Guiding Principle

In November 2018, the YFY Board of Directors approved the Sustainability and Social Responsibility Code, the Corporate Governance Code, and the Integrity Management Code. These guidelines address issues of integrity, governance, environment, and social responsibility, and are designed to guide both internal and external communication and compliance.

Dedicated Units

The company has established a dedicated unit, the "ESG Office," to drive the group’s sustainable development and oversee ESG projects. The ESG Office is primarily responsible for:

• Identifying key issues and establishing management strategies, goals, and plans.
• Enhancing Board oversight and monitoring ESG performance to build stakeholder trust.
• Adopting global sustainability standards and transparently managing ESG indicators.
• Communicating sustainability performance and engaging with stakeholders.

Sustainable Development Committee

To further advance ESG initiatives, the company established a cross-business group, the "Sustainable Development Committee," in September 2021. The first committee meeting was held in May 2022, elevating ESG management to the board level and establishing it as a functional committee distinct from the statutory board. The committee is chaired by the YFY Chairperson and includes two directors, four independent directors, and the ESG Office serving as the executive secretary. The working group meets monthly and reports to the Sustainability Committee at least twice a year. In 2023, the Sustainable Development Committee held two meetings with a 100% attendance rate.

Seven working groups have been established under the committee, led by senior department heads. These groups coordinate with members from the relevant functional departments and include the Corporate Governance Group, Environmental Sustainability Group, Employee Relations Group, Responsible Supply Chain Group, Social Participation Group, Information Security Group, and the newly formed Risk Management Group (established in 2023). They collaborate with the respective heads of each business group to advance risk assessment and internal management of environmental, social, and governance issues related to the company's operations, and to propose planned actions and target directions. For more details, please refer to Chapter [Materiality and Stakeholders].

In 2023, the Sustainable Development Committee reported the following to the Directors:

• Sustainability report and key performance indicators related to ESG.
• The implementation status of monthly sustainability meetings, along with ESG improvement priorities and action plans for each working group.
• Carbon inventory and management.
• ntroduction to international enterprise sustainability evaluations and TCFD
• ESG education and training for the supply chain.
• Implementation status of the energy conservation and carbon reduction plan.
• Review of significant emerging risk projects

ESG Internalization

 YFY’s governance unit and senior management participate in annual ESG education, training, and forums. The aim is to integrate ESG into daily operations, enhance sustainability awareness and knowledge among all employees, and cultivate a culture of sustainability. Please refer to P.25 and P.35 of the annual report for more details. Additionally, the ESG office has organized various courses, including carbon inventory training for group subsidiaries, ESG capital expenditure briefings, and supply chain ESG internal training, to further deepen employees' sustainability awareness in their business activities.

Sustainable Governance Operational Structure

 YFY identifies key material topics each year and submits them to the Sustainable Development Committee for approval. These topics guide our annual projects and stakeholder communications. YFY has established specialized communication channels for different stakeholders to address their needs and protect their rights and interests. Below are the details.  In 2023, there were no appeal cases.

Materiality Identification Process

Material Matrix

In 2023, among the 16 major themes identified, 6 are related to governance/economics, with 2 identified as having positive impacts. Additionally, three out of the 6 environmental themes are expected to bring positive benefits. Among the 4 social themes, 2 are anticipated to have positive impacts. Overall, the positive themes predominantly fall within the quadrant characterized by "medium-to-large impact and medium-to-high probability of occurrence." Conversely, the negative themes are mainly situated in the quadrant denoted by "medium-to-large impact but medium-to-low probability of occurrence."

Based on the results of the materiality analysis, we have identified the three most important topics, objectives and progress for YFY, which are listed in the table below:

We have further identified two topics that have the greatest impact on YFY's external stakeholders, which are listed in the table below:

Responding to climate change and assessing its risks and opportunities is crucial for governments and businesses globally. Environmental risks, low-carbon alternatives, energy transition, and resource efficiency are vital for manufacturing. Since 2021, YFY has utilized TCFD's core elements to identify and analyze potential climate risks, and has actively implemented adaptation and mitigation actions to ensure the sustainability of its personnel, assets, and operations.

Climate Governance: integrated into the company’s comprehensive risk management system

The Board of Directors has established a functional committee named the "Sustainable Development Committee," chaired by the YFY Chairperson and comprising two directors and four independent directors. Seven task force teams operate under this committee, meeting monthly. The chairperson leads the task force teams, guiding senior management in coordinating departmental efforts across the business group to promote operational and climate-related risk assessment and internal management.

The Environmental Sustainability team, led by the Chief Operating Officer, regularly reviews climate risks, opportunities, response strategies, and project implementation to align with goals. The newly formed Risk Management team, initiated in 2023, promotes the YFY's risk management and communicates with other task force teams in real time to accurately grasp risks across different areas, including market and industry, operations, environment (including climate), finance, raw materials, supply chain, legal compliance, and information security. In 2023, under the supervision of the Risk Management team and management, two risk training sessions were held. Risk authorities assessed 53 risks, discussing their impact and probability, and identified six medium- and high-risk issues. Among these, a climate transition risk was highlighted, where carbon fee payments increase operating costs.

 In 2018, the Board of Directors approved the “Sustainability and Social Responsibility Code,” mandating that the company fully consider environmental impacts in its business activities. The company must also develop and implement energy conservation, carbon reduction, and greenhouse gas reduction strategies based on operational status and greenhouse gas inventory results to minimize the impact of business activities on climate change.

