We appointed the Corporate Governance and Nomination Committee that is under the direct management of the Board of Directors as the dedicated unit for ethical management to be in charge of the establishment, supervision, and implementation of the ethical management policy. The regulatory compliance and corporate governance unit under the direct management of the President shall assist the Corporate Governance and Nomination Committee to promote and execute the ethical management policy. The compliance status of the ethical management shall be reported to the Board of Directors every year. Relevant personnel are given regular training to deliver the concept of the ethical management and cultivate corporate culture of ethical management.
To ensure the corporate culture of ethical management and its sound development as well as the establishment of good business operating structure, the Company formulated “Ethical Corporate Management Best Practice Principles” and “Operating Procedures for Ethical Management and Conduct Management Policy” through the resolution by the Board of Directors to prohibit all forms of unethical behaviors, including improper gifts or hospitality. We also formulated “Methods Governing Gifts and Hospitality” to restrain our employees receiving gifts or hospitality. Anyone who receive gifts or hospitality with a value over NT$3,000 or unable be to evaluated objectively should declare it to HQ Regulatory Compliance Office. Besides, we established diverse whistleblowing channels. Anyone who has objective evidences for reasonably believing our employees may involve crime, fraud, or violation of laws when performing their duty is welcomed to submit a complaint. Investigation on HQ and branch companies shows there is no fraud, insider trading, anti-competitive behavior, anti-trust behavior, incidents related to ethical management in the market operated in 2023.
All the Company’s directors and office and field personnel signed the declaration of complying with the ethical management policy, and we also requested contractors to sign on the “letter of integrity commitment”. We also established a conflict of interest prevent mechanism for domestic equity product investment. The relevant personnel for domestic equity product investment shall ensure the business is conducted based on the interest of customers as well as fully perform the principles of honesty and integrity to avoid any behaviors that conflict with our investment profits or other behaviors that are unfavorable to the Company’s business reputation or interest. Relevant personnel are required to sign the declaration letter. The directors in the Company all signed the letter.
Board of Directors is the Company’s highest decision-making unit for the establishment of effective risk management system and takes the ultimate responsibility of the total risk management. Board of Directors shall make decisions according to the overall operating environmental and strategy and ensure the effective operation of the risk management mechanism. The Risk Management Committee is established under the direct management of the Board of Directors. It currently consists of 5 directors and an independent director acts as the convenor.
The Committee is responsible for formulating risk management policy and procedures, executing risk management decided by the Board of Directors, and reporting the implementation of total risk management to the Board of Directors every quarter. Besides, it controls various risks, sets up relevant management indicators, and coordinates the interaction and communication among cross-unit risk management functions. In addition, Board of Directors approved by resolution to set one Chief Risk Officer to handle overall risk management encountered by the Company. We also have Risk Management Department to be in charge of daily risk control, measurement, evaluation, and other affairs relate to execution. It is an independent unit from business units to perform its duties.
Through rigorous design and various qualitative and quantitativemechanisms, we identify, measure, control/ report, andrespond to the risks that the Company may encounter andimplement corporate risk management cycle. With variousfindings discovered during the process, we optimize the controlmechanism step by step to establish proper risk managementstructure.
