Business and other risks

1. Management system and framework for major risks

(1) Overview of risk management system

Sompo Group operates an Enterprise Risk Management(ERM) framework to manage risk across the Group, serving as a sophisticated ‘compass’ that points the business towards the optimal direction. This embraces not just the avoidance of losses, but also the avoidance of missed opportunities for profitable risk-taking. These include, for example, potential new business investments in response to risks identified. The ERM system seeks to achieve these goals by providing and strengthening the following three capabilities:

a.Correct understanding of the Group’s current position

b. Sensitive detection of potential risks

c.Clear indication of the routes the Group should take

ERM is effected through a series of business management processes that look to maximize corporate value by achieving a balance of capital, risk, and profit through management of the two objectives: risk-taking for business strategies and risk control for a stable business foundation. In the risk-taking context, we make use of analyses on capital, risk, and profit within the Risk Appetite Framework for important management decisions, corresponding to (c) in the above diagram. For risk control, we use a framework – the Risk Control System – to identify, analyze, and assess various types of risks surrounding the Group, aiming to minimize unexpected losses and to increase the stability of profit. This corresponds to (a) and (b) in the diagram below.

Overview of the SOMPO Group’s Enterprise Risk Management (ERM)

2. Risk Management Governance Structure

In order to ensure the effectiveness of ERM based on the "Sompo Group Basic Policy on ERM" established by the Board of Directors, Sompo Group’s Risk Appetite Statement – consisting of the Risk Appetite Principles, the Medium-term Risk-taking Strategy, and the Risk Appetite Indicator – is used as a guideline for risk-taking, in alignment with the Group’s strategies and business management plans.
The Group ERM Committee, chaired by the Group CRO, has been established as a subordinate body of the Global Executive Committee (Global ExCo), an advisory body to the Group CEO, to conduct cross-sectional management discussions on important Group ERM issues, such as risk-taking strategies, capital allocation, and material risks surrounding the Group.
The Group CRO ensures that the "Sompo Group Basic Policy on ERM" and the "Medium-term Group ERM Promotion Policy" are known to all Group companies, and works to improve the effectiveness of ERM for the entire Group through regular monitoring and discussions with the CROs of each company.

<Risk Management Governance Structure>

The Risk Control System and the status of risk and capital

Under the Risk Control System, the Group conducts risk assessment using the Material Risk Management framework – firstly identifying all the material risks we face, then evaluating them from both a qualitative and quantitative perspective. For risks that can be quantified, their impacts on capital adequacy and liquidity are analyzed and assessed based on various quantitative indicators in Capital adequacy management, Stress testing, Limit management, and Liquidity risk management frameworks. Based on these analyses, the management decides necessary risk control measures to secure and improve the Group’s financial soundness.

A．Material Risk Management

The Group defines risks that could have significant impacts on the business as material risks; these are identified and assessed through an exhaustive process. Such risks are comprehensively managed by the Group CRO based on this risk assessment and expert insight, considering concrete risk scenarios that could impact the Group. Risks are evaluated in both qualitative and quantitative terms, assessing the frequency of occurrence, and the severity of impact across three risk dimensions – economic loss, business continuity, and reputational damage. The results, including the status of controls, are reported to the Managerial Administrative Committee (“MAC”) – the advisory committee for the Group COO – and the Board of Directors at least twice a year.

Those risks that carry large volatility, and require specific discussions on countermeasures etc., are raised at Global ExCo as well as MAC. Also, we have added a new dimension to the risk assessment to respond to ‘trending risks’ – risks that we anticipate will increase continuously for the next 10 years or more – in order to capture their long-term impact on the Group’s business model. We will use this dimension to validate the continuing effectiveness of risk countermeasures into the future.

Further, the Group defines emerging risks as those that are not currently material risks but which, due to environmental changes, have potential to become material in future. We identify the signs of such risks, that might have a significant impact on the Group in future, and we manage them accordingly. Potential emerging risks, identified through review of literature and consultation with experts, are listed in an emerging risk register, and will be selected as an emerging risk once certain criteria are met – for example when the expected impact exceeds a certain level.

Currently, emerging risks, including innovative medical technology and biodiversity, have been selected; we monitor, research, and study them not only from the viewpoint of mitigating losses, but also from the viewpoint of seeking new business opportunities through creation of insurance products and services to address these risks.

