Risk Management

Risk Management Policies

To strengthen corporate governance and carry out risk management against uncertain factors that may threaten company’s operation, AP Memory formulated the “Risk Management Measures” which is approved by the board of directors in May 2020 and were set to be the supreme guiding principles in controlling risk.
AP Memory conducts annual risk evaluation, the company’s cross-functional organization identifies and analyzes the degree of impact that each risk factors could cause on the company, and formulate risk control priorities to report to the Management Committee (CMC). CMC is responsible for formulating risk management policies and operational structures, regularly tracking the implementation of each risk management procedure, and reporting to the Audit Committee and the Board of Directors.

Risk Management Framework

AP Memory actively manages the risks that may affect operation process, involving various aspects such as strategy, operation, finance, and hazardous events. By establishing an enterprise risk analysis and assessment table and assessing the frequency of risk events and the severity of the impact on the company’s operations, AP Memory defines the risk level and the priority of risk management, and adopting corresponding risk management strategies according to the risk level.

Risk Categories	Risk statement	Control method
Natural disaster or emergency risk	Natural disasters such as earthquakes, fires or power outages will affect the company’s operation	According to the “Code of Practice for Safety and Health”, set up occupational safety and health personnel responsible for supervising occupational safety and health management plan. Cooperate with the office building management committee to set up emergency response measures for power outages, earthquakes and fires Implement annual education and training plans and drills for environmental safety and health.
Epidemic risk	COVID-19 continues to negatively affect global economy and impact the stability of supply chains	Plan and formulate relevant epidemic prevention plans in accordance with the “Code of Practice for Safety and Health and the Policy of the Epidemic Command Center”.
Information Security Risk	Intrusion of important information or operational systems, resulting in operational interruption or the risk of important information being stolen or tampered with	The “Information Security Management Measures” has been formulated to strengthen the control over the use of information hardware and software by colleagues, and a firewall and related backup equipment have been built to control and maintain the normal operation of the company’s important information and systems.
Supply chain risk	Risk of single upstream supply source	Establish a long-term partnership with a world-renowned wafer foundry as the main source of wafers to ensure sufficient capacity and to improve the stability of wafer supply.
Financial risk	Risk of corporate losses due to the uncertainty of exchange rates and interest rates fluctuation	Regularly evaluate the bank’s various project deposit and loan interest rates, and monitor the effect of market interest rates fluctuation, thus taking flexible measures to adjust idle funds. If there is a need for derivative products hedging, we will consider the cost of hedging and the benefits of hedging, and use financial instruments in a timely manner to avoid the risk of exchange rate changes.
Risk of business information leakage	The risk of employees, upstream and downstream customers improperly disclosing the company’s confidential information	The employment contract has a confidentiality clause, requiring employees to abide by the principle of confidentiality; Promoting the importance of business secrets and the concept of confidentiality. Add a penalty for breach of confidentiality contract, and strengthen the implementation of the inspection mechanism that requires the other party to destroy and return it within specified period.