Sustainability

Risk Management

Risk Management
Risk Appetite Framework
Top Risk
Recent Changes in the Business Environment and Risk Perceptions
Business Continuity Management Policy

Risk Management

Orico has established a "Risk Management Basic Policy" to comprehensively understand and manage various risks within the group. Divisions and Groups in charge are entrusted with managing individual risks, while the Risk Management Group oversees the overall management of these risks. To ensure effective control, Orico has established various committees, including the Comprehensive Risk Management Committee, that monitor and evaluate risks at the management level. The status of risk management across the entire Orico group is regularly reported to the Board of Directors and discussed in Executive Management Meetings.

Risk Appetite Framework

Orico utilizes a comprehensive Risk Appetite Framework to develop optimal strategies and plans by considering quantified risk and cost-return factors, enhancing progress monitoring, responding to environmental changes, and allocating resources effectively. Strengthening governance practices is a priority to improve productivity and corporate value.

商品、推進部署等、セグメント毎のリスク・リターン・コストを数値化、採算を詳細に把握保有資本、調達資金等経営上の制約経営体力比、許容可能なリスク/コストを前提に、リスク調整後コスト控除後にリターンが最大となるバランスシート構築を目的として事業計画を立案［リスク計量］倒産確立等の内部データやマーケットデータを利用し、信用リスク、市場リスク、オペレーショナルリスクを計量［リスクキャピタル配賦］資本対比、許容可能なリスク量を設定、必要な部署に配分［リスクアペタイト(リスク選好)設定］経営目標達成に資するリスクテイク領域の設定［上記、取締役会への報告(ガバナンス強化)] 最適化されたバランスシート戦略・事業計画 → 環境変化に伴う迅速なリバランス → 計画を踏まえたリソース配分・ガバナンス強化 → 企業価値の拡大、全社的な生産性向上

Top Risk

Top Risk Management

Orico proactively identifies and monitors "Top Risks", which are risk events with significant potential impact on the Orico Group, considering both internal and external factors. The Comprehensive Risk Management Committee, Executive Management Meetings, and Board of Directors receive regular updates and reports to ensure a unified understanding of risks and enhance risk management practices' effectiveness.

[Top Risk Selection Cycle] Identify Risk Events: Identify risk events from internal and external environments that have an impact on our Group. Analyze and Evaluate Risk Events: Create a heatmap to evaluate the significance of risk events on an assessment of the likelihood and impact of the risk events. Select Potential Top Risks: Select top risk by potential high-importance risks based on similarity and relevance. Identify Top Risks: Comprehensively evaluate the impact on the Group and the response status and select top risks with the involvement of management. Report the selected top risks to the Comprehensive Risk Management Committee, Executive Management Meeting, and Board of Directors. Evaluate and Improve Risk Management: Regularly monitor and evaluate the operational status and report to the Comprehensive Risk Management Committee, Executive Management Meeting, and Board of Directors. Review and reassess the selected top risks periodically and as necessary.

The “top risks” as of the end of June 2023 are as follows.

	Risk Events	Risk Scenarios
1	Impact of Changes in the Economic Environment on Performance	Due to prolonged inflation and significant fluctuations in the economic environment, customers are finding it difficult to make repayments, leading to an increase in bad debt losses. The deterioration of the business environment has resulted in an increase in the management decline and bankruptcy of affiliated stores.
2	Sharp Increase in Interest Rates	ALM-related cost increase due to continued global inflation from energy and food supply surges and market volatility led by tightening financial conditions in Japan and ASEAN
3	Impact of Increased Fraudulent Use on Business	The increase in fraudulent use and damage related to card transactions has led to a negative impact on performance and a sense of inadequacy in AML measures, resulting in the loss of stakeholder trust and missed business opportunities.
4	Impact on business from cyber attacks and major system disruptions	Loss of stakeholder trust and missed business opportunities due to data breaches, operational disruptions, and cyber-attacks causing leakage of personal information and system outages.
5	Impact of New Regulations Related to Climate Change on Business	Delays in responding to new policies and regulatory changes aimed at achieving decarbonization have led to the emergence of risk events.
6	Impact of Technological Innovations on Business	Delays in adopting advanced technologies due to technological innovation have resulted in lost business opportunities.
7	Damage to corporate value due to non-compliant behavior contrary to social norms	Loss of stakeholder trust and missed business opportunities resulting from employees' failure to act in accordance with social norms and ethical standards
8	Impact of Insufficient Human Resource Management on Strategy Implementation	Inadequate human resource management to execute business strategies in response to changes in the business environment has led to a decline in competitiveness.

Recent Changes in the Business Environment and Risk Perceptions

The impact of the prolonged COVID-19 pandemic is gradually subsiding, but uncertainties remain in the global economy due to worldwide inflation, rising interest rates, financial market turbulence originating from the United States, and other factors. Concerns about economic slowdown and the potential implications for the future are emerging. Additionally, Orico recognizes the unpredictable nature of the social and economic environment surrounding Orico, including potential regulatory changes related to climate change and an increased risk of cyberattacks.

1. Credit risk

Risks

Potential losses could be incurred due to users' payment delays and deterioration in debt recovery.
Unforeseen factors such as future economic trends, an increase in personal bankruptcy filings, and other unexpected circumstances may necessitate a boost in provisions for bad debts.
Regarding overseas operations, fluctuations in customer payment ability due to trends in prices and employment conditions in the Southeast Asian economy may impact performance.

Counter measures

We are actively maintaining an appropriate delinquency rate through statistical methods based on past performances and improvements in our AI-based evaluation system and logic.
In preparing for potential loan losses, an estimated loss rate is calculated using statistical methods based on historical experience and an allowance for doubtful accounts is established for ordinary loans and for loans that are past due (three months past due or otherwise delinquent). For certain specific loans, an allowance for doubtful accounts is established for the estimated amount of uncollectible loans based on an individual assessment of the collectability of each loan.

2.Interest Rate Fluctuation Risk

Risks

There is the possibility of increased financial expenses should future interest rates rise significantly or substantial credit rating revisions result in higher funding costs. Additionally, there may be a limitation in passing on the increase in funding costs to investment interest.

Counter measures

We conduct Asset and Liability Management (ALM) to manage interest rate risk effectively. This includes procuring fixed long-term debt financing, utilizing financial derivatives, and taking necessary actions towards interest rate fluctuations.

3.Liquidity Risk

Risks

In the event of significant changes in financial conditions or a substantial revision of ratings, there is a possibility that securing funds smoothly will become difficult, or that we may be forced to procure funds at significantly unfavorable interest rates compared to usual.

Counter measures

We implement ALM (Asset and Liability Management) to secure the necessary funding for our group's business activities. We are working to diversify our funding sources and reduce liquidity risk through the establishment of commitment lines with multiple financial institutions and adjustments to our available liquidity.

4.External Fraud Risk

Risks

The amount of fraudulent losses related to credit cards is on the rise across the industry, and the methods of fraudulent transactions are becoming increasingly complex and sophisticated. The increase in fraudulent losses may negatively impact performance.

Counter measures

We are conducting trend investigations and monitoring of fraudulent applications, working to prevent fraud by improving the accuracy of our screening logic.
Additionally, we are enhancing our fraud prevention measures through the use of an AI-powered fraud detection system, promoting the registration of identity verification services for members, and providing usage notifications and suspension features.

5.Cybersecurity, Risks, Interventions

Risks

In the event of a cyber attack causing computer system shutdown, data tampering, or leakage of important information, there is a possibility of incurring liability for damages, damaging the trust of our group, being subject to regulatory penalties, and incurring additional expenses to address these incidents.

Counter measures

Recognizing that increasingly more sophisticated and skillful cyber-attacks and other threats are an important management issue, we have established the Cyber Security Office, a department dedicated to cyber security. We have established a system to maintain the safety of our systems by taking organizational and personnel measures, including the information integration and technical measures in cooperation with external organizations, the development of procedures to prepare for cyber incidents, and training and drills for officers and employees.
Additionally, we have established the "Orico CSIRT" framework aimed at improving security quality and strengthening incident response capabilities. This system is designed to consistently control everything from preventive safety measures during normal operations to immediate response readiness during incidents.

6.Information Security, Risks, Interventions

Risks

We acquire, store, and utilize a significant amount of customer information. Therefore, in the event of a leakage of important information, such as unauthorized access from external sources, accidents during media transportation, or involvement of internal personnel, there is a possibility of incurring liability for damages, damaging the trust of our group, being subject to regulatory penalties, and incurring additional expenses to address these incidents.

Counter measures

To prevent the leakage of sensitive information, including personal data of our valued customers, we have established regulations and procedures for information handling. We implement security measures on our systems, provide staff education and training, and manage access to our facilities, ensuring proper information handling.

7.Computer Systems, Risks, Interventions

Risks

We possess a large-scale computer system that connects our domestic locations, customers, and various payment institutions through a communication network to process information. In the event of a major system malfunction or similar incident, potentially causing disruptions to customer services.

Counter measures

For the information systems we use in our operations, we take preventive measures to ensure stable operation, such as maintenance activities and the implementation of backup systems. We also established contingency plans to deal with unforeseen events, ensuring that in the event of system downtime or malfunctions, we can continue our operations safely and promptly. We have established a robust system and infrastructure to enable business continuity under any circumstances.

8.Climate Change, Risks, Interventions

Risks

We recognize "climate change risks", which are influences from frequent natural disasters caused by extreme weather events and the transition to a decarbonized society.
As physical risks, the intensification of extreme weather events such as typhoons and floods could potentially disrupt our business operations and cause damage to the assets and infrastructure of our member merchants.
As transition risks, inadequate response to technological innovations and innovations that promote decarbonization, policies and regulations, and changes in supply and demand for specific financial services, as well as insufficient efforts in disclosing such information, may undermine the trust of stakeholders.

Counter measures

To promote sustainable management across the entire company, we have established a Sustainability Committee. We are working on formulating sustainability management strategies and assessing the progress of sustainability initiatives, taking into account climate change-related risks and opportunities. We are also strengthening communication and monitoring both internally and externally to enhance our sustainability efforts.
We are assessing the likelihood of occurrence, impact, and financial implications related to physical risks and transition risks, and are working on response measures accordingly.

9.Natural Disasters and Infectious Diseases, Risks, Interventions

Risks

There is a possibility that our business operations may be affected by large-scale disasters such as earthquakes, typhoons, or the outbreak of infectious diseases.
Although the COVID-19 pandemic is gradually subsiding, the emergence of new viruses or similar events leading to a rapid increase in infections or a significant rise in severe cases may increase credit risks, liquidity risks, and other potential risks.

Counter measures

To prepare for unforeseen events such as large-scale earthquakes, disasters, or accidents, we have established a "Business Continuity Management Regulations" and formulated an "Annual Plan for Business Continuity Management". We have also implemented a dedicated system for promptly confirming the safety of personnel and assessing the situation in affected areas. In the event of a major natural disaster or similar event in the Tokyo metropolitan area, we have established a provisional emergency headquarters in the western Japan region and conducted training to ensure business continuity.
To mitigate the impact of new viruses or similar threats, we are committed to ensuring the stable operation of our payment infrastructure, the safety of our employees, and providing appropriate customer support.
To ensure the stable operation of payment infrastructure and appropriate customer responses, we have developed a business contingency plan that is updated annually.

10.Regulations, Risks, Interventions

Risks

We conduct our business in compliance with various laws and regulations, such as the Installment Sales Act, Money Lending Business Act, Investment Act, Interest Rate Restriction Act, Act on Prevention of Transfer of Criminal Proceeds, and Personal Information Protection Act. Our business area requires registration or permission from regulatory authorities, thus future changes in laws, regulations, policies, and industry practices may potentially impact our business operations and performance.
In the event of any violation of laws and regulations, there is a possibility of receiving sanctions or penalties from regulatory authorities in accordance with the applicable laws.

Counter measures

We strive to timely and accurately grasp risks that derive from regulatory changes and to report the details and response status to the Comprehensive Risk Management Committee. We ensure appropriate management and operation for risk avoidance and mitigation.
We conduct business verification related to relevant laws and regulations, and report the details and results to the Compliance Committee. We ensure proper management and operation in compliance with laws and regulations.

11.Conduct Risk

Risks

Not only actions that violate laws, internal regulations, and social norms but also actions that negatively impact customer protection, market integrity, public interest, and stakeholders can potentially harm corporate value.

Response Measures

We view compliance not merely as adherence to laws but as a commitment to corporate ethics and social norms. To ensure that employees take "correct actions" when faced with issues, we have established "The Orico Group Code" as our code of conduct and are working to embed it within the organization.
By establishing an internal reporting system, the "Orico Helpline," that employees can use with confidence, we aim to enhance self-regulation and work towards preventing the occurrence of fraud.

