Effective corporate governance is the cornerstone for sustainable development of enterprises. We see Ethical Corporate Management as the supreme principle, implement sound risk management, comprehensive information security management, and actual compliance with laws and regulations. As a means to achieve the goal of sustainable co-prosperity, we took a proactive approach to understand and respond to the needs of various stakeholders through a variety of information disclosure channels on top of rigorously safeguarding shareholders' rights and interests.

Management Governance

ECOVE sees ethical corporate management as the fundamental spirit of corporate governance and embarks on a quest to satisfy the expectations of investors and various stakeholders while working on the stable growth of the organization. We have established multiple channels to provide relevant information, such as holding regular investor conferences and annual shareholders' meetings, as well as setting up a special zone for investor relations, a special zone for corporate sustainability, and a special zone for stakeholders, etc., in order to continue to strengthen the disclosure of information, to respect the rights and interests of all stakeholders, and to achieve effective communication.

ECOVE not only focuses on resource recycling-related fields in investment planning but also places great importance on implementing sustainable development. Through transparent, professional, and robust corporate governance principles, ECOVE has been consistently ranked in the top 5% of the "Corporate Governance Evaluation" for listed companies for ten consecutive years. This demonstrates our commitment to being a responsible corporate citizen and serves as a model for information disclosure and ethical business practices.

Governance Structure

The Board of Directors of ECOVE is the highest decision-making body of the Company's operation. The election of directors (including independent directors) is based on the candidate nomination system as stipulated in Article 192-1 of the Company Act, and the shareholders' meeting elects directors from the list of candidates, and the directors are eligible to be re-elected. It is also stipulated in the Company's Articles of Association that the Company shall have five to nine directors, all of whom shall hold office for a term of three years, of which two to three shall be elected as independent directors. The average term of office for all directors in 2023 was 6.11 years.
The operation of our Board of Directors follows the "Rules Governing Procedure for Board of Directors' Meetings" and "Guidelines for Board of Directors Meeting Operations Management." The Board holds meetings at least once per quarter, adheres to conflict of interest regulations, and any director with personal interests involved in a board resolution automatically recuses themselves and does not act as a proxy for other directors in voting. The average attendance rate of all directors on the Board of Directors in 2023 was 98%, which is above and in compliance with the 85% corporate governance rating metric. The Chairman of ECOVE has the primary responsibility of overseeing the executive management to ensure that the company's operations and business execution align with the corporate philosophy. The General Manager's primary responsibility is to lead the management team and ensure the overall operations are carried out in accordance with the directives of the Board of Directors. The Chairman does not hold the position of General Manager to avoid conflicts between their respective responsibilities.
To ensure the Board of Directors effectively fulfills its supervisory, auditing, and managerial functions, ECOVE has established an "Audit Committee" and a "Remuneration Committee" under the Board of Directors. The Company also has an internal audit organization that plans and executes auditing activities. The internal audit team reports regularly to the independent directors on auditing matters and attends meetings of the Audit Committee and the Board of Directors to provide reports.

Board Diversity and Independence

The Company's Corporate Governance Principles stipulate that the composition of the Board of Directors should take into account diversity, including but not limited to basic qualifications such as gender, age, nationality and culture, as well as professional knowledge and skills. We are committed to promoting a diversified board structure. The members of the Board of Directors of the Company have acquired the necessary expertise, experience and qualities to fulfill their roles and responsibilities in the fields of engineering and environmental protection, industrial safety, water resources, finance and environmental sustainability, and are well-equipped with an international outlook, decision-making and leadership, and crisis management capabilities to cope with changes in various economic, environmental and social aspects.
The Company's Board of Directors has also formulated specific management objectives for the policy of diversification of the Board of Directors based on the Company's operation, business model and development needs, including that no more than one-third of the Board of Directors should be directors who are also managers of the Company, that there should be at least one female director, and that at least two independent directors should serve for a term not exceeding three consecutive terms. The results of the 2023 Board re-election are in line with the diversity policy and the Board currently consists of nine directors, including one female director (approximately 11%) and three independent directors (approximately 33%), who are responsible for setting the Company's business direction and key strategies.

