Build Awareness of Risk Culture

Linking Risk and Performance

✓The performance appraisal and remuneration of general manager, senior management and employees are linked to the operational performance, as well as the internal control, regulatory compliance, ethical management and other factors. In the event of a major risk event, the Board of Directors shall, in addition to taking necessary disciplinary action as prescribed by law and regulations, take measures such as, dismissal, reassignment, termination, or reduction of remuneration, as appropriate. Please refer to "Page 24-25 of King's Town Bank Co., Ltd. 2023 Annual Report" for detailed regulations.

✓The withdrawal rate and capital provision are included in the performance assessment items of business units to raise the attention of front-line business units to risk in daily life.

✓Continuously follow up, review and track the improvement according to the inspection opinions, deficiencies and the items to be improved as listed by the internal audit unit, which is also listed as an important item for the reward and punishment and performance appraisal of the relevant units.

✓The evaluation results of regulatory compliance for each unit are taken as the basis for the evaluation of relevant personnel. Enhancement of Risk Culture

Enhancement of Risk Culture

✓According to the "Key Points for the Implementation of the Risk Control Self- Assessment System of Each Unit," KTB regularly evaluate the operation status of each unit using the "Risk Control Assessment Form," including operation procedures, rules and measures, new products/businesses, activities, processes, systems, etc., maintain the quantitative data of the self-assessment and inspection results on a regular basis according to the business and risk-taking situation, and start planning, building, and developing a risk management system to ensure the continuous and effective operation of the system.

✓Conduct risk management education and training for all units on an irregularly basis, and deeply embed the awareness of risk management and control in daily decision-making.

Risk Management Policies

In order to ensure sustainable management and capital security, KTB clearly specifies the objectives and procedures of risk management based on the risk management policies approved by the Board of Directors. Thereby, KTB establishes effective risk management mechanisms to assess and monitor its risk-bearing capacity, the current status of risk already incurred, and to determine its risk response strategies. Moreover, KTB has established a capital adequacy assessment process that takes into consideration the risk status in order to maintain capital adequacy based on business growth. In addition, KTB conducts appropriate overall capital allocation to establish management measures for a variety of business risks considering our overall risk exposure and includes all risks on and off the balance sheet in the scope of risk management. The scope of risk management includes credit risk, market risk, operational risk, liquidity risk, country risk, legal risk, and other risks. The management standards and regulations are formulated according to the different risks, specifying the management countermeasures, organizational structure and responsibilities, and management procedures for different risks.

Risk Management Mechanisms

Risk management is the responsibility of all personnel in KTB. Through the 3 defense lines of internal control and various risk management procedures, KTB has established a comprehensive risk protection to ensure that all business risks can be controlled timely and effectively.

Risk Management Procedures and Categories

The Company collects various risk factors regarding various financial products or services, which shall be used to identify relevant risks that might influence corporate sustainability. The Company formulates quantitative or qualitative standards in accordance with requirements and criteria of the competent authority to establish risk assessment indicators, thus serving as the basis for management decision-making, performance evaluation and so on. Each department abides by various measures and criteria to control risk of the business under their jurisdiction, and provides assistance in identifying and evaluating whether the risk control method is appropriate or not. The Risk Management Department performs independent monitoring of important projects or integration risk, and reviews and amends KTB's risk management goals and practical operations, so as to achieve dynamic prevention and control of risk expansion. In addition, the Risk Management Department is responsible for preparing risk control report and disclosing relevant information regularly.

According to the World Economic Forum's "The Global Risks Report 2024," there is a growing recognition of both long and short-term risks. The worsening environmental risks are imminent, alongside societal polarization, geopolitical conflicts, and the rapid advancement of AI technology, all contributing to heightened uncertainty in global operations. In this global wave of change, the financial industry will be highly affected. In response to these challenges, KTB has not only established robust risk management mechanisms but also prioritized emerging risks as areas of focus, enabling the Bank to keep abreast of global developments, assessing the pros and cons for its operations and management planning, and continuously gathering risk reports from leading global institutions and address issues of concern from various stakeholders. By staying vigilant and proactive, the Bank can identify the latest trends in emerging risks and implement effective strategies to address them.

Analysis of emerging risk factors for KTB, taking into account the World Economic Forum's "The Global Risks Report 2024," evaluates five major categories of risk factors: economic, environmental, geopolitical, social, and technological, based on "likelihood of occurrence" and "impact severity." Three key emerging risks that may have a long-term impact in the future are identified, and corresponding response measures are proposed.

The emerging risks of the Company are assessed based on the "degree of operational impact" and "likelihood of Occurrence." 9 major emerging risk factors have been identified: geopolitical and economic confrontation, extreme weather events, misinformation and fake news, inflation, biodiversity loss, aging society, adverse effects of AI technology, economic recession, and natural resource scarcity. Among these, the emerging risks with the greatest impact are "geopolitical and economic conflicts" and "extreme weather event." In light of this, measures have been developed to strengthen the Company's operations and resilience in addressing these risks