Skip to main content

Business and other risks

1. Management system and framework for major risks

(1) Overview of risk management system

Sompo Group operates an Enterprise Risk Management(ERM) framework to manage risk across the Group, serving as a sophisticated ‘compass’ that points the business towards the optimal direction. This embraces not just the avoidance of losses, but also the avoidance of missed opportunities for profitable risk-taking. These include, for example, potential new business investments in response to risks identified. The ERM system seeks to achieve these goals by providing and strengthening the following three capabilities:

a.Correct understanding of the Group’s current position

b. Sensitive detection of potential risks

c.Clear indication of the routes the Group should take

ERM is effected through a series of business management processes that look to maximize corporate value by achieving a balance of capital, risk, and profit through management of the two objectives: risk-taking for business strategies and risk control for a stable business foundation. In the risk-taking context, we make use of analyses on capital, risk, and profit within the Risk Appetite Framework for important management decisions, corresponding to (c) in the above diagram. For risk control, we use a framework – the Risk Control System – to identify, analyze, and assess various types of risks surrounding the Group, aiming to minimize unexpected losses and to increase the stability of profit. This corresponds to (a) and (b) in the diagram above.

Overview of the SOMPO Group’s Enterprise Risk Management (ERM)

2. Risk Management Governance Structure

In order to ensure the effectiveness of ERM based on the "Sompo Group Basic Policy on ERM" established by the Board of Directors, Sompo Group’s Risk Appetite Statement – consisting of the Risk Appetite Principles, the Medium-term Risk-taking Strategy, and the Risk Appetite Indicator – is used as a guideline for risk-taking, in alignment with the Group’s strategies and business management plans.
The Group Executive Committee, an advisory body to the Group CEO, regularly holds management discussions on matters related to risk management, including the Group's risk appetite statement, medium-term Group ERM promotion policy, and risk tolerance policies and measures.
The Group ERM Committee, chaired by the Group CRO, has been established as a subordinate body of the Group Executive Committee to conduct cross-sectional management discussions on important Group ERM issues, such as risk-taking strategies, capital allocation, and the status of control of material risks by the department with primary responsibility and risk management department.
The Group CRO ensures that the "Sompo Group Basic Policy on ERM" and the "Medium-term Group ERM Promotion Policy" are known to all Group companies, and works to improve the effectiveness of ERM for the entire Group through regular monitoring and discussions with the CROs of each company.
Group companies have established risk management systems in line with Group policies and manage risk autonomously.
The Internal Audit Department conducts on-site audits at least once a year and continuous monitoring (off-site) of relevant executing departments and subsidiaries on themes selected on a risk basis and evaluates the development status of the risk management framework and the effectiveness of processes such as the controls for risks associated with the relevant themes.
In addition, the Risk Management Department, which is responsible for the development and promotion of the Group-wide ERM framework, is monitored throughout the year for the adequacy of its operational structure.

Risk Management Governance Structure

The Risk Control System and the status of risk and capital

Under the Risk Control System, we conduct risk assessment using the Material Risk Management framework – firstly identifying all the material risks we face, then evaluating them from both a qualitative and quantitative perspective. For risks that can be quantified, their impacts on capital adequacy and liquidity are analyzed and assessed based on various quantitative indicators in Capital adequacy management, Stress testing, Limit management, and Liquidity risk management frameworks. Based on these analyses, the management decides necessary risk control measures to secure and improve the Group’s financial soundness.

A.Material Risk Management

We define risks that could have significant impacts on the business as material risks and comprehensively capture and evaluate the risks faced by our business through bottom-up risk assessment and top-down confirmation and discussion by the Board of Directors and others. In conducting risk assessment, we have clarified the criteria so as to emphasize the reputational impact from the viewpoints of customers, society, and other stakeholders, in addition to economic loss and business continuity. Risks are comprehensively identified by the Group CRO based on risk assessments and the views of experts, etc., and risks are evaluated both qualitatively and quantitatively in terms of likelihood of occurrence and impact, based on specific scenarios of impact of risks on the Group, and the management status is reported to the Group Executive Committee and the Board of Directors at least twice a year.