Strategy

YFY integrates climate change issues into its business strategy, identifying short-, medium-, and long-term climate risks and opportunities and helping YFY understand the financial impact of climate change and plan effective response strategies.

Climate Risk and Opportunity Assessment.

We refer to international climate events and industry trends, domestic and foreign regulations, policies, research from authoritative institutions, and reports from peer companies to identify issues relevant to the paper industry. Through cross-business group discussions and workshops, we use the TCFD materiality methodology to rank the impact and likelihood of risks and opportunities. This process identifies major climate-related risks and opportunities in our operations, as shown in the matrix, with high-risk/opportunity issues in the upper right corner.

In line with the YFY's risk management process, risk identification is reviewed annually. The 2023 review maintains the previous year’s list, including three transition risks, two physical risks, and five opportunities. Following UN SDG guidelines for sustainable consumption and responsible production, YFY has adopted sustainable circularity as a key strategy. This includes using agricultural and forestry by-products as raw materials, recycling continuously, producing renewable paper and materials, and advancing initiatives in renewable energy, water management, and carbon management as part of our climate response actions.

Risk and Opportunity Matrix

 Accordingly, we assess the potential short-, medium-, and long-term financial impacts of these 10 risks and opportunities and develop strategies and management plans to address them, as set out below.

Risk Management

Under the Sustainable Development Committee's structure, the Environmental Sustainability team regularly identifies climate risks and opportunities, while maintaining close communication with the Risk Management team to integrate major risks and opportunities into the company's overall risk management system. 

In 2023, the ESG Office, serving as the Executive Secretary of the Committee, delivered biannual reports on task force teams’ progress and outcomes, and the implementation progress of the energy conservation and carbon reduction plan for oversight and recommendations from the directors. At the end of the year, the Risk Management Team presented six medium- and high-risk issues and their countermeasures to the Committee, with the top two emerging risks selected by committee members. The task force team meeting will track the effectiveness of emerging risk management in late 2024 and report to the Committee and the Board.

Metrics and Targets

YFY continues to develop climate-related indicators for managing greenhouse gases, energy, water, and waste, advancing toward our net-zero goal. Currently, we do not use carbon offset credits or renewable energy certificates to meet these climate goals.

The company has established "Risk Management Policies and Procedures," with the Sustainability Development Committee overseeing risk management in accordance with these policies. This committee includes a risk management group responsible for driving risk identification and management across various areas, including finance, operations, information security, and legal compliance. We provide regular reports to the board of directors. On November 13, 2023, we presented the board with an overview of the risk management organizational structure, procedures, and operations. Additionally, on November 13, 2024, we reported on the operational performance for the current year. We will continue to develop, implement, and refine risk management strategies and monitor their effectiveness. For detailed information on the operation of our risk management policies and procedures, please refer to P.99-P.100 of the annual report.

Regarding risk assessment and response, after identifying 66 risks in 2024, the risk management team prioritized key risks for management and control in 2025. Then, the Sustainable Development Committee identified the top two emerging risks for further attention.

Impact and Response to Emerging Risks

Risk Sensitivity Analysis

The company manages financial risks associated with its operations, which encompass market risks (including exchange rates, interest rates, and other prices), credit risks, and liquidity risks. The assessment also covers risks related to the Labor Standards Act pension system, such as investment, interest rate, and salary risks.

For detailed analysis, please refer to Appendix P.216, P.238~240, P.298 and P.308~310 of the 2023 Annual Report.

Unit: NT$ thousand

Information Security Risk Management Framework

Our company’s information security risk strategy is centered on leveraging technology and strengthening cybersecurity governance. Through a professional IT management and technical service platform, we ensure clear division of responsibilities, sufficient technical support, and robust control mechanisms across the company and its affiliates.

To comply with government regulations and enhance our cybersecurity governance, a dedicated Information Security Management Unit was established in November 2022. This unit is led by a Chief Information Security Officer (CISO) and is equipped with appropriate human, material, and financial resources. It includes a designated head of information security and two specialized personnel, tasked with implementing, supervising, and reviewing cybersecurity management practices. Starting in 2023, monthly information security meetings have been held, totaling 12 sessions annually. The unit operates under the direct supervision of the Chairman, who reviews the company’s cybersecurity policies and objectives at least once per year. Internal security audits and assessments are conducted regularly, with concrete management plans proposed and reported to the Board of Directors. Potential risks are assessed and addressed through strategic planning.

In line with the company’s operational management protocols, annual system disaster recovery drills and simulation exercises are conducted. Any identified deficiencies or suggestions are promptly addressed. The company also undergoes periodic inspections and verification by internal and external third-party audit units.

To further strengthen information security management, the company has obtained the CompTIA Security+ international certification. In 2023, we established the Information Security Control Guidelines, which serve as the company’s highest-level cybersecurity policy. These guidelines include key aspects such as security policy enforcement, protective controls, outsourcing management measures, system risk assessment and maintenance, incident response and reporting, and performance management mechanisms. All policies have been approved by the Board of Directors. Notably, no cybersecurity incidents occurred this year that could harm the company’s reputation, customer relationships, or revenue.

Information Security Policy and Management Plan

Through the interaction and checks and balances between humans and machines, software and hardware, an information security management network is constructed. Various established policies are implemented through this network: