Insight: MILLION: A General Multi-Objective Framework with Controllab

Winners Consulting Services Co. Ltd. (積穗科研股份有限公司), Taiwan's expert in Enterprise Risk Management (ERM), highlights a landmark 2024 study that fundamentally changes how organizations should think about risk control: for the first time, researchers have mathematically proven that "perfect risk control" is achievable within a defined interval—and that doing so does not sacrifice returns. For Taiwanese executives building COSO ERM frameworks and ISO 31000 compliance mechanisms, this research offers a powerful methodological blueprint for transforming risk appetite from qualitative aspiration into quantifiable, enforceable boundary.

About the Authors and This Research

This paper is co-authored by three researchers at the intersection of artificial intelligence and financial technology (FinTech): Liwei Deng, Tianfu Wang, and Yan Zhao. Their combined expertise spans machine learning, quantitative finance, multi-objective optimization, and risk modeling.

Liwei Deng holds an academic h-index of 2 with 34 cumulative citations, focusing on the integration of machine learning with quantitative portfolio strategies. Tianfu Wang, with an h-index of 4 and 42 cumulative citations, is the team's most academically influential member, with a sustained publication record in deep reinforcement learning applied to financial decision-making. Yan Zhao brings a dual background in risk modeling and multi-objective optimization, bridging theoretical rigor with practical implementation.

Their collaboration represents a significant trend in the global ERM landscape: financial risk management is transitioning rapidly from intuition-driven judgment to algorithm-powered, explainable quantitative frameworks. Published on arXiv in 2024 under the Enterprise Risk Management classification, this research represents one of the most current contributions to the field. For Taiwanese C-suite executives and board members, understanding the direction of such research is equivalent to previewing the evolution of global ERM practice over the next 3 to 5 years.

The MILLION Framework: AI-Driven Multi-Objective Optimization with Theoretically Guaranteed Risk Control

The central research question of this paper is deceptively simple yet profoundly difficult: How can portfolio management simultaneously maximize returns AND control risk to a user-specified level—not as a post-hoc adjustment, but as a built-in architectural guarantee? The MILLION framework (Multi-objectIve framework with controLLable rIsk for pOrtfolio maNagement) answers this through two integrated phases, validated across three real-world datasets with extensive experiments.

Core Finding 1: Dual Auxiliary Objectives in the Return Maximization Phase Systematically Prevent Overfitting

Conventional portfolio optimization models are notorious for overfitting to historical data—performing brilliantly in backtesting but collapsing in live markets. MILLION addresses this by introducing two auxiliary learning objectives alongside the primary portfolio optimization goal: return rate prediction and return rate ranking. These are not cosmetic additions. Each auxiliary objective constrains the model from a different angle, forcing it to develop genuinely generalizable representations of market dynamics rather than memorizing historical noise. The practical implication for enterprise risk management is direct: any KRI (Key Risk Indicator) model or predictive risk framework optimized solely on historical data faces the same generalization failure risk. Multi-objective design is not an AI luxury—it is a risk management necessity.

Core Finding 2: Portfolio Interpolation Provides Mathematically Proven Perfect Risk Control

This is the paper's most theoretically significant contribution, and the one most directly relevant to ERM practitioners. The researchers propose two risk control methods—Portfolio Interpolation and Portfolio Improvement—and provide rigorous mathematical proof for the following claims: (1) When the target risk level falls within a properly defined interval, Portfolio Interpolation achieves perfect risk control; (2) The return rate of the interpolation-adjusted portfolio is no less than that achieved by traditional min-variance optimization, provided the return maximization model is effective; (3) Portfolio Improvement achieves higher return rates than Portfolio Interpolation while maintaining the same risk level. These three theoretical guarantees collectively demonstrate something of profound importance to ERM practitioners: it is possible to set a hard quantitative ceiling on risk without sacrificing efficiency—precisely what ISO 31000's risk criteria (Section 6.3) and COSO ERM's risk appetite concept demand in organizational settings.

Implications for Taiwan Enterprise Risk Management (ERM) Practice

The most important lesson from MILLION for Taiwanese enterprises is not "we need to deploy AI investment systems." It is a more fundamental methodological shift: risk management cannot remain at the level of "describing how large the risk is." It must evolve to "setting a risk ceiling and using a systematic method to ensure it is never breached."

