Ethical Corporate Management

Effective corporate governance is the cornerstone for sustainable development of enterprises. We see Ethical Corporate Management as the supreme principle, implement sound risk management, comprehensive information security management, and actual compliance with laws and regulations. As a means to achieve the goal of sustainable co-prosperity, we took a proactive approach to understand and respond to the needs of various stakeholders through a variety of information disclosure channels on top of rigorously safeguarding shareholders' rights and interests.

Management Governance

ECOVE sees ethical corporate management as the fundamental spirit of corporate governance and embarks on a quest to satisfy the expectations of investors and various stakeholders while working on the stable growth of the organization. We have established diverse channels to provide relevant information, such as setting up a dedicated section for corporate sustainability and a stakeholder area. These initiatives aim to provide symmetrical information for investors and stakeholders, ensuring integrity and transparency in corporate governance, meeting the expectations of various stakeholders, and facilitating effective communication.

ECOVE not only focuses on resource recycling-related fields in investment planning but also places great importance on implementing sustainable development. Through transparent, professional, and robust corporate governance principles, ECOVE has been consistently ranked in the top 5% of the "Corporate Governance Evaluation" for listed companies for nine consecutive years. This demonstrates our commitment to being a responsible corporate citizen and serves as a model for information disclosure and ethical business practices.

Governance Structure

The highest decision-making unit in ECOVE is the Board of Directors, as stipulated in the Article of Incorporation, the Company shall have a Board of Directors consisting of five to nine directors, each serving a three-year term. The directors are appointed by the shareholders' meeting from eligible individuals and can be re-elected. Among the aforementioned director seats, two to three positions are designated for independent directors. The selection and appointment of directors (including independent directors) in the Company follow the candidate nomination system outlined in Article 192-1 of the Company Law. The directors are appointed by the shareholders' meeting from the list of director candidates. The 8th Board of Directors of the Company consists of nine directors, including three independent directors, accounting for approximately 33% of the board. They are responsible for formulating the Company's business policies and important strategies.

The operation of our Board of Directors follows the "Rules Governing Procedure for Board of Directors' Meetings" and "Guidelines for Board of Directors Meeting Operations Management." The Board holds meetings at least once per quarter, adheres to conflict of interest regulations, and any director with personal interests involved in a board resolution automatically recuses themselves and does not act as a proxy for other directors in voting. In 2022, the average attendance rate of the Board of Directors' meetings was 98%. The Chairman of ECOVE has the primary responsibility of overseeing the executive management to ensure that the company's operations and business execution align with the corporate philosophy. The President's primary responsibility is to lead the management team and ensure the overall operations are carried out in accordance with the directives of the Board of Directors. The Chairman does not hold the position of President to avoid conflicts between their respective responsibilities.

To ensure the Board of Directors effectively fulfills its supervisory, auditing, and managerial functions, ECOVE has established an "Audit Committee" and a "Remuneration Committee" under the Board of Directors. The Company also has an internal audit organization that plans and executes auditing activities. The internal audit team reports regularly to the independent directors on auditing matters and attends meetings of the Audit Committee and the Board of Directors to provide reports.

Board Diversity

The members of the Board of Directors possess the professional knowledge, experience, and qualities required to fulfill their duties, including expertise in fields such as engineering & environmental protection, industrial safety, water resources, finance & environment, and more. They are equipped with international perspectives, decision-making and leadership abilities, and crisis management skills to adapt to changes in the economy, environment, society, and other aspects. Furthermore, we are committed to promoting board diversity. We have formulated diversity policies for Board Members based on the company's operations, business models, and development needs. Specific objectives include limiting the number of directors concurrently serving as Company General Manager to no more than one-third of the board seats, ensuring at least one female director, and having at least two independent directors whose consecutive terms do not exceed three. The results of the 2020 board election were in line with the diversity policy. Currently, the board consists of 8 male members aged 50 and above, as well as one female member aged 50 and above.

