Risk Management - EVA Air - Flying Toward Sustainability

Home Management & Governance Risk Management

Risk Management

Enterprise Risk Management

In order to improve and implement the risk and opportunity management mechanism, the Company has established the Risk Management Policy and Procedures to carry out risk management aimed at uncertain factors that may threaten the Company's operations, improve the efficiency in division of labor in risk management, and ensure the achievement of the Company's operational goals.

Risk Management Framework

The Board of Directors is the highest supervisory body for EVA Air’s risk management, with responsibility for approving risk management policies. Under the Board of Directors, the Sustainability Committee reviews risk management policies and oversees their implementation, and reports on overall performance to the Board of Directors annually. The Corporate Sustainability Committee is responsible for carrying out risk management-related tasks and oversees all departments’ implementation of risk management policies and controls at quarterly meetings; it reports on overall implementation performance to the Sustainability Committee annually. To ensure compliance and effectiveness of our risk management processes, EVA Air conducts annual internal control self-assessment audits, and conducts external audits every two years by a third-party verification body. Our most recent external audit for risk management process compliance and operating performance was completed by Bureau Veritas Certification (BVC) on May 14, 2024.

Enterprise Risk and Opportunity Management Process

Step 1 Identification

Sub-committees of the CSC identify the risks that may be faced during business operation

Step 2 Assessment

Assess the impact, likelihood, vulnerability and speed of onset of the identified risk factors to prioritize the identified risks

Step 3 Management

Each responsible departments shall assess their risk appetite/tolerance level, propose the mitigation and response plan, and report to the CSC for regular tracking

Step 4 Disclosure and Communication

The CSC reports the Company's overall risk management results to the Sustainability Committee and Board of Directors every year, and disclose information in accordance with regulatory requirements.

EVA Air reference the ISO 31000 Risk Management, and the Risk Assessment in Practice methodology published by the Committee of Sponsoring Organizations (COSO). Based on materiality principles, we identify, assess, manage, and disclose risks related to economic (including corporate governance), environmental, social, and other key topics that may arise in our operating processes. Risk assessment involves evaluating its impact, likelihood, vulnerability, and speed of onset (magnitude) based on a quantitative scale of 1 to 5. Risk categories include strategic, operational, financial, environmental, and medium-to-long-term emerging risks. Also, considering our overall operating strategies and the business environment, the Corporate Sustainability Committee submits risk appetite level assessments for identified risks to the President for approval, after which they serve as the basis for later risk assessment and response. This ensures that overall risks remain within acceptable limits. There has been no significant change in the risk and opportunity management process for this year as compared to the previous year.

Sensitivity analysis of non-financial risks

Strategic Risk

This includes risks to EVA’s operations presented by changes in the external environment, such as the international political/ economic situation, industry development trends, market competition, branding, intellectual capital, etc.

Operational Risk

This includes risks that may create negative impacts on EVA’s operations, such as market changes, flight safety, information security, privacy protections, labor relations, legal compliance, supply chain management, and other risks that might potentially create negative operational impacts.

Financial Risk

Foreign exchange risk, investment risk, capital risk, liquidity risk, credit risk, hedging operations, etc., that may cause possible losses.

Environmental Risk

This includes risks arising from actions in response to climate change, natural disasters, and other such issues. Specific issues include greenhouse gas emissions management, carbon credit management, energy management, biodiversity, natural resources, and other such issues, as well as risks arising from requirements to comply with international and local environmental laws or environmental assessments.

Mid- and Long-term Emerging Risk

Emerging risks that may result in a certain level of impact on EVA’s management, operations, strategy, etc. over the next three to five years.