12. Human (Talent, Human Rights, etc.) Risk

Risks

As the labor population decreases due to a declining birthrate and aging population, the values regarding work and living environments are diversifying. If we cannot meet employees' expectations for job satisfaction and fulfillment, it may become difficult to secure the necessary talent to execute our management strategy, potentially lowering our competitiveness.
To realize our management strategy, we require more specialized talent, particularly in digital transformation (DX). If we are unable to secure and develop sufficient talent in line with changes in the business environment, it may hinder our operational capabilities and decrease competitiveness. Additionally, if our efforts to respect human rights are deemed insufficient, we risk losing the trust of stakeholders.

Counter measures

We are revising our HR system and implementing key initiatives based on a talent strategy that considers changes in external environments and the values and lifestyles of each employee, aiming to maximize employee engagement.
As part of building our management foundation, we are working on creating a "diverse talent pool" and enhancing employee development through new experiential programs and learning content, as well as securing diverse talent through the recruitment of experienced specialists.
Recognizing that respecting human rights is a significant social responsibility, we are promoting our human rights initiatives in accordance with the "UN Guiding Principles on Business and Human Rights" as outlined in our "Human Rights Basic Policy."

13.Risks Related to Recoverability of Deferred Tax Assets

Risks

We assess the recoverability of deferred tax assets based on future taxable income. However, the estimation of future taxable income is subject to influences such as future economic conditions, unforeseen interest rate fluctuations, increased personal bankruptcy filings, and other unexpected factors.

Counter measures

Deferred tax assets are recognized for future deductible temporary differences and are assessed for their recoverability based on estimated future taxable income, taking into account certain uncertainties inherent in the three-year business plan and other factors.

Other Risks

In addition to the risks mentioned above, there are other factors that could potentially impact the performance of the Orico Group, including:

Insufficient measures to combat anti-social forces, money laundering, terrorist financing, and credit card fraud.
Significant depreciation of priority beneficiary rights or tangible fixed assets, such as land and buildings, due to the liquidity of installment sales receivables.
Consumer disputes arising from violations of laws by member stores, partner companies, or business commission recipients, which could escalate into social responsibility issues for the Orico Group.
In the event that negative reports regarding our group and the industry undermine stakeholder trust, it may lead to a loss of confidence from stakeholders.

BCP

Business Continuity Management Policy

Orient Corporation (hereinafter referred to as " we"), based on its Philosophy and Orico's Sustainability Goals, has positioned the response to emergencies such as large-scale 'natural disasters', 'spread of infectious diseases' and 'system failures' as one of its key management issues and has established the Basic Business Continuity Management Policy as follows.

We prioritize human life in situations where there is a risk to life or physical well-being during emergencies.
Considering our role as a company contributing to vital social infrastructure, we focuse on the maintenance and continuity of payment functions and the early recovery of operations during emergency situations.
We establish a prompt response system, including organizational structure, authorities, instructions, and emergency action plans, to effectively respond to emergencies.
We provide education and training to all employees regarding emergency response measures and emergency action plans. Regular training exercises are conducted to improve the effectiveness of emergency response.
We monitor changes in the surrounding environment of us and our group companies, as well as societal trends related to emergencies, and reviews the organizational structure based on this policy as necessary.

Major Business Continuity Management Efforts:

Formulation of an annual business continuity management plan (deliberated in Executive Management Meetings and reported to the Board of Directors)
Development of initial response systems for emergencies, particularly large-scale earthquakes
Establishment and thorough dissemination of evacuation and communication systems during disasters
Regular review of assumed scenarios in business continuity management
Conducting comprehensive training exercises to enhance the response capability for large-scale system failures, including cyberattacks
Radio communication training at both the headquarters and nationwide branches
Participation in "Shakeout drills (Chiyoda Ward's simultaneous disaster prevention drill)" at the Kojimachi head office building
Establishment of self-defense firefighting organizations at the Kojimachi head office building
Implementing and maintaining test emails to confirm safety

Disaster Resilience Measures for Data Centers:

As Orico's financial services heavily rely on computer processing in data centers, Orico is actively strengthening the resilience of these facilities. Ongoing measures include:

Installation of a self-generated power system capable of continuous operation for up to three days
Power supply sourced from two independent sources
Construction of data centers in locations known for their high resilience to seismic and weather-related disasters

Sustainability