Basic Policy on Internal Controls

The Company, by resolution of its Board of Directors, adopts the Basic Policy on Internal Controls to ensure the proper operations of the Sompo Holdings Group (hereinafter the “Company Group”) and contribute to enhancement and quality improvement of corporate governance based on relevant laws and regulations and the Group’s management philosophy. The Company shall strive to appropriately capture and validate the Company Group’s control status based on the Basic Policy on Internal Controls at the Board of Directors and enhance its systems. In the event of an incident that may have a material impact on the management of the Company Group, the Company shall promptly determine a response policy at the Board of Directors and take necessary measures.

1. System for Ensuring Proper Conduct of Operations of the Group

As set forth below, the Company shall establish the systems required to ensure that the operations of the Company Group are conducted properly.

(1)The Company shall present the Group Management Philosophy, the Group Action Guideline, the Group Vision, the Group Basic Management Policies, the Group Personnel Vision, and the Group CSR Vision to its Group companies.
(2)The Company shall set forth a basic policy for the business management of Group companies and clarify the scope and terms of the business management of the Company. The Company shall also set forth what requires Group companies to submit applications for approval and to report on important matters that have an impact on the Group's management strategy and business plan, while appropriately exercise shareholder rights to each Group company. Furthermore, the Company shall ensure the effectiveness of this action by, for example, concluding business management agreements with them.
(3)The Company shall formulate various Group Basic Policies that prescribe the Company Group’s control framework and disseminate them to Group companies, requesting compliance therewith. The Company shall also have its Group companies establish systems based on these basic policies, such as by causing them to formulate their own rules according to their actual business operations.
(4)The Company shall establish systems for information collection, inspections, and examinations required for management decisions. The Company shall also seek to activate management discussions through such means as reliably providing information to independent directors and ensure the adequacy of management decisions on important matters regarding business management of the Company Group.
(5)The Company shall set forth a basic policy for the management of intra-group transactions to ensure the soundness and adequacy of the Company Group operations without legal violations or risk spreads resulting from conflicts of interest in intra-group transactions. In order to ensure its effectiveness, the Company shall establish intra-group transaction control system, such as ruling transaction scope, items, responsible department to review, and reviewing intra group transaction properly.

2. System for Ensuring Execution of Duties of Directors,Executive Officers, and Employees in Compliance with Applicable Laws and the Company’s Articles of Incorporation

As set forth below, the Company shall establish the systems required to ensure that the Company Group’s directors, executive officers, and employees (“Officers and Employees”) execute their duties in compliance with applicable laws and the firm’s Articles of Incorporation.

(1)The Company shall verify that the Group Company’s Officers and Employees are executing their duties in a legally compliant manner through such means as reporting on the state of Officers and Employees’ execution of their duties at meetings of the Board of Directors.

(2)The Company shall set forth a basic policy on compliance, determine a code of conduct and the course of action for Group compliance as a fundamental principle for the business, and establish a compliance system in the Company Group for managing customer information, managing conflicts of interest transactions, and responding to anti-social forces. The Company shall also issue a compliance rule with standards of conduct for Officers and Employees of the Company Group and conduct ongoing education and training based on compliance rule to disseminate these basic policies, the code of conduct, and the compliance rule.

(3)The Company shall establish systems in the Company Group for internal reporting and internal whistle blowing for misconduct and other such incidents and properly rectify or otherwise respond to such matters.

(4)The Company shall set forth a basic policy for responding to customer feedback and establish effective systems in the Company Group for responding to customer feedback, such as proactively analyzing customer feedback to improve operational quality.

(5)The Company shall set forth a basic policy on the quality of products and services for customers and develop a system to maintain and improve the quality of customer services in the Company Group, such as preparing a manual for reporting procedures to the Company in the event that any Group company imposes an economic disadvantage on a customer, and the check procedures for similar cases among Group companies.

(6)The Company shall set forth a Security policy and establish appropriate management systems for information assets, such as clarifying basic measures to be taken to ensure the security of information assets in the Company Group.