B．Capital Adequacy Management

We quantify the various types of risks that we face using value at risk (VaR) as a unified risk metric. We take management measures as necessary to ensure that capital is maintained at an adequate level relative to risks.

C．Stress Testing

The Group conducts scenario stress testing, reverse stress testing, and sensitivity analyses on a Group-wide basis to accurately identify and manage events that could significantly affect its business management. We analyze the impact on both capital and risk and take countermeasures as required. As at the end of March 2023, we confirmed that the Group retains sufficient capital even under any of the assumed stress scenarios.

Scenario Stress Testing	We evaluate how significantly large-scale natural catastrophes, financial market disruptions, and other stress scenarios could affect business, verifying capital adequacy and the effectiveness of risk mitigation measures. We regularly verify the validity of stress scenarios to ensure that we can respond appropriately to environmental changes.
Reverse Stress Testing	We identify vulnerability by exploring specific events that breach risk tolerance levels and consider appropriate countermeasures for specific stress events in advance.
Sensitivity Analyses	We identify the impact on capital and risk from fluctuations in key risk factors. Also, we validate in-house models by comparing theoretical figures calculated by the models with the figures of actual results.

D．Risk Limit Management

We have established the maximum limit for each risk on a Group-wide basis such as credit risk, reinsurance counterparty risk, and overseas natural catastrophe risk to avoid outsize losses arising from the occurrence of specific events, and manage these risks. As at the end of March 2023, we have confirmed that the Group does not violate any risk limits; preliminary limit management is carried out within the limits of each limit.

E．Liquidity Risk Management

In addition to projecting cash requirements for day-to-day operations, we project the maximum cash outflows that could result from events such as a large-scale natural catastrophe. We then conduct management to ensure we have sufficient liquid assets to meet cash requirements in these scenarios. As at the end of March 2023, we have confirmed that the Group has adequate liquid assets to meet such outflows.

3. Major risks

(1) Material risks and the assessment of their likelihood and impact

Material risks are those risks that are recognized by management as having the potential to materially impact the Group's business performance. The following evaluation shows the probability of occurrence and the impact of these risks.

≪Universe of Material Risk≫

Category			No.	Material Risks
Ａ．Strategic risk
	External environment		1	Deterioration of or change of competitive environment
			2	Great Recession
			3	Geopolitical risk

			4	Pandemic
			5	Changes in regulatory systems
	Business strategy		6	Poor governance
			7	Ill-informed risk taking related to new businesses
			8	IT strategy
			9	Climate Change(Physical risks, Transition risks)
			10	Sustainability risk
			11	Reputational risk
	Human resources and personnel		12	Insufficient human resources
Ｂ．Financial and investment risk
	Market risk		13	Major market downturn and economic crisis
	Credit concentration risk		14	Reinsurance and investment credit risk
	Liquidity risk		15	Liquidity in the event of a major disaster
Ｃ．Operational and compliance risk
	Administrative risk		16	Failure of third-party (outsourced contractors)management
	IT risk		17	IT failures
	IT risk		18	Cyber security
	Compliance risk		19	Labor risk
			20	Leakage of customer information(Excluding cyber attack)
			21	Misconduct and leakage of confidential information
			22	Conduct risk
Ｄ．Business risk
	Insurance underwriting risk
		Cat risk	23	Large-scale earthquake in Japan
			24	Huge wind and flood disaster in Japan
			25	Large-scale natural disasters overseas
		Other	26	Cyber-accumulation risk
	Nursing care business risk
		Nursing care business risk	27	Misjudging the nursing care business environment
		Nursing care business risk	28	Serious misconduct
Ｅ．Other risks
	－		29	Business interruption risk

■Heat Map of Material Risk (Probable Occurrence/ Impact Level)

	The degree of Impact			Probability of Occurrence
	Financial Loss	Business continuity	Reputation	Probability of Occurrence
Very Large	≧ 500 bill. JPY	total disruption, including license cancellation	brink of corporate failure	≧ once a year
Large	≧ 200 bill. JPY	disruption of core business	≧ 5 years damage	≧ once in 10 years
Medium	≧ 10 bill. JPY	partial disruption	≧ 2 to 3 years damage	≧ once in 100 years
Small	＜ 10 bill. JPY	－	＜ 2 years damage	＜ once in 100 years

Volatile Risk：A risk with a large range of variability or a high velocity of change.
Trending Risk：A risk that is projected to be continuously increasing for the next 10 years or more.

