Our Focuses|Corporate Governance|Risk Management

Corporate Governance

“Business integrity” is the foundation of the sustainable operation of the enterprise, and it is the highest corporate culture and spirit of Winbond. Winbond is committed to formulating comprehensive corporate governance regulations and management processes, and continuously monitoring and improving processes. With the efforts of all colleagues, Winbond has been ranked in the top 20% since the first TWSE Corporate Governance Evaluation. Moving forward, we will continue to embrace a corporate culture founded on business integrity, establishing a trustworthy and reputable company.

SDGs 17 Partnerships for the Goals
SDGs 13 Climate Action
SDGs 8 Decent Work and Economic Growth

Renewable energy investment

955

million

International Voluntary Carbon Credits

13500

tons of CO2e

Integrity and ethics education and training for all directors and employees

100

%

Risk Management

Risk Management

Winbond belongs to the semiconductor manufacturing industry. Facing natural disasters, accidents, human-made incidents, changes in international political and economic situations, the emergence of new technologies, and changes in policies and regulations may all cause serious impacts on its operations and finances. Therefore, Winbond established a "Risk Management Committee" under the Board of Directors. This committee is one of the functional committees and organizes existing departments or units responsible for risk to enhance the overall risk management organizational structure. It formulates sound internal management regulations and operating procedures for each unit's scope of responsibility and conducts risk management.


Risk Management Committee Organizational Structure

*The Risk Management Team is currently led by Deputy CEO Chan, and its members include the President, Executive Vice President, Vice Presidents, Assistant Vice Presidents, and a total of 13 executive managers. The team is responsible for identifying, assessing, and implementing risk control plans across four major risk scopes and 17 specific risks. They establish both qualitative and quantitative management standards to enhance risk control practices and regularly report risk management outcomes to the Risk Management CommitteeThe operation of the Company's Risk Management Committee was reported at the 13th meeting of the 13th Board of Directors on December 20, 2024.

 

In 2023, Winbond revised the "Risk Management Committee Chapter" and formulated the "Risk Management Policy and Procedures" after receiving approval by the Board of Directors. It actively manages the four major types of risks faced by contemporary enterprises: "strategic," "operational," "financial," and "information security." It develops comprehensive plans and processes for pre-assessment, risk avoidance, loss prevention, and crisis management for various operational activities and regularly reports to the management and governance units to ensure that all corporate risk control goals are achieved. The risk management team should pay attention to the development of international and domestic risk management systems and changes in internal and external operating environments, adjust control mechanisms, report to the Risk Management Committee and the Board of Directors for approval, and enhance the effectiveness of risk management implementation. For details on the operation of the Risk Management Committee, please refer Functional Committee.

 

The company’s internal audit department is under the Board of Directors. Select audit items and frequency based on risk assessment results. It drafts an audit plan, which, after approval by the Board of Directors, is executed to assess the operational effectiveness of the internal control system. Audit reports are prepared accordingly, and follow-up reports on findings and recommendations are regularly submitted until all findings are resolved. To ensure that relevant units have taken timely and appropriate corrective actions, continuously enhancing the effectiveness of the risk management mechanism.


Internal audit department also ensures that all departments and subsidiaries regularly conduct self-assessments of the implementation of the internal control system. Risk management factors are incorporated into the annual internal control effectiveness verification process to conduct audits on organizational operations and risk management. 2023 self-assessment of the internal control systems and the audit tasks of the internal audit department were completed in January 2024.
 

 
4 Scope of Risk Management
Ⅱ- Operational Risk

 

①Operational Planning and Execution
②Product Quality Management
③Environmental, Health and Safety
④Supply Chain Management
⑤ Global Human Resource Management
⑥Intellectual Property Management
⑦Internal Control Management

 

 

Ⅰ- Strategic Risk

 

①Political Change
②Technology Change
③Industrial Change
④Climate Change

Ⅲ- Financial Risk

 

①Financial Operations
②Investment Management
③Capital Management
 

Ⅳ- Information Risk

 

①Information Management
②Information Security
③AI Application

 

 

 

 

Winbond Risk Management Policy and Procedures

 includes but not limit to: ❶ Risk management objectives. ❷ Risk management organizational structure and responsibilities. ❸ Risk management procedures.

