Emerging Risks

The Company has established a sound risk identification and response process. In addition to the management and control of important risk items such as market, credit, country, operation, and liquidity, KTB also continue to keep an eye on the long-term impact of issues arising from changes in economy, environment, geopolitics, society and technology in recent years, such as new infectious diseases, information security and climate change, on the company's operations. Meanwhile, we have established an identification process and developed risk mitigation measures, and make every effort to minimize the possible impact on the company should a risk occur.

Build Awareness of Risk Culture

Linking Risk and Performance
• The performance appraisal and remuneration of the President, senior management and employees are linked to the operational performance, as well as the internal control, regulatory compliance, ethical management and other factors. In the event of a major risk event, the Board of Directors shall, in addition to taking necessary disciplinary action as prescribed by law and regulations, take measures such as, dismissal, reassignment, termination, or reduction of remuneration, as appropriate. Please refer to "Page 26-27 of King's Town Bank Co., Ltd. 2022 Annual Report" for detailed regulations.

• The withdrawal rate and capital provision are included in the performance assessment items of business units to raise the attention of front-line business units to risk in daily life.

• Continuously follow up, review and track the improvement according to the inspection opinions, deficiencies and the items to be improved as listed by the internal audit unit, which is also listed as an important item for the reward and punishment and performance appraisal of the relevant units.

• The evaluation results of regulatory compliance for each unit are taken as the basis for the evaluation of relevant personnel.

Enhancement of Risk Culture
• According to the "Key Points for the Implementation of the Risk Control
Self-Assessment System of Each Unit", KTB regularly evaluate the operation status of each unit using the "Risk Control Assessment Form", including operation procedures, rules and measures, new products/businesses, activities, processes, systems, etc., maintain the quantitative data of the self-assessment and inspection results on a regular basis according to the business and risk-taking situation, and start planning, building, and developing a risk management system to ensure the continuous and effective operation of the system.

• Conduct risk management education and training for all units on a regularly basis, and deeply embed the awareness of risk management and control in daily decision-making.

:When developing its businesses, KTB prevents or mitigates damages that may be caused by risks through identification, balance, supervision, and management, so as to achieve reasonable risk pricing, to attain the balance between risk and performance. The implementation status of KTB risk management in 2022 is as follows:

Organizational Structure of Risk Management

The Board of Directors is the highest authority in the risk management mechanism. It bears the ultimate responsibility for approving KTB's risk management policies and maintaining effective internal control policies. The functional committee - "Audit Committee" at the same level with the Board of Directors serves as the Supervision Unit. In addition, "Risk Management Committee" is set as passed by the Board of Directors, where, the President acts as Chairman, while heads of the departments such as the Risk Management Department, Treasury Department, Digital Service and Channel Management Department, Credit Assessment Department, Administration Management Department, International Banking Department, Compliance Department, Strategy and Operations Department and so as act as ex officio member. The committee holds meeting regularly every month, to guide addition and revision to risk management policy and make overall planning of various risk management matters of the whole company. The "Risk Management Department" is responsible for executing and promoting the policies formulated by the Committee. The Department is also an independent unit that plans and supervises the overall risk management of KTB. At the beginning of every year, the head of the Risk Management Department is responsible for reporting various risk exposure conditions at the end of the previous year to the Audit Committee, and then to be passed upon resolution of the Board of Directors.

Risk Management Policies

In order to ensure sustainable management and capital security, KTB clearly specifies the objectives and procedures of risk management based on the risk management policies approved by the Board of Directors. Thereby, KTB establishes effective risk management mechanisms to assess and monitor its risk-bearing capacity, the current status of risk already incurred, and to determine its risk response strategies. Moreover, KTB has established a capital adequacy assessment process that takes into consideration the risk status in order to maintain capital adequacy based on business growth. In addition, KTB conducts appropriate overall capital allocation to establish management measures for a variety of business risks considering our overall risk exposure and includes all risks on and off the balance sheet in the scope of risk management.

The scope of risk management includes: credit risk, market risk, operational risk, liquidity risk, country risk, legal risk, and other risks. The management standards and regulations are formulated according to the different risks, specifying the management countermeasures, organizational structure and responsibilities, and management procedures for different risks.

Risk Management Mechanisms

Risk management is the responsibility of all personnel in KTB. Through the 3 defense lines of internal control and various risk management procedures, KTB has established a comprehensive risk protection to ensure that all business risks can be controlled timely and effectively.

Risk Management Procedures and Categories

The Company collects various risk factors regarding various financial products or services, which shall be used to identify relevant risks that might influence corporate sustainability. The Company formulates quantitative or qualitative standards in accordance with requirements and criteria of the competent authority to establish risk assessment indicators, thus serving as the basis for management decision- making, performance evaluation and so on. Each department abides by various measures and criteria to control risk of the business under their jurisdiction, and provides assistance in identifying and evaluating whether the risk control method is appropriate or not. The Risk Management Department performs independent monitoring of important projects or integration risk, and reviews and amends KTB's risk management goals and practical operations, so as to achieve dynamic prevention and control of risk expansion. In addition, the Risk Management Department is responsible for preparing risk control report and disclosing relevant information regularly.