Risk Management

Risk Management Policy and Process

TWM established “Risk Management Policy” in 2011, and was revised by the Board of Directors for the second time in 2020 as the highest guiding principle for risk management. In advance to achieve the benefits of prevention, TWM actively plans risk management policies, organizational structures and risk management systems to address the risks that the company’s operations may encounter to. . In 2015, the existing risk management structure intergraded with control mechanism.

In addition, the "Risk Management Committee" was established and approved by the board of directors to strengthen the risk management mechanism in the company.

The Internal Audit Office performs risk assessment at the end of the year periodically. The risks are evaluated for importance and probability and gave their risk value by Internal Audit Office.

The level of risk value as the basis will be used to arrange an audit plan for next year. No shortcomings and irregularities of the internal control system were detected in 2020. Only 73 concrete suggestions were provided for each operation process as a reference for an improvement of the management quality by each department. As for items requiring improvement and submitted suggestions, constant tracking is implemented on a quarterly basis until improvements are completed.

Risk Management Scope

TWM integrates and manages various important risks that may affect operations and profits by proactive and cost-effective manner along with a response mechanism from the three-level risk management.

The company's important risks include "Operating risk", "Risks related to privacy and information security", "Innovation risk"... and so on. Please read the detail content in the company's annual report.

Risk Management Structure

Risk Operation

TWM sets up "Risk Management Committee" for supervising and strictly controlling risk management related issues, and promotes a risk management-oriented management model to achieve the goal of improvement continuously.

The Risk Management Committee is hold at least once every six months, and communicates with various functional committees as “Operations and Management Committee”, “Occupational Safety and Health Committee”, “Communication Quality Assurance Committee”, “Environmental Management Committee”, “Cyber Security and Data Privacy Protection Committee” , “ESG Steering Committee” and “Innovation Management Committee” and other special committees to discuss the issues of risk management regularly , for accurately control risk issues in different fields.

In the event of a major event or proposal, each responsible unit shall report it to a meeting of operation management or each management committee to decide the necessary measures. Each functional committee not only proactively focus and identify the potential risk issues within internal and external for the company, but bring up appropriate solutions.

The operation record of the “Risk Management Committee” is coordinated and submitted by the Internal Audit Office to the chairman for approval. The Internal Audit Office follows up the status of operation and report to the Board of Directors at least once a year to ensure that relevant risk issues are effectively managed.

The company has proactively promoted the mechanism of risk management since 2011.
The followings are the status of main operating over the years.

  • Formulated Risk Management Policy in 2011
  • The Risk Management Committee was established in 2015
  • Revised the Risk Management Policy in 2017
  • The Risk Management Policy was revised the second time in 2020 and approved by the Board of Directors. The company implements the detection, analysis and identification of risk items within the scope of risk management, and strengthen the objectives of crisis prevention and resolution with rapid recovery to effectively control risks.
  • The Chief Internal Auditor attended the Board of Directors to report the business of the Risk Management Committee on August 5, 2021.

Risk Management Procedure

Risk Management Matrix

Analysis of Key and Emerging Risks and Opportunities

* Emerging risk: defined as an emerging and external risk that is expected to have a significantly long-term impact on the company's business

