Risk management system

Credit risk refer to the risk of financial loss in credit assets (including off-balance sheet instruments) caused by deteriorationin the credit conditions of counterparties. With Credit Analysis Group set up in the Corporate Risk ManagementDivision, we strive to maintain the status of credit facilities at an appropriate level.

Market risk refer to the risk of financial loss where the value of our assets and liabilities could be adversely affected by changes in market variables such as interest rates, securities prices and foreign exchange rates. Market liquidity risk is the risk of financial loss caused by the inability to secure market transactions at the required volume or price levels as a result of market turbulence or lack of trading liquidity. With Risk Management Group set up in the Corporate Risk Management Division, we set market risk limits and loss limits so that we will not have excessive market risk.

Liquidity risk refer to the risk of incurring loss if a poor financial position at a group company hampers the ability to meet funding requirements or necessitates fund procurement at interest rates markedly higher than normal. In light of the importance of liquidity risk management, we organizationally separate the division managing funding liquidity (Corporate Risk Management Division) from the division managing cash flow (Domestic Asset Services Division) and regularly conduct monitoring on the funding status and the market environment.

Operational risk refer to the risk of loss resulting from inadequate or failed internal processes, people or systems, or from external events. Among operational risk components, we manage operations risk, information risk, IT risk, incompliance with laws and regulations risk, legal risk, tangible asset risk, and personnel risk as especially important.

(i) Operations Risk Management

Operations Risk refer to the risk of incurring loss that might be caused by negligence of correct operational processing, or by incidents or misconduct by either officers or staff, as well as other similar risks. The Corporate Risk Management Division is charged with managing Operations Risk and we strive to improve the standards of operations and prevent inappropriate operation procedures by continuously establishing and enhancing manuals, ensuring thorough compliance with authority and rules when carrying out operation procedures and regularly conducting training and providing guidance.

(ii) Information Risk Management

Information risk refer to the risk of loss caused by loss, alteration, falsification or leakage of personal or other confidential information, as well as similar to these risks. The Corporate Risk Management Division is charged with managing Information Risk and we take measures, such as ensuring thorough management of internal information, including customer information by strengthening internal rules.

(iii) IT Risk Management

IT Risk refer to the risk of loss arising from destruction, suspension, malfunction or misuse of IT, or unauthorizedalteration and leakage of electronic data caused by insufficient IT systems planning, development or operations or by vulnerabilities of or external threats to IT system security, including cybersecurity, as well as risks similar to these risks. IT Risk includes those related to system assets, such as hardware, software, networks, and other components of computer systems. The Corporate Risk Management Division is charged with managing IT Risk and implements measures to be prepared for any system failure through establishment and enhancement of internal rules, such as by duplicating computers, networks, and other critical devices.

(iv) Incompliance with Laws and Regulations Risk

Incompliance with laws and Regulations Risk refer to the risk of loss due to failure to comply with laws and regulations, as well as risks similar to these risks. We have a structure in place for Law and Compliance Group established in the Corporate Risk Management Division to centrally manage Incompliance with laws and Regulations Risk. At the same time, we ensure that officers and employees fully comply with laws and regulations.

(v) Legal Risk Management

Legal risk refer to the risk of a loss due to failure to identify or address legal issues relating to contracts and other business operations or insufficient handling of lawsuits, as well as risks similar to these risks. We have a structure in place for Law and Compliance Group established in the Corporate Risk Management Division to centrally manage legal risk. At the same time, it examines any legal issues before concluding contracts and then centrally manages lawsuits.

(vi) Tangible Asset Risk Management

Tangible asset risk refer to the risk of loss due to damage to tangible assets or deterioration in the operational environment caused by disasters or inadequate asset maintenance, as well as risks similar to this risk. The Human Resources & Corporate Administration Division is charged with tangible asset risk management and works to reduce and mitigate the risk upon understanding vulnerabilities of tangible asset risk to manage.

(vii) Personnel Risk Management

Personnel risk refer to the risk of loss due to an outflow or loss of human resources or deterioration in employee morale, as well as risks similar to this risk. The Human Resources & Corporate Administration Division is charged with managing personnel risks and establishing the necessary management procedures to ensure an understanding of them by officers and employees upon grasping the degree of impact of a change in the quality and quantity of human resources.

Reputation risk refer to the risk of harm to our corporate value arising from perceptions of our customers, shareholders, investors or other stakeholders and in the market or society that we deviate from their expectations or confidence. The Corporate Planning & Accounting Division is charged with managing reputation risk and establishing the necessary management procedures to ensure an understanding of them by officers and employees upon grasping the possibility of deterioration in reputation.