Governance

Risk Management

Risk Management

We committed to the thorough implementation of these risks under the following organization structure.

Structure on Risk Management

We believe that implementing risk management will ensure the continuity and stable development of our business. Being fully aware of our public mission and social responsibility in conducting asset management, we carry out necessary risk management, and we also conduct necessary risk management of the investment corporations to strive to protect investors and operate the investment management business appropriately. We conduct sound and appropriate business management, based on our management policy and strategic goals. With regard to the risks arising as part of that management, we have established an income and risk management system in line with the management policies of each of the investment corporations and based on the strategic goals, and we manage the system so that risk is appropriately controlled.

Key Risks to be Managed

  • Investment management risk
  • Clerical work risk
  • System risk
  • Reputation risk
  • Conduct risk
Structure on Risk Management
  • [1]Board of Directors
    Control over overall risk management, receive periodic and ad-hoc reports, and determine a material risk management policy.
  • [2]President & CEO, Chief Officer for Risk Management
    President & CEO: Supervision of the overall risk management, etc.
    Chief Officer for Risk Management: Execute necessary measures to properly manage risks
  • [3]Investment Committee
    Examines, discusses and makes decisions regarding overall risks affecting the portfolio as a whole (e.g.acquisition, disposal and management of assets by the investment corporations, investment policy and standards, management policies and standards, budgets, funding, etc.)
  • [4]Risk Management Committee
    When required, identifies, examines and formulates responses and policies for matters that pose major risks (excluding those matters that are dealt with by the Investment Committee)
  • [5]Internal Audit Office
    Planning and implementation of internal audit
  • [6]Compliance & Risk Management Office
    • Accumulating risk information through, but not limited to, the management of operational accidents and the review of the approval documents
    • Plans and makes proposals concerning risk management for the company as a whole
    • Monitors, evaluates and analyzes the extent to which risk management is in place and functioning
    • Runs the Risk Management Committee
  • [7]Risk Management Officer
    • Person responsible for managing major risks, etc. in his/her department
    • Reports the state of risk management to the Risk Management Committee

Internal Audits

We have established the Internal Audit Office, which is independent of any department, to conduct audits covering the operations of all departments. Each department is audited once every three years, based on the internal audit plan established for each fiscal year. We believe that internal audits contribute to the achievement of management goals, not only by finding and pointing out problems in business operations, including compliance, but also by evaluating the internal control systems of each department, and proposing methods of improvement, etc.
Details about the implementation of internal audits based on the Internal Audit Rules are specified in the detailed rules on internal audits. When the audited department receives any instruction or proposal for improvement through the internal audit, it prepares an improvement response plan, implements the improvement measures, and reports the results to the Internal Audit Office.
After the completion of the internal audit, the Internal Audit Office prepares an Internal Audit Report to report to the President, in addition to reporting to the Board of Directors at least once a year, in principle.
We are also regularly audited by its parent company (Implementation year: 2023), as well as being evaluated by external experts as necessary.

Information Security

The Company has established the Basic Rules on Information Security to ensure the appropriate and rigorous protection of all assets held by the Company.

Basic Policies

  1. Appropriately store and manage information assets and effectively prevent information leakage and falsification.
  2. Give due consideration to the handling of confidential information and personal information.
  3. When outsourcing business to an external contractor, confirm the contractor's eligibility and security control measures, etc. for personal information.
  4. Implement the same information security management for information assets that have been licensed for use.

Measures are taken for the following items based on the Basic Policies.

  • Management system
  • Information assets management
  • Access control
  • Secure use of information infrastructure
  • Systems management

Implementation of training to improve IT security awareness such as e-mail attack drills

There is an increased risk of information leakage by "targeted (hoax) e-mail" attacks aimed at organizations such as corporations and government agencies. Since attack techniques are evolving day by day and the ultimate best defense to prevent damage is raising awareness and appropriate action of all employees as e-mail recipients, we implement training, etc. using videos on specific cases or similar means, in addition to regular e-mail attack drills.