 

Winbond Risk Management Objectives

Winbond aims to manage various risks that may impact the achievement of company goals through a comprehensive risk management framework. By integrating risk management into operational activities and daily management processes, Winbond aims to achieve the following objectives: ❶ Achieve company goals. ❷ Enhance management efficiency. ❸ Provide reliable information. ❹ Allocate resources effectively.

 

Risk Management Procedures

Winbond's risk management procedures include at least five elements: risk identification, risk analysis, risk assessment, risk response, and supervision and review mechanism. The specific procedures and methods for each element are as follows:

 
 
Risk Identification
 
 
Risk Analysis
 
 
Risk Assessment
 
 
Risk Response
 
 
Supervision
and Review

 

Risk Identification
  • Each functional unit and subsidiary should identify the risks of the short-, mid-, and long-term objectives and the business operations based on the company's risk management policies and procedures.
  • Various feasible analysis tools and methods (such as process analysis, scenario analysis, questionnaire surveys, PESTLE analysis, etc.) should be used for risk identification. Risks should be analyzed from both topdown and bottom-up perspectives, considering internal and external risk factors, stakeholder concerns, etc., to comprehensively identify potential risk events that may affect the company's goals or cause losses or adverse impacts.

     

Risk Analysis

Each functional unit and subsidiary should analyze the probability and impact of identified risks based on existing control measures, past experiences, industry cases, etc., and calculate the risk value accordingly. 

  • Risk Analysis Measurement Standards: 
    • The risk management team should establish appropriate quantitative or qualitative measurement standards based on the company's risk characteristics as the basis for risk analysis.
    • Qualitative measurement standards refer to expressing the probability and impact of risk events through textual descriptions, while quantitative measurement standards refer to expressing the probability and impact of risk events through specific measurable numerical indicators (such as days, percentages, amounts,
      numbers, etc.).
  • Risk Appetite:
    • The risk management team should develop risk appetite (risk tolerance) and report it to the Risk Management Committee and the Board of Directors for determining the company's acceptable risk threshold. Based on the risk appetite, the risk management team should discuss the corresponding risk levels for each risk value and the response methods for each risk level, serving as the basis for subsequent risk assessment and risk response.

 

Risk Assessment:
  • Each functional unit and subsidiary should, based on the results of risk analysis, align with the risk appetite approved by the Risk Management Committee and the Board of Directors. They should then plan and execute subsequent risk response measures according to the risk levels.
  • The relevant results of risk analysis and assessment should be accurately documented and reported to the Risk Management Committee.

 

Risk Response
  • After assessing business risks, each unit should propose appropriate risk response measures and control operations and report them to the risk management team for review.

 

Supervision and Review
  • The risk management team should regularly report the implementation results of risk management procedures to the Risk Management Committee as a reference, and report major risk events to the Risk Management Committee and the Board of Directors, as necessary.

 


In addition, Winbond has incorporated climate change risks into its long-term business operations management. To understand the impact on the environment and operations, Winbond has adopted the Task Force on Climate-related Financial Disclosures (TCFD) framework since 2021. Observing international regulatory trends and market developments, Winbond annually identifies and discloses the financial impacts of climate-related risks and opportunities (including quantitative and qualitative aspects), and proposes review and management strategies. Winbond will continue to monitor the risk impacts brought by climate and strengthen the company's operational capabilities, promote various carbon reduction projects, improve energy efficiency, and steadily move towards sustainable development. In 2024, Winbond also adopted the LEAP methodology of the Taskforce on Nature-related Financial Disclosures (TNFD), organized a cross-departmental working group to identify nature dependencies and impacts, introduced TNFD disclosure guidelines, and published the "2024 Climate and Nature Report". Please refer to Climate Change Management for detailed information.