(2) Material Risks - Assessments, and Countermeasures

A. Strategic risks（Nos. 1～12）

ａ．Risk overview and assessment

The Group categorizes risks that could result in a significant impact on the Group’s business performance due to the Group’s business assumptions and strategies becoming invalid through external environment changes, or in the failure to establish business models that meet the company's business strategy – through, for example, poor governance or inadequate human resources – as strategic risks.

The following are the environmental changes that we consider significant.

Short-term risk includes:

risk of inability to pass on increased business costs and insurance claims paid due to acceleration of inflation to product and service prices,
risk of decrease in value of financial assets as a result of rising inflation,
risk of wind and flood damage exceeding expectations due to climate change,
risk of damage to our brand value from rumors and misinformation spread through the media and online sources, etc.
the risk of deterioration or damage to our competitiveness and earnings base due to new entrants from digital or other industries to the insurance markets,
inadequate response to advances in digital technology including AI,
(Inter-) connected risks arising from exchange of sanctions or occurrence of major events due to heightened geopolitical tensions,

As for long-term risk, the Group's business performance could be affected by shrinkage of the insurance market due to expansion of the sharing economy, declining birth rate and aging population, as well as the decrease in insurance needs as technological innovation results in fewer accidents and restrictions on people’s lives and industrial activities due to pandemics. In addition, the Group's insurance underwriting and asset management may be affected by the high greenhouse gas (GHG) emission sectors becoming stranded assets or worsening credit risk as a result of the transition to a decarbonized society.

ｂ．The status of countermeasures taken

The Group believes that changes in the external environment will bring opportunities as well as threats; therefore, we are implementing our digital strategy and conducting M&A to advance our transformation into a ‘Theme Park for Security, Health and Wellbeing’. We are also laying the foundations of digital transformation (DX) by:

improving the productivity of existing businesses through deployment of technologies including AI and Big Data;
creating new customer value with new products and services that use the digital technologies;
recruiting and training digital professionals.

With regard to the deterioration of the economic environment, the Company closely monitors daily changes, such as the deterioration of the global economy and financial markets due to advancing inflation, analyzes the impact on the Group, and implements countermeasures. With respect to the risks of geopolitics and regulatory changes, the Company has been closely monitoring them to discern the managerial impact by discussing scenarios for geopolitics that would have adverse impacts the group and collecting information on trends in domestic and overseas laws and regulations.

Large-scale investments, such as digital strategies, M&A, and extensive IT system development are thoroughly discussed at the Board of Directors. However, there is a possibility that expected results may not be achieved due to changes in the business environment or other unanticipated issues. To ensure the continuing relevance of such investments, and that withdrawal criteria have not been violated, we regularly check the status of these developments, based on predetermined standards, even after implementation.

Regarding future pandemics, we will continue to draw on our experience with the spread of novel coronavirus infections, including our watchful eye on environmental changes so that we can respond flexibly to opportunities and threats that come from major changes.

For physical risks caused by climate change, we are analyzing the impact from more severe natural disasters using climate scenarios.

With regard to the risks associated with the transition to a decarbonized society, we are working on the Green Transition Plan, which focuses on insurance underwriting and asset management. The Group Chief Sustainability Officer (CSuO) chairs the Group Sustainable Management Committee, which is composed of executives responsible for CSuO and CSO from domestic P&C insurance business, overseas insurance and reinsurance business, domestic life insurance business, and nursing care & seniors business, to monitor and discuss the status of these initiatives and report to Global ExCo and MAC as necessary. The reputational risk is dealt with and minimized by responding to rumors in a timely and appropriate manner, in accordance with the Company's regulations.

B．Financial and investment risks（Nos.13～15）

ａ．Risk overview and assessment

The Group categorizes risks that deteriorate the performance and the financial position of the Group due to market volatility, bankruptcy of invested portfolio companies, guarantee insurance policyholders or reinsurers, and risks that worsen cash flow in the event of a major disaster as financial and investment risks. Fluctuations in domestic stock prices and interest rates, in particular, may have large impacts on the Group's financial performance.

Sompo Group holds a large number of shares for the purpose of maintaining medium- to long-term relationships with customers and invests in a wide range of securities, in Japan and overseas, to generate stable investment income. Should the values of these assets decline, due to a fall in market prices, the Company may incur losses on sale, valuation loss, or decrease in valuation difference on available-for-sale securities. This would impact the Group's business results.

