(2) Material Risks - Assessments, and Countermeasures
A. Strategic risks(Nos. 1~12)
a.Risk overview and assessment
We categorize risks that could result in a significant impact on the Group’s business performance due to the Group’s business assumptions and strategies becoming invalid through external environment changes, or in the failure to establish business models that meet the company's business strategy – through, for example, poor group governance including the development and operation of internal control systems or inadequate strategic human resources assignment – as strategic risks.
The following are the environmental changes that we consider significant.
Short-term risk includes:
- risk of inability to pass on increased business costs and insurance claims paid due to acceleration of inflation to product and service prices,
- risk of decrease in value of financial assets as a result of rising inflation,
- risk of wind and flood damage exceeding expectations due to climate change,
- risk of damage to our brand value from perceived inadequacy of sustainability-related initiatives, rumors and misinformation spread through the media and online sources, etc.
- the risk of deterioration or damage to our competitiveness and earnings base due to new entrants from digital or other industries to the insurance markets,
- inadequate response to advances in digital technology including AI,
- (Inter-) connected risks arising from exchange of sanctions or occurrence of major events due to heightened geopolitical tensions,
- risk that our business will be affected by restrictions on people's lives or industrial activities due to a pandemic,
- risk that we will not be able to change to a sound organizational culture that emphasizes compliance and customer protection,
- risk that employee engagement will decline due to a lack of progress in changing to a corporate culture that accepts diverse opinions,
As for long-term risk, the Group's business performance could be affected by shrinkage of the insurance market due to expansion of the sharing economy, declining birth rate and aging population, as well as the decrease in insurance needs as technological innovation results in fewer accidents. In addition, the Group's insurance underwriting and asset management may be affected by the high greenhouse gas (GHG) emission sectors becoming stranded assets or worsening credit risk as a result of the transition to a decarbonized society.
b.The status of countermeasures taken
We believe that changes in the external environment will bring opportunities as well as threats; therefore, we are implementing our digital strategy and conducting M&A to promote our transformation to realize “SOMPO's Purpose”. For example, we will improve productivity in existing businesses, including the use of generative AI and the configuration of workflows that enable data-driven decision making; create new customer value through new products and services that utilize digital technology; and promoting digital transformation (DX) by recruiting and training digital specialists who will support the realization of these strategies. With regard to the worsening economic environment, we are closely monitoring daily changes, such as the deterioration of the global economy and financial markets due to inflation, and are analyzing the impact on our Group and taking measures to cope with such changes. With regard to geopolitical risks, we are examining scenarios that could have a significant impact on our group and verify our response system, and with regard to regulatory change risks, we are collecting information on trends in related domestic and overseas laws and regulations, etc., and closely monitoring them to determine their impact on our management. With regard to future pandemics, we will continue to monitor changes in the environment, for example, by drawing on our experience with the spread of Covid-19 infections, so that we can respond flexibly to opportunities and threats that come from major changes. In addition, in order to ensure proper functioning of group governance, we are strengthening our management and monitoring systems to ascertain the sufficiency and effectiveness of internal controls at group companies in a timely and appropriate manner.
Large-scale investments, such as digital strategies, M&A, and extensive IT system development are thoroughly discussed at the Board of Directors. However, there is a possibility that expected results may not be achieved due to changes in the business environment or other unanticipated issues. To ensure the continuing relevance of such investments, and that withdrawal criteria have not been violated, we regularly check the status of these developments, based on predetermined standards, even after implementation.
For physical risks caused by climate change, we are analyzing the impact from more severe natural disasters using climate scenarios.
With regard to the risks associated with the transition to a decarbonized society, we are working on the Green Transition Plan, which focuses on insurance underwriting and asset management. The Group Chief Sustainability Officer (CSuO) chairs the Group Sustainable Management Committee, which is composed of executives responsible for sustainability, and Sustainability Officer and CSO from domestic P&C insurance business, overseas insurance and reinsurance business, domestic life insurance business, and nursing care business, to monitor and discuss the status of these initiatives and report to Group Executive Committee as necessary. The reputational risk is dealt with and minimized by responding to rumors in a timely and appropriate manner, in accordance with the Company's regulations.
In terms of human capital risk, in order to improve the competitiveness of our human resources, we have established a job-based personnel system that promotes autonomous career development and a system that enables diverse work styles, so that employees can develop their own careers based on “MY Purpose,” which is their own life meaning and purpose or the meaning of their work. In addition, we have established a platform to promote autonomous learning and provide employees with such opportunities. Further, we plan to review and disseminate the Group's corporate philosophy system, including the formulation of principles of conduct that must be observed, in order to expand investment in human resources, improve the professionalism of employees, and change the perceptions, thoughts, values, and actions of Group executives and employees.
