Our Focuses|Corporate Governance|Risk Management

Corporate Governance

“Business integrity” is the foundation of the sustainable operation of the enterprise, and it is the highest corporate culture and spirit of Winbond. Winbond is committed to formulating comprehensive corporate governance regulations and management processes, and continuously monitoring and improving processes. With the efforts of all colleagues, Winbond has been ranked in the top 20% since the first corporate governance evaluation. Winbond will continue to embrace the corporate culture founded on business integrity to establish our trustworthy and reputable company reputation.

SDGs 17 Partnerships for the Goals
SDGs 13 Climate Action
SDGs 8 Decent Work and Economic Growth

Integrity and ethics education and training

100

%

Renewable energy investment

555

million

Invested in the world’s largest blue carbon project, and obtained

1000

tons of CO2e

Risk Management

Risk Management

Winbond belongs to the semiconductor manufacturing industry. Natural disasters, accidents, man-made accidents, changes in international political and economic situations, the introduction of new technologies in the industry, and changes in policies and regulations, etc., may all cause serious impacts on our operations and finances. Therefore, Winbond has set up a Risk Management Committee under the Board of Directors, and organizes existing departments or risk responsible units to carry out risk management on the areas of operation they are responsible for. In addition to formulating sound internal management regulations and operating procedures, Winbond actively manages the three types of risks faced by contemporary enterprises: “operation”, “finance” and “information”, develops a comprehensive plan and process for pre-assessment, risk avoidance, loss prevention and crisis management, and regularly reports to the management and governance units to ensure that all corporate risk control goals are achieved.

 
 
Risk identification

Combined with the annual operating plans and goals of each unit, provide material risk items and measurement methods and suggested risk appetite, and obtain the approval of the responsible supervisor with the same year’s budget.

 
 
Risk analysis

Calculate risk value of the identified material risks. In addition to the annual estimate, the risk value shall be revised quarterly, and those with significant changes shall be submitted for approval along with the quarterly report.

 
 
Risk assessment

Each unit shall evaluate the material risk items according to the appropriate operating frequency, compare them with the approved risk appetite at all times, and report to the management unit.

 
 
Risk response

When the actual situation exceeds the approved risk appetite, each unit shall immediately put forward a risk response proposal, and respond after obtaining approval in accordance with the risk management policy and procedure and the guidelines for responsibility hierarchy.

 
 
Supervision and review

In accordance with the risk management policy and procedure, include relevant risk management regulations in the follow-up items of the audit system, so as to facilitate the setting of control points, self-assessment operations and audit operations.

Winbond has included climate change risk into the long-term operation and management of the enterprise, and in order to understand its impact on the environment and operations, since 2021, Winbond has adopted the Task Force on Climate-Related Financial Disclosures’ (TFCD) framework, and based on the observation on international regulatory trends and market outlook, every year, we regularly identify and disclose the financial impacts of climate-related risks and opportunities (both quantitative and qualitative), providing comments on the situation as well as proposing a management strategy. Winbond will continue to monitor the impact of risks brought by the climate, strengthen the company’s operational capabilities, promote various carbon reduction plans, improve energy efficiency, and steadily move towards sustainable development.

