuation which assisted the commander to confirm whether the entire plant area has indeed been evacuated in 2019 for 12 inch fab (P1/2/3). After evaluating, in 2022, PSMC introduced the same system into 8A fab to strengthen the attendance taking for emergency evacuation at 8A Fab, and to reduce the search and rescue time of rescuers.

The progress of system introduction 12 inch fab (P1/2/3) in 2019 → 8 inch fab (8A) in 2022

PSMC is a technology-intensive company. We are well aware that our competitiveness is built on the security of our intellectual properties. PSMC set up an “Information Security Office”, which directly reports to the President. They have formulated "Information Security Policies" and "Information Security Management Measures" to regulate relevant measures undertaken to protect important information, including trade secrets and intellectual properties, while protecting correspondences with our customers. All information and documents sent between the Company and customers are strictly controlled and documented under the internal system. The approval and activation of the access level of personnel are handled in accordance with the relevant operational procedures of the systems.

Ensure the information security of the correspondences between the Company and its customers/partners, and thus protecting the interest of the Company and its stakeholders.

PSMC follows ISO 27001 to formulate information security policies and information security management methods, information security incident reporting and response procedures, and refers to government regulations to formulate business secret management methods, personal data management methods, etc. PSMC collects and analyzes the latest domestic and foreign information security-related information and regulations at any time to formulate or revise relevant management measures. We also regularly review the information security-related operating requirements to ensure compliance with security policies. Since the introduction of ISO27001 Information Security Management System (ISMS, Information Security Management System), PSMC has aimed to establish the highest standards of information security that comply with international security regulations, customer requirements, relevant stakeholders and internal control!

PSMC has obtained ISO 27001 certification. The current certificate is valid from April 2023 to October 2025 and we pass the annual review and verification of ISO 27001. PSMC implements control measures from policy, management, system control and other aspects, follows the "Plan-Do-Check-Act" (PDCA, Plan-Do-Check-Act) method, and establishes a multi-layered structure of defense in depth and information security key Performance indicators, continuous improvement, and reduction of information security risks caused by human negligence or malicious attacks.

According to the "Information Security Policies", the Information Security Committee is composed of the representatives appointed by all relevant units who are responsible for formulating and implementing the Company's security control operations. The Committee holds meetings regularly to discuss and resolve issues related to information security, covering aspects on human resources, physical security, and information security. When major changes or an incident involving information security occurs, an emergency meeting is held. Each year, via training and internal announcements, the Company promotes and communicates the importance of information security to all its employees to implement its information security policy.

In January 2018, in order to meet customer expectations and maintain the company's sustainable competitiveness, Powerchip Semiconductor Manufacturing Corporation (PSMC) launched a company-wide trade secrets protection project, under the direct supervision of the president and supervisors at all levels, to conduct a comprehensive inventory, classification and ranking of the company's trade secrets protection according to the six major aspects of the company's trade secrets protection, including production、sales、HR、R&D and finance information. We have established the management rules of trade secrets and the management rules of trade secrets of each unit. In addition, we also plan and implement systematic control measures for possible information leakage channels (see the figure below) and establish a weekly information security report mechanism to assist supervisors in early detection of abnormalities and prevention of leakage.

The Information Security Office will continue to educate and train employees to strengthen the awareness of trade secrets protection and continuously supervise and audit the implementation of trade secrets management in each unit.

In 2019, to reduce information security management costs and improve information security detection capabilities, PSMC has developed and built its own artificial intelligence robot security system(AIRS) using artificial intelligence technology, which can detect not only deliberately hidden, altered, or tampered trade secrets, but also similar trade secrets design drawings, test programs, and key intellectual property. When employees send out information (including printing and photocopying) containing suspected trade secrets, AIRS will take the initiative to notify the supervisor and the Information Security Office for confirmation and disposal.

Since 2019, AIRS has included 50,000 trade secret documents and 2,500 design drawings (see the figure below). During the covid-19 pandemic in Taiwan from 2021 to 22, PSMC implemented work from home (WFH) schedules to protect the health of employees and reduce the risk of operational disruption. During the WFH period, the remote working platform (Pteam) was designed and developed by PSMC to videotape the whole process during the work from home and integrate AIRS to carry out automatic intelligent detection. Taking into account the efficiency of work and the protection of trade secrets, PSMC has established a unique management model in the industry.

Since 2019, AIRS has included 50,000 trade secret documents and 2,500 design drawings (see the figure below). During the severe covid-19 epidemic in Taiwan from 2021 to 22, PSMC implemented several home work groups to protect the health of employees and reduce the risk of operational disruption. During the home office period, the remote working platform (Pteam) was designed and developed by PSMC to videotape the whole process during the work from home and integrate AIRS to carry out automatic intelligent detection. Taking into account the efficiency of work and the protection of trade secrets, PSMC has established a unique management model in the industry.

PSMC's sophisticated trade secret protection mechanism protects PSMC's intellectual assets as well as the intellectual crystals that PSMC works with its customers. This allows PSMC to maintain its competitive advantage and the motivation for sustainable innovation.

The world is witnessing a wave of industrial carbon reduction, aiming to achieve the goal of net zero emissions by 2050. Companies are investing in carbon reducing activities to continue to reduce direct greenhouse gas emissions from their business activities, joining major carbon reduction initiatives such as the global corporate renewable energy initiative (RE100), the global Science-Based Targets Initiative (SBTi), and participating in a variety of international sustainability competitions, demonstrating the commitment of global companies toward the goal of net zero carbon emissions. In addition, companies are beginning to demand carbon reductions from their suppliers to ensure that the entire value chain is moving toward net zero emissions. In addition to the RE100 and SBTi initiatives, this wave of carbon reduction has become mainstream globally, with many international organizations and governments joining in, including the EU's “European Green Deal” for “carbon neutrality” initiative, demonstrating the efforts and commitments made by global parties towards achieving sustainable development.

