Sustainability
Structure and Operation of the Board

The 4th session of the board of directors (including independent directors) were elected during the 2020 Annual General Meeting held on May 27, 2020. The election of directors adopts the candidate nomination system in accordance with the Company’s “Memorandum and Articles of Association” and “Rules Governing the Election of Directors” with a term of office of three years. The 4th session of the board of directors is composed of 6 directors and 3 independent directors. Three board members are younger than 60 years old, three are between the ages of 60 and 69, and three are between the ages of 70 and 79. The board has one female director.

In consideration of assisting the board of directors with legal compliance, strengthening corporate governance, and building a culture of compliance, the Company appointed a dedicated Corporate Governance Officer to ensure company strategies conform to all legal and regulatory requirements. Regular board meeting should be called and chaired by the chairman at least quarterly in compliance with “Rules and Procedures of Board of Directors Meetings”. Meeting agenda and materials are circulated to directors 7 days before the meeting to ensure directors have sufficient information to involve in discussions and decision-making, and to facilitate the board to oversee and direct the Company and the management team. The Company specifically stated in the “Regulations Governing Evaluation of the Performance of the Board of Directors” that the average of directors’ attendance rate of board meeting and attendance rate of committees meeting on which the director serves shall reach no less than 80%. 11 board meetings were held in 2022, and the average attendance rate of all board members reached 99% (100% if attendance by proxy is included). The actual attendance rate of each director also exceeded 90%.

In order to effectively perform the functions of the Board of Directors and to improve the quality of decision-making by the Board of Directors, functional committees such as the Audit Committee, the Compensation Committee, the Corporate Governance Sustainable Development Committee, and the Risk Management Committee have been established under the Board of Directors by the authority and function thereof, and the Management Committee has been established under the Chairman of the Company to be responsible for discussions on important issues related to economic, environmental, and social risks.

The functional committees are either composed of independent directors or participated by independent directors, such that the decisions and recommendations of the committees are forward-looking, objective and thorough, and the mechanisms of independent supervision and checks and balances are effectively implemented to ensure that all resolutions and actions taken by the Board of Directors are reported and discussed by the Board of Directors. If a director has a related interest themselves or if the director represents a legal entity that is a stakeholder in a related interest, then the director should recuse themselves from the meeting. Some motions are also reported and discussed at the Shareholders' Meeting to act in the best interest of relevant stakeholders.

The Company has established “Audit Committee”, “Compensation Committee”, “Corporate Governance and Sustainable Development Committee” and “Risk Management Committee” under the board of directors. These committees enhance the function of the board of directors, improve the independence of supervision and protect the rights of shareholders. Except the “Risk Management Committee” was restructured by the board of directors on 10th April, 2023, the main responsibilities and status of each functional committee are as follows:

There are specific rules on handling situations in which a director’s own interests conflict with those of the Company in internal regulations. A director who is an interested party with respect to any agenda item of the board of directors cannot participate in discussion and voting nor hold a proxy for any other director on that agenda item and shall enter recusal during discussion and voting. Directors adhere to a high level of self-discipline and strict determination in recusing themselves from participating discussions and voting of proposals where a conflict of interest exists between the Company’s interests and the interests of a director or the legal entity that the director represents.

Professional Backgrounds of the 4th Session of the Board of Directors

The composition of the board of directors should take into account the Company’s mid- and long-term development strategy, overall configuration and diversification. The selection guidelines include but not limited to the followings: 

(1) Basic requirements and value: gender, age, race, nationality, and cultural background;

(2) Professional knowledge and skills: professional background, professional skills and industry experience.

The members of the 4th session of the board of directors have professional backgrounds covering finance, IT, Health Care, energy, legal and financial accounting, and have rich practical experience in corporate management, legal compliance, international taxation and corporate governance. They all have the expertise and abilities required to perform their duties. All directors are further provided with annual external training sessions that assist them to improve their professional capabilities and understanding of trending issues. In 2022, in response to continuous strengthening of information risk management, the topics of sessions included the governance and management of cybersecurity, and trade secrets protection. Every director received 6 hours of training, which was in line with the suggestions from external regulation. For details regarding the implementation of diversity and independence of the Board of Directors at the Company, please refer to the 2022 Annual Report of the Company.

Evaluation of the Performance of the Board of Directors

To fulfill corporate governance and enhance the effectiveness of the board of directors, the Company has established “Regulations Governing Evaluation of the Performance of the Board of Directors” pursuant to “Corporate Governance Best-Practice Principles”. The Company regularly conducts performance evaluations of the board of directors and functional committees in November annually for the evaluation period from November 1 of the preceding year to the end of October of the current year. The performance evaluation scope covers the performance of the Board as a whole, functional committees and individual directors. The performance evaluation was assessed based on the questionnaire on a scale of 1 to 5 (5 is the full score) with the assessment items as below:

If 90% of the measurement indexes reach 4 points or more, the internal performance evaluation result in a grade of “Exceed the Standard”; if more than 80% but less than 90% of the measurement indexes reach 4 points or more, the result shall be in a grade of “Meet the Standard”; if less than 80% of the measurement indexes reach 4 points or more, the result shall be in a grade of “Moderately Unsatisfactory”.

Please refer to the Company’s website for the board performance evaluation report of 2022 (https://www.chaileaseholding.com/en/CorporateGovernance/Directors).

