Governance

Risk Management

Risk management framework
Risk and capital management
Stress tests
Three-lines model (3 lines of defense)
Risk management-related awareness and education
Crisis management
BCP

Risk management framework

The Group identifies and recognizes various risks across the entire Group, and is structured to manage risks according to the risk category by the department in charge. The Risk Management Committee, chaired by the Head of Risk Management Division who is a Managing Executive Officer, comprehensively and systematically manages risks for the entire Group on a global basis, and reports important matters to the Executive Committee, chaired by the President & CEO, and the Board of Directors. The Board of Directors deliberates what is reported and regularly confirms the effectiveness of the entire process. The Risk Management Committee holds extraordinary meetings as needed for flexible deliberations when there are any major changes in the external environment, etc., in addition to biannual regular meetings. In addition, the Group has introduced a "three-lines model^*1 " process in line with the COSO Framework^*2 to establish an effective risk management framework.
In addition to the financial and non-financial risks shown in the figure below, we are also enhancing risk management by formulating response policies in accordance with changing circumstances for risks that have a significant impact on management, such as conduct-related risks and human rights violation risks.

*1A risk management framework with three lines of defense (first line: sales and business divisions, Group companies, second line: each department in charge of risk, third line: Internal Audit Department)
*2A world-standard internal control framework released by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) in the US

Overview of risk management framework of the Group

Overview of the Group’s risk management framework

Initiatives to enhance the risk management framework

Internal audit in the risk management system

The Company has in place and operates risk management and internal control frameworks based on the COSO ERM (enterprise risk management) framework for the purpose of sustainably enhancing its corporate value and fulfilling its responsibilities to its stakeholders.
With these frameworks, the Company identifies and assesses, responds to, and monitors risks toward the achievement of strategic goals and works to foster risk awareness and strengthen the risk management system across the organization. In particular, the Company focuses on preventing risks from emerging by establishing a highly reliable control environment.
The Internal Audit Department, as an independent third line of defense, monitors the Company’s control environment, risk assessment, control activities, etc., in accordance with the COSO ERM framework, in addition to conducting annual regular audits to comply with J-SOX requirements and for some self-assessments of assets. Based on these activities, the department formulates an annual audit plan through risk assessments, conducts risk-based individual audits and themed audits, and thereby confirms the effectiveness of risk management processes and internal control.
The Company has in place an internal audit system that covers all the processes from planning to implementation, reporting, and giving instruction for improvement, and strives to continue to improve the control environment through improvement activities based on audit results. The Company also encourages the acquisition of qualifications such as certified internal auditor (CIA) and certified public accountant (CPA) to improve the expertise of audit personnel, and works on systematic development of human resources at the same time.
Furthermore, the Company aims to achieve audit activities with higher quality by introducing audit methods utilizing IT and thereby streamlining and increasing the accuracy of audits.

Major risks recognized by the Group

The Group recognizes the following risks as major risks that could affect the business results, financial position, or other aspects of the Group. In addition, the Group closely monitors current affairs that are increasing uncertainties in the business environment, such as geopolitical risks related to the Russia-Ukraine situation, US-China tensions, and Middle East affairs, as well as the impact of US tariff policies on the global economy.

Credit risk

The Group conducts business that extends credit over the medium to long term through leases, installment sales, monetary loans, and other financial services of various forms. Depending on future business trends and the financial landscape, additional provisions of allowance for doubtful receivables could be necessary with increasing non-performing loans due to deterioration in companies’ credit statuses, which could impact the Group’s business results and financial position.

〔Main efforts to address risk〕: When considering each deal, the Group carefully reviews the customer’s credit standing using its own rating system and makes a thorough study in light of the value of the leased property, country risk, and other factors in an effort to ensure a reasonable return for the risk. Additionally, the Group continues monitoring the customer’s credit standing on an ongoing basis after entering into transactions and has a system in place to take the necessary steps in the event that the customer’s credit standing worsens. Moreover, its credit management with respect to the portfolio as a whole takes into account risk diversification to ensure that credit is not concentrated in certain customers, industries, countries, and regions while striving to ensure sound management by regularly measuring the credit risk of its portfolio and monitoring to ensure that it is within a certain range of capital.

