RISK MANAGEMENT BEST-PRACTICE PRINCIPLES FOR SECURITIES FIRMS ( Amended 2004 . 10 . 12)
證券商風險管理實務守則(民國93年10月12日修正)

1. General Provisions
1.總則

1.1. These Principles are made to assist securities firms establish a sound and integrated risk management system, and to strengthen the development of the capital market. They are also intended to be used as a guide for compliance.
1.1為協助證券商建立良好之整體風險管理制度，並促進資本市場健全發展，爰制定本守則，俾供證券商參考遵循。

1.2. Securities firms often encounter uncertainties in the course of their business operations. In general, an uncertain event may be called a risk if it can produce an adverse impact that affects the achievement of the firm´s strategic business objectives.
1.2證券商業務之經營面臨許多不確定性，凡某一事件之發生可能產生負面衝擊，而影響經營策略目標之達成者，謂之風險。

1.3. Risk Management should have the priority within a securities firm when it establishes its business strategy and organizational culture. In addition, qualitative and quantitative management shall serve as a guide in the formation of business strategies.
1.3證券商應塑造重視風險管理之經營策略與組織文化，並掌握質化與量化管理之成果，作為經營策略制定之參考依據。

1.4. To manage its risks effectively, a securities firm shall establish an integrated risk management system, and everyone from top management to entry-level staff shall all participate in the promotion and enforcement of such system. With a firm-wide perspective, a series of activities are to be undertaken, including risk identification, measurement, monitoring, reporting and responding, together with qualitative and quantitative management methods, so that all risks that can arise from business operations may be controlled to within tolerable levels. This helps the firm achieve its strategic goals and plan properly.
1.4證券商為了管理風險，宜建立整體風險管理制度，由公司之董事會、各階層管理人員及員工共同參與推動執行。它是一種上下共守的程序，從公司整體的角度，透過對潛在風險之辨識、衡量、監控、回應及報告等一連串活動，以質化及量化之管理方法，將營運活動中可能面臨之各種風險，維持在所能承受之範圍內，以期能合理確保公司策略目標之達成，並有助它的規劃制訂。

1.5. When establishing its risk management system, a securities firm shall comply with all applicable laws and regulations. In order to significantly improve the depth, extent, and efficiency of risk management, securities firms are also urged to comply with these Principles wherever possible in designing their risk management system and its division of authority and functions, (including mechanisms for identifying, measuring, monitoring, responding to and reporting risk); and their system for risk management information and information disclosure.
1.5證券商建立風險管理制度，除應遵守相關法規外，其執行風險管理之組織架構與權責、風險之辨識、衡量、監控、回應、報告、風險管理資訊系統及資訊揭露宜盡可能參酌引用本守則辦理，俾積極擴大風險管理的深度、廣度與效能。

1.6. A securities firm shall pay special attention to its risk management department and authorize its personnel to perform their duties independently. This is to ensure that such risk management system may be effectively implemented on a sustainable basis, that assistance will be provided to the board of directors and management for faithful performance of their duties, and that risk management will be effectively realized.
1.6證券商應重視風險管理單位與人員，授權其獨立行使職權，以確保該風險管理制度得以持續有效實施，並協助董事會及管理階層確實履行其責任，進而落實證券商之風險管理。

2. Risk Organization
2.風險管理組織架構與職責

2.1. Organizational Structure for Risk Management
2.1風險管理組織架構

2.1.1. Securities Firm Risk Management Organization Structure
2.1.1證券商風險管理組織架構

A securities firm may establish a risk management committee ("RMC") in its board of directors. In addition, it shall designate or establish an appropriate implementation unit for risk management, so that matters in connection with risk management can be effectively planned, monitored and implemented.
證券商得在董事會成員中組成風險管理委員會，並應指定或設置適當風險管理執行單位，俾有效規劃、監督與執行證券商之風險管理事務。

Description:
守則說明：

1. There is no universal system for the design of a risk management organization structure ("RMOS"). The main factors to be considered when establishing an RMOS include the type of each organization, the corporate culture, and the composition of risks.
1.風險管理組織架構之設計，並無放諸四海皆準的體系，宜考量個別組織型態、企業文化及所承擔風險主要內涵之差異等因素；

However, the independence of the unit or the personnel implementing risk management is always important for successful risk management.
但執行風險管理之單位或個人應保持獨立性，則為影響風險管理成效的重要共同原則。

2. Responsibility for risk management does not lie exclusively with the risk management unit. Effective risk management requires the cooperation of all related departments within a company, including human resources, legal affairs, information technology, internal control, auditing, and planning.
2.風險管理非僅風險管理單位之職責，公司內其他相關單位，諸如人力、法務、資訊、內控、稽核、規劃等亦有其相應需配合之事項，否則難以落實整體業務之風險管理。

3. The success of risk management depends on a joint promotion and implementation effort from every part of the company. Therefore, it is extremely important to have effective communication and coordination between the board of directors, the risk management implementation unit, and related departments.
3.風險管理之成功有賴全公司上下之共同推動執行，因此董事會與風險管理執行單位以及相關單位間之溝通、協調與聯繫便極為重要。

Moreover, the business operations of a company affect the interests of various parties within and outside the company. Given different points of view, risk perception and risk tolerance will naturally differ.
除此之外，公司的營運亦攸關各種內、外部人之利益，由於立場不同，自然對風險的觀察與接受度各異

To obtain broad positive support, then, it is important to emphasize both internal and external communication.
因此為能得到正面支持，與內、外部人之溝通亦需重視。

4. Successful implementation of risk management relies upon a clear authority structure and well-planned reporting process. Without them, risk management information cannot be effectively aggregated, analyzed and communicated. The corporation´s business strategies and risk management policies cannot be appropriately adjusted in response to changes in its subjective and objective environments without them.
4.風險管理之執行有賴明確之權責架構設計、及監督呈報流程之規劃，否則相關風險管理資訊難以作有效之彙總、傳遞與研判，公司的營運策略及風險管理政策也無法因應主客觀環境之變化，進行適當之調整。

2.2. Risk Management Function
2.2風險管理職責

2.2.1. The Role of the Board of Directors
2.2.1董事會的角色

To ensure effective risk management, the board of directors, as the unit ultimately responsible for risk management, shall recognize the risks confronted by a securities firm in the course of its business operation (such as market risk, credit risk, liquidity risk, operational risk, legal risk, reputation risk, and other risks in connection with its business operation).
董事會應認知證券商營運所面臨之風險(如市場風險、信用風險、流動性風險、作業風險、法律風險、聲譽風險及其他與證券商營運有關之風險等)，確保風險管理之有效性，並負風險管理最終責任。

Description:
守則說明：

1. The board of directors shall be held ultimately responsible for financial loss or decrease of shareholders´ equity value, thus it shall establish an appropriate risk management system, operating procedures, and a risk management culture, as well as allocate the resources necessary to implement its risk management system.
1.董事會應對證券商財務損失或股東權益價值之減少負有最終之責任，因此董事會必須建立適當的風險管理體系，作業流程及全公司的風險管理文化，並配置必要之資源以利執行運作。

2. The board of directors shall pay attention not only to the risks borne by each department, but also to the aggregate risks to the company as a whole.
2.董事會對於風險之管理，並非僅止於注意個別單位所承擔之風險，更應從公司整體角度考量各種風險彙總後所產生之效果。

At the same time, the statutory capital adequacy requirements prescribed by the supervisory authority, as well as other regulations that may affect the allocation of capital, shall all be taken into consideration.
同時亦應考量主管機關所定法定資本適足之需求，以及各種影響資本配置之財務、業務相關規定。

2.2.2. Role of the Risk Management Committee
2.2.2風險管理委員會的功能

A securities firm may organize a risk management committee within the board of directors to assist the board of directors with its planning and supervising; if no risk management committee is organized, the board of directors shall take charge of these functions.
為協助董事會規劃與監督相關風險管理事務，證券商得在董事會成員中組成風險管理委員會，如未組成風險管理委員會，則由董事會直接負責相關事務。

Description:
守則說明：

1. A Risk Management Committee may be organized within the board of directors to ensure effective monitoring of daily risk management when it considers the professionalism, regularity, and timeliness required in risk management and the committee should report to the Board of Directors on a regular basis.
1.鑒於風險管理之專業性、常態性及時效性，得於董事會成員中組成專責之風險管理委員會，方能有效進行日常風險管理事務之監督。但該委員會仍應定期向董事會提出報告。

2. The Committee should propose risk management policies and establish qualitative and quantitative management standards when facilitate the monitoring of daily risk management. It should also make timely reports on the implementation of risk management to the board, along with recommendations for improvement.
2.為利日常風險管理事務之監督，該委員會應擬定風險管理政策，並建立質化與量化之管理標準，同時應適時的向董事會反應風險管理執行之情形，提出必要之改善建議。

2.2.3. Role of the Risk Management Implementation Unit (RMIU)
2.2.3風險管理執行單位的功能

The RMIU shall be responsible for the monitoring, measurement and evaluation of routine risks confronted by the firm. It shall exercise its authority independently of the firm´s departments and trading activities.
風險管理執行單位主要負責公司日常風險之監控、衡量及評估等執行層面之事務，其應獨立於業務單位及交易活動之外行使職權。

In terms of organizational structure, the RMIU may report directly to the board of directors.
組織架構上可設計為直接向董事會負責。

Description:
守則說明：

1. Subject to the types of business conducted by the securities firm, the duties of the RMIU shall be to:
1.風險管理執行單位應依證券商經營業務種類執行以下職權：

(1) Help propose risk management policies;
(1)協助擬定證券商風險管理政策。

(2) Help propose risk limits for each department and the method of allocation;
(2)協助擬定證券商各部門之風險限額及分派方式。

(3) Ensure the implementation of risk management policies approved by the board of directors;
(3)確保董事會所核可風險管理政策之執行。

(4) Submit timely and complete risk management reports;
(4)適時且完整地提出風險管理相關報告。

(5) Make sure that business units understand the content of transactions prior to undertaking them, and continue monitoring positions held after transaction are completed;
(5)在業務單位進行各種交易前，該單位應對相關交易內涵先行瞭解，並對已完成交易之持有部位持續監視。

(6) Improve as much as possible the skills used to measure the quantifiable risks of financial instruments;
(6)對於風險可量化的金融商品，應盡可能地提昇風險管理衡量技術。

(7) Understand risk limits and their usage in each business unit;
(7)確實瞭解各業務單位之風險限額及使用狀況。

(8) Evaluate risk exposure and risk concentration.
(8)評估證券商之風險曝露及風險集中程度。

(9) Develop and implement stress tests and back-testing procedures;
(9)壓力測試與回溯測試方法之開發與執行。

(10) Inspect the difference between the actual loss of the investment portfolio and loss forecasted by RMIU;
(10)檢驗投資組合的實際損益與風險管理執行單位預測之差異程度。

(11) Review the pricing model and evaluation system for financial instruments used by business units; and
(11)檢核業務單位使用之金融商品定價模型與評價系統。

(12) Deal with other matters in connection with risk management.
(12)其他風險管理相關事項。

2. The RMIU shall have proper authority to deal with matters in connection with risk limit violations made by other departments, and shall have proper authority to require that positions held by other departments be kept under given limits.
2.風險管理執行單位應獲有適當的授權處理其他單位違反風險限額時之事宜，且應有適當之權限要求業務單位的部位維持在給定的限額之內。