Identification of Emerging Risk

With the increasing regulatory requirements of global aviation authorities, climate change, information security, political influence, the rapid development of emerging technologies, etc., the risks faced by enterprises are accompanied by uncertainties. Furthermore, “emerging risks” are undoubtedly one of the important issues that require airlines to be cautious with the assessment, which needs further identification, analysis, and formulation of response measures in order to respond to new forms of potential risks as soon as possible as well as to reduce the impact on operations. With reference to the “The Global Risks Report” published by the World Economic Forum (WEF) at the beginning of each year, the sub-committee of Corporate Sustainability Committee (CSC) identify possible emerging risks in accordance with their business area and conduct assessment on risk factors. After integrating risk mitigating actions formulated by related departments, the CSC regularly reports the risk mitigations and recommendations to the Sustainability Committee and Board of Directors.

Step 1 Initiate emerging risk assessment procedures

Step 2 Identify emerging risks by each sub-committee

Step 3 Identify and analyze emerging risks by CSC and develop mitigating actions

Step 4 Report the status of implementation to the Sustainability Committee and Board of Directors

Emerging Risk Identification Results

01 Information Security and Misinformation / Technology The rapid development of applied technologies in modern society, such as artificial intelligence, has enhanced work efficiency and fostered innovation. However, it also led to the emergence of new forms of misinformation, such as videos, images, and misleading links, resulting in the widespread of false information. This weakens the ability of individuals or businesses to detect and prevent misinformation, posing a substantial risk to the Company's operations and corporate reputation.
Impact on Our Operations	Using emerging technologies, such as artificial intelligence, to process large volumes of data increases efficiency; however, excessive reliance or improper application may lead to suboptimal decision-making and result in significant adverse impacts. Furthermore, the increasing prevalence of misleading information in recent years could lead to additional operational risks or financial losses, particularly if employees lack adequate media literacy or do not verify the accuracy of information.
Mitigating Actions	To prevent social engineering attacks, the Company employs email security tools to proactively block potentially harmful messages. Additionally, external emails are flagged with a warning header to facilitate identification by employees. Conduct regular social engineering drills for all employees and design a variety of simulated scenarios. These exercises include post-interaction training modules to enhance employees’ ability to recognize disinformation and reinforce cybersecurity awareness. By verifying information sources in their daily tasks, employees reduce the likelihood of decision-making errors caused by misinformation. A dedicated webpage on the official website has been established to promote self-protection in online security and raise awareness of phishing among stakeholders, including customers and suppliers. In addition, anti-fraud messages have been incorporated into emails communications to remind passengers to avoid engaging with suspicious emails and to remain vigilant against online scams.

01 Information Security and Misinformation / Technology

The rapid development of applied technologies in modern society, such as artificial intelligence, has enhanced work efficiency and fostered innovation. However, it also led to the emergence of new forms of misinformation, such as videos, images, and misleading links, resulting in the widespread of false information. This weakens the ability of individuals or businesses to detect and prevent misinformation, posing a substantial risk to the Company's operations and corporate reputation.

Impact on Our Operations

Using emerging technologies, such as artificial intelligence, to process large volumes of data increases efficiency; however, excessive reliance or improper application may lead to suboptimal decision-making and result in significant adverse impacts. Furthermore, the increasing prevalence of misleading information in recent years could lead to additional operational risks or financial losses, particularly if employees lack adequate media literacy or do not verify the accuracy of information.

Mitigating Actions

To prevent social engineering attacks, the Company employs email security tools to proactively block potentially harmful messages. Additionally, external emails are flagged with a warning header to facilitate identification by employees.
Conduct regular social engineering drills for all employees and design a variety of simulated scenarios. These exercises include post-interaction training modules to enhance employees’ ability to recognize disinformation and reinforce cybersecurity awareness. By verifying information sources in their daily tasks, employees reduce the likelihood of decision-making errors caused by misinformation.
A dedicated webpage on the official website has been established to promote self-protection in online security and raise awareness of phishing among stakeholders, including customers and suppliers. In addition, anti-fraud messages have been incorporated into emails communications to remind passengers to avoid engaging with suspicious emails and to remain vigilant against online scams.