Every three years, the Company commissions a third party to perform an external performance evaluation. In 2020, the Taiwan Corporate Governance Association (hereafter “TCGA”) was engaged to conduct board performance evaluation. The TCGA and execution experts have no business relationship with the Company and are independent. The evaluation procedures not only contained the review of written descriptions for assessment indicators and supporting documents, but also face to face meetings between the TCGA and directors, each functional committee convener, and top managements. The TCGA examined the operation of the board of directors and each functional committee from 8 aspects, including the composition, direction, authorization, supervision, and communication of the board, internal control and risk management, self-discipline of the board, board meetings and supporting system, based on its wide experience of corporate governance assessment. The Company obtained objective comments and suggestions from the Board Performance Evaluation Report issued by the TCGA on January 25, 2021. The Company reported TCGA’s suggestions related to above matters and measures to be taken to the board on March 10, 2021 and amended the “Regulations Governing Evaluation of the Performance of the Board of Directors” at the same meeting to enhance the operational efficiency of the board.

The Company sets sustainable business operation as core mission. In order to continuously improve corporate governance, strengthen risk control and fulfill ethical management, the Company implemented ISO 37001 “Anti-bribery management systems” in 2022 and the board resolved the formulation of “Anti-Corruption and Anti-Bribery Policy” as well as the amendments to “Ethical Corporate Management Best Practice Principles” and “Procedures for Ethical Management and Guidelines for Conduct”. Meanwhile, the board also resolved the implementation of the Company’s greenhouse gas inventory to further manage the carbon emissions for reducing energy use and carbon emissions.

The policy, criteria and composition of compensation payments, the procedures for setting compensation, and the relationship thereof to operating performance and future risks are as follows:
 
(I) Remuneration policies, standards, and packages:
1. Remuneration for directors shall observe Article 94 of Chailease Holding’s Articles of Association. The Board of Directors (BoD) shall consider suggestions from the Compensation Committee and industry standards to determine remuneration. Article 118 of our Articles of Association also rules that the BoD may distribute profit-sharing compensation to current directors in years when the company is profitable. Profit-sharing compensation to directors shall not exceed 0.1% of earnings before taxes for that accounting period (year). In compliance with "Rules for Performance Evaluation of Board of Directors," Chailease Holding conducts at least one internal performance evaluation annually and one external performance evaluation, by external independent agencies or experts/ scholar teams, every three years. Chailease Holding provide reasonable remuneration based on the company's performance, industry standards, and the result of performance evaluation of directors, which include but is not limited to individual contribution to company performance, attendance, and participation. Performance evaluations and remuneration both require approval from the Compensation Committee and BoD.
 
2. Remuneration for managerial officers shall observe Article 94 of our Articles of Association. The BoD shall consider suggestions from the Compensation Committee and industry standards to determine remuneration. Article 118 of our Articles of Association also rules that the BoD may distribute profit-sharing compensation to current employees in years when the company is profitable. Profit-sharing compensation to employees shall account for between 0.01%~1% of earnings before taxes for that accounting period (year).
 
Chailease Holding determines profit-sharing compensation for managerial offices based on performance evaluations in compliance with "Rules for Objective Management" and "Rules for Performance Review." KPIs for managerial officers fall under the two following categories. The company will then determine a profit-sharing compensation based on their managerial performance and review the remuneration scheme when necessary to reflect company performance and related regulations:
(1) Financial KPIs:
KPIs: Sales fulfillment, earnings before taxes (EBT) fulfillment, return on equity (ROE), delinquent ratio, remaining principal balance, net profit per personnel expense, and net profit ratio per capita.
In addition to evaluating KPI fulfillment toward annual targets, the company also considers KPI growth from the same period last year.
(2) Non-financial KPIs:
In addition to financial KPIs, the company also evaluates non-financial areas such as strategic objectives, risks to sustainable operations, corporate governance and material topics. The managerial officers' non-financial indicators also contain 10% of the sustainable development goals, including but not limited to the increase in the scale of solar power plant assets (including the simultaneous increase in the number of solar power plants and total power generation capacity), energy conservation, expand carbon inventory, and improvement of occupational safety and health prevention plans, etc. In addition, 10% of the Chailease common goals include but are not limited to energy conservation and departmental public service hours.
 
3. Remuneration packages at Chailease Holding include monetary compensation, stock options, stock bonus, pension plan, offboarding compensation, other allowances, and other measures providing actual compensation. The packages for directors and managerial officers shall be determined in compliance with the organizational rules of the Compensation Committee and shall remain consistent with the scope published in annual reports.
 
(II) Procedures for determining remuneration:
1. Directors are evaluated based on the "Rules for Performance Evaluation of Board of Directors" and managerial officers and employees are evaluated based on the "Rules for Objective Management " and "Rules for Performance Review." Results from the evaluations serve as the basis for regular evaluations of remuneration to directors and managerial officers.
2. The business strategies, HR policies, and payment capacity determine remuneration policies at Chailease Holding. The Compensation Committee and BoD also annually evaluate and review performance evaluations and remuneration for directors and managerial officers. In addition to individual KPI fulfillment and contribution to company performance, the company also considers overall business performance and future risks and development trends in the industry. In addition, the company monitors actual company operations and related regulations to review the remuneration scheme when necessary to thereby fulfill sustainable operations and risk control. The actual remuneration paid to directors and managerial officers in 2022 was deliberated by the Compensation Committee and then submitted to the BoD for deliberation and approval.
 
(III) Linkage to operating performance and future risk exposure:
1. To enhance the efficiency of the BoD and units under managerial officers, remuneration standards and schemes are evaluated primarily in consideration of the company's overall operations, while remuneration is determined by KPI fulfillment and contribution. In addition, the company refers to industry standards by regularly commissioning management consulting firms to survey compensation levels in the finance sector and using survey results to evaluate our own compensation standards and provide competitive compensation, ensuring that compensation to managerial officers is competitive to retain outstanding managerial officers.
 
