Strategic risk |
1. Deterioration/transformation of competitive environment
<Risk overview>
Impact on our group's financial performance due to: deterioration or damage to competitiveness and revenue base from insufficient response to new entrants from digital and other industries and the advancement of digital technologies including generative AI; shrinking market size due to the expansion of the sharing economy and domestic population decline/aging; and reduced insurance needs from fewer accidents resulting from technological innovation.
<The status of countermeasures>
We are executing our digital strategy and M&A activities to advance our transformation toward realizing the "SOMPO’s Purpose." This includes enhancing productivity in existing businesses through the use of generative AI and data-driven decision-making workflows, creating new value through digital technology and new products and services addressing social issues in areas such as disaster prevention, mitigation, and mobility, and promoting digital transformation (DX) by hiring and developing specialized digital talent to support these efforts.
|
2. Significant change in macroeconomic environment
<Risk overview>
Significant revenue decline due to a global economic slowdown, the potential inability to pass on increased business costs and insurance payouts resulting from rapid inflation to our product and service prices, and the devaluation of financial assets.
<The status of countermeasures>
We are closely monitoring the impact of macroeconomic conditions, such as a global economic slowdown and rapid fluctuations in inflation rates, on our business, and are taking measures based on appropriate estimations of premium income, insurance payouts, etc. Furthermore, as changes in the macroeconomic environment can significantly impact our capital position through fluctuations in the value of investment assets, we are analyzing the impact on our group under multiple scenario settings and implementing countermeasures.
|
3. Geopolitical risk
<Risk overview>
Consequential effects on our group from heightened geopolitical tensions, such as retaliatory sanctions and the occurrence of significant events (including financial asset devaluation, increased insurance payouts, and business interruption).
<The status of countermeasures>
We are investigating scenarios that could significantly impact our group (including market effects), utilizing insights from external experts, assessing the financial implications, and closely monitoring the potential managerial impact. We are also maintaining an effective crisis response system by developing manuals and business continuity plans that outline actions for officers and employees during a crisis, and conducting training and self-assessments.
|
4. Pandemic
<Risk overview>
The impact on our group in the event of a global pandemic that restricts people's lives and industrial activities (including increased insurance payouts, unmet business plans due to a global economic slowdown, business interruption, and financial asset devaluation).
<The status of countermeasures>
Drawing on the experience gained during the COVID-19 pandemic, we have formulated business continuity plans to prepare for the occurrence of new infectious diseases and other pandemics. We conduct regular training exercises and validate the effectiveness of these plans. Furthermore, we continue to monitor environmental changes to flexibly adapt to the opportunities and threats arising from subsequent major shifts.
|
5. Changes in regulatory systems
<Risk overview>
The risk of inadequate response to significant changes in laws, regulations, supervisory frameworks, financial administrative policies, etc., pertaining to the insurance business (including administrative sanctions, lost innovation opportunities, increased business costs, payment of damages from litigation, and reputational damage).
<The status of countermeasures>
We strive to stay abreast of revisions to relevant laws and regulations and implement necessary responses. In addition, we are monitoring trends in structural reforms of the non-life insurance industry in a timely manner, including discussions at the "Expert Panel on Structural Issues and Competition in the Non-Life Insurance Sector" and the Financial System Council's "Working Group on Regulatory System Especially for Non-Life Insurance business".
|
6. Insufficient governance
<Risk overview>
The risk arising from inadequate functioning of group governance (including the establishment and operation of internal control systems), such as: failure of our company's supervisory function due to insufficient communication and information sharing between our company and group companies; and inability to achieve strategic goals, deviations from regulations, and reputational damage due to the malfunction of internal control systems relating to decision-making processes, etc.
<The status of countermeasures>
In order to ensure effective group governance, we are continuously reviewing and strengthening our management and monitoring system to appropriately assess the adequacy and effectiveness of internal controls at group companies on a risk-basis in a timely manner. Specifically, regarding Sompo Japan, we have increased the number of our company's executives serving concurrently as directors and strengthened oversight by having the Group CEO serve as Chairman of the Board of Directors. Furthermore, we are working to enhance communication between our company and group companies, including the reporting of negative information, and to promote the use of the internal whistleblowing system and foster a speak-up culture.
|
7. Misjudgment of risks associated with new business and strategic investment
<Risk overview>
Impairment of invested capital, reputational damage, and failure to achieve the expected return on investment from digital technologies and systems due to inadequate risk awareness regarding strategic investments and new businesses (including those related to digital technology).
