PSMC stipulates the company's "Risk Management Policies and Procedures" and "Risk Management Committee Organization Regulations" in accordance with the "Risk Management Code of Practice for Listed OTC Companies" announced by Taiwan Stock Exchange Co., Ltd. on August 8, 2022, and approved by the board of directors on December 20, 2022, as the highest guiding principle of the company's risk management.

The risk management process of PSMC covers five major elements, and internal audits and reviews of the risk identification process are conducted regularly each year to ensure the effectiveness of the risk management process and related controls.

The members of the PSMC risk executive team include marketing/business, R&D, strategic planning, intellectual property, legal affairs, operating center, factory affairs, procurement, human resources, finance, accounting, risk control, industrial safety and environmental protection, and information security. Comprehensively evaluate the risks of enterprises based on the four aspects of strategy, operation, finance and labor security.

PSMC Risk Management Committee Organization has approved by the board of directors on December 20, 2022. July 2023 - The progress of risk management and risk identification projects of high-level concern have been reported to the Sustainable Development Committee for the first time. September 2023 - In order to strengthen the functions of the board of directors and improve the company's risk management and control, the organization structure of Risk Management Committee was adjusted and the Audit Committee was appointed to supervise the corporate risk management. December 2023 - The Audit Committee and the board of directors have completed the annual risk management report based on the annual risks of concern and related action plans summarized by each unit in 2023. In the future, it will follow the relevant management policies, procedures and procedures, and announce the relevant operation status.

We use the operational impact analysis method to identify the Company's key operations and the possible impact these operations may cause and to establish an optimal operation recovery time. We analyze these key operations using operation impact.

Through risk assessment charts, we analyze the potential threats, weaknesses and consequences of these hazards individually within operations, and understand the existing prevention and detection control measures. Then according to the seriousness level of the analysis level chart, occurrence analysis chart, risk level judgment standards, we can determine and grasp the operating risks and establish risk control policies to reduce risks.

Operational risk diagnosis is made by the joint evaluation and diagnosis of all units; these include plant affairs, risk management, manufacturing, engineering, automation, information management, property management, purchasing, sales, production management, finished products, finance, human resources, and quality customer service.

To restore operations back to normal in the shortest time possible in the event of a major incident or crisis, PSMC has formulated crisis management plans and recovery plans on certain crises such as power and water shut-down for an extensive period, severe fires, destructive earthquakes, climate changes, interruption of raw material supplies, shortage of labor, hacking of the information system and key equipment malfunctioning; themed drills are carried out each year.

Interest expense as a percentage of net operating income for 2022 and 2023 is 0.92% and 1.42%, respectively, which is a small percentage for each period. This is mainly due to the interest incurred by the Company in financing its borrowings from financial institutions for operating needs and capital expenditures, and although market interest rates fluctuate, they do not yet have a significant adverse effect on all revenue and profitability. PSMC will monitor and analyze in a timely manner the cash flow impact generated from interest rate changes in the financial market on all of the Company's interest-bearing liabilities, maintain good relationships with banks, and conduct timely assessment of the potential interest rate risks which the interest-bearing liabilities are subject to, thereby reducing the impact of interest rate changes on the year's profit / loss.

PSMC's net foreign currency exchange gain (loss) in 2022 and 2023 accounted for 1.61% and (0.19) % of the year's net operating revenue respectively. Since the Company's capital expenditure and manufacturing costs are mainly paid in US dollars or Japanese yen, and most revenue comes from US-dollar income, its revenue performance is significantly influenced by exchange rate fluctuations. In response to this risk, by considering exchange rate changes in the market and the Company's actual positions and funding status, PSMC adopts natural hedging strategies and uses spot foreign exchange transactions and forward foreign exchange contracts to hedge exchange rate risks within the scope permitted by the Company's policies.

