Orico has established a "Risk Management Basic Policy" to comprehensively understand and manage various risks within the group. Divisions and Groups in charge are entrusted with managing individual risks, while the Risk Management Group oversees the overall management of these risks. To ensure effective control, Orico has established various committees, including the Comprehensive Risk Management Committee, that monitor and evaluate risks at the management level. The status of risk management across the entire Orico group is regularly reported to the Board of Directors and discussed in Executive Management Meetings.
Risk Appetite Framework
Orico utilizes a comprehensive Risk Appetite Framework to develop optimal strategies and plans by considering quantified risk and cost-return factors, enhancing progress monitoring, responding to environmental changes, and allocating resources effectively. Strengthening governance practices is a priority to improve productivity and corporate value.
Top Risk as of FY 2022
Top Risk Management
Orico proactively identifies and monitors "Top Risks", which are risk events with significant potential impact on the Orico Group, considering both internal and external factors. The Comprehensive Risk Management Committee, Executive Management Meetings, and Board of Directors receive regular updates and reports to ensure a unified understanding of risks and enhance risk management practices' effectiveness.
The “top risks” as of the end of June 2023 are as follows.
|Sharp Increase in Interest Rates
|ALM-related cost increase due to continued global inflation from energy and food supply surges and market volatility led by tightening financial conditions in Japan and ASEAN
|Impact on business performance due to worsening economic slowdown
|A persistently weak macroeconomic environment increases unemployment rates and the challenges to customer repayments, resulting in a rise in credit losses. This deterioration in the business environment leads to a higher number of member merchants failures and worsening business operations.
|Impact on business from cyber attacks and major system disruptions
|Loss of stakeholder trust and missed business opportunities due to data breaches, operational disruptions, and cyber-attacks causing leakage of personal information and system outages.
|Impact on achieving strategic objectives due to labor shortage
|Failure to adapt to new policies, regulatory changes, and technological advancements in achieving decarbonization goals leading to missed business opportunities and the emergence of risk events.
|Damage to corporate value due to non-compliant behavior contrary to social norms
|Loss of stakeholder trust and missed business opportunities resulting from employees' failure to act in accordance with social norms and ethical standards
|Impact on achieving strategic objectives due to labor shortage
|Insufficient recruitment and development efforts leading to a shortage of talent required to adapt to changing business environments, hindering the execution of business strategies and decreasing competitiveness
Recent Changes in the Business Environment and Risk Perceptions
The impact of the prolonged COVID-19 pandemic is gradually subsiding, but uncertainties remain in the global economy due to worldwide inflation, rising interest rates, financial market turbulence originating from the United States, and other factors. Concerns about economic slowdown and the potential implications for the future are emerging. Additionally, Orico recognizes the unpredictable nature of the social and economic environment surrounding Orico, including potential regulatory changes related to climate change and an increased risk of cyberattacks.
Amidst these circumstances, the Orico Group strives to become a new-era financial services group that creates value from a customer-centric perspective and contributes to society. We drive a wide range of businesses, including installment sales, card and loan services, bank guarantee services, payment and guarantee services, and overseas operations. However, our performance is significantly influenced by factors such as individual consumer spending trends and the overall economic environment. While we are actively developing measures to respond swiftly to environmental changes, intensified competition or other adverse economic impacts could potentially impact our performance and financial position.
Considering the above, the following are the main factors that may significantly impact the Orico Group's business operations. Please note that this section contains forward-looking statements based on our judgment as of June 2023 and does not encompass all potential risks associated with future business activities.
1. Credit risk
- Potential losses could be incurred due to users' payment delays and deterioration in debt recovery.
- Unforeseen factors such as future economic trends, an increase in personal bankruptcy filings, and other unexpected circumstances may necessitate a boost in provisions for bad debts.
- We are actively maintaining an appropriate delinquency rate through statistical methods based on past performances and improvements in our AI-based evaluation system and logic.
- In preparing for potential loan losses, an estimated loss rate is calculated using statistical methods based on historical experience and an allowance for doubtful accounts is established for ordinary loans and for loans that are past due (three months past due or otherwise delinquent). For certain specific loans, an allowance for doubtful accounts is established for the estimated amount of uncollectible loans based on an individual assessment of the collectability of each loan.
2.Interest Rate Risk and Liquidity Risk
- There is the possibility of increased financial expenses should future interest rates rise significantly or substantial credit rating revisions result in higher funding costs. Additionally, there may be a limitation in passing on the increase in funding costs to investment interest.
- There is a possibility that obtaining smooth funding becomes difficult or that funding needs to be raised at significantly disadvantageous interest rates compared to usual environment if there are significant changes in the financial environment or substantial revisions in credit ratings.
- We conduct Asset and Liability Management (ALM) to manage interest rate risk effectively. This includes procuring fixed long-term debt financing, utilizing financial derivatives, and taking necessary actions towards interest rate fluctuations. We also diversify our funding sources, establish commitment lines with multiple financial institutions, and adjust the balance between short-term and long-term funding in consideration of market conditions.