2. To manage and regulate potential risks within the scope of their job functions and duties, the KPIs for managerial officers are connected to risk control. The results of performance evaluations are then considered in tandem with related HR and compensation policies. Material decisions from managerial officers at Chailease Holding shall be derived from careful consideration of various risk factors. The performance of related decisions will reflect in the company's profits and affect the compensation of managerial officers and their KPIs on risk control.
 
3. Long-term incentive plans for senior executives:
Chailease Holding established the "Officers Stock Ownership Trust Plan", in consideration of the plausibility of association with future risk exposure, to incentivize managerial officers to meet and exceed company targets, generate profits, and enhance business performance. The " Officers Stock Ownership Trust Plan" is mapped out with consideration to deferred reward, long-term reward, and Stock Ownership Requirement of Officers.
 
Bonuses to the CEO and other senior executives are primarily derived from the company's business performance, ESG, total shareholder return (TSR), and future risk factors. Deferred reward are capped at 20% of the year-end bonus from the previous year, which will be deposited into a dedicated Officers Stock Ownership Trust Plan account for payment deferral of at least 1 year. Distribution of deferred bonuses will be based on TSR fulfillment in comparison to the year's Finance and Insurance Sub-index compiled by the Taiwan Stock Exchange (TWSE), connecting bonuses for senior executives with long-term company’s performance and shareholder interests. In the event of material risk events impacting the company's goodwill or similar situations, the company may deduct or withhold bonuses according to the "Clawback Policy" depending on circumstances.
 
4. Future risks to company operations mainly stem from losses from bad debt, a factor of asset quality. Chailease Holding has established a Risk Management Department to handle and oversee assessments of asset quality for finance-related business units. The company will adjust the percentage of bad debt reserves for regular cases according to asset quality. When losses from bad debt increase, the individual performance and, therefore, bonuses of directors, presidents, and vice presidents will decrease accordingly.
Note 1: The "Officers Stock Ownership Trust Plan" is applicable to the same targets as the "Stock Ownership Guidelines".
Note 2: The average shareholding value of senior executives other than the President in 2022 was 37.5 times that of their total annual base salary.
 
The pension plan offered at Chailease Holding is also better than regulatory requirements (also applicable to regular employees) to encourage managerial officers to contribute and deliver their best efforts to Chailease Holding.

In response to revisions to the scope of Taiwan’s Money Laundering Control Act, which added financial leasing activities, the company will undertake to implement all legal requirements and procedures required of financial leasing companies. Chailease will do our utmost to coordinate with competent authorities. While fulfilling our corporate social responsibility, combating money laundering and terrorist financing, and minimizing costs. The abstract of combating money laundering and terrorist financing of 2022 for the overseas subsidiaries of the Company are as follows:

  • According to the website which is published by Taiwan and international standards, we renew the internal policy of the geographic area risk, Policy on customer identification and risk evaluation of customer. Customer Acceptance Policy – It includes Crime Description of Very High Threat Crime and Methodology of Customer Risk Assessment, and the "AML and CFT Questionnaire and Statement" is added to make sure some special products are in line with the KYC policy. The main reasons and contents of the amendments are summarized as follows:
    1. To regularly review the latest list of uncooperative tax jurisdictions by major international organizations such as UN, OFAC, FATF, EU,Corruption Perceptions Index (CPI), 2021 Basel AML Index, and 2021 National Money Laundering, Financing and Terrorism and Information Arms Expansion Risk Assessment Report (NRA), and to adjust the country and geographical risks of the customer risk assessment methodology;
    2. In response to the 2021 NRA report, change the types of very high threat money laundering and terrorism crimes from eight categories to ten categories, revise the description of very high threat crimes in the Customer Acceptance Policy, and adjust the types of very high threat crimes "drug trafficking, fraud, smuggling, tax crimes, organized crime, securities crimes, underground foreign exchange, illegal gambling (including Internet gaming), corruption and bribery, and Intellectual Property Crime;
    3. In view of the fact that the operational structure of Credit Linked Note(CLN) is different from that of our general financial products cases, and considering that the actual clients of CLN are financial institutions (brokerage firms) and the practical operations, we have added a new "Money Laundering Prevention and Anti-Financial Terrorism Questionnaire and Statement" with reference to item 17 of the FATF proposal, and have obtained the "Money Laundering Prevention and Anti-Financial Terrorism Questionnaire and Statement" from financial institutions instead. The FATF proposes to obtain the "AML/CFT Questionnaire and Statement" from financial institutions to understand the adequacy of KYC operations conducted by third-party financial institutions.
  • Starting from 2020, the Company has incorporated the results of money laundering prevention into the KPI projects of business and review units. After 3 years of implementation, front-line personnel have grown greatly in document collection and identification of documents. In addition, reviewing from the past assessment results and referring to the cases in each unit, the evaluation scores have been adjusted to effectively implement the internal AML operations.
  • The anti-money laundering management system has been lounged since Dec. 2020. The AML Section regularly reviews customer risks and related transaction monitoring alerts, and making the report which can realized how’s the AML/CFT condition of execution for the senior managers. Timely, use this reference to adjust the company's customer acceptance policy and risk policy.
  • In accordance with the “Implementation Measures for the Internal Control and Audit System for Preventing Money Laundering and Combating Capital Terrorism in the Handling of Financial Leasing Business Enterprises” issued by the Financial Supervisory Commission. The Company’s subsidiaries Chailease Finance Co., Ltd. and Fina Finance & Trading Co., Ltd. have  completed the first IRA for the FSC's review in 2020 and is scheduled to submit the second IRA for the FSC's review by the end of the first quarter of 2022; in addition, in order to ensure that the information in the Company's relevant IRA institutional risk assessment reports can still effectively present the results and report to the management on a regular basis. The IRA project has been set up by the dedicated unit to produce regular monthly reports for management to make adjustments to the Company's risk decisions and practices.
  • As of the end of December 2022, no suspected money laundering and terrorist transactions has been reported by the Company’s subsidiaries Chailease Finance Co., Ltd. and Fina Finance & Trading Co., Ltd.
Money Laundering Prevention Production Process