Directors' Further Training and Performance Evaluation

In an effort to implement corporate governance, enhance the functions of the Board of Directors, as well as to establish performance targets and strengthen the operational efficiency of the Board of Directors, the Company revised the "Regulations Governing the Board Performance Evaluation" at the 13th meeting of the 7th-term Board of Directors in May 2019, stipulating that performance evaluation of the Company's Board of Directions shall be carried out at least every three years by an external professional independent body or a team of external experts and academics, the results of internal and external performance evaluations of the Board of Directors shall be completed before the end of the first quarter of the following year, and that the scope of evaluation shall be extended to the performance evaluation of the Board of Directors as a whole, individual Board Members, and functional committees. The individual performance evaluation of directors will serve as a reference for determining their compensation. Evaluation methods include internal self-assessments by the Board of Directors and functional committees (Remuneration Committee and Audit Committee), self- assessments by individual Board Members, appointment of external professional bodies, experts, or other appropriate means of performance evaluation.

In late 2021, the Company appointed an external professional and independent organization, the "Taiwan Corporate Governance Association," to conduct the evaluation. The evaluation results and proposed measures were presented to the 13th meeting of the 8th Board of Directors on March7, 2022. The results of the Board's performance evaluation, as well as subsequent reviews and improvements, will be reported to the Board and disclosed in the annual report and on the Company's website.

All members of the Board of Directors of the Company have completed relevant training in accordance with the "Guidelines for Continuing Education for Directors and Supervisors of Exchange-listed and OTC-listed companies." The training content covers corporate governance, business ethics and compliance, corporate sustainability, information security, etc., aiming to enhance the Board's understanding of emerging issues and the effectiveness of corporate governance. In 2022, the average training hours for the Company's Directors reached 7.33 hours, with all directors meeting the requirement of a minimum of 6 hours of training under the "Guidelines for Continuing Education for Directors and Supervisors of Exchange-listed and OTC-listed companies." Related information is disclosed on the Market Observation Post System.

Remuneration Structure for Directors and Managers

The remuneration of the Company's Directors and General Manager follows the guidelines and criteria set forth by the Remuneration Committee and the Board of Directors, including the "Guidelines for Director Performance Evaluation and Remuneration System" and the "Guidelines for General Manager Performance Evaluation and Remuneration System." The remuneration takes into account industry norms, as well as the Company's performance, individual contributions, and achievements, aiming to provide reasonable compensation.

The compensation structure for General Manager (including those who are also directors) includes fixed and variable components and is subject to annual performance assessment. The assessment encompasses the achievement of various financial goals (approximately 65% weightage), non-financial performance indicators (approximately 25% weightage), and the Company's sustainable goals related to economic, environmental, and social aspects (approximately 10% weightage). In addition, the annual salary adjustments and performance bonuses are calculated based on their performance evaluation results compared to general employees. The performance results, salary adjustments, and annual bonuses are reported to the Remuneration Committee and the Board of Directors for discussion. (Human Resources Department)

Starting from 2022, the performance goals for Directors, the President, and General Manager have incorporated ESG (Environmental, Social, and Governance) elements. Discussions on goal setting take place at the beginning of the second quarter each year, and the achievement rate is reviewed in the fourth quarter. ESG goals account for a weightage of 10% in the overall performance goals. Key performance indicators include receiving national environmental awards, conducting 20 off- site environmental education activities through the CTCI Education Foundation (CTCI EF), and organizing visits to business locations by the Directors. Furthermore, within the annual performance assessment, supervisors have ESG self-assessment items to encourage them to actively participate in various internal and external ESG activities or awards within the group. This aims to ensure the implementation of the Group's ESG sustainable goals in daily work.

The remaining employee remuneration and welfare protection are also inline with the general management's regulations. However, there are exceptions for the allocation of stock options and pensions for senior managers, where the distribution of warrants is reviewed by the Remuneration Committee, while pension is set out based on the coverage rate of the old pension mechanism and is controlled by the Pension Supervision Committee and an actuarial firm to protect the retirement rights and interest of senior managers as employees.

The Remuneration Committee and the Board of Directors shall regularly review the reasonableness of the remuneration, and shall review the remuneration system from time to time according to the actual operating conditions and relevant laws and regulations. They shall not guide the directors, presidents, and vice presidents to engage in acts beyond the Company's risk appetite in pursuit of remuneration, so as to avoid improper circumstances such as the Company suffering losses after payment of remuneration.

