Nan Shan Life, as one of Taiwan’s major financial and insurance institutions, plays a vital role in supporting financial stability. To ensure capital adequacy and solvency, and to maintain sound business operations and development, Nan Shan Life has established a robust risk management organizational structure, mechanisms, and culture. Through a systematic risk management process, Nan Shan Life identifies, assesses, monitors, responds to, and reports all material and foreseeable risks arising from its operations. These efforts are designed to safeguard the Company’s assets and protect client interests.
Risk Management Organizational Structure
The Board of Directors of Nan Shan Life serves as the highest supervisory and decision-making authority for risk management, bearing ultimate responsibility for the Company’s overall risk oversight. A Risk Management Committee, reporting to the Board and chaired by an independent director, has been established to implement the Board’s risk-related resolutions and regularly review the overall effectiveness of the Company’s risk management framework. In addition, the Company has appointed a Chief Risk Officer and established an independent Risk Management Department to assist in formulating and executing risk management initiatives approved by the Board, and to carry out cross-departmental and cross-functional risk monitoring and control.
Nan Shan Life strengthens its internal control system and implements effective risk management through a Three Lines of Defense risk management mechanism.
Risk Identification and Management
Nan Shan Life takes a rigorous approach to identifying, assessing, monitoring, responding to, and communicating all reasonably foreseeable and relevant risks in its operations. These include, but are not limited to, market risk, credit risk, operational risk, insurance risk, liquidity risk, and asset-liability matching risk. Risk control mechanisms are established through various tools such as Risk and Control Self-Assessments (RCSA), Key Risk Indicators (KRI), market risk measurement systems (e.g., Algo), and operational risk event reporting. Internal models are continually optimized.
Business Continuity Management
Nan Shan Life has established a business continuity management mechanism in alignment with international standards. The Board of Directors serves as the highest supervisory authority for the Company’s business continuity efforts. The Company has formulated a Business Continuity Management Policy and developed corresponding strategies and solutions to safeguard the safety of personnel, maintain operational continuity, and ensure the availability of IT systems in the event of incidents, disasters, or unforeseen events. This mechanism aims to protect client rights and critical business operations from internal and external threats—intentional or accidental—while minimizing the likelihood and impact of disruptions. The Company conducts annual drills, including fire evacuation, offsite backup operations, and IT disaster recovery exercises, to ensure that core functions can be restored to the minimum acceptable service level within the recovery time objective during a disruption. Through the implementation of the Plan-Do- Check-Act (PDCA) cycle, the Company continuously improves its business continuity framework, thereby enhancing operational resilience. In 2024, the Company completed the renewal of its ISO 22301:2019 Business Continuity Management System certification, ensuring uninterrupted customer service.
Building a Risk Management Culture
To reinforce effective risk management and internal controls, Nan Shan Life actively cultivates risk awareness among all employees and continues to strengthen incident reporting and internal control mechanisms, embedding risk management into daily operations.
Emerging Risk Management
Facing the increasingly complex global financial business environment, Nan Shan Life‘s emerging risks working group collects emerging risk information from external organizations each year and refers to the Global Risks Reports published by the World Economic Forum to identify the emerging risk issues in the environment, society, economy, geopolitics, and technology that the Company may face in the future, assess the likelihood of occurrence, potential impact, and possible time scale of impact, identify emerging risks of concern, and develop relevant adaptation measures and countermeasures and report the results of the annual new risk identification, countermeasures, and regular review of the new risk management implementation to the Risk Management Committee and the Board of Directors.