Risk Analysis Table

Strategical Risk

 

Operational Risk

 

Financial Risk

 

Informational Security Risk

 
Risk TypeDescription of Impact AssessmentResponse MeasuresMitigatiing ActionsProgress
Technological
  • Emerging storage technologies provided alternative solutions that could impact the high-density NOR Flash market, thereby affecting Winbond's flash memory business.
  • Geopolitical tensions could disrupt supply chains, impacting Winbond's business continuity and growth opportunities with tier-one customers and automotive clients.
  • New ESG goals and carbon emission reduction regulations could increase manufacturing costs.
  • In addition to existing major memory manufacturers, new Chinese memory design companies and increased capacity in China have intensified competition.
  • Competitors using alternative technologies were offering smaller chip sizes, better performance, and lower costs, threatening Winbond's market share in flash memory.
  • Through innovations in heterogeneous packaging, product design, product functionality, and process technology, and seeking cooperation with external emerging storage technology providers, we provided innovative storage solutions.
  • Planned multi-source production supply chains to reduce the risk of product supply chain disruptions.
  • According to Winbond's Renewable Energy (RE) strategy, actively promoted Winbond parts manufactured by RE, and supported our commitment to green products through the carbon accounting system to obtain premiums and reduce price erosion.
  • Flash memory strategies included: 1) customized cooperation with leading customers, 2) expanding the high-density flash memory product portfolio, 3) innovative products, more digital circuits and processors built-in for intelligent storage, and heterogeneous storage integration.
  • Improved products based on customer feedback and market feedback, focusing on customization for target applications.
     
  • Continued investment in next-generation technology development and evaluation of emerging storage technologies.
  • Deep understanding of customer needs, providing innovative features and excellent specifications—making Winbond's flash memory products sticky due to the features and specifications required by customers.
  • Planned possible options for multi-source production supply chains according to customer expectations, and sought feasible solutions together with customers.
  • Maintained the Renewable Energy (RE) strategy and clarified the demand for "clean energy" or "carbon-free energy" to formulate the next steps.
  • Followed a customer-centric flash memory strategy, expanded business in leading customers, target, and emerging applications through product roadmap planning, product upgrades, customized applications, and then innovative products with new technologies and heterogeneous storage integration.
     
  • A series of product lines with different cost structures and feature sets, including ultra-high performance (LPDDR4 NVM), Octal/Qspi Combo NOR Flash with RWW and security, Wide IO, and GP Flash.
  • Communicated with customers to identify feasible multi-source production supply chain solutions, set a timetable, executed according to the plan, and made real-time adjustments as the situation changed.
  • Branded green products, reflecting Winbond's competitiveness in unique value propositions, becoming the invisible champion in the flash memory field.
  • Through deep cooperation with leading customers on customized flash memory solutions, brought sustainable revenue sources and higher profits to Winbond.
  • Obtained new revenue sources from emerging applications through innovative products, bringing new momentum for long-term growth
Industrial Change
  • China's localization policy could impact Winbond's performance in mainland China.
  • Reduced reliance on mainland Chinese customers for its end market.
  • Expanded business opportunities in Europe and the United States.
     
  • Reduced the proportion of domestic sales in mainland China and increased opportunities for production exports from China.
     
Climate Change
  • Carbon fees could directly increase costs
  • Implemented energy-saving and carbon reduction measures.
  • Purchased renewable energy.

     

  • Set annual energy-saving and carbon reduction targets, planned and executed energy-saving and carbon reduction programs, and regularly tracked effectiveness.
  • Continued to purchase renewable energy.
     
  •  Held quarterly ESG meetings chaired by the General Manager to track effectiveness. Held semi-annual Sustainability Development Committee meetings chaired by the Chairman to track effectiveness.
  • Climate change risks: Under the exacerbated environment of global warming and extreme weather, transitional climate risks and physical climate risks could impact the company's financial and operational aspects.
     
  • Introduced the TCFD management framework, identified sources of climate risks and assessed their impacts, and formulated mitigation and adaptation measures to reduce climate risk impacts and enhance the company's operational resilience.
     
  • According to the TCFD management framework, identified major climate risks, assessed response measures one by one, to mitigate and adapt to the impacts of climate change.
  • Established the Winbond TCFD platform and continuously optimized it to facilitate the annual TCFD working group discussions and produce reports.
  • Published the climate-related financial disclosure report (TCFD Report) to review Winbond's operational resilience in facing climate issues and improve climate information transparency.
  • Carbon rights management: Due to the immature voluntary carbon rights trading mechanism, the domestic and international trading market liquidity was poor, and currently faced risks such as carbon rights quality, source, and transaction transparency.
     

 

 

 

 

 

  • Established Internal Voluntary Carbon Credit Investment Standards, implementing risk management mechanisms from pre-investment evaluation, division of responsibilities, quota authorization, and internal control systems.
  • Formulated internal carbon rights investment standard checklists to comply with international high-quality carbon rights trends.