The AML/CFT management mechanism and continuous improvement aspects of the subsidiaries under the holding can be roughly divided into the following six aspects, including: institutional risk assessment, policies and procedures, customer due diligence, name checks, education and training, suspicious transactions/terrorist transaction reporting. Concrete actions are explained below:

The process management mechanism of the money laundering prevention manufacturing industry is explained as follows:

1.Institutional Risk Assessment Report (IRA)

In order to timely and effectively inform the management team of the Company’s overall money laundering and capital terrorism risks and to determine and develop the mechanisms that should be established and appropriate mitigation measures that should be taken, the Company refers to the FATF40 recommendations, and in accordance with international norms and trends, by introducing the Group’s consistent institutional risk assessment methodology through consultants to conduct institutional money laundering and capital terrorism risk assessments. The assessment targets include countries and regions, products and services, transaction and payment channels, and customer aspects, assessing inherent risks, control measures and residual risks of the overall organization, understanding its own risks and formulating action plans (items to be improved) based on the report results. The corporate risk assessment report should be submitted to the board of directors and then reported to the competent authority for review. In addition, the action plan (items to be improved) in the corporate risk assessment report should be reported to the board of directors on a regular basis to track its implementation effectiveness. The board of directors also makes suggestions or provides certain support based on specific facts, and establishes a culture of the board of directors focused on money laundering prevention and combating capital terrorism.

2.Policies and Procedures

In order to comply with external regulations, such as the Money Laundering Prevention Law, the Capital Terrorism Prevention Law, and the Measures for the Prevention of Money Laundering by Financial Institutions, new internal regulations and amendments were established in 2022. The adjustments made to important regulations are listed below:

3.Customer Due Diligence

Measures are taken to identify customers, including collecting, updating, and storing information. These procedures include identifying the actual beneficiaries of business households and those with family members and close relationships with people with important political positions. We have adopted the principles of risk-based approach (RBA), review on a risk-based basis, focus on major money laundering high-risk customers and transactions with risk grading, and implement different intensity review mechanisms (CDD, EDD) to effectively allocate resources, such as identifying high risks customers’ needs to take enhanced due diligence to confirm their funding needs and main sources of repayment, and the establishment of business relationships with high-risk customers requires review and approval by senior management. In the second half of 2023, we expect to establish a business relationship with non-face-to-face source business (such as Invoice-Bizloan service, etc.), taking into account the special characteristics of the products and the distribution of customers, in addition to the general CDD procedures, if there is a high-risk situation, we will recognize the purpose of the demand and establish a business relationship only after certain approval of the supervisor.

4.Name Check

When establishing a business relationship, the Company is to perform name checking operations on customers and persons related to them (person in charge, guarantee company/person, substantial beneficiary, and supplier). The name check database (Dow Jones database) is divided into domestic categories list of foreign sanctions (including but not limited to the sanctions lists published by the Office of Overseas Assets Control (OFAC) of the U.S. Department of the Treasury, the United Nations, the European Union, and China), people in important political positions at home and abroad, their family members, and people with close relationships (hereinafter referred to as Domestic and foreign PEPs) and negative news related to money laundering. If the database is updated, all customers will be checked on the incremental list in night batches every day. Whether it is the establishment of a business relationship or the batch name checking, the list information will be reviewed and released by the operator. If it is a sanction list, no business relationship is to be established and should be notified immediately. If it is domestic and foreign PEPs, the customer risk should be raised to a high-risk customer, and regular review operations are to be performed every year. If it is involved in negative money laundering news, it should be confirmed whether it is a very high-threat crimes in the National Risk Assessment Report (NRA) If so, it should be strengthened to confirm the use of funds and the source of repayment, and it can only be undertaken after approval by senior management. In addition, since The National Risk Assessment Report (NRA) was updated on Dec.2021, the company will follow it and update the company’s Policy for verifying customers’ identity. In 2022 the "Eight very high-threat crimes" have been revised to "Very high-threat crimes".

In addition, the Company has also established a group self-built list sharing mechanism, and when a business relationship is established or a self-built list is added, the list will be checked.

5.Suspicious Transaction or Terrorist Transaction Detection and Report.

Regarding transaction monitoring, when conducting transactions or establishing business relationships, dedicated personnel will analyze and collect data on potential high-risk customer alerts in a risk-based spirit, referring to customer industries, channel sources, business departments, and transaction activities whether it conforms to past habits, keep a record of the investigation process, and implement strengthened control measures, improve the level of transaction approval and strengthen due diligence. After investigation and analysis, the dedicated staff will submit suspicious activity reports to the Ministry of Justice Investigation Bureau of the clients or transaction activities that may be involved in money laundering or terrorist activities. Since the outsourcing system was launched in December 2020, relevant alarm cases have been collected and the dedicated unit has taken advantage of the subsequent control of related risks in addition to the future plans and measures of money laundering. Since the outsourcing system went online in December 2020, the dedicated money laundering prevention unit has been continuing to collect relevant alarms and regularly review the validity of the relevant parameters. In 2021, different parameters were set according to the size of each business unit and the specific characteristics of the products operated, and resources were focused on identifying the more suspicious patterns to effectively control the relevant risks.

6.Education and Training

In order to strengthen money laundering prevention and anti-capital terrorism education training courses and deepen the awareness of all personnel to prevent money laundering, each year, all colleagues (including new recruits), dedicated personnel, directors and senior management personnel, legal compliance, auditing and first-line business are divided into categories according to the nature of their business to arrange appropriate education and training for the prevention of money laundering and anti-capital terrorism.

