Group basic policies on risk management

Currently, the Vantec Group has defined the following 8 risk categories to be managed by the Group :

1. 1.Credit risk
   Controls :
   To control credit lines extended to customers
   To swiftly and accurately respond to the changes of their credit status
   Definitions :
   The risk of incurring losses that may arise on uncollectible receivables should a counterparty default on its obligations due to a bankruptcy or other reasons
2. 2.Business risk
   Controls :
   To periodically monitor return on investment for each business project
   Definitions :
   (1) Risk on a new investment
   The risk of impaired corporate value resulting from investments which do not cover cost of capital
   (2) Risk of deterioration of return on investment of an on-going project
   The risk of impaired corporate value that may arise on deterioration of return on investment of a project below the criterion approved at a BOD meeting
   (3) Risk of continuing a red-ink business
   The risk of increase in losses that may arise on continuing a red-ink business without setting any criteria for withdrawal
3. 3.Compliance risk
   Controls & definitions :
   Refer to Compliance section
4. 4.Office operation risk
   Controls :
   To secure the reliability of financial reporting
   Definitions :
   Risk of incurring losses as a result of incomplete and incorrect documentation, employee fraud or misconduct. For the time being, the scope of this risk is limited to financial reporting related procedures.
5. 5.Legal risk
   Controls :
   Material contract drafts are subject to the legal check of the legal section. To monitor changes of business-related laws and regulations To update employees on the latest business-related laws and regulations if required
   Definitions :
   The risk of incurring losses or occurrence of a trouble due to inadequacy of the following items :
   1) Compliance with applicable laws and regulations, investigation and response to the changes of laws and regulations
   2) Proper legal actions, including the conclusion of necessary legal documents
   3) Proper response to lawsuits, and the investigations or decisions by governmental
   authorities accompanied by occurrence of accidents or violation of laws and regulations
   4) Proper response to the events that may arise from legal uncertainties
6. 6.Natural disaster risk
   Controls :
   To prepare for natural disasters, including the preparation of disaster risk control manuals and an emergency communication route chart
   Definitions :
   The risk of human, material and economical losses due to natural disasters such as an earthquake, volcano eruption, tsunami, high tide, typhoon, cataract, abnormal climate or any natural phenomenon
7. 7.Health and safety management risk
   Controls :
   To continuously improve the heath and safety management system, including the education system and monitoring system for prevention of industrial accidents or traffic accidents caused by employees or subcontractors
   Definitions :
   1) Safety risk
   The risk of incurring losses for customers, business partners or our group due to operational accidents or accidents on the way of commuting, causing unfavorable effects on operations, provision of services to customers
   2) Health risk
   The risk of incurring losses for customers, business partners or our group due to industrial accidents, overwork or inappropriate working environments
8. 8.IT system risk
   Controls :
   To prevent stoppage of operations due to IT system failure or troubles. To take measures for confidentiality of corporate information or personal information, and protection of copyrights, against illegal access or computer virus
   Definitions :
   (1) Risk of system failure
   The risk of incurring losses for customers, business partners or our group due to delay or disorder in providing services to customers caused by IT system failure in hardware, software, blackout or network
   (2) Risk of IT system breakdown by natural disasters
   The risk of having a material negative impact on corporate activities due to a part of or the whole IT system breakdown, leading to a long-time IT system stoppage or difficulties in maintaining proper functions of IT systems caused by natural disasters such as an earthquake, fire or flood
   (3) Risk of data leakage
   The risk of incurring material losses for customers, business partners or the Group due to the damage of the corporate credit in the society caused by data leakage whatever on purpose, by mistake, or by hacking from outside, of corporate confidential information, customer information, business partners’ information or personal information
   (4) Risk of unauthorized usage of licenses
   The risk of damaged corporate image due to the illegal usage of unauthorized copies, leading to lawsuits or announcements in public of the fact by license holders
   (5) Risk of virus infection
   The risk of damaged corporate image due to the virus infection through e-mails or data storage media such as CD, leading to data destruction, data leakage, virus diffusion to customers.

The Vantec group is committed to managing the above-mentioned risks properly, evaluating them in a proper manner and preparing corresponding management organizations if required. Each corresponding organization shall formulate risk management manuals, update them time-to-time and roll out risk management activities proactively to achieve a comprehensive and high-level risk management system.

Continuous improvement of the group risk management system

We established the Group Risk Management Committee in June 2006, and hold meetings every three months. At the meetings, the Committee identifies and assesses risks, and updates the management structure and management methods to strengthen the risk management of the Group.