中文   |   [English]

Taiwan Stock Exchange

Governance

The TWSE expects to set an example for corporations in Taiwan, and has spared no effort in strengthening the roles and competencies of the board of directors and member diversification, plus advancing the structure of corporate governance. The TWSE goal is to form reliable governance cultures in Taiwan corporations.



Corporate governance


  • Board of Directors

    The 15-member Board of Directors comprises four female directors (two director aged 51-60 years, and two aged over 60 years) and 11 male directors (five directors aged 51-60 years, and six aged over 60 years). A total of 14 board meetings were convened in 2022 with an attendance rate of 85.82%.



    Three press conferences were held in 2022 following monthly board meetings and those for significant issues, which included Corporate Governance Evaluation results, new market developments, and strengthening the monitoring mechanisms for listed companies. More than 800 press releases were issued.


  • Nomination and selection of board of directors

    At least one-third of the current 15 directors and three supervisors are experts appointed by the supervisory authority; the rest have been elected by shareholders. The TWSE Chairman, appointed by the supervisory authority in accordance with the Securities and Exchange Act and approved by the Board, fulfills his duties stipulated in the "Integrity Governance Principles for Directors and Supervisors" to strictly avoid conflict of interest. The selection of the TWSE board members is open, transparent, fair, and complies with the principle of diversity. Directors and supervisors serve three-year terms, and their expertise and independence are prioritized. Current directors have rich industry, academic and practical experience. If any cases of conflict of interest are on the agenda for any monthly board meeting and a director must recuse themselves, the TWSE requires that the director who has a personal interest in the matter under discussion at a board meeting shall explain to the board meeting the essential contents of such personal interest, according to Paragraph 2, Article 206 of the "Company Act."


    In addition, the TWSE purchased director and officer ("D&O") liability insurance for all directors and supervisors to reduce and disperse the risk of significant damage caused to the company and shareholders by the mistakes or negligence of directors. This will enrich corporate governance and fulfill the functions of directors.


  • Governance Framework

    The TWSE mission is to encourage investment, boost economic growth, assist business development, and protect investors' rights and interests. The President is responsible for carrying out the resolutions of the board; the senior executive vice presidents assist the President in conducting operations through subordinate departments. In addition, the Internal Audit Office is established independently from other departments, and answers directly to the board. The TWSE organizational framework is as below:



    Furthermore, to raise awareness of sustainability issues, the TWSE established the Sustainable Development Committee in 2020 with the TWSE President as the committee leader and five working groups: Governance, Securities Market, People, Society and Environment. The Sustainable Development Committee is responsible for setting policies, targets, and related activities to promote sustainable development. Committee resolutions require a quorum of at least half of the committee members, and minutes are taken of agreed-upon resolutions and the discussions thereof. The committee may authorize relevant TWSE departments or working groups to carry out their decisions. Two committee meetings were convened in 2022. Each year, the company updates the Board of Directors regarding the sustainable policies, implementation status, and performance through the TWSE Sustainability Report.




Integrity and compliance

As the TWSE is responsible for supervising domestic securities transactions, it holds itself to the highest level of integrity in operations and management with the objective of leading listed companies by example. Directors must sign a "Consent to Act as Director" when they assume their position, and are required to abide by all applicable laws and regulations. Likewise, employees must sign the "Employee Statement" when they are hired to ensure their compliance with anti-corruption related standards and regulations. Departments within the TWSE each conduct their own compliance risk assessment. To avoid incidents of corruption, fraud, or unethical behavior by TWSE employees, the TWSE has laid down a code of conduct urging staff members to exercise duty of care, uphold fairness in carrying out their duties, and ensure the realization of integrity governance. No bribery or corruption incidents were found in 2022.




  • Third-party Reporting Center Platform ("Reportnow")

    The TWSE's Reportnow, was commissioned to an impartial third party so that it may process grievances in a fair and unbiased manner. When the TWSE or any of its employees are suspected of a crime, corruption, fraud, or violation of the law, a whistleblower can file a complaint on Reportnow through the TWSE website, email, fax, or mail. To ensure that the whistleblower protection mechanism works as it should, reported cases are processed by an impartial third party to protect the whistleblower's identity and enhance their trust and privacy protection. The TWSE will not terminate the employment, relieve the position, demote, reduce the salary, or damage any rights of the whistleblowers that are provided by the law, contract, or customs, or impose other penalties for filing a complaint. The identity and working rights of the whistleblowers are protected.


    Audit operations conducted and verified that internal controls were effective and conformed to the expectations of the competent authority and the public; one case involving a TWSE employee serving as a lecturer at an external agency was reported through Reportnow in 2022. Follow-up investigation shows that no violations occurred and the case has been closed. However, to prevent future incidents, relevant departments will explore related issues and the feasibility of implementing suitable management measures.




