(2) Risk overview and the assessment per material risk category and the status of countermeasures taken
A. Strategic risks(Nos. 1~12)
a.Risk overview and assessment
The Group categorizes risks that could result in a significant impact on the Group’s business performance due to the Group’s business assumptions and strategies becoming invalid through external environment changes, or in the failure to establish business models that meet the company's business strategy – through, for example, poor governance or inadequate human resources – as strategic risks.
The following are the environmental changes that we consider significant.
Short-term risk includes:
- the risk of deterioration or damage to our competitiveness and earnings base due to new entrants from digital or other industries to the insurance markets,
- inadequate response to advances in digital technology,
- the risk of constrained business opportunities for the Group due to intensifying industrial competition among major economies,
- the risk of greater-than-expected wind and water damage caused by climate change,
- perceived insufficiency of our ESG initiatives,
- damage to our brand value from rumor and misinformation spread through the media and online sources.
As for long-term risk, the Group's business performance could be affected by shrinkage of the insurance market due to expansion of the sharing economy, dwindling birth rates and aging population, or a reduction in insurance needs as technological innovation results in fewer accidents.
b.The status of countermeasures taken
The Group believes that changes in the external environment will bring opportunities as well as threats; therefore, we are implementing our digital strategy and conducting M&A to advance our transformation into a ‘Theme Park for Security, Health and Wellbeing’. We are also laying the foundations of digital transformation (DX) by:
- improving the productivity of existing businesses through deployment of technologies including AI and Big Data;
- creating new customer value with new products and services that use the digital technologies;
- hiring and training digital talent.
With respect to the risks of geopolitics and regulatory changes, the Company has been closely monitoring them to discern the managerial impact by discussing scenarios for geopolitics that would have adverse impacts and collecting information on trends in domestic and overseas laws and regulations.
Large-scale investments, such as digital strategies, M&A, and extensive IT system development are thoroughly discussed at the Board of Directors. However, there is a possibility that expected results may not be achieved due to changes in the business environment or other unanticipated issues. To ensure the continuing relevance of such investments, and that withdrawal criteria have not been violated, we regularly check the status of these developments, based on predetermined standards, even after implementation.
For physical risks caused by climate change, we are analyzing the impact from more severe natural disasters using climate scenarios.
We established a system to manage and discuss the risk associated with transition to a decarbonized society and the risk of inadequate ESG-related initiatives at the Group Sustainable Management Committee*; this is chaired by the Group Chief Operating Officer (COO) and made up of executives responsible for CSR activities at each Group company. Risks are reported to MAC if necessary. The reputational risk is dealt with and minimized by responding to rumors in a timely and appropriate manner, in accordance with the Company's regulations.
- The Group Sustainable Management Committee was formerly known as the Sustainability / CSR Committee.
B.Financial and investment risks(Nos.13~15)
a.Risk overview and assessment
The Group categorizes risks that deteriorate the performance and the financial position of the Group due to market volatility, bankruptcy of invested portfolio companies, guarantee insurance policyholders or reinsurers, and risks that worsen cash flow in the event of a major disaster as financial and investment risks. Fluctuations in domestic stock prices and interest rates, in particular, may have large impacts on the Group's financial performance.
Sompo Group holds a large number of shares for the purpose of maintaining medium- to long-term relationships with customers and invests in a wide range of securities, in Japan and overseas, to generate stable investment income. Should the values of these assets decline, due to a fall in market prices, the Company may incur losses on sale, valuation loss, or decrease in valuation difference on available-for-sale securities. This would impact the Group's business results.
There is also a risk that actual investment yields may be lower than assumed interest rates due to the lower interest rate environment, because the Group sells insurance products with assumed interest rates – the investment yield promised to customers at the time of contracting – over a long period.
