Business and other risks

(2) Material Risks – Assessments, and Countermeasures

A. Strategic risks（Nos. 1～12）

ａ．Risk overview and assessment

The Group categorizes risks that could result in a significant impact on the Group’s business performance due to the Group’s business assumptions and strategies becoming invalid through external environment changes, or in the failure to establish business models that meet the company’s business strategy – through, for example, poor governance or inadequate human resources – as strategic risks.

The following are the environmental changes that we consider significant.

Short-term risk includes:

• risk of inability to pass on increased business costs and insurance claims paid due to acceleration of inflation to product and service prices,
• risk of decrease in value of financial assets as a result of rising inflation,
• risk of wind and flood damage exceeding expectations due to climate change,
• risk of damage to our brand value from rumors and misinformation spread through the media and online sources, etc.
• the risk of deterioration or damage to our competitiveness and earnings base due to new entrants from digital or other industries to the insurance markets,
• inadequate response to advances in digital technology,
• the risk of constrained business opportunities for the Group due to intensifying industrial competition among major economies,

As for long-term risk, the Group’s business performance could be affected by shrinkage of the insurance market due to expansion of the sharing economy, declining birth rate and aging population, as well as the decrease in insurance needs as technological innovation results in fewer accidents and restrictions on people’s lives and industrial activities due to pandemics. In addition, the Group’s insurance underwriting and asset management may be affected by the high greenhouse gas (GHG) emission sectors becoming stranded assets or worsening credit risk as a result of the transition to a decarbonized society.

ｂ．The status of countermeasures taken

The Group believes that changes in the external environment will bring opportunities as well as threats; therefore, we are implementing our digital strategy and conducting M&A to advance our transformation into a ‘Theme Park for Security, Health and Wellbeing’. We are also laying the foundations of digital transformation (DX) by:

• improving the productivity of existing businesses through deployment of technologies including AI and Big Data;
• creating new customer value with new products and services that use the digital technologies;
• hiring and training digital talent.

With regard to the deterioration of the economic environment, the Company closely monitors daily changes, such as the deterioration of the global economy and financial markets due to rapidly advancing inflation, analyzes the impact on the Group, and implements countermeasures. With respect to the risks of geopolitics and regulatory changes, the Company has been closely monitoring them to discern the managerial impact by discussing scenarios for geopolitics that would have adverse impacts and collecting information on trends in domestic and overseas laws and regulations.

Large-scale investments, such as digital strategies, M&A, and extensive IT system development are thoroughly discussed at the Board of Directors. However, there is a possibility that expected results may not be achieved due to changes in the business environment or other unanticipated issues. To ensure the continuing relevance of such investments, and that withdrawal criteria have not been violated, we regularly check the status of these developments, based on predetermined standards, even after implementation.

Regarding future pandemics, we will continue to draw on our experience with the spread of novel coronavirus infections, including our watchful eye on environmental changes so that we can respond flexibly to opportunities and threats that come from major changes.

For physical risks caused by climate change, we are analyzing the impact from more severe natural disasters using climate scenarios.

With regard to the risks associated with the transition to a decarbonized society, we are working on the Green Transition Plan, which focuses on insurance underwriting and asset management. The Group Chief Sustainability Officer (CSuO) chairs the Group Sustainable Management Committee, which is composed of executives responsible for CSR activities from each Group company, to monitor and discuss the status of these initiatives and report to Global ExCo and MAC as necessary. The reputational risk is dealt with and minimized by responding to rumors in a timely and appropriate manner, in accordance with the Company’s regulations.

B．Financial and investment risks（Nos.13～15）

ａ．Risk overview and assessment

The Group categorizes risks that deteriorate the performance and the financial position of the Group due to market volatility, bankruptcy of invested portfolio companies, guarantee insurance policyholders or reinsurers, and risks that worsen cash flow in the event of a major disaster as financial and investment risks. Fluctuations in domestic stock prices and interest rates, in particular, may have large impacts on the Group’s financial performance.

Sompo Group holds a large number of shares for the purpose of maintaining medium- to long-term relationships with customers and invests in a wide range of securities, in Japan and overseas, to generate stable investment income. Should the values of these assets decline, due to a fall in market prices, the Company may incur losses on sale, valuation loss, or decrease in valuation difference on available-for-sale securities. This would impact the Group’s business results.