If we fail to reduce carbon emissions, we will not be able to keep up with the international trend and will thus affect the evaluation scores. In addition, the authorities are also planning to promote the implementation of carbon pricing, which will also increase additional costs if carbon reduction is not successful. In addition to PSMC, it is also necessary to further require suppliers to jointly reduce carbon emissions in order to reduce overall carbon emissions in the supply chain.

PSMC continues to plan its carbon reduction blueprint and is actively promoting carbon reduction in its supply chain. This effort will help drive carbon reduction in the global industry and ensure that we can achieve sustainable development.

In order to keep pace with the international trend and to achieve the goal of carbon reduction, PSMC is actively planning the installation and use of renewable energy. We have established the Green Energy Project Team to promote the installation of renewable energy and the acquisition of renewable energy certification. In 2023, PSMC plans to build its own 3MW solar power plant off-site. By increasing the use of renewable energy, we aim to reduce indirect greenhouse gas emissions throughout the Company and move toward a vision of net zero carbon emissions. In the future, PSMC will continue to enhance its ability to use renewable energy and increase energy use efficiency in order to reduce its carbon footprint and meet the expectations of its stakeholders. While responding to the international trend of carbon reduction, the Company also demonstrates its determination to move forward on the path of sustainable development.

The main objective of the CHIPS for America Act is to strengthen the localization of the semiconductor industry in order to reduce geopolitical risks and to combat the speedy rise of China in the advanced semiconductor manufacturing process by implementing more stringent export control measures. This will affect companies in Taiwan's semiconductor supply chain, as China is an important customer and market for Taiwan's semiconductor industry. As a result of the U.S. policy, Taiwan semiconductor companies may need to adjust their strategies and sales models to the Chinese market. In addition, another potential impact of the CHIPS for America Act on Taiwan's semiconductor supply chain is the intensification of global competition in the semiconductor industry.

The U.S. will join hands with Japan, Taiwan, and South Korea to form a Chip 4 alliance to further restrict technology and equipment exports to the Chinese semiconductor industry. This will intensify global competition in the semiconductor industry and cause drastic changes in the semiconductor supply chain.

The CHIPS for America Act restricts the supply of high-end chips to China and prohibits the export of high-end equipment to China in order to prevent the manufacture of high-end chips. Chinese chip makers are shifting their production capacity to supply mid- and low-end chips, and Chinese IC design companies may also switch to a domestic supply chain, putting the Company at risk of losing Chinese customers.

The following measures will be taken by PSMC to mitigate the impact of this risk through supply chain replacement solutions and sales management expansion:

1. xpand Customer Base - Expand cooperation with non-China customers, increase external sales channels, and reduce dependence on the Chinese market. We are also actively pursuing return orders from risk-diversified customers to diversify risks.
2. Strengthen Supply Chain Resilience - PSMC can plan a comprehensive and diversified supply chain through cooperation with other suppliers to avoid over-dependence on the Chinese supply chain.
3. Enhance Technological Standards - Through continuous improvement of our own technological standards and product quality, we aim to increase customer loyalty and market competitiveness. This will help maintain long-term customer relationships and mitigate risks when market conditions are unstable.
4. Keeping Track of Policy Changes - We will pay close attention to policy changes, understand the policy environment of each country's market, and adjust our strategy in time to adapt to market changes.

As employees are the Company’s important assets, we take good care of employees’ health to maintain our competitiveness; and therefore have listed preventing infectious diseases as a part of our daily operations, and conduct risk assessment according to potential epidemic scenarios and have devised a contingency plan for epidemic prevention and response. Moreover, we actively collect information on and pay attention to the development trends of diseases as the basis for employee health management and countermeasures while conducting annual reviews and adjustments to ensure the feasibility of the countermeasures.

Through the efforts of relevant units and employees, although COVID-19 is still a pandemic, we can effectively keep track of our employees’ conditions and take measures early. We will continue this vigilant spirit to ensure that all partners working in PSMC receive complete health care to achieve the goal of "win-win outcome for work and health", thereby strengthening PSMC’s overall competitiveness.

In response to the potential impacts of COVID-19 on the Company, the Department of Risk Management has been paying attention to the development of the pandemic since the end of 2019, and had begun to provide appropriate health education to our employees to avoid false information. When the pandemic was gradually escalating, we mobilized our response team, composed of members from the Health Center, Human Resources Department, the Information Management Department, the Operation Planning Department, the Procurement Department, the Public Relations Department, and the General Affairs Department, to launch disease prevention according to the epidemiology, and to implement the measures below at different stages gradually while reviewing and adjusting them regularly to respond to changes in the pandemic.

1. We promoted employees’ voluntary health management and announced pandemic prevention measures in cooperation with the government’s policy. We also conducted voluntary monitoring and asked employees to wear masks if necessary, and responsible units would follow up on the situation. Employees with a high risk of infection were listed as targets for tracking, and we would provide them with relevant assistance.
2. We strengthened the cleaning and disinfection of the public areas of each plant and provided disinfection supplies for our personnel, and conducted body temperature measurement and confirmed disease-related information for all vendors/visitors before entering the plant.
3. Informed vendors of our pandemic prevention measures pertaining to them. Employees with a high risk of infection should wear masks at work; employees should avoid unnecessary business trips and reduce/decline visits from personnel from high-risk areas.
4. We implemented alternative measures, such as working in different areas, work from home, video conferencing, etc., to reduce the risk of exposure to the virus.
5. We launched various preparatory tasks for impact on our operations, including supply chain confirmation, disinfection of products upon entry and exit, product inventory and storage, communication with customers, and communication with the media.