Further, declining interest rates may lead to an increase in the economic value of insurance liabilities that exceeds the offsetting increase in market value of securities, resulting in a net overall decrease in equity capital. This risk arises because the domestic life insurance business retains insurance liabilities that have a longer duration than the securities held.
b.The status of countermeasures
The Group strives to mitigate the impact of stock market declines by continuously reducing its strategic shareholdings.
As other initiatives, we are making efforts to reduce the impact of interest rate fluctuations by making long-term investments and loans so that they more closely match to the cash flow of liabilities for maturity refunds on savings-type insurance policies and for domestic life insurance policies. Accumulation limits on investments and loans are also set.
Furthermore, the domestic life insurance business is working to increase the ratio of protection products in its portfolio; these products are less susceptible to interest rate declines under economic value-based calculations for insurance liabilities.
Cash flows are managed at each insurance subsidiary to ensure that the Group has sufficient liquid assets to meet its funding needs in the event of a major disaster or a rise in cancellation due to an interest rate hike.
C. Operational and compliance risks(Nos.16~21)
a.Risk overview and assessment
The Group categorizes risks triggered by violations of laws and regulations, the failure of third party management, system failures (including cyber-attacks), labour issues caused by long working hours, customer information leaks, fraud, and misconduct as operational and compliance risks. The Group conducts businesses in compliance with applicable laws and regulations, including the Insurance Business Act of Japan, and the laws and regulations in countries in which it operates. In the event of a violation of these laws and regulations, the Company may be subject to administrative sanctions from Japan’s Financial Services Agency and other authorities.
There is also system risk resulting from a shutdown, malfunction or misuse of the IT systems; these may be caused by external or internal factors, such as unauthorized access by cyber-attacks, or human error.
Sompo handles a large amount of customer information. Each Group company has established a system for managing such information and maintains strict control over this data. However, in the unlikely event of a major information leak, including a cyber-attack, the Group may lose public trust and confidence and may incur remediation costs that would impact business results.
The occurrence of administrative errors, failure to manage outside contractors, physical and mental health problems among employees, fraudulent acts by officers and employees, criminal acts committed by outside parties, and payment of compensation associated with lawsuits may have a direct or indirect impact on the Group's costs leading to disruption of business operations, administrative action by Financial Services Agency and other authorities, and a loss of public trust and confidence in the Group.
Changes in social awareness, customer preferences, and behaviors may lead to gaps between our products, services, and business practices and stakeholder expectations. Such differences may lead to negative customer sentiment, complaints, and other conduct risk issues that may damage the Group's brand value.
b.The status of countermeasures
The Group is constantly aware of the importance of its public mission and the social responsibilities associated with each of its businesses. We have established a system for conducting appropriate corporate activity, in accordance with laws and regulations, social norms and corporate ethics under the SOMPO Group Basic Compliance Policy and other policies. On top of that, the SOMPO Group Code of Conduct for Compliance has been established to foster and ensure the compliance culture among all officers and employees in the Group.
Regarding IT system failures, we have established an IT risk management system and we are continuously working to reduce such risks. Our efforts to counter cyber-attack risk are focused on continuous development of the response system in each group company and establishment of a designated team for cyber security in the Company. Through these overarching and Group-wide initiatives, we are committed to improving the maturity of our defense capabilities within all group companies.
Labour risk caused by long working hours has been dealt with by making sure that the working time is properly and thoroughly managed and establishing a management system to enable improved management skill and communication under the working-from-home environment.
For conduct risk, we have implemented measures to identify and take pre-emptive measures against signs of risk, and we have established a system for managing outsourced contractors – including provisions to manage the process appropriately from the start of outsourcing to the termination of the contract.
D.Business specific risks(Nos. 22~27)
(Insurance underwriting risk)
a.Risk overview and assessment
The Group categorizes the occurrence of claim payments that exceed the expected level in domestic non-life insurance business, overseas insurance business, and domestic life insurance business as business risks (insurance underwriting risk). Key vulnerabilities that may generate insurance underwriting risk include an unexpected rise in the number of wind and water-related disasters associated with climate change, and loss from large-scale cyber attacks.