Asset risk

In addition to general movable property, the Group holds global assets including aircraft and real estate including buildings, and leases these assets in and outside Japan in the form of operating and other types of leases. In this business, the Group is exposed to asset risk in addition to the aforementioned credit risk, so fluctuation in revenue from asset management and disposals could impact the profitability of the leases. For this reason, when engaging in operating leases, the Group carefully assesses the value of the underlying assets according to asset type in addition to the customer’s credit standing prior to working on each deal. Even after entering into transactions, the Group continues monitoring the status of the leasing and secondary markets for the assets along with the status of asset use by the lessee, striving to prevent risks from emerging or to mitigate their impact if they occur.

a.Global assets

The Group holds global assets such as aircraft and aircraft engines, containers, and railcars and leases these assets in and outside Japan in the form of operating other types of leases. In the business related to global assets, the Group is exposed to price fluctuation risk pertaining to the assets in addition to the aforementioned credit risk. With operating leases, in addition to lease fee revenue received from the customer, the Group recovers funds by selling the asset at the end of the lease period. Additionally, in the event of a customer default, the Group repossess the asset and collects funds by leasing it to another customer or selling it. As for selling assets, in addition to business trends and the financial landscape, major incidents arising from technical problems, obsolescence due to technological change, revisions to laws and regulations, increased concern over global pandemics or terrorism, natural disasters, war, or geopolitical risk may render the asset irrecoverable or cause its selling price to fluctuate. Furthermore, the recording of an impairment loss or increased costs associated with property management could also impact the Group’s business results and financial position.

〔Main efforts to address risk〕: When engaging in operating leases with global assets, the Group conducts a comprehensive review that includes a checklist for deals involving movable property and future asset liquidity prior to working on each deal to ensure a reasonable return for the credit risk and asset value fluctuation risk. Furthermore, the Group has established internal criteria to maintain a diversified portfolio, including asset types, geographic regions, and maturity dates. Moreover, the Group continues monitoring the customer’s credit standing and industry trends on an ongoing basis after entering into transactions and has a system in place to take the necessary steps in the event that the customer’s credit standing worsens, such as collecting a deposit from the customer to cover asset wear and tear as necessary. Additionally, the Risk Management Division conducts predictive management monitoring for each major asset category through time series observation of industry trends and indicators that could impact asset value fluctuations, while also maintaining ongoing risk communication with the business divisions. The Group also regularly measures customer credit risk and asset value fluctuation risk of its portfolio to monitor whether it is within a certain range of capital, in an effort to ensure sound management.

b.Real estate

The Group makes investment in and provides financing of commercial real estate such as offices, residences, commercial facilities, logistics facilities, and hotels in and outside Japan, and in leasing and other business operations based on its owned properties. These assets are subject to revenue fluctuation risk and price fluctuation risk. In the real estate-related business, in addition to rent revenue from tenants, the Group recovers funds by selling assets that are not to be held over the long term. Rent revenue and revenue from sale of assets may fluctuate depending on the market environment, such as economic trends, the financial landscape, and the rent market in the specific location of the asset, and this could impact the Group’s business results and financial position.

〔Main efforts to address risk〕: The Group makes a careful decision based on a comprehensive review of future asset value and liquidity prior to working on each deal to ensure a reasonable return for the asset value fluctuation risk. Furthermore, the Group continues monitoring the status of asset management, price trends, and industry trends on an ongoing basis after entering into transactions and has a system in place to maximize revenue. Additionally, the Risk Management Division conducts predictive management monitoring through time series observation of industry trends and indicators that could impact asset value fluctuations, while also monitoring ongoing risk communication with the business divisions. The Group also regularly measures the asset value fluctuation risk of its portfolio to monitor whether it is within a certain range of capital, in an effort to ensure sound management.