Mapping MILLION's architecture to the COSO ERM 2017 framework's five components—Governance and Culture, Strategy and Objective-Setting, Performance, Review and Revision, and Information, Communication and Reporting—the risk control phase maps directly to the Performance component's risk response and risk appetite enforcement. COSO ERM requires organizations to set acceptable risk appetite at the strategic level and ensure all activities operate within that appetite at the execution level. MILLION provides a concrete technical demonstration of how this can be achieved with mathematical rigor.

Against ISO 31000:2018's core principles, the paper's dual auxiliary objective design embodies the complete risk treatment cycle from Clause 6.3 (Risk Identification, via return rate prediction) through Clause 6.4 (Risk Analysis, via return rate ranking) to Clause 6.5 and 6.6 (Risk Evaluation and Treatment, via portfolio adjustment to target risk levels). ISO 31000 explicitly requires that risk management be "dynamic, iterative, and responsive to change"—MILLION's Portfolio Improvement method is the technical realization of exactly this dynamic adjustment capability.

Three pain points most commonly observed in Taiwanese ERM practice align directly with this paper's findings: First, risk matrices remain qualitative with no quantitative risk ceiling; second, KRI design lacks statistical foundations for forward-looking prediction; third, board-level risk governance discussions lack quantifiable decision bases. The three-step MILLION methodology—set a controllable risk interval, theoretically guarantee non-breach, dynamically adjust toward superior performance—is the methodological blueprint for solving all three.

How Winners Consulting Translates This Research into Actionable ERM Practice for Taiwan Enterprises

Winners Consulting Services Co. Ltd. (積穗科研股份有限公司) specializes in helping Taiwanese enterprises implement ISO 31000 and COSO ERM frameworks, design risk matrices and KRI systems, and strengthen board-level risk governance. Drawing directly from the MILLION framework's core insights, we recommend the following three concrete actions:

1. Redesign Risk Appetite Statements with Quantitative Interval Boundaries: MILLION's theoretical proof shows that perfect risk control requires setting a "proper interval" for target risk levels. Organizational risk appetite statements should follow the same logic: replace qualitative descriptors ("conservative," "moderate") with quantitative upper and lower bounds for each major risk category—financial volatility ceilings, project delay tolerance thresholds, operational incident frequency limits. Winners Consulting helps enterprises transform abstract risk appetite into measurable KRI thresholds that comply with ISO 31000:2018 Clause 5.4.1 Risk Criteria requirements within 60 days.
2. Implement Multi-Objective Risk Assessment to Prevent Single-Indicator Failure: The central lesson of MILLION's dual auxiliary objective design is that single-objective optimization leads to overfitting and brittleness. The ERM equivalent is over-reliance on a single risk matrix score. Enterprises should simultaneously track multiple KRIs across both leading indicators (predictive signals of emerging risk) and lagging indicators (confirmatory evidence of realized risk), with statistically validated thresholds for each. Winners Consulting builds multi-dimensional risk monitoring dashboards aligned with COSO ERM's Performance component, incorporating regular ISO 31000-compliant risk reviews to ensure the indicator system remains calibrated to current conditions.
3. Institutionalize Dynamic Risk Adjustment Capability—Fast Risk Adaptation as Standard Operating Procedure: MILLION's Portfolio Improvement method demonstrates that it is possible to continuously improve performance without increasing risk exposure. Taiwanese enterprises can institutionalize this principle through quarterly ERM dynamic calibration cycles: when significant external changes occur (geopolitical shifts, currency volatility, supply chain disruptions), the organization can complete risk matrix updates, KRI threshold recalibration, and board risk reporting within 30 days. Winners Consulting provides a standardized ERM Dynamic Calibration Toolkit to make this rapid adaptation capability a permanent institutional feature rather than an ad hoc crisis response.

Frequently Asked Questions

How can enterprises practically implement "controllable risk intervals" in daily ERM operations?

Begin by redesigning your Risk Appetite Statement. MILLION's theoretical proof demonstrates that perfect risk control becomes achievable once target risk levels are set within a properly defined interval—the same principle applies to organizational ERM. The recommended approach is to define three quantitative tiers for each major risk category: Comfort Zone, Warning Zone, and Unacceptable Zone, each with corresponding KRI trigger conditions. This transforms risk appetite from a narrative policy into an operational control mechanism. Winners Consulting can complete this transformation within 60 days, ensuring full alignment with the risk treatment cycle specified in ISO 31000:2018 Clauses 6.3 through 6.6, and the Risk Response component of the COSO ERM Performance element.

What are the current regulatory ERM compliance requirements for Taiwan listed