- Market risk limit control of the overall investment portfolio (including equity and foreign exchange risk limits)
- Stock loss and profit warning and stop-loss mechanism
- Regular execution of pressure testing
- Credit risk control of the overall investment portfolio
- Monitoring credit risk limits by country, industry, and issuer
- Capital current ratio and cash flow management
- Monitoring the duration and convexity of assets and liabilities
- Monitoring capital current ratio
- Reinsurance planning
- Product structure design and adjustment
- Reserve risk management
- Establishing and controlling sales limits
- Risk and control self-assessment(RCSA)
- Key risk indicator(KRI)
- Disaster backup
- Important core system security control
- Establishing information security code of conduct
- Reporting and managing regulatory compliance incidents
- Implementing the Methods Governing Climate Change Risk
- Management step by step according to project planning
- Establishing project teams to actively implement relevant regulations
- Regularly reviewing progress and results of trial balance and adjusting relevant packages according to the demand
- Business continuity management plans
- Standard operating procedures for handling operational abnormality
- Critical accident reporting regulations
- Business crisis responding measures
To implement information security management, the Company formulated “Information Security Policy” and “Information Security Code of Conduct” as well as established intrusion prevention system, network firewall, website content filter, endpoint protection, email audit, log management, and database auditing management system for information security control. Abnormal incidents detected will be investigated, and its cause, scope of impact, and handling measures shall be recorded on the “abnormal incident analysis report” and be reviewed and checked regularly every month. In 2019, the company also completed an “information Security Governance Maturity Assessment”.Besides, we introduced ISO27001 Information Security Management System and BS10012 Personal Information Management System and conduct information security assessment regularly every year to fulfill workplace information security and personal data protection and reduce the risk of sensitive information disclosure.
We appointed Chief Information Security Office to oversee information security policy promotion and matters relatedto resource allocation. We also set up an information security dedicated unit and its manager to be in charge of planning, monitoring, and executing information security management tasks. Every year, the overall information securityimplementation of the previous year will be issued an internal control system declaration letter jointly by the Chairman,President, Chief Auditor, HQ Compliance Officer, and Information Security Officer to submit to the Board of Directors forapproval.The Company has formulated information security policy and information security organizational structure. Accordingto functions, it contains three layers, “information security decision”, “information governance and management”, and“information security promotion”. Relevant work duties and division of responsibilities are clearly specified.
- Information Security Decision Team:
★It consists of President, supervisors at Information Security Department,and managers for other systems.
- Main duties:
★ Reviewing and approving information security and personal information promotion direction and strategy
★Reviewing and approving information security and personal information policy and system
★ Resolution for critical information security and personal information incidents and topics
★Approval of information security and personal information implementation plans and results
Note: Regularly hold information security decision-making group meetings, once per quarter, for a total of 4 times
- Information Security Decision Team:
- Information Security Decision Team:
- Main duties:
★ Establishing and promoting information security and personal information strategies
★ Providing suggestions to information security and personal information policy and system
★ Formulating responses to critical information security and personal information incidents and topics
★ Information security and personal information implementation plan and result management
★In charge of planning, monitoring, and conducting information security and personal information management
★In charge of information security and personal information implementation
- Information Security Management Team: It consists of members appointed by each system.
- Main duties: In charge of promoting and communicating with information security and personal information methods and policy.
Note: Regularly hold information security management team meetings, once per month, for a total of 12 times"
By the end of 2023, the pass rate of training received by all employees was 100%. The content of training included concept of information security protection, information security topics and strategies for remote work, personal data protection and information disclosure, IoT information security and protective measures, and social engineering prevention. We conduct email social engineering exercise every quarter, personnel failed to pass the exercise will be provided training to enhance their awareness on email security risks. In 2023, the average open rate was 3.74%. It was higher than that in 2022. For units exceeded the standard, we have requested the manager at the department to strengthen the promotion. Besides, we provided content of training on social engineering recognition through information security e-newsletters and annual information security training to reinforce information security awareness. To encourage and cultivate information personnel with diverse specialty, our information security dedicated personnel obtained 17 international information security certificates in 2023.
The Company introduced a personal information management system under the consideration of complete operating procedures for collecting, handling, and using personal data of our policy holders. In 2023, we passed the verification of BS 10012:2017 Personal Information Management System (PIMS) again. The scope of verification covers the whole company (including HQ, branch companies, service centers, regional divisions, and communication offices). We offer “personal data protection legal regulation promotion training” at least once every year to ensure data to be well-protected.
In terms of customer privacy protection and control mechanism, we reduce risks of personal data disclosure through network & email personal data filtering protection system and USB control mechanism. By personal information management system (PIMS) certification, introduction of the personal information management system to all departments and branch companies, and environmental inspection and educational training conducted at 33.3% of communication offices, employees’ awareness on personal data protection is strengthened. We conduct exercise on regular personal information security procedures, host activities of workplace environmental inspection, and strengthen the external control mechanism to lower the risks of sensitive information disclosure. Moreover, a third-party fair institution is entrusted to test our mobile device APP to ensure its security and reduce information security risks.
