2.4 Risk Management and Crisis Response

The purpose of risk management is to identify and control potential risks that may arise during various business processes, and ensure that these risks remain under the Company's risk tolerance while balancing risk levels and rationalized business returns. In recent years, the range and complexity of risks in the financial industry have increased due to advances in both the economy and technology. To ensure the stability of organizational operations and business, protect customer rights, and enhance shareholder value, PSC will continuously adapt to changes in the operating environment, improve risk management policies and procedures, and conduct comprehensive identification and assessment of the potential impacts of various risks.

2.4.1 Risk Management Policies and Organization Structure

PSC has the Risk Management Policy in place to ensure the integrity of the risk management system, implement a balance mechanism, and enhance operational efficiency. This policy offers guidance in the promotion of a risk management mechanism and policy communication within the Company. It enables units at all levels of the Company to properly identify, measure, monitor, and control various risks while engaging in various business activities. This helps establish consistent compliance standards and ensures that the execution risks of various businesses are managed within acceptable limits.

Three Lines of Defense in Risk Management Mechanism

PSC’s risk management mechanism is implemented based on the integrated efforts of various departments in the daily operations of the organization. It is achieved through the "Three Lines of Defense" risk management mechanism, which effectively identifies execution risks in various business activities with the aim of identification, measurement, monitoring, and control.

Internal Audit Mechanism

In addition to the aforementioned risk management mechanisms, PSC has an internal audit mechanism and the Enforcement Rules of Internal Audit approved by the Board of Directors to ensure compliance by various units. The Company’s Audit Office conducts regular audits of business and management departments according to the frequency specified in the Regulations Governing the Establishment of Internal Control Systems by Service Enterprises in Securities and Futures Markets. The audit results are documented in audit reports, and audit findings and improvements are reported to the Company's independent directors on a monthly basis.

Furthermore, in accordance with the Regulations Governing the Establishment of Internal Control Systems by Service Enterprises in Securities and Futures Markets, PSC conducts a self-assessment of internal control systems on an annual basis. After each business department and management department completes the self-assessment of the implementation of its internal control systems, the Company’s Audit Office reviews the assessment results, compiles a self-assessment report, and issues an Internal Control System Statement accordingly. The statement is approved by the Company's Board of Directors and submitted to the competent authority. It is also announced on the Company’s official website for public disclosure.

Risk Management Framework

According to the Risk Management Policy, PSC’s Board of Directors serves as the highest decision-making body for risk management. It is responsible for supervising, managing, and approving the Company's risk management policies and related decisions. Under the Board of Directors, there is the Risk Management Committee and the Risk Control Office, which regularly report to the Board of Directors on the implementation of internal risk management policies and the status of risk management within the organization.

2.4.2 Types of Risk and Response

PSC has included various risks associated with its business operations, including operational crisis risk, market risk, credit risk, operational risk, regulatory risk, liquidity risk, and model risk, into the scope of the Company's Risk Management Policy. Moreover, corresponding risk management measures are formulated to address these risks.

2.4.3 Crisis Management Mechanism

PSC has established the Business Crisis Response Regulations and the Crisis Management Regulations to prevent unexpected business and reputational crises, which may cause losses to the Company. A business crisis occurs includes major changes in the market, major events affecting shareholders' equity, major frauds and internal defects, major account error and defaults, major impairment of assets in the non-real-time trading market, major credit risk of the counterparty, liquidity risk, unusual capital turnover, and significant loss on investment as per the Business Crisis Response Regulations. The Board of Directors will delegate the President to set up a management crisis response task force to put forth solutions to the crisis, thereby maintaining the Company’s normal operations.

Crisis management procedures

When a crisis occurs, the Company will promptly understand the cause of the event and initiate crisis management measures according to the following procedures. The goal is to reduce the corresponding risks as quickly as possible to maintain the Company's operational capabilities and protect customer interests to the best of our ability