With the interference by factors such as inflation, destocking, etc. in the industries, the global market demand became slacked in 2023. In response to this situation, PSMC keeps monitoring price fluctuations in the market, and maintaining good interactions and relationships with suppliers and customers to actively adapt to the slack-off impact caused by inflation to the Company's overall profit performance.

PSMC has established "Procedures for Lending Funds to Other Parties", "Procedures for Endorsements/Guarantees" and "Procedures for the Acquisition or Disposal of Assets" which serve as the basis of compliance for the Company. PSMC has not engaged in high-risk and high-leverage investments, lending funds to other parties and extending endorsements/guarantees.

PSMC mainly engages in derivative transactions to mitigate the exchange rate risks for USD-NTD and JPY-NTD. The risk arises from assets and liabilities in foreign currencies. The derivative transactions are risk mitigating in nature and are strictly subjected to the "Procedures for the Acquisition or Disposal of Assets", which serves as the basis of compliance for these transactions. As such, PSMC is not exposed to major risks.

Geopolitics

The U.S. chip sanctions on China's semiconductors might work to a certain extent, yet they have forced Chinese government to expand investment in the semiconductor industry. As a result, the local momentum in China has increased rapidly, particularly the mature processes above 28nm, which have already posed a threat to Taiwan's second-line wafer fabs.

Product lines' total demand amount is shared by competitors, which will affect the long-term growth of the businesses between the Company and customers, and will even result in a drop in revenue due to a shrinkage in some low-price products' order quantities.

1. Continue to develop customized processes based on current technology level and customers' needs to enhance customer stickiness.
2. Plan the development of advanced process platforms to widen the competitive gap.
3. Pay regular visits to customers (and customers' customers) to understand market status and stay on top of customers' needs in a timely manner, which will help the Company stay one jump ahead of competitors to launch new products and enjoy the bonuses for first movers.
4. Optimize processes based on existing platforms to meet customers' needs and optimize cost competitiveness.

Social

Without joining the RE100 100% renewable energy initiative, the Company shall not be able to promise customers the compliance with industrial trend requirements, which will bring the risk of losing customers in the future.

Taiwan's major foundries have joined the RE100, but PSMC has not yet express its stance on this issue, which may affect the perception and reputation given by the public and customers to the Company.

1. The Company has formed a Green Energy Project Team, and has set RE30 by 2030 as a phased goal. Additionally, the Green Electricity Plan is reviewed on a weekly basis, and green electricity certificates have been purchased.
2. Discuss green energy issues in green energy weekly meetings. Supervisors in charge of relevant projects will submit project proposals to ESG quarterly meetings, which shall then be submitted to higher supervisory personnel for finalization. The 2050 RE100 goal has been included in the Sustainability Report.

Social

When faced with Chinese national industries' talent attraction policies and the active talent recruitment strategies adopted by leading companies in the industry, if the Company fails to attract and retain employees, manpower loss will occur and the organization's operations and production will be affected.

1. Key talent drain or gap
2. The lack of required talents or skills shall impact the Company's operations.
3. Decreased business competitiveness
4. Failure to attract and retain talents shall affect the implementation of business plans.

1. Higher level managerial personnel nominate succession candidates in writing on a yearly basis based on candidates' work performance and personal characteristics. HR units provide planned training to strengthen the candidates' strengths for them to meet succession requirements.
2. Activate headhunting projects, and optimize recruitment plans to recruit key talents from external human resources.

PSMC is a technology-intensive company. We are well aware that our competitiveness is built on the security of our intellectual properties. PSMC set up an “Information Security Office”, which directly reports to the President. They have formulated "Information Security Policies" and "Information Security Management Measures" to regulate relevant measures undertaken to protect important information, including trade secrets and intellectual properties, while protecting correspondences with our customers. All information and documents sent between the Company and customers are strictly controlled and documented under the internal system. The approval and activation of the access level of personnel are handled in accordance with the relevant operational procedures of the systems.

Ensure the information security of the correspondences between the Company and its customers/partners, and thus protecting the interest of the Company and its stakeholders.

