Risk Management

FEDS has set up an appropriate risk management system to ensure the Company can actively engage in various business developments under the risk management system and reduce the impact on consumers and the society. Through regular analysis and assessments of the risks of business activities and work execution, FEDS actively takes measures to prevent the occurrence of risks, develop measures to minimize the impact of risk, and prevent their recurrence. The scope of the risk management is not limited to the internal management system, but also the impact of external changes on the business. Systemic risks are categorized to research the commonality. Non-systematic risks that may occur under specific conditions require comprehensive risk management and response measures.

FEDS has a sound risk management mechanism to identify operational risks over a long term, and has functional committees and responsible departments to manage and respond to risks, and to formulate management regulations to control risks.  In 2022, FEDS achieved the results of zero major corruption, zero major complaints, zero major violations, and zero information leakage.

Ethical management and risk mitigations

FEDS upholds the concept of integrity management and has formulated the “Code of Ethical Management”, the “Code of Ethics” and other regulations as the standards of conduct followed by all employees to strengthen corporate governance and ethical management. Meanwhile, the precaution mechanism is implemented in the annual internal control self-evaluation, which requires each unit to assess whether its business conduct meets the standards of integrity and ethical value required by the Company to mitigate the corruption risk. No major corruption risk was identified in 2022.

Systemic and non-systemic risk management and response

The responsible unit or cross-departmental functional organization conducts comprehensive risk management and response for each risk type based on the causes of “systemic risk” and “non-systemic
risk”. To ensure that our businesses are carried out under a sound risk management system and reduce the impact on the socioeconomic environment, we regularly analyze and evaluate our business activities and operational risks, take precaution measures to
prevent risks from occurring, minimize the impact of risks, and prevent recurrence.

Risk management mechanism
  1. Risk identification:Risk types are identified based on the changes of the environment.
  2. Risk assessment:Assess the possible impact of various types of risks on the Company’s operations.
  3. Strategy:The responsible unit develops counter-measures, and conduct required education and training to minimize risks.
  4. Improvement:Review regularly every year, dynamically adjust actions, and establish a complete risk early warning and management mechanism.

Professional auditing and risk management enhancement

Audit Office

Professional auditing and risk management enhancement

Risk Type

Commodity and food safety risk

  • Timely inspect the labels and expiry dates of the products displayed in stores, as well as the quality and safety of food in restaurants and supermarkets in accordance with the latest regulations and current issues.

Shopping mall operational risk

  • Ensure operation of malls, fire fighting and public safety, and cooperate to inspect work operations such as renovation of the mall, counter entry and withdrawal, etc. to provide a safe and comfortable shopping environment.
  • Draw up and monitor branch self-operated cosmetics, supermarket self-operated inventory, giveaway inventory, fixed assets, etc. to reduce the risk of loss of operating assets.
  • Sampling inspection of the invoicing of the branches, counter sales entry, repayment of contract fees, in order to comply with business integrity and ensure revenue recognition.

Human resource management risk

  • Verify the correctness of attendance, number of employees and leave applications to comply with laws and regulations as well as the principle of fairness.

  • Randomly check the actual attendance of the outsourced security personnel, the duty status of the sentinel sites, etc., and check the manpower quality of the suppliers.

Procurement acceptance payment management risk

  • Supervise and review the procurement price negotiation of new shopping mall and branches, review the reasonableness of the unit price of the in-process and post-construction revised work items of the shopping mall and counter adjustment project, and ensure the acceptance documents must meet the payment requirements.

  • Randomly check the authenticity of the quoted manufacturer’s business information, supplier maintenance management, branch’s construction company entry management, and capital expenditure acceptance inspection to ensure the quality of the supplier.

  • In 2022, there were 7,862 cases related to supervision of procurement price negotiation, and review of  acceptance inspection and payment.

Information security management risk

  • Implement digital audit project system interface database, conduct system acceptance testing, and check host security protection.
  • Supervise the procurement, acceptance inspection and payment of information software and hardware as well as FEDS App, and assist in reviewing information device disposal operations.
  • Review the security of the information room and computer room of the branch office to strengthen information security protection.

  • Review the information asset management of the head office to ensure effective control over acquisition, storage, and disposal.

Legal compliance risk

  • Execute the annual audit plan and the internal audit reporting operations in accordance with the regulations of the competent authorities.

  • Plan to revise the internal control system and internal audit implementation rules in response to digital management.
  • Regularly compile a special section for the changes in laws and letters from the Financial Supervisory Commission and the Taiwan Stock Exchange every month, and conduct inspections in accordance with the latest regulations in due course.

Financial management risk

  • Remind and advise the financial management unit to comply with the requirements of the competent authorities in due course.
  • Timely reminded subsidiaries of financial management-related procedures in accordance with regulations of the competent authorities.
  • Perform audits of accounting operations in accordance with laws and regulations, including capital loans, endorsement guarantees, acquisition and disposal of assets, related party transactions, financial statement preparation process, derivative financial instruments, and operation management of functional committees.

  • Cooperate with the accounting unit in the execution and supervision of marketable securities, spot check of branch financial working capital, gift (commodity) certificates and treasury control.

Subsidiary supervision risk

  • Supervise and manage the financial and business information of subsidiaries in accordance with laws and regulations, and compile the quarterly analysis report on supervision of subsidiaries on a quarterly basis.
  • Oversee the annual audit plan of subsidiaries, and review their operations, financial security, seal management, welfare fund management, contract payment, catering food safety, etc.

  • Cooperate with the audit and supervision of the parent company and revise the internal control system of the subsidiary according to the plan.

Financial risk management

Financial risk management team monitors the changes in capital and money markets
The risk management team holds regular weekly meetings to review changes in the value of assets and liabilities and adjust the operating cash flow adequacy ratio in a timely manner, reducing the systemic risk impact on the Company's finance. In order to avoid non-systematic risks, FEDS has formulated a management mechanism. Through the establishment of the management mechanism and the Company's internal regulations, FEDS prevents the occurrence of non-systematic risks, and avoids heavy losses in the Company's operations to endanger shareholders' interests.

Legal risk management

Legal risk management team implements zero violations

FEDS has been paying attention to the revisions and changes of various laws and regulations over the long term to reduce the impact of systemic legal risks, and has formulated the direction of compliance with laws and regulations through the three aspects of "establishing system, implementing management, and educating employees" to avoid the occurrence of systemic legal risks. At the same time, the regulations, administrative rules, and announced draft amendments to the laws and regulations related to the operation of the Company, etc., will be announced to managers at all levels every week via the "Regulatory News". Starting from 2022, the legal department further enhances management measures by adding a KPI on the timeliness of contract submission for review and has effectively managed the risk of delay in contract review.

Information security risk

The Information Security Committee identifies the sources of trade secret risks

FEDS has established an information security management committee to implement enterprise information security management.Through regular meetings of members with various backgrounds, we can more comprehensively discuss different aspects of the issues. Based on the management cycle mechanism of Plan-Do-Check-Act (PDCA) we endeavor to strengthen corporate information security and personal data management. FEDS established a strict KPI system to manage information security risks. FEDS had no incidents of information security breaches in 2022. In the future, we will assess the introduction of ISO27001 information security certification to strengthen information security governance.

Information security risk

The Personal Data Management Committee maintains personal data management

FEDS's Personal Data Management Committee reviews the use and storage of personal data by various units within the Company to ensure that all personal data is properly protected and managed to comply with the "Personal Data Protection Act".In accordance with FEDS "Happy Go Point Card Management Measures", the relevant procedures for the collection, processing, utilization and file security maintenance of personal data of customers are established to effectively control the protection of customer data during the card application process.