Risk Policy

Risk Management Organization

RichWave has established a cross-departmental Business Continuity Planning (BCP) Management Office, which includes an emergency response team, a logistics support team, and a climate change risk response team. The President serves as the convener of the Management Office, which consists of representatives from various business units. Additionally, the Board of Directors acts as the highest authority for risk management. To prevent potential major risks from harming the company, the BCP Management Office conducts rigorous risk evaluation to formulate response strategies, arrange for emergency response measures, as well as carrying out drills from time to time, and engage in ongoing improvement.

Risk Policy and Management Process

To ensure that RichWave operates in a proactive and cost-effective manner, it integrates and manages a variety of strategic, operational, financial, and hazard-related risks that may affect its operations and profitability. The Company enhances the oversight function of its Board of Directors in the area of risk management. RichWave has established a "Risk Management Policy and Procedures" which has been approved by the Board of Directors. The Company conducts a comprehensive evaluation and management of existing risk factors through the processes of risk identification, risk analysis, risk assessment, risk response and control, and risk monitoring. The Company maintains regular monitoring of emerging risks that may potentially have an impact, and endeavors to acquire a comprehensive understanding of the extent of each risk. The Company implements appropriate measures and allocates resources to ensure the effective management of relevant risks.

Risk Item Identification and Management

By analyzing the global conditions, industry trends, and regulatory trends, RichWave can identify risks related to five dimensions including strategy, operation, finance, hazardous events, and legal compliance:

In regard to the risk items that may be encountered during the company’s day-to-day operations, RichWave has developed a risk and opportunity management protocol to conduct a SWOT analysis based on the company’s background. Furthermore, the stakeholders’ concerns and appeals are included in the stakeholder risk analysis and controlled by the risk analysis team. The two major high-risk items identified in 2024 include legal compliance and operational management. Regarding legal compliance, each relevant department should continuously monitor changes in regulations to ensure the Company stays informed and updates its internal policies accordingly. In 2024, due to the ongoing Ukraine-Russia war and the conflict in Gaza and Israel, RichWave will cooperate with Taiwan’s export control regulations and implement due diligence for our product sales. This includes requiring customers to sign acknowledgments of compliance with export control regulations of Taiwan, the United States, and the European Union, including the EU’s controls on dual-use items. Through an ongoing Business Continuity Plan (BCP), we strengthen and enhance corporate governance across five key areas: strategy, operations, finance, hazard events, and regulatory compliance.

The main high-risk improvement items for 2025 are as follows: strengthening internal training, enhancing the monitoring capabilities of relevant departments regarding contract execution, ensuring each department head has clear responsibility for contract fulfillment, and collaborating closely with departments such as supply chain, finance, and legal. The Legal Department is responsible for reviewing the potential risks associated with all of the Company’s automatically renewing contracts and for providing necessary recommendations to the relevant departments for further review.

Reported the current status of the Company’s risk management and identification efforts and relevant response measures on December 26, 2024, and approval was obtained from the Board of Directors.

Audit and Internal Control

RichWave has established the "Internal Control System Self-Assessment Procedures," which apply to all operational activities of Company and its subsidiaries. The internal control system comprises five primary components: the control of the environment, risk assessment, control of operations, information and communication, and monitoring operations. Each component possesses a distinct set of detailed items.

The effectiveness of the organization's internal control system is evaluated using the above evaluation criteria. The internal control operations for 2024 was completed on February 27, 2025, confirming the effectiveness of the Company's operations, the achievement of efficiency objectives, and compliance with laws and regulations, and releasing an internal control system statement approved by the Board.