Directors' Further Training and Performance Evaluation

In order to implement corporate governance and enhance the functions of the Board of Directors, establish performance objectives and strengthen the operational efficiency of the Board of Directors, the Company has established the "Regulations Governing the Board Performance Evaluation," which stipulates that the Board of Directors of the Company shall conduct an internal performance evaluation annually, and shall be evaluated by an external professional independent organization or a team of external experts and scholars at least once every three years, and that the scope of the evaluation shall include the entire Board of Directors, individual members of the Board of Directors, and functional committees; the results of the internal and external performance evaluation shall be completed by the end of the first quarter of the following year. In addition, the item of "participation in ESG management" has been added in December 2023, and the results of the evaluation of the individual performance of directors will also be used as a reference for determining their remuneration. Evaluation methods include internal self-assessments by the Board of Directors and functional committees (Remuneration Committee and Audit Committee), self-assessments by individual Board Members, appointment of external professional bodies, experts, or other appropriate means of performance evaluation.
The company appointed the Chinese Corporate Governance Association, an external professional and independent organization, to conduct a performance evaluation of the board of directors at the end of 2021. The evaluation results and proposed measures will be presented at the 13th board meeting of the 8th term on March 7, 2022. The next performance evaluation will take place at the end of 2024. The results of the Board's performance evaluation, as well as subsequent reviews and improvements, will be reported to the Board and disclosed in the annual report and on the Company's website.

All members of the Board of Directors of the Company have completed relevant training in accordance with the "Guidelines for Continuing Education for Directors and Supervisors of Exchange-listed and OTC-listed companies." The training content covers corporate governance, business ethics and compliance, risk management, corporate sustainability, information security, etc., aiming to enhance the Board's understanding of emerging issues and the effectiveness of corporate governance. In 2023, the average training hours for the Company's directors reached 7.11 hours, with all directors meeting the requirement of a minimum of 6 hours of training under the "Guidelines for Continuing Education for Directors and Supervisors of Exchange-listed and OTC-listed companies." Related information is disclosed on the Market Observation Post System.

Remuneration Structure for Directors and Managers

The remuneration of the Company's directors and managers follows the guidelines and criteria set forth by the Remuneration Committee and the Board of Directors, including the "Guidelines for Director Performance Evaluation and Remuneration System" and the "Guidelines for Manager Performance Evaluation and Remuneration System." The remuneration takes into account industry norms, as well as the Company's performance, individual contributions, and achievements, aiming to provide reasonable compensation.
The compensation structure for managers (including those who are also directors) includes fixed and variable components and is subject to annual performance assessment. The assessment encompasses the achievement of various financial goals (approximately 65% weightage), and non-financial performance indicators (approximately 35% weightage). In addition, the annual salary adjustments and performance bonuses are calculated based on their performance evaluation results compared to general employees. The performance results, salary adjustments, and annual bonuses are reported to the Remuneration Committee and the Board of Directors for discussion.

Starting from 2022, the performance goals for the General Manager and managers have incorporated ESG (Environmental, Social, and Governance) elements. Discussions on goal setting take place at the beginning of the second quarter each year, and the achievement rate is reviewed in the fourth quarter. ESG goals account for a weightage of 10% in the overall performance goals. Key performance indicators include receiving national environmental awards, conducting 20 off-site environmental education activities through the CTCI Education Foundation (CTCI EF), and organizing visits to business locations by the Directors. Furthermore, within the annual performance assessment, supervisors have ESG self-assessment items to encourage them to actively participate in various internal and external ESG activities or awards within the group. This aims to ensure the implementation of the Group's ESG sustainable goals in daily work.
However, there are exceptions for the allocation of stock options and pensions for senior managers, where the distribution of warrants is reviewed by the Remuneration Committee, while pension is set out based on the coverage rate of the old pension mechanism and is controlled by the Pension Supervision Committee and an actuarial firm to protect the retirement rights and interest of senior managers as employees.

The Remuneration Committee and the Board of Directors shall regularly review the reasonableness of the remuneration, and shall review the remuneration system from time to time according to the actual operating conditions and relevant laws and regulations. They shall not guide the directors, general manager, and deputy general manager to engage in acts beyond the Company's risk appetite in pursuit of remuneration, so as to avoid improper circumstances such as the Company suffering losses after payment of remuneration. The distribution of remuneration to employees and directors is regularly reported to the shareholders at the annual shareholders' meeting.