PSMC follows ISO 27001 to formulate information security policies and information security management methods, information security incident reporting and response procedures, and refers to government regulations to formulate business secret management methods, personal data management methods, etc. PSMC collects and analyzes the latest domestic and foreign information security-related information and regulations at any time to formulate or revise relevant management measures. We also regularly review the information security-related operating requirements to ensure compliance with security policies. Since the introduction of ISO27001 Information Security Management System (ISMS, Information Security Management System), PSMC has aimed to establish the highest standards of information security that comply with international security regulations, customer requirements, relevant stakeholders and internal control!

PSMC has obtained ISO 27001 certification. The current certificate is valid from April 2023 to October 2025 and we pass the annual review and verification of ISO 27001. PSMC implements control measures from policy, management, system control and other aspects, follows the "Plan-Do-Check-Act" (PDCA, Plan-Do-Check-Act) method, and establishes a multi-layered structure of defense in depth and information security key Performance indicators, continuous improvement, and reduction of information security risks caused by human negligence or malicious attacks.

According to the "Information Security Policies", the Information Security Committee is composed of the representatives appointed by all relevant units who are responsible for formulating and implementing the Company's security control operations. The Committee holds meetings regularly to discuss and resolve issues related to information security, covering aspects on human resources, physical security, and information security. When major changes or an incident involving information security occurs, an emergency meeting is held. Each year, via training and internal announcements, the Company promotes and communicates the importance of information security to all its employees to implement its information security policy.

The facilities used in PSMC's daily production are in compliance with the domestic and foreign regulations and reference with actual needs of various plants. Security standards and control measures of plant machinery and equipment are compiled by the professionals of the Risk Department; ensuring industrial safety risks are controlled from the source.

Further, an Emergency Response Center (ERC) is established in all factories. Through an integrated disaster monitoring system, PSMC has more time to respond when disasters occur. Proper early response can not only reduce casualties and environmental pollution to the minimum, it can also substantially reduce equipment loss and increase the recovery of the factories.

To apply the correct and effective response measures in case of an emergency so as to minimize the casualties, property damage and impact on the environment due to an accident, PSMC has established the "Plant Disaster Emergency Response Measures" and formed and trained an emergency response team. The team is subjected to a departmental drill at least once every six months and a comprehensive (cross-departmental) drill once a year. General employees are subjected to one evacuation drill every year.

In response to the occurrence of abnormal accidents, it is necessary to evacuate the entire plant area and take attendance. In 2019, PSMC introduced an attendance taking system for emergency evacuation which assisted the commander to confirm whether the entire plant area has indeed been evacuated in 2019 for 12 inch fab (P1/2/3). After evaluating, in 2022, PSMC introduced the same system into 8A fab to strengthen the attendance taking for emergency evacuation at 8A Fab, and to reduce the search and rescue time of rescuers.

The progress of system introduction 12 inch fab (P1/2/3) in 2019 → 8 inch fab (8A) in 2022

In January 2018, in order to meet customer expectations and maintain the company's sustainable competitiveness, Powerchip Semiconductor Manufacturing Corporation (PSMC) launched a company-wide trade secrets protection project, under the direct supervision of the president and supervisors at all levels, to conduct a comprehensive inventory, classification and ranking of the company's trade secrets protection according to the six major aspects of the company's trade secrets protection, including production、sales、HR、R&D and finance information. We have established the management rules of trade secrets and the management rules of trade secrets of each unit. In addition, we also plan and implement systematic control measures for possible information leakage channels (see the figure below) and establish a weekly information security report mechanism to assist supervisors in early detection of abnormalities and prevention of leakage.

The Information Security Office will continue to educate and train employees to strengthen the awareness of trade secrets protection and continuously supervise and audit the implementation of trade secrets management in each unit.