There is also a risk that actual investment yields may be lower than assumed interest rates due to the lower interest rate environment, because the Group sells insurance products with assumed interest rates – the investment yield promised to customers at the time of contracting – over a long period.

Further, declining interest rates may lead to an increase in the economic value of insurance liabilities that exceeds the offsetting increase in market value of securities, resulting in a net overall decrease in equity capital. This risk arises because the domestic life insurance business retains insurance liabilities that have a longer duration than the securities held.

ｂ．The status of countermeasures

The Group strives to mitigate the impact of stock market declines by continuously reducing its strategic shareholdings.

We are making efforts to reduce the impact of interest rate fluctuations by making long-term investments and loans so that they match more closely to the cash flow of long-term insurance liabilities for maturity refunds on savings-type insurance policies and for domestic life insurance policies.

Furthermore, the domestic life insurance business is working to increase the ratio of protection products in its portfolio; these products are less susceptible to interest rate declines under economic value-based calculations for insurance liabilities.

Accumulation limits on investments and loans are also set and managed to avoid concentration on specific credit.

Cash flows are managed at each insurance subsidiary to ensure that the Group has sufficient liquid assets to meet its funding needs in the event of a major disaster or a rise in cancellation due to an interest rate hike.

C． Operational and compliance risks（Nos.16～22）

ａ．Risk overview and assessment

The Group categorizes risks triggered by violations of laws and regulations, the failure of third party and agents management, system failures, cyber security, labour issues such as long working hours or harassment, customer information leaks, fraud, and misconduct as operational and compliance risks. The Group conducts businesses in compliance with applicable laws and regulations, including the Insurance Business Act of Japan, and the laws and regulations in countries in which it operates. In the event of a violation of these laws and regulations, the Company may be subject to administrative sanctions from Japan’s Financial Services Agency and other authorities.

There is also system risk resulting from a shutdown, malfunction or misuse of the IT systems; these may be caused by external or internal factors, such as unauthorized access by cyber-attacks, or human error.

Sompo handles a large amount of customer information. Each Group company has established a system for managing such information and maintains strict control over this data. However, in the unlikely event of a major information leak, including a cyber-attack, the Group may lose public trust and confidence and may incur remediation costs that would impact business results.

The occurrence of administrative errors, failure to manage outside contractors, physical and mental health problems among employees, fraudulent acts by officers and employees, criminal acts committed by outside parties, and payment of compensation associated with lawsuits may have a direct or indirect impact on the Group's costs leading to disruption of business operations, administrative action by Financial Services Agency and other authorities, and a loss of public trust and confidence in the Group.

Changes in social awareness, customer preferences, and behaviors may lead to gaps between our products, services, and business practices and stakeholder expectations. Such differences may lead to negative customer sentiment, complaints, and other conduct risk issues that may damage the Group's brand value.

ｂ．The status of countermeasures

The Group is constantly aware of the importance of its public mission and the social responsibilities associated with each of its businesses. We have established a system for conducting appropriate corporate activity, in accordance with laws and regulations, social norms and corporate ethics under the SOMPO Group Basic Compliance Policy and other policies. On top of that, the SOMPO Group Code of Conduct for Compliance has been established to foster and ensure the compliance culture among all officers and employees in the Group.

Regarding IT system failures, we have established an IT risk management system and we are continuously working to reduce such risks. With regard to the risk of cyber-attacks, we have established the "Sompo Group Cyber Security Basic Policy” was established based on the recognition that cyber security efforts are a corporate social responsibility. In addition to continuing to develop the response system at each group company, we have established a designated team in the Company. Through these overarching and Group-wide initiatives, we are committed to improving the maturity of our defense capabilities within all group companies.

Labour risk caused by long working hours has been dealt with by making sure that the working time is properly and thoroughly managed and establishing a management system to enable improved management skill and communication under the working-from-home environment.

For conduct risk, we have implemented measures to identify and take pre-emptive measures against signs of risk, and we have established a system for managing outsourced contractors – including provisions to manage the process appropriately from the start of outsourcing to the termination of the contract.

D．Business specific risks（Nos. 23～28）

（Insurance underwriting risk）

a．Risk overview and assessment

The Group categorizes the occurrence of claim payments that exceed the expected level in domestic P&C insurance business, overseas insurance and reinsurance business, and domestic life insurance business as business risks (insurance underwriting risk).