Business Ethics and Legal Compliance

Business Ethics and Legal Compliance

ECOVE adheres to the spirit of integrity in its operations and ensures that daily operations comply with corporate ethics and morals. We have established basic standards of conduct that must be followed by the directors, managers, and general employees, including "Corporate Governance Principles," "Ethical Corporate Management Principles," "Code of Ethics for Directors and Managers," and "Code of Conduct for Employee Professional Ethics," among other regulatory standards. Additionally, we have set forth work rules for all ECOVE employees to follow in their daily business activities. The Company's Group Shared Services is responsible for the development and subsequent implementation of the Corporate Integrity Management Plan, and the General Manager, the highest decision-making authority of the Group Shared Services, determines and supervises the implementation of the Corporate Integrity Management Plan. The Company reports the results of the "Policy for Promoting Corporate Integrity" to the Board of Directors once a year.
With the intention of maintaining fair trade and preventing corruption and bribery, ECOVE strictly requires employees and related parties to conduct transactions without preferential treatment, and not to request, obtain, offer, accept favors such as gifts, entertainment, kickbacks, or bribes for themselves or people around them when performing their duties. Through the internal control system, relevant risks can be confirmed and mitigated for all operating sites. Within the "Code of Conduct for Employee Professional Ethics," it is specified that employees of the Company must not, in any way, engage in political contribution, support specific political parties or candidates, or participate in other political activities that may influence other employees.

In order to ensure that all ECOVE employees are familiar with the various management standards, since 2020, all employees, regardless of their positions, including newly hired staff, are required to sign the "Employee Ethics Commitment Letter." In 2023, the signing rate reached 100%. During the orientation and training for new employees, the importance of ethics and integrity is emphasized, along with an introduction to ECOVE's "Code of Conduct," "No Gift Policy," "Whistleblowing Website," and other legal compliance regulations and reporting mechanisms. ECOVE also requires all employees of affiliated companies and overseas subsidiaries to sign the "Confidentiality, Non-Competition, and Intellectual Property Commitment Letter." In 2023, there were no incidents of corruption or bribery, and our commitment to integrity in business operations has received recognition and approval from our partners.
To continuously strengthen our commitment to integrity in business operations, ECOVE organizes internal and external activities and training sessions related to ethical business practices for all employees on an annual basis. In 2023, we conducted two online corporate integrity courses in which a total of 1,783 employees participated, accounting for 99.6% of the entire workforce. In addition, the education and training program for new recruits also includes courses related to ethics and integrity, such as Code of Conduct, Code of Ethical Conduct, and Business Secrets, and the participation rate is 100%. The total number of training hours for the above related courses is 2,086. All Board Directors also underwent courses related to ethical corporate management issues, and advocacy was further conducted on the issues of legal compliance, avoidance of interest, improper political contributions and donations, with a completion rate of 100%, thereby strengthening the concept of ethical management at the governance level.
In addition, the Company has included the corporate culture of "integrity" in its annual employee performance evaluation index to deepen the link between integrity ethics and positive employee behavior, in the hope that the corporate culture of "integrity" will be deeply rooted in the hearts of each and every employee.

The Company's business scope covers four major areas: waste removal, recycling, renewable energy, and electrical and mechanical maintenance and refurbishment. We regularly review the latest legal changes and updates both domestically and internationally and are committed to establishing a culture of compliance. In 2023, ECOVE did not face any legal actions related to anti-competitive behavior, antitrust and monopoly practices, non-compliance with product and service information and labeling regulations, or violations of marketing and promotion (regulatory or voluntary guidelines). ECOVE had no significant regulatory violations in 2023, except for ECOVE Wujih Energy Corporation, which is currently in the process of filing a complaint with the Department of Environmental Protection due to suspected contamination of samples during dioxin sampling and testing that resulted in an exceedance of the standard. The number and total amount of penalties imposed in 2022 and 2023 are summarized below:

2022~2023 Workplace Safety Penalty Statistics:

Whistleblower and Consultation Mechanism

ECOVE has established the "Whistleblowing Operation Management Measures," which are managed by the Human Resources department. The department is responsible for receiving whistleblower cases and providing initial review recommendations. The cases are then forwarded to the GSS or Group Shared Services for further investigation, ensuring a transparent whistleblowing channel and fair investigation process. ECOVE has also set up a "Whistleblower Website" on the "Employee Opinion Platform," developed by the independent firm Deloitte Taiwan, to protect the rights of whistleblowers and ensure proper investigation and handling of whistleblower cases. Both internal employees and external individuals can freely choose to make reports on the platform, either anonymously or with their names disclosed. External individuals can also report through ECOVE's official website reporting platform.(https://secure.conductwatch.com/ctci/)
If employees have concerns or inquiries regarding the various codes of conduct or ethical business practices, they can consult with their supervisors or contact the internal complaint mailbox. (HR@ecove.com) Five complaints were received in 2023 and only one was substantiated and closed after investigation. ECOVE will continue to follow the brand positioning of "Most Reliable" and continue to implement the Ethical Corporate Code of Integrity, reaffirming and reinforcing employees' beliefs in integrity - honesty, commitment, and sincerity, including: organizing training courses to deepen trust in the corporate culture; organizing online ethical and integrity training courses for all employees and signing of declarations, etc., as well as ensuring a smooth channel for employees to report operations, and increasing the resolve of colleagues to expose malpractices.

Business Ethics Reporting Acceptance Cases Statistics for 2023

Risk Management

In order to strengthen the operational quality and competitiveness of the Company and its subsidiaries, the Company systematically identifies and evaluates the risks it may face in the course of its operations and formulates appropriate risk management strategies to reduce the likelihood of the occurrence of risks and their negative impacts, as well as implements an all-employee risk culture, promotes the Company's core values to its employees, sets behavioral indicators, and strengthens the organization's behavioral and internalized awareness of risks.

Risk Management Policy and Organization

ECOVE focuses on the risks faced in the course of operation to integrate the corporate risk management framework and build a perfect risk management organization and system. In 2017, ECOVE issued the "Risk Management Guidelines" and set up the "Risk Management Executive Committee" to formulate the "Risk Management Policies," which serves as the supreme guiding principle of the Company's risk management and the management procedures, and clearly regulates the policy, purpose, scope, and organizational structure of risk, unit's authority and responsibility, risk management mechanism and execution process, and incorporate the risk management system to implement risk management. The Risk Management Executive Committee reports to the Board at least once a year.
The "Risk Management Executive Committee" is the decision-making unit of the Company's risk management and is chaired by the General Manager. The committee meets quarterly and is responsible for approving risk management policies and guidelines, reviewing management reports, strategies, and improvement plans of each unit, ensuring the effectiveness of risk management measures, etc., and continually reviewing the effectiveness of the control measures through audits to help the Board of Directors and managers to ensure that the risks are effectively controlled. The Risk Management Committee is composed of the Chairman of the Board of Directors, the General Manager, and the head of the department under the General Manager. The Risk Management Committee of each company shall be fully responsible for risk management, including risk identification, assessment, reporting, execution and supervision of day-to-day control measures, and promotion of improvement programs.
The Risk Management Committee's roles and responsibilities include promoting, supervising, identifying and managing significant risks, compiling and compiling risk profiles and improvement plans for each company, collecting and monitoring significant risk events in each company, evaluating the extent of impacts, reporting significant risks and related improvement plans to each company's general manager, communicating risk management guidelines to members, identifying, analyzing, evaluating, handling and reporting the risks of the units under our control, ensuring the effective implementation of the risk management and related control procedures of the units under our control, participating in the meetings related to the risk management of the units under our control, providing the opinions related to the risk management and control, accepting the related risks of the units under our control, proposing the risk mitigation plans/measures of the units under our control and handling and tracking the control according to these plans/measures, informing the colleagues of the units under our control of the items that should be followed and cooperated with by us, and assigning a responsible person for the management and control of the risk management projects as necessary.

