We're sorry, some features of the site do not work properly without JavaScript enabled.

  1. :::
  2. Back Home Icon
  3. Sustainability Development
  4. Sustainability Main Issues
  5. Governance - Always Ethical
Share:
Facebook
Line
Favorites
Favorites

Always Ethical - Governance

Corporate Governance

Evaluation of the Performance of the Board of Directors

To implement corporate governance, enhance the functions of the Board of Directors, set performance targets and increase the operational efficiency of the Board, the SCSB established the “Rule for Performance Evaluation of Boards”. Internal evaluation will be conducted annually on the status of operation of the Board and functional committees and the performance of the Board members. In addition, evaluation may be conducted by external independent organizations or expert teams every three years.

Information on external evaluation disclosed in the annual report is as follows:

(I) External evaluation:

From 2021, according to the “Rule for Performance Evaluation of Boards ”, the performance of the Board of Directors is conducted three times a year by an external independent professional institution or a panel of experts and scholars. Evaluation includes the composition, guidance, authorization, supervision, communication, internal control, risk management, self-discipline of the Board of Directors, and others such as the meeting of the Board of Directors and support system. The latest performance evaluation was completed in 2021. The result indicates that directors can communicate with relevant units sufficiently at the Board of Directors and functional committees and perform functions effectively. Independent directors are active and accountable, proactively take part in setting our vision and long-term strategy goal, contribute their profession, express their opinions, and elaborate their function of guidance and supervision. SCSB will enhance and improve the execution of the Board of Directors by continuing to refer to the independence evaluation result of the third party.

(II) Internal evaluation:



The result of the performance evaluation of the directors in 2023 is shown below, and the evaluation result is deliberated by the Nominating Committee and reported to the Board of Directors alongside the Remuneration Committee as the reference for director selection or nomination and remuneration formulation.

Evaluation item Evaluation Results
Evaluation of the performance of the Board of Directors Good
Performance evaluation for the functional committees Audit Committee Excellent
Remuneration Committee Good
Risk Management Committee Excellent
Nominating Committee Good
Evaluation of the performance of the Board of Directors Good

Sustainability Performance and Compensation

To embed sustainable development in daily operations, the SCSB has established a linking mechanism between compensation and various performance indicators. According to the “Measures for Performance Management and Development of The Shanghai Commercial & Savings Bank”, the annual performance goals of senior executives are divided into two categories, namely work objectives (80%) and leadership competency (20%). In the work objectives, KPIs are listed on the balanced scorecard (BSC) including the annual ESG goals, and relevant indicators as well as weights will be set under the business indicators according to the responsibilities of executives, and the sustainability team’s annual goals will be included together. For the remuneration part, annual performance bonuses are issued in accordance with the “Shanghai Commercial & Savings Bank Remuneration Management Measures” based on the SCSB's profits and the personal performance of senior executives.

Performance Target Indicators and Weights for Senior Executives

Indicator and weight Description of indicator
Work objectives 80% Financial and operating performance
  • Financial performance includes per department’s budget control, annual income, net profit before tax, etc.
  • Operating performance is determined according to the department's responsibilities, such as lending market share, customer satisfaction, completion of system construction, etc.
Implementation and progress of annual ESG goals (at least 5%)
  • According to the responsibilities of the six working teams and the SCSB’s Sustainable Strategic Target Planning, formulate corresponding KPIs for senior executives, including digital financial innovation, climate governance, energy conservation and carbon reduction, information security, personal privacy, climate scenario analysis and operational risk management, occupational health and safety, employee training, etc. For more on the sustainable development goals of each working team, please refer to Chapter 0 of Sustainable Development Strategies.
Personal training and career development
  • Strengthen the professional functions of personnel, enhance the employee’s competitiveness, and obtain professional certificates in foreign languages, finance, information, digital finance, etc.
Internal audits & controls
  • Including the self-check results of each department, risk control and the number of risk events within the unit, etc.
Leadership competency 20%
  • The evaluation dimensions include Leadership, Innovation, Accountability, Discovery, and Service

Head of the Risk Management Department Annual ESG-related KPIs

  • In accordance with regulatory requirements and within the responsibilities of the Risk Management Department, execute matters related to the SCSB’s climate risk financial disclosures (e.g., TCFD scenario analysis, climate stress testing, drafting relevant regulations, and publishing the TCFD report).
  • Lead various business units in conducting carbon inventory for investments and financing, and in alignment with the SCSB's strategic goals and initiatives (such as SBTi), assist in promoting and implementing carbon reduction plans for investments and financing.
  • Promote and implement internal carbon pricing for the SCSB's operational electricity usage (Scope 2).
  • Enhance and implement internal management regulations and mechanisms for climate risk, providing relevant suggestions to the units responsible for drafting these regulations.
  • In accordance with the responsibilities of the Risk Management Department, complete and respond to external climate risk-related questionnaires and assessments (such as corporate governance evaluations, sustainability evaluations, and DJSI assessments).