In addition, dedicated supervisors have obtained internationally recognized anti-money laundering specialist (CAMS) licenses and regularly receive relevant training in the courses (including online training) held by internationally recognized anti-money laundering specialists. In response to international trends and changes in laws and regulations, understanding the most money laundering prevention and anti-terrorism operations and making adjustments accordingly. Relevant education and training are as follows:

7.Independent Audit and Review System

The audit unit conducts effectiveness tests on the three major areas of personnel control (organization), policies, operating standards, and money laundering prevention system every year, issues an audit report to the board of directors, and regularly tracks the improvement of each unit in response to the audit results. In 2022 independent audit, some nonconformities were found in the subsidiaries (Chailease Finance, Fina Finance), and the responsible department has completed the improvement.

8.Regularly Report AML/CFT Execution Business Reports

The dedicated unit shall report to the board of directors and supervisors an overview of the implementation of money laundering prevention and anti-terrorism operations every year. The annual report shall at least cover changes in laws and regulations, operation execution overviews and reports on important implementation projects of the current year. If a major violation of money laundering prevention laws and regulations is found, it will be immediately reported to the board of directors and supervisors. Directors and supervisors are to discuss and give suggestions based on the content of the report. After the meeting, if there are matters that need to be improved and tracked, the money laundering prevention unit shall regularly report the improvement progress to the board of directors and supervisors to establish the Company’s complete system and culture of money laundering prevention and combating capital terrorism.

"Trust" and "discipline" are major cornerstones of our corporate culture, and employees are strictly held to high moral standards in undertaking work for the company. They are charged with embodying the corporate philosophy in their daily work, and every employee has the responsibility of maintaining the company's good reputation and honoring laws and regulations, avoiding conflicts of personal interest with company interest, guarding the confidentiality of company and client information, and acting according to the letter and spirit of all relevant laws and regulations. Major operational and managerial actions of the company are grounded in disclosure of information, adherence to law, risk management and honest operations.

Since 2011 when the Chailease Holding was publicly listed on the Taiwan Stock Exchange, it has participated in Company Information Disclosure Evaluation. After three years of continuous efforts, the rank of the Company has improved to the best A ++ rating. In the process, the Company implemented relevant laws and regulations, improved the establishment of policies and guidelines, and voluntarily disclosed Information in order to enhance the transparency of information. The Company also participated in the Corporate Governance Evaluation, which was conducted by the Taiwan Stock Exchange and the Taipei Exchange. Of the 1,617 listed companies that participated, Chailease Holding ranked in the top 5% in 2014, 2016-2020 and 2022.

In addition to publicly disclosing revenue on a monthly basis as stipulated by law, before the 25th day of every month, Chailease Holding voluntarily announces its profit situation in order to give the investing public a more immediate grasp of its revenue and profits. The company website completely discloses all significant information, including complete financial operations, important resolutions from the board of directors and important regulations, all of which provides complete information disclosure services. To ensure a complete public disclosure mechanism, a clear internal implementation process has been established and responsibility has been divided up. The information is classified according to type and attribute and the relevant business units are responsible for it. An internal division of labor, reviews, and a confirmation mechanism all ensure the accuracy of the information. In 2018, the company also amended the Chailease Holdings Information Announcement and Application Procedures. The Regulatory Compliance Unit also publicly provides information relevant to external laws and regulations and accordingly modifies the information for the other business units’ reference.

When Chailease Holding went public in 2011, it voluntarily raised its regulatory compliance standards. Just like financial institutions, it established special business units to develop regulatory compliance management practices. Other major subsidiaries, including Chailease Finance Co., Ltd. and Chailease International Finance Corporation, also developed regulatory compliance management practices. They regularly hold regulatory compliance training and awareness programs to ensure their operations and products comply with internal and external regulations. In addition, they conduct annual internal regulatory compliance inspections and report the results to the board of directors.

In 2018, Chailease created the dedicated position of Corporate Governance Officer. At the same time, the Chailease Holding Legal Department, Secretarial Office, and Administrative Department duties were adjusted. Corporate governance employees in the Secretarial Office and Administrative Department, in matters of corporate governance, are under the jurisdiction of the Legal Department. The Corporate Governance Officer oversees the Legal Department as it implements corporate governance. In addition to statutory corporate governance, the Corporate Governance Officer also coordinates the company’s legal affairs.

The Corporate Governance Officer is in charge of corporate governance affairs, including but not limited to, ensuring the Company’s operation and internal policies will comply with the most recent requirement provided by relevant regulation or laws, conducting regular legal compliance internal training for targeted department, conducting the legal compliance self-examination of this year. The results of legal compliance self-examination in 2022 are in compliance with the laws and regulations, and there were no significant instances of non-compliance with laws and regulations in 2022 (No violation of the laws will impact the daily operation of the Company.)

Internal Control System

The internal control systems of the company are management processes designed by its managers, passed by its board of directors, and implemented by the board of directors, managers, and the rest of employees for purpose of promoting sound operations of the company, so as to reasonably ensure that the following objectives are achieved:

1. Effectiveness and efficiency of operations.

2. Reliability, timeliness, transparency, and regulatory compliance of reporting.

3. Compliance with applicable laws, regulations, and bylaws.

 In response to international trends in taxation and governance, and to fulfill its corporate social responsibility, Chailease has set a "Tax Governance Policy" to manage tax strategies and affairs. Related policies can be found in the official corporate governance rules for the company.