 

  • Screened and evaluated transaction targets according to the provisions of the transaction procedures and executed transactions
  • Continuously tracked domestic and international voluntary carbon rights trading regulations and established high-quality carbon rights procurement channels, regularly reviewed carbon price fluctuations, and appropriately updated internal operating specifications.

 

  • Participated in the voluntary carbon rights market transactions since 2022 and continuously increased diversified carbon rights acquisition channels, disclosed annually in the ESG report to review Winbond's carbon rights management practices.

 

Risk TypeDescription of Impact AssessmentResponse MeasuresMitigation ActionsProgress
Operation Planning and Execution
  • Disaster Risk: Semiconductor fabs are highly sensitive to disasters such as fires, earthquakes, water shortages, and power outages due to their characteristics of high precision equipment, production in cleanroom environments, stable water and power supply requirements, expensive equipment, and long lead times. 
    Additionally, semiconductor processes require the use of various flammable gases and chemicals. Taiwan is located in a seismic zone and has faced ongoing concerns about power and water supply in recent years, making semiconductor fabs vulnerable to disaster hazards. 
    If any of the aforementioned disasters occur, it could cause significant damage to plant equipment and business interruptions, as well as potential loss of customers due to supply disruptions.
  • Fire: Established fire protection zones, used non-combustible materials for buildings and equipment as much as possible, fully installed automatic fire protection systems according to international insurance industry standards, conducted regular ERT training drills, and performed regular maintenance and testing of fire protection systems according to the plan.
  • Earthquake: Designed buildings for earthquake resistance, fixed machines for earthquake resistance, and maintained inventory of spare parts.
  • Power outage: Installed emergency generators and uninterruptible power systems, performed regular maintenance and testing of emergency generators and uninterruptible power systems according to the plan.
  • Water shortage: Built backup water tanks and continuously implemented water-saving measures in the process.
     
  • Existing fab equipment underwent regular inspections and testing to ensure system normalcy.
  • New fab equipment continued to be designed and constructed according to standards.
     
  • Since the establishment of the CTSP Fab and Kaohsiung Fab, normal supply has not been affected by natural disasters.
Product
Quality
Management
  • Quality Risk: Product quality failures during customer use can reduce customer satisfaction and affect the company's reputation.
     
  • Promoted Quality Excellent 2.0 (doing things right the first time, precise description, and improving customer satisfaction) to enhance quality culture and reduce defect rates.
     
  • Pursuit of excellence in quality was included in the annual individual performance appraisal.
  • Completed customer satisfaction surveys, proposed improvement plans and actions.
  • Strengthened FMEA to avoid high and medium-risk items in process development
  •  Enhanced reliability certification and failure analysis skills and talent cultivation for CMS products.
  • Quarterly environmental, safety, and health management meetings were held to track environmental, safety, and health indicators, all of which met the park's standards
Environment,
Safety, and
Health
  • Water Resource Management: If the park's standards are not met, additional sewage fees will be charged.
     
  • Installed multiple continuous monitoring instruments in the effluent discharge pipes; tightened the definition of each measurement limit based on the park's standards and set up a feedback mechanism.
  • Regularly commissioned external inspection agencies to sample and analyze to ensure normal monitoring.
     
  • Installed continuous monitoring equipment; tightened the definition of each measurement limit based on the park's standards and set up a feedback mechanism.
  •  Conducted monthly self-commissioned external monitoring.
  •  Conducted statutory external monitoring every six months.
  • In quarterly operational meetings and quality management review meetings, product failure rates and major incidents were reviewed, and effective improvement measures were taken and tracked.
     
  • Resource Recycling: If opportunities for recycling or reducing waste are not continuously sought, processing costs may continue to increase.
     
  • Reduced waste generation in the fabs through reduction or reuse and increased recycling rates.
  • The long-term goal of waste management is to achieve a waste recycling rate of over 90% annually in Taiwan fabs by 2030.
  • Reduced waste generation in the fabs through reduction or reuse and increased recycling rates.
  • The long-term goal of waste management was to achieve a waste recycling rate of over 90% annually in Taiwan by 2030.
  • Quarterly environmental, safety, and health management meetings were held to track environmental, safety, and health indicators, with a waste recycling rate of >91%
  • Major Occupational Accidents and Occupational Diseases: Affect production.
  • According to the procedures of the Environmental, Safety, and Health Management System, through routine internal audits, reviews, and updates every six months, and annual external audits and supervision, Winbond continuously safeguarded the workplace safety environment for colleagues, reduced potential risk factors, and continuously improved.
     
  • Established ISO 45001 and CNS 45001 Occupational Health and Safety Management Systems, formulated various regulations, implemented education and training, safety inspections, and operational safety permit systems, supplemented by internal and external audit procedures, and continuously improved.
     
  • Quarterly environmental, safety, and health management meetings were held to track environmental, safety, and health indicators, with no major occupational accidents or occupational diseases occurring.
Supply Chain Management
 
  • Supply Chain Disruption Risk: Suppliers faced price increases or production interruptions and delays due to raw material acquisition, political interference, natural disasters, transportation, and other production costs, which could lead to deferred shipments, failure to meet customer delivery requirements, resulting in penalties or contract fines and loss of goodwill.
     
  • High-risk critical raw materials, increased self-owned inventory levels.
  • Increased second or third source suppliers to reduce reliance and limitations on a single source.
  • Increased localization of supply to avoid cross-border transportation risks and costs.
  •  Enhanced digital system development and its efficiency, through real-time monitoring, timely identification, and resolution of potential issues.
  • Dynamic adjustment of critical raw material inventory levels.
  •  Continuous evaluation of the introduction of second or third source suppliers.
  • Continuous evaluation of the introduction of localized supply chains.
  • Introduction and development of digital systems.
     
  • Winbond has never experienced production interruptions or operational losses due to supply chain disruptions.
     
Global Talent
Management

Long-term Human Resource Supply Shortage:

  • Specific Area Impact: In 2024, the turnover rate of wafer fab employees and engineering assistants exceeded 10% and 20% respectively, with an average company-wide turnover rate of approximately 7%.
  • Graduate Impact: The number of graduates at all levels from academic years 104 to 121 fluctuated, with a decrease rate of -15.8% for doctoral graduates and -22.4% for master's graduates, reducing from 56,000 to 43,000.
     
  • Used retention bonuses to increase employee retention willingness, and provided education and training for supervisors at Kaohsiung Fab to boost team morale and create a positive organizational atmosphere.
  •  Created a cross-regional talent pool to flexibly support specific regional manpower gaps.
  •  Increased employee compensation, simultaneously raised annual salary adjustments and added retention bonuses.
  •  Introduced international talent.
  • Used AI to enhance employee productivity, controlled headcount growth, and provided each employee with the opportunity to obtain higher reward resources.
     
  • Retention bonuses: Completion of retention bonus operations for specific groups.
  • Supervisor and team collaboration training: Ongoing.
  •  Establishment of a group talent pool: Conducting flexible personnel allocation across companies and establishing systematic management systems.
  •  Participation in government and school international programs.
  • Introduction of AI Tools
  • Retention bonuses: The turnover rate has stabilized.
  • Education and training: The number of grievance cases has decreased.
  • The number of cross-company flexible transfer cases continues to increase.
  •  Establishing an AI tool platform, scheduled for promotion by the end of the year.
     
IP Management

Royalty Expenditure and Image Damage Risk:

  • Intellectual Property Claims or Litigation by Competitors: Competitors filed intellectual property claims or litigation against Winbond.
     
  • Intellectual Property Claims or Litigation by NPE: NPE (Non-Practicing Entity) filed intellectual property claims or litigation against Winbond.
  • Business Secrets Theft by Competitors: Winbond's business secrets were stolen by competitors, reducing competitiveness.
     
  • Encouraged and guided employees to produce high-value patents.
  •  Promoted the importance of business secrets and Winbond's protection measures.

 

  • Conducting patent education and training.
  • Organizing activities to strengthen the concept of business secrets and enhancing various software and hardware protection measures.
  • Achieved annual targets for patent and business secret applications.