2.2.4. Role of the Head of the RMIU
2.2.4風險管理執行單位主管的角色

The appointment and removal of the head of the RMIU shall be subject to the approval of the board of directors. The head of the RMIU shall be responsible for measuring, monitoring, and evaluating the risk status of the securities firm on a daily basis:
風險管理執行單位主管之任免應經應董事會通過，並負責衡量、監控與評估證券商日常之風險狀況。

Description:
守則說明：

1. The primary duties of the head of the RMIU are as follows:
1.風險管理執行單位主管主要權責如下:

(1) To monitor and apprehend the implementation status of risk management policies;
(1)確實監督暨掌握證券商之風險管理政策之執行狀況。

(2) To establish an integrated structure for measuring, monitoring, and evaluating quantifiable financial risks;
(2)建立證券商衡量、監控及評估可量化財務風險之整體架構。

(3) To lead the implementation of measuring, monitoring, and evaluating risks;
(3)負責領導證券商之風險衡量、監控與評估作業之執行。

(4) To monitor the risk limits of business units, and urge that corrective measures be taken whenever any violation is discovered;
(4)監控業務單位之風險限額，於發現業務單位之風險承擔有違反限額之情事時，應督促採取相關改正措施。

(5) To proceed with risk adjusted performance measurement (RAPM) or provide risk information required by RAPM;
(5)進行業務單位風險調整後之績效衡量或提供進行風險調整後績效衡量所需之風險性資訊。

(6) To undertake evaluation and back-testing of the effectiveness of the model to ensure the accuracy of evaluation results;
(6)採行適當的方法進行模型有效性之評估與回溯測試，以確保各項估計結果之正確。

(7) To ensure that risk management skills being updated in a timely fashion; and
(7)確保風險管理技術能與時俱進。

(8) To deal with other matters concerning risk management.
(8)其他風險管理相關事項。

2. In addition to the foregoing matters, as for unquantifiable risks, the head of the RMIU shall also assist the board of directors to assign an appropriate unit(s) to proceed with joint management of such risks, including emergency response planning.
2.除上述事項外，對於不可量化之風險，該主管亦應協助董事會將該等風險責成適當之單位共同進行管理，其中包括緊急應變計劃之訂定等。

2.2.5. Roles of Business Units
2.2.5業務單位風險管理人員的角色

In order to effectively link the RMIU with the firm´s business units, securities firms may place risk management personnel within each of its business units where they shall maintain effective, independent communication between the RMIU and the said business units on risk management and implementation matters.
為了有效聯結風險管理執行單位與各業務單位間，風險管理資訊之傳遞與風險管理事項之執行，證券商得於各業務單位中設置風險管理人員，俾有效且獨立地執行各業務單位之風險管理作業。

Description:
守則說明：

1. Whether or not risk management personnel in business units is placed shall depend on each department´s type of organization, scale and importance, as well as on its complexity.
1.此等人員之設置與否，應視公司組織型態、規模大小及不同業務單位之重要性或其複雜度而定。

2. Major duties of risk management personnel are as follows:
2.風險管理人員主要職責如下：

(1) To report the risk exposure of the business units in a prescribed and systematic way, in compliance with the risk management reporting process;
(1)以固定且制式化之方式，依照風險管理報告呈報程序報告業務單位風險暴露狀況。

(2) To ensure the timely and correct conveyance of risk information;
(2)確保以及時且正確的方式，進行風險資訊之傳遞。

(3) To ensure the effective execution of rules on risk limits within business departments;
(3)確保業務單位內風險限額規定之有效執行。

(4) To monitor the status of risk exposure and report on instances where limits are exceeded, including corrective measures adopted by the business unit in question;
(4)監控風險暴露之狀況並進行超限報告，包括業務單位對超限採取之措施。

(5) To ensure that business unit risk measurement, model use, and assumptions are undertaken consistently; and
(5)確保業務單位內風險之衡量、模型之使用及假設的訂定在一致之基礎下進行。

(6) To ensure effective implementation of internal controls within business units, so as to comply with laws, regulations and risk management policies.
(6)確保業務單位內部控制程序有效執行，以符合法規規定及公司風險管理政策。

2.2.6. Role of Heads of Business Units
2.2.6業務單位主管的角色

The head of a business unit shall be responsible for daily risk management and reporting in his/her unit.
業務單位主管負責所屬單位日常風險之管理與報告。

Description:
守則說明：

1. The head of a business unit shall be responsible for all risk management matters in the unit under management. The unit shall be responsible for analyzing and monitoring financial risk (such as market risk and credit risk) of the unit under his/her supervision, and for taking corresponding measures.
1.業務單位主管總承其所屬單位的全部風險管理事宜。他負責分析及監控單位內相關的財務風險(如市場風險、信用風險)，並採取各種因應對策。

2. The head of a business unit shall supervise the conveyance of risk management information to risk management personnel or the RMIU on a daily basis.
2.業務單位主管應督導每日將相關的風險管理資訊傳遞予風險管理人員，或風險管理執行單位。

2.2.7. Establishment of Risk Limits
2.2.7風險資本限額之訂定

It is advisable for a securities firm to allocate the capital required by the company and each business unit based on the strategic objectives of its business operations, while staying within tolerable levels of risk. It is also advisable that the power to make such allocation be vested in the board of directors.
證券商宜就公司整體及各業務單位所需之資本進行配置，其配置之根據，應參照公司營運策略目標，於本身所能承受之風險程度範圍內為之。

The risk management committee (RMC) may propose the allocation, but the proposed allocation shall be subject to the approval of the board of directors.
配置權責宜歸屬於董事會，或經由風險管理委員會擬定後，報經董事會核可。

Monitoring and controlling the risk limits, is extremely important for ensuring that the business activities of the company do not exceed tolerable risk levels.
為確保公司營運活動不踰越所能承受之風險胃納，對風險資本限額之監控管理便極為重要。

Description:
守則說明：

1. A risk capital limit refers to the capital that must be allocated to respond to the maximum risk of loss that is bearable by the company as a whole, or by individual business units, for a certain period of time and degree of confidence. Together with risk bearing, risk limits are part and parcel of the company´s business activities.
1.風險資本限額係指公司整體或各業務單位於一定期間內，在一定信賴度下，最大所承受之風險損失，而相應所應配置之資本額度謂之。其與風險之承擔為公司營運活動一體之兩面。

2. The procedure for establishing risk limits involves a bottom-up collection of requirements and suggestions from each department followed by a top-down implementation of the approved limits, which shall be effectively monitored its execution through the risk management system.
2.風險資本限額之訂定，在程序上由下而上彙集各業務單位之需求及建議，然後再由上而下將所核定之限額交付各業務單位加以執行，同時透過風險管理體系有效監控其執行情形。

3. In the course of planning and calculating the risk limits that result in the allocation of capital to each business unit, both the contribution that a department can make to performance and the risks it takes shall be considered.
3.在規劃計算風險資本限額時，各業務單位所能分配到的資本，必須與其所能創造之績效，及因此可能承擔之風險一併納入考量。

During this process, the RMIU shall play an important evaluation role.
在此過程中風險管理執行單位扮演重要的評估角色。

2.2.8. Management of Risk Limits
2.2.8風險資本限額之管理

A securities firm shall have a complete procedure for the management of risk limits. The procedure shall include the calculation method, allocation method, and implementation of monitoring processes.
證券商對風險資本限額之管理應有一套完備之程序，包括其估算之方法，配置之方式，及監控作業之執行等。

Description:
守則說明：

1. The risk limits can be calculated by qualitative and quantitative methods. Quantitative methods shall be used as much as possible to express quantifiable risks where necessary. Currently, technologies are available for calculating market risk and credit risk, and useful tools for operational risk are being developed gradually.
1.風險資本限額之估算有質化及量化之方法，凡能量化者，於必要範圍內宜儘可能以量化方式表達，目前技術上較可行者除市場風險及信用風險外，作業風險也逐漸發展出可使用之工具。

2. In calculating limits, the correlation between different risks shall be taken into account.
2.在估算限額時應考量不同風險間之關聯效果。

3. The establishment and allocation of limits may reflect different perspectives or needs.
3.限額之建立或配置可從不同角度或需求層面進行。

For example, it may be done on the basis of business units, or on the basis of the type of product, length of period, the degree of concentration in a position, or differences in risk factors.
例如按業務單位是一種方式，其它如按產品種類，期間長短，部位集中度，不同風險因子等均是可行之方法。

4. After limits are established, ongoing assessment of their reasonableness is required in order to make necessary adjustments, which shall be subject to approval by the board of directors.
4.限額建立後仍必須持續評估其合理性，以為必要之調整，惟均需經董事會之核可。

2.2.9. Risk Management Policies
2.2.9風險管理政策

A securities firm shall establish risk management policies to serve as the basis of routine risk management procedures.
證券商應訂定風險管理政策，以作為公司日常執行風險管理作業之規範依據。

The content of these policies shall accurately reflect the objectives of the firm´s operational strategies, its risk preferences, and the characteristics of the risks it confronts. In addition, the policies shall be conveyed to and implemented by all departments of the firm through a prescribed process.
其內容應能確實反應公司之營運策略目標、風險偏好及所面臨風險的特性，並透過一定程序傳達予公司上下一體遵行。

The risk management policies may be proposed by the RMC, and shall be implemented after approval by the board of directors.
風險管理政策得由風險管理委員會擬定，提交董事會核可後執行。

Description:
守則說明：

1. When proposing risk management policies, the following factors shall be taken into account:
1.風險管理政策之擬定應考慮以下因素：

(1) The overall operational strategies and product categories;
(1)證券商整體營運策略與產品種類。

(2) The scale, nature, and complexity of transactions;
(2)交易的規模、性質與複雜程度。

(3) Risk tolerance;
(3)對風險的容忍程度。

(4) The quality of internal control procedures;
(4)內部控制程序的品質。

(5) The capability to monitor risks and the completeness of the risk management system and related procedures;
(5)本身對風險的監督能力及風險管理體系與程序的完整性。

(6) The degree of professionalism with respect to risk management;
(6)風險管理的專業程度。

(7) Past experience and performance;
(7)過去的經驗與績效。

(8) Compensation (or bonus) policy (where special attention has to be paid to the correlation between performance and compensation);
(8)薪酬(或紅利)政策(尤需注意薪酬與交易績效的關連性)。

(9) Tax and accounting issues;
(9)稅務與會計問題。

(10) Related laws, regulations and restrictions; and
(10)相關法規之規範與限制。

(11) Other matters concerning risk management.
(11)其他風險管理相關事項。

2. A securities firm shall review the appropriateness of risk management policy periodically, and make timely adjustments to reflect changes it the subjective and objective environment.
2.證券商應定期檢討風險管理政策之妥適性，並適時調整，以配合主客觀環境之變動。

2.2.10. Evaluation of Risk Management Effectiveness
2.2.10風險管理執行效能之評估

A securities firm shall evaluate the efficacy of its risk management implementation, including whether the expectations of the board of directors are met, whether risk management is conducted independently, whether the risk management system is faithfully implemented, whether the overall risk management infrastructure is complete, and so on.
證券商應定期與不定期對其風險管理執行效能進行評估，包括是否合乎董事會之預期、風險管理運作是否具獨立性、風險管理制度之執行是否確實及整體風險管理基礎建設是否完備等。

Description:
守則說明：

1. Evaluating risk management effectiveness:
1.有關風險管理有效性之評估：

(1) The influence and impact risks have on the business are often affected by changes in the objective environment. Thus, it is necessary to periodically evaluate risk management priorities, the choice of tools, and the cost and applicability of risk management measures.
(1)風險常因客觀環境之變動而改變其對業務之影響及衝擊程度。因此，有必要對風險管理的優先順序、成本、適用性及工具的選擇等進行定期評估。

(2) The evaluation referred to in the preceding paragraph may be performed internally by the RMIU or other appropriate unit or personnel. It is also feasible to engage professionals from external institutions.
(2)前項風險管理有效性之評估可由證券商內部風險管理執行單位或其他適當單位或人員執行；亦可聘請其他外部機構之專業人員為之。

2. Evaluation of the faithful implementation of risk management:
2.有關風險管理落實執行之評估：

(1) Whereas the faithful implementation of risk management may be independently evaluated by internal auditors, their reporting procedures must be independent of transactions, back-office operations and the risk management system. It is also feasible to rely on external auditors to perform the evaluation.
(1)可由內部稽核人員獨立進行，因此其報告程序應獨立於交易活動、後檯作業及風險管理體系之外；或亦可借助外部稽核人員，協助評估。

(2) Auditing and testing of this type shall concentrate on risk management procedures and internal controls. Upon discovering any irregularity, or when there are any significant changes in product types, model usage or internal controls, it is necessary to enhance the depth, extent and frequency of the auditing.
(2)此種稽核及測試應就風險管理程序及內部控制等方面來進行。其稽核之深度、廣度與頻率，在發現有異常狀況出現時，或公司本身產品種類、模型使用及內部控制有重大變動時均應增強之。

(3) The scope of the above-mentioned model testing must include quantitative testing and model management system operation. The internal or external personnel performing model testing must have the professional qualifications and related educational background to ensure its effectiveness.
(3)上述模型檢驗範圍須包含數量性測試與模型管理制度之運作情形。擔任模型檢驗之內部或外部人員，須具備足以執行該項工作之專業資格及相關學經歷，以確保執行成效。

3. Risk Management Process Figure 1:
3.風險管理之流程圖一：

3.1. General Principles
3.1通則

3.1.1. The risk management process for a securities firm shall include: risk identification, risk measurement, risk monitoring, risk reporting, and risk response.
3.1.1證券商的風險管理流程應包括：風險的辨識、風險的衡量、風險的監控、風險的報告與風險的回應措施。

3.1.2. The risk management indicators of a securities firm may serve as a reference for performance measurement, and also as the basis for the calculation of capital adequacy by an internal-model approach.
3.1.2證券商的風險管理指標亦可作為績效衡量的參考，並於主管機關規定下，作為內部模型資本適足率計算的依據。

3.1.3. A securities firm shall establish a risk management information system so as to smooth implementation of the risk management process.
3.1.3證券商應建立風險管理資訊系統，俾使風險管理流程執行順利。

3.2. Risk Identification
3.2風險之辨識

For the purpose of risk management, a securities firm shall first identify the risks it may face in the course of its business operation.
證券商為管理風險，首應辦識有那些風險係其營運過程中可能面臨者。

Generally speaking, risk may be affected by internal and external factors, which are called risk factors.
一般而言影響風險之發生有內外在各種因素，或稱之為風險因子；

To effectively control risk, it is advisable to adopt various feasible analytical tools and methods, and through bottom-up or top-down discussion and analysis, to aggregate past experience and predict conditions that will give rise to possible risks in the future. These shall be identified and categorized to serve as a reference for further risk measurement and monitoring.
為了有效掌握，宜採各種可行之分析工具及方法，透過由下而上或由上而下的討論研析，彙整以往經驗並預測未來可能發生風險之狀況，予以指認歸類，俾作為進一步衡量、監控管理風險之參考。

Description:
守則說明：

1. Given the special nature of the securities industry, the primary risks that the industry may face are market risk, credit risk, liquidity risk, operational risk, and other related risks.
1.鑒於證券行業之特殊性，一般而言其所可能面臨之風險主要為市場風險、信用風險、流動性風險、作業風險，以及其他有關之風險。

Accordingly, these Principles shall explain the major risks generally acknowledged by the industry, and the other risks shall be identified, analyzed and dealt with by individual securities firms.
緣此，本守則在規範上將直接就此類業界有共識之主要風險予以規範說明，餘則由個別證券商自行辨析並處理因應。

2. Market risk refers to the risk of on- or off-balance-sheet loss due to uncertain changes in the market prices of financial assets, such as changes in interest rates, foreign exchange rates, equity security prices, and commodity prices.
2.市場風險係指金融資產價值在某段期間因市場價格不確定變動，例如：利率、匯率、權益證券和商品價格變動，可能引致資產負債表內和表外項目發生虧損的風險。

3. Credit risk refers to the probability that counter-party of a transaction (including a securities issuer, counter-party of a contract, or debtor) fails to perform their duty, and the risk of loss such nonperformance would cause to the risk exposure or the financial status of the securities firm.
3.信用風險係指交易對手(包括證券發行人、契約交易相對人、或債務方)未能履行責任的可能性，且此種不履行責任的情況對證券商的風險額或財務狀況造成損失的風險。

4. Liquidity risk refers to the risk of failure to meet obligations when they come due because of inability to liquidate assets or to obtain adequate funding (referred to as "funding liquidity risk") and the risk of significant movements of market price due to inadequate market depth or market disruptions (referred to as "market liquidity risk") in the course of disposing or offsetting positions held.
4.流動性風險係指無法將資產變現或取得足夠資金，以致不能履行到期責任的風險(稱為「資金流動性風險」)，以及由於市場深度不足或失序，處理或抵銷所持部位時面臨市價顯著變動的風險(稱為「市場流動性風險」)。

5. Operational risk refers to the risk of direct or indirect loss arising from failure or mistakes in internal operations, personnel or systems, or from external events.
5.作業風險係指：由於內部作業、人員及系統之不當或失誤，或因外部事件所造成直接或間接損失之風險。

6. Other risks include legal risk, strategy risk or business risk, reputation risk and so on.
6.其他風險包括：法律風險、策略風險(strategy risk or business risk)和聲譽風險(reputationrisk)等。

7. In risk identification, attention shall be paid to the correlation between events giving rise to those risks.
7.在進行風險辨識時，亦應注意引發風險諸項事件間之關聯性。

8. The Product/Risk Matrix can be used as a standard for reference in identifying product risk factors.
8.為辨識商品風險因子，可運用商品/風險矩陣做為參考標準。

3.3. Risk Measurement
3.3風險之衡量

After the securities firm identifies the risk factors in different products, it shall establish appropriate measurement methods to serve as the basis of risk management.
證券商辨識不同商品所含之風險因子後，宜訂定適當之衡量方法，俾作為風險管理的依據。

Description:
守則說明：

1. Risk measurement includes risk analysis and evaluation. The former is to understand the influence of risks on the firm by analyzing the probability of risky events and the extent of their adverse impact.
1.風險之衡量包括風險之分析與評估。前者係透過對風險事件發生之可能性及一旦發生時，其負面衝擊程度之分析等，以瞭解風險對公司之影響。

In the latter, the influence of risks is compared to the threshold set in advance, so that it may serve as a reference in setting priorities for risk control and selecting response measures.
後者則係將此種影響與事先設定之門檻標準加以比對，俾作為後續擬訂風險控管之優先順序及回應措施選擇之參考依據。

2. Measurement for securities firm risk management shall be by quantitative or other feasible qualitative approaches according to the different types of risk involved.
2.證券商之風險管理，應按不同類型之風險訂定量化或其他可行之質化方法予以衡量

3. In terms of risk management structure, rigorous statistical analysis and related techniques may be applied to analyze quantifiable risks such as market risk and credit risk.
3.證券商之風險管理架構對於可量化的風險，包括：市場風險與信用風險等，可採較嚴謹的統計分析與技術進行分析管理。

For other risks that are harder to quantify, appropriate risk response measures shall be adopted to achieve the objectives of risk management.
而對其他目前較難量化的風險，亦應採取能適當反應風險之措施，以求達成風險管理之目的。

4. Securities firms are advisable to adopt a progressive approach towards risk management quantification. For example, in the first phase, one may seek quantitative management of market risk, followed by the quantitative management of credit risk, liquidity risk, operational risk and other risks.
4.證券商風險管理量化過程宜採漸進方式進行，例如：先追求市場風險之量化管理，其後為信用風險、流動性風險、作業風險與其他風險之量化管理。

5. Qualitative risk measurement is the expression of the probability and influence of risks through written description. It may be applied in the following situations:
5.風險質化之衡量係指透過文字的描述，以表達風險發生的可能性及其影響程度，其適用之情況如下：

(1) Where it is used for preliminary screening and as preparatory work for more precise risk measurement;
(1)初步篩選之用，以為後續更精確衡量風險之前置作業。

(2) Where quantitative analysis is too resource-consuming to be cost-effective; and
(2)量化分析過於耗費資源，不符成本效益時。

(3) Where relevant data and quantitative methods are not adequate for appropriate quantitative analysis.
(3)相關之數據及數量方法，尚不足以進行適當之量化分析。

6. In qualitative analysis, one may also adopt semi-quantitative analytical methods that use appropriate numbers to express the relative weights or degrees. However, users shall bear in mind that, because this method cannot accurately reflect actual relative differences between types of risks, nor effectively differentiate between their particular natures, it might pose a risk of producing misled judgments.
6.進行質化分析時亦可兼採以適切之數值以表示相對之程度或權重之半量化分析方式，惟使用時應注意其並無法精確反映實際之相對性，及有效區分不同類型風險間之特殊性，因此可能產生誤導判斷之風險。

3.4. Risk Monitoring
3.4風險之監控

A securities firm shall establish a complete set of monitoring procedures to monitor and appropriately report risk limits usage and over-limit circumstances, the aim being to facilitate the adoption of response measures, as well as understand and evaluate implementation after such measures are taken.
證券商為監控各種風險限額使用情形，及其超限之狀況並作適當之呈報，以利回應措施之採行，及措施採行後其執行情形之瞭解與評估等，應訂定一套完整之監控作業流程。

This procedure shall be undertaken continuously as part of routine operational activities, (and) or off-line observation and understanding shall be made ex post facto. All deficiencies found in the monitoring process shall be reported to supervisor in accordance with rules.
此種作業宜於例行營運活動中持續進行，或(並)於事後作離線之觀察與了解。監控作業中所發現之缺失均應依規定上報。

Description:
守則說明：

1. Compared to ex post observation and understanding, ongoing risk monitoring as part of business operations helps a securities firm apprehend risks and take responsive actions in a more timely fashion.
1.在營運活動中持續監控風險，在時效上往往較事後之觀察了解，更有助於證券商即時掌握風險並為因應。

2. Deficiencies found in risk monitoring shall be reported to immediate supervisor through the normal channels. In addition, for serious deficiencies, a special expedited reporting procedure may be established.
2.風險監控中發現之缺失除應循正常管道，依規定上報外，嚴重者可訂定特殊報告程序以求時效。

3. Ex post, off-line monitoring, with the involvement of the RMIU, may be conducted by business units through self-inspection. The depth, extent or frequency of the monitoring shall be according to the importance of risks, the impact of response measures and the content of the control methods adopted by the company to manage risk.
3.事後之離線監控，除了風險管理執行單位之參與外，亦可採業務單位自行檢查之方式進行，至於其深度廣度或頻率，應考量風險的重要性、回應措施的影響程度及公司於風險管理所採控制方法之內涵等決定之。

3.5. Risk Reporting
3.5風險之報告

A securities firm shall faithfully prepare transaction reports and risk management reports, submit them to the appropriate management level, and file periodically with the supervisory authority in accordance with regulations.
證券商應確實編製各種交易報告書與風險管理報告書，呈報給適當的管理階層，並應依規定定期向主管機關申報。

Description:
守則說明：

1. The preparation of written reports is extremely important in order to fully record assumptions, methods, information sources and implementation results at each phase of the risk management process, thus serving as reference for management.
1.為充分紀錄風險管理程序中每一階段所依循之假設、方法、資訊來源及其執行結果，以供管理參考，書面報告之編製便極為重要。

Each report shall be designed and prepared in consideration of the following functional requirements:
各種報告得參考下述功能之需要予以設計、編製：

(1) To indicate whether the management process is properly implemented;
(1)顯示管理程序有無適當地執行。

(2) To indicate whether systematic methods are applied to undertake risk identification and analysis;
(2)顯示有無以系統性之方式進行風險辨識、分析。

(3) To record the status of risks and develop such records into a knowledge base for business management;
(3)紀錄風險之狀況並發展成為公司管理的知識庫。

(4) To serve as a reference for decision making and the approval of risk management measures;
(4)做為風險管理決策擬訂及核准各項措施之參考依據。

(5) To serve as a reference for determining accountability;
(5)做為責任歸屬認定之參考依據。

(6) To facilitate the execution of risk monitoring and evaluation work; and
(6)便利風險監控及評估作業之執行。

(7) To share and communicate risk management information.
(7)進行風險管理資訊之分享及溝通。

2. The head of each business unit shall ensure the accuracy and validity of the transaction reports prepared by it.
2.每一業務單位主管應確保其所編製的交易報告書之正確性與有效性。

All transactions must be properly recorded in line with the regulations made by the company and the supervisory authority, and shall be submitted accordingly.
所有交易須依公司本身及主管機關之規範進行適當記錄，並按規定呈報。

3. The RMIU shall periodically prepare risk management reports and submit them to the relevant management level.
3.風險管理執行單位應定期編製風險管理報告書，呈報相關管理階層。

4. Before undertaking transactions in a new product, the nature of such transactions shall be taken into account to devise a transaction report in an appropriate format for future submission.
4.新商品交易前應考量其特性，擬訂適當格式之交易報告書及風險管理報告書，以供未來呈報之用。

5. Management shall pay special attention to the relevant information contained in derivatives reports.
5.管理階層對衍生性商品之報告應特別重視其相關資訊內涵。

3.6. Risk Response
3.6風險之回應

After evaluating and summarizing its risks, a securities firm shall adopt appropriate response measures for the risks it confronts.
證券商於評估及彙總風險後，對於所面臨之風險宜採取適當之回應措施。

Description:
守則說明：

1. The steps required for selection and implementation of risk response measures are:
1.風險回應措施之選擇與執行應有之步驟：

(1) Identification of available responsive measures (as shown in section 2 of this paragraph);
(1)辨認可選擇之回應方式(如本段2所示之方式)。

(2) Evaluation of the pros and cons of each response measure (including cost-benefit analysis, budget implementation analysis);
(2)評估各種風險回應方式之利弊得失(包括成本效益分析，預算執行分析等)。

(3) Formulation of a response plan (including accountability for the plan´s execution, its progress, predicted results, financial resource planning and review, and evaluation procedures); and
(3)擬訂回應計畫(包括計畫執行之責任歸屬、進度、成效預估、財源規劃及複核、評估程序等)。

(4) Implementation of the response plan. (After implementation is completed, shall there be any unexpected residual risks, the relevant procedures shall be repeated again until the risk is within an acceptable extent.)
(4)執行回應計畫(計畫執行完成如仍有非預期內之風險殘留，則相關程序應再重複進行，直到將風險控制在可接受範圍內為止)。

2. The available measures for risk response are as follows:
2.風險回應可採行之措施有下列方式：

(1) Risk avoidance: adopting measures to avoid any activities which may cause risks;
(1)風險迴避：採取措施迴避可能引起風險之各種活動。

(2) Risk reduction: adopting measures to reduce the impact of risks and/or the likelihood of their occurrence;
(2)風險降低：採取措施以降低風險發生後之衝擊及(或)其發生之可能性。

(3) Risk sharing: transferring all or part of the risk to others; and
(3)風險分攤：採取移轉之方式，將風險之一部或全部由他人承擔。

(4) Risk taking: taking no measures to change the probability and impact of risks.
(4)風險承擔：不採取任何措施改變風險發生之可能性及其衝擊。

3. When considering the response to risk, discretion shall be exercised when taking into account the extreme circumstance wherein the likelihood of occurrence is low, yet the occurrence may affect the survival of the company, and completely eliminating such a risk seems not to be cost-effective in terms of directly perceived economic benefits.
3.在斟酌如何回應風險時，必須對發生機率不高，但一旦發生後可能影響公司存續，但從直觀之經濟效益而言，若要充分降低此類風險，似又不符成本的極端情況予以審慎考量。

4. Risk Management Mechanism
4.各類風險之管理機制

4.1. Market Risk
4.1市場風險

4.1.1. Market Risk Management Principles
4.1.1市場風險管理原則

The company shall establish an appropriate management system for market risk and shall implement such system faithfully.
公司對於所有業務之市場風險，應訂定適當之市場風險管理制度，並落實執行。

Description:
守則說明：

1. The market risk management system shall include at least:
1.市場風險管理制度至少應包括：

(1) An authorization structure, line of reporting and job content in connection with market risk management at various levels;
(1)與市場風險管理有關之各個層級之授權架構及呈報流程與作業內容。

(2) The acceptable scope of transactions;
(2)可容許之交易範圍。

(3) Market risk measurement methods (including qualitative and quantitative methods);
(3)市場風險衡量方法(包括質化與量化之方法)。

(4) Establishment of appropriate limits on market risks, an approval hierarchy, and methods for handling risks that are over-limit; and
(4)訂定適當之市場風險限額及其核定層級與超限處理方式。

(5) Procedures for the verification, adjustment, and resolution of irregular and problematic transactions;
(5)問題交易與非正常交易之查證、調整與解決處理程序。

4.1.2. Market Risk Measurement
4.1.2市場風險之量化衡量

A securities firm shall measure the market risk of all business units.
證券商應衡量所有業務單位的市場風險。

To measure market risk, it is advisable to establish a feasible risk quantification model to calculate the market risk of all business units on a daily basis, and to compare the results with market risk limits.
對於市場風險之衡量，宜建立可行之風險量化模型，以每日計算所有業務單位之市場風險，並比較市場風險限額。

Description:
守則說明：

1. A market risk quantification model may include:
1.市場風險量化模型可包括：

(1) Statistics-based measurement methods;
(1)統計基礎衡量法。

(2) Sensitivity measures;
(2)敏感性分析。

(3) Stress testing; and
(3)壓力測試。

(4) Other feasible risk quantification models.
(4)其他可行之風險量化模型。

2. The measurement methods shall be accurate and rigorous, and the consistency of method adopting must be ensured.
2.衡量方法應正確且嚴謹，並應確保使用方法的一致性。

3. Risk exposure shall be measured at least once a day.
3.至少每日衡量風險暴露程度。

4. Business units and the RMIU shall measure market risk on a daily basis, and shall compare and monitor the approved market risk limits.
4.業務單位與風險管理執行單位應每日衡量市場風險，並與核准之市場風險限額比較與監控。

4.1.3. Statistics-based Measurement
4.1.3統計基礎衡量法

Statistics-based methods is advisable to be adopted to measure the security firm´s overall market risk, so that such information can be provided to senior managers to support their decision-making.
證券商整體之市場風險宜採統計方法衡量，以提供高階管理者決策參考。

Description:
守則說明：

1. It is advisable that statistics-based measurement be adopted to measure the market risk from unexpected losses to the firm as a whole, to business units, or individual products, so that the departments concerned will have an understanding of overall risks.
1.對於證券商整體、部門或個別商品之未預期損失的市場風險衡量，宜採統計基礎衡量法，以提供相關部門對風險之整體性的瞭解。

2. It is generally advisable to adopt the Value-at-Risk (VaR) model for statistics-based measurement of market risk.
2.市場風險統計基礎衡量法，一般建議採用風險值衡量法。

3. A securities firm shall have an in-depth understanding of the VaR model´s assumptions and limitations.
3.證券商應對風險值模型的假設與限制有深入了解。

4.1.4. Sensitivity Analysis
4.1.4敏感性分析

A securities firm is advisable to measure the sensitivity of the (market) positions held by the firm to each risk factor.
證券商可衡量持有部位對個別風險因子的敏感度。

Description:
守則說明:

1. It is advisable to adopt sensitivity measures to measure the influence of variations in risk factors, such as interest rates or exchange rates, on the assets of the securities firm, so as to help the departments concerned understand the effect which variations in different risk factors may have on the securities firm.
1.個別風險因子之變動，例如：利率、匯率等，對證券商資產價值變動之影響，宜採敏感性分析衡量法，以提供相關部門瞭解不同風險變動對證券商之影響效果。

2. To strengthen their control over market risk, each business unit shall calculate sensitivities to specific market risk factors, such as the influence of a change in interest rates on the Price Value of a Basis Point (PVBP) and convexity.
2.各業務單位應計算特定市場風險因子的敏感度，例如：利率變動影響債券價格變動幅度(PVBP)及凸性(Convexity)等，以加強市場風險控管。

4.1.5. Model Validation
4.1.5模型驗證測試

To ensure the accuracy and credibility of the statistics-based risk measurement model, the securities firm shall proceed with model validation and continuous updating to reflect market conditions.
為確保統計基礎衡量法風險模型預測之正確與可信度，應進行模型驗證測試，並持續更新，以反應市場狀況。

Description:
守則說明：

1. If the securities firm adopts statistics-based measurement, which depends on numerous assumptions, parameters and the chosen confidence level, comparisons of estimated market risks and actual results shall be made to ensure the accuracy of statistics-based measurement. If there is a significant difference between estimated and actual results, assumptions shall be reviewed and the model shall be modified.
1.證券商若採統計基礎衡量法，由於統計基礎衡量法係根據許多假設及參數設定與信賴區間的選擇，因此應比較估計(預測)的市場風險與實際結果(真實損益)，以確保統計基礎衡量法估計的準確性。若估計與實際結果有重大差異，應重新檢視假設與修正模型。

2. Statistical methods cannot guarantee the accuracy of estimations on financial product price volatility or the accuracy of related estimations. Extra caution shall therefore be exercised when selecting related assumptions and models for analyzing investment portfolios.
2.統計方法並無法保證金融商品價格波動度或相關性預測之正確性，投資組合分析則應更謹慎選擇相關假設與模型。

3. If the securities firm adopts the VaR model to evaluate market risk, it is necessary to validate the accuracy of model estimation through back-testing or other methods.
3.證券商若採用風險值模型評估市場風險，則必須透過回溯測試(backtesting)或其他方法，進行模型估計準確性之驗證(val-idation)。

4.1.6. Stress Testing
4.1.6壓力測試

When establishing measures for responding to irregular market fluctuations, stress testing may be adopted to measure how irregular market fluctuations affect the value of an investment portfolio, and so may serve as the basis for proposing response measures.
證券商在訂定市場異常變動因應措施時，可採用壓力測試模擬，以衡量異常市場變動對投資組合價值變動的影響，作為擬具因應措施之依據。

Description:
守則說明：

1. Most risk measurement models are based on many assumptions and specific parameters, including the choice of confidence level. However, they do not provide predicted losses that fall outside the confidence level or distribution assumptions.
1.大部分的風險衡量模型乃根據許多假設與特定參數，包含對信賴區間的選擇，但並未提供落於信賴區間以外或分配假設之外的損失金額預測，因此應採用壓力測試(stresstesting)評估證券商之潛在異常損失，並進行風險控管。

2. Stress testing is not limited to the quantitative analysis of potential losses; it shall include qualitative analysis under specific conditions.
2.壓力測試不應侷限在計算潛在損益的數量分析，尚應包含在特定情況下的定性分析。

3. A securities firm shall perform stress testing on a regular basis to evaluate the potential irregular loss arising from excessive market fluctuations.
3.證券商應定期執行壓力測試，以評估因市場過度變動的潛在異常損失。

4.2. Credit Risk
4.2信用風險

4.2.1. Credit Risk Management Principles
4.2.1信用風險管理原則

A securities firm shall establish an appropriate credit management system, and shall implement such system faithfully:
證券商對於所有業務之信用風險，應訂定適當之信用管理制度，並落實執行。

Description:
守則說明：

1. Credit Risk Management System shall include at least:
1.信用風險管理制度至少應包括：

(1) The authorization structure, line of reporting and job content at various levels in connection with credit risk management;
(1)與信用風險管理有關之各個層級之授權架構及呈報流程與作業內容。

(2) Credit evaluation prior to transactions: A cautious evaluation of the credit of a counter-party shall be made prior to a transaction, and the legality of the transaction shall be confirmed;
(2)交易前之信用評估：交易前應審慎評估交易對手的信用程度，並確認交易之適法性。

(3) Creditworthiness: It is advisable to establish a Creditworthiness system, whereby various credit limits are imposed on counter-parties with different degrees of creditworthiness;
(3)信用分級管理：宜訂定信用分級管理制度，對於不同信用程度之交易對手，設定各級信用限額並分級管理之。

(4) Credit monitoring: The credit conditions of different counter-parties and their positions shall be inspected on a regular basis. In addition, regular evaluation and monitoring shall be performed on credit enhancement measures (including collateral); and
(4)交易後之信用監控：對於不同交易對手與部位應定期檢視其信用狀況，並對各種信用加強(包括擔保品)措施定期評估及監督管理。

(5) Other effective credit risk reduction measures: for example, collateral, guarantees, credit risk netting agreements, and credit derivatives.
(5)其他有效降低信用風險之措施：例如擔保品、保證、信用風險淨額抵銷協議及信用衍生性商品等。

2. To control credit risk effectively, a securities firm may adopt appropriate quantitative risk management technology.
2.為有效控管信用風險，證券商得採適當之量化風險管理技術。

4.2.2. Credit Rating Management
4.2.2信用分級管理

A securities firm shall have an appropriate credit assessment mechanism to evaluate how creditworthy its counter-parties are. Further, it shall establish different credit limits for counter-parties with different levels of creditworthiness, for a tiered management approach.
證券商應有適當之信用評估機制，負責評估交易對手的信用程度，並對不同信用程度的交易對手，訂定不同的信用限額，以分級管理之。

Description:
守則說明：

1. It is advisable that a securities firm shall establish an independent credit evaluation procedure, whereby the credit limits may be imposed on counter-party with different level of credibility.
1.證券商宜建立獨立的信用評估程序，據以評估交易對手之信用程度。

2. It is advisable that a securities firm shall establish an appropriate credit rating system, whereby the credit limits shall be imposed upon counter-party.
2.證券商宜建立適當的信用分級制度，據以對不同信用程度之交易對手設定信用限額。

3. To identify counter-parties with high probability of default, a securities firm may sift those securities with high probability of default based on the historical settlement records, external credit information provided by credit rating agency, market transaction information, and make appropriate grading according to the securities firm´s risk tolerance at the same time .
3.為辨識高風險之交易對手，證券商可依歷史違約個案特性、信用評等資訊、市場交易資訊，篩選出高受託風險的股票，並依證券商風險容忍度，作適當之分級處置。

4. RMIU shall be responsible for measuring and monitoring of credit risk.
4.風險管理執行單位應負責衡量與監控信用風險。

4.2.3. Credit Monitoring:
4.2.3交易後之信用監控

For the position after the transaction, the credit of counter-party shall be reviewed on a regular basis. In addition, credit monitoring procedure shall be made to ensure a constant control over credit risk. For each credit enhancement measure (including collateral), assessment and monitoring shall be made on a regular basis.
對於交易後之部位，應定期檢視其交易對手之信用狀況，並訂定信用監督管理程序，以持續控管信用風險對於各種信用加強(包括擔保品)措施，也須定期評估與監督管理。

Description:
守則說明：

1. Credit monitoring process shall include:
1.信用監督管理程序應包括：

(1) Credit condition of counter-party shall be inspected on a regular basis;
(1)定期檢視交易對手之信用狀況。

(2) For counter-party whose risk has been increased, it is advisable to lower credit limits, to restrict new position, and enhance the credit (such as increase of collateral.)
(2)對於風險提高之交易對手，宜採行降低信用限額、限制新增部位、或信用加強(如增提擔保品)等措施。

(3) Other measures that may improve risk monitoring and management effectively.
(3)其他有效監督管理信用風險之措施。

2. A securities firm shall establish special monitoring and approval process for the high-risk securities or the purchase or sale consigned high risk customer; in addition, tracking management process shall be established for the following projects:
2.證券商對於高風險股票或高風險客戶之受託買賣，應設定特別之監督與核決程序，並宜針對下列項目建立高風險帳戶之追蹤管理程序：

(1) Changes to the credit of the account;
(1)帳戶信用變化。

(2) Legality of the account;
(2)帳戶之適法性。

(3) Change of transaction object and profit and loss; and
(3)帳戶交易標的之變動與損益狀況。

(4) Collect and analyze important relevant information and financial changes.
(4)收集並分析重要之相關資訊與財務變化資料。

4.2.4. Credit Enhancement and Credit Risk Mitigation
4.2.4信用加強與信用風險抵減

To further control credit risk, the company shall increase, dependent upon the nature of the counter-party and goods contemplated by the transaction, the credibility of the transaction through collateral or guarantee.
為進一步有效控制信用風險，公司應依交易對手或交易商品特性，透過擔保品、保證等方式，提昇該交易的信用強度。

It is also advisable to adopt credit risk mitigation, such as entering into netting agreement with counter-party to offset their mutual credit risk.
亦可採取信用風險抵減措施，例如：與交易對手簽訂抵銷協議，互相抵銷彼此信用風險。

Description:
守則說明：

1. The company shall establish certain process to decide which transaction requires an enhancement of counter-party´s credit. Meanwhile, consistent standards shall be established to evaluate the effect arising from credit risk mitigation.
1.公司應設立一定程序，以決定何種交易需要求交易對手加強信用。同時應設立一致性的標準，以評價風險抵減措施產生之信用風險降低效果。

2. Appropriate monitoring and evaluation process shall be established on the credit condition and value of collateral, so as to fully disclose its risk;
2.應就交易對手的信用狀況及擔保品價值設定適當的監督及評價程序，以充分揭露其風險狀況。

3. To the extent authorized by law, the company shall confirm the enforceability of the netting agreement, and shall enforce such agreement in compliance with the approved process.
3.公司應在法律權限內，確認抵銷協議的可執行性，並依既有程序落實執行。

4. The influence of a securities firm arising from credit enhancement and credit risk mitigation shall be taken into account when aggregating credit risks.
4.信用加強與信用風險抵減對公司之信用風險影響效果，應於加總信用風險時考量之。

4.2.5. Credit Risk Measurement
4.2.5信用風險之量化衡量

It is advisable that a securities firm shall aggregate credit exposure, probability of default, and recovery rate of the counter-party to calculate the expected and unexpected loss and quantify credit risk.
證券商宜彙總信用暴險金額、交易對手的違約機率及回收率等資訊，以計算預期和未預期信用損失，並量化信用風險值。

Description:
守則說明：

1. The expected loss of credit risk is estimated from:
1.信用風險預期損失的估計包含以下三項：

(1) Credit exposure;
(1)信用暴險金額。

(2) The probability of default of counter-parties; and
(2)交易對手的違約機率。

(3) Recovery rate of counter-party.
(3)交易對手的違約回收率。

2. Unexpected loss for credit risk is the maximum loss evaluated by the securities itself under a certain confidence level.
2.信用風險未預期損失為證券商經自行評估，在某一可能情況下(信賴區間)之可能最大損失。

3. Estimation on expected and unexpected loss for credit risk shall take the effect of credit enhancement and the netting of credit risk exposure into account.
3.信用風險預期與未預期損失之估計應考慮該筆交易之信用加強效果，與信用風險曝險淨額抵銷效果。

4.2.6. Credit Risk Exposure
4.2.6信用風險暴額

A securities firm shall measure the position held and the credit risk exposure of counter-party, and shall compare with the risk limits of counter-party on a regular basis.
證券商應衡量持有部位商品與交易對手之信用風險暴險金額，並定期與個別交易對手的風險限額比較。

Description:
守則說明：

1. Credit exposure shall be measured, monitored on a daily basis, and shall be compared with the limit of individual counter-party.
1.信用暴險金額應每日衡量、監控，並與個別交易對手限額比較。

If the scale of the portfolio is small and the volatility of the transaction is slight, the measurement and monitoring may be made on a weekly basis.
若投資組合的規模很小且標的交易的波動性很低時，可每週衡量與監控。

2. If it is difficult to measure the credit exposure, the securities firm shall adopt other appropriate method to undertake risk control.
2.若信用暴險不易衡量時，證券商應採取其他適當之方式，進行風險控管。

3. The measurement on the credit risk exposure to each business unit shall comply with the principles of accuracy, integrity, and consistency.
3.對各業務單位信用風險暴險金額之衡量，須符合正確、嚴謹與一致性的原則。

4.2.7. Current and Potential Exposure
4.2.7當前與潛在暴險金額

The securities firm´s measurement on the amount of credit risk for the position held by it shall be made on the basis of equivalent credit risk, and shall reflect the change of market.
證券商對於持有部位信用風險暴險金額之衡量，應立基於信用約當的基礎上，並能反映市場狀況之變動。

Because different products have different method for measuring credit exposure, the securities firm shall use appropriate method to measure the amount. For example, the credit exposure for certain financial products includes the current and potential exposure.
由於不同商品各有其衡量信用風險暴險金額之方法，因此證券商應以適當方法衡量之，例如若干金融商品之信用風險暴險金額包括當前暴險金額與潛在暴險金額兩部分。