3.Cybersecurity, Risks, Interventions
- In the event of a cyber attack causing computer system shutdown, data tampering, or leakage of important information, there is a possibility of incurring liability for damages, damaging the trust of our group, being subject to regulatory penalties, and incurring additional expenses to address these incidents.
- Recognizing the threat of cyber attacks as a crucial management issue, we have established a Cyber Security Office responsible for managing our cyber security risk framework. We have implemented measures such as establishing response manuals for incidents, collecting up-to-date information in collaboration with external organizations, implementing security measures on our systems, and providing education and training to our staff to ensure organizational, technical, personnel, and physical safeguards are in place for proper handling of information.
4.Information Security, Risks, Interventions
- We acquire, store, and utilize a significant amount of customer information. Therefore, in the event of a leakage of important information, such as unauthorized access from external sources, accidents during media transportation, or involvement of internal personnel, there is a possibility of incurring liability for damages, damaging the trust of our group, being subject to regulatory penalties, and incurring additional expenses to address these incidents.
- To prevent the leakage of sensitive information, including personal data of our valued customers, we have established regulations and procedures for information handling. We implement security measures on our systems, provide staff education and training, and manage access to our facilities, ensuring proper information handling.
5.Computer Systems, Risks, Interventions
- We possess a large-scale computer system that connects our domestic locations, customers, and various payment institutions through a communication network to process information. In the event of a major system malfunction or similar incident, potentially causing disruptions to customer services.
- For the information systems we use in our operations, we take preventive measures to ensure stable operation, such as maintenance activities and the implementation of backup systems. We also established contingency plans to deal with unforeseen events, ensuring that in the event of system downtime or malfunctions, we can continue our operations safely and promptly. We have established a robust system and infrastructure to enable business continuity under any circumstances.
6.Climate Change, Risks, Interventions
- We recognize "climate change risks", which are influences from frequent natural disasters caused by extreme weather events and the transition to a decarbonized society.
- As physical risks, the intensification of extreme weather events such as typhoons and floods could potentially disrupt our business operations and cause damage to the assets and infrastructure of our member merchants.
- As transition risks, inadequate response to technological innovations and innovations that promote decarbonization, policies and regulations, and changes in supply and demand for specific financial services, as well as insufficient efforts in disclosing such information, may undermine the trust of stakeholders.
- To promote sustainable management across the entire company, we have established a Sustainability Committee. We are working on formulating sustainability management strategies and assessing the progress of sustainability initiatives, taking into account climate change-related risks and opportunities. We are also strengthening communication and monitoring both internally and externally to enhance our sustainability efforts.
7.Natural Disasters and Infectious Diseases, Risks, Interventions
- There is a possibility that our business operations may be affected by large-scale disasters such as earthquakes, typhoons, or the outbreak of infectious diseases.
- Although the COVID-19 pandemic is gradually subsiding, the emergence of new viruses or similar events leading to a rapid increase in infections or a significant rise in severe cases may increase credit risks, liquidity risks, and other potential risks.
- To prepare for unforeseen events such as large-scale earthquakes, disasters, or accidents, we have established a "Business Continuity Management Regulations" and formulated an "Annual Plan for Business Continuity Management". We have also implemented a dedicated system for promptly confirming the safety of personnel and assessing the situation in affected areas. In the event of a major natural disaster or similar event in the Tokyo metropolitan area, we have established a provisional emergency headquarters in the western Japan region and conducted training to ensure business continuity.
- To mitigate the impact of new viruses or similar threats, we are committed to ensuring the stable operation of our payment infrastructure, the safety of our employees, and providing appropriate customer support.
8.Regulations, Risks, Interventions
- We conduct our business in compliance with various laws and regulations, such as the Installment Sales Act, Money Lending Business Act, Investment Act, Interest Rate Restriction Act, Act on Prevention of Transfer of Criminal Proceeds, and Personal Information Protection Act. Our business area requires registration or permission from regulatory authorities, thus future changes in laws, regulations, policies, and industry practices may potentially impact our business operations and performance.
- In the event of any violation of laws and regulations, there is a possibility of receiving sanctions or penalties from regulatory authorities in accordance with the applicable laws.
- We strive to timely and accurately grasp risks that derive from regulatory changes and to report the details and response status to the Comprehensive Risk Management Committee. We ensure appropriate management and operation for risk avoidance and mitigation.
- We conduct business verification related to relevant laws and regulations, and report the details and results to the Compliance Committee. We ensure proper management and operation in compliance with laws and regulations.
9.Conduct Risks, Interventions
- Stakeholder trust may be damaged when there are actions that violate laws, internal rules, or social norms, or any actions that negatively impact customer protection, market integrity, or public interests.
