TRADETOOL AUTO CO., LTD.

Risk Management Policy

To address potential threats to our company and its subsidiaries' business operations, we implement risk management based on the risk management policy and procedures approved by the Board of Directors on January 25, 2022, as the overarching guiding principles. Starting from 2024, the Audit Committee has been added to oversee the risk management policy and framework, review significant risk issues, and report on the related operational situations.

Risk Management Organizational Structure

Risk Management Procedures

Operational Status in 2024

The company actively promoted the implementation of a risk management mechanism in 2023. Various responsible units assessed a range of risks in the operational process, establishing an early identification, precise measurement, effective supervision, and strict control mechanism for risk management to ensure the achievement of operational goals. An annual report on its operations was presented to the board of directors, with the most recent report dated August 12, 2024.

Risk	Risk Explanation	Response Measures and Prevention Suggestions
Operational Risk	Market Changes	Conduct monthly "Subsidiary Supervision Meetings" chaired by the CEO, involving department heads to discuss and analyze the achievement status of operational plans, performance tracking, and initiate responsive strategies. Management constantly monitors significant domestic and international policy and legal changes, promptly responding to regulatory opinions and proactively proposing responsive measures.
	Compliance with Laws and Regulations	Continuously implement corporate governance, internal control systems, and internal audit systems. Audit personnel conduct audits based on major cycles and important operations, confirming colleagues' business execution to reduce legal risks. Enhance training on domestic and international regulations for colleagues, encouraging participation in professional seminars or training courses.
	Employee Safety	Identify, assess, and control hazards in the workplace, reducing environmental risk factors. Develop educational materials based on common occupational injury cases to promote awareness among colleagues. Continuously improve safety and health measures, creating a safe, healthy, comfortable, and friendly work environment. Regularly review legal developments, assess potential impacts on the company, and revise related regulations and measures according to internal control procedures. Regularly disinfect the work environment and provide workplace safety protective equipment.
Financial Risk	Interest Rate Changes Exchange Rate Fluctuations Derivative Product Risks Currency Inflation Fluctuations	Monitor interest rate trends closely, adjusting fund utilization as needed to reduce the cost of acquiring funds. Align future fund needs with global economic trends and overseas market expansion before deciding whether to use derivative financial products or increase foreign currency liabilities to hedge against currency volatility. The group focuses on the core business operations, avoiding high-risk, high-leverage investments, and derivative product transactions. The group is only influenced by industry-specific characteristics, with inflation rates having no significant impact on operations.
Environmental Risk	Climate Change	Establish a greenhouse gas emission inventory, conduct an annual greenhouse gas inventory, and obtain third-party independent verification.

Information Security Risk Management Framework

● The information department is in charge of information security-related affairs, strengthens information security management and inspection, ensures the confidentiality, integrity and availability of the information assets it belongs to, and provides an information environment for continuous business operations.
● Formulate relevant policies and management mechanisms, regularly review and report to the board of directors.

Information Security Policy

● Manage the confidentiality, availability, integrity, access rights, etc. of preserved information.
● To ensure the stability of the information services provided so that the company's business operations can continue to operate.

Specific management plan

● Irregularly handle information security and personal data protection publicity operations, and all new recruits must sign a confidentiality agreement.
● Outsourced manufacturers sign a confidentiality agreement to ensure that when using the company's information services or performing related information business, they have the responsibility and obligation to protect the information assets they obtain or use from the company to prevent unauthorized access and unauthorized access. alter, destroy or improperly disclose.
● Anti-virus software has been installed on the user's computer, and the update of the virus code is regularly confirmed, and the use of unauthorized software is prohibited.
● Users are required to be responsible for keeping and using their accounts, passwords and permissions, and to change passwords regularly.
● Appropriate backup or monitoring mechanisms have been established for important information systems or equipment and drilled regularly to maintain their availability.
● Internal audits are carried out on a regular basis every year to ensure the effectiveness of information security and personal information protection management systems.

Managed resources and actual implementation

● The deputy general manager of the company is responsible for the promotion of information security policies and resource scheduling. On November 11, 2022, the board of directors discussed the establishment of a dedicated information security unit and reviewed information security policies, and set up an information security supervisor and a dedicated person. Responsible for information security related matters.
● Promotion of information security matters will be conducted in May and November 2024 to strengthen employee communication security concepts and management.