President and Senior Executive Vice President Annual ESG-related KPIs

Corresponding Sustainability Topic(*Annual Material Topic) 2024 Work Goals Weights (%)
Sustainable Finance* Green credit and green investment increased by 15% compared to last year 3
Customer Relationship Management Rank among the top 25% for FSC’s The Principle of Fair Customer Treatment evaluation Trust 2.0 Evaluation and continue to receive awards 3
Digital Finance and Service Innovation* Increase the proportion of digital financial transactions to at least 85% 3
Risk management* Passed ISO 22301 Business Continuity Management System (BCMS) certification 4
Green Operations, Climate Strategy and Management* Energy resource reduction commitment: For industries with annual revenue exceeding NTD 1 million including gasoline/electricity/water consumption and waste production show a 3% YoY decrease. Green energy consumption accounts for 8% of SCSB’s total electricity consumption 4
Employee Training and Career Development* According to core strategies and operational objectives, key talent development in 3 to 5 years would focus on fostering 30 talents respectively in international finance, digital finance, sustainable finance, information technology, and marketing fields 2
Legal Compliance*, Information security*, Data Privacy and Protection* No major anti-money laundering deficiencies or incidents occurred in 2023 3
The total proportion of ESG-related KPIs 22

President and Executive Committee members’ multiple of base salary

In December 2023, the President of the SCSB Kuo Ching-Yi possessed 1,141,031 shares with 9.04 times of his base salary while the Senior Executive Vice President Peng Kuo-Kuei held 2,734,527 shares with 23.68 times of his base salary. Lastly, the First Executive Vice President Huang Wen-Hua held 3,626,667 shares with 32.84 times of his base salary. In addition, the average multiple of base salary for 2 senior executives accounts for 28.16. Note: The calculation of multiple of base salary (number of shares held by a person* share price at the end of FY23, namely NT$ 46.8)/ base salary of a person

President-to-Employee Pay Ratio

The ratio between the total annual compensation of the President of the SCSB and its median or mean employee compensation was 9.51 and 8.57 respectively in 2023

Compliance linked to Employee Remuneration- Employees’ Annual KPIs in Line with Internal Control and Compliance

Corresponding annual material issues* Aspect Target Weight(%)
Legal Compliance* Internal Control Follow internal control and legal compliance circumstances 5
Legal Compliance* Internal Control No incurred operational incident stemming from personal deficiencies 5
Legal Compliance* Internal Control No incident resulting from self-review and external audit 5
The proportion of KPIs relating to Internal Control and Compliance 15

Compliance

Anti-money Laundering

In order to tighten requirements concerning anti-money laundering and counter-terrorism financing, internal control, and compliance in banks, the SCSB has established a group anti-money laundering policy and the relevant procedure. A dedicated Anti-Money Laundering and Counter-Terrorism Financing Center has been established under the Compliance Department with a responsible officer, and an inter-departmental Anti-Money Laundering and Counter-Terrorism Financing Committee has also been established. Supervisory officers for anti-money laundering and counter-terrorism financing have been appointed to all of our business units to build a top-down hierarchical management system. The external independent verification unit has been authorized every year to conduct the Anti-Money Laundering and Counter-Terrorism Financing Program Review.



The SCSB performs three lines of defense for anti-money laundering and counter-terrorism financing. For the first line, the business unit conducts customer and trade reviews and self-evaluation. (The business exclusive to the business unit is conducted by the business unit.) For the second line, the Anti-Money Laundering and Counter-Terrorism Financing Center (dedicated unit) and all business management departments carry out supervision. In addition to operation planning for anti-money laundering and counter-terrorism financing, the Center and all of these business departments execute activity spot checks and assessments for business units. (The KPI item for the business unit and its compliance manager includes tasks for anti-money laundering and counter-terrorism financing.)

For the third line, the internal audit unit and an external independent unit conduct third-party verification at least once a year. The head of the Anti-Money Laundering and Counter-Terrorism Financing Center and managers of all branches discuss on anti-money laundering and counter-terrorism financing issues at quarterly compliance meeting. If any business unit has any concerns about the implementation of anti-money laundering and counter-terrorism financing, it may report its concern to the Anti-Money

Laundering and Counter-Terrorism Financing Center via internal consulting form. Through the establishment of an internal counseling system, the SCSB can reinforce the effectiveness of three lines of defense and communication between lines of defense.

