On November 13, 2020, following a resolution by the Board of Directors, the company appointed Mr. Max Cheng, Senior Director of the Financial Management Division, as the Corporate Governance Officer. To further strengthen the company's corporate governance, on July 28, 2023, the Board of Directors resolved to establish a dedicated Corporate Governance Officer role. Mr. Raymond Ho, Senior Manager, with over 20 years of experience in stock affairs, board and shareholders' meeting procedures, and other relevant areas of corporate governance, has been appointed to this position. 

The primary responsibilities of Corporate Governance Officer include overseeing all aspects of corporate governance in the following areas:

• Legally conducting and managing matters related to the Board of Directors and Shareholders' Meetings.
• Preparing minutes for the Board of Directors and Shareholders' Meetings.
• Assisting directors in their induction and ongoing professional development.
• Providing directors with the necessary information for the execution of their duties.
• Assisting directors in complying with legal requirements.
• Legal compliance review of the qualifications of independent directors.
• Handling matters related to changes in the directors.
• Overseeing and reporting on the company's risk management operations.
• Other matters as stipulated in the company's articles of association or contracts.

To strengthen our commitment to business ethics and sustainable development, and to implement integrity management policy, the company established the 'Ethical Corporate Management Best Practice Principles', 'Codes of Ethical Conduct', and 'Procedures for Ethical Management and Guidelines for Conduct' on May 11, 2023. This was done following a resolution by the Board of Directors. Additionally, we have established 'Procedures for Handling Material Inside Information' and 'Employee Codes of Ethical Conduct'. These specifically outline the guidelines and directives for employees to follow in their business conduct.

On July 18, 2023, we further bolstered ethical framework by establishing the 'Sercomm Group Whistleblowing System Management Procedures'. This provides a reporting system for any actions that may violate business ethics. We take stringent disciplinary measures against violators, including termination of employment or business relationships, as well as pursuing timely legal action.

Every November, the company conducts training courses for current managers and employees. These courses cover a range of topics, including the scope and identification process of insider trading, management and confidentiality of significant internal information, case studies, compliance with regulations, and the protection of business secrets. Furthermore, these rules are also included in the mandatory E-Learning courses on internal website, forming a foundation for daily professional conduct. New directors and managers receive an orientation manual within three months of their appointment. New employees undergo education during pre-employment training conducted by the Human Resources Department. The annual educational campaign includes course content on the confidentiality of significant information, the definition, identification process, and examples of insider trading transactions. The course presentations and video files are stored in the internal employee system and are available for reference by those who were unable to attend.

In November 2020, following approval by the Board of Directors, the company established the 'Risk Management Policy and Procedures' as the guiding principles for our approach to risk management. The company emphasize comprehensive risk control by all staff, implementing multi-layered preventive measures. This ensures accurate and timely transmission of risk information, thereby achieving effective management at the frontline.

Heads of each risk management unit or designated personnel are responsible for second-line duty management. They ensure a clear understanding and effective implementation of risk regulations, allocating resources efficiently to risk management tasks. Upon identification of risk events, appropriate response strategies and recovery plans are developed, with external expert advice sought as needed. After review and approval by the Management Committee, updates and amendments to related internal regulations are carried out. This ensures continuous improvement and control of key factors, aiming to reduce the likelihood and impact of risk occurrences.

The company identifies the scope of risk management based on the principle of materiality, encompassing strategic, operational, financial, and event-related risks.

Organizational Structure and Responsibilities:

• Board of Directors: As the highest governing body for risk management, the Board approves overall risk management policies. These policies are based on the overall operational strategy and business environment. The Board ensures the effective implementation of risk management and bears ultimate responsibility.
• Management Committee: Chaired by the President and comprising Vice Presidents of various departments and General Managers of subsidiaries, this committee is responsible for reviewing reports from risk management units. It handles the establishment, assignment, and dissolution of risk management duties and oversees the execution and coordination of overall risk management.
• Corporate Governance Officer: Reports on the execution status of group risk control to the Management Committee.
• Audit Office: Develops and implements the annual audit plan, including legally required audit items. It also reviews self-assessment reports from various units.
• Risk Management Units: These include departments within the group and cross-departmental risk management committees. They are responsible for executing risk management procedures and presenting necessary self-assessment and risk evaluation reports.

Prioritizing information security is a commitment the company makes to its customers, shareholders, and colleagues, ensuring that confidential data and customer privacy are respected. This commitment also contributes to the company’s competitive advantage. We adhere to various laws and professional ethical standards. In 2015, the company established the 'Information Security Committee' and formulated the 'ISMS Information Security Policy'. Actively adopting the 'ISO 27001 Information Security Management' international standard, we obtained certification through a third-party impartial entity. The Information Security Committee meets biannually to conduct internal audits and discussions on information security regulations, with representatives from each department promoting the information security policy to their colleagues. Additionally, the company continuously fosters the concepts of 'Respecting Intellectual Property Rights' and 'Correct Use of Legal Software' through education, training, and internal announcements.

To implement the information security policy, the company has undertaken specific actions for stakeholders and within the enterprise, detailed in the 'Cyber Security Management' chapter of the company's annual report.

• For Stakeholders: We adhere to the highest directive principles of information security management systems, ensuring the confidentiality, integrity, and availability of information assets. We continuously provide products that meet customer needs. Viewing suppliers as vital partners, we require them to sign confidentiality agreements, thereby encouraging more effective cooperation and adherence to information security management regulations.
• Internally: To ensure the confidentiality of company and customer information, including trade secrets and intellectual property rights, and to safeguard information security, thus reducing losses and operational impacts caused by human or natural disasters, the company has established related information security policies. These policies cover account password authority management, account authorization management, server room management, portable storage device management, information system security protection procedures, information backup and recovery management, confidential information control, and document classification protection in each department. These measures prevent unauthorized access to and alteration of information systems, and protect company and customer trade secrets and intellectual property from theft or leakage. The Information Services Department, in line with business needs, has established a cloud R&D platform (Virtual Desktop Infrastructure System and IMERA System) and a confidential data protection system (Virtual Encryption System). This centralizes the storage and control of R&D data, protecting company research outcomes and confidential information, and providing a secure and assured information access and exchange space for colleagues.

The company is dedicated to innovative research and development, considering intellectual property a vital asset. To ensure that the intellectual property produced during the R&D process enhances the company's competitive edge, we have implemented detailed and clear regulations and procedures for the classification and management of internal patent proposals and trade secrets. The senior management regularly reviews the implementation of the intellectual property management system to continually optimize it and align it with operational goals. Key operational aspects in recent years include:

• The total number of global patent applications made by the company has exceeded 330, with over 250 patents effectively approved. Additionally, the total number of registered trademarks obtained worldwide has surpassed 40.
• For education and training, R&D staff are required to undergo patent education and trade secret training. New colleagues also learn about the patent system and infringement prevention during their initial training.
• Continuous updates in information security management include revising and publicizing company confidential information procedures to staff, enhancing their awareness and protection of confidential information. An Information Security Committee meeting is convened every six months.
• The "Patent Reward Policy" has been established to actively apply for patents with the patent authorities of various countries. The company provides rewards for invention proposals, new patents, and design patents, continuing to accumulate intellectual assets including patents, trademarks, copyrights, and trade secrets.
• The company reports on intellectual property-related matters to the board of directors at least once a year, with reports already made in March and November of 2023.