Those risks that carry large volatility, and require specific discussions on countermeasures etc., are raised at the Group Executive Committee. Further, we have defined “emerging risks” as risks that, although it is difficult at this time to evaluate risks based on specific impact scenarios, have the potential to emerge or change due to changes in the environment and have a significant impact on our group in the future, and we manage them appropriately by associating them with individual material risks. Potential Emerging risk are identified through a horizon scan in various public and private information sources and listed in the emerging risk register, and those that meet the certain criteria are selected as emerging risks.

B.Capital Adequacy Management

We quantify the various types of risks that we face using value at risk (VaR) as a unified risk metric. We take management measures as necessary to ensure that capital is maintained at an adequate level relative to risks.

C.Stress Testing

We conduct scenario stress testing, reverse stress testing, and sensitivity analyses on a Group-wide basis to accurately identify and manage events that could significantly affect its business management. We analyze the impact on both capital and risk and take countermeasures as required. As at the end of March 2024, we confirmed that the Group retains sufficient capital even under any of the assumed stress scenarios.

Scenario
Stress Testing
We evaluate how significantly large-scale natural catastrophes, financial market disruptions, and other stress scenarios could affect business, verifying capital adequacy and the effectiveness of risk mitigation measures. We regularly verify the validity of stress scenarios to ensure that we can respond appropriately to environmental changes.
Reverse Stress
Testing
We identify vulnerability by exploring specific events that breach risk tolerance levels and consider appropriate countermeasures for specific stress events in advance.
Sensitivity
Analyses
We identify the impact on capital and risk from fluctuations in key risk factors. Also, we validate in-house models by comparing theoretical figures calculated by the models with the figures of actual results.

D.Risk Limit Management

We have established the maximum limit for each risk on a Group-wide basis such as credit risk, reinsurance counterparty risk, and natural catastrophe risk to avoid outsize losses arising from the occurrence of specific events, and manage these risks. As at the end of March 2024, we have confirmed that the Group does not violate any risk limits; preliminary limit management is carried out within the limits of each limit.

E.Liquidity Risk Management

In addition to projecting cash requirements for day-to-day operations, we project the maximum cash outflows that could result from events such as a large-scale natural catastrophe. We then conduct management to ensure we have sufficient liquid assets to meet cash requirements in these scenarios. As at the end of March 2024, we have confirmed that the Group has adequate liquid assets to meet such outflows.

3. Major risks

(1) Material risks and the assessment of their likelihood and impact

Material risks and their probability of occurrence and impact are evaluated as follows.

<List of Material Risks>
Category No. Material Risks
A.Strategic risk
  External environment 1 Deterioration/transformation of competitive environment
2 Significant change in macroeconomic environment
3 Geopolitical risk
4 Pandemic
5 Changes in regulatory systems
Business strategy 6 Insufficient governance
7 Misjudgment of risks associated with new business
8 IT strategy
9 Climate Change(Physical risks, Transition risks)
10 Sustainability risk
11 Reputational risk
Human resources and personnel 12 Human Capital Risk
B.Market risk
  Market risk 13 Significant market deterioration
Credit concentration risk 14 Reinsurance and investment credit risk
Liquidity risk 15 Liquidity in the event of a major disaster
C.Operational and compliance risk
  Administrative risk 16 Failure to manage outsourced contractors
IT risk 17 IT failures
18 Cyber security breach
Compliance risk 19 Labor risk
20 Leakage of confidential and customer information (excluding cyber attacks)
21 Violation of the law and Misconduct
22 Conduct risk
D.Business risk
  Insurance underwriting risk
  Cat risk 23 Mega earthquake in Japan
24 Huge wind and flood disaster in Japan
25 Mega natural disasters overseas
Other 26 Cyber aggregation risk
Nursing care business risk
  Nursing care business risk 27 Misjudging the long-term nursing care business environment
28 Serious misconduct in the nursing care business
E.Other risks
  29 Business Interruption