 

Risk TypeDescription of Impact Response MeasuresMitigating ActionsProgress
Financial Operations
  • Exchange Rate Risk: When a company engages in import and export transactions using foreign currency, fluctuations in exchange rates during the payment period can result in differences in the final amount received or paid by the company, leading to exchange gains or losses.
  • Engaged in foreign exchange derivative financial products and increased the proportion of foreign currency liabilities to effectively reduce the impact of exchange rate fluctuations on gains and losses.
  • Closely monitored macroeconomic data and international political and economic events, Maintained contact with the foreign exchange trading room to understand the movements and operations of foreign investors and central bank.
  • Daily tracking of foreign currency cash balance and close communication with sales, procurement, and funding units to confirm changes in foreign currency net positions.
  •  After president Trump was elected as the 47th President of the United States, tariff disputes and trade conflicts between the US, Europe, and China increased global economic uncertainty, delayed the decline of US inflation, and postponed the Federal Reserve's interest rate cuts; the situation will continue to be monitored, and trading strategies will be adjusted flexibly.
     
  • Reviewed and analyzed the causes of exchange gains and losses twice a month, flexibly adjusted hedging strategies based on real-time market information, ensuring that exchange rate fluctuation risks and exchange gains and losses remained within controllable ranges.
  • Interest Rate Risk: When market interest rates rise, the interest expenses on long-term loans with floating interest rates increase; when market interest rates fall, the income from interest-bearing products decreases.
     
  • Flexibly used floating and fixed interest rate financing tools to reduce the sensitivity of long-term loan positions to interest rate changes.
  •  Managed funds flexibly, using both long-term and short-term credit facilities.
  • Arranged fixed deposits according to market interest rate trends.
  • Applied for high-interest demand deposit accounts to improve overall bank account interest rates.
  •  Appropriate allocation of floating and fixed interest rate loan positions, and assessment of the impact of interest rate changes on interest costs, ensuring that the increase in interest expenses remains within a controllable range.
  •  Use short-term credit facilities according to funding needs, delaying borrowing higher interest rate long-term loan to reduce interest costs and risks under Taiwan's interest rate hike cycle.
  • Arrange short-term fixed deposits when market interest rates are expected to rise to increase interest income; arrange long-term fixed deposits when market interest rates are expected to fall to lock in interest income.
  •  Concentrate account receivable in high-interest demand deposit accounts.
  •  Long-term loan interest rates included both floating and fixed pricing methods to mitigate interest rate fluctuation risks.
  •  Flexibly utilized short-term loan while maintaining reasonable fund levels, thereby preserving long-term loan facilities and reducing interest expenses.
  •  Accurately estimated receipt and payment amounts to increase fixed deposit positions.
  • Placed short-term funds in bank demand accounts offering preferential interest rate.
Investment Management
  • Investment Risk: Mainly arises from the investment returns and asset impairments of strategic and financial investments.
     
  • Established prudent investment decision-making processes, conducting comprehensive evaluations of investment targets in terms of technology, products, market, management, and finance before investing, and setting different investment decision approval standards based on the investment amount.
  • Regularly tracked and evaluated investment targets during the holding period to maximize investment returns and prevent or mitigate losses.
     
  • Strictly follow relevant measures to control investment risks, such as "Regulations Governing the Securities Investment Management," "Regulations Governing the Acquisition and Disposal of Assets," "Regulations Governing the Subsidiary Management," and "Self-assessment Measures for Internal Control Systems."
  •  Continuously deepen pre-investment evaluation capabilities, paying attention to market economic trends, and simultaneously promoting cross-departmental cooperation to facilitate diversified evaluations.
  •  Automate the generation of post-investment management reports and optimize them, allowing the finance department to have more time to focus on reviewing and adjusting investment portfolios
  • Investment decision-making processes complied with both internal Winbond regulations and external regulatory authorities.
Funds Management
  • Funds Management Risk: Mainly arises from wrong financing decisions, causing significant funding gap, leading to credit risks where the company is unable to repay loans or pay interest on time.
     
  • Assessed capital efficiency and repayment ability in advance to reduce financial leverage risk and avoid impacting the stability of the company's financial structure due to excessive debt or improper fund allocation.
  • Strictly follow relevant regulations to control fund management risks, such as "Regulations Governing Loan Management " and "Regulations Governing Fund Management Operation"
  • Track cash flows generated by operations based on the five-year cash flow simulation provided by the accounting division, ensuring control over cash flow and future changes.
  • Fund planning should ensure timely repayment and interest payments to reduce uncertainty and control fund management risks.
     