3. Strategic Risk Management Frameworks

The Company shall set forth a basic policy on ERM and implement the Strategic Risk Management, i.e. an ERM designed to minimize unforeseen losses while effectively utilizing its capital, increasing its profits under appropriate control of risks, and maximizing the Company Group’s corporate value.

(1)In order to ensure the effectiveness of Strategic Risk Management, the Company shall establish systems for Strategic Risk Management, such as the Group Risk Appetite Statement to work as a guideline for risk taking in capital budgeting. The Company shall also appropriately manage risks that may confront the Company Group as a whole through the adequate assessment of the risks inherent to a group structure and of the outline of various risk characteristics that exist within the Company Group.
(2)The Company shall have its Group companies develop and implement the appropriate frameworks for strategic risk management, including assessment and evaluation of risks, according to their scope, scale, and characteristics of operations.

4. System to Ensure Effective and Accurate Execution of Duties

As set forth below, the Company shall delegate authority for the execution of job duties, prescribe rules regarding decision-making and reporting, establish a command and control structure, and effectively utilize management resources to ensure that the Company Group’s Officers and Employees execute their duties properly and efficiently.

(1)The Company shall formulate the Company Group’s management plans and share these plans with its Group companies.
(2)The Company shall establish Global Executive Committee to discuss strategic issues for the entire Group, and Managerial Administrative Committee to discuss management issues. The Company shall discuss important issues related to the execution of the Company Group's business operations on these committees, leading to high-quality, swift decision-making, and establish a system to conduct sufficient examinations in areas of high expertise and technical sophistication.
(3)The Company shall clearly identify the Company Group’s matters in which their Board of Directors is to be involved by designating matters over which their Board of Directors have decision-making authority and matters to be reported to their Board of Directors. The Company shall also determine executive officers’ authority consistent with the matters thus designated.
(4)The Company shall establish the Company Group’s rules and clearly define their internal organizational units’ objectives and scope of responsibilities and shall determine for each organizational unit the division of its duties, executives, and scope of operational authority.
(5)In order to achieve highly reliable, convenient, and effective business operations, the Company shall set forth a basic policy on IT and develop IT governance and system risk control in the Company Group, such as requiring each group company to set up a department aiming to develop an IT control system and to make a system plan, system risk control plan.
(6)The Company shall set forth a basic policy on the management of outsourcing and ensure proper operations in association with outsourcing by the Company Group, such as by managing outsourced companies according to processes from the start to termination of outsourcing.
(7)The Company shall set forth a basic policy on asset management and manage assets with sufficient consideration of risk management based on safety, liquidity, and profitability in light of the characteristics of the Company Group’s funds being managed.
(8)The Company shall set forth a basic policy on the establishment of a business continuity system and ensure the stability and soundness of the Company Group’s operational foundation in times of emergency, such as by establishing systems to ensure the continuity or early restoration of the Group’s key operations during times of crisis, including major natural disasters.

5. System for Ensuring the Financial Soundness

The Company shall set forth a basic policy on management of financial soundness and actuarial matters in order to develop and ensure an appropriate management system for these matters in the Company Group. In order to ensure its effectiveness, the Company shall set up a department to supervise the management of financial soundness and actuary, while appointing a person in charge of these, and clarify the preparation of proper financial statements and various processes on it. Based on results of the accounting audit and internal audit, the Company shall review various processes in timely manner and ensure their appropriateness.

6. System for Ensuring Appropriate Information Disclosure

(1)The Company shall set forth a basic policy on disclosure in order to disclose information regarding the Company Group's business situation properly at timely manner and to enhance its equitability and usability. In order to ensure its effectiveness, the Company shall set up a department that controls disclosure matters based on laws and regulations to establish systems for timely and appropriate disclosure of information concerning its business activities.

(2)The Company shall set forth a basic policy on internal control over financial reporting in the Company Group to ensure adequacy and reliability of financial reporting. In order to ensure the effectiveness of this internal control system, the Company shall designate a department being responsible for internal control and assessment respectively. The Company shall also make an annual evaluation plan for internal control in accordance with the internal control framework generally accepted, while assess the plan and prepare an internal control report.