Legal Compliance and Internal Control and Internal Audit

Professional Ethics and Legal Compliance

ECOVE adheres to the spirit of integrity in its operations and ensures that daily operations comply with corporate ethics and morals. We have established basic standards of conduct that must be followed by the Directors, General Manager, and general employees, including "Corporate Governance Principles," "Ethical Corporate Management Principles," "Code of Ethics for Directors and General Manager," and "Code of Conduct for Employee Professional Ethics," among other regulatory standards. Additionally, we have set forth work rules for all ECOVE employees to follow in their daily business activities. At the same time, with the intention of maintaining fair trade and preventing corruption and bribery, ECOVE strictly requires employees and related parties to conduct transactions without preferential treatment, and not to request, obtain, offer, accept favors such as gifts, entertainment, kickbacks, or bribes for themselves or people around them when performing their duties. Through the internal control system, relevant risks can be confirmed and mitigated for all operating sites. Within the "Code of Conduct for Employee Professional Ethics," it is specified that employees of the Company must not, in any way, engage in political contribution, support specific political parties or candidates, or participate in other political activities that may influence other employees.

To continuously strengthen our commitment to integrity in business operations, ECOVE organizes internal and external activities and training sessions related to ethical business practices for all employees on an annual basis. In 2022, we conducted two online corporate integrity courses in which a total of 867 employees participated, accounting for 97.3% of the entire workforce.

In order to ensure that all ECOVE employees are familiar with the various management standards, since 2020, all employees, regardless of their positions, including newly hired staff, are required to sign the "Employee Ethics Commitment Letter." In 2022, the signing rate reached 100%. During the orientation and training for new employees, the importance of ethics and integrity is emphasized, along with an introduction to ECOVE's "Code of Conduct," "No Gift Policy," "Whistleblowing Website," and other legal compliance regulations and reporting mechanisms. The corporate culture of "integrity" is also included as an annual performance evaluation criterion, deepening the connection between ethical behavior and employee performance, with the aim of instilling the culture of integrity in the hearts of every employee. ECOVE also requires all employees of affiliated companies and overseas subsidiaries to sign the "Confidentiality, Non-Competition, and Intellectual Property Commitment Letter." In 2022, there were no incidents of corruption or bribery, and our commitment to integrity in business operations has received recognition and approval from our partners. All Board Directors also underwent courses related to ethical corporate management issues, and advocacy was further conducted on the issues of legal compliance, avoidance of interest, improper political contributions and donations, with a completion rate of 100%, thereby strengthening the concept of ethical management at the governance level.

The Company's business scope covers three major areas: waste management, recycling, and renewable energy. We regularly review the latest legal changes and updates both domestically and internationally and are committed to establishing a culture of compliance. In 2022, ECOVE did not face any legal actions related to anti- competitive behavior, antitrust and monopoly practices, non-compliance with product and service information and labeling regulations, or violations of marketing and promotion (regulatory or voluntary guidelines).

Internal Control System

ECOVE's internal control system is based on the "Guidelines for Establishing Internal Control Systems for Publicly Issued Companies" issued by the Financial Supervisory Commission. It incorporates elements such as control environment, risk assessment, control activities, information and communication, and monitoring. Designed by the General Manager, approved by the Board of Directors, and implemented by the Board of Directors, General Manager, and other employees, the system aims to promote sound business operations, ensure operational effectiveness and efficiency, reliable and timely information reporting, and compliance with relevant laws and regulations. It is regularly reviewed to adapt to changes in the internal and external environment, ensuring the ongoing effectiveness of system design and implementation.

ECOVE has an internal audit unit under the oversight of the Board of Directors. The unit has established an internal audit system, which is approved by the Board of Directors. It is staffed with a dedicated audit manager and works in conjunction with the Audit Committee to assist the Board of Directors and General Manager in examining and reviewing deficiencies in the internal control system, measuring operational effectiveness and efficiency, and providing improvement recommendations as necessary. This ensures the continuous and effective implementation of the internal control system and serves as a basis for reviewing and revising the system.