  • Regulatory compliance

    TWSE departments and subsidiaries are required to comply with the FSC's "Regulations Governing Stock Exchanges" and "Regulations Governing Centralized Securities Depository Enterprises" as well as relevant laws and regulations when conducting business, and establish controls related to regulatory compliance. In the event a severe violation of the law is found by a department head or manager, directors and supervisors must be immediately notified. Contents of the report must include an analysis of the cause, potential impact and solution recommendations for the incident. The TWSE did not violate any environmental, social and economic regulations, or fail to comply with product and service information and labeling regulations, or fail to comply with marketing communications regulations in 2022.


    Furthermore, the "Rules and Regulations Directory" has been set up on the official TWSE website, so that investors, securities firms, and TWSE-listed companies can easily inquire about amendments and abolished items within the last six months. The TWSE enhances information quality by providing stakeholders with comprehensive access to accurate, official information.





Risk management

The TWSE has established an integrated risk management structure, with rigorous risk control systems and processes that enable it to identify and properly manage material risks.



As a critical part of our nation's financial infrastructure, it is important that the TWSE and its subsidiaries assess and manage related risks and impacts stemming from extreme weather events that may interrupt business continuity at its locations. Risk rating is based on the probability and level of impact, and risk management measures are implemented accordingly, some of which are listed below:




  • ISO 22301 Business Continuity Management System Verification (the "BCMS")

    In 2020, the TWSE became certified for the ISO 22301 the BCMS to more effectively respond to regional disasters or other significant incidents, the validity of the ISO 22301 certificate was extended and applied to the third backup center in 2021. In the same year, the offsite backup sites of the third backup center also acquired ISO 22301 certification.


    In 2022, the TWSE continued to conduct business impact analysis and risk assessment, redistribute and upgrade resources so as to fill in any gaps in operations, carry out training courses, plan for different scenarios, run drills, and prepare for remote operations of the information systems. In addition, a document review of our business continuity management systems is regularly conducted, and the TWSE was re-certified by BSI in November 2022 for ISO 22301 the BCMS. No interruption to business continuity was found in 2022, and the TWSE will continue to enhance business continuity related procedures. The business continuity reporting procedures are as follows:



  • Internal control

    The TWSE established the Internal Audit Office to ensure the effective implementation of its internal control system, through periodic audits, supervision and reviews. In addition, each year the TWSE prepares a report on internal controls regarding their design and implementation effectiveness to respond to changes in the environment and improve the quality of the self-supervision mechanism.


    In accordance with the law, the TWSE established the internal control system with three lines of defense, to continually assess, supervise and manage the departments and subsidiaries. In 2022, the TWSE conducted 222 documentary audits and 205 on-site (or remote) audits (including special audits and specific item audits); no significant deficiencies were found, and the TWSE's risk management ability was determined to be properly administered.


    In addition to carrying out regular audits, the Internal Audit Office periodically conducts special audits or specific item audits as required by business needs or at the behest of the supervisory authority. As TWSE operations become more digital and systematic, the company has introduced computer assisted audit operations, and the automated management system for internal audit is set to be completed and piloted in 2023.


  • Contingency measures for the COVID-19 pandemic

    Due to the COVID-19 pandemic, the global economy, society and environment have been severely impacted. In the past two years, to mitigate the effects on the operation of the stock market, the TWSE drafted various contingency measures in its role in implementing policies and monitoring Taiwan's listed companies. The TWSE President convened a meeting of the emergency response committee to handle issues of pandemic prevention and resource distribution. The committee also established a comprehensive set of precautionary rules, including notification, hybrid working modes and restrictions on gatherings, so as to ensure business continuity while protecting the health of employees.


    The TWSE pandemic contingency measures are as follows:




    In 2022, the world has entered the post-pandemic era. As the pandemic is being brought under control, lives are gradually returning to normal and the economy is on the path to recovery. During the pandemic, many companies sought innovative business models to overcome the impact of COVID-19 on their operations. Likewise, people had to adapt to working remotely, online learning, and virtual socialization. Some of these innovations, for businesses and individuals alike, are here to stay, and may continue to develop and become the new normal.


    The TWSE has also taken initiatives to adapt to changes in the post-pandemic era:



    The above initiatives were carried out by various departments in 2022 through the following measures:





Information security

To ensure business continuity, the TWSE has set up procedures for off-site work, compiled a roster of essential staff members, and established a second office. Furthermore, video conference equipment and other facilities were put in place to create multiple local and remote backup centers, ensuring data integrity while employees worked off-site.