There is also a risk that actual investment yields may be lower than assumed interest rates due to the lower interest rate environment, because the Group sells insurance products with assumed interest rates – the investment yield promised to customers at the time of contracting – over a long period.

Further, declining interest rates may lead to an increase in the economic value of insurance liabilities that exceeds the offsetting increase in market value of securities, resulting in a net overall decrease in equity capital. This risk arises because the domestic life insurance business retains insurance liabilities that have a longer duration than the securities held.

ｂ．The status of countermeasures

The Group strives to mitigate the impact of stock market declines by continuously reducing its strategic shareholdings.

As other initiatives, we are making efforts to reduce the impact of interest rate fluctuations by making long-term investments and loans so that they more closely match to the cash flow of liabilities for maturity refunds on savings-type insurance policies and for domestic life insurance policies. Accumulation limits on investments and loans are also set.

Furthermore, the domestic life insurance business is working to increase the ratio of protection products in its portfolio; these products are less susceptible to interest rate declines under economic value-based calculations for insurance liabilities.

Cash flows are managed at each insurance subsidiary to ensure that the Group has sufficient liquid assets to meet its funding needs in the event of a major disaster or a rise in cancellation due to an interest rate hike.

C． Operational and compliance risks（Nos.16～22）

ａ．Risk overview and assessment

The Group categorizes risks triggered by violations of laws and regulations, the failure of third party management, system failures, cyber security, labour issues caused by long working hours, customer information leaks, fraud, and misconduct as operational and compliance risks. The Group conducts businesses in compliance with applicable laws and regulations, including the Insurance Business Act of Japan, and the laws and regulations in countries in which it operates. In the event of a violation of these laws and regulations, the Company may be subject to administrative sanctions from Japan’s Financial Services Agency and other authorities.

There is also system risk resulting from a shutdown, malfunction or misuse of the IT systems; these may be caused by external or internal factors, such as unauthorized access by cyber-attacks, or human error.

Sompo handles a large amount of customer information. Each Group company has established a system for managing such information and maintains strict control over this data. However, in the unlikely event of a major information leak, including a cyber-attack, the Group may lose public trust and confidence and may incur remediation costs that would impact business results.

The occurrence of administrative errors, failure to manage outside contractors, physical and mental health problems among employees, fraudulent acts by officers and employees, criminal acts committed by outside parties, and payment of compensation associated with lawsuits may have a direct or indirect impact on the Group’s costs leading to disruption of business operations, administrative action by Financial Services Agency and other authorities, and a loss of public trust and confidence in the Group.

Changes in social awareness, customer preferences, and behaviors may lead to gaps between our products, services, and business practices and stakeholder expectations. Such differences may lead to negative customer sentiment, complaints, and other conduct risk issues that may damage the Group’s brand value.

ｂ．The status of countermeasures

The Group is constantly aware of the importance of its public mission and the social responsibilities associated with each of its businesses. We have established a system for conducting appropriate corporate activity, in accordance with laws and regulations, social norms and corporate ethics under the SOMPO Group Basic Compliance Policy and other policies. On top of that, the SOMPO Group Code of Conduct for Compliance has been established to foster and ensure the compliance culture among all officers and employees in the Group.

Regarding IT system failures, we have established an IT risk management system and we are continuously working to reduce such risks. With regard to the risk of cyber-attacks, we have established the “Sompo Group Cyber Security Basic Policy” was established based on the recognition that cyber security efforts are a corporate social responsibility. In addition to continuing to develop the response system at each group company, we have established a designated team in the Company. Through these overarching and Group-wide initiatives, we are committed to improving the maturity of our defense capabilities within all group companies.

Labour risk caused by long working hours has been dealt with by making sure that the working time is properly and thoroughly managed and establishing a management system to enable improved management skill and communication under the working-from-home environment.

For conduct risk, we have implemented measures to identify and take pre-emptive measures against signs of risk, and we have established a system for managing outsourced contractors – including provisions to manage the process appropriately from the start of outsourcing to the termination of the contract.