B.Financial and investment risks(Nos.13~15)
a.Risk overview and assessment
We categorize risks that deteriorate the performance and the financial position of the Group due to market volatility, bankruptcy of invested portfolio companies, guarantee insurance policyholders or reinsurers, and risks that worsen cash flow in the event of a major disaster as financial and investment risks. We invest extensively in domestic and foreign securities and other assets. If the value of these assets declines due to fluctuations in stock and foreign exchange rates, the Group's operating results may be affected by loss on sales, loss on valuation, or a decrease in valuation difference.
We sell insurance products with long policy terms that have an assumed interest rate (the investment yield promised to customers at the time of contracting). When interest rates decline, there is a risk that the actual investment yield will be lower than the assumed interest rate. Conversely, when interest rates rise, policy cancellations may increase as customers switch to products with higher assumed interest rates, mainly for savings-type products.
Furthermore, in the domestic life insurance business, due to the long-term nature of insurance products, the interest rate sensitivity of insurance liabilities is large and the mismatch with the interest rate sensitivity of assets may increase the risk of a decrease in adjusted capital when interest rates fluctuate.
b.The status of countermeasures
We have formulated a plan to reduce to zero its strategic holdings of stocks by the end of FY2030, which could be a factor that could impede proper competition in insurance transactions. This plan is intended to reduce the impact of stock market declines to a certain degree. In addition, the Company monitors the amount of foreign exchange risk on a group-wide basis to manage the risk of a significant decrease in shareholders' equity due to the appreciation of the yen.
With regard to the interest rate sensitivity of long-term insurance liabilities, such as maturity refunds of savings insurance and domestic life insurance business, we reduce the overall interest rate sensitivity of assets and liabilities by making long-term investments and loans, thereby controlling the impact of interest rate fluctuations on adjusted capital. In the domestic life insurance business, we are also striving to increase the ratio of protection and other products that are less susceptible to interest rate fluctuations.
Accumulation limits on investments and loans are also set and managed to avoid concentration on specific credit.
Cash flows are managed at each insurance subsidiary to ensure that the Group has sufficient liquid assets to meet its funding needs in the event of a major disaster or an increase in cancellation due to an interest rate hike.
C. Operational and compliance risks(Nos.16~22)
a.Risk overview and assessment
We categorize risks triggered by violations of laws and regulations, the failure of third party and agents management, system failures, cyber security, labor issues such as long working hours or harassment, customer information leaks, fraud, and misconduct as operational and compliance risks. We conduct businesses in compliance with applicable laws and regulations, including the Insurance Business Act of Japan, and the laws and regulations in countries in which it operates. There is a risk of non-compliance with these laws and regulations. In addition, there is a conduct risk due to a gap between the products, services, and business practices provided by the Group and the expectations of society, customers, and other stakeholders, which could adversely affect customer protection, market fairness and transparency, and consequently damage our corporate value.
The Group's IT systems are an important element of its business operations, and we strive to maintain a management structure and appropriate security measures to ensure stable operations. However, internal factors such as equipment failure or inadequate information systems due to human error, and external factors such as disasters or unauthorized access due to cyber attacks can cause system risks such as information system outages, malfunctions, unauthorized use, data destruction, and falsification.
We handle a large amount of customer information and possesses internal information such as various management information, etc. Each Group company has established an information management system and strictly controls such information. However, there is a risk of serious information leaks, including those caused by cyber-attacks. In addition to the above, there are various operational and compliance risks associated with business operations, such as administrative errors, failure to manage outsourcing vendors, mental or physical illness of employees, misconduct by officers or employees, criminal acts by outside parties, and payment of compensation associated with lawsuits.
These risks may cause a direct or indirect impact on the Group's costs leading to disruption of business operations, administrative action by Financial Services Agency and other authorities, and the Group’s operating results due to a loss of public trust and confidence in the Group.
b.The status of countermeasures
In response to the administrative action taken against SOMPO Holdings and Sompo Japan, the Group is proceeding with measures to prevent recurrence of misconduct. Among these measures, we plan to review and disseminate the Group's corporate philosophy system, including the formulation of code of conduct that must be observed, in order to foster a sound corporate culture that emphasizes compliance and customer protection, and to change the perceptions, thoughts, values, and actions of Group officers and employees.
In addition, we will strive to improve the effectiveness of the group-wide internal control system by not only developing a framework for appropriate corporate activities in accordance with laws and regulations, social norms, and corporate ethics, but also analyzing specific cases of improprieties occurring at each group company and implementing measures to address common issues.
