Overview of the Status of Internal Control System

The following is an overview of the status of implementation of the system to ensure the appropriate performance of the business operations.

1. Internal Control System as a Whole

• In order to ensure the effective functioning of the Group’s internal control, the Company has established various basic policies to control the Group, and checks the development and implementation status of these policies in a timely manner by the Board of Directors, while analyzing events occurring both inside and outside of the Group and seeking continually to improve, enhance and strengthen the internal control system.
• Guided by our Group purpose, "For a future of health wellbeing and financial protection," we are committed to building a strong corporate culture rooted in compliance and customer protection. This commitment is upheld by all executives and employees, who value "Integrity," "Self-Motivation" and "Diversity."
• In the system, the heads of each business segment are delegated authority as Business CEO for business strategy proposals, investment decisions and talent deployment, to implement agile decision-making and operational strategy proposals. The Company also introduced a system supervised by Group CEO whereby Group Chief Officers are deployed as chief officers responsible for each functional area to exercise functions laterally across the Group including execution of strategies and important issues of the entire Group.
• The Company established the Group Executive Committee to enhance the decision-making function and create a management structure capable of overseeing diverse businesses based on the business segment system while flexibly responding to the changing environment.
• Furthermore, a framework is being developed for promoting the initiatives for providing solutions to medium- to long-term social issues towards materializing SOMPO’s Purpose primarily by the Group Sustainable Management Committee whose members comprise of CSuO (including the officer in charge of sustainability) of each of the Domestic P&C Insurance Business, Overseas Insurance and Reinsurance Business, Domestic Life Insurance Business and Nursing Care Business as well as CSO, and is chaired by Group CSuO who serves as the chief executive of the sustainability domain.
• Furthermore, we have consolidated our business units into "SOMPO P&C (Property & Casualty Insurance Business)" and "SOMPO Wellbeing," and have appointed Business CEOs to oversee each unit effective April 1, 2025. Each Business CEO, acting as chairperson, will lead discussions on the management policies of their respective units within a committee (Management Board). Following discussions with the Group CEO, the Business CEO will execute key initiatives under their own authority. This establishes a system that allows for prompt, strategic, and crucial decision-making regarding the Group, and enables us to promote unified initiatives across the entire Group.

2. System to Control the Group Companies

• The Company carries out management of Group companies in order to enhance the corporate value of the Group as a whole by way of approving important matters such as management plans for the Group companies, receiving reports from each company of the Group including the progress of the plan and occurrence of risk events, and taking effective measures as needed in accordance with the approval and reporting system based on the business segment system.
• We have established a department dedicated to financial planning and analysis. This department monitors and analyzes the management performance of each company within the Group, going beyond quantitative aspects to assess and verify the probability and validity of their respective plans.
• The Company strives to ensure appropriate business operations of the Group by verifying the status on the development and implementation of the systems for each of the Group companies that are established based on various basic policies of the Group, and providing guidance to each company of the Group as needed.
• We have strengthened our oversight structure by increasing the number of our executives who also serve as directors of Sompo Japan, and by having the Group CEO serve as the Chairperson of Sompo Japan's Board of Directors.
• Moreover, some headquarter departments of our company and Sompo Japan operate as a single unit, allowing for continuous monitoring of performance and direct involvement in initiative development through mutual assignments.
• To further strengthen the third line of defense across the Group, we have appointed a Group Chief Audit Executive (CAE) effective April 1, 2025, who will serve as the top leader for the Group's internal audit function.

3. Compliance System

• The Company sets out policies for promoting the Group’s compliance annually, and makes each company of the Group to be thoroughly aware of such policies. Each company of the Group takes its own initiatives to enhance compliance in a systematic manner based on the established policies. The progress of compliance promotion is checked by the Group Executive Committee to verify the appropriateness of the measures being taken. The Company and each company of the Group have set their sights on the promotion of more effective compliance and work to prevent the materialization of risks, including the formulation of a structure to cope with the risk of extra territorial applications of foreign laws and fair tarde.
• We have established the Group Compliance Code of Conduct, which defines the fundamental standards of conduct regarding compliance for all executives and employees of our Group. In addition, we have established "SOMPO's Yes" as a guide for decision-making in daily operations. To support its implementation, we have updated the related handbook and are conducting Group-wide training to promote awareness and understanding.
• The Company and Group companies endeavor to detect legal violations and other inappropriate events at an early stage by developing structures such as the internal reporting system and internal audit system. We maintain internal and external whistleblowing hotlines and offer a Group-wide consultation service to address questions about the system. We actively promote the system, emphasizing how to use it and the protection against retaliation for whistleblowers, while also verifying its effectiveness.
• Our Chief Compliance Officer also serves as the Chief Compliance Officer of Sompo Japan, leading the timely and appropriate sharing of information and enhanced coordination between the two companies. In addition, we have established a Compliance Office to promote timely and appropriate information sharing and collaboration with all Group companies, including monitoring the implementation of Sompo Japan's business improvement plan and preventative measures. We are developing the necessary systems to ensure that our Group complies with laws and regulations and operates in the best interests of its customers, while also strengthening its monitoring functions for major compliance issues, etc., to identify potential issues within the Group and resolve them, and to further develop a sound internal control system.

4. System Regarding Strategic Risk Management (ERM)

• The Company makes each company of the Group to be thoroughly aware of its management strategies and Group Basic Policy on ERM in order to facilitate progress of ERM and dissemination of its culture throughout the overall Group. Each company of the Group establishes strategic risk management systems suitable for the nature of its operation, corporate scale and characteristic, such as developing rules pursuant to the Group Basic Policy on ERM in order to facilitate progress of ERM and dissemination of its culture throughout the overall Group.
• The Company formulates business plans that are consistent with the Sompo Group Risk Appetite Statement through deliberations by the Group Executive Committee and allocates its capital to each business unit based on the growth potential and profitability. Each business unit takes risks within the range of allocated capital in an attempt to achieve profit objectives established in the business plan. The Company carries out ERM based on the principle of the PDCA cycle, in which changes in the operating environment and progress in plans are periodically reviewed and the plans and capital allocations are revised as needed.
• The Company comprehensively identifies significant risks surrounding the Group based upon the fundamental of risk assessment, builds and operates risk control processes which performs analysis, evaluation and control. As part of our measures to actively obtain important information from our Group companies, we are reviewing our evaluation methods in order to appropriately identify and assess the risk of reputational damage from our customers and other stakeholders. For especially significant risks, the Group CRO gains insight into and examines such risks comprehensively. Business CEOs, Group Chief Officers, etc. subsequently develop and implement response measures against risks that require a reinforced system to manage them through a discussion by the Group Executive Committee, etc. in order to improve the effectiveness of risk control. The Company also appropriately controls “emerging risks” that may materialize or transform in the wake of environmental and other changes, and thus possibly have a significant impact on the Group going forward, by keeping an eye on signs of evolving into serious risks.
• The Company promotes the development of the function to ensure the appropriateness of the matters related to actuary of the entire Group (the Group's actuarial functions) by managing Group companies based on the Actuarial Basic Policy.
• The Company has established the Group ERM Committee as a subordinate organization of the Group Executive Committee. The Group ERM Committee discusses on a Group-wide basis the important issues concerning the strategic risk management as well as material risks surrounding the Group.

5. Structure for the Execution of Duties

• The Company sets out mid-term management plans and fiscal year plans for the Group, which are shared by each company of the Group. Each company of the Group sets out its own mid-term management plans and fiscal year plans that are consistent with plans made on a Group basis, so as to ensure the Group-wide cohesiveness. In addition, the Group promotes enhancement in its IT governance, which is at the base, to develop and promote various measures that contribute to business operation with high reliability, convenience and efficiency for Group companies. Furthermore, we have established a Group Chief Data Officer (CDaO) position effective April 1, 2025. As the leader responsible for the Group's data strategy, the Group CDaO will focus on building, promoting, and embedding robust data utilization and governance frameworks.
• Matters that may significantly affect the Group management, such as mid-term management plan and decisions on policies for M&A, are duly deliberated at the Group Executive Committee in order to enhance the efficiency and effectiveness of resolutions by the Board of Directors.

6. Audit System by the Audit Committee

• In order to ensure the effectiveness of audit by the Audit Committee, the Company establishes an Audit Committee Office that is independent from commands and orders given by executive officers, and appoints exclusive staff.
• The Company formulates rules concerning the reporting to the Audit Committee, who receive reports from executives and employees on primarily the status of their duty execution periodically. In addition, reports are made promptly on matters requested by the Audit Committee. In addition, the Audit Committee receive reports from the Group CRO and the officer in charge of compliance on a quarterly basis (and whenever necessary) on the overall internal control system, the status of responses to major risks in the Group, the status of the occurrence of misconduct and major incidents at subsidiaries, and the status of implementation of measures to prevent recurrence, etc., in order to improve the effectiveness of audits from an independent perspective from the execution of operations.
• The Company ensures opportunities for the members of the Audit Committee selected by the Audit Committee to express opinions by attending important meetings.
• The Company ensures opportunities for the members of the Audit Committee or the Audit Committee to exchange information with the independent accounting auditor and internal audit sections on the audit results, etc.
• The Company convenes periodic meetings where the members of the Audit Committee meet with representative executive officers to exchange opinions regarding the recognition of the Group’s important issues. The members of the Audit Committee also perform onsite audit, etc. at the Group companies, and exchange information with the representative, etc. and the members of the Audit Committee of the respective companies.