Description:
守則說明：

1. Current Exposure: The replacement cost for the subject transaction, i.e., the current market value, which represents the amount of loss to be confronted by the counter-party if it defaults, which is equivalent to closing price on every day.
1.當前暴險金額：該項交易目前的重置成本，亦即目前的市場價值，代表若交易對手今天違約所面臨的損失金額，亦約當於每日結清價。

2. Potential Exposure: The estimated value for replacement cost of the subject transaction in the future, which represents that the amount of loss to be sustained in counter-party defaults in the future.
2.潛在暴險金額：該項交易未來重置成本的估計價值，代表若交易對手在未來的交易期間內違約，所可能遭受的損失金額。

4.2.8. Probability of Default of Counter-party
4.2.8交易對手違約機率

It is advisable that the securities firm shall adopt appropriate methods to evaluate the probability of default of counter-party.
證券商宜採行適當之方法，評估交易對手之違約機率。

Description:
守則說明：

1. The probability of default of counter-party may use the relevant information by external rating institution approved by regulator or use the internal estimation.
1.交易對手違約機率可採用經主管機關核准之外部信用評估機構所發佈之相關資訊，或由證券商自行估計。

2. If securities firms estimate the probability of default of counter-party, they shall have a complete procedure and the result shall be validated to ensure the effectiveness of the model.
2.交易對手的違約機率若由證券商自行估計，則應有一完整適當之程序，其結果需經適當驗證(validation)據以瞭解模型效度。

3. To estimate the probability of default on customers in the brokerage business unit, it is advisable that the securities firm shall make the estimation in compliance with the following principles:
3.為估計經紀業務客戶違約風險，證券商宜採下列原則辦理：

(1) For the corporate account that has external credit rating, the probability of default shall be estimated according to the external rating information.
(1)有外部信用評等之法人戶，依外部評等資訊估計違約風險。

(2) If the client does not have external credit rating, including corporate account and individual account, the probability of default will be estimated according to different credit characteristics and historic default cases.
(2)無外部信用評等之客戶，包括法人戶與個人戶，則依歷史違約個案特性，概估不同信用風險特徵客戶之違約風險。

4.2.9. Recovery Rate of Counter-party
4.2.9交易對手違約回收率

It is advisable that the securities firm shall adopt appropriate methods to reasonably evaluate recovery rate of counter-party.
證券商宜採行適當之方法，合理評估交易對手之違約回收率。

Description:
守則說明：

1. Loss Given Default Rate means 1-recovery rate, and the recovery rate is the percentage of the recoverable amount (such as claimable amount or the current value of recovered principal and interest upon default) to the credit exposure amount or outstanding amount (such as amount extended or current value of the debt upon default) when there is a default.
1.違約損失率係指「1-回收率(或償還率)(RecoveryRate)」，而回收率係指某合約若發生違約之後，其所能夠收回金額(如債權收回金額、或違約後收取本息之現值)佔其信用暴險額或違約時尚未償還餘額(如授信金額、或違約時債務面值)之比率。

2. The recovery rate of counter-party shall be evaluated by the securities firm itself or provided by appropriate external institution.
2.交易對手的違約回收率應由證券商內部自行評估，或由適當之外部評估機構提供。

4.3. Liquidity Risk
4.3流動性風險

4.3.1. Liquidity Risk Management Principles
4.3.1流動性風險管理原則

The securities firm shall establish appropriate measures to control liquidity risk (including market liquidity risk and funding liquidity risk), and shall implement such measures faithfully.
證券商對於所有業務之流動性風險(包括市場流動性風險與資金流動性風險)，應訂定適當之控管辦法，並落實執行。

Description:
守則說明

1. A securities firm shall consider concentration and market trading volume of its position, so as to proceed with the quantitative management and non-quantitative management on liquidity risk.
1.證券商應考慮持有部位之集中程度，及市場成交量概況，以進行市場流動性風險量化或非量化之管理

2. The securities firm shall take into consideration on the amount and schedule of the fund required by each department; in addition, contingency plan shall be proposed to meet the needs of funding arising from irregular or urgent conditions.
2.證券商應綜合考量各部門對資金需求之金額與時程，進行資金管理；並對異常或緊急狀況導致之資金調度需求，擬定應變計畫。

4.3.2. Market Liquidity Risk Management
4.3.2市場流動性風險管理

The securities firm may enter the market liquidity risk into market risk model or evaluate and monitor such risk independently.
證券商對於市場流動性風險得納入市場風險模型或獨立予以評估與監控。

Description:
守則說明：

1. VaR model may consider the market liquidity risk, to accurately reflect the risk of settled position, and such risk may be monitored by RMIU.
1.風險值模型可考慮市場的流動性風險，以正確地反映結清部位的風險，並由風險管理執行單位加以監控。

2. Because large amount transaction may cause significant influence on securities price, the securities firm shall carefully manage market liquidity risk in connection with significant position.
2.由於鉅額交易對證券價格會產生重大影響，因此證券商應謹慎地管理鉅額部位之市場流動性風險。

4.3.3. Funding Liquidity Risk Management
4.3.3資金流動性風險管理

The securities firm shall evaluate and monitor requirement of short-term cash flow in each type of currencies by different characteristic of business. Furthermore, funding liquidity risk management mechanism shall be established for future funding requirement.
證券商應依業務特性評估與監控各種貨幣的短期現金流量需求，並訂定資金流動性風險管理機制，以因應未來之資金調度。

Description:
守則說明：

1. Sound funding liquidity risk management not only concern about domestic/short-term funding activity, but also need consider using oversea and cross-market funding activities.
1.資金流動性除應考慮本國短期資金調度外，亦需考量跨國或跨市場之資金流量調度。

4.3.4. Funding Management
4.3.4資金調度

The securities firm shall establish a funding management department that is independent of all business units and responsible for monitoring net cash flow of each business units.
證券商應設立一獨立於各業務部門之資金調度單位，並負責監控每一業務單位淨現金流量。

Description:
守則說明：

1. The funding management department shall report any significant or irregular use of cash to the RMIU.
1.資金調度單位應向風險管理執行單位通報業務單位重大與異常使用現金的情形。

2. The funding management department shall keep contact with relevant departments closely, and shall communicate with the settlement department for the funds used by any individual transaction.
2.資金調度單位需與業務單位及相關部門保持密切聯繫，並針對個別交易之資金使用狀況，與結算交割相關部門相互溝通。

4.3.5. Funding Strategies
4.3.5資金需求策略

The securities firm shall establish various funding strategies against possible loss arising from lack of liquidity, or requirement of fund liquidity caused by incident in the market.
證券商應訂定不同的資金需求策略，以因應資金流動性所造成之損失，或市場突發狀況所產生之資金流動性需求。

Description:
守則說明：

1. RMIU shall understand the potential liquidity risk concerning the financial products possessed by the securities firm through analysis on different circumstances, and further to evaluate possible cost arising from fund raising in various circumstances.
1.風險管理執行單位應透過不同的情境分析，瞭解證券商所持有之金融商品的潛在流動性風險，進而評估在各種情況下籌資的可能成本。

The RMIU shall also establish the emergent financing policies and process for the securities firm.
風險管理執行單位亦需訂定證券商之緊急融資策略與程序。

2. The securities shall establish a flexible structure for the management of funding liquidity risk.
2.證券商應建立具彈性之資金流動性風險管理架構。

4.4. Operational Risk
4.4作業風險

4.4.1. Operational Risk Management Principles
4.4.1作業風險管理原則

As for operational risk, a securities firm shall, in addition to monitoring operational procedures and key controls stipulated by its internal control principal, establish and implement suitable monitoring and controlling mechanism to prevent operational risk occurring in the course of trading process.
證券商對於作業風險，除應依其內部控制制度所規範之作業程序及控制重點進行控管外，對於業務及交易流程中之作業風險，亦應訂定適當之控管機制，並落實執行。

Description:
守則說明：

1. The above management mechanism of operational risk shall include at least:
1.前述作業風險管理機制至少應包括：

(1) Trading department shall ensure all transactions are complied with securities firm´s policies. It shall be regulated the control points in authorization of transaction, acquisition of supporting document for transaction, counter-parties´ experience and maintenance of transaction tracks.
(1)交易部門應確保所有交易皆遵循證券商之政策，且對於交易流程中有關授權、交易支援資訊之取得、對手經驗之考量、及交易紀錄之保留等控管重點，皆應有適當之規範。

(2) Treasury, settlement and other relevant units shall have suitable norms on main control points of monitoring such as evaluation, confirmation of price information, compiling of income statement, handling and confirmation of transaction, operation of transaction and settlement, reconciliation and capital control, etc
(2)財務部門、結算部門、及其他相關部門對於交易流程中有關評價、價格資訊確認、損益報表編製、交易處理與確認、結算與交割作業、帳戶之驗證、及資產控制等控管重點，應有適當之規範。

2. Securities firms may adopt a quantitative method to manage and control operational risk management effectively.
2.為有效控管作業風險，證券商可採適當之風險量化技術進行控管。

4.4.2. Authorization
4.4.2授權

Securities firms shall establish a clear authorization standard for all types of transactions.
證券商應針對各種型態之交易，設立明確的授權標準。

Description:
守則說明：

1. Securities firms shall review the appropriateness of authorization process on a regular base, and the relevant departments and persons shall clearly understand the scope of authorization. If the authorization procedure is violated, the appropriate action shall be taken.
1.證券商應有定期檢視授權適當性的程序，使相關部門或人員清楚了解授權範圍，若違反授權程序時應有適當的處理措施。

2. It shall specify how the authorization covers the transaction type and limit, and ensure the transaction of traders is subject to their authorized limit.
2.應具體說明每一交易型態的授權項目，以及所授權的限額，並確保交易人員在授權額度內進行交易。

3. Before authorization, make sure that relevant persons have completely understood the risk management policies and guidelines of securities firms, the characters of the risk of peculiar products and the operation control process of transaction.
3.在授權之前應確保相關人員已充分了解證券商的風險管理政策與方針、特定商品的風險特性、交易活動的營運控制與程序。

4.4.3. Decision-making Support
4.4.3決策支援

Traders shall acquire the full information of customers and counter-parties and other relating and necessary information, therefore, the information would support to make decisions involved in the transaction.
交易人員在交易前應取得客戶或交易對手的充分資訊，及其他相關而必要之資訊，以利證券商進行訂價與交易決策。

Description:
守則說明：

1. Before doing a transaction, traders shall understand the ability and need of counter-party and understand their responsibility. At the same time, the counter-party´s credit risk information and limit shall be acquired for reference of trade.
1.在交易進行前，交易人員應確實了解交易對手的能力及需求，並了解本身在交易中的權責範圍。同時亦需取得交易對手之信用風險資訊與限額，以作為交易參考依據。

2. Design controlling procedure for a proper pricing model;
2.設定適當的定價模型之控制程序。

untested model could expose the securities firms to the risk of loss, so assumptions and parameters shall be recorded clearly and be checked and approved by RMIU during the using and controlling procedure of pricing model.
未經測試的模式可能使證券商暴露於交易虧損的風險，因此有關定價模型的使用與控制程序中，應明確紀錄模型的假設與參數，並由風險管理執行單位檢視與核准。