<The status of countermeasures>
While we carefully discuss the validity of major investments, such as digital strategies, M&A, and large-scale system development at the Board of Directors level, etc., before execution, the anticipated results may not be achieved due to environmental changes or unforeseen difficulties. Therefore, even after execution, we regularly confirm that the validity remains and that withdrawal criteria are not triggered, based on pre-defined standards.
|
8. IT strategy risk
<Risk overview>
- The risk of schedule extensions, budget overruns, and reduced quality in large-scale system development projects due to factors such as rapid changes in the external environment, deficiencies in project management, the complexity of system development, and talent shortages that significantly impact various businesses.
- Impact on business opportunities, reduced ROI, damage to corporate reputation, and loss of competitiveness compared to other companies.
<The status of countermeasures>
In order to ensure appropriate IT governance, we have established management processes aligned with international standards. We have also established a system for monitoring of large-scale system development projects and are striving to ensure proper project execution.
|
9. Climate change (Physical risks)
<Risk overview>
- Impact on underwriting income due to the occurrence or increased frequency of larger-than-expected wind and flood damage (including snow and hail damage, etc.) caused by climate change.
- Accumulation of risk and reduced profit stability due to a hardening reinsurance market and a significant decrease in reinsurance capacity as a result of increased wind and flood damage.
<The status of countermeasures>
We are advancing our initiatives based on research findings from external organizations such as the IPCC (Intergovernmental Panel on Climate Change) and NGFS (Network for Greening the Financial System), as well as scientific knowledge obtained in collaboration with universities and other research institutions. Through large-scale analysis using meteorological and climate big data, we are working to understand the long-term effects of rising average temperatures on the average trend changes in typhoons, floods, and storm surges affected by sea-level changes, as well as the occurrence trends of extreme disasters. Furthermore, to control the impact of massive wind and flood damage on our group, we are revising products and reviewing underwriting conditions.
|
10. Sustainability risk
<Risk overview>
- Increasing social pressure on corporations regarding sustainability, coupled with a slow or inadequate response in developing products and services that support the transition to a decarbonized society, can lead to reputational damage from stakeholders. Furthermore, the strengthening of regulations concerning climate change responses could result in a decline in the value of fossil fuel assets (stranded assets).
- The occurrence of inappropriate actions or events that violate business and human rights norms, along with insufficient responses or failures to rectify such issues, can lead to reputational damage from stakeholders.
<The status of countermeasures>
Regarding transition risks, we are actively pursuing our Green Transition Plan, primarily focused on insurance underwriting and asset management. Concerning human rights risks, we identify and assess potential impacts and risks across the entire value chain of each business. These efforts are overseen by the Group Sustainable Management Committee, chaired by the Group Chief Sustainability Officer (CSuO), which monitors progress, facilitates discussions, and reports to the Board of Directors and other relevant bodies.
|
11. Risks related to human capital
<Risk overview>
- Failure to foster a corporate culture that embraces diverse perspectives, leading to decreased employee engagement.
- Inability to strengthen group talent and inadequate attention to DEI (Diversity, Equity, and Inclusion) initiatives, hindering talent acquisition and preventing the execution of strategic workforce planning.
<The status of countermeasures>
Regarding human capital risks, we are enhancing our HR systems to promote individual career development and improve talent competitiveness. This includes implementing a job-based HR system and policies supporting diverse work styles, enabling employees to build careers aligned with their 'MY Purpose' (individual life goals, purpose, or meaning of work). We are also providing employees with access to platforms designed to foster self-directed learning. Furthermore, we are committed to inclusive talent acquisition, regardless of gender, disability, nationality, age, or other attributes. We are increasing investment in employee development to enhance specialized skills. Finally, we are revising our Group Corporate Philosophy System, including establishing required ethical and behavioral principles, to transform and embed a shared understanding, mindset, values, and behaviors across our Group's officers and employees.
|
Market risk |
12. Significant market deterioration
<Risk overview>
- We invest broadly in domestic and international securities. Fluctuations in stock, foreign exchange, and interest rate markets could lead to realized investment losses, mark-to-market losses, or declines in fair value, which could negatively impact our Group's financial performance.