7. System for Retention and Management of Information Related to Directors and Executive Officers’ Performance of Their Duties

In order to appropriately retain and manage information related to the executive officers’ performance of their duties, the Company shall prescribe rules dictating methods for retaining and managing information related to the executive officers’ execution of their duties, including minutes of the meetings of the important meetings and documentation related thereto. The Company shall also establish the system required to retain and manage such information.

8. System to Ensure Internal Audits’ Effectiveness

In order to ensure the effectiveness of the Company Group’s internal audits, the Company shall set forth a basic policy on internal audits, which shall define matters, such as securing independence concerning internal audits, establishing rules and developing plans, and establishing internal audit systems that are efficient and effective for the Group as a whole.

9. System Related to Audit Committee’s Audits

The Company shall establish the following systems to improve the effectiveness of Audit Committee’s audits:

9-1. Matters relating to employees who assist Audit Committee in the performance of their duties

The Company shall establish an Audit Committee Office as an organization that reports directly to Audit Committee and appoint personnel with the requisite knowledge and experience to serve as Staff of Audit Committee (employees to assist with Audit Committee’s duties) assigned exclusively to audit duty. The Company shall also set forth the Rules Regarding Staff of Audit Committee and ensure their independence from executive functions and the effectiveness of instructions issued by Audit Committee to the Staff of Audit Committee as follows.

(1)The Company shall ensure the Staff of Audit Committee’s independence from executive officers and other business executives by making decisions regarding Staff appointments, dismissal, compensation, and personnel appraisal subject to the approval of Audit Committee members selected by Audit Committee.
(2)In conducting their duties, Staff of Audit Committee shall follow the instructions and orders of Audit Committee or Audit Committee members only and not receive instructions or orders from other personnel.
(3)Staff of Audit Committee shall have the authority to collect information required in relation to their duties ordered by Audit Committee.

9-2. System for Reporting to Audit Committee

(1) The Company shall, under Audit Committee’s approval, prescribe matters that are to be reported to Audit Committee by Officers and Employees (including gross violations of laws or Articles of Incorporation or other improprieties in connection with execution of duties that potentially may cause a material loss for the company) and the timing of such reports in the rules for reporting to Audit Committee. Officers and Employees shall unfailingly submit reports in accord with such prescriptions and other reports requested by Audit Committee.
(2)The Company shall not unfavorably treat such Officers and Employees who have submitted such reports to Audit Committee because of such submission. The same shall apply to the Officers and Employees of Group companies.
(3)When Audit Committee express opinions on directors or executive officers’ execution of their duties or recommend improvements thereof, the director or executive officer in question shall report back to Audit Committee on the progress in addressing the matter cited by Audit Committee.

9-3. Other Systems to Ensure that Audit Committee’s Audits are Conducted Effectively

(1)Audit Committee Members appointed by Audit Committee may attend important meetings and express their opinions.
(2)The Company shall fully cooperate with Audit Committee or Audit Committee members when they discuss with directors, executive officers, accounting auditors, internal audit sections, and other persons required to appropriately perform the duties of Audit Committee. The Company also cooperate with them when they collect information from or discuss with Officers and Employees of Group companies.
(3)The Company shall respond to Audit Committee’s requests concerning access to the minutes of important meetings and other important documents (including electromagnetic records).
(4)Appointment, dismissal or any other important change relating to the head of Internal Audit department shall be approved by Audit Committee.
(5)The Internal Audit department shall discuss and agree with Audit Committee about the internal audit plan. The Internal Audit department shall report to the Audit Committee audit results and designated matters, and receive instructions from the Audit Committee as necessary.
(6)When Audit Committee or Audit Committee members submit a request for the coverage of costs arising in connection with the execution of their duties, it shall be appropriately processed according to the request made by them.
(7)Officers and Employees of the Company shall comply with any other rules set forth by Audit Committee and items provided in audit standard.