 

 

 

 

Note:

  1. The Company is established in the British Cayman Islands, and has established subsidiaries in Taiwan, China, Hong Kong, Thailand, Vietnam, Malaysia, Singapore, Philippines, Cambodia, Indonesia, Britain, the United States, Liberia, British Virgin Islands, Mauritius, and other places.
  2. Please refer to the reinvestment information in the annual report for detailed organization and main business operations in each region.
  3. Revenues from unrelated party: after deduction of parent-subsidiary income.
  4. Net profit before tax: after deduction of dividends from subsidiaries and income from investment.
  5. Taiwan and Mainland China area: Current income tax expense was higher than income tax expense in 2022. This is mainly due to deferred income tax asset arising from temporary differences in impairment loss on account receivables.
  6. United Kingdom and Mauritius: Because the UK and Mauritius respectively hold subsidiaries in Taiwan and Mainland China, their income tax expenses and income tax paid are mostly derived from the subsidiary's dividend income. As a result, the income tax rates skew higher.
  7. Mauritius: The income tax expense of in 2022 is low than last year. This is primarily due to the Company has been implemented the China subsidiaries restructuring plan and the effective income tax rate reflecting the tax on capital gain.

 

 

 

Note:

  1. The Company is established in the British Cayman Islands, and has established subsidiaries in Taiwan, China, Hong Kong, Thailand, Vietnam, Malaysia, Singapore, Philippines, Cambodia, Indonesia, Britain, the United States, Liberia, British Virgin Islands, Mauritius, and other places.
  2. Please refer to the reinvestment information in the annual report for detailed organization and main business operations in each region.
  3. Revenues from unrelated party: after deduction of parent-subsidiary income.
  4. Net profit before tax: after deduction of dividends from subsidiaries and income from investment.
  5. Taiwan area: Current income tax expense was low in 2021. This is primarily due to the Taiwan subsidiary has invested in overseas subsidiaries and the surplus has not been repatriated. This part of the income tax expense is listed as deferred tax liability.
  6. United Kingdom and Mauritius: Because the UK and Mauritius respectively hold subsidiaries in Taiwan and Mainland China, their income tax expenses and income tax paid are mostly derived from the subsidiary's dividend income. As a result, the income tax rates skew higher.
  7. Mauritius: The income tax expense of in 2021 is much higher than last year. This is primarily due to the Company plans to implement the China subsidiaries restructuring plan and the effective income tax rate reflecting the tax on capital gain.

The Covid-19 outbreak in 2022 caused a sharp slowdown in world growth; and the risk of wider restrictions on the movement of people, goods and services, reduced business and consumer confidence, as well as slowed down production. When facing the overall economic environment, we always uphold the concept of risk management in order to take advantage of industry developments and future prospects. By ways of adopting a decentralized customer base, decentralized industry exposures, and through geographic dispersion, we effectively lower the risk of any market changes that might happen.

Key subsidiaries have established Risk Management Committees that meet quarterly, to maintain a robust and effective risk management mechanism and formulate risk management policy. The Committees also manage and supervise financial assets, effectively manage potential risks arising from all company business, and make adjustments to the normal ratio of allowance for bad debts based on the asset quality. In addition, there is a model to assess client credit risk, while there are two methods for evaluating credit risks for corporate financing and micro-enterprises; both were awarded a patent by the Taiwan Intellectual Property Office.

Organization of Chailease Holding Risk Management Structure

Emerging Risks

Based on the emerging risks mentioned in the World Economic Forum 2022 Global Risk Report, the categories of emerging risks are increasing year by year and the probability of occurrence is increasing. In order to strengthen the management of emerging risks, the company has established an emerging risk identification and management procedure, and then assess the impact and likelihood of risks, and formulate mitigation measures based on important emerging risks, and implementation results are regularly followed up on and reviewed.

1.Emerging risk identification process

2.Emerging risk matrix

Based on the emerging risks mentioned in the World Economic Forum 2022 Global Risk Report, a matrix of emerging risks is drawn according to the degree of impact and probability of occurrence of the risks. Chailease Holdings proposes mitigation measures for emerging risks with significant impact.

According to Ethical Corporate Management Principles, and with integrity serving as the basis for policies, a prevention program was created and all employees signed an undertaking agreeing to comply with company rules. Moreover, in 2014, Ethical Corporate Management Best-Practice Procedure and Code of Conduct were issued. Acts of bad faith, benefits, and a reward system were specified in order to standardize employee business practices and to assign special units responsible for maintaining and implementing integrity management. All new recruits must attend the course on the Ethical Corporate Management Best-Practice Procedure and Code of Conduct and regular training was also provided for existing employees.

In order to implement the ISO 37001 Anti-Bribery Management System and reinforce the Company’s ethical management goal, in 2022, the Company has amended the “Ethical Corporate Management Best Practice Principles “and “Procedures for Ethical Management and Guidelines for Conduct”, the amendments mainly include channeling the reporting method for different event, anti-corruption and anti-bribery matters and the preservation of relevant documents, and the Company will report such amendments during the annual general meeting in 2023. Currently, the scope of the ISO 37001 Anti-Bribery Management System is Chailease Holding Company Limited, the Company will evaluate the possibility of extending the scope of the system to subsidiaries.

Legal department is the responsible authority for handling ethical management matters. Moreover, as to implement the relevant ethical management policies, the Company has implemented the ISO 37001 Anti-Bribery Management System, and formulated the “Anti-Corruption and Anti-Bribery Policy”, the prevention of corruption and bribery, the guidance for the stakeholders so as to prevent the corruption and bribery, the establishment of the ethical management policy, and the implementation of corporate social responsibility and sustainability are set forth in the Policy.

As stated in Article 3 of the company's "Ethical Corporate Management Best Practice Principles": "When engaging in commercial activities, directors, supervisors, managers, employees, and mandataries of the Company and its subsidiaries or  persons having substantial control over such companies ("substantial controllers") shall not directly or indirectly offer, promise to offer, request or accept any improper benefits, nor commit unethical acts including breach of ethics, illegal acts, or breach of fiduciary duty ("unethical conduct") for purposes of acquiring or maintaining benefits.

Moreover, Article 10 of the aforesaid Principles addresses regulations governing commercial activities: "Prior to any commercial transactions, the Company shall take  into consideration the legality of its agents, suppliers, clients or other trading counterparties and whether any of them are involved in unethical conduct, and shall avoid any dealings with persons so involved. " Consequently, all bribes (Article 11) and improper gains (Article 14) are explicitly forbidden.

On the other hand, the company's "Procedures for Ethical Management and Guidelines for Conduct" further stipulates how cases of improper gain shall be handled (Article 7) as well as the method for assessment of integrity before establishing a business relationship with a customer (Article 17) and how to avoid transactions with dishonest parties (Article 19).

Liability Insurance for Our Directors

The company’s policy regarding director insurance goes beyond current legal requirements. Since going public in 2012, the company has purchased liability insurance for our directors. In August 2017, during a special shareholder meeting, the Articles of Association were revised to add retired directors to the scope of compensation, while indemnity agreements shall also be signed by each director. At the same time, the company purchases Directors and Officers Liability Insurance to prevent erroneous actions taken by directors and supervisors and company officers in the process of their executive duties to cause damages to third parties and provide them with a means to pursue a claim. The insurance also helps to mitigate financial risks to the company caused by litigation and ensure healthy company operations.

Employee Integrity Risk

Insurance for "Employee Integrity Risk", with the company listed as the insured, prevents and protects against dishonest actions by employees which might cause grave damage to the company (such as legal or financial accounting personnel), and cause the loss of company assets or assets the company is charged to steward. This will offset operational risk onto an insurance liability, reducing losses to the company and thereby protecting shareholder interests.

Whistleblowing System and Protection of Whistleblower

The Company and its subsidiaries have established the Whistle-Blower Policy, Procedures for Protecting Whistle-Blower, the Regulations of Prevention, Correction, Complaint and Punishment of Sexual Harassment, and the Regulations of Prevention, Correction, Complaint and Punishment of Unlawful Violations in Workplace have also been established as well. Personnel within and people outside of the company can report improper actions, corruption, or actions in violation of the Code of Conduct through the channels of the established public hotlines, the e-mail mailboxes on the official website and internal websites, and the traditional mailbox. The Whistle-Blower Policy specifies the dedicated receiving units, the independent investigation units, and the acceptance and investigation schedule for misconduct and malpractice. If the unlawful infringement (includes: discrimination, sexual and non-sexual harassment) has been verified, Chailease may transfer, demote, cut pay, punish employees or impose other punishments on the employees based on relevant regulations such as working rules, depending on the severity of the unlawful infringement. If the investigation result shows that a criminal case, Chailease will help complainants take legal actions, and transfer the case to judicial authorities.

After being verified without false allegation or incomplete information, the report or the complaint raised will be investigated by the independent investigation unit depending on the nature of the report or the complaint. When the allegations of the report or the complaint is substantiated, the appropriate disciplinary action in accordance with the Company’s Personnel Reward and Punishment Regulations will be taken. Internal publicity to comply with the Company’s discipline and regulations will be enhanced.

The “Procedures for Protecting Whistle-Blower”require that the whistleblower should be kept strictly confidential. All information disclosed during the course of investigation should remain confidential.

In order to implement the ISO 37001 Anti-Bribery Management System, the Company has amended the “Whistle-Blower Policy “and “Procedures for Protecting Whistle-Blower”, the amendments mainly include adding and channeling the reporting method for different event, regulating different investigation items for different level of the management, and strengthening the whistle-blower protection.

Statistical Diagram of Events in violation of the Company's Discipline or Regulations

Among the concerns or complaints raised to the Company and its subsidiaries in the year of 2022, 29 reported cases have been investigated and substantiated. The employees who violated the Company’s discipline or regulations have been punished in accordance with the Company’s Personnel Reward and Punishment Regulations and internal publicity has been carried out.(Note: 49 employees involved in the above 29 cases represent approximately 0.55% of the total population of the Company’s 8,972 employees by the end of 2022.)

Responding to the UNGC Response Strategy

Although the Company is not a member of the United Nations Global Compact (UNGC), it still responds to the UNGC's response strategy. Regarding the ten principles of UNGC, the Company's corporate rules and statements are as follows.

In order to effectively promote information security work, the Company established the “Information Security Committee” in accordance with the “Regulations for Information Security Policy,” to take charge of promoting and governing information security, monitoring and managing information security risks, and reporting major information security incidents. The Committee shall hold a meeting at least once a year and may hold a meeting to report major decisions to the Board of Directors, if necessary.

In 2022, according to the “Regulations Governing Establishment of Internal Control Systems by Public Companies”, set up Chief Information Security Officer, information security supervisor, and information security dedicated department. Professional information security personnel will coordinate the information security management system and compliance, information security analysis and monitoring, threat and vulnerability management, incident response, etc.

Information Security Policy

Considering relevant business development and demands, the Company established the “Information Security Policy” to strengthen the management of information security, build a safe and reliable information operating environment, and ensure information, system, equipment and network security. Moreover, the Company also stipulated “Guidelines for the Management of Information Security” and other management regulations and established control systems, in accordance with relevant matters stated in the policy. For the content of relevant policies, please refer to the Important Articles of Incorporation for Company Governance on the company website.

Information Security Status of Implementation

In accordance with the provisions of Article 8 and 9 of the "Regulations Governing Establishment of Internal Control Systems by Public Companies", Chailease has established internal control systems and related operational specifications for information circulation and other management environment, including personal information, and computerized information system. Simultaneously, to comply with the provisions of Article 13 of the Regulations, our company information and communication security inspection is included in the annual audit plan.