- We sell long-term insurance products with guaranteed interest rates (the rate of return promised to customers at the time of contract). In periods of declining interest rates, there is a risk that actual investment returns may fall below the guaranteed interest rates.
- Conversely, in periods of rising interest rates, there is a risk of increased policy surrenders, primarily in savings-type products, as customers may switch to products with higher guaranteed interest rates.
- In our domestic life insurance business, the long-term nature of insurance products leads to a high interest rate sensitivity of insurance liabilities. A mismatch between the interest rate sensitivity of assets and liabilities could significantly increase the risk of a decline in adjusted net worth during periods of interest rate volatility.
<The status of countermeasures>
The Group has established a plan to reduce our holdings of shares that could potentially hinder fair competition in insurance transactions to zero by the end of fiscal year 2030. We are accelerating the pace of reduction, especially from fiscal year 2024 onwards, and are steadily decreasing our remaining balance. We are also working to mitigate the impact of stock market declines. Regarding the impact of exchange rate fluctuations, we monitor currency risk exposure on a Group-wide basis and manage the risk of a significant reduction in equity capital due to a stronger yen. To address the interest rate sensitivity of long-term insurance liabilities, such as maturity refunds for endowment insurance and our domestic life insurance business, we execute long-term investments and financing activities, balancing economic value-based perspectives with accounting perspectives under the Insurance Business Act. This reduces the overall interest rate sensitivity of our assets and liabilities, mitigating the impact of interest rate fluctuations on adjusted net worth. Furthermore, in our domestic life insurance business, we are working to increase the proportion of products less sensitive to interest rates, such as protection-type products. We regularly assess the impact of stress scenarios that could have a material impact on our business, such as significant market deterioration.
|
13. Reinsurance and investment credit risk
<Risk overview>
The impact on our Group's financial performance from declines in the value of financial assets or increased insurance payouts due to bankruptcies or creditworthiness deterioration of investees, borrowers under guarantee insurance, or failures of reinsurance companies, leading to unrecoverable reinsurance claims.
<The status of countermeasures>
To avoid concentration risk in our investments, lending, and reinsurance placements, we set limits based on internal credit ratings for individual counterparties. We regularly monitor compliance with these limits and manage our exposures to ensure they are not exceeded.
|
14. Liquidity in the event of a major disaster
<Risk overview>
The impact on our Group's financial performance from the need to secure financing through substantial borrowing or asset sales during large-scale disasters or similar events.
<The status of countermeasures>
Liquidity is managed separately for each insurance subsidiary. We ensure that sufficient liquid assets are maintained to meet financing needs in the event of catastrophic disasters or increased policy surrenders due to rising interest rates.
|
Operational and compliance risk |
15. Risks related to outsourcing and partnerships
<Risk overview>
The occurrence of circumstances that make it difficult to continue outsourced operations due to insufficient operational capabilities, bankruptcy, legal or regulatory violations, misconduct, or service withdrawal by key external vendors, including agencies, as well as the resulting payment of compensation and reputational damage.
<The status of countermeasures>
Following the administrative actions levied against our company and Sompo Japan, our Group is actively implementing measures to prevent recurrence. A central element of this effort is cultivating a robust corporate culture that prioritizes compliance and customer protection. To fundamentally reshape the understanding, mindset, values, and actions of our Group officers and employees, we have undertaken a revision of the Group Corporate Philosophy System, which includes establishing the mandatory code of conduct. We are committed to further embedding these principles through comprehensive communication, training, and other initiatives. Beyond simply establishing a system to ensure proper corporate conduct aligned with legal regulations, social norms, and corporate ethics, we are diligently working to enhance the effectiveness of our Group-wide internal control system. This includes a thorough analysis of incidents across our Group companies to implement targeted solutions addressing common vulnerabilities.
|
16. IT failures
<Risk overview>
- The risk of system failures, including information system outages and malfunctions, due to internal factors such as equipment failure, human error, and information system deficiencies, as well as external factors such as natural disasters.
- The potential for recovery costs, lost revenue due to service disruptions, and negative impacts on business operations and relationships due to reputational damage.
