English 中文

Regulatory Compliance and Risk Management

Regulatory Compliance

We adopt a systematic approach to ensure that we comply with all applicable laws and regulations through the joint efforts of our Group and local management teams. Our Group Legal Department regularly monitors any changes in domestic and foreign laws and regulations, and conveys the updated statutes to the respective departments for regulatory identification of our local operations' compliance with applicable laws and regulations. To ensure the effectiveness of the regulatory identification, we invite third-party professionals to perform external audits on areas where compliance risks have increased to ensure that we fully comply with applicable laws and regulations.

All ASE employees, managers, supervisors and directors are responsible for complying with applicable laws. We continued to adjust our mechanisms and measures according to the changes in laws in all major areas, and inform all our members about company operation-related laws through education, training and announcements.

We consider legal compliance the main foundation of our sustainable development. In the future, we will strive to establish legal compliance risk reporting systems at all locations where we operate, to prevent any possible violations and respond to the increasingly stringent legal environment in a responsible and proactive manner. We strongly believe that a thorough understanding of the law and strict compliance are necessary to achieve sustainable development.

ASE's Regulatory Compliance Management Process

Risk Management

We manage risks through designated departments and functions ("risk functions") across all of our organizations. In addition, we implement Enterprise Risk Management ("ERM") at all group-level functional departments. We held a series of workshops which help participants to understand and to develop risk management skills, and to apply what they have learned to real-life ERM projects. Risks or events that might have an influence on our business objectives are identified and evaluated, in order to decide on appropriate responses. In addition, the identification and management of long-term emerging risks* are embedded into our ERM program. We have established the mechanism of prevention, early warning, emergency response, crisis management and business continuity plans that mitigate, transfer or avoid risks. We are confident that these mechanisms effectively kept the respective risk scenarios under control.

Our risk review process is described below. Corporate level and operational level risks are identified, prioritised and reported on risk registers*. Major risks are assessed in terms of risk level* and control effectiveness, and then mapped onto a Risk Map. In addition, a correlation analysis is conducted to analyze possible interdependence of the major risks. Furthermore, risk mitigation plans are defined to reduce the residual risk if judged necessary. The major risks, together with suitable risk response plans, are reported to top management, and the progress will be monitored quarterly. We introduced a top-down ERM approach to connect the top management with the rest of the organization on risk matters and ensure sound management of corporate-wide risks. Specifically, our top management are invited to identify key risks that are "top of mind" for the company. These top-down identified risks are then reviewed through our current ERM process, enhancing the efficiency and effectiveness of the decision-making process across the organization.

Risk Management Organization Scheme

Risk Management Process

Risk Management Integrated with Internal Controls and Internal Audits

We view internal controls as an important part of ERM. ERM is more effective with internal controls that cover risk responses and other ERM processes in place. We identify and document all of our major risks together with related controls. The effectiveness of controls are reviewed in the annual Control Self Assessment. In addition, we redesigned our risk assessment system and linked our current internal control activities to corresponding risk scenarios such that a complete list of internal control measures can be pre-defined in the system to help our risk functions to more accurately assess the effectiveness of risk control. Finally, our internal audit system carries out independent appraisals of the implementation of key risk mitigation plans by our risk functions thereby ensuring that risks are properly managed.

Long-term Emerging Risk

As ASE factories become fully-automated, the increased use of industrial robotics have made them the possible targets of cyberattacks. Possible attack scenarios range from the typical manipulation and sabotage of our production processes which could paralyze our entire production line, to theft of confidential information or extortion through ransomware. As our factories become more automated, our demand for smart devices, embedded systems, information transmission between devices and cloud service channels rise. As a result, even one or two viruses or loopholes may cause chaos and shut down our entire production line. Such a disaster would be accompanied by substantial financial losses and reputational damage to the firm. Faced with these severe security challenges, we collaborated with information security standard-setting professionals, software developers and information security experts to identify high risk system-level or software vulnerabilities, and formulate an effective cyber security strategy for protecting our automated factories.

As the tightening of environmental protection laws and regulations in the future may force our facilities to shut down production if they fail to meet these stricter environmental standards. In addition, new and pending laws and regulations related to the environment or climate change could increase our expenses or require us to alter our manufacturing processes, thereby affecting our operations. In response thereto, we continuously monitor the developments in regulations and improve on our business continuity management.

The United States is undergoing major political changes which has created uncertainty regarding future U.S. trade policies. If the United States raises tariffs on imports from China plant which uses China as its main production base may lose competitiveness due to increased production costs. Therefore, we continue to observe closely any changes in U.S. trade policies, devise production plans according to the latest worldwide taxation policies, monitor the intentions of our U.S. customers to seek new suppliers and assess the facilities that may be affected by the changes.

Financial Risk

Our exposure to interest rate risks relates primarily to our long-term floating rate loans, which is normally incurred to support our corporate activities and capital expenditures. We entered into several interest rate swap contracts to mitigate the interest rate risk on our longterm loans.

Exchange rate movements against the NT dollar, our functional currency, give rise to the risk of foreign currency exposure. To protect against reductions in value and the volatility of future cash flows caused by changes in foreign currency exchange rates, we utilize currency forward contracts and swap contracts from time to time to reduce the impact of foreign currency fluctuations on our results of operations.

This website uses Cookies to optimize your experience. By choosing to continue, you agree to the use of Cookies and our Cookie Term. To know more Cookies information as to how to enable and disable cookies, please see “How to change Cookies preferences or disable Cookies?” in our Cookie Term.

Accept Cookies