The Company’s ability to respond to and deal with risks has been an important key to its continued growth and stable operations. President Chain Store Corporation is committed to maintaining a comprehensive risk management system that includes the Group’s organization and subsidiaries in the scope of risk management. The Company aims to control various risks that may affect corporate operations through the risk management mechanism, as well as the integration of such mechanism into operating activities and day-to-day management. To further ensure the effectiveness of corporate risk management and align with international standards, President Chain Store Corporation set up an independent unit to conduct internal audits based on the risk management process. In May 2024, it launched awareness education and training on corporate risk management following the ISO 31000:2018 risk management system. The course includes 3 hours of general knowledge and principles of risk management, identification and assessment process, with a total of about 60 people participating (representatives were designated by all departments). Subsequently, a third party will be entrusted to perform an external risk management audit based on the evaluation of the management system incorporation.
Risk Management Structure
The Company’s Board of Directors is the highest risk management unit that is responsible for approving risk management policies and structures to ensure the effectiveness of risk management. The Risk and Cybersecurity Management Committee is affiliated to the Board of Directors with the “Risk Management Committee” underneath that is a cross-departmental risk management decision-making. It exercises its powers independently of other business functions and operating activities, with the head of the Supportive Service Group serving as the convenor. Task forces have been set up under the committee for overall risk monitoring, assessment and measurement for President Chain Store Corporation, integrating and managing various strategic, operational, financial and other potential risks that may have an impact on the operations and profits, as well as regularly reporting to the Risk Management Committee. Annual plans and implementation results are submitted to the Board of Directors after discussion by the Risk and Cybersecurity Management Committee.
Three Lines of Defense Model for Risk Management
Risk Management Processes
The Risk Management Committee identifies, analyzes, measures, monitors, responds to, reports risks based on the risk characteristics and impact levels compiled by each task force, as well as improving response measures. The processes are as follows:
Risk Identification and Ranking
President Chain Store Corporation’s scope of risk management includes but is not limited to operational risks, market risks, financial risks, compliance risks, climate risks and other risks that may cause significant losses to the Company. When identifying risks, each business unit analyzes the sources of risks (such as disasters/infectious diseases, contracts/laws, financial conditions, personnel behavior, asset losses, quality, supplier operating conditions, etc.) and their potential impacts (such as finance, production/products and services, personnel, reputation and image, etc.) to understand all potential types of risks.
Risk identification and ranking take into account the dual-axis risk matrix. The Y-axis represents the level of severity (I), and it is graded from 1 to 6 points. The X-axis represents the risk likelihood (L), and it is graded from 1 to 7 points. The two are added together for risk level (R), which is used as the standard for finding out the scores of each financial, food safety, franchise, legal and other risks. The risks are then ranked in line with the impact and results to highlight the level of impact, likelihood and importance of each risk.
Relevant units will implement prevention and improvement measures for each level of risk. When the risk level (R) is higher than 7 points, the impact on the Company’s operations will be more significant, so this score is adopted as the risk appetite. If risks above this level occur, relevant units should promptly respond and improve.
Note:The risk identification results in 2023 please refer to 2023 sustainability report.
Sensitivity analysis and stress testing
| Potential risk |
Description of Sensitivity analysis and stress testing |
| Financial Risk |
Analysis of foreign currency market risk arising from significant foreign exchange variation: Foreign exchange risk with respect to USD primarily arises from the exchange gain or loss resulting from foreign currency translation of cash and cash equivalents, accounts receivable and accounts payable denominated in USD. If the NTD:USD exchange rate appreciates/depreciates by 5% with all other factors remaining constant, the Group’s profit for the years ended December 31, 2023 and 2022 would increase/decrease by $6,497 and $8,103, respectively. Foreign exchange risk with respect to JPY primarily arises from the exchange gain or loss resulting from foreign currency translation of cash, financial assets at fair value through other comprehensive income – non-current and accounts payable denominated in JPY. If the NTD:JPY exchange rate appreciates/depreciates by 5%, with all other factors remaining constant, the Group’s comprehensive income for the years ended December 31, 2023 and 2022 would increase/decrease by $10,843 and $8,915, respectively.
Price risk: A.The Group’s equity securities, which are exposed to price risk, are the held financial assets at fair value through profit or loss and financial assets at fair value through other comprehensive income. To manage its price risk arising from investments in equity securities, the Group diversifies its portfolio. Diversification of the portfolio is done in accordance with the limits set by the Group. B. The Group’s investments in equity securities comprise shares and open-ended funds issued by the domestic companies. The prices of equity securities would change due to change of the future value of investee companies. If the prices of these equity securities increase/ decrease by 5%, and open-ended funds increase/decrease by 0.25%, with all other variables held constant, the post-tax profit for the years ended December 31, 2023 and 2022 would have increased/decreased by $6,632 and $5,602, respectively, as a result of gains/losses on equity securities and open-ended funds classified as at fair value through profit or loss. Other components of equity would have increased/decreased by $50,971 and $42,374, respectively, as a result of other comprehensive income classified as equity investment at fair value through other comprehensive income.