Please Swipe Left or Right View All.
Category Key Risk WEF category Description Trend Impact Mitigating actions
Regulatory Legal Compliance
  • Added the Internet audio-visual service management and penalties
Remaining stable The NCC has announced the draft "Internet Audiovisual Service Management Act" on July 15, 2020 to regulate the over-the-top service with a voluntary registration mechanism. However, the draft authorizes NCC to consider certain factors, such as the number of users, turnover, click flow, internet traffic volume, market influence, and other significant public interests to require the OTT operators with any of the said nature to register. In order to halt PRC OTT operators that illegally provide OTT services, either by itself or through an agent, without obtaining permission in accordance with the Act Governing Relations between the People of the Taiwan Area and the Mainland Area, the draft explicitly demands that operators of telecom business and the related internet service providers should not provide equipment or service to PRC OTT operators, and violators will be fined. The draft is still seeking opinions, and has no immediate impact on the company's related businesses. The draft will impose necessary controls on internet audiovisual service providers. Focusing on the balance of regulatory environment for domestic and overseas players, and the development of digital convergence, the company is closely monitoring the progress of the policy and continues to communicate with the NCC in hopes of maintaining a regulatory environment for the industry’s development.
Policy and legislation changes
  • Changes in government organization
On the rise The “Digital Development Department” will be established in the future and the Executive Yuan is launching an organizational transformation plan in 2021. The “Digital Development Department” will include five major aspects: information, cybersecurity, telecommunications, internet, and communication. The related units of NCC, the National Development Council, the Department of Posts and Telecommunications, the Technology Division of the Ministry of Economic Affairs, the Electricity Resources Group of the Industrial Bureau, and the Information Security Division of the Executive Yuan will be consolidated. The establishment of the Digital Development Department has a powerful influence on the direction of supervision and guidance policies for industry. The company will pay close attention to the progress of organizational transformation.
Network bandwidth resources Climate change/ natural disasters* Environmental
  • We conduct a comprehensive review of the risks that may be faced by the Company annually. According to the risk map analysis in 2020, climate change has been identified as one of the Company's emerging and major influencing risks.
  • Two findings were concluded from the TCFD evaluation:
  1. Climate change is a general environmental trend which is beyond our control, classified as an external risk. Climate change would result in extreme weather events such as typhoons and rain storms with higher intensity, and prolonged periods of excessively high temperatures.
  2. Climate change has been considered as having material financial impact on business operations, and its impact is estimated to last for at least 10 years from now. Accordingly, we keep reviewing and modifying our climate strategy to cope with the impacts.
On the rise Impacts of climate change to the Company include:
  1. An increase in elevated temperature and rainstorm intensity may lead to greater possibility of equipment damage and additional operating costs. According to the TCFD evaluation, the total loss due to typhoon in 2019-2030 is estimated to reach up to NT$58 million.
  2. Demand on air-conditioning for telecommunication facilities is growing as periods of excessively high temperatures prolonged. This may cause more electricity consumption and higher operating cost.
  3. Extra labor costs and working hours are needed for rebuilding destruction of natural disasters.
  4. Climate change and extreme weather may result in unstable supply of power and water, causing interruption in our operations.
  • Increase climate resilience by introducing high temperature resistant and moisture resistant equipment.
  • Reinforcing the Standard Operating Procedure (SOP) of emergency repair as well as recovery after major disasters and holding disaster prevention drill regularly.
  • Adding back-up electricity generators to the base stations located in natural disaster hotspots.
Telecommunication technology innovation* Technological
  • We conduct a comprehensive review of the risks that may be faced by the Company annually. According to the risk map analysis in 2020, “telecommunication technology innovation” has been identified as one of the Company's emerging and major influencing risks. Rapid development in technology and the shift to digitization means changing business models and innovated products and services. And telecom technology innovation depends on the coverage of 5G, and the risk of 5G high power consumption will become more and more obvious in the future. Such risk of higher power use for telecom technology has already showed its increased environmental and operational impacts from now. Furthermore, to achieve coverage, 5G networks will represent another overlay network that requiring additional equipment and energy.
Remaining stable
  • The power consumption of 5G base station has increased significantly, which will increase electricity and backup battery costs.
  • Most of the base stations are co-located by various operators. As some of cell sites are limited by the power supply capacity, it is impossible to deploy new 5G base station equipment, which will result in poor coverage of 5G networks in some areas, and only 4G networks can be provided, which affects the promotion of new users and the transfer of 4G users to use 5G.
  • Affected by the government’s energy policy, Taiwan’s electricity is increasingly scarce and unstable. With higher power consumption of 5G, TWM may suffer from power shortages and frequent power outages, or require the use of more aggressive power- saving methods, which may affect user experience.
  • TWM adopt new 5G base station equipment had 2.5 times energy efficiency of the old type.
  • Base on the number of users and traffic, the base station energy-saving mode is to switch ON/OFF dynamically. Turned on 5G cDRX energy-saving technology to improve terminal power consumption. Spectrum reorganization, equipment integration and shutdown are planned in advance.
  • For those sites that cannot be add new equipment due to power capacity limitations, it is necessary to find alternative sites to avoid affecting the coverage of 5G.
  • The 5G network coverage status is regularly provided on the website for user reference.
Information security Information privacy and security* Technological
  • Information leakage affects reputation
  • Consumer doubts rise
  • Emerging services and product ranges increase personal information leakage
On the rise
  • The company provides various telecommunications and value-added services. In the future, the scope of innovative services and products will continue to increase, which may expand the collection of customer privacy information (such as location, Internet usage behavior, etc.). In addition, domestic and foreign security/privacy standards (such as domestic personal information security law) will become more strict. If the customer's personal information is leaked carelessly, the Company shall bear legal responsibility and seriously damage the Company's image.
  • Keep the ISO 27001 "Information Security Management System (ISMS)" and the new BS 10012 and ISO/IEC29100 privacy framework standards certificate, and were integrated into the corporate operating procedures, such as promote the information security maintenance plan, etc. We will introduce and obtain the certificate of latest international privacy protection standard-ISO27701 "Personal Data Privacy Management System" to improve the level of information privacy and security
Hacker attacks
  • Attack techniques change rapidly
  • Information security protection requirements are becoming stricter
On the rise
  • As one of the three major telecommunications operators in Taiwan, TWM is a company with high-value information such as customer information and telecommunications service privacy, it makes TWM become a desired target for hackers. According to NCC requirements, the company must strengthen its protection level to reduce the major impact on operations caused by hacking attacks.
The company cooperated with NCC to implement information attack drill in response to hacking attacks. We continued to report security protection measures and report progress to the Information Security Steering Committee related to following items,
  • External verification company checks and improves cloud security
  • Perform penetration testing, simulate hacking, test and improve weaknesses
  • Establish various quantitative indicators to track safety levels
Business operation Occupation safety
  • Work-related injury prevention measures to protect key field technicians
  • If there is any defect in the contractor's operation safety, it will destroy goodwill.
on the decline
  • Increasing work-related injuries may cause physical and psychological damage to employees and may affect company operations.
  • If there is any defect in the contractor's operation safety, it will destroy goodwill.
  • Strengthen occupational safety education and training for employees, and provide safety and health care and training especially for employees who apply for work injury.
  • Stablish standard operating procedures and provide appropriate personal protective equipment
  • Build Safety Health and Environment Standard Operating Procedure compliance to contractor,and implementation management and supervision.
Market Alternative and emerging business models
  • The longer life-cycle of mobile devices increases the demand of low- price 4G SIM-only unlimited data plans.
on the decline
  • The longer life-cycle of mobile devices and the increasing demand of low-price 4G SIM-only unlimited data plans boost up the downgrade trend of high ARPU customers, which creates a downside impact on revenue.
  • TWM offers 5G handset bundled plans to those who want to switch to 5G devices. We also provide Double Play plans by combining mobile and home broadband services, or momobile plans bundled with momo dollars to those who don’t need 5G devices yet. Those variable packages are designed to fulfilling customers’ needs and to improve mobile revenue.
Intensified Competition
  • A main competitor cooperates with a small player to expand 5G market share.
  • The other competitor provides the similar packages to TWM Double Play plans.
Remaining stable FET cooperates with Gt in 5G marketplace. TSC cooperates with CNC(中嘉寬頻) by providing mobile and fixed broadband services together to compete with TWM Double Play. TWM offers higher subsidies for longer-term contract plans to attract more 5G true users and to expand the potential market of 5G value-added services.