Organization Chart of the Risk Management Committee

ECOVE categorizes risks into five major types: information security risks, safety, health, environmental risks, operational risks, quality control risks, and climate change and the risks of natural disasters. Through the processes of risk identification, risk rating, risk response and disposal, major risks are identified and effective actions are taken to manage the risks or to grasp the possible opportunities, and the mechanism of handling and control of emergency risk events is defined for the classification of risks, whereby the "alert standards" and "action standards" are set up as the bases for risk handling and control.

The risk management process is described below:

In the risk management report for fiscal year 2023, a total of six risks were identified, such as: unanticipated furnace shutdowns, violation of environmental laws and regulations and penalties, employees modifying the weighbridge system settings in an attempt to obtain improper benefits, affecting the Company's revenues and goodwill, the loss of key personnel, the failure to renew existing contracts, and the support of key materials and technicians, etc. After discussion, the risk inventory proposed a number of actions to control the risk, and the action measures were all handled in accordance with the requirements.

Internal Control System

ECOVE's internal control system is based on the "Guidelines for Establishing Internal Control Systems for Publicly Issued Companies" issued by the Financial Supervisory Commission. It incorporates elements such as control environment, risk assessment, control activities, information and communication, and monitoring. Designed by managers, approved by the Board of Directors, and implemented by the Board of Directors, managers, and other employees, the system aims to promote sound business operations, ensure operational effectiveness and efficiency, reliable and timely information reporting, and compliance with relevant laws and regulations. It is regularly reviewed to adapt to changes in the internal and external environment, ensuring the ongoing effectiveness of system design and implementation.
ECOVE has an internal audit unit under the oversight of the Board of Directors. The unit has established an internal audit system, which is approved by the Board of Directors. It is staffed with a dedicated audit manager and works in conjunction with the Audit Committee to assist the Board of Directors and managers in examining and reviewing deficiencies in the internal control system, measuring operational effectiveness and efficiency, and providing improvement recommendations as necessary. This ensures the continuous and effective implementation of the internal control system and serves as a basis for reviewing and revising the system.
The audit department develops an annual audit plan based on risk assessments and submits it for approval by the Board of Directors. It then carries out various audit procedures according to the plan. Identified deficiencies and abnormal issues related to the internal control system are disclosed in audit reports, which are tracked and followed up on after submission. Follow-up reports are prepared at least quarterly until improvements are implemented to ensure that relevant departments have taken timely and appropriate corrective measures. The audit manager reports the results of the independent director audit plan execution monthly and has individual face-to-face meetings with independent directors every quarter to discuss internal control and audit-related matters. The audit manager also attends Audit Committee and Board of Directors meetings to present audit business reports and demonstrate the effectiveness of the audit function.

Information Security

ECOVE adheres to the protection of our customers' important intellectual assets. We strengthen the reliability and quality of project execution through a sound information security governance system, regular information security risk assessment, and a diversified information security management mechanism, etc., and comply with the industry's major requirements or legal regulations in order to enhance the trust of our customers. ECOVE also actively identifies and reduces information security risks through standards such as the Regulations Governing Establishment of Internal Control Systems by Public Companies, the Trade Secrets Act, the Personal Data Protection Act, and the Cyber Security Management Act, to enhance the quality of information security on all fronts. In 2023, ECOVE did not have any information security incidents that caused damage to the Company's goodwill, harmed customer relationships, or affected the Company's revenue, nor did it have any substantiated complaints about infringement of customer privacy.

Information Security Management System

ECOVE complies with the requirements of Article 9-1 of the Regulations Governing Establishment of Internal Control Systems by Public Companies, and has announced the establishment of a dedicated information security unit in 2023 (including a dedicated head of information security and a dedicated staff of information security), and the dedicated staff of information security has passed the training of the new version of ISO27001:2022 for leading auditors. We have re-examined the "Information Security Management Guidelines" and the accompanying standards in the spirit of ISO/IEC 27001 to regulate the Company's information security management system, in order to ensure the confidentiality, completeness, and usability of information under the Company's jurisdiction, and to further safeguard the rights and interests of the Company and all of the associates. In 2023, ECOVE, its subsidiaries, and domestic and overseas factories, projects, and sites were randomly inspected for a total of 23 safety audits, with a total of 120 items, of which 115 have been improved and 5 are still being tracked.
In addition, in accordance with the relevant provisions of the Risk Management Guidelines, the "Risk Management Executive Committee" is the main promotion organization of the Company's risk management. Upon the instruction of the Committee, the Committee is required to submit a "Security Management Report" on the results and effectiveness of the implementation of the social drills, anti-virus system, firewall, email filtering system, and email audit system on a regular basis every year, which will be consolidated into the "Risk Management Executive Committee Report," and report the status and plans of the annual work to the Board of Directors every year.

