Corporate website of Orient Corporation

Sustainability

Risk Management

Risk Management

Orico has established a "Risk Management Basic Policy" to comprehensively understand and manage various risks within the group. Divisions and Groups in charge are entrusted with managing individual risks, while the Risk Management Group oversees the overall management of these risks. To ensure effective control, Orico has established various committees, including the Comprehensive Risk Management Committee, that monitor and evaluate risks at the management level. The status of risk management across the entire Orico group is regularly reported to the Board of Directors and discussed in Executive Management Meetings.

リスク管理体制図

Risk Appetite Framework

Orico utilizes a comprehensive Risk Appetite Framework to develop optimal strategies and plans by considering quantified risk and cost-return factors, enhancing progress monitoring, responding to environmental changes, and allocating resources effectively. Strengthening governance practices is a priority to improve productivity and corporate value.

商品、推進部署等、セグメント毎のリスク・リターン・コストを数値化、採算を詳細に把握 保有資本、調達資金等経営上の制約 経営体力比、許容可能なリスク/コストを前提に、リスク調整後コスト控除後にリターンが最大となるバランスシート構築を目的として事業計画を立案 [リスク計量]倒産確立等の内部データやマーケットデータを利用し、信用リスク、市場リスク、オペレーショナルリスクを計量 [リスクキャピタル配賦]資本対比、許容可能なリスク量を設定、必要な部署に配分 [リスクアペタイト(リスク選好)設定]経営目標達成に資するリスクテイク領域の設定 [上記、取締役会への報告(ガバナンス強化)] 最適化されたバランスシート戦略・事業計画 → 環境変化に伴う迅速なリバランス → 計画を踏まえたリソース配分・ガバナンス強化 → 企業価値の拡大、全社的な生産性向上

Top Risk as of FY 2022

Top Risk Management

Orico proactively identifies and monitors "Top Risks", which are risk events with significant potential impact on the Orico Group, considering both internal and external factors. The Comprehensive Risk Management Committee, Executive Management Meetings, and Board of Directors receive regular updates and reports to ensure a unified understanding of risks and enhance risk management practices' effectiveness.

[トップリスク選定サイクル]リスク事象の抽出:内外環境から当社グループに影響のあるリスク事象を網羅的にリストアップ → リスク事象の分析・評価:蓋然性・影響度を評価し、ヒートマップにて重要性を可視化 → トップリスク候補の抽出:重要性が高いリスクを類似性や関連性を基に分類しトップリスク候補を抽出 → トップリスクの選定:当社グループへの影響・対応状況を総合的に評価し、経営陣関与のもとトップリスクを選定・選定したトップリスクは総合リスク管理委員会、経営会議、取締役会に報告 → 運営状況の評価・改善:定期的にモニタリング評価し、総合リスク管理委員会、経営会議、取締役会に報告・選定したトップリスクは定期的及び必要に応じて適宜見直し

The “top risks” as of the end of June 2023 are as follows.

Risk Events Risk Scenarios
1 Sharp Increase in Interest Rates ALM-related cost increase due to continued global inflation from energy and food supply surges and market volatility led by tightening financial conditions in Japan and ASEAN
2 Impact on business performance due to worsening economic slowdown A persistently weak macroeconomic environment increases unemployment rates and the challenges to customer repayments, resulting in a rise in credit losses. This deterioration in the business environment leads to a higher number of member merchants failures and worsening business operations.
3 Impact on business from cyber attacks and major system disruptions Loss of stakeholder trust and missed business opportunities due to data breaches, operational disruptions, and cyber-attacks causing leakage of personal information and system outages.
4 Impact on achieving strategic objectives due to labor shortage Failure to adapt to new policies, regulatory changes, and technological advancements in achieving decarbonization goals leading to missed business opportunities and the emergence of risk events.
5 Damage to corporate value due to non-compliant behavior contrary to social norms Loss of stakeholder trust and missed business opportunities resulting from employees' failure to act in accordance with social norms and ethical standards
6 Impact on achieving strategic objectives due to labor shortage Insufficient recruitment and development efforts leading to a shortage of talent required to adapt to changing business environments, hindering the execution of business strategies and decreasing competitiveness

Recent Changes in the Business Environment and Risk Perceptions

The impact of the prolonged COVID-19 pandemic is gradually subsiding, but uncertainties remain in the global economy due to worldwide inflation, rising interest rates, financial market turbulence originating from the United States, and other factors. Concerns about economic slowdown and the potential implications for the future are emerging. Additionally, Orico recognizes the unpredictable nature of the social and economic environment surrounding Orico, including potential regulatory changes related to climate change and an increased risk of cyberattacks.
Amidst these circumstances, the Orico Group strives to become a new-era financial services group that creates value from a customer-centric perspective and contributes to society. We drive a wide range of businesses, including installment sales, card and loan services, bank guarantee services, payment and guarantee services, and overseas operations. However, our performance is significantly influenced by factors such as individual consumer spending trends and the overall economic environment. While we are actively developing measures to respond swiftly to environmental changes, intensified competition or other adverse economic impacts could potentially impact our performance and financial position.
Considering the above, the following are the main factors that may significantly impact the Orico Group's business operations. Please note that this section contains forward-looking statements based on our judgment as of June 2023 and does not encompass all potential risks associated with future business activities.

1. Credit risk

Risks

  • Potential losses could be incurred due to users' payment delays and deterioration in debt recovery.
  • Unforeseen factors such as future economic trends, an increase in personal bankruptcy filings, and other unexpected circumstances may necessitate a boost in provisions for bad debts.

Counter measures

  • We are actively maintaining an appropriate delinquency rate through statistical methods based on past performances and improvements in our AI-based evaluation system and logic.
  • In preparing for potential loan losses, an estimated loss rate is calculated using statistical methods based on historical experience and an allowance for doubtful accounts is established for ordinary loans and for loans that are past due (three months past due or otherwise delinquent). For certain specific loans, an allowance for doubtful accounts is established for the estimated amount of uncollectible loans based on an individual assessment of the collectability of each loan.

2.Interest Rate Risk and Liquidity Risk

Risks

  • There is the possibility of increased financial expenses should future interest rates rise significantly or substantial credit rating revisions result in higher funding costs. Additionally, there may be a limitation in passing on the increase in funding costs to investment interest.
  • There is a possibility that obtaining smooth funding becomes difficult or that funding needs to be raised at significantly disadvantageous interest rates compared to usual environment if there are significant changes in the financial environment or substantial revisions in credit ratings.

Counter measures

  • We conduct Asset and Liability Management (ALM) to manage interest rate risk effectively. This includes procuring fixed long-term debt financing, utilizing financial derivatives, and taking necessary actions towards interest rate fluctuations. We also diversify our funding sources, establish commitment lines with multiple financial institutions, and adjust the balance between short-term and long-term funding in consideration of market conditions.

3.Cybersecurity, Risks, Interventions

Risks

  • In the event of a cyber attack causing computer system shutdown, data tampering, or leakage of important information, there is a possibility of incurring liability for damages, damaging the trust of our group, being subject to regulatory penalties, and incurring additional expenses to address these incidents.

Counter measures

  • Recognizing the threat of cyber attacks as a crucial management issue, we have established a Cyber Security Office responsible for managing our cyber security risk framework. We have implemented measures such as establishing response manuals for incidents, collecting up-to-date information in collaboration with external organizations, implementing security measures on our systems, and providing education and training to our staff to ensure organizational, technical, personnel, and physical safeguards are in place for proper handling of information.

4.Information Security, Risks, Interventions

Risks

  • We acquire, store, and utilize a significant amount of customer information. Therefore, in the event of a leakage of important information, such as unauthorized access from external sources, accidents during media transportation, or involvement of internal personnel, there is a possibility of incurring liability for damages, damaging the trust of our group, being subject to regulatory penalties, and incurring additional expenses to address these incidents.

Counter measures

  • To prevent the leakage of sensitive information, including personal data of our valued customers, we have established regulations and procedures for information handling. We implement security measures on our systems, provide staff education and training, and manage access to our facilities, ensuring proper information handling.