3. Personnel of trading department shall really understand securities firms´ risk management and trading strategies.
3.交易部門人員應確實瞭解證券商之風險管理與交易策略。

4.4.4. Counter-parties Experience
4.4.4交易對手經驗

Traders from securities firms shall take counter-party´s experiences into consideration before trading.
證券商交易人員在交易進行之前，應考量交易對手之交易經驗。

Description:
守則說明：

1. For some financial products such as derivatives, the stipulations on them being extremely complicated and vague, a trader need ensure both he and his counter-party have completed understanding of its risk structure, in order to avoid later disputes.
1.若干金融商品，例如衍生性金融商品，其契約規範相當複雜與艱澀，為避免日後交易糾紛，交易人員需確保自身及交易對手對該項商品均有充分的瞭解。

2. For complicated transaction on financial products, the relevant data of the transaction shall be acquired or preserved.
2.對於複雜的金融商品交易，應取得或保存交易過程的相關資料。

3. It will be helpful for enhancing counter-party´s understanding of the products by moderately providing counter-party the sensitivity analysis of transaction in different market condition.
3.適度提供交易對手關於該交易在不同市場狀況下之敏感度分析資料，有助於增進交易對手就該商品的了解。

4.4.5. Transaction Record
4.4.5交易紀錄

A securities firm shall establish a control system to ensure the completeness, accuracy, and timeliness of the transaction record.
證券商應建立控管系統以確保交易紀錄之完整性、正確性與及時性。

Description:
守則說明：

1. Transaction personnel shall provide or keep important transaction tracks for further audit, to ensure transactions have been accurately processed and recorded.
1.交易人員應提供或保留重要的交易軌跡以備查核，以確保交易業經過正確地處理與紀錄。

2. When a transaction has to be recorded in multiple information systems, transaction shall be mapped among these systems so as to ensure their consistency, and RMIU, rather than transaction department, or other relevant departments shall perform inspection and confirmation on a daily basis.
2.當同一項交易必須登錄於多項資訊系統時，系統間應能進行交易比對以確保資料的一致性，並應由交易部門以外之風險管理執行單位或其他相關部門每日執行檢視與確認。

4.4.6. Valuation
4.4.6評價

Securities firms shall reevaluate the value of the position by utilizing reasonable and fair price in compliance with the existing written documents or approved policies and procedures on a timely basis.
證券商應依據既定之書面文件或經核准的政策與程序，適時運用合理的公平價格重新評估部位價值。

Description:
守則說明：

1. Securities firms shall establish appropriate policies and procedures for position valuation, and review their appropriateness periodically. In addition, disclosures on the valuation method and its reasoning is essential, where valuation includes mark to market and mark to model.
1.證券商應建立適當的部位評價政策與程序，並定期評估其妥適性。另應說明所採用之評價方法及理由，包含以市場價格評價或模型評價。

2. Securities firms shall take the consistency of adopted approaches issue into account.
2.證券商評價方法之採用，應注意其一致性。

3. Securities firms shall build suitable valuation procedures additionally for the extremely low liquidity products.
3.對於流動性非常低的商品，應另行設置適當之評估程序。

4. The valuation time shall be consistent in all kinds of products.
4.不論商品類別是否相同，其評價之時點應具一致性。

4.4.7. Price Information Verification
4.4.7價格資訊確認

Persons of treasury and risk management departments shall acquire price information (including interest rate and exchange rate), from the sections that are independent from transaction department, so as to reassessment the holding position.
財務部門及風險管理相關部門人員應從獨立於交易部門之單位取得價格(包括利率與匯率)資訊，以重新評價所持有之部位。

If using the internal assessment model, rational and independent checking procedure shall be set.
若使用內部評價模式進行評價時，應建立合理及獨立之檢視程序。

The alteration of this mode shall also be in accord with appropriate controlling and authorization procedures.
該模式之變更亦應遵循適當之控管與授權程序。

Description:
守則說明：

1. It could be considering the possibility of interest conflicts or price manipulation if that the price information was acquired from traders.
1.價格資訊之取得不宜由交易人員擔任，以避免發生利益衝突或價格操縱行為。

2. Securities firms shall completely understand how to get price from outside and establish operation procedure, which is advisable to include the approach of handling overestimate (underestimate) of price, unusual large amount or other abnormal situations.
2.證券商應充分了解經由外部取得價格的方式並建立作業程序，該程序宜包括對價格高(低)估、異常大量或其他異常狀況之處理方式。

3. If the independent exterior price cannot be acquired, price may be calculated by estimation and model, but the model´s suitability shall be evaluated first through an independent checking procedure; securities firms shall consider setting another limits for these transactions .
3.若無法取得獨立的外部價格，可透過估計與模式計算價格，但該模式應先經過獨立的檢視程序評估其妥適性，並應考慮就此類交易另行設定限額。

4.4.8. Profit and Loss Reporting
4.4.8損益報告

Securities firms shall compile profit and loss reporting on investment portfolio daily in order to inform management level on the performance of business units.
證券商應每日編製投資組合之損益報告，以使管理階層了解業務單位之績效。

Description:
守則說明：

1. Profit and loss reporting could be compiled by each business units, product types and geographic areas.
1.損益報告之內容可按業務單位別、產品別或地區別編製。

2. Treasury or risk management department shall estimate capital demand and its cost periodically, and compile relating analytical report.
2.財務部門或風險管理相關部門應定期評估資金需求及其成本，並編製相關之分析報表。

4.4.9. Trade Processing
4.4.9交易之處理

Securities firms shall deal with all executed transactions in time, and preserve the record operated by original traders so as to control and manage the potential risks in a trading process.
證券商應及時處理所有經核准之交易，並留存原交易人員執行交易之稽核軌跡，以控管交易過程可能衍生之風險。

Description:
守則說明：

1. Suitable controlling procedure on transactions shall be established in order to control and manage the potential risks.
1.應訂定適當之交易處理控制程序，以控管交易過程中可能衍生之風險。

2. It is advisable to deal with transactions just after the transactions being executed, or at least within the trading day, in order to ensure proper timely record.
2.交易之處理宜在交易執行後即予完成，或至少在當天完成，以確保紀錄的及時性。

3. To ensure the integrity of transaction record (such as the independent transaction number, transaction details, counter-party and transaction time) and its accuracy, transaction files shall be preserved as required.
3.為確保交易紀錄之完整性(例如：獨立之交易序號、交易細節、交易對手及交易時間)與正確性，須按規定保存交易文件。

4. The verified procedure of transaction record shall be executed by persons who are independent from transaction departments, including checking validity, supervising the limits of market and credit risk, as well as confirming the price information of outside market dealings and other noticeable matters.
4.應由獨立於業務單位之人員執行交易紀錄之驗證程序，包含有效性檢查、監督信用風險及市場風險限額，並確認場外交易價格資訊，及其他應注意事項。

5. Alteration and cancellation of a transaction or unusual transactions requires extra supervision and authorization.
5.交易之變更、取消與異常交易皆需額外的監督與授權。

6. All suspected or faulty accounts must be handled promptly; the senior managers of Treasury shall analyze the transactions which need to be clarified periodically.
6.所有有疑慮或錯誤的帳目均須迅速處理，財務單位之高階管理人員應定期檢視此類待澄清之交易，並進行分析。

4.4.10. Confirmation
4.4.10交易之確認

After a transaction, confirmation on the data between the securities firms and the counter-party shall be handled by persons from non-transaction departments.
證券商於交易完成後與交易對手交易資料之確認作業，應由非交易部門之人員辦理。

Description:
守則說明：

1. Conforming process for a transaction shall depend on its nature, including making use of settlement institutions, settlement system or testified evidences from the counter-party, etc. The confirmation procedure must be independent from traders and cashier.
1.對交易之確認，應視其性質決定確認方式。包括利用結算機構、結算系統或直接向交易對手函證等。且確認程序須獨立於交易員及出納單位。

2. Persons from non-transaction department shall manage sending and receiving, verifying and testing of the transaction evidences.
2.交易函證之收發、核對及驗證，應由交易部門以外之人員負責。

3. Management report shall include the information of unfinished transactions and contentious counter-party, and etc.
3.管理報告應包括未完成之交易，及有爭議之交易對手等內容。

4.4.11. Settlements
4.4.11結算與交割

Securities firms shall authorize the personnel, who is independent from the trading, trading procedure and checking accounts, to execute settlements of cash and securities.
證券商應授權獨立於交易、交易程序處理與對帳單位之人員執行現金及有價證券之交割及結算處理作業。

Description:
守則說明：

1. To effectively control the settlement of cash or assets transactions , personnel of qualified experience and knowledge shall be authorized to cross-check the details of transactions, and the authorized personnel shall be divided into more than two levels, whose responsibilities shall be clarified and differentiated.
1.為達到現金或資產交割之有效控制，應授權具有足夠經驗及知識之人員覆核交割細節，且授權階層至少應劃分為兩個以上，並明確區分各層級之責任。

2. To maintain the security of electronic payment system or artificial invoicing system, all transaction phones instructing settlement shall be recorded.
2.為保護電子支付系統或人工開票作業系統之安全，所有指示交割處理的電話線應予以錄音。

3. Operation of non-standard transactions shall appropriately be authorized and crosschecked.
3.非標準化之交割作業應經適當之授權與覆核。

4. Operations of cash and security transactions shall be divided and authorized respectively.
4.應區隔現金出納與證券交割作業，並分別予以適當授權。

4.4.12. Reconciliation
4.4.12帳戶之驗證

A securities firm shall arrange an independent unit for reconciliation periodically, or execute internal verification when build internal positions
證券商應由獨立單位定期進行帳戶之驗證，或在建立內部部位時，適當執行內部帳戶之驗證。

Description:
守則說明：

1. To maintain consistency of internal system, database and outside organizations´ record, the account shall be verified, and integration between trading department´s application system and back office database.
1.為確保內部系統與資料庫、以及與外部組織紀錄之一致性，應進行帳戶之驗證，且交易部門應用系統與後檯資料庫應能相結合。

2. The scope of reconciliation shall include traders, settlement of back office and record of accounting system.
2.帳戶驗證之範圍應包括交易人員、後檯之結算與會計系統紀錄等。

3. Independent unit shall verify cash and custodial position (including cash and positions) to ensure the accuracy of record.
3.應由獨立單位驗證現金與保管部位(範圍應包含部位與現金)，以確保記錄之正確性。

4.4.13. Asset Control
4.4.13資產控制

Securities firms shall establish asset control system to maintain the security of assets (including those of securities firms and clients).
證券商應建立資產控制系統，以保護資產(包括證券商與客戶)之安全。

Description:
守則說明：

1. All securities and other assets, including collateral shall be kept in a safe place under control.
1.所有有價證券與其他資產，包括擔保品，皆應放置在安全場所控管。

2. At least count and check the securities periodically.
2.至少定期盤點與檢視有價證券。

3. Design controlling procedure to maintain the security of clients´ assets, including confirming clients´ assets and managing the assets respectively.
3.設定控制程序以確保客戶資產安全，包含確認客戶資產及分別管理客戶資產等。

4. Shall record in detail and settle every client´s dealings correctly and show the balance of his account.
4.應詳細紀錄及正確結算每一客戶之交易並顯示其帳戶餘額。