Investment risk

The Group makes investment in projects including solar power, wind power, and other renewable energy businesses in Japan and overseas as well as various businesses and funds. These investing activities are subject to such risks as risk of changes in the business environment including declining demand, risk of revenue falling below the plan and diminished recoverability of the investment amount due to sluggish performance of investees or partners, risk of investees’ stock value falling below a certain level, and risk of investees’ stock value staying below a certain level for a considerable period of time due to unexpected changes in the economic or financial situation or a major disruption of the financial markets regardless of the investee’s performance. These risks could result in a full or partial loss of principal of the investment, including a valuation loss, or create the necessity of additional funding. In addition, there is the risk that the Group may be unable to exit or restructure the business at the desired time or using the desired method due to differences with the partner’s management policy or low liquidity of the investment asset and the risk that the Group may be adversely affected by not being able to obtain relevant information from the investee, and these risks could impact the Group’s business results and financial position.

〔Main efforts to address risk〕: The Group holds investment meetings according to the individual investment amounts and severity of risk to gather the opinions of the relevant departments and makes a careful decision based on a comprehensive review of future investment value and liquidity from a broad point of view when considering each investment to ensure a reasonable return for the risk. Additionally, the Group has a system in place to continue monitoring the status of investment management and industry trends on an ongoing basis after entering into business relations and thereby maximize revenue. The Group also regularly measures the risk of fluctuations in the value of investments in its portfolio to monitor whether it is within a certain range of capital, in an effort to ensure sound management.

Market risk

a.Interest rate fluctuation risk

The fees for leases and installment sales conducted by the Group are set based on the purchase price for the transacted property and the market interest rates at the time of contract. Most of these basically do not fluctuate during the contract term. The cost of funds for acquiring the leased property, on the other hand, is affected by fluctuations in the market interest rate as the funds are procured at both fixed and variable interest rates for the purpose of fundraising diversification and reduction of funding costs. As such, a sharp rise in the market interest rate resulting from sudden changes in the financial situation could impact the Group’s business results and financial position.

b.Exchange rate fluctuation risk

The Group actively conducts business outside Japan, and as foreign currency-denominated assets increase, so does their percentage of consolidated operating assets. The financial statements of the Group’s consolidated subsidiaries outside Japan are expressed in the local currency while the Company’s consolidated financial statements are expressed in Japanese yen. As such, although fundraising is, in principle, conducted in the same currency as the asset, should a large fluctuation occur in exchange rates, it could impact the Group’s business results and financial position in Japanese yen terms.

〔Main efforts to address risk〕: The Group constantly watches movements in the financial markets and, as needed, monitors through asset liability management (ALM) any imbalances in the form of interest rates or foreign exchange for asset management and for procurement of funds. It then manages interest rate fluctuation risk through appropriate hedge operations while taking interest rate movements into account. To address exchange rate fluctuation risk, in principle, the Group raises funds in the same currency as the operating asset in an effort to minimize loss on currency valuation of assets. The Group also regularly measures the quantitative risk of the position of portfolio holdings incurring a loss over a certain period of time at a certain probability and to what extent in the event that interest or foreign exchange rates take a disadvantageous turn based on past statistics, and monitors whether it is within a certain range of capital in an effort to ensure sound management. Meanwhile, the ALM Committee meets quarterly or as required to analyze scenarios and data in connection with geopolitical risk, pandemics, and various other risk factors and to determine ALM policy based on trends in the financial market environment, the risk situation, and other considerations.

Liquidity risk

When engaging in acquisition of lease properties for leases, installment sales, and monetary lending, the Group raises a large amount of funds in Japanese yen and other currencies. The Group attempts to balance the period of leases and other credit transactions and investments with the period of fundraising, but should it experience difficulty securing enough funds because of heightened risk aversion on the part of financial institutions and investors due to a free fall in economic and financial conditions and major confusion in the financial markets or a decline in the Group’s creditworthiness, it could impact the Group’s business results and financial position.