<Material Risk Heat Map>

Material Risk Heat Map

The degree of Impact Probability of Occurrence
Financial Loss Business continuity Reputation
Very Large ≧ 500 bill. JPY License cancellation Brink of corporate failure ≧ once a year
Large ≧ 200 bill. JPY Disruption of core business ≧ 5 years damage ≧ once in 10 years
Medium ≧ 10 bill. JPY Partial disruption ≧ 2 to 3 years damage ≧ once in 100 years
Small < 10 bill. JPY < 2 years damage < once in 100 years

The status of emerging risks is as follows.

<List of Emerging Risks>
No. Emerging risk Overview of risks Examples of countermeasures
1 Innovative Medical Technology The impact of changes in the method illness and injury are treated on life insurance needs. Research the status and impact of innovative medical technologies
2 Loss of Biodiversity Physical risks related to biodiversity (damage to natural capital through feedback loops with climate change) and transition risks (stricter regulations, reputation damage). Investigate the impact of changes in policy, consumer preferences, and disclosure requirements. Implement issue resolution initiatives on a trial basis.
3 New risks posed by generative AI, etc. Loss of opportunities, reputation damage, etc. due to the rapid development and diffusion of AI and other technologies and the resulting changes in social expectations. Support appropriate in-house use of generated AI, etc., and establish a governance structure to respond to various regulations and social demands.
4 Critical infrastructure outages (including space storms and other highly uncertain factors) Major and prolonged outages of physical or digital critical infrastructure with inadequate security. Research and analysis of scenarios in which aging and other external factors combine to disrupt critical infrastructure.

(2) Material Risks - Assessments, and Countermeasures

A. Strategic risks(Nos. 1~12)

a.Risk overview and assessment

We categorize risks that could result in a significant impact on the Group’s business performance due to the Group’s business assumptions and strategies becoming invalid through external environment changes, or in the failure to establish business models that meet the company's business strategy – through, for example, poor group governance including the development and operation of internal control systems or inadequate strategic human resources assignment – as strategic risks.

The following are the environmental changes that we consider significant.

Short-term risk includes:

  • risk of inability to pass on increased business costs and insurance claims paid due to acceleration of inflation to product and service prices,
  • risk of decrease in value of financial assets as a result of rising inflation,
  • risk of wind and flood damage exceeding expectations due to climate change,
  • risk of damage to our brand value from perceived inadequacy of sustainability-related initiatives, rumors and misinformation spread through the media and online sources, etc.
  • the risk of deterioration or damage to our competitiveness and earnings base due to new entrants from digital or other industries to the insurance markets,
  • inadequate response to advances in digital technology including AI,
  • (Inter-) connected risks arising from exchange of sanctions or occurrence of major events due to heightened geopolitical tensions,
  • risk that our business will be affected by restrictions on people's lives or industrial activities due to a pandemic,
  • risk that we will not be able to change to a sound organizational culture that emphasizes compliance and customer protection,
  • risk that employee engagement will decline due to a lack of progress in changing to a corporate culture that accepts diverse opinions,

As for long-term risk, the Group's business performance could be affected by shrinkage of the insurance market due to expansion of the sharing economy, declining birth rate and aging population, as well as the decrease in insurance needs as technological innovation results in fewer accidents. In addition, the Group's insurance underwriting and asset management may be affected by the high greenhouse gas (GHG) emission sectors becoming stranded assets or worsening credit risk as a result of the transition to a decarbonized society.