The audit department develops an annual audit plan based on risk assessments and submits it for approval by the Board of Directors. It then carries out various audit procedures according to the plan. Identified deficiencies and abnormal issues related to the internal control system are disclosed in audit reports, which are tracked and followed up on after submission. Follow-up reports are prepared at least quarterly until improvements are implemented to ensure that relevant departments have taken timely and appropriate corrective measures. The audit manager reports the results of the independent director audit plan execution monthly and has individual face-to-face meetings with independent directors every quarter to discuss internal control and audit-related matters. The audit manager also attends Audit Committee and Board of Directors meetings to present audit business reports and demonstrate the effectiveness of the audit function.

Whistleblower and Consultation Mechanism

ECOVE has established the "Whistleblowing Operation Management Measures," which are managed by the Human Resources department. The department is responsible for receiving whistleblower cases and providing initial review recommendations. The cases are then forwarded to the GSS or Group Shared Services for further investigation, ensuring a transparent whistleblowing channel and fair investigation process. ECOVE has also set up a "Whistleblower Website" on the "Employee Opinion Platform," developed by the independent firm Deloitte Taiwan, to protect the rights of whistleblowers and ensure proper investigation and handling of whistleblower cases. Both internal employees and external individuals can freely choose to make reports on the platform, either anonymously or with their names disclosed. External individuals can also report through ECOVE's official website reporting platform (https://www.ecove.com/?L=CH&C=0600).

If employees have concerns or inquiries regarding the various codes of conduct or ethical business practices, they can consult with their supervisors or contact the internal complaint mailbox (HR@ecove.com). Although there were no confirmed complaints or violations related to integrity in 2022, ECOVE will continue to adhere to its brand positioning as the "Most Reliable" and enforce ethical corporate standards.

Risk Management

To strengthen the operational resilience and competitiveness of itself and its subsidiaries, ECOVE issued the "Risk Management Guidelines" in 2017. It established the "Risk Management Executive Committee" with a structure consisting of the Board of Directors, Chairman, President, and executive secretary. The committee holds meetings in the first and third quarters of each year, prioritizing risk issues and proposing control measures. The implementation of control measures is continuously reviewed through audits to assist the Board of Directors and General Manager in ensuring effective risk control. The committee primarily manages five types of risks: information security risk, health and safety environmental risk, operational risk, quality management risk, and climate change risk. Effective actions are taken to manage risks or seize potential opportunities. In the 2022 Risk Management Report, eight risks were identified, such as environmental laws and regulations, unforeseen plant shutdowns, safety and health, human resources, pandemic impact, and VOC leakage risk. After discussions on risk assessment, 58 action control measures were proposed, all of which were implemented in accordance with regulations to ensure effective risk control.
▼ Organization Chart of the Risk Management Committee

As an investment holdings company, ECOVE maintains control on various aspects of subsidiaries and requires subsidiaries to submit monthly operations reports, so as to review and analyze management strategies and risk management. The results of such reviews and analysis are compiled into guidelines or amendment reports and will be approved by responsible managers and the Chairman before being carried out by subsidiaries. In addition, with the object of maintaining a stable operation, related supervision processes were conducted, based on the characteristics of industries on all subsidiaries that ECOVE has invested in. 
▼ Scope of risk consideration

Information Security

Resolute to protect the vital intellectual assets of customers, ECOVE strengthens the reliability and quality of project executions to enhance customers' trust. With a sound information security management system, regular security risk assessments, and information security management mechanisms in place, we proactively identify and reduced information security risks, and adhere to owners' requirements or legal requirements, such as the Trade Secrets Act, Personal Data Protection Act, and Cyber Security Management Act, so as to improve the quality of information security management holistically.

Information Security Management System

ECOVE continues to implement the PDCA (Plan-Do-Check-Act) cycle to continuously improve its information security risk management operations. The promotion and implementation of information security management, regular reviews, and timely updates not only support the sustainable operation and development of the Group's business, but also lay the foundation in a new era for ECOVE's IT.

Based on the Financial Supervisory Commission's "Guidelines for Establishing Internal Control Systems for Publicly Issued Companies," the Company is required to establish a dedicated information security unit (including one information security manager and at least one information security personnel) by the end of 2023. We have initiated personnel recruitment to meet this legal deadline and will comprehensively update the "Information Security Management Guidelines" and related guidelines in accordance with the principles of ISO/IEC 27001. These measures aim to regulate the Company's information security management system to ensure the confidentiality, integrity, and availability of the Company's governed information, thereby safeguarding the interests of the Company and all employees. According to the provisions of the "Risk Management Guidelines," the "Risk Management Execution Committee" serves as the highest governing unit for information security. Under the committee's guidance, the Information Services Center is responsible for executing and regularly submitting execution results and effectiveness reports on social engineering, antivirus systems, firewalls, email filtering systems, email auditing systems, and other security measures. These reports are consolidated into the "Risk Management Committee Report" and presented to the Board of Directors annually in the fourth quarter to report on the annual progress and plans.