Information Security Management Mechanisms

Information Security Management Mechanisms

In order to continuously strengthen information security management operations, ECOVE continues to invest resources in information security-related matters every year. In 2023, the investment in information security-related software, hardware, and service rentals reached NT$6,790,000. Resource allocations include strengthening security defense equipment, upgrading and revising antivirus software, replacing outdated servers, following the "3-2-1 backup principle" for backup system replacement, engaging professional cybersecurity vendors for security assessments and improvements, and reinforcing security management systems and education training. These efforts span from management to technical aspects to enhance information security capabilities.
Due to the significant damage caused to well-known companies by ransomware attacks in recent years, ECOVE has established a "Social Engineering Attack Prevention" website and a "Fraudulent Email Reporting Inbox" to assist employees in identifying and avoiding risks associated with "fraudulent/phishing emails" and more precise "Business Email Compromise (BEC)" attacks. Based on information security risk considerations, we have conducted a comprehensive inventory and implemented security protection work, such as the replacement of old servers and improvement of old systems, the replacement of Windows Server 2008, the replacement of the work hour management system, and the replacement of mail antivirus and spam filters, and the addition of new fraudulent features, and other important operations. To effectively distribute the potential losses caused by information security risks, the Company purchased "Electronic Equipment Comprehensive Insurance" in 2023, with a total coverage amount exceeding NT$56.51 million.
Employees in the Information Service Center have set different items and goals for their respective responsibilities within the "2023 KPI Performance Targets and Scoring Method," including incidents of computer infection within the domain, network, servers, application systems, etc., unplanned service interruptions, non-disaster or external force-induced service disruptions, high-risk individuals in social engineering drills, security inspections, information security audits, etc., to ensure the implementation of various information security measures.

Information Security Incident Notification

According to the "Information Security Management Guidelines," if employees detect a computer virus intrusion or other malicious software, they should immediately notify the nearest Information Center or the computer administrator of their department for handling. In practice, when the Information Service Center receives notifications from the antivirus system (indicating that automatic cleaning or isolation has failed), they proactively intervene to prevent individual employees from neglecting the antivirus system's alarm notifications. In 2023, there were 0 warnings or notifications of poisoning, 0 automatic cleanups, 1 automatic quarantine, and 4 notifications of information security incidents, which did not result in any data loss or customer damage, and so far, there have been no security incidents affecting the normal operation of the internal information system and information-related facilities. In the future, we will continue to refine and review the relevant processes to comprehensively improve the management of information security and align with the international quality requirements.

Information Security Training and Drill

In order to make our employees understand the importance of information security, enhance their awareness of information security and emergency response capabilities, and effectively control risks, we organize various types of education and training according to different target groups to effectively enhance the awareness of information security and the ability to protect information security. We continue to promote social engineering drills and conduct education and training on "Understanding Social Engineering Attacks and Information Security Advocacy" for those who have medium and high risks as a result of the drills. In addition to submitting a 500-word report on the experience of the training, we will also increase the number of interviews with general manager for those who have been trained for the second consecutive time or those who have been trained for the second time and will submit a 500-word report on the experience of the interview in order to strengthen the awareness of employees on information security and to prevent the leakage of confidential information.

Business Results and Industry Outlook

Business Results

Industry Outlook

In 2023, ECOVE will continue to integrate SDGs, deepen the domestic market, expand overseas presence, and strive for more project collaboration opportunities. Additionally, we respond to the development trend towards a circular economy model in the market by actively expanding operations in waste resource utilization to enhance resource cycling efficiency. Leveraging our core capabilities and existing business expansion, we will continue to deepen our presence in the areas of "waste removal," "recycling," "renewable energy," and "electrical and mechanical maintenance and refurbishment," showcasing Taiwan's technical expertise and strength in the resource cycling industry to the world.