〔Main efforts to address risk〕: With respect to the procurement of funds, the Group works to ensure the liquidity of funds through efforts to diversify by procuring funds directly from the market including corporate bonds, commercial papers, and securitization of lease receivables in addition to borrowing from financial institutions as well as balancing long- and short-term funding, careful management of cash flow, and measures to supplement liquidity during emergencies, such as through the acquisition of commitment lines. Additionally, the Group conducts stage-by-stage management of liquidity, putting in place funding arrangements to ensure that the immediately necessary funds can be secured, including funds for repayment, even if the fundraising environment deteriorates, and reporting on the status of funding to the ALM Committee. In addition to conducting interest rate sensitivity analysis (analyzing the impact of interest rate fluctuation on revenue), the ALM Committee carries out comprehensive investigations of market risk and liquidity risk in the event of stress in the financial markets or other relevant areas, including the potential impact on profit and loss. It then determines a fund procurement strategy and risk response policies to implement a Company-wide strategy aligned with the market environment. Regarding risk management in particular, it coordinates with the Risk Management Committee, which is one arm of the Company-wide integrated risk management system. By strengthening the predictive management system and coordinating with contingency planning, it makes efforts to improve the flexibility and resilience of financial structures in the event of a crisis situation emerging. Additionally, to support the recent globalization of its operations and enhance its foreign currency funding capacity, the Group has established a regional financial base in North America, where it holds a large asset balance, and has put in place a Group financing system that includes the centralization of financing. The regional financial base offers not only indirect financing but also various forms of fund procurement, including issuance of commercial papers and corporate bonds, thus providing funds to Group companies operating in North America.

Country risk

As the Group operates businesses globally, it is subject to risks due to which losses may arise depending on the political and economic situation in the countries and regions where the business partners and investees are located. In addition to changes in economic conditions such as rapid declines in currency or stock prices or sovereign defaults in a given country, various factors such as conflict, civil unrest, or political instability could result in additional provisions for credit losses or the recognition of impairment losses related to credit transactions or investments in that country or entities. These could impact the Group’s business results and financial position.

〔Main efforts to address risk〕: The Group sets upper limits on transaction volumes based on each country’s economic strength and creditworthiness. Additionally, the Group monitors whether the balances of credit transactions and investments involving country risk remain within the prescribed limits. In this way, the Group works to diversify its reliance on specific countries and regions to reduce the impact of losses in the event that country risk materializes.

Operational risk

a.Risk related to earthquakes, wind and flood damage, pandemics, war, terrorism, etc.

The Group uses facilities, including sites and systems, in and outside Japan to conduct its operations. Earthquakes, wind and flood damage, or other natural disasters as well as pandemics, war, terrorism, or other unpredictable circumstances could cause a reduction of activities or prevent operations at those sites by damaging the sites themselves or the systems or by injuring employees or preventing them from coming to work, thereby disrupting business operations. Moreover, depending on the extent of the damages or how long the event lasts, a large sum of money could be required to restore the systems or other facilities, or it may take a long time for business operations to recover. Such a situation could impact the Group’s business results and financial position.

〔Main efforts to address risk〕: The Group has designated responsible departments depending on the envisioned risk to prepare for such circumstances and has a system in place to establish a crisis response headquarters to respond to a critical situation. The Group is also working to establish a system for business continuity by putting together a business continuity plan, implementing redundancy measures for core systems, establishing a system infrastructure that allows work from home, and implementing office shifts limited to operations that must continue.

b.System risk

The Group utilizes email as well as a variety of information systems to conduct account processing, management of various contracts, customer management, asset management of leased properties, and other operations. An outage or failure of these information systems arising from poor maintenance, poor development, or other such problems could cause an interruption of contract and collection operations or services provided to customers, which in turn could cause a suspension of operating activities and economic loss, thereby impacting the Group’s business results and financial position.

〔Main efforts to address risk〕: The Group has a system in place to properly manage and maintain these systems through internal cooperation and partnership with other companies to ensure their stable operation. The Group is equipped with an integrated response system for failures that includes swift action and sharing of information internally and externally when failures occur as well as establishment and implementation of measures to prevent subsequent recurrence. Additionally, Group-wide IT control is conducted by implementing the Company’s standard system development process at Group companies in Japan and other countries.

c.Cybersecurity risk and information security risk

The Group utilizes email as well as a variety of information systems to conduct account processing, management of various contracts, customer management, asset management of leased properties, and other operations. These information systems are subject to risk of business email scams, malware infections, unauthorized access by outside parties, and other cyberattacks. Unauthorized access by outside parties, malware infractions, human error, fraud, scams, and other problems could result in system outages or failures, monetary damages, leaks or unauthorized use of confidential information or customer information, or other incidents. These could cause an interruption of contract and collection operations or services provided to customers, which in turn could cause a suspension of operating activities, economic loss, or loss of social confidence from leakage of important information, thereby impacting the Group’s business results and financial position.

〔Main efforts to address risk〕: The Group has established a cross-organizational Security Incident Response Team (MHC-SIRT)* to address these risks and has a system in place to prevent incidents at the entrance, internal, and exit stages and respond to them if they occur. Specifically, in preparation for cyberattacks that exploit vulnerabilities, the Group keeps software up to date to detect unauthorized access, malware, and other cyberattacks and maintains management preparedness to prevent problems. At the same time, the Group has established an internal and external coordination system and conducts drills to prepare for incidents. Moreover, targeted email training is provided for all employees, and internal education on information security is carried out on an ongoing basis.

*MHC-SIRT is a cross-organizational team operating inside the Group that responds to information security incidents, primarily focusing on cyberattacks such as targeted email attacks and unauthorized access against the Group. (MHC: Mitsubishi HC Capital)

d.Legal risk

The Group’s operations are subject to a range of relevant legislation in and outside Japan. As the primary examples in Japan, its operations must comply with the Companies Act, tax laws, the Financial Instruments and Exchange Act, the Act on Prohibition of Private Monopolization and Maintenance of Fair Trade, anti-bribery laws, the Act on the Protection of Personal Information, the Money Lending Business Act, the Installment Sales Act, the Act on Prevention of Transfer of Criminal Proceeds, and environmental laws and regulations. Outside Japan, the Group’s operations are subject to the legislation of each country and region as well as to oversight by regulatory authorities. Should there be a failure of compliance with legislation, social norms, or company rules, it could impact the Group’s business results and financial position by causing restriction on or interruption of operations, a claim for damages from customers or others, or a loss of social trust.

〔Main efforts to address risk〕: The Group conducts its business activities in accordance with laws, regulations, and internal rules. To ensure legal compliance, it has established the necessary internal regulations and set up the Legal Office that includes qualified legal professionals. This department provides various forms of legal support, conducts education and training for officers and employees, and works to strengthen the legal risk management system on a consolidated basis.

e.System change risk

The Group’s operations are subject to a range of relevant legislation, accounting and tax regulations, and other systems in and outside Japan. Should there be substantial changes or revisions to any of the various systems closely related to the Group’s operations that the Group was unable to properly address, there could be penalties for nonconformance, suspension of product offering, restrictions on business activities, decreases in sales in terms of accounting, or other negative consequences that could impact the Group’s business results and financial position.

〔Main efforts to address risk〕: The Group’s corporate center divisions, business divisions, sales offices in Japan, and sites in each country continuously monitor revisions and changes to the various systems in and outside Japan, such as legal, accounting, and tax systems, applying to their relevant operations and countries. In addition, the Group gathers information on and implements measures to address changes and revisions as quickly as possible while reinforcing such monitoring by actively utilizing outside experts.

f.Administrative risk

The Group conducts transactions in various forms, and various administrative work arises with each transaction. Improper administrative work, including human error, fraud, and other irregularities, could cause an interruption of contract and collection operations or services provided to customers, which in turn could cause a suspension of operating activities or loss of customer trust, thereby impacting the Group’s business results and financial position.

〔Main efforts to address risk〕: The Group has established administrative rules for each transaction and conducts business according to these rules while reviewing them as needed. Additionally, an internal reporting system is in place for internal administrative incidents. Should such an incident occur, the system includes internal reporting, swiftly addressing the incident, identifying the cause, and establishing/implementing measures to prevent recurrence.

Other major risks

The Group also recognizes the major risks listed below. These risks are managed within the integrated risk management framework, including individual impact and combined impacts across multiple risk items, according to their individual characteristics and status. The Group explores a unified response and formulates a response policy as necessary and additionally conducts scenario analysis appropriate to the situation as part of a multifaceted verification of risk resilience.

Compliance risk

The Group ensures that all officers and employees act with high ethical standards, complying not only with laws and regulations but also with social norms. However, in the unlikely event that any actions in violation of these occur, it could impact the Group’s credibility, business results, and financial position.

〔Main efforts to address risk〕: The Company has established the Legal & Compliance Department, which oversees the Group’s compliance. Additionally, the Group has formulated and implemented a compliance program to ensure thorough adherence to laws and regulations. Specifically, to promote awareness and shared understanding of fundamental compliance-related values and ethics, the Group has established the Group Code of Ethics and Conduct as a set of guidelines for its officers and employees. Furthermore, the Group has prepared various policies and internal rules related to compliance to supplement the Code of Ethics and Conduct and conducts ongoing compliance education. The Group also conducts regular compliance awareness surveys of officers and employees to verify the penetration of the Code of Conduct and the situation within the workplace environment. In addition, the Group is working to strengthen its compliance system by preparing and operating an internal whistleblowing system that allows officers and employees to report and consult on misconduct (any violation of legislation, internal rules, or the Code of Ethics, including corruption, or any action that could potentially be a violation).

Risk related to conduct

The Group is implementing various measures based on the keyword of "transformation" to achieve Our 10-year Vision of "Together we innovate, challenge and explore the frontiers of the future." During this process, any actions by our officers and employees that compromise customer protection, fair competition, market integrity, public interest, or social norms and cause harm to our stakeholders could impact the Group’s credibility, business results, and financial position.

〔Main efforts to address risk〕: The Group emphasizes integrity as one of the core elements of the Action Principles, which set forth the values and attitude each employee should have along with the actions they should take within the Basic Management Policy. This means maintaining high ethical standards and constantly returning to the basics. The Group ensures that all officers and employees conduct themselves accordingly.

Risk related to personnel recruitment

The Group must stably secure adequate human resources to maintain and strengthen its competitiveness in the various businesses it operates in and outside Japan. The Group strives to continuously recruit and train capable personnel, but should it not be able to adequately secure and train the needed personnel, this could impact the Group’s business results and financial position.

〔Main efforts to address risk〕: The Group actively promotes recruitment by conducting not only hiring of new graduates but also mid-career hiring. To strengthen its recruitment structure, the Group has introduced various hiring practices, including referral recruitment through employee introductions and rehiring of former employees, to promote the recruitment of diverse personnel. Additionally, to encourage each employee to take initiative and continuously create value, the Group promotes employee development under themes such as "career," "organizational level," "digital transformation (DX)," and "self-development." It supports employee growth through various opportunities, including training programs, assistance with obtaining qualifications, and the introduction of the Career Challenge Program (an internal and external open application system for various positions), which contributes to employees’ career development, thereby fostering employee development.

Risk related to labor and employment management

The Group employs a large number of staff in its business operations. This involves the risk of long working hours having a negative effect on the mental or physical health of employees or other negative impacts, making them unable to fulfill the expected duties, and the risk of legal infringement due to failure to appropriately monitor legal requirements relating to employment and related areas. Additionally, there is the possibility of these risks resulting in damage to public trust.

〔Main efforts to address risk〕: The Group promotes operational improvements through the use of DX and introduces systems that enable diverse workstyles, such as flextime without core hours, remote work, and satellite offices. In this way, it works not only to reduce long working hours but also to create a work environment that supports employees with childcare or nursing care responsibilities. Additionally, to address harassment and other personnel issues, the Group has introduced measures for employees in Japan and overseas, including an internal whistleblowing system and advice services. To enable employees to develop their abilities to the fullest, the Group is addressing workplace enhancement as a major focus of initiatives.