  • Financing decisions and fund allocations complied with internal and external regulations, and were executed upon obtaining approval based on authority matrix.
  • Regularly tracked changes in cash inflows and outflows to enhance control over cash positions.
     
Risk TypeDescription of Impact Response MeasuresMitigating Actions Progress
Information Management
  • Information Management Risk: Vulnerabilities and threats at various stages of the data lifecycle could lead to data breaches, data integrity destruction, and data availability impairment. These risks further result in legal liabilities, financial losses, reputational damage, and decreased competitiveness.
  • Personnel: Conducted regular data security awareness training and enhanced employee behavior monitoring.
  • Technology: Established multi-layered security protection systems, adopted data encryption technology, implemented access control mechanisms, and conducted regular vulnerability scans.
  • Processes: Classified and graded data based on its usage, sensitivity, and importance, stored it in different network segments, and adopted corresponding protection and control measures.
  • Short-term: Established a data protection project, inventoried the company's business secrets and sensitive data, conducted data classification, grading, labeling, and management.
  • Mid-term: Introduced automatic data labeling and advanced data encryption technology to ensure data security and convenient use.
  • Long-term: Established an intelligent data leakage monitoring and prevention system to reduce damage caused by data breaches and cyberattacks.
  • Significantly reduced data leakage risk: Enhanced data security.
  •  Strengthened regulatory compliance: Ensured data security management complies with relevant regulations.
  •  Increased customer trust: Maintained brand reputation and enhanced market competitiveness
Information
Security
  •  Information Security Protection Risk: Originating from external threats (such as cyberattacks, malware, supply chain attacks) and internal threats (such as human error, malicious behavior, system vulnerabilities). These threats could cause system paralysis, service interruptions, data destruction or theft, leading to financial losses, legal liabilities, reputational damage, and decreased competitiveness.
     
  • Personnel: Conducted comprehensive information security training, prevented phishing attacks, and strengthened incident reporting and response.
  • Technology: Enhanced system protection, updated security patches, introduced firewalls and intrusion detection, and adopted multi-factor authentication.
  • Processes: Established an information security management system, obtained ISO 27001 certification, and conducted regular security tests.
  • Short-term: Strengthened endpoint protection and real-time monitoring of potential threats.
  • Mid-term: Introduced threat intelligence and risk management systems, conducted penetration testing and red team exercises.
  •  Long-term: Introduced a zero-trust network architecture, established secure development processes, and developed AI defense capabilities
  • Improved network security protection level: Reduced cyberattack risks.
  •  Enhanced information security resilience: Shortened incident response time.
  • Ensured business continuity: Reduced the impact of information security incidents on the company's finances and reputation.
  •  No information security incidents affecting company operations occurred in 2024.
  • All employees received information security training: 100% completion rate.
AI Application
  • AI Application Risk: Covering multiple aspects including technology, operations, governance, compliance, ethics, and strategy, potentially leading to model performance instability, security incidents, decision errors, resource waste, and hindrance in transformation processes, further causing financial losses, reputational damage, and decreased competitiveness.
     
  •  Personnel Training: Provided professional training for AI developers and users to enhance their understanding of decision-making risks, privacy protection, and governance risks.
  • Data Management: Strengthened data quality control to ensure data accuracy and integrity.
  • Risk Assessment: Conducted comprehensive risk assessments and reviews during the development and deployment of AI systems.
     
  • Short-term: Enhanced data access control and protection, collaborated with legal and patent experts to reduce intellectual property risks.
  •  Mid-term: Strengthened talent training in the AI field, narrowed skill gaps, and established AI talent development and recruitment mechanisms.
  •  Long-term: Improved AI governance levels, established compliance systems, and ensured compliance.
  • Reduced risks: Minimized decision errors, privacy breaches, and violations.
  •  Increased trust: Improved AI decision transparency, enhancing customer and partner trust.
  • Enhanced competitiveness: Improved market position and competitive advantage through innovation and talent development.

For more information on Information Security Management Policy, please refer to: Information Safety.