Business Management Risk Analysis Table

Operational risk management

Financial Risk Management

Information Risk Management

Items for risk and opportunity identification Description of impact assessment Response measures Performance management
Abnormalities in product quality Loss of customer trust and cancellation of product orders When a product or manufacturing process fails to meet the requirements, employees responsible for corrective measures must be immediately notified to make sure that the defective product will not be shipped out to customers. Any products that may potentially be defective must be checked for defects and isolated. The responsible units shall analyze the cause of the defects and their adverse impact on the manufacturing process, as well as implement improvement measures During the manufacturing process, products are subject to strict quality controls to improve product quality, which also helps us maintain long-term working relationships with our customers and improve customer satisfaction
Rights Violations Serious rights violations may constitute illegal behavior, and lead to the Winbond’s management taking on civil or criminal liability. In less serious cases, violations may lead to financial or goodwill losses for the Winbond
  • Proactive Prevention When conducting product design and development, the RD department will closely work together with the intellectual property rights department to conduct relevant search, analysis and research on intellectual property rights. If necessary, it will obtain legal authorization or adopt methods such as design around, and strive to avoid infringement of intellectual property rights
  • Effectively resolve violations after they happen: Upon alleged infringement in rare cases, the legal department will immediately clarify the facts with relevant units and actively protect the rights and interests of the company and customers
From 2016 onwards, Winbond has avoided becoming involved in any litigation or disputes over violations of intellectual property rights (prior to 2016, Winbond has been involved in an extremely few number of litigation cases, which have all been resolved without major adverse impact on Winbond)
Patent Risk Unsuccessful patent licensing negotiations increase the risk of patent litigation. We proactively consult external lawyers to discuss and establish response measures to any potential events where a rights-holder asks for unreasonably high patent licensing fees or files a patent lawsuit against the Winbond, regardless if these actions are to protect intellectual property rights, purely based on business interests, or for any other unknown reason. Acting under the principle of looking for a win-win resolution, and by showing mutual respect and taking reasonable actions when interacting with the rights-holder, Winbond has effectively managed patent risk, and there has not been any patent risk incidents which have adversely impacted the Winbond.
Geopolitical risk Under the co-opetition of world powers, policy and regulatory measures such as relevant restrictions or tariffs may have an impact on revenue. Gradually construct local marketing talents to get closer to the market and provide customers with more timely services. Due to strategic adjustments such as marketing, we are able to respond to changes in the division and reorganization of the global industrial chain in a timely manner
Export control The rapid changes in the export of high-tech technologies and entity lists in various countries may affect shipments. Establish an Internal Compliance Program (ICP) that incorporates the entity list, Export Control Classification Number (ECCN) and red alert management procedures for abnormal transactions Incorporated relevant management regulations of the Taiwan Bureau of Foreign Trade and the US Bureau of Industry and Security (BIS) into the Internal Compliance Program to improve the overall delivery speed and management quality
Pandemic Risk The pandemic can lead to employee health impacts, or cause losses through interruptions to business operations.
  • Implement pandemic prevention management regulations, such as practicing separate warehouses and different working shifts or work from home according to changes in the pandemic situation, maintaining indoor air circulation and regularly cleaning and disinfecting the environment
  • Regular / irregular pandemic prevention meetings are chaired by senior executives, and rolling reviews are conducted on pandemic prevention management measures
In 2022, the pandemic has not impacted employee health, or caused losses through interruptions to business operations
Items for risk and opportunity identification Description of impact assessment Response measures Performance management
Exchange Rate Risk The Winbond’s foreign exchange gains and losses are mainly incurred from the foreign currency derived from import and export business operations, as well as the derivative financial products which are used to hedge against the exchange rate risk incurred from this foreign currency.
  • Transactions in derivative financial products are carried out with the purpose of hedging against the operational risks brought about by the Winbond’s business operations, and derivative financial products have been chosen with this main goal in mind. Additionally, trading counterparties have been selected for their credit-worthiness, in order to avoid situations where counterparties are unable to fulfill contract obligations, leading to losses for the Winbond. In addition, low credit risk financial institutions with good relationships with the Winbond and the ability to provide the Winbond with professional information will be chosen as trading counterparties.
  • The Winbond keeps abreast of financial market information, predicts market trends, familiarizes itself with financial products and related regulations and trading techniques, and provides complete and timely information to Winbond management and relevant Winbond departments for reference.
  • The Winbond sets the limit of unrealized loss on all financial derivatives contracts to 20% of the contract value or 3% of stockholders' equity, whichever is lower. The Winbond's finance unit evaluates the Winbond's position on financial derivatives twice every month, and produces a report based on this evaluation which is submitted for review to the head of finance and senior management authorized by the Board of Directors, with hopes to predict the risk and potential losses from each transaction.
In 2022, risks from exchange rate changes and foreign exchange gains and losses remained within a controllable range
Interest Rate Risk Mainly arises from long-term borrowings with floating exchange rates, which have been made to meet operational needs such as manufacturing process upgrades or capacity expansions. Strive to obtain favorable interest rate conditions based on the current market situation, in order to reduce the impact of interest rate fluctuations. Winbond issues New Taiwan Dollar-denominated corporate bonds at fixed interest rates, which are accounted at amortized cost and will therefore not affect cash flows or fair value during interest rate fluctuations.
  • In 2022, the Winbond’s consolidated interest income was NT$154,580 thousand, and the consolidated interest expenses were NT$94,874 thousand
  • Winbond shall closely monitor the effect of interest rate trends on cash flow in order to evaluate whether the impact of interest rate changes on the Winbond’s operations remain within a controllable range
Items for risk and opportunity identification Description of impact assessment Response measures Performance management
Information Security Threat detection, monitoring and early warning

Improve information security awareness:

  • Monthly issuance of information security advocacy
  • Quarterly information security education and training (social engineering training)
  • Annual personal data protection education and training
  • Information security current affairs or major event advocacy from time to time

Information security monitoring and abnormal event notification handling:

  • Provision of weekly monitoring records and analysis reports
  • Conduct weekly information security monitoring meeting to discuss, review incidents and take countermeasures
  • In 2022, the implementation rate of social engineering education and training courses reached more than 97%, and those who have not completed the training will be denied access to the Internet.
  • A total of 7 information security advocacy were issued
  • Strengthened the notification mechanism, automated the anti-virus notification and abnormal logins to cloud services, directly notifying the parties concerned to handle to speed up the processing time
  • No major information security incidents and impacts in 2022

Weakness and vulnerability management:

  • The on-premises host performs vulnerability scanning operations on a quarterly basis, and regularly schedules downtime operations every month for major Microsoft update patching
  • For external services, monitor risk with SSC cloud scanning tool
  • Material risk vulnerabilities of the on-premises host have been patched as scheduled
  • The average total score of the SSC cloud monitoring platform is > 90 points (level A); a total of 69 risks were patched, 30 of which were high / material risks

Identity access control:

  • Cloud services use conditional access and multi-factor authentication. And only compliant devices and specific programs are allowed
  • Remote connection uses identity recognition + multi-factor authentication + device whitelist, only when the conditions are met can the connection be made
For cloud login and remote access information daily reports, device unregistered and attempted logins were analyzed and investigated, and there were no material / high-risk events in 2022

Code security:

The application department will perform code security checks during program development and will patch the high-risk codes to improve program security when launched

A total of 7 new systems were launched in 2022, the high-risk code correction and improvement rate was 100%, and the program coverage rate of source code scanning was 100%

Mail security:

Enhanced mail server security settings; DKIM settings can prevent emails from being forged and tampered with and DMARC settings can identify unauthorized domains

All emails must be verified by legitimate email servers, and the success rate of external delivery is 100%

For more information on “Information Security Policy”, please refer to: https://www.winbond.com/hq/about-winbond/information-safety/?__locale=en