D．Business specific risks（Nos. 23～28）

（Insurance underwriting risk）

a．Risk overview and assessment

The Group categorizes the occurrence of claim payments that exceed the expected level in domestic non-life insurance business, overseas insurance business, and domestic life insurance business as business risks (insurance underwriting risk). The Group recognizes that the increase in insurance claims paid due to an increase in windstorms and floods caused by climate change will have a particularly large impact.

We may have to pay a large amount of insurance claims for damage caused by natural disasters such as earthquakes, wind, floods, and snow in Japan and abroad. In addition, changing patterns of frequency and severity of wind and water-related disasters due to climate change may increase the amount of claim payments, deteriorate the Group’s underwriting balance, and make it difficult for the Group to provide stable insurance coverage.

Sompo Group offers insurance products that directly cover damage caused by cyber-attacks. In the event that a large-scale cyber-attack targeting software vulnerabilities occurs, we may receive simultaneous claims from multiple customers arising both from destruction or theft of data and from interruption of business operations, and this may affect the Group’s business performance.

ｂ．The status of countermeasures

The Group aims to stabilize its business performance by using reinsurance and catastrophic loss reserves to prepare for domestic natural catastrophe risks, and by setting appropriate premium rates and design products by quantitatively assessing the risk of claim payments due to natural disasters in light of climate change.

For overseas insurance business, the Company sets limits for each region and each type of natural disaster based on the Group’s capital and profit level, to maintain control over the accumulation of natural disaster risks, and monitors exposure periodically to ensure that these limits are not exceeded.

Also, we are working to capture and reduce such risks by identifying potential large-scale cyber incidents and calculating the expected maximum losses.

（Nursing care business risk）

ａ．Risk overview and assessment

The Group categorizes the misjudgment of nursing care business strategy and the damage to brand value from major scandals as business specific risks (nursing care business risk).

To meet the diverse needs of many elderly people and their families, we have established Sompo Care Inc. that provides a full range of nursing care services from home care to institutional care.

In the Nursing Care & Seniors Business, the Group’s operating results may be affected by the following factors: revision of the Long-Term Care Insurance Act and long-term care compensation, intensifying competition in the nursing care market, difficulty in hiring and retaining employees, food poisoning, outbreaks of communicable diseases, accidents specific to the senior citizen related business, loss of public trust and confidence as a result of such aforementioned incidents, and the occurrence of reputational risk.

ｂ．The status of countermeasures

Sompo Care Inc., which manages the Group’s nursing care business, is committed to building trust with customers by establishing a corporate governance system and facility management structures.

The company has established a Governance, Risk and Compliance Committee as an advisory body to the Executive Committee. This deliberates on response to major risk management related incidents and on internal control matters based on the results of internal audits. The Risk Management Department in SHD consolidates all the information on accidents and works to ensure that all officers and employees are aware of and take preventive measures against reoccurrence.

In addition, we promote the effective use of ICT and leading-edge technologies at nursing care facilities to improve productivity and employee compensation, aiming to close the gap between supply and demand for nursing care personnel. Furthermore, the company aims to help solve societal challenges in Japan facing a super-aged society in future, by maximizing productivity, utilizing know-how on high quality care service to provide solutions that support business process of nursing-care business operators, and promoting preventive services for deteriorating cognitive functions.

E．Other risk（No.29）

（Business interruption）

ａ．Risk overview and assessment

The Group categorizes disruption to the stable operation of the Group’s business due to natural disasters such as major earthquakes, large-scale terrorist attacks, new strains of influenza pandemic, a large-scale system failure due to a cyber attack, and other events as other risks (business interruption risk). These may affect operations such as SHD functions, insurance payments, and provision of nursing care services, as well as affecting the Group’s business results.

ｂ．The status of countermeasures

The Group has formulated a business continuity plan and conducts regular training on its execution. The Group strives to verify and improve the effectiveness of business continuity measures by preparing for natural disasters such as large earthquakes and for emergencies such as pandemics caused by a new strain of influenza or other infectious agents, and large-scale system failures due to cyber attacks, etc.

In the previous fiscal year, we enhanced our emergency response capabilities by adding anticipated events in the global spread of Covid-19, and establishing an “action plan” for each event. This fiscal year, we are working to further improve our emergency response capability by clarifying our response policy for large-scale system failures and taking other measures to ensure all critical operations in the Group companies continue to function.