1. Management system and framework for major risks

(1) Overview of risk management system

Risk management is an increasingly important focus for Sompo Group with the growing level of uncertainty in the business environment. Factors driving this uncertainty include the increasing frequency and severity of extreme weather conditions and associated natural disasters, rising geopolitical tensions, and the rapid rise of inflation in the global economy.
Sompo Group operates an Enterprise Risk Management(ERM) framework to manage risk across the Group, serving as a sophisticated ‘compass’ that points the business towards the optimal direction. This embraces not just the avoidance of losses, but also the avoidance of missed opportunities for profitable risk-taking. These include, for example, potential new business investments in response to risks identified. The ERM system seeks to achieve these goals by providing and strengthening the following three capabilities:

ERM is effected through a series of business management processes that look to maximize corporate value by achieving a balance of capital, risk, and profit through management of the two objectives: risk-taking for business strategies and risk control for a stable business foundation. In the risk-taking context, we make use of analyses on capital, risk, and profit within the Risk Appetite Framework for important management decisions, corresponding to (c) in the above diagram. For risk control, we use a framework – the Risk Control System – to identify, analyze, and assess various types of risks surrounding the Group, aiming to minimize unexpected losses and to increase the stability of profit. This corresponds to (a) and (b) in the diagram below.

The three functions and overall outline of the Sompo Group’s Enterprise Risk Management (ERM)

2. Risk Management Governance Structure

In order to ensure the effectiveness of ERM based on the "Sompo Group Basic Policy on ERM" established by the Board of Directors, Sompo Group’s Risk Appetite Statement – consisting of the Risk Appetite Principles, the Medium-term Risk-taking Strategy, and the Risk Appetite Indicator – is used as a guideline for risk-taking, in alignment with the Group’s strategies and business management plans.
The Group ERM Committee, chaired by the Group CRO, has been established as a subordinate body of the Global Executive Committee (Global ExCo), an advisory body to the Group CEO, to conduct cross-sectional management discussions on important Group ERM issues, such as risk-taking strategies, capital allocation, and material risks surrounding the Group.
The Group CRO ensures that the "Sompo Group Basic Policy on ERM" and the "Medium-term Group ERM Promotion Policy" are known to all Group companies, and works to improve the effectiveness of ERM for the entire Group through regular monitoring and discussions with the CROs of each company.

<Risk Management Governance Structure>

The Risk Control System and the status of risk and capital

Under the Risk Control System, the Group conducts risk assessment using the Material Risk Management framework – firstly identifying all the material risks we face, then evaluating them from both a qualitative and quantitative perspective. For risks that can be quantified, their impacts on capital adequacy and liquidity are analyzed and assessed based on various quantitative indicators in Capital adequacy management, Stress testing, Limit management, and Liquidity risk management frameworks. Based on these analyses, the management decides necessary risk control measures to secure and improve the Group’s financial soundness.

A．Material Risk Management

The Group defines risks that could have significant impacts on the business as material risks; these are identified and assessed through an exhaustive process. Such risks are comprehensively managed by the Group CRO based on this risk assessment and expert insight, considering concrete risk scenarios that could impact the Group. Risks are evaluated in both qualitative and quantitative terms, assessing the frequency of occurrence, and the severity of impact across three risk dimensions – economic loss, business continuity, and reputational damage. The results, including the status of controls, are reported to the Managerial Administrative Committee (“MAC”) – the advisory committee for the Group COO – and the Board of Directors at least twice a year.

Those risks that carry large volatility, and require specific discussions on countermeasures etc., are raised at Global ExCo as well as MAC. Also, we have added a new dimension to the risk assessment to respond to ‘trending risks’ – risks that we anticipate will increase continuously for the next 10 years or more – in order to capture their long-term impact on the Group’s business model. We will use this dimension to validate the continuing effectiveness of risk countermeasures into the future.

Further, the Group defines emerging risks as those that are not currently material risks but which, due to environmental changes, have potential to become material in future. We identify the signs of such risks, that might have a significant impact on the Group in future, and we manage them accordingly. Potential emerging risks, identified through review of literature and consultation with experts, are listed in an emerging risk register, and will be selected as an emerging risk once certain criteria are met – for example when the expected impact exceeds a certain level.

Currently, four emerging risks, including innovative medical technology and biodiversity, have been selected; we monitor, research, and study them not only from the viewpoint of mitigating losses, but also from the viewpoint of seeking new business opportunities through creation of insurance products and services to address these risks.

B．Capital Adequacy Management

We quantify the various types of risks that we face using value at risk (VaR) as a unified risk metric. We take management measures as necessary to ensure that capital is maintained at an adequate level relative to risks.