- We consider compliance not only as adhering to laws and regulations but also as adhering to corporate ethics and social norms. To ensure that our employees can take "the right actions" when faced with challenges, we have established "The Orico Group Code" as a code of conduct and strive to promote its understanding and implementation among our employees.
- We have established an internal reporting hotline called "Orico Help Line", which allows anonymous reportings. By ensuring a secure and reliable operation of this hotline, we aim to enhance self-cleansing mechanisms and prevent fraudulent activities from occurring in advance.
10.Risks relating to human resources and human rights, and Interventions
- To realize our business strategy, we require specialized talent, particularly in areas such as DX (Digital Transformation), and if we are unable to secure and develop sufficient talent that aligns with the changing business environment, there is a possibility that our competitiveness may decline and it may hinder our business operations.
- Insufficient efforts in respecting human rights may result in a loss of trust from stakeholders.
- As part of our efforts to build a solid management foundation, we are committed to creating a workforce that embraces diversity by actively recruiting experienced professionals from diverse backgrounds.
- We are enhancing talent development through the implementation of new experiential programs and enriched learning content.
- Recognizing that respecting human rights is a significant social responsibility, we are promoting initiatives in line with the "Guiding Principles on Business and Human Rights" established by the United Nations, based on our "Human Rights Basic Policy".
11.Risks Related to Recoverability of Deferred Tax Assets
- We assess the recoverability of deferred tax assets based on future taxable income. However, the estimation of future taxable income is subject to influences such as future economic conditions, unforeseen interest rate fluctuations, increased personal bankruptcy filings, and other unexpected factors.
- Deferred tax assets are recognized for future deductible temporary differences and are assessed for their recoverability based on estimated future taxable income, taking into account certain uncertainties inherent in the three-year business plan and other factors.
In addition to the risks mentioned above, there are other factors that could potentially impact the performance of the Orico Group, including:
- Insufficient measures to combat anti-social forces, money laundering, terrorist financing, and credit card fraud.
- Significant depreciation of priority beneficiary rights or tangible fixed assets, such as land and buildings, due to the liquidity of installment sales receivables.
- Consumer disputes arising from violations of laws by member stores, partner companies, or business commission recipients, which could escalate into social responsibility issues for the Orico Group.
- Negative publicity surrounding Orico and the industry.
Business Continuity Management Policy
Orient Corporation (hereinafter referred to as "we") recognizes emergency response during large-scale "natural disasters", "infectious disease outbreaks", "system failures", and other critical situations as a significant management challenge. In light of our fundamental principles, the following "Business Continuity Management Policy" is established:
- We prioritize human life in situations where there is a risk to life or physical well-being during emergencies.
- Considering our role as a company contributing to vital social infrastructure, we focuse on the maintenance and continuity of payment functions and the early recovery of operations during emergency situations.
- We establish a prompt response system, including organizational structure, authorities, instructions, and emergency action plans, to effectively respond to emergencies.
- We provide education and training to all employees regarding emergency response measures and emergency action plans. Regular training exercises are conducted to improve the effectiveness of emergency response.
- We monitor changes in the surrounding environment of us and our group companies, as well as societal trends related to emergencies, and reviews the organizational structure based on this policy as necessary.
Major Business Continuity Management Efforts:
- Formulation of an annual business continuity management plan (deliberated in Executive Management Meetings and reported to the Board of Directors)
- Development of initial response systems for emergencies, particularly large-scale earthquakes
- Establishment and thorough dissemination of evacuation and communication systems during disasters
- Regular review of assumed scenarios in business continuity management
- Conducting comprehensive training exercises to enhance the response capability for large-scale system failures, including cyberattacks
- Radio communication training at both the headquarters and nationwide branches
- Participation in "Shakeout drills (Chiyoda Ward's simultaneous disaster prevention drill)" at the Kojimachi head office building
- Establishment of self-defense firefighting organizations at the Kojimachi head office building
Disaster Resilience Measures for Data Centers:
As Orico's financial services heavily rely on computer processing in data centers, Orico is actively strengthening the resilience of these facilities. Ongoing measures include:
- Installation of a self-generated power system capable of continuous operation for up to three days
- Power supply sourced from two independent sources
- Construction of data centers in locations known for their high resilience to seismic and weather-related disasters
President × Expert: Dialogue
- President × Expert: Dialogue
- This page features a dialogue between the President and the expert on sustainability management.
- Sustainability Management
- In this page, we introduce our sustainability management, the sustainability basic policy, materiality and other information.
Value Creation Process
- Value Creation Process
- This page introduces our Value Creation Process.
- ESG Information
- This page is a directory of our Environmental, Social and Governance (ESG) information. This page provides intuitive navigation to the information you are looking for on our sustainability management initiatives.
Social contribution activities
- Social contribution activities
- Here, we introduce our approach to social contribution and the results of our activities.
- ESG Data
- This page provides a range of ESG data on our sustainability management performance.
- External Recognition
- This page presents an external evaluation on our sustainability management initiatives.