<The status of countermeasures>
To ensure appropriate IT governance, we have established management processes aligned with international standards. We aim to prevent system failures by defining various procedures and standards. Furthermore, we continuously strive to mitigate system risks by implementing various measures, including regular analysis of system failures, development of a Business Continuity Plan (BCP), and conducting routine training exercises.
|
17. Cyber security breach
<Risk overview>
- The risk of cyberattacks causing security breaches within our Group or at our agencies and vendors, leading to information system outages, malfunctions, unauthorized access, data destruction or alteration, significant data breaches, or supply chain disruptions.
- Potential consequences including investigation and recovery costs, lost revenue due to service disruptions, and negative impacts on business operations and relationships due to reputational damage, as well as violations of data protection laws such as the Personal Information Protection Act and the EU General Data Protection Regulation (GDPR).
<The status of countermeasures>
We recognize that continuously improving our response capabilities is paramount in the face of increasingly sophisticated and complex cyberattacks. We are strengthening our cyberattack management framework and, as a Group, are committed to enhancing our cybersecurity measures and continuously improving our response capabilities. On April 21, 2025, we discovered unauthorized third-party access to Sompo Japan's web systems, and we acknowledge the potential breach of some customer information. We are assessing the impact of this incident and taking appropriate measures, and we are also reviewing our management framework based on the lessons learned from this event.
|
18. Labor risk
<Risk overview>
- Violations of domestic and international labor laws, litigation related to excessive workloads, and increased employee attrition, potentially leading to business disruption, reputational damage, and inadequate health and well-being initiatives.
- The occurrence of employee physical and mental health issues, decreased productivity leading to increased costs, and increased employee turnover primarily due to various forms of harassment, including power harassment, potentially resulting in difficulties in talent acquisition and staffing.
<The status of countermeasures>
To address labor-related risks associated with excessive working hours and other issues, we are committed to: ensuring strict adherence to proper time and attendance management; eradicating harassment; promoting mental health initiatives; advancing health and well-being programs; and fostering an inclusive culture through initiatives such as expanding career recruitment.
|
19. Leakage of confidential and customer information (excluding cyber-attacks)
<Risk overview>
The risk of significant payouts and reputational damage resulting from major data breaches caused by officers or employees across Group companies.
<The status of countermeasures>
We have established the 'SOMPO Group Basic Policy on Customer Information Management,' among other policies, and have implemented various security control measures to prevent major data breaches.
|
20. Compliance risk
<Risk overview>
- Violations of laws and regulations applicable to each of our Group's businesses, as well as those applicable in the countries and regions where we operate internationally, potentially leading to the payment of fines, penalties, and other sanctions. Also, misconduct by officers and employees, criminal acts by external parties, and the payment of damages resulting from litigation.
- The erosion of our Group's social trust and credibility due to legal violations, scandals, or other misconduct.
<The status of countermeasures>
Beyond simply establishing a framework to ensure proper corporate activities in accordance with legal regulations, social norms, and corporate ethics, we are actively working to enhance the effectiveness of our Group-wide internal control system. This includes analyzing specific examples of misconduct and other incidents occurring within Group companies and implementing targeted solutions to address common, Group-wide vulnerabilities. To promote a culture of compliance among our officers and employees, we provide training on the 'SOMPO Group Compliance Code of Conduct' and 'SOMPO's Yes,' a decision-making framework designed to guide employees toward ethical judgments and actions in their work. We are committed to embedding and reinforcing a strong compliance mindset throughout the organization. Furthermore, to facilitate the early detection of misconduct and other incidents, we have established a common Group-wide consultation and reporting channel for our whistleblower program and are continuously evaluating and refining its effectiveness.
|
21. Conduct risk
<Risk overview>
- The erosion of corporate value due to a gap between the products, services, and business practices offered by our Group and the expectations of society and our stakeholders, including customers.
- The potential for our Group's governance regarding products and services, personal information collection, AI utilization, and other areas to fall short of stakeholder expectations and/or negatively impact market integrity.
<The status of countermeasures>
To foster a sound corporate culture that prioritizes compliance and customer protection, we have updated the 'SOMPO Group Compliance Code of Conduct' for all Group officers and employees and have established 'SOMPO's Yes,' a decision-making framework. We are committed to ongoing communication, training, and other initiatives to promote widespread understanding and adoption of these principles.
|
Business risk |
22. Mega earthquake in Japan, 23. Huge wind and flood disaster in Japan, 24. Mega natural disasters overseas
<Risk overview>
- The impact on underwriting income due to substantial insurance payouts resulting from large-scale natural disasters.