  • ISO 27001 Information Security Management System (the "ISMS") Verification

    As a critical infrastructure of Taiwan's securities market, the TWSE trading system must maintain the confidentiality, integrity and availability of the trading information system. The TWSE commissions the British Standards Institution (the "BSI") to conduct audits every six months to verify its ISO 27001 the ISMS certification. The scope of ISO 27001 certification already covers the TWSE IT system development, implementation, operation and maintenance, network management, as well as in the departments of System Development, Computer Operation, Market Data & Corporate Systems and Administration. To strengthen overall information security, the TWSE had expanded ISO 27001 certification to six additional core departments in 2022. The TWSE conducted educational training, gap analysis, risk assessments, setting up of new cyber security indicators, plus controls during this year, and was successfully verified in December. The TWSE aims to achieve comprehensive coverage of all TWSE departments and acquire certification from the Taiwan Accreditation Foundation ("TAF") in 2023. In keeping with global advancements in technology, the new standard for the ISMS, ISO/IEC 27001:2022, was released on October 25, 2022. To strengthen the overall information security of the TWSE, the company will fully upgrade to comply with the 2022 version in 2024.


  • BS 10012 Personal Information Management System ("PIMS") verification

    The TWSE commissions the BSI to conduct audits every six months to verify its BS 10012 PIMS certification, and conduct a review every three years (The TWSE completed review certification in December 2021.) In 2022, there were no breaches of customer privacy or loss of customer data, and audit results found no deficiencies, confirming that the certifications remain valid.


    Below are the TWSE's priorities in information security for 2022 and 2023:




  • Maintain cyber security

    The TWSE is a critical infrastructure for Taiwan's capital market. One of its core functions is to disclose securities-related information and serve as a primary platform for securities firms and listed companies to disclose material news. To maintain the confidentiality and integrity of trading information and ensure the availability of system platforms, the TWSE established ISMS and PIMS in accordance with the "Cyber Security Management Act" and "Personal Data Protection Act," and also carefully considered cyber security incidents from a pre-incident, during the incident and post-incident analysis. Relevant protection measures, anomaly detection mechanisms, plus a response and reporting procedure for cyber security incidents have been put into place to mitigate the impact of malicious attacks.



    In 2022, the TWSE dealt head-on with the challenges from increasing information security threats, global cybersecurity attacks, and personal data leaks. The TWSE has enhanced its ability to respond to cybersecurity threats. During the visit of the US House Speaker to Taiwan in 2022, the TWSE issued a cybersecurity warning notice through the Securities and Futures Computer Emergency Response Team ("SF-CERT"), alerting members of the incident and assisting them in their response, thereby enhancing the overall market's cybersecurity resilience.


    Therefore, the TWSE's most pressing information security objective and challenge is to not only establish proper security protection mechanisms for its own information systems, but also to assist participating market institutions in deepening their information security governance. This includes strengthening information security protection and contingency measures through warning notifications, information security drills, and tracking and handling of information security incidents, in order to enhance Taiwan's overall capital market information security protection level and meet the expectations of all market participants, including regulatory authorities and investors.


  • Cyber security education and training

    To facilitate staff in their work related to information security, the TWSE holds regular cyber security education, training and intermittent courses within the company on ISO standards and verification, regulatory compliance, plus professional cyber security courses on an as-needed basis. A total of 890 attendees participated in education and training courses in 2022 with 2,946 total training hours.


    Cyber security education and training courses provided in 2022 are listed below:




  • Securities and Futures Computer Emergency Response Team ("SF-CERT")

    In addition to properly securing its own information systems, the TWSE also assists securities institutions to deepen their information security governance, strengthen cybersecurity protection and response measures, and enhance Taiwan's overall securities market cybersecurity protection level. SF-CERT services include around-the-clock phone support and website monitoring, real-time monitoring of information security incidents, market-wide information security incident alerts, active facilitation of communication between operators and information security companies, outsourced vendors, and information vendors to handle information security incidents, and follow-up on operators to ensure that improvements have been made to reduce the impact of information security incidents on the market. In 2022, SF-CERT issued 11 information security alerts, followed up on 293 information security incidents reported by market participants, and provided three consulting services. Regular SF-CERT meetings are held to review work progress and improve practices. Education and training, social engineering drills, information security incident desktop response drills, information security incident reporting drills, and distributed denial of service (DDoS) protection drills have all been successfully completed as scheduled to enhance the information security defense capabilities of the securities and futures market.


    The TWSE's near-term plans to promote information security are as follows:




Supply chain management

TWSE suppliers mainly fall into eight categories: OA equipment, ICT, construction, printing and publicity media, security, gifts, lease and others. The TWSE established relevant laws and regulations to build stable cooperative relationships with suppliers on a foundation of mutual trust. Starting in October 2019, the TWSE requested all suppliers engaging in procurements amounting to TWD1 million or above to sign the "Supplier Integrity Governance Undertaking." Regulations related to supplier selection and the bidding process will be amended on a rolling basis to ensure sustainable procurement and maintain a fair and transparent purchasing environment.

The principles and regulations regarding supply chain management are as follows: