Search Result

Article Content

 
1     General Provisions
  1. These Principles are adopted to assist Futures Commission Merchants (FCMs) establish a sound and integrated risk management system, and to strengthen the development of the futures market. These Principles are also to be used as a reference for guidance by the FCMs.
  2. An FCM often encounters uncertainties in the course of its business operations. In general, an uncertain event may be called a risk if it can cause an adverse impact that affects the achievement of the FCM's strategic business objectives.
  3. An FCM shall establish business strategies and organizational culture that emphasize risk management, and shall keep a firm grasp on the results of qualitative and quantitative management, which shall serve as a reference for the formulation of business strategies.
  4. To manage risks, it is advisable that an FCM establish an integrated risk management system, with the joint participation of and implementation by everyone from the board of directors and managerial personnel of all levels to employees. Being a procedure to be observed by all levels in the FCM, the system, through an overall perspective from the FCM, identifies, measures, monitors, responds to, and reports on potential risks, and, with qualitative and quantitative management methods, limits within a sustainable level all types of risks that might be encountered during business operations, with the hope to reasonably ensure the achievement of the FCM's strategic objectives, and to assist in the planning and formulation of the system.
  5. An FCM shall establish its risk management system in compliance with all applicable laws and regulations. In addition, it is advisable that the FCM's organizational structure and division of powers and responsibilities for risk management, the identification, measurement, monitoring, responding, and reporting of risks, risk management information system, and information disclosure be carried out pursuant to these Principles.
  6. An FCM shall value the importance of its risk management unit and personnel, and authorize them to perform their duties independently, to ensure that such risk management system may be effectively implemented on a sustainable basis, and shall provide assistance to the board of directors and the management level in the faithful performance of their duties so that risk management will be effectively realized.
2     Organizational Structure and Division of Duties for Risk Management
  1. Organizational Structure for Risk Management
    1. An FCM’s Organizational Structure for Risk Management
    2. It is advisable that an FCM establish a risk management committee ("RMC") under its board of directors. In addition, it shall designate personnel or establish an appropriate unit for risk management, so that matters in connection with risk management can be effectively planned and implemented.
      Description:
      1.The main factors to be considered for the designing of a risk management organizational structure for an FCM include the type of each organization, the corporate culture, and the composition of risks. However, the general principle for risk management is that the unit or the personnel implementing risk management shall remain independent.
      2.Responsibility for risk management does not lie exclusively with the risk management unit. Effective risk management requires the cooperation of all related departments within the FCM, including human resources, legal affairs, information technology, internal control, auditing, and planning; otherwise it is difficult to carry out risk management for overall business.
      3.The success of risk management depends on the joint promotion and implementation efforts from all levels of the FCM; therefore, it is extremely important to have effective communication, coordination, and connection between the board of directors, the risk management personnel or unit, and related departments.
      4.Successful implementation of risk management relies upon a clear authority structure and well-planned reporting process. Without them, risk management information cannot be effectively aggregated, transmitted and analyzed, and the corporation's business strategies and risk management policies cannot be appropriately adjusted in response to changes in its subjective and objective environments.
  2. Risk Management Function
    1. The Role of the Board of Directors
    2. The board of directors shall recognize the risks confronted by an FCM in the course of its business operation (such as market risk, credit risk, liquidity risk, operational risk, legal risk, model risk, reputation risk, and other risks in connection with its business operation), ensure effective risk management, and bear the ultimate responsibility for risk management.
      Description:
      1. The board of directors shall be held ultimately responsible for financial loss or decrease of shareholders' equity value, and thus it shall establish an appropriate risk management system, operating procedures, and a risk management culture, as well as allocate the resources necessary to implement its risk management system.
      2. The board of directors shall pay attention not only to the risks borne by each department, but also to the aggregate risks to the FCM as a whole. At the same time, the statutory capital adequacy requirements prescribed by the competent authority, as well as other financial and business regulations that may affect the allocation of capital, shall all be taken into consideration.
    3. Role of the Risk Management Committee
    4. It is advisable that an FCM establish a RMC under the board of directors to assist the board of directors with its planning and supervising of matters related to risk management; if no RMC is established, the board of directors shall take charge of these functions.
      Description:
      1. In light of the professionalism, regularity and timeliness required in risk management, it is advisable that an RMC be established under the board of directors to ensure effective monitoring of daily risk management, but the committee should report to the board of directors on a regular basis.
      2. The Committee shall draft risk management policies and establish qualitative and quantitative management standards to facilitate the monitoring of daily risk management. It shall also make timely reports on the implementation of risk management to the board, along with recommendations for improvement.
    5. Functions of the Risk Management Personnel or Unit
    6. The risk management personnel or unit shall be responsible for the monitoring, measurement and evaluation of routine risks confronted by the FCM. It shall exercise its authority independently of the FCM's business departments and trading activities. In terms of organizational structure, the risk management personnel or unit may report directly to the board of directors.
      Description:
      1. Subject to the types of business conducted by the FCM, the duties of the risk management personnel or unit shall be:
      (1) Help draft risk management policies;
      (2) Help draft risk limits for each department and the method of allocation;
      (3) Implement the risk management policies approved by the board of directors;
      (4) Submit complete risk management reports in a timely manner;
      (5) Make sure that business units understand the content of transactions prior to undertaking them, and continue monitoring positions held after transaction are completed;
      (6) Improve as much as possible the skills used to measure the quantifiable risks of financial instruments;
      (7) Understand risk limits and their usage status in each business unit;
      (8) Evaluate risk exposure and risk concentration;
      (9) Develop and implement stress tests and back-testing procedures;
      (10) Inspect the difference between the actual loss of the investment portfolio and loss forecasted by the risk management personnel or unit;
      (11) Review the pricing model and evaluation system for financial instruments used by the FCM; and
      (12) Deal with other matters in connection with risk management.
      2. The risk management personnel or unit shall have proper authority to deal with matters in connection with risk limit violations made by other departments, and shall have proper authority to require that positions held by other departments be kept under established limits.
    7. Role of the Head of the Risk Management Unit
    8. The appointment and removal of the head of the risk management unit shall be subject to the approval of the board of directors. The head of the risk management unit shall be responsible for measuring, monitoring, and evaluating the risk status of the futures firm on a daily basis:
      Description:
      1. The primary duties of the head of the risk management personnel or unit are as follows:
      (1) To monitor and keep track of the implementation status of risk management policies;
      (2) To establish an integrated structure for measuring, monitoring, and evaluating quantifiable financial risks;
      (3) To lead the implementation of measuring, monitoring, and evaluating risks;
      (4) To monitor the risk limits of business units, and urge that corrective measures be taken whenever any violation is discovered;
      (5) To proceed with risk adjusted performance measurement (RAPM) or provide risk information required by RAPM;
      (6) To undertake evaluation and back-testing of the effectiveness of the model to ensure the accuracy of evaluation results;
      (7) To ensure that risk management skills being updated in a timely fashion; and
      (8) To deal with other matters concerning risk management.
      2. In addition to the foregoing matters, as for unquantifiable risks, the head of the risk management unit shall also assist the board of directors to assign an appropriate unit(s) to proceed with joint management of such risks, including emergency response planning.
    9. Roles of Risk Management Personnel at Business Units
    10. In order to effectively link the communication of risk management information, and implementation of risk management matters between the risk management personnel or unit and each business unit, an FCM may place risk management personnel within each of its business units where they shall implement effectively and independently the risk management operations of each business unit.
      Description:
      1. Whether to install risk management personnel shall depend on the FCM’s type of organization, scale and the importance and complexities of different units.
      2. Major duties of risk management personnel at a business unit are as follows:
      (1) To report the risk exposure of the business units in a prescribed and systematic way, in compliance with the risk management reporting process;
      (2) To ensure the timely and correct communication of risk information;
      (3) To ensure the effective execution of rules on risk limits within business departments;
      (4) To monitor the status of risk exposure and report on instances where limits are exceeded, including corrective measures adopted by the business unit in question;
      (5) To ensure that business unit risk measurement, model use, and assumptions are undertaken consistently; and
      (6) To ensure effective implementation of internal controls within business units, so as to comply with laws, regulations and risk management policies.
    11. Role of Heads of Business Units
    12. The head of a business unit shall be responsible for daily risk management and reporting in his/her unit.
      Description:
      1. The head of a business unit shall bear the duties for all risk management matters in the unit under management, and be responsible for analyzing and monitoring relevant financial risk (such as market risk and credit risk) in the unit, and for taking all types of corresponding measures.
      2. The head of a business unit shall convey relevant risk management information to risk management personnel or unit on a daily basis.
    13. Establishment of Risk Limits
    14. It is advisable that an FCM allocate the capital required by the FCM and each business unit based on the strategic objectives of its business operations, to the extent where the risks are bearable. It is also advisable that the power to make such allocation be vested in the board of directors, or the Risk Management Committee (RMC) may propose the allocation, and the proposed allocation shall be subject to the approval of the board of directors. Monitoring and controlling the risk limits is extremely important for ensuring that the FCM’s business activities do not exceed tolerable risk levels.
      Description:
      1. A risk capital limit refers to the capital that must be allocated to respond to the maximum risk of loss that is bearable by the company as a whole, or by individual business units, for a certain period of time and degree of confidence. Together with risk bearing, risk limits are part and parcel of the company's business activities.
      2. The procedure for establishing risk limits involves a bottom-up collection of requirements and suggestions from each department followed by a top-down implementation of the approved limits as approved and allocated to each department, and the implementation status shall be effectively monitored through the risk management system.
      3. In the course of planning and calculating the risk limits, the capital that can be allocated to each business unit shall be taken into consideration along with the contributions that the capital can make to performance, and the risks that may be sustained. During this process, the risk management personnel or unit shall play an important evaluation role.
    15. Management of Risk Limits
    16. An FCM shall have a complete procedure for the management of risk limits. The procedure shall include the calculation method, allocation method, and implementation of monitoring processes.
      Description:
      1. The risk limits can be calculated by qualitative and quantitative methods. Quantitative methods shall be used as much as possible to express quantifiable risks where necessary. Currently, technologies are available for calculating market risk and credit risk, and useful tools for operational risk are gradually being developed.
      2. In calculating limits, the correlation between different risks shall be taken into account.
      3. The establishment and allocation of limits may reflect different perspectives or needs. For example, it may be done on the basis of business units, or on the basis of the type of product, length of period, the level of concentration in a position, or differences in risk factors.
      4. After limits are established, ongoing assessment of their reasonableness is required in order to make necessary adjustments, which shall be subject to approval by the board of directors.
    17. Risk Management Policies
    18. An FCM shall establish risk management policies to serve as the basis of routine risk management procedures. The content of these policies shall accurately reflect the objectives of the FCM’s operational strategies, its risk preferences, and the characteristics of the risks it confronts. In addition, the policies shall be conveyed to and implemented by all departments of the FCM through a prescribed process. The risk management policies may be proposed by the RMC, and shall be implemented after approval by the board of directors.
      Description:
      1. During the drafting of risk management policies, the following factors should be taken into account:
      (1) The overall operational strategies and product categories;
      (2) The scale, nature, and complexity of transactions;
      (3) Risk tolerance;
      (4) The quality of internal control procedures;
      (5) The capability to monitor risks and the completeness of the risk management system and related procedures;
      (6) The degree of professionalism with respect to risk management;
      (7) Past experience and performance;
      (8) Compensation (or bonus) policy (where special attention has to be paid to the correlation between performance and compensation);
      (9) Tax and accounting issues;
      (10) Related laws, regulations and restrictions; and
      (11) Other matters concerning risk management.
      2. An FCM shall review on a regular basis the appropriateness of risk management policies, and make timely revisions to reflect changes of the subjective and objective environment.
    19. Evaluation of Risk Management Effectiveness
    20. An FCM shall evaluate, on a regular and irregular basis, the effectiveness of its risk management, including whether the expectations of the board of directors are met, whether risk management is conducted independently, whether the risk management system is faithfully implemented, and whether the overall risk management infrastructure is complete.
      Description:
      1. Evaluation of the risk management effectiveness:
      (1) The influence and impact risks have on the business are often affected by changes in the objective environment. It is therefore necessary to periodically evaluate risk management priorities, the choice of tools, and the cost and applicability of risk management measures.
      (2) The evaluation referred to in the preceding paragraph may be performed internally by the risk management personnel or unit or other appropriate unit or personnel. It is also feasible to engage professionals from external institutions to conduct the evaluation.
      2. Evaluation of the faithful implementation of risk management:
      (1) Whereas the faithful implementation of risk management may be independently evaluated by internal auditors, their reporting procedures must be independent of transactions, back-office operations and the risk management system. It is also feasible to rely on external auditors to assist in the evaluation.
      (2) Auditing and testing of this type shall concentrate on risk management procedures and internal controls. Upon discovery of any irregularity, or when there are any significant changes in product types, model usage or internal controls, it is necessary to enhance the depth, extent and frequency of the auditing.
      (3) The scope of the above-mentioned model testing must include quantitative testing and model management system operation. The internal or external personnel performing model testing must have the professional qualifications and related educational background to ensure its effectiveness.
    Organizational Structure and Division of Duties for Risk Management
  1. Organizational Structure for Risk Management
    1. An FCM’s Organizational Structure for Risk Management
    2. It is advisable that an FCM establish a risk management committee ("RMC") under its board of directors. In addition, it shall designate personnel or establish an appropriate unit for risk management, so that matters in connection with risk management can be effectively planned and implemented.
      Description:
      1.The main factors to be considered for the designing of a risk management organizational structure for an FCM include the type of each organization, the corporate culture, and the composition of risks. However, the general principle for risk management is that the unit or the personnel implementing risk management shall remain independent.
      2.Responsibility for risk management does not lie exclusively with the risk management unit. Effective risk management requires the cooperation of all related departments within the FCM, including human resources, legal affairs, information technology, internal control, auditing, and planning; otherwise it is difficult to carry out risk management for overall business.
      3.The success of risk management depends on the joint promotion and implementation efforts from all levels of the FCM; therefore, it is extremely important to have effective communication, coordination, and connection between the board of directors, the risk management personnel or unit, and related departments.
      4.Successful implementation of risk management relies upon a clear authority structure and well-planned reporting process. Without them, risk management information cannot be effectively aggregated, transmitted and analyzed, and the corporation's business strategies and risk management policies cannot be appropriately adjusted in response to changes in its subjective and objective environments.
  2. Risk Management Function
    1. The Role of the Board of Directors
    2. The board of directors shall recognize the risks confronted by an FCM in the course of its business operation (such as market risk, credit risk, liquidity risk, operational risk, legal risk, model risk, reputation risk, and other risks in connection with its business operation), ensure effective risk management, and bear the ultimate responsibility for risk management.
      Description:
      1. The board of directors shall be held ultimately responsible for financial loss or decrease of shareholders' equity value, and thus it shall establish an appropriate risk management system, operating procedures, and a risk management culture, as well as allocate the resources necessary to implement its risk management system.
      2. The board of directors shall pay attention not only to the risks borne by each department, but also to the aggregate risks to the FCM as a whole. At the same time, the statutory capital adequacy requirements prescribed by the competent authority, as well as other financial and business regulations that may affect the allocation of capital, shall all be taken into consideration.
    3. Role of the Risk Management Committee
    4. It is advisable that an FCM establish a RMC under the board of directors to assist the board of directors with its planning and supervising of matters related to risk management; if no RMC is established, the board of directors shall take charge of these functions.
      Description:
      1. In light of the professionalism, regularity and timeliness required in risk management, it is advisable that an RMC be established under the board of directors to ensure effective monitoring of daily risk management, but the committee should report to the board of directors on a regular basis.
      2. The Committee shall draft risk management policies and establish qualitative and quantitative management standards to facilitate the monitoring of daily risk management. It shall also m
3     Risk Management Process

    Figure 1: Risk Management Process
  1. General Principles
    1. The risk management process for an FCM shall include: risk identification, risk measurement, risk monitoring, risk reporting, and risk response.
    2. An FCM shall establish a risk management information system so as to ensure smooth implementation of the risk management process.
  2. Risk Identification
  3. For the purpose of risk management, an FCM shall first identify the risks it may face in the course of its business operation. Generally speaking, risks may be affected by internal and external factors, which are called risk factors. To effectively control risk, it is advisable to adopt various feasible analytical tools and methods, and through bottom-up or top-down discussion and analysis, to aggregate past experience and predict conditions that will give rise to possible risks in the future. These shall be identified and categorized to serve as a reference for further risk measurement and monitoring.
    Description:
    1. Given the special nature of the futures industry, the primary risks that the industry may face are market risk, credit risk, liquidity risk, operational risk, model risk, and other related risks. Accordingly, these Principles shall explain the major risks generally acknowledged by the industry, and the other risks shall be identified, analyzed and dealt with by individual FCMs.
    2. Market risk refers to the risk of on- or off-balance-sheet loss due to uncertain changes during a certain period in the market prices of financial assets, such as changes in interest rates, foreign exchange rates, equity security prices, and commodity prices.
    3. Credit risk refers to the probability that counter-party of a transaction fails to perform their duty, and the risk of loss such nonperformance would cause to the risk amount or the financial status of the FCM.
    4. Liquidity risk refers to the risk of failure to meet obligations when they come due because of inability to liquidate assets or to obtain adequate funding (referred to as "funding liquidity risk") and the risk of significant movements of market price due to inadequate market depth or market disruptions (referred to as "market liquidity risk") in the course of disposing or offsetting positions held.
    5. Operational risk refers to the risk of direct or indirect loss arising from failure or mistakes in internal operations, personnel or systems, or from external events.
    6. Other risks include legal risk, model risk, strategy risk or business risk, and reputation risk.
    7. In risk identification, attention shall be paid to the correlation between events giving rise to those risks.
    8. The Product/Risk Matrix can be used as a standard for reference in identifying product risk factors.
  4. Risk Measurement
  5. After an FCM identifies the risk factors in different products, it shall establish appropriate measuring methods to serve as the basis of risk management.
    Description:
    1. Risk measurement includes risk analysis and evaluation. The former is to understand the influence of risks on the FCM by analyzing the probability of risky events and the extent of their adverse impact. In the latter, the influence of risks is compared to the threshold set in advance, so that it may serve as a reference in setting priorities for risk control and selecting response measures.
    2. For an FCM’s risk management, the risks shall be measured by quantitative or other feasible qualitative approaches based on the types of risks involved.
    3. In terms of risk management structure, rigorous statistical analysis and related techniques may be applied to analyze quantifiable risks such as market risk and credit risk. For other risks that are harder to quantify, appropriate risk response measures shall be adopted to achieve the objectives of risk management.
    4. It is advisable that an FCM adopt a progressive approach towards risk management quantification. For example, one may seek quantitative management of market risk, followed by the quantitative management of credit risk, liquidity risk, operational risk and other risks.
    5. Qualitative risk measurement is the expression of the probability and influence of risks through written description. It may be applied in the following situations:
    (1) Where it is used for preliminary screening and as preparatory work for more precise risk measurement;
    (2) Where quantitative analysis is too resource-consuming to be cost-effective; and
    (3) Where relevant data and quantitative methods are not adequate for appropriate quantitative analysis.
    6. In qualitative analysis, one may also concurrently adopt proper quantitative analysis. However, users shall bear in mind that, because this method cannot accurately reflect actual degrees of risks, nor effectively differentiate between their particular natures or connections, it might pose a risk of producing misled judgments.
  6. Risk Monitoring
  7. An FCM shall establish a complete set of monitoring procedures to monitor and appropriately report risk limits usage and over-limit circumstances, the aim being to facilitate the adoption of response measures. This procedure shall be undertaken continuously as part of routine operational activities, and off-line observation and understanding shall be made ex post facto. All deficiencies found in the monitoring process shall be reported to the supervisors in accordance with the rules.
    Description:
    1. Compared to ex post observation and understanding, ongoing risk monitoring as part of business operations is more important to an FCM.
    2. Deficiencies found in risk monitoring shall be reported to immediate supervisor through the normal channels. In addition, for serious deficiencies, a special expedited reporting procedure may be established.
    3. Ex post, off-line monitoring, with the involvement of the risk management personnel or unit, may be conducted by business units through self-inspection. The depth, extent or frequency of the monitoring shall be based on the importance of risks, the impact of response measures and the content of the control methods adopted by the FCM to manage risk.
  8. Risk Reporting
  9. An FCM shall faithfully prepare transaction reports, and prepare risk management reports on a regular basis or at times of irregularities, submit them to the appropriate management level, and keep them on file for recordation.
    Description:
    1. The preparation of written reports is extremely important in order to fully record assumptions, methods, information sources and implementation results at each phase of the risk management process, thus serving as reference for management. Each report shall be designed and prepared in consideration of the following functional requirements:
    (1) To indicate whether the management process is properly implemented;
    (2) To indicate whether systematic methods are applied to undertake risk identification and analysis;
    (3) To record the status of risks and develop such records into a knowledge base for business management;
    (4) To serve as a reference for decision making and the approval of risk management measures;
    (5) To serve as a reference for determining accountability;
    (6) To facilitate the execution of risk monitoring and evaluation work; and
    (7) To share and communicate risk management information.
    2. The head of each business unit shall ensure the accuracy and validity of the transaction reports prepared by it. All transactions must be properly recorded in line with the regulations made by the company and the supervisory authority, and shall be submitted accordingly.
    3. The risk management personnel or unit shall, on a regular basis or at times of irregularities, prepare risk management reports and submit them to the relevant management level.
    4. Before undertaking transactions in a new product, the nature of such transactions shall be taken into account to devise a transaction report in an appropriate format for future submission.
    5. Management shall pay special attention to the relevant information contained in derivatives reports.
  10. Risk Response
  11. After evaluating and summarizing its risks, an FCM shall adopt appropriate response measures for the risks it confronts.
    Description:
    1. The steps required for selection and implementation of risk response measures:
    (1) Identification of available responsive measures (as shown in section 2 of this paragraph);
    (2) Evaluation of the pros and cons of each response measure (including cost-benefit analysis, budget implementation analysis);
    (3) Formulation of a response plan (including accountability for the plan's execution, its progress, predicted results, financial resource planning and review, and evaluation procedures); and
    (4) Implementation of the response plan (After the implementation is completed, should there be any unexpected residual risks, the relevant procedures shall be repeated again until the risk is within an acceptable extent).
    2. The available measures for risk response are as follows:
    (1) Risk avoidance: adopting measures to avoid any activities which may cause risks;
    (2) Risk reduction: adopting measures to reduce the impact of risks and/or the likelihood of their occurrence;
    (3) Risk sharing: transferring all or part of the risk to others; and
    (4) Risk taking: taking no measures to change the probability or impact of risks.
    3. When considering the response method to risk, an FCM shall exercise discretion to the extreme circumstance wherein the likelihood of occurrence of a given risk is low, yet the occurrence may affect the survival of the company, and completely eliminating such a risk seems not to be cost-effective in terms of directly perceived economic benefits.
    Risk Management Process

    Figure 1: Risk Management Process
  1. General Principles
    1. The risk management process for an FCM shall include: risk identification, risk measurement, risk monitoring, risk reporting, and risk response.
    2. An FCM shall establish a risk management information system so as to ensure smooth implementation of the risk management process.
  2. Risk Identification
  3. For the purpose of risk management, an FCM shall first identify the risks it may face in the course of its business operation. Generally speaking, risks may be affected by internal and external factors, which are called risk factors. To effectively control risk, it is advisable to adopt various feasible analytical tools and methods, and through bottom-up or top-down discussion and analysis, to aggregate past experience and predict conditions that will give rise to possible risks in the future. These shall be identified and categorized to serve as a reference for further risk measurement and monitoring.
    Description:
    1. Given the special nature of the futures industry, the primary risks that the industry may face are market risk, credit risk, liquidity risk, operational risk, model risk, and other related risks. Accordingly, these Principles shall explain the major risks generally acknowledged by the industry, and the other risks shall be identified, analyzed and dealt with by individual FCMs.
    2. Market risk refers to the risk of on- or off-balance-sheet loss due to uncertain changes during a certain period in the market prices of financial assets, such as changes in interest rates, foreign exchange rates, equity security prices, and commodity prices.
    3. Credit risk refers to the probability that counter-party of a transaction fails to perform their duty, and the risk of loss such nonperformance would cause to the risk amount or the financial status of the FCM.
    4. Liquidity risk refers to the risk of failure to meet obligations when they come due because of inability to liquidate assets or to obtain adequate funding (referred to as "funding liquidity risk") and the risk of significant movements of market price due to inadequate market depth or market disruptions (referred to as "market liquidity risk") in the course of disposing or offsetting positions held.
    5. Operational risk refers to the risk of direct or indirect loss arising from failure or mistakes in internal operations, personnel or systems, or from external events.
    6. Other risks include legal risk, model risk, strategy risk or business risk, and reputation risk.
    7. In risk identification, attention shall be paid to the correlation between events giving rise to those risks.
    8. The Product/Risk Matrix can be used as a standard for reference in identifying product risk factors.
  4. Risk Measurement
  5. After an FCM identifies the risk factors in different products, it shall establish appropriate measuring methods to serve as the basis of risk management.
    Description:
    1. Risk measurement includes risk analysis and evaluation. The former is to understand the influence of risks on the FCM by analyzing the probability of risky events and the extent of their adverse impact. In the latter, the influence of risks is compared to the threshold set in advance, so that it may serve as a reference in setting priorities for risk control and selecting response measures.
    2. For an FCM’s risk management, the risks shall be measured by quantitative or other feasible qualitative approaches based on the types of risks involved.
    3. In terms of risk management structure, rigorous statistical analysis and related techniques may be applied to analyze quantifiable risks such as market risk and credit risk. For other risks that are harder to quantify, appropriate risk response measures shall be adopted to achieve the objectives of risk management.
    4. It is advisabl
4     Risk Management Mechanism
  1. Market Risk
    1. Market Risk Management Principles
    2. An FCM shall establish an appropriate management system for market risk and shall implement such system faithfully.
      Description:
      The market risk management system shall include at least:
      (1) An authorization structure, reporting process, and operation descriptions for various levels in connection with market risk management;
      (2) The acceptable scope of transactions involving market risk;
      (3) Evaluation and adoption of market risk measurement methods (including qualitative and quantitative methods);
      (4) Establishment of appropriate limits on market risk, an approval hierarchy, and methods for handling over-limit risks; and
      (5) Procedures for the verification, adjustment, and resolution of irregular and problematic transactions;
    3. Quantification Measurement of Market Risk
    4. To measure market risk, an FCM shall establish a feasible risk quantification model to calculate the market risk of all business units on a daily basis, and to compare the results with market risk limits.
      Description:
      1. A market risk quantification model may include:
      (1) Statistics-based measurement methods;
      (2) Sensitivity measures;
      (3) Stress testing; and
      (4) Other feasible risk quantification models.
      2. The measurement methods shall be accurate and rigorous, and the consistency of the adopted methods must be ensured.
      3. An FCM shall evaluate the market risk of all business units. Risk exposure shall be measured at least on a daily basis.
      4. Business units and the risk management personnel or unit shall measure market risk on a daily basis, and shall compare the results with the approved market risk limits as well as monitor them.
    5. Statistics-based Measurement
    6. It is advisable to adopt a statistics-based method to measure an FCM's overall market risk so that the results can be provided for senior managers’ reference for decision-making.
      Description:
      1. It is advisable to adopt a statistics-based method to measure an FCM’s market risk from unexpected losses to the FCM as a whole, to business units, or to individual products, so that the departments concerned will have an understanding of the overall risks.
      2. It is generally advisable to adopt the Value-at-Risk (VaR) model for statistics-based measurement of market risk.
      3. An FCM shall have an in-depth understanding of the VaR model's assumptions and limitations.
    7. Sensitivity Analysis
    8. It is advisable for an FCM to measure the sensitivity of the (market) positions that it holds to each risk factor.
      Description:
      1. It is advisable to adopt sensitivity analysis measurement method to measure the impact of variations in risk factors, such as interest rates or exchange rates, on the FCM’s assets, so as to help relevant departments understand the effects of different variations in risk factors on the FCM.
      2. To strengthen their control over market risk, each business unit shall calculate the sensitivities of specific market risk factors, such as theeffect of interest rates fluctuations on the Price Value of a Basis Point (PVBP) and convexity; and the delta, gamma, vega, theta, and rho of the option price.
    9. Model Validation
    10. For the accuracy and credibility of the statistics-based risk measurement model, the FCM shall conduct model validation, and continue updating the results to reflect market conditions.
      Description:
      1. In circumstance where the FCM adopts statistics-based measurement, since the statistics-based measurement is based on numerous assumptions, parameters, and the choice of confidence level, it is necessary to compare estimated (predicted) market risk and actual results (actual profit and loss) to ensure the accuracy of statistics-based measurement. If there is a significant discrepancy between estimated and actual results, it is necessary to review the assumptions and modify the model.
      2. Statistical methods cannot guarantee the accuracy of the estimations on the volatility of or relevance between financial product prices. Extra caution shall therefore be exercised when selecting related assumptions and models for investment portfolios analysis.
      3. If an FCM adopts the VaR model to evaluate market risk, it is necessary to validate the accuracy of model estimation through back-testing or other methods.
    11. Stress Testing
    12. When an FCM establishes measures for responding to irregular market fluctuations, it can adopt stress testing for simulation to measure the impacts of irregular market fluctuations on the value of an investment portfolio, and the results may serve as the basis for the drafting of response measures.
      Description:
      1. Most risk measurement models are based on many assumptions and specific parameters, including the choice of confidence level. However, they do not provide predicted losses that fall outside the confidence level or distribution assumptions. It is therefore necessary to adopt stress testing to evaluate an FCM’s potential irregular loss, and to implement risk control.
      2. Stress testing is not limited to the quantitative analysis of potential losses; it shall include qualitative analysis under specific conditions.
      3. An FCM shall perform stress testing on a regular basis to evaluate the potential irregular loss arising from excessive market fluctuations.
  2. Credit Risk
    1. Credit Risk Management Principles
    2. An FCM shall establish an appropriate control system for the credit risk of all of its business and shall implement such system faithfully:
      Description:
      1. Credit Risk Management System shall include at least:
      (1) The authorization structure, reporting process and operation descriptions at various levels in connection with credit risk management;
      (2) Credit evaluation prior to transactions: A cautious evaluation of the credit of a counter-party shall be made prior to a transaction, and the legality of the transaction shall be confirmed;
      (3) Creditworthiness: It is advisable to establish a creditworthiness system. Different counter-parties with different levels of creditworthiness shall be imposed with different credit limits, and administered according to their credit limits. ;
      (4) Credit monitoring: The credit conditions of different counter-parties and their positions shall be inspected on a regular basis. In addition, regular evaluation and monitoring shall be performed on credit enhancement measures (including collateral); and
      (5) Other effective measures for credit risk reduction, such as collaterals, guarantees, and credit risk netting agreements.
      2. To control credit risk effectively, an FCM may adopt appropriate quantitative risk management technology.
    3. Credit Rating Management
    4. An FCM shall have an appropriate credit assessment unit to evaluate its counter-party’s creditworthiness. Further, it shall establish different credit limits for different counter-parties with different levels of creditworthiness, which shall be administered based on their credit limits.
      Description:
      1. It is advisable that an FCM establish an independent credit evaluation procedure whereby the counter-parties’ creditworthiness shall be evaluated.
      2. It is advisable that an FCM establish an appropriate credit rating system, whereby the credit limits shall be imposed upon different counter-parties with different level of creditworthiness.
      3. To identify a counter-party with high risks, an FCM may conduct appropriate credit rating management based on each counter party’s historical transaction characteristics and the FCM’s risk tolerance.
      4. The risk management personnel or unit shall be responsible for measuring and monitoring credit risk.
    5. Credit Monitoring:
    6. An FCM shall review on a regular basis the counter-party’s credit standing, and establish credit monitoring procedures to ensure a constant control over credit risk. It shall also review, monitor and manage on a regular basis each credit enhancement measure (including collaterals and margins).
      Description:
      1. Credit monitoring procedures shall include:
      (1) Regular review of the counter-party’s credit conditions.
      (2) Adopting appropriate measures for counter-party whose risk has been increased in order to control the credit risk.
      (3) Other measures that may improve risk monitoring and management effectively.
      2. An FCM shall establish special monitoring and approval process for the trading orders from high-risk customer, and shall establish a tracking and management procedure for high-risk accounts for the following matters:
      (1) Credit changes of the account;
      (2) Legality of the account;
      (3) Change, and profit and loss of the trading instruments of the account; and
      (4) Collection and analysis of important relevant information.
    7. Credit Enhancement and Credit Risk Mitigation
    8. To further control credit risk, the company shall increase, depending on the nature of the counter-party and goods contemplated by the transaction, the credit strength of the transaction through collateral or guarantee. It is also advisable to adopt credit risk mitigation method, such as entering into a netting agreement with a counter-party, to offset mutual credit risks.
      Description:
      1. The company shall establish a certain process to decide which transaction requires credit enhancement on the counter-party's part. Meanwhile, it shall establish consistent standards to evaluate the effect of credit risk mitigation on the credit risk reduction.
      2. The company shall establish appropriate monitoring and evaluation process for the counter-party’s credit conditions and value of collaterals, so as to fully disclose its risk;
      3. To the extent authorized by laws, the company shall confirm the enforceability of the netting agreement, and shall enforce such agreement in accordance with the existing process.
      4. The effect of credit enhancement and credit risk mitigation on the company’s credit risk shall be taken into account during the aggregation of credit risks.
      5. The company shall implement faithfully the rules governing credit check for clients at account opening.
    9. Quantitative Measurement of Credit Risk
    10. It is advisable that an FCM aggregate credit exposure, probability of default, and recovery rate of the counter-party to calculate the expected and unexpected credit loss and to quantify credit risk.
      Description:
      1. The expected loss for credit risk is estimated from:
      (1) Credit exposure;
      (2) The probability of default of a counter-party; and
      (3) Recovery rate of a counter-party.
      2. Unexpected loss for credit risk is the possible maximum loss under a certain possible condition (within the confidence level), as evaluated by the FCM itself.
      3. It is necessary to take into account the effect of credit enhancement of such transaction, and the offsetting effect of net credit risk exposure for the estimation on expected and unexpected losses for credit risk.
    11. Credit Risk Exposure
    12. An FCM shall measure the credit risk exposure of the positions held and the counter-party, and shall compare the results with the risk limits of counter-parties on a regular basis.
      Description:
      1. Credit exposure shall be measured, monitored on a daily basis, and shall be compared with the limits of individual counter-parties. If the scale of the portfolio is small and the volatility of the transaction is slight, the measurement and monitoring may be made on a weekly basis.
      2. If it is difficult to measure the credit exposure, the FCM shall adopt other appropriate methods for risk control.
      3. The measurement on the credit risk exposure to each business unit shall comply with the principles of accuracy, integrity, and consistency.
    13. Current and Potential Exposure
    14. An FCM’s measurement of the amount of credit risk exposure for the positions held by it shall be made on the basis of credit equivalent amount, and shall reflect the change of market conditions. As there are different methods for measuring credit risk exposure for different products, the FCM shall use the appropriate method to measure the amount, such as the credit exposure for certain financial products, including the current risk exposure and potential risk exposure.
      Description:
      1. Current Exposure: The replacement cost for the transaction, i.e., the current market value, represents the amount of loss to be suffered by a counter-party if it defaults on such given day, which equals to the closing price of the day.
      2. Potential Exposure: The estimated value for future replacement cost of the transaction, which represents the amount of loss to be suffered by a counter-party if it defaults during the trading period in the future.
    15. Probability of Default by a Counter-party
    16. It is advisable that an FCM adopt appropriate methods to evaluate the probability of default by a counter-party.
      Description:
      1. The probability of default by a counter-party may derive from the relevant information issued by an external rating institution approved by the competent authority, or estimated by the FCM itself.
      2. If the FCM estimates the probability of default of a counter-party on its own, it shall have a complete procedure, and the result shall be validated to ensure the effectiveness of the model.
      3. To estimate the probability of default by customers in the brokerage business, it is advisable that an FCM conduct the estimation pursuant to the following principles:
      (1) For an corporate account that has external credit rating, the probability of default shall be estimated according to the external rating information.
      (2) If the client, including corporate account and individual account, does not have external credit rating the probability of default for customers with different credit risk characteristics shall be estimated according to the characteristics of past default cases.
    17. Counter-party’s Recovery Rate for Defaults
    18. It is advisable that an FCM adopt appropriate methods to reasonably evaluate a counter-party’s recovery rate for defaults.
      Description:
      1. Loss Given Default Rate means “1 - recovery rate”, and the recovery rate is the percentage of the recoverable amount (such as claimable amount or the current value of recovered principal and interest upon default) to the credit exposure amount or outstanding amount (such as amount extended or current value of the debt upon default) when there is a default.
      2. The recovery rate of a counter-party shall be evaluated by the FCM itself, or provided by an appropriate external institution.
  3. Liquidity Risk
    1. Liquidity Risk Management Principles
    2. An FCM shall establish appropriate measures to control liquidity risk (including market liquidity risk and funding liquidity risk), and shall implement such measures faithfully.
      Description:
      1. An FCM shall consider concentration and market trading volume of its positions, so as to proceed with the quantitative management and non-quantitative management on liquidity risk.
      2. An FCM shall take into consideration the amount and schedule of the fund required by each department; in addition, contingency plan shall be proposed to meet the needs of funding arising from irregular or urgent conditions.
    3. Market Liquidity Risk Management
    4. An FCM may include the market liquidity risk into market risk model, or evaluate and monitor such risk independently.
      Description:
      1. Market liquidity risk may be put into consideration for VaR model in order to accurately reflect the risk of settled position, and for the risk management personnel or unit to monitor such risk.
      2. Block trading may have significant impact on the market price, so the FCM shall carefully manage market liquidity risk in connection with large exposures.
    5. Funding Liquidity Risk Management
    6. An FCM shall evaluate and monitor the requirement of short-term cash flow in each type of currencies by different characteristic of business, and shall adopt funding liquidity risk management standards for future funding requirement.
      Description:
      Not only domestic short-term funding allocation, but also oversea and cross-market funding allocation shall be considered for funding liquidity.
    7. Funding Management
    8. It is advisable that an FCM establish a funding management department independent from all business units and responsible for supervising net cash flow of each business units.
      1. The funding management department shall report any significant or irregular use of cash to the risk management personnel or unit.
      2. The funding management department shall keep close contact with business units and relevant departments, and shall communicate with the settlement-related departments for the funds used by any individual transaction.
    9. Funding Strategies
    10. An FCM shall establish various funding strategies against loss arising from liquidity, or requirement for fund liquidity caused by incidents in the market.
      Description:
      1. The risk management personnel or unit shall understand through scenario analysis the potential liquidity risk concerning the financial products possessed by the FCM , to further evaluate possible costs arising from fund raising in various circumstances. The risk management personnel or unit shall also establish emergent financing policies and process for the FCM.
      2. The FCM shall establish a proper structure for the management of funding liquidity risk.
  4. Operational Risk
    1. Operational Risk Management Principles
    2. An FCM shall, in addition to monitoring the risks pursuant to the operational procedures and critical control points as required by its internal control systems, establish and implement suitable monitoring and controlling mechanism against operational risks occurring in the course of business and trading process.
      Description:
      1. The management mechanism of operational risks as mentioned above shall include at least the following:
      (1) The trading department shall ensure that all transactions comply with the FCM’s policies. Critical control points such as the acquisition of information on the authorization and support of transaction, counter-parties' experience, and preservation of transaction records shall be regulated.
      (2) Finance, settlement and other relevant departments shall adopt suitable regulations governing critical control points such as evaluation, confirmation of price information, compilation of income statements, handling and confirmation of transactions, transaction and settlement operations, validation of accounts, and asset control.
      2. An FCM may adopt an appropriate quantitative risk management method to effectively manage and control operational risks.
    3. Authorization
    4. An FCM shall establish clear authorization standards for different types of transactions.
      Description:
      1. An FCM shall have a process for reviewing on a regular basis the appropriateness of authorization so that relevant departments and persons clearly understand the scope of authorization. There shall be appropriate handling measures in case of violation of authorization process.
      2. The authorization standards shall specify the authorized coverage and limits for each type of transactions, and ensure that the trading personnel conduct transactions within the authorized trading amount.
      3. Before authorization, it is necessary to make sure that relevant personnel have completely understood the FCM’s risk management policies and guidelines, the characteristics of the risk of specific products, and the operation control and process for transaction.
    5. Decision-making Support
    6. Prior to trading, the trading personnel shall acquire sufficient information from the customers and counter-parties, and other related and necessary information in order to facilitate the FCM’s pricing and trading decisions.
      Description:
      1. Before conducting a transaction, the trading personnel shall clearly understand the counter-party’s ability and needs, and understand their own duties and responsibilities for the transaction. At the same time, the trading personnel shall also obtain the counter-party's credit risk information and limits for trading reference.
      2. Setting up an appropriate control procedure for a pricing model; an untested model could expose an FCM to the risk of trading loss; therefore, the assumptions and parameters of the pricing model shall be recorded clearly in the use and control procedure for the pricing model, and be reviewed and approved by the risk management personnel or unit.
      3. The personnel of the trading department shall understand the FCMs' risk management and trading strategies.
    7. Professional Knowledge and Experience of Trading Personnel and Counter-parties
    8. Prior to conducting a transaction, trading personnel from an FCM shall possess to a certain degree professional knowledge and experience, and take into consideration the counter-party's professional knowledge and experiences
      Description:
      1. The contractual stipulations for some financial products, particularly derivatives, are extremely complicated and highly technical. Trading personnel need to ensure both their own and the counter-party’s understanding of such products in order to avoid possible huge losses (or trading disputes).
      2. Relevant information regarding complex transactions of financial products shall be obtained and preserved.
      3. It will be helpful for improving a counter-party's understanding of the products by sufficiently providing the counter-party with the sensitivity analysis of such transaction in different market conditions.
    9. Transaction Records
    10. An FCM shall establish a control system to ensure the completeness, accuracy, and timeliness of the transaction records.
      Description:
      1. Trading personnel shall provide or preserve important transaction records to ensure that the transactions have been accurately processed.
      2. When a transaction has to be recorded in multiple information systems, these systems shall be able to compare the transactions among themselves so as to ensure information consistency, and the information shall be reviewed and confirmed on a daily basis by the risk management personnel or unit, instead of the trading department.
    11. Valuation
    12. An FCM shall re-evaluate the value of the positions by utilizing in a timely manner reasonable fair price pursuant to the existing written documents or approved policies and procedures.
      Description:
      1. An FCM shall establish appropriate policies and procedures for position valuation, and review regularly their appropriateness. In addition, the FCM shall disclose the valuation method and its reasoning, including whether the valuation is carried out through mark-to-market or mark-to-model method.
      2. An FCM shall adopt proper and consistent methods to valuate all positions.
      3. An FCM shall adopt suitable valuation procedures for the products with extremely low liquidity.
      4. The valuation time shall be consistent for all types of products.
    13. Price Information Verification
    14. Persons of the finance department and risk management related departments shall acquire price information (including interest rates and exchange rates) from units independent from the trading department so as to re-evaluate the FCM’s positions. If the evaluation is carried out with the internal evaluation model, the FCM shall establish a reasonable and independent review procedure. There shall also be appropriate control and authorization for any alteration of models.
      Description:
      1. It is advisable that the acquisition of price information not be carried out by the trading personnel so as to avoid any possible conflict of interests or price manipulation.
      2. An FCM shall fully understand the method for externally obtaining the price, and establish operating procedures, which should preferably include the methods for handling overestimate (underestimate) of price, unusual large trading volume, or other irregular situations.
      3. If it is not possible to obtain independent external prices, , the prices may be calculated by estimation and model, but such model shall first be evaluated through an independent review procedure for its suitability, and the FCM shall consider setting up a separate amount limit for these transactions.
    15. Profit and Loss Report
    16. An FCM shall compile profit and loss reports on investment portfolio on a daily basis so that the management level may know the performance of business units.
      Description:
      1. The content of the profit and loss reports can be compiled and categorized by business units, product types or geographic areas.
      2. The finance or risk management department shall estimate on a regular basis the capital demands and the costs, and compile relevant analysis reports.
    17. Processing of Transactions
    18. An FCM shall process all approved transactions in a timely manner, and preserve the transaction records for the transactions conducted by the trading personnel so as to control and manage the potential risks in a transaction process.
      Description:
      1. An appropriate transaction processing and control procedure shall be established in order to control and manage the potential risks during the trading process.
      2. The processing of transaction shall be completed immediately following the execution of the trade, or at least within the same trading day, in order to ensure a timely transaction record.
      3. To ensure the integrity and accuracy of the transaction records (such as independent transaction numbers, transaction details, counter-parties and transaction time), transaction documents shall be preserved as required.
      4. The verification procedure for transaction records shall be conducted by persons who are independent of the business units, including validity check, supervision of credit risks and market risk limits and the confirmation of the price information of off-exchange trading, and other related matters.
      5. Extra supervision and authorization shall be conducted for any alteration and cancellation of transactions or any irregular transactions.
      6. All doubtful or faulty accounts must be handled promptly; senior managers of finance units shall review on a regular basis and analyze these unresolved transactions.
    19. Transaction Confirmation
    20. After a transaction is completed, confirmation of the transaction data between the FCM and the counter-party shall be conducted by persons not from the trading department.
      Description:
      1. The confirmation method for a transaction shall be decided based on the nature of the transaction. The confirmation methods include written confirmation through settlement institutions, settlement system, or directly with the counter-party. and shall be independent from the trading personnel and cashier.
      2. The sending and receiving, checking and verification of written transaction confirmation shall be conducted by persons not from the trading department.
      3. Management reports shall include information of uncompleted transactions and counter-parties with disputes.
    21. Customer Margins Management
    22. An FCM shall manage customer margins in accordance with rules governing management of customer margins as issued by the competent authority, Taiwan Futures Exchange, and the Chinese National Futures Association, and as in the company’s internal control system.
      Description:
      1. An FCM shall manage customer margins in accordance with rules governing management of customer margins as issued by the competent authority, Taiwan Futures Exchange, and the Chinese National Futures Association.
      2. An FCM shall establish customer margins management procedures in order to faithfully implement the management of customer credit risks.
      3. An FCM’s management of customer margins shall include real-time monitoring during trading session and management after the trading session.
      4. An FCM shall handle the receipt/disbursement of customer margins, management of incoming/outgoing funds, and collection operations pursuant to the management and operation procedures for customer margins.
    23. Clearing and Settlement
    24. An FCM shall authorize the personnel independent from the trading, trading procedure and account-checking units to execute the clearing and settlements of cash and securities.
      Description:
      1. To effectively control the settlement of cash or assets, the cross-checking of settlement details shall be authorized to personnel with sufficient experience and knowledge, and the authorized personnel shall be divided into at least two levels or more, and the responsibilities for each level shall be clearly distinguished.
      2. To maintain the security of electronic payment system or manual invoicing system, phone calls for all transactions instructing on settlements shall be recorded.
      3. Operations of non-standard settlement transactions shall be appropriately authorized and crosschecked.
      4. Settlement operations for cash and securities shall be separated and appropriately authorized.
    25. Account Validation
    26. An FCM shall have the accounts validated by an independent unit, or appropriately conduct the monitoring of internal accounts upon the establishment of internal positions.
      Description:
      1. To maintain the consistency among the internal system and database and the records in external organizations, the FCM shall validate the account, and the application system in the trading department and the back-office database shall be integrated.
      2. The scope of account validation shall include trading personnel, back office settlements, and records of accounting system.
      3. The cash and custodial positions (including positions and cash) shall be validated by an independent unit to ensure the truthfulness of the records.
    27. Asset Control
    28. An FCM shall establish an asset control system to maintain the security of assets (including those of the FCM and clients).
      Description:
      1. All securities and other assets, including collaterals, shall be kept in a safe place and under control.
      2. The securities shall be counted and checked at least on a regular basis.
      3. Control procedures shall be set up to maintain the security of clients' assets, including the confirmation of clients' assets and separate management of clients’ assets.
      4. Each client’s transactions shall be accurately settled and recorded in details, and the account balance shall also be disclosed.
    29. Quantitative Measurement of Operational Risks
    30. An FCM shall recognize the importance of operational risks, and collect and compile data related to operation risks so as to facilitate appropriate quantitative measurement and management.
      Description:
      1. Operational risks includes the risk of internal personnel, procedures and information system as well as risks of loss directly or indirectly caused by external affairs. An FCM shall collect and compile the relevant data on a regular basis (including time of occurrence, type of event, documentation and description of loss), and conduct appropriate quantitative measurement and management.
      2. To effectively control operational risks, an FCM may adopt appropriate approaches or models to measure operational risks.
      3. For relevant information on risk quantification, please refer to the reports as issued by the Bank of International Settlement (BIS).
  5. Other Risks
    1. Control of Other Risks
    2. An FCM shall, in addition to controlling the market risk, credit risk, operational risk and liquidity risk suffered during business operations, establish appropriate risk control procedures for other risks (including legal risk, model risk, reputation risk and strategy risk) based on the characteristics of different risks and their impact on the company.
      Description:
      1. Legal risk means the potential loss as a result of failure to comply with relevant laws and regulations, and a voidance of the contract caused by illegality of the contract, overstepping powers, neglect of clauses or incompletion of standards.
      2. Model risk means that an FCM, when engaging in futures trading, shall reinforce the control of internal model risk. For example, the pricing of index options involves factors such as weighted index, exercise price, volatility, interest rate level, and duration of the agreement so an accurate pricing and calculation of risk analysis shall be based on the accurate financial models and programming. Therefore, when controlling model risk, an FCM shall ensure the accuracy of the model and programming used.
      3. Reputation risk means any negative matter related to the operation of the FCM, regardless whether it is true, that might lead to reduction of client base, decrease in revenue, or even possible lawsuit expenses, or other possible losses.
      4. Strategy risk means the risk of potential real-time or future loss in revenue or capital suffered by the FCM as a result of unwise business decisions, inappropriate execution of the decisions, lack of appropriate responses to competitions in the same industry or lack of appropriate responses to industry changes.
      5. In addition to market risk, credit risk, operational risk, and liquidity risk, an FCM during business operations is also faced with legal risk, model risk, reputation risk and strategy risk. It is advisable that the FCM establish, based on the characteristics of each type of risks and their impact on the company, appropriate risk management procedures to control other risk.
    3. Legal Compliance
    4. An FCM shall establish a department especially designated for legal compliance to be in charge of the compliance with relevant laws and regulations governing the overall financial affairs and operating activities of the FCM, and to evaluate and manage the FCM’s legal risk.
      Description:
      1. The control of legal risk shall be jointly discussed, researched and drafted by the risk management personnel or unit and the legal compliance department.
      2. An FCM’s internal rules shall be adopted pursuant to the relevant regulations of the competent authority.
      3. An FCM shall review the appropriateness of the internal rules and ensure that they are forward-looking and flexible, so that they can respond to the impacts of the addition (amendment) of laws on its business operations.
    5. Review of the Legality of Contractual Documents
    6. Before undertaking any business operation, an FCM shall confirm the rights and responsibilities between and with its counter-parties, and shall review the legality of the deal and availability of legal documents.
      Description:
      1. An FCM shall establish a set of complete procedures to govern the review process prior to engaging in transactions with the counter-parties, so as to ensure the legality of the transactions. The aforementioned counter-parties include: financial institutions, custodian institutions, brokers, traders and clients.
      2. An FCM shall formulate written documents required for different transactions and ensure the integrity of the details of the transaction documents.
      3. Prior to a transaction, a business unit shall acquire the legal authorization for such transaction, and comply with relevant regulations. In addition , all relevant documents during the transaction process shall be completely preserved for the required time period.
      4. Considering the variety of characteristics of derivative financial products, such as the complexity in their trading, high financial leverage multiple, different lengths of transaction periods, huge number of counter-parties and transfer of risks, an FCM shall pay special attention to the feasibility of executing the contracts, and counter-parties' ability of performing the contracts, and shall formulate a complete set of review procedures for the adequacy and legality of the contracts of derivatives financial products.
  6. Risk Limits (Note 1) and Risk Aggregation
    1. Market Risk Limits
    2. An FCM shall set up and monitor market risk limits for the company as a whole, for each business unit and for each trader, based on the regulations of the competent authority and the TAIFEX and the company’s own needs, and implement the principles for handling the situation where the risk limits are exceeded.
      Description:
      1. Market risk limits shall be adopted based on their position limits, sensitivity limits and stop-loss limits, as well as the VaR limits or stress testing limits.
      2. The risk diversification effect of investment portfolios shall be taken into consideration for allocating market risk limits.
    3. Credit Risk Limits
    4. An FCM shall set up and monitor the credit risk limits of each counter-party based on the regulations as issued by the competent authority, the TAIFEX and the Chinese National Futures Association as well as the company’s needs, and implement the principles for handling the situation where the risk limits are exceeded.
      Description:
      1. To establish credit risk limits, the following factors shall be taken into consideration:
      (1) The FCM shall set up credit risk limits for each counter-party or client.
      (2) Before conducting the transaction, a trader shall check the limits to verify the validity of credit risk limits.
      (3) After the transaction, the FCM shall review on a regular basis the changes of the counter-party’s credits and conduct proper handling.
      2. The risk management personnel or unit shall review and subsequently monitor the counter-party' credit based on the approved procedures, and evaluate whether the credit risk is too concentrated in the following categories:
      (1) The counter-party, including its affiliates.
      (2) Enterprises with the same credit rating.
      (3) Type of Industries.
      (4) Origin of Country
      3. An FCM shall measure credit risk through quantification model or method, and design accordingly the risk limits for each counter-party and each business type.
    5. Limit Review Procedure
    6. When changes are made to the government's regulations, the FCM’s policies, market conditions or trading strategies, the FCM shall re-review its rules for risk limits.
      Description:
      1. An FCM shall review risk limits on a regular basis to reflect in a timely manner the changes of external environment and internal business decisions.
      2. An FCM shall set up different limits for each trader, and the head of the FCM’s business unit will review the limits on a regular basis.
    7. Evaluation & Authorization for Product Limits
    8. Before undertaking or developing new products, an FCM shall establish a formal review procedure and a business operation plan for assessing the feasibility of such undertaking or development, and shall evaluate the impact on the current limits for existed products, so as to allocate appropriate risk limits.
      Description:
      1. An FCM shall, during the development of new products, confirm that the difference between the new products and the existing product has been appropriately evaluated and authorized. The FCM shall also take into consideration the changes of business nature, structural difference, risk level, laws and regulations pursuant to operational procedures.
      2. For the approval procedure, the undertaking by an FCM of new products shall be reviewed and signed by relevant departments (such as risk management, audit, information, finance, and legal units), and then approved by the board of directors, or the high-level management as authorized by the board of directors.
      3. The content of the new product plan submitted for the review procedure shall include in details the reasons for the design of the new products, current regulations governing documents modification, assessment procedures, potential trading counter-parties, appropriate monitoring system and operation procedures, information system operation and risk analysis methods.
      4. The key contents of the business operation plan for new products shall include: description of product type and business objectives, application for approval of authorized limits, implementation procedures for risk measurement and risk control, internal control and internal audit systems, operation procedures, accounting, taxation, analysis of relevant regulations, and operations of information system.
      5. For trading of new products, it is necessary to obtain approval for risk limits, and, in addition, the impact of such risk limits on the overall risk limits shall also be taken into account.
      6. The undertaking and development of the aforementioned new products shall be approved by the competent authority pursuant to the Futures Trading Act.
    9. Risk Aggregation
    10. An FCM shall calculate and aggregate the company’s overall risks and the risk of each business unit, including market risk, credit risk and other quantifiable risks, and compare them with authorized limits. It is advisable to take into account the correlation between different risks in the process of risk aggregation.
      Description:
      1. Daily aggregation of changes of the FCM’s overall risks and any instance where limits are exceeded shall be carried out, including:
      (1) Exposure to market risk for every business unit and every financial instrument.
      (2) Major exposure of credit risk.
      (3) Concentration of credit risk.
      2. The risk management personnel or unit shall aggregate and monitor on a daily basis the different types of risks according to the existing procedures, and compare them with risk limits, so as to understand the risk control conditions and response measures of each business unit, and shall prepare on a regular basis the risk management reports for the examination of the RMC or the board of directors.
    Risk Management Mechanism
  1. Market Risk
    1. Market Risk Management Principles
    2. An FCM shall establish an appropriate management system for market risk and shall implement such system faithfully.
      Description:
      The market risk management system shall include at least:
      (1) An authorization structure, reporting process, and operation descriptions for various levels in connection with market risk management;
      (2) The acceptable scope of transactions involving market risk;
      (3) Evaluation and adoption of market risk measurement methods (including qualitative and quantitative methods);
      (4) Establishment of appropriate limits on market risk, an approval hierarchy, and methods for handling over-limit risks; and
      (5) Procedures for the verification, adjustment, and resolution of irregular and problematic transactions;
    3. Quantification Measurement of Market Risk
    4. To measure market risk, an FCM shall establish a feasible risk quantification model to calculate the market risk of all business units on a daily basis, and to compare the results with market risk limits.
      Description:
      1. A market risk quantification model may include:
      (1) Statistics-based measurement methods;
      (2) Sensitivity measures;
      (3) Stress testing; and
      (4) Other feasible risk quantification models.
      2. The measurement methods shall be accurate and rigorous, and the consistency of the adopted methods must be ensured.
      3. An FCM shall evaluate the market risk of all business units. Risk exposure shall be measured at least on a daily basis.
      4. Business units and the risk management personnel or unit shall measure market risk on a daily basis, and shall compare the results with the approved market risk limits as well as monitor them.
    5. Statistics-based Measurement
    6. It is advisable to adopt a statistics-based method to measure an FCM's overall market risk so that the results can be provided for senior managers’ reference for decision-making.
      Description:
      1. It is advisable to adopt a statistics-based method to measure an FCM’s market risk from unexpected losses to the FCM as a whole, to business units, or to individual products, so that the departments concerned will have an understanding of the overall risks.
      2. It is generally advisable to adopt the Value-at-Risk (VaR) model for statistics-based measurement of market risk.
      3. An FCM shall have an in-depth understanding of the VaR model's assumptions and limitations.
    7. Sensitivity Analysis
    8. It is advisable for an FCM to measure the sensitivity of the (market) positions that it holds to each risk factor.
      Description:
      1. It is advisable to adopt sensitivity analysis measurement method to measure the impact of variations in risk factors, such as interest rates or exchange rates, on the FCM’s assets, so as to help relevant departments understand the effects of different variations in risk factors on the FCM.
      2. To strengthen their control over market risk, each business unit shall calculate the sensitivities of specific market risk factors, such as theeffect of interest rates fluctuations on the Price Value of a Basis Point (PVBP) and convexity; and the delta, gamma, vega, theta, and rho of the option price.
    9. Model Validation
    10. For the accuracy and credibility of the statistics-based risk measurement model, the FCM shall conduct model validation, and continue updating the results to reflect market conditions.
      Description:
      1. In circumstance where the FCM adopts statistics-based measurement, since the statistics-based measurement is based on numerous assumptions, parameters, and the choice of confidence level, it is necessary to compare estimated (predicted) market risk and actual results (actual profit and loss) to ensure the accuracy of statistics-based measurement. If there is a significant discrepancy between estimated
5     Risk-Based Performance Management
  1. Performance Measurement
    1. Consistent Measurement Basis
    2. An FCM shall measure the performance of each unit or business operation pursuant to the principles of consistency; it is advisable to take into consideration the risks of different business operations in the process of measurement, and such risks shall serve as the basis for capital allocation.
      Description:
      1. Common quantitative indicators for performance include: profit and loss, and return on shareholder’s equity. It is advisable for the company to consider the degree of risks for different business operation pursuant to the risk management policy and the performance target so as to effectively measure the performance of different business units.
      2. It is advisable to take into account the results of the risk-adjusted performance measurement in the decision-making for compensation schema, investment opportunities assessment, product pricing, profit analysis, investment portfolio management, risk limits and capital management in order to implement the risk-adjusted performance management and to ensure the consistency between the overall risk management policy and the business activities.
    3. Quantitative and Qualitative Evaluation
    4. It is advisable that both the quantitative and qualitative indicators be considered for the measurement by an FCM of the performance of each unit.
      Description:
      1. Quantitative indicators for performance include: risk-adjusted performance measurement (RAPM) or return on shareholder’s equity; however,it is advisable to select only one indicator for the comparison of the performance of each business unit.
      2. Qualitative indicators for performance include:
      (1) Business strategies of business units.
      (2) Relationships with clients, other FCMs, and the society.
      (3) The FCM’s risk preference.
      (4) Competitive position on the market.
    5. Risk-adjusted Performance Measurement
    6. It is advisable that an FCM should use risk-adjusted performance measurement to evaluate the performance of each business unit or each trader.
      Description:
      1. For the measurement of the performance of each department, business unit or trading personnel, it is advisable to adopt a risk-adjusted performance measurement indicator that takes into account both compensations and risks, such as risk-adjusted return on risk-adjusted capital, (RARORAC, as shown in the figure below) or other applicable indicators.
      2. The risk-adjusted performance measurement can be used to assist the FCM to effectively allocate the risk-adjusted capital of each unit, and to maximize profits within the appropriate risk tolerance.

      Figure. 2:Risk-adjusted Return and Risk-adjusted Capital
      Notes 1. Direct and indirect revenues shall mean the actual revenues from external sources, and also include revenues from transfer of income between internal departments and the imputed income of risk-adjusted capital benefit.
      Note 2. Direct and indirect expenses shall mean the actual costs and expenses and also include the costs and expenses for the transfer in internal operations, and the costs for the transfer of internal capital.

    7. Performance Target
    8. It is advisable that an FCM set up an appropriate performance target for each business unit.
      Description:
      1. It is advisable to take into account the risk limits or various risk parameters as approved by the board of directors or the RMC prior to the establishment and assessment of performance targets.
      2. Each business unit shall establish a different performance target to be included in the budget control. The following factors shall be taken into account for establishing such target:
      (1) Historic performances of each business unit.
      (2) Whether a business unit undertakes new products or new business activities. (3) The FCM’s overall marketing or sales strategies.
      3. It is advisable to take into account the degree of risk assumption for the business unit’s performance targets or the trading personnel’s compensation scheme.
      4. Performance targets can also serve as a reference for product pricing.
    9. Assessment of Investment Opportunity
    10. It is advisable that an FCM adopt the risk-adjusted performance measurement as the assessment tool for future investment opportunities.
      Description:
      It is advisable that an FCMassess all risks and costs related to a new business or a new product, measure the risk-adjusted return, compare it with the current target benchmark, and use the result as a reference for investment decisions.
  2. Revenue & Cost Allocation
    1. Revenue Recognition Policy
    2. An FCM shall establish a revenue recognition policy to effectively reflect the actual condition of business operation, and to comply with the current general accepted accounting principles, so as to assist the board of directors and the RMC in obtaining sufficient information for the management of risks.
      Description:
      1. The profit and loss for the FCM’ own positions shall be recognized with marked-to-market method on a daily basis.
      2. The FCM shall establish a revenue recognition policy in order to govern the timing and amount for revenue recognition as well as the strategies for the allocation of revenue among business units.
      3. In response to the situation where the profit and loss for the positions are recognized with marked-to-market method on a daily basis, the FCM shall consider the provisions of expected credit loss, liquidity risk and operational risk when conducting the measurement of risk-adjusted performance.
      4. Each of the business units within the FCM shall adopt consistent valuation method for similar products and similar transactions.
    3. Cost Allocation
    4. An FCM shall allocate direct and indirect costs to each business unit to serve as the indicators for measuring the contributions of each business unit.
      Description:
      1. It is advisable to take into account the following principles so as to ensure the fairness of the cost allocation:
      (1) All direct costs shall be attributed to each business unit.
      (2) The method used to allocate costs to each unit shall be consistent.
      (3) The costs of supporting departments shall be allocated based on the predefined costs of the services provided.
      (4) The indirect costs of administrative departments shall be reasonably allocated to each business unit, or be taken into account during the establishment of the risk-adjusted benefit target of each business unit.
      2. The cost allocation policy should also provide for appropriate handling of services that are not negotiated in advance.
    5. Funding Cost & Transfer Pricing
    6. Each business units of an FCM shall assess its profit conditions based on transfer prices through a consistent and objective method.
      Description:
      1. The finance department shall set up the price for the funds provided to each business unit based on the transfer pricing method. Trading of financial instruments between business units shall also be priced through the transfer pricing method.
      2. It is advisable to take into account the following principles for the application of transfer pricing:
      (1) Transfer pricing can be applied to the transactions of all assets, liabilities, equities and off-balance sheet items between different business units.
      (2) Marginal costs shall be taken into account for the establishment of transfer pricing.
      (3) In case when there is no reasonable price of any internal transactions for reference, an FCM shall establish the transfer pricing with mark-up marginal costs.
      (4) The transfer pricing method shall be fair and assist the FCM in improving its business standard. The pricing mechanism shall be as simple as possible.
  3. Regulations on Capital and Other Relevant Issues
    1. Regulations on Capital
    2. An FCM shall maintain a continuous, correct adjusted net capital that meets the requirements of the competent authority.
      Description:
      1. An FCM shall complete the calculation of adjusted net capital within the required deadline and preserve the records for relevant calculations.
      2. The risk management personnel or unit shall be familiar with the FCM’s trading strategies and their effects on the adjusted net capital.
      3. An FCM shall establish an internal control system for the review of adjusted net capital pursuant to the regulations by the competent authority.
    3. Compensation Policies
    4. An FCM shall ensure that its compensation policy corresponds with its corporate culture, long-term operational goals and strategies, and control environment
      Description:
      1. An FCM needs to offer sufficient incentives to ensure the appropriate proficiency and experience of the hired risk management personnel. For the design of compensation system, it is also necessary to take into account the independency of the risk management personnel in carrying out business operations.
      2. The performance evaluation and remuneration standards of managerial officers and associated persons and the remuneration structure and system of the directors in an FCM shall be adopted in accordance with the following principles:
      (1) The FCM shall adopt the performance evaluation and remuneration standards or remuneration structure and system based on future risk-adjusted performance and in line with the company's long-term overall profitability and shareholders interests.
      (2) The remuneration and reward system shall not entice any director, supervisor, managerial officer, or associated person to engage in any act exceeding the company’s risk appetite in pursuit of remuneration. The FCM also shall regularly review the remuneration and reward system and performance in order to ensure their consistency with the company’s risk appetite.
      (3) The time for payment of remuneration by the FCM shall be set based on future risk-adjusted profitability in order to avoid the inappropriate circumstance of sustaining loss after the payment of remuneration. A significant percentage of the remuneration/reward shall be paid by a deferred method or an equity-related method.
      (4) When an FCM assesses the individual contribution of a director, supervisor, managerial officer, or associated person to the company’s profits, it shall conduct an overall analysis of the futures industry to clarify whether such profits resulted from an overall advantage such as the use of the lower capital cost of the company, in order to effectively assess the contributions that come from individual persons.
      (5) The stipulations on severance pay between the FCM and its directors, supervisors, managerial officers, and associated persons shall be adopted based on realized performance, in order to avoid improper circumstances such as receiving high severance pay after a short term of employment.
      (6) The FCM shall fully disclose to shareholders the adopted principles, methods, and goals of the aforementioned performance evaluation and remuneration standards or structure and system.
      The associated persons governed by these Principles are those persons whose remuneration or performance evaluation is based on the sale of various financial products or services.
    5. Internal Audit
    6. The internal audit unit of an FCM shall review the implementation of the FCM’s risk management system and, truthfully disclose the findings in the audit report. Any deficiency or irregularity found in the review shall be tracked after such audit report is submitted for approval, and a follow-up report shall be made on a regular basis, so as to ensure that the relevant units have taken appropriate improvement measures in a timely manner.
    7. Taxation
    8. An FCM shall review taxation issues on a regular basis in order to avoid such major loss as caused by any taxation issues.
    9. Soundness of Business Operations
    10. An FCM shall establish a crisis management plan so as to ensure the continuity of business operations in the event of a major crisis.
      Description:
      1. The plan shall clearly define and allocate responsibilities and accountability, and provides appropriate authorization.
      2. The plan shall include system backup and restoration, the procedures for quick establishment and sell-off of current positions, and the procedures for settlement default and temporary cash management requirement.
      3. The FCM shall appoint a senior manager as the representative to deal with overall crisis.
    11. Risk Management of Affiliates
    12. It is advisable that an FCM take into account its affiliates for risk management operations, and establish overall risk management policies for the group.
      Description:
      1. An FCM shall establish an appropriate overall risk management mechanism based on its ability to control affiliates.
      2. If an FCM has the controlling ability or significant influence over its affiliates, it is advisable to adjust the goal of risk management policies for the affiliates, when necessary, to make them consistent with the goal of the FCM’s overall risk management policies. The risk profiles of individual affiliates shall be disclosed separately so as to understand its impact on the risks of the entire group.
      3. The results of the risk assessment by the FCM shall be reported to the parent company in order to assess and aggregate the group’s overall risks.
    Risk-Based Performance Management
  1. Performance Measurement
    1. Consistent Measurement Basis
    2. An FCM shall measure the performance of each unit or business operation pursuant to the principles of consistency; it is advisable to take into consideration the risks of different business operations in the process of measurement, and such risks shall serve as the basis for capital allocation.
      Description:
      1. Common quantitative indicators for performance include: profit and loss, and return on shareholder’s equity. It is advisable for the company to consider the degree of risks for different business operation pursuant to the risk management policy and the performance target so as to effectively measure the performance of different business units.
      2. It is advisable to take into account the results of the risk-adjusted performance measurement in the decision-making for compensation schema, investment opportunities assessment, product pricing, profit analysis, investment portfolio management, risk limits and capital management in order to implement the risk-adjusted performance management and to ensure the consistency between the overall risk management policy and the business activities.
    3. Quantitative and Qualitative Evaluation
    4. It is advisable that both the quantitative and qualitative indicators be considered for the measurement by an FCM of the performance of each unit.
      Description:
      1. Quantitative indicators for performance include: risk-adjusted performance measurement (RAPM) or return on shareholder’s equity; however,it is advisable to select only one indicator for the comparison of the performance of each business unit.
      2. Qualitative indicators for performance include:
      (1) Business strategies of business units.
      (2) Relationships with clients, other FCMs, and the society.
      (3) The FCM’s risk preference.
      (4) Competitive position on the market.
    5. Risk-adjusted Performance Measurement
    6. It is advisable that an FCM should use risk-adjusted performance measurement to evaluate the performance of each business unit or each trader.
      Description:
      1. For the measurement of the performance of each department, business unit or trading personnel, it is advisable to adopt a risk-adjusted performance measurement indicator that takes into account both compensations and risks, such as risk-adjusted return on risk-adjusted capital, (RARORAC, as shown in the figure below) or other applicable indicators.
      2. The risk-adjusted performance measurement can be used to assist the FCM to effectively allocate the risk-adjusted capital of each unit, and to maximize profits within the appropriate risk tolerance.

      Figure. 2:Risk-adjusted Return and Risk-adjusted Capital
      Notes 1. Direct and indirect revenues shall mean the actual revenues from external sources, and also include revenues from transfer of income between internal departments and the imputed income of risk-adjusted capital benefit.
      Note 2. Direct and indirect expenses shall mean the actual costs and expenses and also include the costs and expenses for the transfer in internal operations, and the costs for the transfer of internal capital.

    7. Performance Target
    8. It is advisable that an FCM set up an appropriate performance target for each business unit.
      Description:
      1. It is advisable to take into account the risk limits or various risk parameters as approved by the board of directors or the RMC prior to the establishment and assessment of performance targets.
      2. Each business unit shall establish a different performance target to be included in the budget control. The following factors shall be taken into account for establishing such target:
      (1) Historic performances of each business unit.
      (2) Whether a business unit undertakes new products or new business activities. (3) The FCM’s overall marketing or sal
6     Risk Management Information System

    Figure 3: Structure Chart of the Risk Management Information System
  1. General Principles
    1. Structure of the Risk Management Information System
    2. It is advisable that an FCM establish a risk management information system. The structure of the risk management information system includes three important dimensions - application, data, and technology.
      Description:
      1. The application structure provides the FCM with functions related to the risk management information system as required
      2. The data structure defines the data and access interface required by the application system, for which the establishment of database and the integrity of the data shall be taken into account.
      3. The technical structure defines the software and hardware environment where the system operates. The system security shall be ensured during the establishment of the information system.
  2. Functions of the Risk Management Information System
    1. Definition of the Functions in the Risk Management Information System
    2. It is necessary to take into account the possible demands of each level in the FCM for risk management functions for the time being and in the future for the design of the application structure for the FCM’s risk management information system.
      Description:
      1. The functions of the application structure should preferably include: market and credit risks management, capital allocation, assets and liabilities management, performance assessment, and relevant management reports.
      2. Users shall participate in the function design and system testing for the risk management information system, to ensure that the requirements for the risk management are met.
      3. In addition to the definition of system functions, it is also necessary to confirm the feasibility of the solutions to the problems as adopted by the risk management information system during establishment of the system.
    3. Function Distribution
    4. The risk management information system adopted by an FCM shall, based on the internal control levels, clearly govern and allocate the types and levels for the centralized risk control, and the decentralized risk control in individual business units.
      Description:
      1. It is advisable that the risk management information system match with the FCM’s organizational structure and control method for risk control management.
      2. Risk management information system shall adopt a centralized information management method (distributed from the central level) to ensure the consistency of the calculation methods, models and data adopted by and between departments and products
      3. If the FCM adopts a decentralized risk management information system structure, it shall pay attention to the consistency of analysis methods and market data adopted by and between different units.
      4. The selection of a centralized or decentralized risk management information system depends on the FCM's requirements for the functions of the risk management information system, requirements for the degree of control, and the feasibility of the centralized system.
    5. Information Transfer Frequency
    6. It is advisable that an FCM take into account the frequency, the counter-parties, and format of the disclosed risk reports when establishing a risk management information system structure.
      Description:
      1. The final goal of the risk management information system is to generate real-time information, but the actual frequency with which the information is generated shall be subject to the user's requirement; there shall be different information content and report formats for different users.
      2. Information can be presented in the form of sheets or online inquiry, and the format for online inquiry can be determined by the users.
      3. The risk management information system can also include the following functions when necessary: risk assessment procedure before trading, scenario analysis before trading, and real-time data update after relevant trading.
  3. Establishment of Database and Integrity of Data
    1. Establishment of Database (Data Warehouse)
    2. An FCM shall take into account the data structure, data details, and the address where the data are stored when establishing a database.
      Description:
      1. The format and frequency for the transmission of risk information shall be taken into account for the database infrastructure, and data redundancy shall be reduced in order to improve efficiency.
      2. Data can be classified into two classes: dynamic data and static data
      3. Dynamic data refer to the data that are related to the trading and must be updated on a regular basis, including:
      (1) Trading data: including the details of trading information, such as counter-party, type of product, trading date, trading amount, amount cash flow, currency and exchange rate.
      (2) Trading position and price
      4. Static data refer to relevant data that are not updated frequently, such as the type of product (product code), customer data, risk limits, and risk models.
      5. The following factors shall be considered for the efficiency of the database:
      (1) The level of detail of the data storage.
      (2) The level of complexity of the analysis method.
      (3) The efficiency and capacity of database system
    3. Integrity and Ownership of the Data
    4. An FCM shall ensure the integrity and accuracy of the risk information through testing and confirming procedures, and clearly specify the ownership and the maintaining responsibility of relevant data.
      Description:
      1. The integrity of the data can be confirmed through user terminal system and the central management system.
      2. User terminal system: it must ensure the accuracy and integrity of the sources of the risk information, and then carry out automatic checking during information updates.
      3. Central management system: it shall ensure that the risk information is integrated and established based on consistency, especially in that the business unit’s information on profit and loss must be consistent with that of the accounting department.
      4. In order to confirm the accuracy of thedata used in the risk management procedure, a dedicated unit must be assigned to be responsible for data maintenance and updates.
  4. Establishment of Technical Structure and System Security
    1. Information Technology Compatibility
    2. When an FCM establishes a technical structure for risk management information system, it shall confirm the compatibility between the system and the FCM’s original information platform. It is advisable that the structure include the hardware platform, operation system, database management system and commutation infrastructure.
      Description:
      1. Technical structure for risk management information system shall preferably include:
      (1) Hardware platform: it shall take into account the FCMs' existing platform, and the linking efficiency between the platforms.
      (2) Operation system: the main consideration is the demand for an open environment and the setting up of a multi-tasking design in order to maximize the efficiency.
      (3) Communication infrastructure: it shall take into account the requirements for network connections for data transfer between different departments. It should also at the same time take into account the middleware for data transfer between applications.
      (4) Database management system: it shall be decided whether to adopt relational database or object-oriented database based on the FCM’s technical level and the complexity of the database.
      (5) Risk control software: the development or purchase of risk control software shall meet the requirements of risk management.
      (6) Graphical user interface: it strives for a more human-friendly interface
      2. In the design of the technical structure for the risk management information system, the complexity shall meet its own requirements, and the future technical developing trend, outsourcing needs, and the future expandability of new products and new businesses shall be taken into account.
    3. System and Model Security
    4. To ensure integrality and confidentiality of an FCM's information, system, and model, the technical structure for risk management established by the FCM shall provide for the required level of security.
      Description:
      1. Security shall cover: access rights, user control, network security and model security.
      2. The control over the preservation and management of documents related to risk management information system during the development period and use period must be enhanced.
    5. System Backup, Restoration, and Emergency Response Measures
    6. The technical structure of risk management established by an FCM shall provide for the procedures for appropriate data backup and restoration to ensure normal operations to an acceptable extent during failure of hardware or software or communication equipments; an emergency response solution shall be established for the handling of emergency events.
      Description:
      The main scope includes: remote disaster recovery, disaster recovery, error tolerance, backup, and emergency solution.
    7. Experts for Risk Management Information
    8. In order to facilitate the normal operations of risk management information system, it is advisable that an FCM employ full-time information personnel for the development and maintenance of the risk management information system.
    9. Development of Information Technology
    10. An FCM shall pay attention to the functionality, expandability, and executability of its risk management information system, whether self-developed or purchased via outsource, to the extent that the system is manageable.
      Description:
      The FCM shall take into account the integrity, and level of openness of the system functions, and the professionalism and supporting capacity of the supplier or system operator when it makes a decision on the selection of a purchased system.
    Risk Management Information System

    Figure 3: Structure Chart of the Risk Management Information System
  1. General Principles
    1. Structure of the Risk Management Information System
    2. It is advisable that an FCM establish a risk management information system. The structure of the risk management information system includes three important dimensions - application, data, and technology.
      Description:
      1. The application structure provides the FCM with functions related to the risk management information system as required
      2. The data structure defines the data and access interface required by the application system, for which the establishment of database and the integrity of the data shall be taken into account.
      3. The technical structure defines the software and hardware environment where the system operates. The system security shall be ensured during the establishment of the information system.
  2. Functions of the Risk Management Information System
    1. Definition of the Functions in the Risk Management Information System
    2. It is necessary to take into account the possible demands of each level in the FCM for risk management functions for the time being and in the future for the design of the application structure for the FCM’s risk management information system.
      Description:
      1. The functions of the application structure should preferably include: market and credit risks management, capital allocation, assets and liabilities management, performance assessment, and relevant management reports.
      2. Users shall participate in the function design and system testing for the risk management information system, to ensure that the requirements for the risk management are met.
      3. In addition to the definition of system functions, it is also necessary to confirm the feasibility of the solutions to the problems as adopted by the risk management information system during establishment of the system.
    3. Function Distribution
    4. The risk management information system adopted by an FCM shall, based on the internal control levels, clearly govern and allocate the types and levels for the centralized risk control, and the decentralized risk control in individual business units.
      Description:
      1. It is advisable that the risk management information system match with the FCM’s organizational structure and control method for risk control management.
      2. Risk management information system shall adopt a centralized information management method (distributed from the central level) to ensure the consistency of the calculation methods, models and data adopted by and between departments and products
      3. If the FCM adopts a decentralized risk management information system structure, it shall pay attention to the consistency of analysis methods and market data adopted by and between different units.
      4. The selection of a centralized or decentralized risk management information system depends on the FCM's requirements for the functions of the risk management information system, requirements for the degree of control, and the feasibility of the centralized system.
    5. Information Transfer Frequency
    6. It is advisable that an FCM take into account the frequency, the counter-parties, and format of the disclosed risk reports when establishing a risk management information system structure.
      Description:
      1. The final goal of the risk management information system is to generate real-time information, but the actual frequency with which the information is generated shall be subject to the user's requirement; there shall be different information content and report formats for different users.
      2. Information can be presented in the form of sheets or online inquiry, and the format for online inquiry can be determined by the users.
      3
7     Risk Information Disclosure
  1. An FCM shall disclose not only the relevant information pursuant to the regulations of the competent authority, but also the information related to risk management.
  2. It is advisable that an FCM disclose information related to its risk management on annual reports, financial statements, and the FCMs' website or other locations.
    Description:
    1. Disclosure of risk information shall include:
    (1) Risk management policy.
    (2) The model adopted for risk management.
    (3) Past risk assessment, and actual profit and loss.
    (4) Adjusted net capital and capital management policy.
    (5) Relevant information disclosed as required by the competent authority.
    (6) Other relevant information favorable to the operations of risk management mechanism.
    2. It is advisable that the disclosure of risk management information include qualitative and quantitative information.
8     Supplementary provisions
  1. An FCM shall pay attention at all times to the development of risk management systems both in Taiwan and abroad, and review accordingly and improve the FCM’s risk management system, so as to increase the efficacy of the FCM’s risk management
  2. Personnel Training
    In order to carry out the implementation of the FCM’s risk management system, the FCM shall design a complete personnel training system based on its own individual conditions, so as to accomplish every goal as set up in the FCM’s risk management policy.