Cash flow and fair value interest rate risk: A. The Group’s interest rate risk arises from short-term borrowings and long-term borrowings. Borrowings issued at variable rates expose the Group to cash flow interest rate risk, which are partially offset by cash and cash equivalents held at variable rates. Borrowings issued at fixed rates expose the Group to fair value interest rate risk. During the years ended December 31, 2023 and 2022, the Group’s borrowings at variable rate were mainly denominated in New Taiwan dollars and Philippine Peso. B. If the borrowing interest rate had increased/decreased by 0.25% with all other variables held constant, profit, net of tax for the years ended December 31, 2023 and 2022 would have decreased/increased by $16,396 and $2,029, respectively. The main factor is that changes in interest expense result in floating-rate borrowings.
|
| Non-financial: regulatory risks |
The Ministry of Environment implemented the ban on “biodegradable plastic tableware” in eight categories of venues on August 1, 2023. Prior to the promulgation of the regulation, President Chain Store Corporation had identified the scope of the impact and notified relevant units. Currently, freshly prepared beverages drinks in the stores are offered in laminated paper cups to comply with the regulations. Packaging materials for freshly prepared products that require secondary processing have been replaced or discontinued before August 1, 2023 to ensure the effectiveness of product management and reduce the potential for violating environmental regulations, which could lead to impact on consumer rights and company operations. In addition, coffee cup lids are regularly tested for evaporation residue. If the result exceeds legal standards, the marketing unit will issue a notice asking the store to remove the problematic cup lids from the shelves for return, while replacing the supplier with a qualified manufacturer. DC will then count the lids and notify the Company on the number. As it is the responsibility of the manufacturer, President Chain Store Corporation will seek compensation in accordance with the contract. Subsequently, the supplier will be asked to improve the process and provide a qualified inspection report before the lids are put back on the market. In case of penalties imposed by authorities as a result from a violation, the impact is estimated to be about 0.03% depending on the amount of the fine. |
Information Security and Privacy Protection
President Chain Store Corporation takes advantage of the power of digital technology to make consumers’ lives more convenient. To this end, it provides customers with cash flow, logistics and information flow services with digital tools such as the 7-ELEVEN online shopping site, ibon, OPEN Wallet, icash Pay, icash 2.0, OPENPOINT app (including iGroup-buying and iPre-order) and MyShip. This allows consumers to make the most of President Chain Store Corporation as the base and service center for everything in life.
Cybersecurity Committee
The “Cybersecurity Committee” is the highest decision-making unit for President Chain Store Corporation’s information security management. It was originally under the “Sustainable Development Committee,” and moved under the “Risk and Cybersecurity Management Committee” in 2023 with the Chief Information Security Officer as the convener. The “Cybersecurity Implementation Team,” “Emergency Response Team” and “Audit Team” under the committee hold at least one review meeting a year, with the convener regularly reporting the implementation and results of information security implementation to the Risk and Cybersecurity Management Committee (Note).
Note: The policies, specific management plans and resources invested by the Cybersecurity Committee can be obtained from the Company website
Personal Data Protection Task Force
Digital technologies involve a lot of customers’ personal data. President Chain Store Corporation set up a special task force, reporting mechanism, as well as conducting training and internal audits to ensure the protection of consumers’ personal data.
The “Personal Data Protection Task Force” is an cross-departmental task force that regularly performs personal data inventory, risk analysis, internal system review, notification and revision, data destruction, education and training. Education and training is systemized with courses and forums for new employees to pass tests and senior employees to finish courses online with a 100% completion rate for internal training. In addition to integrating personal data risk management into the overall risk management and audit mechanism of the Company, personal data protection management reports are formulated for each department, as well as adding personal data protection clauses to contracts when working with external suppliers to ensure that all operating units and suppliers comply with the Company’s personal data protection policy. President Chain Store Corporation’s internal evaluation plan and external verification system can effectively supervise and assist various departments in formulating corrective, preventive or improvement measures for non-conformities discovered during internal evaluations or audits. Records of improvement are equally made and kept. Corresponding disciplinary actions are also formulated for employees who violate the Company’s personal data management rules. Any violation will be reported to the supervisor and included in the employee’s personal performance evaluation and records.
Adjustments will be made to the aforementioned task force by making the executive manager of the Supportive Service Group convenor in 2024.
When the Company uses customer data for non-primary collection purposes, it refers to marketing or message pushes for customers under the premise of compliance with laws and regulations as well as customer consent. We comply with the laws and regulations, as well as information management principles from the government to ensure that the acquisition and use of data is done within the scope of data authorization stipulated by the Company, with appropriate technological and organizational security measures. All data is strictly kept in a data storage system with high security and stability, fulfilling the obligation of confidentially regarding the customers’ and investors’ personal data. In 2023, a total of 99% of the customers’ personal data was used by the Company for marketing and message pushes.