We set a regulatory compliance unit under the direct management of the President to be in charge of planning, managing, and executing the regulatory compliance system. We also appointed one HQ Chief Compliance Officer to coordinate matters related to regulatory compliance. The matters related to regulatory compliance should be reported to the Board of Directors and the Audit Committee at least every half a year The Chief Compliance Officer should actively handle regulatory compliance training and business promotion, including regulatory compliance business promotion to senior managers at the business management meeting every month and seminars for compliance supervisors at each unit every quarter to cultivate the regulatory compliance culture. For the purpose of enhancing timely and effective response to the changes of legal regulations as well as strengthening follow-up management procedures for the changes of legal regulations, the Company introduced the management system for the changes of legal regulations in 2021. Via the automatic system, we collect information of external regulations from multiple sources and link them with our internal rules to assist compliance personnel identifying affected business units and enhance effectiveness of legal changes. Moreover, we continue improving the system after implementation and optimizing relevant functions to increase the efficiency of control measures on legal changes and reduce regulatory compliance risks.
We set up a Money laundering Prevention Department to focus on anti-money laundering and antiterrorism financing and established “Mercuries Life Insurance Money laundering Evaluation and Terrorism Financing Risk Policy”, “Mercuries Life Insurance Notice for Money laundering Prevention and Countering Terrorism Financing”, and “Mercuries Life Insurance Operating Procedures for Money laundering Prevention and Countering Terrorism Financing”. These regulations comprise our internal control system in money laundering prevention and countering terrorism financing, and the content covers how the Company identifies and evaluates risks of money laundering and terrorism financing in each business, the establishment of policies, procedures and controls related to money laundering and terrorism financing risks to fully implement each step of the money laundering prevention procedures, and regular discussion to enhance the efficiency of money laundering prevention and the countering of terrorism financing. In 2023, we completed optimization of the anti-money laundering system items, including facing up the substantial influence of resigned politically exposed persons, adjusting logics of list collection for the systematic risk database as well as taking reference to 2021 National Money Laundering, Terrorism Financing and Proliferation Financing Risk Assessment Report to update the threat level of involvement with the crime of money laundering, adjust classification regulations for system lists, add a column for crime information, and, at the same time, revise the scope of interpretation of list of negative newsmaker categories provided by the business and human resource units in order to verify the names of new and on-the-job employees and strengthen the prevention of unethical behaviors among sales representatives.
Following the spirit of UN PRI (Principle Responsible Investment), the Company specifies in the “Responsible Investment Criteria” that when analyzing and evaluating investments, the information of dimensions in environment, society, and governance from the invested companies shall be included in the investment process.
The Company prohibits from investing in any industry on the negative list and actively invests in the industries on the positive list. Besides, information of the type of industry disclosed through Bloomberg shall be collected before the investment to understand whether the enterprise is in the negative list/positive list/high-carbon emission industry/high-ESG risk industry. Along with the sustainability report and public information of the invested enterprise and ESG rating published by MSCI and CMoney, we find out the status of sustainability implementation of the enterprise as the accordance of investment decision. Besides, after the investment, methods of enterprise engagement and exercising voting rights are used to perform investors’ obligation of stewardship.
In terms of investment actions, Mercuries Life Insurance actively invests in the sustainable development industry. In 2023, Mercuries Life Insurance’s investment in domestic and overseas enterprises in the positive list was NT$392.952 billion. While the life insurance industry takes the action in sustainable investment to properly use capital, it not only encourages the transformation of domestic industries but also assists the development of green industry to make our efforts to environmental sustainability.