In 2019, to reduce information security management costs and improve information security detection capabilities, PSMC has developed and built its own artificial intelligence robot security system(AIRS) using artificial intelligence technology, which can detect not only deliberately hidden, altered, or tampered trade secrets, but also similar trade secrets design drawings, test programs, and key intellectual property. When employees send out information (including printing and photocopying) containing suspected trade secrets, AIRS will take the initiative to notify the supervisor and the Information Security Office for confirmation and disposal.

Since 2019, AIRS has included 50,000 trade secret documents and 2,500 design drawings (see the figure below). During the covid-19 pandemic in Taiwan from 2021 to 22, PSMC implemented work from home (WFH) schedules to protect the health of employees and reduce the risk of operational disruption. During the WFH period, the remote working platform (Pteam) was designed and developed by PSMC to videotape the whole process during the work from home and integrate AIRS to carry out automatic intelligent detection. Taking into account the efficiency of work and the protection of trade secrets, PSMC has established a unique management model in the industry.

Since 2019, AIRS has included 50,000 trade secret documents and 2,500 design drawings (see the figure below). During the severe covid-19 epidemic in Taiwan from 2021 to 22, PSMC implemented several home work groups to protect the health of employees and reduce the risk of operational disruption. During the home office period, the remote working platform (Pteam) was designed and developed by PSMC to videotape the whole process during the work from home and integrate AIRS to carry out automatic intelligent detection. Taking into account the efficiency of work and the protection of trade secrets, PSMC has established a unique management model in the industry.

PSMC's sophisticated trade secret protection mechanism protects PSMC's intellectual assets as well as the intellectual crystals that PSMC works with its customers. This allows PSMC to maintain its competitive advantage and the motivation for sustainable innovation.

As employees are the Company’s important assets, we take good care of employees’ health to maintain our competitiveness; and therefore have listed preventing infectious diseases as a part of our daily operations, and conduct risk assessment according to potential epidemic scenarios and have devised a contingency plan for epidemic prevention and response. Moreover, we actively collect information on and pay attention to the development trends of diseases as the basis for employee health management and countermeasures while conducting annual reviews and adjustments to ensure the feasibility of the countermeasures.

Through the efforts of relevant units and employees, although COVID-19 is still a pandemic, we can effectively keep track of our employees’ conditions and take measures early. We will continue this vigilant spirit to ensure that all partners working in PSMC receive complete health care to achieve the goal of "win-win outcome for work and health", thereby strengthening PSMC’s overall competitiveness.

In response to the potential impacts of COVID-19 on the Company, the Department of Risk Management has been paying attention to the development of the pandemic since the end of 2019, and had begun to provide appropriate health education to our employees to avoid false information. When the pandemic was gradually escalating, we mobilized our response team, composed of members from the Health Center, Human Resources Department, the Information Management Department, the Operation Planning Department, the Procurement Department, the Public Relations Department, and the General Affairs Department, to launch disease prevention according to the epidemiology, and to implement the measures below at different stages gradually while reviewing and adjusting them regularly to respond to changes in the pandemic.

1. We promoted employees’ voluntary health management and announced pandemic prevention measures in cooperation with the government’s policy. We also conducted voluntary monitoring and asked employees to wear masks if necessary, and responsible units would follow up on the situation. Employees with a high risk of infection were listed as targets for tracking, and we would provide them with relevant assistance.
2. We strengthened the cleaning and disinfection of the public areas of each plant and provided disinfection supplies for our personnel, and conducted body temperature measurement and confirmed disease-related information for all vendors/visitors before entering the plant.
3. Informed vendors of our pandemic prevention measures pertaining to them. Employees with a high risk of infection should wear masks at work; employees should avoid unnecessary business trips and reduce/decline visits from personnel from high-risk areas.
4. We implemented alternative measures, such as working in different areas, work from home, video conferencing, etc., to reduce the risk of exposure to the virus.
5. We launched various preparatory tasks for impact on our operations, including supply chain confirmation, disinfection of products upon entry and exit, product inventory and storage, communication with customers, and communication with the media.