We may have to pay a large amount of insurance claims for damage caused by natural disasters such as earthquakes, wind, floods, and snow in Japan and abroad. In addition, changing patterns of frequency and severity of wind and water-related disasters due to climate change may increase the amount of claim payments, deteriorate the Group's underwriting balance, and make it difficult for the Group to provide stable insurance coverage.
Sompo Group offers insurance products that directly cover damage caused by cyber-attacks. In the event that a large-scale cyber-attack targeting software vulnerabilities occurs, we may receive simultaneous claims from multiple customers arising both from destruction or theft of data and from interruption of business operations, and this may affect the Group's business performance.
b.The status of countermeasures
The Group aims to stabilize its business performance by using reinsurance and catastrophic loss reserves to prepare for domestic natural catastrophe risks, and by setting appropriate premium rates that quantify the estimated claims payment for natural disasters – factoring in potential impacts of climate change.
For overseas insurance business, the Company sets limits for each region and each type of natural disaster based on the Group's capital and profit level, to maintain control over the accumulation of natural disaster risks, and monitors exposure periodically to ensure that these limits are not exceeded.
Also, we are working to capture and reduce such risks by identifying potential large-scale cyber incidents and calculating the expected maximum losses.
(Nursing care business risk)
a.Risk overview and assessment
The Group categorizes the misjudgment of nursing care business strategy and the damage to brand value from major scandals as business specific risks (nursing care business risk).
To meet the diverse needs of many elderly people and their families, we have established Sompo Care Inc. that provides a full range of nursing care services from home care to institutional care.
In the Nursing Care & Seniors Business, the Group's operating results may be affected by the following factors: revision of the Long-Term Care Insurance Act and long-term care compensation, intensifying competition in the nursing care market, difficulty in hiring and retaining employees, food poisoning, outbreaks of communicable diseases, accidents specific to the senior citizen related business, loss of public trust and confidence as a result of such aforementioned incidents, and the occurrence of reputational risk.
b.The status of countermeasures
Sompo Care Inc., which manages the Group’s nursing care business, is committed to building trust with customers by establishing a corporate governance system and facility management structures.
The company has established a Governance, Risk and Compliance Committee as an advisory body to the Executive Committee. This deliberates on response to major risk management related incidents and on internal control matters based on the results of internal audits. The Risk Management Department in SHD consolidates all the information on accidents and works to ensure that all officers and employees are aware of and take preventive measures against reoccurrence.
In addition, we promote the effective use of ICT and leading-edge technologies at nursing care facilities to improve productivity and employee compensation, aiming to close the gap between supply and demand for nursing care personnel. Furthermore, the company aims to help solve societal challenges in Japan facing a super-aged society in future, by maximizing productivity, utilizing know-how on high quality care service to provide solutions that support business process of nursing-care business operators, and promoting preventive services for deteriorating cognitive functions.
E.Other risk(No.28)
(Business interruption)
a.Risk overview and assessment
The Group categorizes disruption to the stable operation of the Group’s business due to natural disasters such as major earthquakes, large-scale terrorist attacks including cyber-terrorism, new strains of influenza pandemic, and other events as other risks (business interruption risk). These may affect operations such as SHD functions, insurance payments, and provision of nursing care services, as well as affecting the Group's business results.
b.The status of countermeasures
The Group has formulated a business continuity plan and conducts regular training on its execution. The Group strives to verify and improve the effectiveness of business continuity measures by preparing for natural disasters such as large earthquakes and for emergencies such as pandemics caused by a new strain of influenza or other infectious agents.
In response to the global spread of Covid-19, we have added scenarios into the business continuity plan and stipulated an action plan for each scenario. Through these measures, we are improving our emergency response capability so that we ensure all critical operations in the Group companies continue to function.