1. Taiwan Semiconductor Manufacturing Company Limited ( P09 TSMC 6A, Code: B618C3) NT$200 million.
2. Taiwan Semiconductor Manufacturing Company Limited ( P09 TSMC 6B, Code: B618C4) NT$400 million.
3. Taiwan Semiconductor Manufacturing Company Limited ( P09 TSMC 6C, Code: B618C5) NT$200 million.
4. Taiwan Power Company ( P10 Taipower 3B, Code: B903XY) NT$98 million.
5. FarEasTone Telecommunications Co., Ltd. ( P11 FarEasTone 1, Code: B94654) NT$400 million.
6. Sinopac Leasing Co., Ltd. ( P10 Sinopac 1C, Code: B95127) NT$200 million.
7. Taipei Fubon Commercial Bank Co., Ltd. ( P10 Taipei Fubon 1, Code: G107C2) NT$300 million.
8. Taipei Fubon Commercial Bank Co., Ltd. ( P10 Taipei Fubon 2, Code: G107C3) NT$150 million.
9. Taipei Fubon Commercial Bank Co., Ltd. ( P11 Taipei Fubon 1, Code: G107C7) NT$200 million.
10. Yuanta Commercial Bank Co., Ltd. ( P11 Yuanta Bank 1, Code: G10828) NT$400 million.
11. SinoPac Commercial Bank Co., Ltd. ( P10 SinoPac Bank 1, Code: G110AT) NT$300 million.
12. Shin Kong Bank Co., Ltd. ( P10 Shin Kong Bank 1, Code: G11660) NT$200 million.
13. Taiwan Land Bank Co., Ltd. ( P10 Land Bank 1, Code: G12727) NT$300 million.
14. BNP Paribas Taipei Branch ( P08 BNP Paribas 1, Code: G13801) NT$200 million.
The Company has signed the compliance statement for “Stewardship Principles for Institutional Investors” and disclosed the performance of stewardship report on our website. To fully perform the obligation of due diligence as an institutional investor, we always participate in the investor conference held by the invested companies in terms of the important asset investment or directly visit the invested companies through the arrangement of the securities firms to communicate with the management level in the invested companies and understand the topics of management strategy, overview of operations, and financial status related to the invested company as well as focus on whether the companies have good ethical and corporate governance. Besides, we make time to participate in shareholders’ meetings held in part of the invested companies to enhance the interaction with the management level, further understand the business management in the invested companies, and highlight how much we value the management in the invested companies. In 2023, our attendance rate to the shareholders’ meetings in TWSE/ TPEx listed companies was 100% (Note). We attended shareholders’ meetings at a total of 76 TWSE/TPEx listed companies and voted for 313 motions. The voting results as show as below:
Definition of enterprises in the positive list: Enterprises that support and promote ESG and are with good performance.
- Objects that are sanctioned by the competent authority according to Money Laundering Control Act and Counter-Terrorism Financing Act.
- Objects that involve critical violation against environmental protection or violate human rights, labor rights and interests, corporate governance, or ethical management but fail to propose concrete improvement solutions.
After the investment, the Company keeps reviewing ESG implementation of the invested company. If risks and opportunities related to ESG topics occur during the possession, we will find out the cause and potential improvement methods through telephone, email, interview, and questionnaire and then discuss whether to continue our investment.
- Falling into the categories of high carbon emissions and high ESG risks and failing to provide relevant management mechanism and behaviors in the sustainability report.
- With no limitation on the level of ESG risks, if the invested company is related to topics that are concerned by our Company, involves critical ESG negative news, or conducted significant changes in operation and may affect the level of ESG risks.
We will find out the cause and potential improvement methods through telephone, email, interview, and questionnaire and then discuss whether to continue our investment.
The onshore and offshore funds, bonds, and ETF linked with the investment linked products sold by the Company have been revised “Scrutiny Regulations of the Funds Recommended for Investment-linked Insurance Policy” and “Scrutiny Regulations of the Index Funds Recommended for Investment-linked Insurance Policy” in November, 2021. We included ESG in the approval standards for the launch of investment objects in order to fulfill sustainable development by confirming whether the fund has incorporated ESG factors in the process of investment decision. Besides, we include relevant local politics and investment risks into the evaluation and exclude the investment in sectors related to human rights dispute and arms & weapons.