With regard to labor risks due to long working hours and other factors, in addition to ensuring appropriate time and attendance management, we have established a system to improve management skills and remote communication in remote environments.
With regard to system risks such as system failures and cyber attacks, we have established a management system to continuously reduce system risks. In particular, we recognize the importance of continuously improving our ability to respond to cyber-attacks, which are becoming more sophisticated, and we are working as a group to implement cyber-security measures.
D.Business specific risks(Nos. 23~28)
(Insurance underwriting risk)
a.Risk overview and assessment
We categorize the occurrence of claim payments that exceed the expected level in domestic P&C insurance business, overseas insurance
and reinsurance business, and domestic life insurance business as business risks (insurance underwriting risk).
We may have to pay a large amount of insurance claims for damage caused by natural disasters such as earthquakes, wind, floods, hail, and snow in Japan and abroad. We recognize that the increase in insurance claims paid due to an increase in windstorms and floods caused by climate change will have a particularly significant impact, and it may become difficult to provide stable insurance coverage due to a deterioration in underwriting income and difficulties in arranging sufficient reinsurance.
We offer insurance products that directly cover damage caused by cyber-attacks. In the event that a large-scale cyber-attack targeting software vulnerabilities occurs, we may receive simultaneous claims from multiple customers arising both from destruction or theft of data and from interruption of business operations, and this may affect the Group's business performance.
b.The status of countermeasures
We set limits for each region and each type of natural catastrophe based on the Group's capital and profit level, to maintain control over the accumulation of natural catastrophe risks, and monitors exposure periodically to ensure that these limits are not exceeded. In addition, we aim to stabilize our business by utilizing reinsurance and accumulating domestic catastrophic loss reserves. We also aim to set appropriate premium rates and design products by quantitatively evaluating the risk of claim payments due to natural disasters in light of climate change.
Also, regarding cyber insurance, the expected maximum loss is calculated based on models and assumed scenarios, and monitoring limits are set at each of the major insurance subsidiaries to identify risks and maintain and control appropriate underwriting levels.
(Nursing care business risk)
a.Risk overview and assessment
We established Sompo Care Inc. to meet the diverse needs of many elderly people and their families, providing a full range of nursing care services from home care to institutional care.
We categorize the misjudgment of nursing care business strategy and the damage to brand value from major scandals as business specific risks (nursing care business risk).
In the nursing care business, the Group's operating results may be affected by the following factors: revision of the Long-Term Care Insurance Act and long-term care compensation, intensifying competition in the nursing care market, difficulty in hiring and retaining employees due to the widening gap between supply and demand for nursing care personnel, food poisoning, outbreaks of communicable diseases, accidents specific to the nursing care business, loss of public trust and confidence as a result of such aforementioned incidents, and the occurrence of reputational risk.
b.The status of countermeasures
Sompo Care Inc. is committed to building trust with customers by establishing a corporate governance system and facility management structures.
The company has established a Governance, Risk and Quality Compliance Committee as an advisory body to the Executive Committee. This deliberates on response to major risk management and quality related incidents and on internal control matters based on the results of internal audits. The Risk Management Department consolidates all the information on accidents and works to ensure that all officers and employees are aware of and take preventive measures against reoccurrence.
In addition, we promote the effective use of a service for care providers that uses real data platform technology called “egaku,” ICT and leading-edge technologies at nursing care facilities to improve productivity and employee compensation, aiming to close the gap between supply and demand for nursing care personnel.
E.Other risk(No.29)
(Business interruption)
a.Risk overview and assessment
We categorize disruption to the stable operation of the Group’s business due to natural catastrophe such as major earthquakes, large-scale terrorist attacks, new infectious disease pandemic, a large-scale system failure due to a cyber attack, and other events as other risks (business interruption risk). These may affect operations such as our functions, insurance payments, and provision of nursing care services, as well as affecting the Group's operating results.
b.The status of countermeasures
We have formulated a business continuity plan and conducts regular training on its execution. We verify the effectiveness of business continuity measures by preparing for natural catastrophe such as large earthquakes and for emergencies such as pandemics caused by a new infectious disease, and large-scale system failures due to cyber attacks, etc.
In addition, we have recently made improvements to ensure the continuity of important operations at each Group company to further enhance crisis response capabilities by inspecting the maintenance status of crisis management plans at each Group company based on the Tokyo Metropolitan Disaster Management Council's new "Estimation of damage in the event of an earthquake directly hitting Tokyo", by deploying the latest communication and power facilities and by clarifying our cyber response contingency system and intra-Group coordination flow. We are making improvements to further enhance its crisis response capabilities and to ensure the continuity of important Group company operations.