4.4.14. Operational Risk Measurement
4.4.14作業風險之量化衡量

Securities firms shall recognize the importance of operational risk, collect and settle the relevant data to apply quantitative measurement and management appropriately.
證券商應認知作業風險之重要性，並收集整理作業風險相關資料，以進行適當之量化衡量與管理。

Description:
守則說明：

1. Operational risks includes the risk of internal personnel, procedures and information system, as well as direct or indirect loss caused by external affairs; securities firms shall collect and settle the relevant data regularly (including: occurring time, event types, documents and loss data), and apply quantitative measurement and management appropriately.
1.作業風險包括內部之人員、流程與資訊系統風險及外部之事件所造成直接或間接損失之風險，證券商應於平日收集整理作業風險相關資料(內容包括：發生時點、事件型態、文件記錄與損失狀況)，並進行適當之量化衡量與管理。

2. To control operational risk, appropriate approaches or models could be adopted to measure the risk.
2.為有效控管作業風險，可採適當之方法或模型，衡量作業風險。

3. For relevant information about risk quantification, please refer to the reports of Bank of International Settlement (BIS), such as Consultative Document: Operational Risk (2001, BIS) or Quantitative Impact Study 3: Technical Guidance (2002, BIS), etc..
3.相關作業風險量化資訊可參考國際清算銀行(BIS)所發佈的報告書，例如：ConsultativeDocument:OperationalRisk(2001,BIS)或QuantitativeImpactStudy3:TechnicalGuida-nce(2002,BIS)等研究報告。

4.5. Other Risks
4.5其他風險

4.5.1. Control of Other Risks
4.5.1其他風險控管

Securities firms, in addition to controlling market risk, credit risk, operational risk and liquidity risk, shall establish suitable control procedure for other risks (including legal risk, reputation risk and strategy risk, etc.).
證券商除應控管經營時所面臨之市場、信用、作業及流動性風險外，對於其他風險(包括法律風險、聲譽風險及策略風險等)宜建立適當之風險控管處理程序。

Description:
守則說明：

1. Legal risk is defined as the risk of loss resulting from failure of complying with government´s related regulations, and nullification of a contract, which is caused by illegality of the contract, overstepping powers, neglect of clauses or incompletion of standards, etc.
1.法律風險係指未能遵循政府相關法規，以及契約本身不具法律效力、越權行為、條款疏漏、規範不週等致使契約無效，而造成之可能損失。

2. Strategy risk is defined as the risk of loss at prompt time or in the future, which is from wrong business decisions, unsuitable execution of the decisions, deficiency of response to competition in the line or to alteration of industries.
2.策略風險是指由於錯誤的商業決策、或決策執行不當、或對同業競爭缺乏適當回應、或產業變動缺乏適當反應，而使證券商收益或資本受到即時或未來可能損失的風險。

3. Reputation risk is defined as the risk of loss resulting from negative affairs about a securities firm´s business, no matter whether they are true or not, which will lead to reduction of client base, decreasing of revenue, even huge lawsuit expenses or other probable losses.
3.聲譽風險是指任何有關證券商經營的負面事項，不論事情是否屬實，而可能導致證券商的客戶基礎縮小、收益減少、致須承擔龐大的訴訟費用，或其他可能損失的風險。

4. Except for market risk, credit risk, operational risk, and liquidity risk, securities firms shall establish suitable control procedures for other risks, such as law risk, strategy risk and reputation risk, etc., in compliance of their characters and their affection on a firm.
4.證券商經營除市場、信用、作業與流動性風險外，仍包括法律、策略及聲譽風險等其他風險，宜依據各類風險特性及其對公司之影響，建立適當之風險管理程序以控管其他風險。

4.5.2. Regulation & Compliance
4.5.2法規遵循

A securities firm shall establish a specific department for regulation and compliance, which is to be in charge of supervising financing and operating activities in prospect of complying with regulation, evaluating and managing the firm´s legal risk.
證券商宜設立專職之法規遵循相關部門，負責規範證券商整體財務與營運活動之相關法規，並評估與管理公司之法律風險。

Description:
守則說明：

1. Control of legal risk shall be designed through coordination between the risk management department and the regulation and compliance department.
1.法律風險之控管宜透過風險管理執行單位及法規遵循相關部門共同商討研擬之。

2. Stipulation of internal rules in a securities firm shall accord with related authority´s regulations.
2.證券商內部規章之訂定，應符合主管機關相關法規規定。

3. A securities firm shall check the applicability of the internal regulations to ensure that they are forward-looking and flexible, and could avoid the adverse impact on operations caused by alteration of regulations.
3.證券商應適時檢視內部規章之適宜性，以確保內部規章之前瞻性與彈性，俾能因應法規改變對其業務之衝擊。

4.5.3. Legal Documentation
4.5.3契約文件適法性之審查

Before entering a transaction, securities firms shall confirm rights and responsibilities with their counter-parties and review legitimacy of the deal and whether the related document is in proper legal form.
證券商於承作業務前，應與交易對手確認彼此權利義務關係，並就該交易之適法性，以及是否具備合法文件予以審查。

Description:
守則說明：

1. A securities firm shall establish complete procedures to stipulate process before dealing with counter-parties, so as to ensure legitimacy of the deal, which shall include: custody institutions, brokers, traders and clients.
1.證券商應訂定一完整程序，據以規範與交易對手交易前之審核流程，以確保交易之適法性，前述交易對手包括：保管機構、經紀人、交易員與客戶等。

2. Securities firms shall design written documents required by different transactions and ensure the integrity of the documents´ details.
2.證券商應擬定不同交易所需之書面文件，並確保交易文件細節之完整性。

3. Before a deal, a business unit shall acquire legal authorization for the deal and follow relevant regulations. At the same time, the relating documents during the dealing process shall be kept completely in compliance of required period.
3.交易進行前，業務單位應先取得該交易合法之授權，並遵守相關法規。同時交易過程中的相關文件，應依規定期間完整保存。

4. Considering the complexity of dealings of derivatives, high multiple of financial leverage, different dealing periods, multiple counter-parties and variety of risk mitigation and reducing, securities firms shall take caution of the feasibility of executing contracts and counter-parties´ ability of fulfillment contracts, and shall design a set of complete checking procedure for complete and legitimacy of contracts on derivatives.
4.鑑於衍生性金融商品交易之複雜性、高財務槓桿倍數、交易期間長短不一、牽連交易對手眾多及風險移轉與降低等多樣化特性，證券商應特別注意其契約執行之可行性，以及交易對手履行契約之能力，並就衍生性金融商品契約之周延性及適法性，擬定一套完整之審核程序。

4.6. Risk Limits and Risk Aggregation
4.6風險限額與風險彙總

4.6.1. Market Risk Limits
4.6.1市場風險限額

A securities firm shall design and supervise market risk limits at firm-wide level, business unit level, and trader level based on certain procedures, and execute the principles of handling limit violations.
證券商應依據一定程序，設定並監控公司整體、各業務單位及各交易員之市場風險限額，並落實執行限額超限之處理原則。

Description:
守則說明：

1. Market risk limits shall be set up according to their position limits, sensitivity limits and stop-loss limits , as well as VaR limits or stress testing limits.
1.市場風險限額之訂定應考量部位限額、敏感度限額及停損限額；並宜考量風險值(ValueatRisk)限額或壓力測試限額。

2. The risk diversification effect of investment portfolio shall be taken into account when allocating market risk limits.
2.市場風險限額分配原則，宜考量投資組合風險分散效果。

4.6.2. Credit Risk Limits
4.6.2信用風險限額

A securities firm shall design and supervise credit risk limits of counter-parties based on certain procedures, and implement the principles of handling limit violations.
證券商應依據一定程序，設定並監控各交易對手之信用風險限額，並落實執行限額超限之處理原則。

Description:
守則說明：

1. To establish credit risk limits, the following factors shall be taken into account:
1.證券商信用風險限額之設定，應考慮下列因素：

(1) Setting up credit risk limits for each counter-parties or client.
(1)為每個交易對手或客戶設定信用限額。

(2) A trader shall check the limit and insure its validity before entering a deal.
(2)在進行交易之前，交易員需審查限額，確定信用限額的有效性。

(3) Checking the changes of counter-parties´ credit periodically and responding the situation correctly after dealings.
(3)交易完成後，應定期檢視交易對手信用變化狀況，並進行適當處理。

2. Risk management unit shall check and then supervise the counter-parties´ credit in compliance of approved procedures, and evaluating the concentration risk of the following categories:
2.風險管理執行單位應根據已核准的程序，進行交易對手信用之審查與後續之監督，並依以下類別評估信用風險是否過於集中：

(1) Counter-parties including their related parties,
(1)交易對手，包含其關係企業。

(2) Credit grades,
(2)同一信用等級之企業。

(3) Industries, and
(3)產業別。

(4) Countries.
(4)國家別。

3. Securities firms shall adopt quantified models to measure credit risk, and design limits of each counter-parties and each business type accordingly.
3.證券商宜採量化之模型或方法衡量信用風險，並據以設定各交易對手及各業務之信用風險限額。

4.6.3. Limit Review Procedure
4.6.3限額檢核程序

When government´s regulations, firm´s policies, market situation or trading strategy have changed, securities firms shall check its risk limits again.
當政府法規、公司政策、市場情況或交易策略發生變動時，證券商應重新檢核風險限額規定。

Description:
守則說明：

1. Securities firms shall review risk limits periodically to reflect changes of external environment and internal business decision.
1.證券商應定期檢視風險限額，以適時因應外在環境變化及內部決策改變。

2. Securities firms shall design the different limits for each trader and heads of business units will review those limits.
2.證券商應設定各個交易員限額，並由證券商業務單位主管定期檢視。

4.6.4. New Product Evaluation & Authorization
4.6.4商品限額的評估與授權

Before trading or issuing new products, securities firms shall establish formal new product approving procedure, design sales plan, and assess the feasibility of the plan and the impact on the current limits of existed products, so as to allocate appropriate risk limits.
證券商於承作新商品業務前，除應建立正式之審核作業程序暨訂定營業計劃書，據以評估其可行性外，並應評估其對既有商品授權限額之影響程度，俾據以分配適當之承作限額。

Description:
守則說明：

1. Securities firms shall confirm that the difference from the existing product has been evaluated and authorized before developing new product.
1.證券商於開發新商品業務時，須確認其與現有商品之差異業經適當之審查並取得授權。

Changes of business nature, structural difference, risk level, law and regulations shall be taken into account in compliance of the operation procedure.
並依據作業程序，考量業務承作之改變、結構之差異、風險程度及法律與法規等因素。

2. The board of directors or other top management authorized by the board of directors shall approve new product verifying procedure that is sign-off by related department, such as the units of risk management, audit, information, finance and laws, etc.
2.承作新商品業務之核決程序，除應經由相關部門(例如風險管理、稽核、資訊、財務及法務等單位)審核簽署外，並須經董事會或董事會授權之高階管理人員核准。

3. Content of new product developing procedure shall include the methodology of designing new products, the modification of the existing policy documents, product valuation procedure, potential counter-parties, appropriate monitoring mechanism and operation procedure, operation of information system and method of risk analysis.
3.新商品業務之審核程序，其內容應詳載商品設計之理由，現行政策文件修正規定、評價程序、潛在交易對手、適當之監控機制與作業程序、資訊系統運作與風險分析方法。

4