b.The status of countermeasures taken

We believe that changes in the external environment will bring opportunities as well as threats; therefore, we are implementing our digital strategy and conducting M&A to promote our transformation to realize “SOMPO's Purpose”. For example, we will improve productivity in existing businesses, including the use of generative AI and the configuration of workflows that enable data-driven decision making; create new customer value through new products and services that utilize digital technology; and promoting digital transformation (DX) by recruiting and training digital specialists who will support the realization of these strategies. With regard to the worsening economic environment, we are closely monitoring daily changes, such as the deterioration of the global economy and financial markets due to inflation, and are analyzing the impact on our Group and taking measures to cope with such changes. With regard to geopolitical risks, we are examining scenarios that could have a significant impact on our group and verify our response system, and with regard to regulatory change risks, we are collecting information on trends in related domestic and overseas laws and regulations, etc., and closely monitoring them to determine their impact on our management. With regard to future pandemics, we will continue to monitor changes in the environment, for example, by drawing on our experience with the spread of Covid-19 infections, so that we can respond flexibly to opportunities and threats that come from major changes. In addition, in order to ensure proper functioning of group governance, we are strengthening our management and monitoring systems to ascertain the sufficiency and effectiveness of internal controls at group companies in a timely and appropriate manner.

Large-scale investments, such as digital strategies, M&A, and extensive IT system development are thoroughly discussed at the Board of Directors. However, there is a possibility that expected results may not be achieved due to changes in the business environment or other unanticipated issues. To ensure the continuing relevance of such investments, and that withdrawal criteria have not been violated, we regularly check the status of these developments, based on predetermined standards, even after implementation.

For physical risks caused by climate change, we are analyzing the impact from more severe natural disasters using climate scenarios.

With regard to the risks associated with the transition to a decarbonized society, we are working on the Green Transition Plan, which focuses on insurance underwriting and asset management. The Group Chief Sustainability Officer (CSuO) chairs the Group Sustainable Management Committee, which is composed of executives responsible for sustainability, and Sustainability Officer and CSO from domestic P&C insurance business, overseas insurance and reinsurance business, domestic life insurance business, and nursing care business, to monitor and discuss the status of these initiatives and report to Group Executive Committee as necessary. The reputational risk is dealt with and minimized by responding to rumors in a timely and appropriate manner, in accordance with the Company's regulations.

In terms of human capital risk, in order to improve the competitiveness of our human resources, we have established a job-based personnel system that promotes autonomous career development and a system that enables diverse work styles, so that employees can develop their own careers based on “MY Purpose,” which is their own life meaning and purpose or the meaning of their work. In addition, we have established a platform to promote autonomous learning and provide employees with such opportunities. Further, we plan to review and disseminate the Group's corporate philosophy system, including the formulation of principles of conduct that must be observed, in order to expand investment in human resources, improve the professionalism of employees, and change the perceptions, thoughts, values, and actions of Group executives and employees.

B.Financial and investment risks(Nos.13~15)

a.Risk overview and assessment

We categorize risks that deteriorate the performance and the financial position of the Group due to market volatility, bankruptcy of invested portfolio companies, guarantee insurance policyholders or reinsurers, and risks that worsen cash flow in the event of a major disaster as financial and investment risks. We invest extensively in domestic and foreign securities and other assets. If the value of these assets declines due to fluctuations in stock and foreign exchange rates, the Group's operating results may be affected by loss on sales, loss on valuation, or a decrease in valuation difference.

We sell insurance products with long policy terms that have an assumed interest rate (the investment yield promised to customers at the time of contracting). When interest rates decline, there is a risk that the actual investment yield will be lower than the assumed interest rate. Conversely, when interest rates rise, policy cancellations may increase as customers switch to products with higher assumed interest rates, mainly for savings-type products.

Furthermore, in the domestic life insurance business, due to the long-term nature of insurance products, the interest rate sensitivity of insurance liabilities is large and the mismatch with the interest rate sensitivity of assets may increase the risk of a decrease in adjusted capital when interest rates fluctuate.

b.The status of countermeasures

We have formulated a plan to reduce to zero its strategic holdings of stocks by the end of FY2030, which could be a factor that could impede proper competition in insurance transactions. This plan is intended to reduce the impact of stock market declines to a certain degree. In addition, the Company monitors the amount of foreign exchange risk on a group-wide basis to manage the risk of a significant decrease in shareholders' equity due to the appreciation of the yen.