In addition, to enhance effectiveness and efficiency of anti-money laundering and counter-terrorism financing education training, the SCSB gradually reinforces application of RegTech and introduces Robotic Process Automation (RPA). The SCSB uses these technologies for customer due diligence (CDD), regular review, transaction monitoring, and characterization threshold calibration to increase efficiency and reduce labor burden. For example:

  • The SCSB develops and utilizes Robotic Process Automation (RPA) to collect shareholding structure of the legal entity customers with complex ownership structure from the government website automatically and calculate the final number of shares of natural person systematically. The technology is used to find the ultimate beneficial owner.
  • The SCSB participates in the development of a project for optimization of the CTP system of Taiwan Depository & Clearing Corporation. The multiple layer shareholding information is added to enhance the utilization of domestic shareholding information via the real-time/batch download function of Application Programming Interface (API). This effectively assists in identification of beneficial ownership in the complex shareholding structure for anti-money laundering.

Risk Management

In the SCSB’s risk management organizational structure, the Board of Directors is the highest decision-making unit. It must take at least six hours of risk courses a year to learn about risk management issues on anti-money laundering, anti-corruption and information security. The Risk Management Committee established under the Board of Directors is responsible for bank-wide risk management. The Risk Management Department established under the President, and our Deputy Executive Vice President Wan-li Teng supervises the Risk department and is responsible for building a bank-wide risk management mechanism and independently performing its duties for bank-wide risk management. Every responsible unit shall appoint risk managers based on its size, significance and complexity to conduct risk management for the unit. In addition, the Loan Review Committee and Investment Review Committee established under the President are responsible for loan risk management and investment risk management respectively.

Furthermore, for the purpose of incorporating the risk management metrics into financial incentives, the SCSB has set up specific risk management metrics for senior management personnel and general employees respectively to enrich the risk management culture within employees’ daily operations.

Three Lines of Defense for Risk Control



Risk Management KPIs Set-up

The SCSB asks managers and employees of the Risk Management Department to set up specific KPIs and job objectives that critically incorporate the risk management metrics into financial incentives. In 2023, the KPIs of the Deputy Executive Vice President of the Risk Management department can be seen in the table below.

Corresponding ESG Risk KPIs and Job Objectives in 2023 Weight(%)
Market Risk Stress testing is asked to be conducted within the SCSB and its branches thoroughly on a quarterly basis. Submitting sensitivity analysis of market risk and material for composing financial reports to the Accounting Department, OBU, and other departments every quarter. Providing information to external rating firms and audits conducted by accounts 4
Operation Risk Build up RCSA procedure targeting new departments for review by adding 60 new items to the existing procedure as well as reinforce the operation management at the same time 3
Credit Risk Set up the policy communication platform for both corporate finance and consumer finance to critically assist two departments in achieving project goals and optimizing risk management 5
Climate Risk
  • Implement Task Force on Climate-related Financial Disclosures required by local authorities and the Risk Management Department (e.g. TCFD scenario analysis, climate stress testing, drafting guidelines, and publishing TCFD reports)
  • Lead all business units to calculate the carbon footprint of investment and financing portfolios, promote the SCSB’s goal and SBTi, and empower the decarbonizing plan
  • Deploy and implement the internal carbon price mechanism applied to operating electricity usage at SCSB (Scope 2)
  • Empower and reinforce the internal management guidance and mechanism targeting climate risk and provide suggestions for the department to draft guidelines
  • Fill in climate-relevant external questionnaires and evaluations based on the Risk Management Department’s requirements (e.g. Corporate Governance Evaluation, Sustainability Evaluation, and DJSI )
8
Others
  • Review the SCSB’s execution process applied to whole stakeholders and delegations of roles and responsibilities whilst optimizing the function of the stakeholder management system
  • Strengthen key units (and new ones)’ awareness to build up KPIs and operating objectives
  • In 2023, there was no incident associating with operation risk happened in the SCSB nor putting the SCSB’s reputation at a stake
9

Improve the Customer Service

Customer Satisfaction Survey

Over the hundred years of the SCSB’s operation, the service DNA has been blended in our operation details. For example, we ask the new employees to take at least five hours of manner training. We established the “5 Heart to Heart Rules Manual in the Business Hall.” It establishes the key coping points for welcoming the guest, the waiting area, walk-in service, transaction and walking the customer out respectively. In addition, the SCSB wants to know what do customers think about all the businesses and services we provided, in order to take corrective and preventive measures based on customer’s advice and needs and enhance our ESG outcome. Since 2022, the SCSB has adopted the electronic method. The customer can scan the QR Code to fill out the customer satisfaction survey by counter.