    Self-Risk Evaluation and Check of Internal Control Systems by Operation Units

In order to implement the self-supervision mechanism of information communication safety, ensure the implementation of the information cycle and personal information processing-related internal control systems can be adjusted in time in response to changes in the environment, so as to reduce the risk of negligence in information communication safety operations. In accordance with relevant internal and external laws, regulations, and risk assessment results, each unit decides on its own assessment procedures and methods. The frequency of execution depends on the nature of the work of each unit. It must be handled at least once a year, and the defects and abnormalities found in the assessment will be proposed for improvement. The results of the self-assessment are sent to the internal audit unit for review and review of the implementation of the self-assessment.

    Control of Information Flow Security Audit and Inspection

The independent internal audit department shall draft an annual information security audit and inspection plan according to the results of self-risk evaluation and risks of each operation unit. This audit and inspection plan shall be submitted to the management and the internal audit department shall conduct due diligence based on the plan. Reports of due diligence will be submitted to the management. Defects and recommendations thereof will be tracked and improved within a due date.

    Information Security Training

Each unit's new recruits are required to attend education and training classes encompassing courses of specific information security, the company's internal rules, related laws, cybercrime, and general knowledge of information security. Each year, information technology-related departments shall establish an annual education and training program and arrange personnel to participate in external workshops accordingly. Those participating in training courses will also need to pass relevant professional examinations. We also arrange companies with expertise to introduce (or educate about) important information security projects and conduct related case studies.

Information Processing Flow Chart

Regarding the management of the information service processing procedure, Chailease takes information management as its basis and builds demand management, incident management, problem management, change management, requisition form management, online management, knowledge management, and usability management, supplemented by risk management orientation, from the demands of information services at the user end to the final completion online or solutions to problems or demands, to keep close tabs on information security.


Information Security Resources Devoted for Newcomers

As cyber-attacks increased and the method of attack became complex, many information security problems in enterprises have occurred. Hence, the government and competent agencies have increased the requirement on enhancing risk management of information security in enterprises. However, to prevent threats and attacks, the promotion and education on the information security awareness of internal personnel are among the key factors for successful information security policy implementation, in addition to the application of technological tools. Regarding this matter, when newcomers arrive - in addition to providing relevant internal professional knowledge - the Company also asks them to complete necessary relevant information security training, to take precautionary measures. Moreover, the overall training completion rate is 100%. Employees who have joined the company have also completed the relevant information security training requirements and with a 100% coverage rate. 100% of Company employees in security-related roles have completed relevant security training requirements.

Measures for Managing Information Security Incidents

Information unit provided gateways and terminal protection function, as well as quarantine alert for the virus program. Moreover, the unit can further detect external suspicious intrusion behavior through network flow control and analysis. In addition, to improve threat detection speed and response time, XDR (Extended Detection and Response) was introduced in 2021 to collect and automatically cross-correlate data from multiple protection layers to provide faster threat detection through more rapid information security analysis, and to improve investigation and response time.

Set up a dedicated department for information security in 2022 and formulate daily information security inspection operations to ensure that all information security equipment can perform detection and defense capabilities as expected. Discover and eradicate potential external and internal threats information security risk by analyzing the warning signs and records generated by the equipment. Integrate information security equipment with operating processes to prevent threats before they happen.

Completed the vulnerability scanning of the servers and the penetration test of the main website in 2022. Through outsourcing professional information security vendors, we conducted in-depth security inspections from a third-party perspective, and implemented a vulnerability repair plan based on the risk reports produced afterwards. The frequency of information security testing is twice a year to ensure real-time control of new vulnerabilities and threats.

Completed the phishing e-mail drill in 2022. Phishing emails designed to be close to current events and hacker attack methods simulated were sent to all employees to test their information security vigilance and awareness. After statistical analysis of the drill results, information security education and training materials were designed, and regular release information security announcement to help employees to understand the latest social engineering techniques, so that information security culture can be integrated into all employees. In the future, social engineering drills and training will be institutionalized to continuously improve the overall level of information security awareness.

Enterprise Mobility Management (EMM) was gradually introduced in 2022. When employees use mobile devices to send and receive emails or perform remote connection operations, the authority is minimized and controlled according to the principle of “Need to know”, and ensure that no storing of data in endpoints. In other words, to truly protect the company operational information and customer personal information, it will not be possible to store company data externally from mobile devices.

To prevent impact from changes due to epidemic and comply with relevant epidemic prevention regulations, the Company adjusted the exercise format to one disaster recovery environmental testing and related application system recovery exercise in 2021. In 2022, two disaster recovery environment drills were conducted in accordance with the regulations, one for the information department recovery drill and one for the remote recovery about information department and the front end and back end. This exercise is to provide the best protection measures for the enterprise s internal systems and data, minimize the recovery time from system interruptions and reduce the data loss caused by operational interruptions through reasonable means and methods. In 2022, there were no fines or operational losses due to information equipment problems.

In view of the fact that information security is a major risk issue in the operation of enterprises, in order to prevent and respond to the possible impact of information security incidents, an information security management system is established for the information used in the organization so as to properly protect the confidentiality, integrity and availability of information.

When the enterprise pursues continuous operation, and complies with the international standard management system to achieve the goal of organizational operation safety, thereby enhancing customer trust and becoming the most reliable partner:

  • The ISO 27001 information security management system (ISMS) was introduced in 2021, and renewal was passed in 2022, maintaining the validity of the international certification with a continuous optimization attitude.
  • The Payment Card Industry Data Security Standard (PCI-DSS) was qualified in 2022, which meet the security requirements of international card associations, ensuring that cardholder information is securely protected in the three stages of "transmission", "processing" and "storage" to guarantee the security of customers' personal data and enhance confidence.