With regard to the interest rate sensitivity of long-term insurance liabilities, such as maturity refunds of savings insurance and domestic life insurance business, we reduce the overall interest rate sensitivity of assets and liabilities by making long-term investments and loans, thereby controlling the impact of interest rate fluctuations on adjusted capital. In the domestic life insurance business, we are also striving to increase the ratio of protection and other products that are less susceptible to interest rate fluctuations.

Accumulation limits on investments and loans are also set and managed to avoid concentration on specific credit.

Cash flows are managed at each insurance subsidiary to ensure that the Group has sufficient liquid assets to meet its funding needs in the event of a major disaster or an increase in cancellation due to an interest rate hike.

C. Operational and compliance risks(Nos.16~22)

a.Risk overview and assessment

We categorize risks triggered by violations of laws and regulations, the failure of third party and agents management, system failures, cyber security, labor issues such as long working hours or harassment, customer information leaks, fraud, and misconduct as operational and compliance risks. We conduct businesses in compliance with applicable laws and regulations, including the Insurance Business Act of Japan, and the laws and regulations in countries in which it operates. There is a risk of non-compliance with these laws and regulations. In addition, there is a conduct risk due to a gap between the products, services, and business practices provided by the Group and the expectations of society, customers, and other stakeholders, which could adversely affect customer protection, market fairness and transparency, and consequently damage our corporate value.

The Group's IT systems are an important element of its business operations, and we strive to maintain a management structure and appropriate security measures to ensure stable operations. However, internal factors such as equipment failure or inadequate information systems due to human error, and external factors such as disasters or unauthorized access due to cyber attacks can cause system risks such as information system outages, malfunctions, unauthorized use, data destruction, and falsification.

We handle a large amount of customer information and possesses internal information such as various management information, etc. Each Group company has established an information management system and strictly controls such information. However, there is a risk of serious information leaks, including those caused by cyber-attacks. In addition to the above, there are various operational and compliance risks associated with business operations, such as administrative errors, failure to manage outsourcing vendors, mental or physical illness of employees, misconduct by officers or employees, criminal acts by outside parties, and payment of compensation associated with lawsuits.

These risks may cause a direct or indirect impact on the Group's costs leading to disruption of business operations, administrative action by Financial Services Agency and other authorities, and the Group’s operating results due to a loss of public trust and confidence in the Group.

b.The status of countermeasures

In response to the administrative action taken against SOMPO Holdings and Sompo Japan, the Group is proceeding with measures to prevent recurrence of misconduct. Among these measures, we plan to review and disseminate the Group's corporate philosophy system, including the formulation of code of conduct that must be observed, in order to foster a sound corporate culture that emphasizes compliance and customer protection, and to change the perceptions, thoughts, values, and actions of Group officers and employees.

In addition, we will strive to improve the effectiveness of the group-wide internal control system by not only developing a framework for appropriate corporate activities in accordance with laws and regulations, social norms, and corporate ethics, but also analyzing specific cases of improprieties occurring at each group company and implementing measures to address common issues.

With regard to labor risks due to long working hours and other factors, in addition to ensuring appropriate time and attendance management, we have established a system to improve management skills and remote communication in remote environments.

With regard to system risks such as system failures and cyber attacks, we have established a management system to continuously reduce system risks. In particular, we recognize the importance of continuously improving our ability to respond to cyber-attacks, which are becoming more sophisticated, and we are working as a group to implement cyber-security measures.

D.Business specific risks(Nos. 23~28)

(Insurance underwriting risk)
a.Risk overview and assessment

We categorize the occurrence of claim payments that exceed the expected level in domestic P&C insurance business, overseas insurance and reinsurance business, and domestic life insurance business as business risks (insurance underwriting risk).