5.Computer Systems, Risks, Interventions

Risks

  • We possess a large-scale computer system that connects our domestic locations, customers, and various payment institutions through a communication network to process information. In the event of a major system malfunction or similar incident, potentially causing disruptions to customer services.

Counter measures

  • For the information systems we use in our operations, we take preventive measures to ensure stable operation, such as maintenance activities and the implementation of backup systems. We also established contingency plans to deal with unforeseen events, ensuring that in the event of system downtime or malfunctions, we can continue our operations safely and promptly. We have established a robust system and infrastructure to enable business continuity under any circumstances.

6.Climate Change, Risks, Interventions

Risks

  • We recognize "climate change risks", which are influences from frequent natural disasters caused by extreme weather events and the transition to a decarbonized society.
  • As physical risks, the intensification of extreme weather events such as typhoons and floods could potentially disrupt our business operations and cause damage to the assets and infrastructure of our member merchants.
  • As transition risks, inadequate response to technological innovations and innovations that promote decarbonization, policies and regulations, and changes in supply and demand for specific financial services, as well as insufficient efforts in disclosing such information, may undermine the trust of stakeholders.

Counter measures

  • To promote sustainable management across the entire company, we have established a Sustainability Committee. We are working on formulating sustainability management strategies and assessing the progress of sustainability initiatives, taking into account climate change-related risks and opportunities. We are also strengthening communication and monitoring both internally and externally to enhance our sustainability efforts.

7.Natural Disasters and Infectious Diseases, Risks, Interventions

Risks

  • There is a possibility that our business operations may be affected by large-scale disasters such as earthquakes, typhoons, or the outbreak of infectious diseases.
  • Although the COVID-19 pandemic is gradually subsiding, the emergence of new viruses or similar events leading to a rapid increase in infections or a significant rise in severe cases may increase credit risks, liquidity risks, and other potential risks.

Counter measures

  • To prepare for unforeseen events such as large-scale earthquakes, disasters, or accidents, we have established a "Business Continuity Management Regulations" and formulated an "Annual Plan for Business Continuity Management". We have also implemented a dedicated system for promptly confirming the safety of personnel and assessing the situation in affected areas. In the event of a major natural disaster or similar event in the Tokyo metropolitan area, we have established a provisional emergency headquarters in the western Japan region and conducted training to ensure business continuity.
  • To mitigate the impact of new viruses or similar threats, we are committed to ensuring the stable operation of our payment infrastructure, the safety of our employees, and providing appropriate customer support.

8.Regulations, Risks, Interventions

Risks

  • We conduct our business in compliance with various laws and regulations, such as the Installment Sales Act, Money Lending Business Act, Investment Act, Interest Rate Restriction Act, Act on Prevention of Transfer of Criminal Proceeds, and Personal Information Protection Act. Our business area requires registration or permission from regulatory authorities, thus future changes in laws, regulations, policies, and industry practices may potentially impact our business operations and performance.
  • In the event of any violation of laws and regulations, there is a possibility of receiving sanctions or penalties from regulatory authorities in accordance with the applicable laws.

Counter measures

  • We strive to timely and accurately grasp risks that derive from regulatory changes and to report the details and response status to the Comprehensive Risk Management Committee. We ensure appropriate management and operation for risk avoidance and mitigation.
  • We conduct business verification related to relevant laws and regulations, and report the details and results to the Compliance Committee. We ensure proper management and operation in compliance with laws and regulations.

9.Conduct Risks, Interventions

Risks

  • Stakeholder trust may be damaged when there are actions that violate laws, internal rules, or social norms, or any actions that negatively impact customer protection, market integrity, or public interests.

Counter measures

  • We consider compliance not only as adhering to laws and regulations but also as adhering to corporate ethics and social norms. To ensure that our employees can take "the right actions" when faced with challenges, we have established "The Orico Group Code" as a code of conduct and strive to promote its understanding and implementation among our employees.
  • We have established an internal reporting hotline called "Orico Help Line", which allows anonymous reportings. By ensuring a secure and reliable operation of this hotline, we aim to enhance self-cleansing mechanisms and prevent fraudulent activities from occurring in advance.

10.Risks relating to human resources and human rights, and Interventions

Risks

  • To realize our business strategy, we require specialized talent, particularly in areas such as DX (Digital Transformation), and if we are unable to secure and develop sufficient talent that aligns with the changing business environment, there is a possibility that our competitiveness may decline and it may hinder our business operations.
  • Insufficient efforts in respecting human rights may result in a loss of trust from stakeholders.

Counter measures

  • As part of our efforts to build a solid management foundation, we are committed to creating a workforce that embraces diversity by actively recruiting experienced professionals from diverse backgrounds.
  • We are enhancing talent development through the implementation of new experiential programs and enriched learning content.
  • Recognizing that respecting human rights is a significant social responsibility, we are promoting initiatives in line with the "Guiding Principles on Business and Human Rights" established by the United Nations, based on our "Human Rights Basic Policy".

11.Risks Related to Recoverability of Deferred Tax Assets

Risks

  • We assess the recoverability of deferred tax assets based on future taxable income. However, the estimation of future taxable income is subject to influences such as future economic conditions, unforeseen interest rate fluctuations, increased personal bankruptcy filings, and other unexpected factors.

Counter measures

  • Deferred tax assets are recognized for future deductible temporary differences and are assessed for their recoverability based on estimated future taxable income, taking into account certain uncertainties inherent in the three-year business plan and other factors.

Other Risks

In addition to the risks mentioned above, there are other factors that could potentially impact the performance of the Orico Group, including:

  • Insufficient measures to combat anti-social forces, money laundering, terrorist financing, and credit card fraud.
  • Significant depreciation of priority beneficiary rights or tangible fixed assets, such as land and buildings, due to the liquidity of installment sales receivables.
  • Consumer disputes arising from violations of laws by member stores, partner companies, or business commission recipients, which could escalate into social responsibility issues for the Orico Group.
  • Negative publicity surrounding Orico and the industry.

BCP

Business Continuity Management Policy

Orient Corporation (hereinafter referred to as "we") recognizes emergency response during large-scale "natural disasters", "infectious disease outbreaks", "system failures", and other critical situations as a significant management challenge. In light of our fundamental principles, the following "Business Continuity Management Policy" is established:

  1. We prioritize human life in situations where there is a risk to life or physical well-being during emergencies.
  2. Considering our role as a company contributing to vital social infrastructure, we focuse on the maintenance and continuity of payment functions and the early recovery of operations during emergency situations.
  3. We establish a prompt response system, including organizational structure, authorities, instructions, and emergency action plans, to effectively respond to emergencies.
  4. We provide education and training to all employees regarding emergency response measures and emergency action plans. Regular training exercises are conducted to improve the effectiveness of emergency response.
  5. We monitor changes in the surrounding environment of us and our group companies, as well as societal trends related to emergencies, and reviews the organizational structure based on this policy as necessary.

Major Business Continuity Management Efforts:

  • Formulation of an annual business continuity management plan (deliberated in Executive Management Meetings and reported to the Board of Directors)
  • Development of initial response systems for emergencies, particularly large-scale earthquakes
  • Establishment and thorough dissemination of evacuation and communication systems during disasters
  • Regular review of assumed scenarios in business continuity management
  • Conducting comprehensive training exercises to enhance the response capability for large-scale system failures, including cyberattacks
  • Radio communication training at both the headquarters and nationwide branches
  • Participation in "Shakeout drills (Chiyoda Ward's simultaneous disaster prevention drill)" at the Kojimachi head office building
  • Establishment of self-defense firefighting organizations at the Kojimachi head office building

Disaster Resilience Measures for Data Centers:

As Orico's financial services heavily rely on computer processing in data centers, Orico is actively strengthening the resilience of these facilities. Ongoing measures include:

  • Installation of a self-generated power system capable of continuous operation for up to three days
  • Power supply sourced from two independent sources
  • Construction of data centers in locations known for their high resilience to seismic and weather-related disasters