02 Geoeconomic Confrontation / Geopolitics The international political and economic landscape has been marked by growing uncertainty, increasing geoeconomic risks. The rise of trade barriers, the frequent imposition economic sanctions, and increasing restrictions on capital flows are being used by countries as instruments to contain rival powers and extend geopolitical influence. These actions have contributed to greater unpredictability into global development and further exacerbated volatility and risks in international markets.
Impact on Our Operations	Geoeconomic tensions may lead to heightened trade barriers, resulting in market contraction. Economic sanctions may affect route planning and pose risks to operational continuity. Political and economic changes may result in new policies or sanctions, affecting supply chain operations, aviation materials, fuel costs, and import-export restrictions. These changes may increase operating costs and result in uncertainties to flight operations and the Company’s long-term development.
Mitigating Actions	Consistently monitor aviation safety information from the United States Federal Aviation Administration (FAA), the European Union Aviation Safety Agency (EASA) and other relevant authorities to ensure aircraft safety. Adapt passenger capacity flexibly based on market demand fluctuations, optimize frequencies on existing routes, and continuously expand into emerging markets. Strengthen the development of the global flight network, optimize flight connections, deepen alliance cooperation, and expand network coverage to address changes in political and economic environments. For countries or regions severely impacted by geopolitical tensions (such as those under trade sanctions), actively identify alternative suppliers and establish stable, long-term partnerships to reduce dependence on a single source. Establish contingency inventory management for key raw materials and maintain sufficient stock levels to mitigate the impact of unexpected supply disruptions. Shift procurement strategies to local sourcing to reduce shipment costs and associated risks.

02 Geoeconomic Confrontation / Geopolitics

The international political and economic landscape has been marked by growing uncertainty, increasing geoeconomic risks. The rise of trade barriers, the frequent imposition economic sanctions, and increasing restrictions on capital flows are being used by countries as instruments to contain rival powers and extend geopolitical influence. These actions have contributed to greater unpredictability into global development and further exacerbated volatility and risks in international markets.

Impact on Our Operations

Geoeconomic tensions may lead to heightened trade barriers, resulting in market contraction. Economic sanctions may affect route planning and pose risks to operational continuity. Political and economic changes may result in new policies or sanctions, affecting supply chain operations, aviation materials, fuel costs, and import-export restrictions. These changes may increase operating costs and result in uncertainties to flight operations and the Company’s long-term development.

Mitigating Actions

Consistently monitor aviation safety information from the United States Federal Aviation Administration (FAA), the European Union Aviation Safety Agency (EASA) and other relevant authorities to ensure aircraft safety. Adapt passenger capacity flexibly based on market demand fluctuations, optimize frequencies on existing routes, and continuously expand into emerging markets. Strengthen the development of the global flight network, optimize flight connections, deepen alliance cooperation, and expand network coverage to address changes in political and economic environments.
For countries or regions severely impacted by geopolitical tensions (such as those under trade sanctions), actively identify alternative suppliers and establish stable, long-term partnerships to reduce dependence on a single source.
Establish contingency inventory management for key raw materials and maintain sufficient stock levels to mitigate the impact of unexpected supply disruptions. Shift procurement strategies to local sourcing to reduce shipment costs and associated risks.

Risk Education and Training

EVA Air values both “top-down” and “bottom-up” risk management approaches. Each year, external experts are invited to conduct six-hour training courses for our directors. Directors’ professional backgrounds and needs are assessed as a basis for course arrangements. In 2024, risk management education were held on Global Risks in Future & Opportunities of Sustainability Transitions. Besides, sessions were held on The Trend in Labor-Capital Relations from an ESG Perspective-The Approach for Taiwanese Enterprises; and Global Economic Trends and Industry Outlook. Additionally, to ensure all employees understand the importance of risk management, educational training courses on risk management are conducted annually. Regular reminders are also communicated to employees to deeply engrain a safety mindset for all EVA Air staff. In 2024, there were 20,971 trainees of training.

Risk Management Incentive Mechanism

EVA Air comprehensively evaluates employees’ individual performance, project implementation efficiency, and risk management capabilities in different job categories as reference criteria for awarding incentive bonuses. This system helps motivate employees to strive for excellence in risk management.