Cathay Century Insurance established the “Cathay Century Insurance Risk Management Policy” to serve as a risk management standard, with the Risk Management Committee as the highest risk management decision-making body, integrating the strengths of senior executives from each unit to jointly strengthen the control of identified risk issues and objectives. In 2023, a total of 10 major risk-related issues had been identified and corresponding management mechanisms had been established for each issue. Risk monitoring are implemented each month and the Risk Management Committee is convened quarterly to report risk information to the Board of Directors. The risk control system is then subject to the approval by the Board Directors.
The internal control processes and systems of Cathay Century Insurance are established in accordance with the "Regulations Governing Implementation of Internal Control and Auditing System of Insurance Enterprises". The relevant processes are designed and developed by various departments of the head office and approved by the Board of Directors upon proposal. The systems are composed of environmental control, risk assessment, control operations, information and communication, and supervision operations, and are implemented by the Board of Directors, management and other employees in accordance with the internal control system, for the purpose of facilitating sound operation of the Company in order to reasonably ensure the achievement of the objectives.
Based on the Insurance Industry Code of Practice for the Three Lines of Internal Control Defense, Cathay Century Insurance sets up a three-line structure for internal control. The scope of authority and responsibility for the three lines of protection is clearly defined to strengthen the risk control and communication coordination of internal units, and enables employees to understand the roles and functions of their own work in the overall risk management structure and internal control, further implementing risks in a hierarchical manner.
We have established the "Personal Data and Information Security Management Committee" to supervise and review the planning of various management mechanisms, and set up a personal data management unit and an information security management unit, which are charged by the Personal Data Management Team and Information Security Division, respectively, who are responsible for the formulation and promotion of various personal data protection measures and information security.
Information security is a very important part of Cathay Century Insurance and the cornerstone for our customers to have peace of mind. Since 2019, Cathay Century Insurance has taken out information security insurance every year to mitigate the risk of compensation arising from business interruption, accidents, and damages to customers or third parties. In 2023, Cathay Century Insurance did not experience any information security, information leakage or personal data leakage incidents, and no customers or policyholders were affected by such incidents.