- The difficulty in managing risk in accordance with our risk appetite due to challenges in securing reinsurance arrangements and other related factors.
<The status of countermeasures>
To manage natural catastrophe risk and prevent excessive concentration, we establish limits by region and type of natural disaster based on the Group's capital levels. We regularly monitor compliance with these limits and manage our exposures to ensure they are not exceeded. We also conduct regular stress tests to confirm capital adequacy, while stabilizing our business through reinsurance and capital enhancement. Furthermore, we quantitatively assess the risk of insurance payouts due to natural disasters to ensure appropriate premium rates and product design.
|
25. Cyber aggregation risk
<Risk overview>
The impact on underwriting income due to substantial insurance payouts resulting from large-scale cyberattacks.
<The status of countermeasures>
Within our major insurance subsidiaries, we calculate the probable maximum loss (PML) for cyber insurance based on quantitative risk modeling and regularly monitor our position against pre-defined limits or guidelines.
|
26. Conventional terrorist attack
<Risk overview>
The extensive damage resulting from large-scale terrorist attacks, including human, physical, and economic disruption.
<The status of countermeasures>
We calculate the probable maximum loss (PML) for conventional bomb terrorism and regularly monitor our position against pre-defined limits.
|
27. Misjudging the long-term nursing care business environment
<Risk overview>
- The risk of misjudging the long-term care business environment stemming from our full-line provision of care services, ranging from in-home care to facility-based care.
- The potential for difficulties in securing staff due to revisions to the Long-Term Care Insurance Act and long-term care service fees, increased competition in the long-term care market, and a widening gap between the supply and demand of long-term care personnel.
<The status of countermeasures>
Recognizing the growing gap between the supply and demand of long-term care personnel, SOMPO Care Inc. aims for the sustainable growth of its long-term care business by pursuing 'The Future of Care.' This involves leveraging data and technology to streamline operations in care facilities, creating time for personnel to focus on tasks that only humans can perform, and achieving productivity gains with enhanced quality. Furthermore, we intend to transform the future of long-term care by extending this approach across the entire long-term care industry.
|
28. Serious misconduct in the nursing care business
<Risk overview>
- The risk of serious misconduct damaging our brand value.
- The occurrence of food poisoning, outbreaks of infectious diseases, and accidents specific to elderly care, leading to damage to social trust, credibility, and reputation.
<The status of countermeasures>
To build trust with our clients, SOMPO Care Inc. is committed to establishing robust corporate governance and operational management systems. The Governance, Risk, Quality, and Compliance Committee has been established as an advisory body to the Management Committee to deliberate on matters related to internal controls, including responses to significant risk management and quality events, as well as internal audit results. Furthermore, Head Office Risk Management Department aggregates accident information and works to disseminate and ensure the thorough implementation of preventative measures.
|
Other risks |
29. Business Interruption
<Risk overview>
A situation in which the smooth operation of essential functions, such as head office operations, insurance claims payments, and the provision of long-term care services, is hindered by events such as: large-scale natural disasters (including major earthquakes), large-scale terrorist attacks, pandemics (including novel infectious diseases), and major system failures caused by cyberattacks.
<The status of countermeasures>
Our Group has long maintained Business Continuity Plans (BCPs) to prepare for emergencies such as large-scale natural disasters (including major earthquakes), pandemics (including novel infectious diseases), and major system failures caused by cyberattacks. We conduct regular training exercises and continuously strive to validate and improve the effectiveness of these BCPs. More recently, we have been working to further enhance our crisis response capabilities and ensure the continuity of critical operations across our Group companies. This includes: reviewing the BCPs of each Group company based on damage scenarios for a major Tokyo earthquake and a Nankai Trough earthquake; deploying the latest communication tools and power facilities; and clarifying our cyber response emergency structure and intra-group collaboration workflows.
|
30. Reputational risk
<Risk overview>
Damage to brand value resulting from the dissemination of negative information in mass media reports and online articles.
<The status of countermeasures>
Regarding reputational risk, our established policies clearly define methods for controlling the risk of damage to our reputation due to negative information. We strive to mitigate the impact through prompt and appropriate responses. We have also developed criteria for determining when information disclosure is necessary during a crisis to ensure timely and accurate communication. Furthermore, we have established a system for the early detection of reputational issues within the Group based on established reporting procedures for adverse information.
|