C．Stress Testing

The Group conducts scenario stress testing, reverse stress testing, and sensitivity analyses on a Group-wide basis to accurately identify and manage events that could significantly affect its business management. We analyze the impact on both capital and risk and take countermeasures as required. As at the end of March 2022, we confirmed that the Group retains sufficient capital even under any of the assumed stress scenarios.

D．Risk Limit Management

We have established the maximum limit for each risk on a Group-wide basis such as credit risk, reinsurance counterparty risk, and overseas natural catastrophe risk to avoid outsize losses arising from the occurrence of specific events, and manage these risks. As at the end of March 2022, we have confirmed that the Group does not violate any risk limits; preliminary limit management is carried out within the limits of each limit.

E．Liquidity Risk Management

In addition to projecting cash requirements for day-to-day operations, we project the maximum cash outflows that could result from events such as a large-scale natural catastrophe. We then conduct management to ensure we have sufficient liquid assets to meet cash requirements in these scenarios. As at the end of March 2022, we have confirmed that the Group has adequate liquid assets to meet such outflows.

3. Major risks

(1) Material risks and the assessment of their likelihood and impact

Material risks are those risks that are recognized by management as having the potential to materially impact the Group's business performance. The following evaluation shows the probability of occurrence and the impact of these risks.

≪Universe of Material Risk≫

■Heat Map of Material Risk (Probable Occurrence/ Impact Level)

(2) Material Risks - Assessments, and Countermeasures

A. Strategic risks（Nos. 1～12）

ａ．Risk overview and assessment

The Group categorizes risks that could result in a significant impact on the Group’s business performance due to the Group’s business assumptions and strategies becoming invalid through external environment changes, or in the failure to establish business models that meet the company's business strategy – through, for example, poor governance or inadequate human resources – as strategic risks.

The following are the environmental changes that we consider significant.

Short-term risk includes:

• risk of inability to pass on increased business costs and insurance claims paid due to acceleration of inflation to product and service prices,
• risk of decrease in value of financial assets as a result of rising inflation,
• risk of wind and flood damage exceeding expectations due to climate change,
• risk of damage to our brand value from rumors and misinformation spread through the media and online sources, etc.
• the risk of deterioration or damage to our competitiveness and earnings base due to new entrants from digital or other industries to the insurance markets,
• inadequate response to advances in digital technology,
• the risk of constrained business opportunities for the Group due to intensifying industrial competition among major economies,

As for long-term risk, the Group's business performance could be affected by shrinkage of the insurance market due to expansion of the sharing economy, declining birth rate and aging population, as well as the decrease in insurance needs as technological innovation results in fewer accidents and restrictions on people’s lives and industrial activities due to pandemics. In addition, the Group's insurance underwriting and asset management may be affected by the high greenhouse gas (GHG) emission sectors becoming stranded assets or worsening credit risk as a result of the transition to a decarbonized society.

ｂ．The status of countermeasures taken

The Group believes that changes in the external environment will bring opportunities as well as threats; therefore, we are implementing our digital strategy and conducting M&A to advance our transformation into a ‘Theme Park for Security, Health and Wellbeing’. We are also laying the foundations of digital transformation (DX) by:

• improving the productivity of existing businesses through deployment of technologies including AI and Big Data;
• creating new customer value with new products and services that use the digital technologies;
• hiring and training digital talent.

With regard to the deterioration of the economic environment, the Company closely monitors daily changes, such as the deterioration of the global economy and financial markets due to rapidly advancing inflation, analyzes the impact on the Group, and implements countermeasures. With respect to the risks of geopolitics and regulatory changes, the Company has been closely monitoring them to discern the managerial impact by discussing scenarios for geopolitics that would have adverse impacts and collecting information on trends in domestic and overseas laws and regulations.

Large-scale investments, such as digital strategies, M&A, and extensive IT system development are thoroughly discussed at the Board of Directors. However, there is a possibility that expected results may not be achieved due to changes in the business environment or other unanticipated issues. To ensure the continuing relevance of such investments, and that withdrawal criteria have not been violated, we regularly check the status of these developments, based on predetermined standards, even after implementation.

Regarding future pandemics, we will continue to draw on our experience with the spread of novel coronavirus infections, including our watchful eye on environmental changes so that we can respond flexibly to opportunities and threats that come from major changes.

For physical risks caused by climate change, we are analyzing the impact from more severe natural disasters using climate scenarios.

With regard to the risks associated with the transition to a decarbonized society, we are working on the Green Transition Plan, which focuses on insurance underwriting and asset management. The Group Chief Sustainability Officer (CSuO) chairs the Group Sustainable Management Committee, which is composed of executives responsible for CSR activities from each Group company, to monitor and discuss the status of these initiatives and report to Global ExCo and MAC as necessary. The reputational risk is dealt with and minimized by responding to rumors in a timely and appropriate manner, in accordance with the Company's regulations.