We bundle Double Play plans with exclusive cloud gaming services to increase our differentiation. We also offer variable smart home appliances bundle plans to create the user base for Smarter Home platform services in the future
Changing customer requirements* Economic
  • More and more customers apply 4G unlimited data plans, which causes the decline of revenue.
  • The demand of wearable devices is going up.
Remaining stable Due to the popularity of 4G low-price unlimited data plans and VOIP apps, the revenue of telecom operators has dropped significantly even with growing data usages. The demand of 5G devices is growing since 5G launch. TWM provides various value-added services and cloud gaming to increase 5G revenue, such as myVideo, myMusic, GeForce Now cloud gaming, IOT device bundle plans, smarter home appliances, and wearable device packages.
Demographic changes* Societal
  • The negative population growth will reduce mobile subscription.
  • The elders have different needs to be served.
Remaining stable Taiwan’s population began decreasing for the first time in 2020. Due to the longer life-cycle of mobile phones of elder people, the phone bundle plans can’t attract their subscription. There will be an effect on revenue in the long run. We provide various product /service bundle plans for elder customers to meet their needs.

We rolled out exclusive service “my angel” with a special watch, which can protect elder customers from getting lost.
Innovation management Innovation kinetic energy growth
  • If innovation of 5G service would not satisfy customers, it would lose the chance to boost 5G ARPU.
On the rise
  • If there is no innovative application of 5G for enterprises or service providers, it will erode TWM’s revenue base.
  • To find out 5G applications and service partners both in enterprise and consumer sides proactively and then roll out 5G value-added services and rate plans