Unit: Percentage

Customer satisfaction rate Unit Actual result for 2023 Goal for 2023
Satisfied customers In the satisfaction survey, the percentage of number of customers feel satisfied out of all the customers 98.16% Over 95%
Scope of data: All domestic operating units Percentage 100%

Structure and function of the Information Security Management Committee

Personal Data Protection Policy and Measures

“The SCSB Group Personal Data Protection Policy” has been drawn up to set up the basic management structure of the personal data protection system in the SCSB and its subsidiary. The Policy also guarantees the rights of the owner of personal information. In addition, the SCSB’s “Personal Data Management Policy” and relevant management guidelines are based on the “Personal Data Protection Act”. “The SCSB Group Personal Data Protection Policy” specified that the SCSB and its suppliers must comply with the Policy to realize and reinforce personal data protection. The SCSB’s personal data protection system was certified for Personal Information Management System (PIMS) in 2016. The SCSB set up the Personal Data Protection Management Team. Via risk evaluation, security regulations, system management, process improvement and education training, the SCSB continues to conduct Plan-Do-Check-Act (PDCA Cycle) to strengthen and protect client’s personal data obtained during the personal data life cycle. Meanwhile, the SCSB adopted the three lines of defense of the international management Best-Practice to guarantee client privacy through systematic group risk management procedure. Collection, handling and use of personal data at the SCSB complies with the “Personal Data Protection Act”.

The SCSB includes “Personal Data Protection” as part of the compliance risk self-assessment items from time to time, with each domestic unit performing its compliance risk self-assessment. If the assessment reveals a high level of risk, the unit should propose improvement plans and implement them accordingly.

To prevent customer data breaches and enhance the response capabilities to incidents of personal data infringement, the SCSB has established the “The Regulations Governing Reporting and Handling of Personal Information Security Incident”. When a suspected personal data security incident occurs, the unit’s Legal Compliance Officer should report it to the unit supervisor and make an initial assessment of the incident’s severity right away. Thereafter, the Personal Data Protection Management Team should be notified immediately to ensure the proper handling of the personal data security incident and protect clients’ rights. This involves communicating compensation plans and other necessary measures with clients. Subsequently, a security incident review meeting will be convened with relevant unit supervisors to formulate mitigation and prevention measures. Disciplinary actions against relevant personnel involved in the incident will be taken according to internal regulations.

In 2023, the SCSB received a letter from the local authorities stating that a data breach incident had occurred (accounting for 100% of exposed personal information) and was fined NT$ 10 million by Financial Supervisory Commission (FSC). In addition, according to the letter issued by FSC, the number of customers affected was 14,010, which was 0.68% of the statistical population of customer personal information held by the SCSB. Moreover, relevant units have gradually improved monitoring of the use of “external storage media (USB)”, strengthened access log management, and updated user access rights based on the principle of least privilege to enhance control measures.

Impact Valuation of Personal Data Breaches

According to the 2023 Cost of a Data Breach Report by IBM security, the customers’ and employees’ personally identifiable information (PII) was the most commonly breached and the costliest type of record — approximately $183 and $181 per record respectively. The SCSB has conducted an impact valuation converting the data breaches event in 2023 to measure the societal external impact. The number of customers affected in the event was 14,010, and thus the estimated amount of social cost of the event was $2,563,830(14,010*$183) based on the 2023 Cost of a Data Breach Report. The estimated amount indicated that the larger the scale of the data breach, the higher the cost to fix it. The SCSB emphasized the importance of personal information protection and continued to strengthen the protection mechanism of data.

We follow the “Standards Governing the Security of Personal Data Files for the Designated Non-government Agency” established by the Financial Supervisory Commission R.O.C. to establish relative internal regulations for the personal file security maintenance and to regulate the disposal of personal files after the business is over. To prevent personal information from being accessed inappropriately, control measures have been established for the regulations and systems of related operations. These will effectively secure personal information, protect the client’s right to personal information security, and maintain information security and privacy.

The SCSB has paid great attention to the security of personal data protection and adhered to the “Implementation Rules of Internal Audit and Internal Control System of Financial Holding Companies and Banking Industries” since 2017. A certified public accountant (CPA) conducts on-site audits of the design and implementation of the SCSB's personal data management system, and the relevant results are submitted annually to the FSC for review and approval. In addition, the SCSB has commissioned an accountant to conduct a bank-wide personal data protection audit in 2023.

Reporting level of incidents on all levels

Digital banking and Service Innovation