B．Financial and investment risks（Nos.13～15）

ａ．Risk overview and assessment

The Group categorizes risks that deteriorate the performance and the financial position of the Group due to market volatility, bankruptcy of invested portfolio companies, guarantee insurance policyholders or reinsurers, and risks that worsen cash flow in the event of a major disaster as financial and investment risks. Fluctuations in domestic stock prices and interest rates, in particular, may have large impacts on the Group's financial performance.

Sompo Group holds a large number of shares for the purpose of maintaining medium- to long-term relationships with customers and invests in a wide range of securities, in Japan and overseas, to generate stable investment income. Should the values of these assets decline, due to a fall in market prices, the Company may incur losses on sale, valuation loss, or decrease in valuation difference on available-for-sale securities. This would impact the Group's business results.

There is also a risk that actual investment yields may be lower than assumed interest rates due to the lower interest rate environment, because the Group sells insurance products with assumed interest rates – the investment yield promised to customers at the time of contracting – over a long period.

Further, declining interest rates may lead to an increase in the economic value of insurance liabilities that exceeds the offsetting increase in market value of securities, resulting in a net overall decrease in equity capital. This risk arises because the domestic life insurance business retains insurance liabilities that have a longer duration than the securities held.

ｂ．The status of countermeasures

The Group strives to mitigate the impact of stock market declines by continuously reducing its strategic shareholdings.

As other initiatives, we are making efforts to reduce the impact of interest rate fluctuations by making long-term investments and loans so that they more closely match to the cash flow of liabilities for maturity refunds on savings-type insurance policies and for domestic life insurance policies. Accumulation limits on investments and loans are also set.

Furthermore, the domestic life insurance business is working to increase the ratio of protection products in its portfolio; these products are less susceptible to interest rate declines under economic value-based calculations for insurance liabilities.

Cash flows are managed at each insurance subsidiary to ensure that the Group has sufficient liquid assets to meet its funding needs in the event of a major disaster or a rise in cancellation due to an interest rate hike.

C． Operational and compliance risks（Nos.16～22）

ａ．Risk overview and assessment

The Group categorizes risks triggered by violations of laws and regulations, the failure of third party management, system failures, cyber security, labour issues caused by long working hours, customer information leaks, fraud, and misconduct as operational and compliance risks. The Group conducts businesses in compliance with applicable laws and regulations, including the Insurance Business Act of Japan, and the laws and regulations in countries in which it operates. In the event of a violation of these laws and regulations, the Company may be subject to administrative sanctions from Japan’s Financial Services Agency and other authorities.

There is also system risk resulting from a shutdown, malfunction or misuse of the IT systems; these may be caused by external or internal factors, such as unauthorized access by cyber-attacks, or human error.

Sompo handles a large amount of customer information. Each Group company has established a system for managing such information and maintains strict control over this data. However, in the unlikely event of a major information leak, including a cyber-attack, the Group may lose public trust and confidence and may incur remediation costs that would impact business results.

The occurrence of administrative errors, failure to manage outside contractors, physical and mental health problems among employees, fraudulent acts by officers and employees, criminal acts committed by outside parties, and payment of compensation associated with lawsuits may have a direct or indirect impact on the Group's costs leading to disruption of business operations, administrative action by Financial Services Agency and other authorities, and a loss of public trust and confidence in the Group.

Changes in social awareness, customer preferences, and behaviors may lead to gaps between our products, services, and business practices and stakeholder expectations. Such differences may lead to negative customer sentiment, complaints, and other conduct risk issues that may damage the Group's brand value.

ｂ．The status of countermeasures

The Group is constantly aware of the importance of its public mission and the social responsibilities associated with each of its businesses. We have established a system for conducting appropriate corporate activity, in accordance with laws and regulations, social norms and corporate ethics under the SOMPO Group Basic Compliance Policy and other policies. On top of that, the SOMPO Group Code of Conduct for Compliance has been established to foster and ensure the compliance culture among all officers and employees in the Group.

Regarding IT system failures, we have established an IT risk management system and we are continuously working to reduce such risks. With regard to the risk of cyber-attacks, we have established the "Sompo Group Cyber Security Basic Policy” was established based on the recognition that cyber security efforts are a corporate social responsibility. In addition to continuing to develop the response system at each group company, we have established a designated team in the Company. Through these overarching and Group-wide initiatives, we are committed to improving the maturity of our defense capabilities within all group companies.