Information Security Management Mechanisms

In 2012, following the recommendation of an independent director, ECOVE adjusted its practices for off-site backups based on the suggestion from the 2003 National Information and Communication Security Taskforce of the Executive Yuan. The distance between the main data center and the off-site backup facility was increased to a minimum of 30 kilometers, relocating from Neihu, Taipei to Wuri, Taichung. In 2013, in response to the Personal Data Protection Act, measures and management mechanisms were enhanced to protect personal information. For instance, dedicated wiping machines were used for disposing of scrapped hard drives to prevent data leakage. By the same token, in July 2017, social engineering drills were rolled out, and based on the results, those with medium to high levels of risks were subjected to education and training to reinforce their awareness of information security.

Furthermore, ECOVE consistently invests resources in information security-related matters. In 2022, the annual budget for information security-related software, hardware, and services reached NT$11.79 million. Resource allocations include strengthening security defense equipment, upgrading and revising antivirus software, replacing outdated servers, following the "3-2-1 backup principle" for backup system replacement, engaging professional cybersecurity vendors for security assessments and improvements, and reinforcing security management systems and education training. These efforts span from management to technical aspects to enhance information security capabilities.
Due to the significant damage caused to well-known companies by ransomware attacks in recent years, ECOVE has established a "Social Engineering Attack Prevention" website and a "Fraudulent Email Reporting Inbox" to assist employees in identifying and avoiding risks associated with "fraudulent/phishing emails" and more precise "Business Email Compromise (BEC)" attacks.

Considering information security risks, a comprehensive inspection and replacement of outdated servers, as well as improvements to outdated systems, have been implemented since the second half of 2021, becoming an annual routine operation. In 2022, the replacement of Windows Server 2008 and the extension of the time management system's lifespan have been completed. Additionally, in 2023, important tasks are planned, including the replacement of outdated servers, the replacement of the time management system, and the replacement of the email antivirus and spam filter system with the addition of anti-fraud functionality. To effectively distribute the potential losses caused by information security risks, the Company purchased "Electronic Equipment Comprehensive Insurance," with a total coverage amount exceeding NT$53.34 million.

According to the "Information Security Management Guidelines," if employees detect a computer virus intrusion or other malicious software, they should immediately notify the nearest Information Center or the computer administrator of their department for handling. In practice, when the Information Service Center receives notifications from the antivirus system (indicating that automatic cleaning or isolation has failed), they proactively intervene to prevent individual employees from neglecting the antivirus system's alarm notifications. In the year 2022, there were no reported incidents of infection, two instances of automatic cleaning, and five instances of automatic isolation. These incidents did not result in any data loss or customer damage. Up to now, no security events affecting the normal operation of internal information systems and related facilities have occurred. The future focus will continue to be on improving and reviewing relevant processes, comprehensively enhancing security management to meet international quality requirements.

Employees in the Information Service Center have set different items and goals for their respective responsibilities within the "2022 KPI Performance Targets and Scoring Method," including incidents of computer infection within the domain, network, servers, application systems, etc., unplanned service interruptions, non-disaster or external force-induced service disruptions, high-risk individuals in social engineering drills, security inspections, information security audits, etc., to ensure the implementation of various information security measures.

Management Performance and Industry Outlook

▼ Management Performance

Industry Outlook

In 2022, ECOVE will continue to integrate SDGs, deepen the domestic market, expand overseas presence, and strive for more project collaboration opportunities. Additionally, we respond to the development trend towards a circular economy model in the market by actively expanding operations in waste resource utilization to enhance resource cycling efficiency. Leveraging our core capabilities and existing business expansion, we will continue to deepen our presence in the areas of "waste management," "recycling and reuse," and "renewable energy," showcasing Taiwan's technical expertise and strength in the resource cycling industry t o the world.