Emerging Risks

 

Emerging RisksDescriptionImpactMitigating Actions
 
 
 
 
 
 
 
Geopolitical Risk

The U.S.-China rivalry and Taiwan Strait tensions have posed challenges to Taiwan's semiconductor industry. As trade friction and technological competition between the U.S. and China escalate, Taiwan has become a focal point for both countries. Security issues in the Taiwan Strait are also a concern for global companies, who worry about the stability of Taiwan's supply chain amid political uncertainty, which could impact semiconductor production.


To mitigate their dependence on Taiwan, global companies are urging Taiwanese semiconductor firms to establish production bases in other regions. This strategy aims to diversify risks, ensure the stability of the global supply chain, and shield businesses from potential disruptions due to changes in Taiwan's political situation.
 

In conclusion, Winbond should weigh the high investment costs of globalization in the current volatile global environment and enhance its risk management and contingency planning to stay competitive in the future market.
 

  • China is actively supporting the localized semiconductor industry, which will increase the pressure of competition in the market. 
  • The U.S., Japan, and the European Union are inviting companies to set up factories in their countries, which will increase competition in the market.
  • The supply of raw materials for semiconductors may be interrupted due to global or Taiwan Strait geopolitical or military actions, which may pose a challenge to operational stability.
  • Winbond Group's semiconductor business has its main production base in Taiwan. In 2024, approximately 60% of the consolidated turnover will be generated from its own wafer fabrication facilities in Taiwan. The remaining 40% is produced by foundries, with a portion also coming from their Taiwan-based facilities. In the event of a conflict in the Taiwan Strait, operations could be severely impacted.
     
  • Find out the feasibility of transferring the production of foundry and packaging and testing companies to non-Taiwanese factories and reduce the proportion of manufacturing in Taiwan.
  • Monitor the policy direction and implementing localization strategy by paying attention to the policy direction of each country. This includes the localization of product development and manufacturing. 
  • Establish a second warehousing and shipping center in Southeast Asia to 
    diversify the risk of centralizing logistics in Taiwan and to provide customers with faster response time.
  • Develop service-oriented business to increase added value and reduce dependence on manufacturing resources.
 
 
 
 
 
 
 
 
 
Risks of AI Applications

In the era of rapid development of AI technology, AI is expected to bring many growth opportunities for enterprises in terms of productivity enhancement, business modeling, and innovation. However, before the technology enters the maturity stage, AI application will also bring multiple and complex risks to enterprises, such as the security and reliability of the AI model itself, AI governance, ethics, privacy, and regulatory completeness, and so on.


In the face of the global development trend led by AI, Winbond has been actively investing in various AI developments and applications. In addition to achieving concrete results in R&D, marketing, production and management, Winbond has also been considering the operational risks brought by AI and taking countermeasures. Overall, Winbond believes that through proactive risk analysis and management, we can accelerate and magnify the benefits of AI on business performance and minimize the negative impacts.

  • At the stage of rapid development of technology and algorithms, technical issues such as insufficient data and defective models may lead to inaccurate analysis of data and decision-making suggestions, which in turn may lead to wrong business decisions and cause losses.
  • More and more hackers are targeting the operation of AI, and competitors may use data contamination and parameter tampering to engage in negative business competition.
  • The application of AI in decision-making may simultaneously create risks in terms of operation supervision, responsibility attribution, and legal compliance.
  • AI is currently in a stage of accelerated growth, and if the application of AI lags its competitors, it may completely lose its original competitive advantage or even fall behind its competitors in a very short period of time.
  • Winbond is actively enhancing talent recruitment, training, and algorithm development, while fostering partnerships with the AI industry and academia to improve AI tool quality used within Winbond. 
  • Winbond is strengthening network security against hackers, besides traditional network security, we focus on AI-specific protections and reinforce measures to prevent and verify hacking in algorithms and program codes, ensuring smooth data and algorithm operations. 
  • Winbond has established a hierarchical management system where supervisors and operators are accountable for their tasks while leveraging AI to boost productivity. Besides, Winbond continuously optimizing AI interfaces and ensuring legal data use.
    Through our AI strategy of mass trials, rapid screening, and optimized promotion,
  • Winbond maintains a competitive edge in the AI development process through extensive trials, rapid screening, and optimized promotion strategies. Dedicated AI teams swiftly assess and implement external tools or algorithms, continuously optimizing and enhancing AI applications as new solutions emerge.