We may have to pay a large amount of insurance claims for damage caused by natural disasters such as earthquakes, wind, floods, hail, and snow in Japan and abroad. We recognize that the increase in insurance claims paid due to an increase in windstorms and floods caused by climate change will have a particularly significant impact, and it may become difficult to provide stable insurance coverage due to a deterioration in underwriting income and difficulties in arranging sufficient reinsurance.

We offer insurance products that directly cover damage caused by cyber-attacks. In the event that a large-scale cyber-attack targeting software vulnerabilities occurs, we may receive simultaneous claims from multiple customers arising both from destruction or theft of data and from interruption of business operations, and this may affect the Group's business performance.

b.The status of countermeasures

We set limits for each region and each type of natural catastrophe based on the Group's capital and profit level, to maintain control over the accumulation of natural catastrophe risks, and monitors exposure periodically to ensure that these limits are not exceeded. In addition, we aim to stabilize our business by utilizing reinsurance and accumulating domestic catastrophic loss reserves. We also aim to set appropriate premium rates and design products by quantitatively evaluating the risk of claim payments due to natural disasters in light of climate change.

Also, regarding cyber insurance, the expected maximum loss is calculated based on models and assumed scenarios, and monitoring limits are set at each of the major insurance subsidiaries to identify risks and maintain and control appropriate underwriting levels.

(Nursing care business risk)
a.Risk overview and assessment

We established Sompo Care Inc. to meet the diverse needs of many elderly people and their families, providing a full range of nursing care services from home care to institutional care.

We categorize the misjudgment of nursing care business strategy and the damage to brand value from major scandals as business specific risks (nursing care business risk).

In the nursing care business, the Group's operating results may be affected by the following factors: revision of the Long-Term Care Insurance Act and long-term care compensation, intensifying competition in the nursing care market, difficulty in hiring and retaining employees due to the widening gap between supply and demand for nursing care personnel, food poisoning, outbreaks of communicable diseases, accidents specific to the nursing care business, loss of public trust and confidence as a result of such aforementioned incidents, and the occurrence of reputational risk.

b.The status of countermeasures

Sompo Care Inc. is committed to building trust with customers by establishing a corporate governance system and facility management structures.

The company has established a Governance, Risk and Quality Compliance Committee as an advisory body to the Executive Committee. This deliberates on response to major risk management and quality related incidents and on internal control matters based on the results of internal audits. The Risk Management Department consolidates all the information on accidents and works to ensure that all officers and employees are aware of and take preventive measures against reoccurrence.

In addition, we promote the effective use of a service for care providers that uses real data platform technology called “egaku,” ICT and leading-edge technologies at nursing care facilities to improve productivity and employee compensation, aiming to close the gap between supply and demand for nursing care personnel.

E.Other risk(No.29)

(Business interruption)
a.Risk overview and assessment

We categorize disruption to the stable operation of the Group’s business due to natural catastrophe such as major earthquakes, large-scale terrorist attacks, new infectious disease pandemic, a large-scale system failure due to a cyber attack, and other events as other risks (business interruption risk). These may affect operations such as our functions, insurance payments, and provision of nursing care services, as well as affecting the Group's operating results.

b.The status of countermeasures

We have formulated a business continuity plan and conducts regular training on its execution. We verify the effectiveness of business continuity measures by preparing for natural catastrophe such as large earthquakes and for emergencies such as pandemics caused by a new infectious disease, and large-scale system failures due to cyber attacks, etc.

In addition, we have recently made improvements to ensure the continuity of important operations at each Group company to further enhance crisis response capabilities by inspecting the maintenance status of crisis management plans at each Group company based on the Tokyo Metropolitan Disaster Management Council's new "Estimation of damage in the event of an earthquake directly hitting Tokyo", by deploying the latest communication and power facilities and by clarifying our cyber response contingency system and intra-Group coordination flow. We are making improvements to further enhance its crisis response capabilities and to ensure the continuity of important Group company operations.

  • linkedin
  • facebook
  • twitter
  • line