Labour risk caused by long working hours has been dealt with by making sure that the working time is properly and thoroughly managed and establishing a management system to enable improved management skill and communication under the working-from-home environment.

For conduct risk, we have implemented measures to identify and take pre-emptive measures against signs of risk, and we have established a system for managing outsourced contractors – including provisions to manage the process appropriately from the start of outsourcing to the termination of the contract.

D．Business specific risks（Nos. 23～28）

（Insurance underwriting risk）

a．Risk overview and assessment

The Group categorizes the occurrence of claim payments that exceed the expected level in domestic non-life insurance business, overseas insurance business, and domestic life insurance business as business risks (insurance underwriting risk). The Group recognizes that the increase in insurance claims paid due to an increase in windstorms and floods caused by climate change will have a particularly large impact.

We may have to pay a large amount of insurance claims for damage caused by natural disasters such as earthquakes, wind, floods, and snow in Japan and abroad. In addition, changing patterns of frequency and severity of wind and water-related disasters due to climate change may increase the amount of claim payments, deteriorate the Group's underwriting balance, and make it difficult for the Group to provide stable insurance coverage.

Sompo Group offers insurance products that directly cover damage caused by cyber-attacks. In the event that a large-scale cyber-attack targeting software vulnerabilities occurs, we may receive simultaneous claims from multiple customers arising both from destruction or theft of data and from interruption of business operations, and this may affect the Group's business performance.

ｂ．The status of countermeasures

The Group aims to stabilize its business performance by using reinsurance and catastrophic loss reserves to prepare for domestic natural catastrophe risks, and by setting appropriate premium rates and design products by quantitatively assessing the risk of claim payments due to natural disasters in light of climate change.

For overseas insurance business, the Company sets limits for each region and each type of natural disaster based on the Group's capital and profit level, to maintain control over the accumulation of natural disaster risks, and monitors exposure periodically to ensure that these limits are not exceeded.

Also, we are working to capture and reduce such risks by identifying potential large-scale cyber incidents and calculating the expected maximum losses.

（Nursing care business risk）

ａ．Risk overview and assessment

The Group categorizes the misjudgment of nursing care business strategy and the damage to brand value from major scandals as business specific risks (nursing care business risk).

To meet the diverse needs of many elderly people and their families, we have established Sompo Care Inc. that provides a full range of nursing care services from home care to institutional care.

In the Nursing Care & Seniors Business, the Group's operating results may be affected by the following factors: revision of the Long-Term Care Insurance Act and long-term care compensation, intensifying competition in the nursing care market, difficulty in hiring and retaining employees, food poisoning, outbreaks of communicable diseases, accidents specific to the senior citizen related business, loss of public trust and confidence as a result of such aforementioned incidents, and the occurrence of reputational risk.

ｂ．The status of countermeasures

Sompo Care Inc., which manages the Group’s nursing care business, is committed to building trust with customers by establishing a corporate governance system and facility management structures.

The company has established a Governance, Risk and Compliance Committee as an advisory body to the Executive Committee. This deliberates on response to major risk management related incidents and on internal control matters based on the results of internal audits. The Risk Management Department in SHD consolidates all the information on accidents and works to ensure that all officers and employees are aware of and take preventive measures against reoccurrence.

In addition, we promote the effective use of ICT and leading-edge technologies at nursing care facilities to improve productivity and employee compensation, aiming to close the gap between supply and demand for nursing care personnel. Furthermore, the company aims to help solve societal challenges in Japan facing a super-aged society in future, by maximizing productivity, utilizing know-how on high quality care service to provide solutions that support business process of nursing-care business operators, and promoting preventive services for deteriorating cognitive functions.

E．Other risk（No.29）

（Business interruption）

ａ．Risk overview and assessment

The Group categorizes disruption to the stable operation of the Group’s business due to natural disasters such as major earthquakes, large-scale terrorist attacks, new strains of influenza pandemic, a large-scale system failure due to a cyber attack, and other events as other risks (business interruption risk). These may affect operations such as SHD functions, insurance payments, and provision of nursing care services, as well as affecting the Group's business results.

ｂ．The status of countermeasures

The Group has formulated a business continuity plan and conducts regular training on its execution. The Group strives to verify and improve the effectiveness of business continuity measures by preparing for natural disasters such as large earthquakes and for emergencies such as pandemics caused by a new strain of influenza or other infectious agents, and large-scale system failures due to cyber attacks, etc.

In the previous fiscal year, we enhanced our emergency response capabilities by adding anticipated events in the global spread of Covid-19, and establishing an “action plan” for each event. This fiscal year, we are working to further improve our emergency response capability by clarifying our response policy for large-scale system failures and taking other measures to ensure all critical operations in the Group companies continue to function.