We may have to pay a large amount of insurance claims for damage caused by natural disasters such as earthquakes, wind, floods, and snow in Japan and abroad. The Group recognizes that the increase in insurance claims paid due to an increase in windstorms and floods caused by climate change will have a particularly significant impact, deteriorate the Group's underwriting balance, and making it difficult for the Group to provide stable insurance coverage.

Sompo Group offers insurance products that directly cover damage caused by cyber-attacks. In the event that a large-scale cyber-attack targeting software vulnerabilities occurs, we may receive simultaneous claims from multiple customers arising both from destruction or theft of data and from interruption of business operations, and this may affect the Group's business performance.

ｂ．The status of countermeasures

The Group aims to stabilize its business performance by using reinsurance and catastrophic loss reserves to prepare for domestic natural catastrophe risks, and by setting appropriate premium rates and design products by quantitatively assessing the risk of claim payments due to natural disasters in light of climate change.

The Company sets limits for each region and each type of natural catastrophe based on the Group's capital and profit level, to maintain control over the accumulation of overseas natural catastrophe risks, and monitors exposure periodically to ensure that these limits are not exceeded.

Also, regarding cyber insurance, the Company calculates the expected maximum loss amount based on models and possible scenarios to identify risks and maintain appropriate underwriting levels.

（Nursing care business risk）

ａ．Risk overview and assessment

The Group established Sompo Care Inc. to meet the diverse needs of many elderly people and their families, providing a full range of nursing care services from home care to institutional care.

The Group categorizes the misjudgment of nursing care business strategy and the damage to brand value from major scandals as business specific risks (nursing care business risk).

In the Nursing Care & Seniors Business, the Group's operating results may be affected by the following factors: revision of the Long-Term Care Insurance Act and long-term care compensation, intensifying competition in the nursing care market, difficulty in hiring and retaining employees due to the widening gap between supply and demand for nursing care personnel, food poisoning, outbreaks of communicable diseases, accidents specific to the senior citizen related business, loss of public trust and confidence as a result of such aforementioned incidents, and the occurrence of reputational risk.

ｂ．The status of countermeasures

Sompo Care Inc. is committed to building trust with customers by establishing a corporate governance system and facility management structures.

The company has established a Governance, Risk and Quality Compliance Committee as an advisory body to the Executive Committee. This deliberates on response to major risk management and quality related incidents and on internal control matters based on the results of internal audits. The Risk Management Department in SHD consolidates all the information on accidents and works to ensure that all officers and employees are aware of and take preventive measures against reoccurrence.

In addition, we promote the effective use of a service for care providers that uses real data platform technology called “egaku,” ICT and leading-edge technologies at nursing care facilities to improve productivity and employee compensation, aiming to close the gap between supply and demand for nursing care personnel. Furthermore, the company aims to help solve societal challenges in Japan facing a super-aged society in future, by maximizing productivity, utilizing know-how on high quality care service to provide solutions that support business process of nursing-care business operators, and promoting preventive services for deteriorating cognitive functions.

E．Other risk（No.29）

（Business interruption）

ａ．Risk overview and assessment

The Group categorizes disruption to the stable operation of the Group’s business due to natural catastrophe such as major earthquakes, large-scale terrorist attacks, new infectious disease pandemic, a large-scale system failure due to a cyber attack, and other events as other risks (business interruption risk). These may affect operations such as SHD functions, insurance payments, and provision of nursing care services, as well as affecting the Group's business results.

ｂ．The status of countermeasures

The Group has formulated a business continuity plan and conducts regular training on its execution. The Group verifies the effectiveness of business continuity measures by preparing for natural catastrophe such as large earthquakes and for emergencies such as pandemics caused by a new infectious disease, and large-scale system failures due to cyber attacks, etc.

In addition, we have recently made improvements to ensure the continuity of important operations at each Group company to further enhance crisis response capabilities by inspecting the maintenance status of crisis management plans at each Group company based on the Tokyo Metropolitan Disaster Management Council's new "Estimation of damage in the event of an earthquake directly hitting Tokyo," and by clarifying our cyber response contingency system and intra-Group coordination flow. The Group is making improvements to further enhance its crisis response capabilities and to ensure the continuity of important Group company operations.