Risk related to expansion of operating base, strategic partnerships, and M&As

In pursuit of continued growth through expansion of its operating base, the Group engages, in and outside Japan, in strategic partnerships with outside entities aimed at the enhancement of various services and tries to diversify and expand the Group’s business portfolio through M&As in addition to expanding business on its own.
The Group endeavors to diversify its business and enhance its services through this kind of approach. However, changes in the domestic or international economic and financial conditions, intensification of competition, changes in the business environment or strategy of partners, revision of relevant legislation, and other factors could cause a failure to achieve expected results or result in the need to record additional expenses, such as a loss on impairment of goodwill recorded at the time of an M&A. Such a situation could impact the Group’s business results and financial position.

〔Main efforts to address risk〕: In addition to review by the relevant departments according to the individual investment amounts and severity of risks, the Group brings in outside experts for a comprehensive review of the rationality of the investment structure and the future investment effect from a broad point of view when considering each M&A or partnership deal. Even after an M&A deal is executed, the Group’s rules are applied to establish a system for proper operational management, and monitoring is carried out on the business plan, results management, and other aspects so that the necessary actions can be taken in a timely manner.

Risk associated with expansion of business domains and development of new services

The Group is expanding the scope of its operations on a global basis, including new business domains, within the scope permissible under laws, regulations, and various other conditions. Should the expanded business not develop as envisioned within the expanded scope of operations, or if risks exceeding the scope of reasonable assumptions emerge within that process, it could impact the Group’s business results and financial position.

〔Main efforts to address risk〕: When entering new business domains and developing new services, the Group identifies potential risks based on a preliminary risk assessment and considers appropriate countermeasures prior to proceeding. In evaluating risks, the Group conducts multifaceted analysis of information and data while also working to enhance evaluation methods by leveraging experience and knowledge gained through existing businesses. Additionally, the Group continuously monitors the progress of its expanded business domains and the latest risk conditions and has a system in place in which relevant departments coordinate as necessary to implement prompt countermeasures.

Intensifying competition

Competition in the leasing and other businesses of the Group conducted in and outside Japan could intensify not only from companies in the same business but also from financial institutions and others, or the competitive landscape could change due to a shift in business models of other industries, technical innovation, or other factors. If competition intensifies further, it could impact the Group’s business results and financial position due to a decline in market share or reduced profits.

〔Main efforts to address risk〕: The Group is advancing various initiatives to maintain and strengthen its competitiveness, including the provision of higher value-added services to customers, enhanced value creation as an asset holder, low-cost funding, and the accelerated promotion of its digital strategy. Through these initiatives, the Group aims to mitigate risks associated with intensifying competition and achieve sustainable growth.

Climate change risk

Regulatory changes, technological innovation, shift in business models in line with the transition to a decarbonized society or extreme weather, etc. stemming from global warming may affect our business results and financial position in the form of business failure of business partners due to earnings deterioration and other factors, decline in value of assets owned by the Group, and others. Moreover, if the Group’s response to climate change risk or its information disclosure are, or are assumed to be inadequate, the Group’s corporate value may be adversely affected.

〔Main efforts to address risk〕: The Group recognizes promoting a decarbonized society as a priority task in achieving sustainable growth that forms a part of its materiality (priority key challenge). Accordingly, the Group has expressed its support for the recommendations of the Task Force on Climate-related Financial Disclosures (TCFD) and is actively working to identify and assess climate-related risks and enhance related information disclosure in line with the TCFD recommendations. Additionally, the Group recognizes climate change as a significant risk in the Group-wide risk management and is taking relevant initiatives in understanding and managing climate change risks.

Human rights violation risk

With corporate responsibility extending throughout the supply chain and the emphasis on sustainability initiatives, the prevailing view is that companies should recognize stakeholders as broadly encompassing ordinary individuals and local residents. Under these circumstances, if the Group were to neglect these stakeholders, and human rights violations were to occur within the Group or be committed by customers of the Group, it could be perceived as the Group itself causing, encouraging, or directly participating in those human rights violations. In turn, this could lead to damage to the Group’s corporate value.

〔Main efforts to address risk〕: The Group established the Human Rights Policy in September 2022, declaring that we "recognize that conducting business with the utmost respect of human rights is a major challenge, and we will fulfill our responsibilities in this matter across all our business activities." As part of the internal project to address human rights violation risk launched in October 2022, the Group began implementing human rights due diligence in November 2023 and established an external human rights reporting hotline in January 2025 to receive inquiries related to human rights. The Group will continue promoting initiatives to eliminate human rights violations.

Risk and capital management

The Group measures and quantifies the various risks it faces on a uniform scale using statistical methods based on the framework of integrated risk management. We then manage risk and capital for securing sound business management by comparing our equity capital, which represents our management strength, with quantified risks.
Specifically, the Group sets planned risk amounts (allocated risk capital) for each risk category for credit risk, asset risk, investment risk, market risk, and operational risk as the limits of its risk tolerance, confirms whether the limits are commensurate with our management strength, and takes risk within the limits during each term. We regularly monitor and report to top management on the status of risks and the portfolio.

Stress tests

We conduct stress tests on a regular basis to understand the impact of risks that cannot be comprehended by statistical methods. Specifically, we analyze and verify the potential impact on the Group’s periodic profit and loss and equity capital under stress conditions based on multiple scenarios, such as deterioration of the global economy, market fluctuations and credit conditions in each business field, and the risk of credit concentration in large customers.
Through this multifaceted verification, we check whether our management and business plans are reasonable in their risk appetite and whether our risk endurance is sufficient.

Three-lines model (3 lines of defense)

The Group has adopted a three-lines model framework that divides the entire Group into 3 lines of defense and manages the organization on a risk basis. We classify our Group’s risk management functions as follows, with each function taking on its respective role to improve the effectiveness of our risk management framework.

Classification	Role
1st line （Sales and business divisions, group companies）	As owners of risks arising from business activities, independently implement risk management
2nd line （each department in charge of risk）	Support the independent risk management by the 1st line from a professional standpoint through the development of risk management policies and frameworks, as well as monitoring and checks on the 1st line.
3rd line （Internal Audit Department）	From a position independent of the 1st and 2nd lines, evaluate the effectiveness of risk man-agement operated by the 1st and 2nd lines and provide advice on challenges and problems.

Risk management-related awareness and education

We conduct e-learning and other training in the necessary areas of risk management for all employees. For Directors including Outside Directors, we regularly explain our risk management framework in detail at Board of Directors meetings and Audit and Supervisory Committee meetings to share the status of risk management.
We have established the Risk Management Rules to clarify the basic policy and management processes for risks and disseminated it to all employees. Furthermore, emphasizing risk communication with sales and business divisions, we periodically hold the Risk Management and Examination Consultation Meeting to share the potential areas of risks, the current status of risks, and the status of risk management. We have also created and shared the Risk Management Dashboard, which visualizes risk-related management information.
Through these initiatives, we share internally what kind of risks we should take for our business growth to establish risk ownership of sales and business divisions.

Crisis management

The Group has established Crisis Management Regulations, Disaster Response Regulations, and a response manual, and has built a framework to minimize the impact of natural disasters, man-made disasters, accidents, and other events on management. Furthermore, in the event of a crisis, the Group determines the crisis category based on the status of the event in question and establishes a Crisis Management Headquarters if it determines the situation to be a "crisis situation." Under the leadership of management and in close cooperation with related departments, the Crisis Management Headquarters collects and shares information, and examines and issues instructions on response policies.

BCP

To prepare for serious disasters such as a Nankai Trough earthquake that is said to be imminent, we have categorized the state following the occurrence of disasters into three phases in chronological order and developed a practical business continuity plan (BCP). We conduct periodic drills so that the plan effectively functions in times of disaster.