Risk Management

Environment surrounding corporations is changing by the minute, and the related risks are becoming more complicated and diverse. Early detection and promptly taking measures are keys to effectively addressing risks. At SoftBank, we work to mitigate and prevent risks by identifying risks company-wide, building organizational structures to implement preventive measures and executing periodical risk management cycles.

Risk management structure

In order to identify and prevent materialization of risks, we adopt a management system to carry out internal analysis from various angles. Along with each department conducting reviews including risk reviews upon devising various measures and policies, the Risk Management Division conducts periodic identification of company-wide / comprehensive risks and checks on the status of measures taken and reports to the Risk Management Committee (which includes the President, COO, CFO, etc. as members and in which the Corporate Auditors and heads of the relevant departments also participate) that meets twice a year. The Risk Management Committee determines the level of importance and the risk manager (risk owner) for each risk, gives instructions to take measures, etc. and reports the status to the Board of Directors. The Internal Audit Division conducts an independent review of these risk management system / status.

In addition, we establish a reporting system for affiliates, and conduct periodic checks of business-related risks identified by each affiliate and countermeasure status from the standpoint of risk management for the group overall.

  • Risk management structure

Risk management methods

We manage risks as a whole by executing a PDCA cycle that consists of (1) comprehensively identifying potential risks by carrying out annual risk assessment and determining prioritized risks and management policies at the Risk Management Committee, (2) implementing measures based on the management policies, (3) the Risk Management Division monitoring the status of the measures and (4) making improvements on the measures.

  • Risk management methods

Yearly schedule

In order to manage and mitigate risks, we take the following steps over the course of the year to manage the PDCA cycle.

  • Yearly schedule

Addressing substantial risks

SoftBank selects substantial risks by taking a holistic view of risks through risk assessments of each division, interviews of risk owners, etc. and more and engage in risk management.

We work on a daily basis to identify, mitigate, and prevent risks by timely and holistically recognizing and addressing risks that can significantly obstruct business activities as a result of the rapidly changing external environment, etc.

[Note]
  1. *
    The Risk Management Committee supervises substantial risks with a Director having experience in the information security field (CEO Miyakawa) playing a central role.

1. Risk related to management strategy

Risk items Typical risk examples Risk reduction measures
a. Changes to economic conditions, regulatory or market environments, and competition with other companies
  • International/domestic political conditions
  • Competitors' situations
  • Customer expectations
  • Amendments to laws
  • Economic fluctuations
  • Demographic changes
  • Product/service defects
  • Risk of MVNO share expansion, increased competition in the telecommunications industry due to new entrants, etc., rapid spread of services from startups competing with the SoftBank group's services
  • Risk of providing products or services with major defects that cause damage to customers
  • Adopt services, products, and sales methods that suit consumer orientation
  • Thorough quality control during manufacturing and development stages
b. Adapting to technology and business models
  • Technological innovation
 Risk of the SoftBank group being unable to respond appropriately or in a timely manner to changes in the market such as the emergence of new technologies or business models Research the newest technology and market trends, conduct verification testing to introduce technically superior services, consider alliances with other companies, etc.
c. Leakage or mishandling of information (including privacy information) and inappropriate use of products and services provided by the SoftBank group
  • Cyber attacks, leaked/missing/lost information
  • Inappropriate use of information assets
  • Inappropriate use of products/services
  • Risk of information leakage, loss, etc. due to intentional or negligent actions of the SoftBank group or unauthorized access such as cyber attacks by a third party
  • Risk of losing society's confidence and trust in SoftBank due to mistaken use of our information assets resulting in violation of laws and/or social criticism
  • Risk of lowered confidence and trust due to misuse (crimes, etc. such as fraud) of apps or payment services provided by the SoftBank group
  • Limit work areas related to confidential information and establish access control rules; monitor and prevent unauthorized access due to cyber attacks from outside the company; separate and isolate access and networks according to information security levels
  • Establish guidelines and conduct training
  • Periodic monitoring of unauthorized use
d. Stable provision of network services
  • Telecommunication network failures
  • Risk of being unable to maintain telecommunications service quality due to increased network traffic or an inability to secure necessary frequency bands
  • Risk of a natural disaster, pandemic, etc. preventing normal operation of telecommunication networks or information systems
  • Bolster the telecommunication network based on predictions of future traffic
  • Introduce network redundancy and countermeasures for power outages at network centers and base stations
e. Corporate acquisition, business alliances, establishment of joint ventures, etc.
  • Investment and loans
 Risk of investee companies being unable to perform as expected; risk of business partnerships and joint ventures not producing expected results Conduct sufficient due diligence when considering each investment to make investment decisions in accordance with the prescribed approval process
f. Dependence on other companies' management resources
(a) Outsourcing
  • Inappropriate management of information by outsourced companies
  • Risk of outsourced companies being unable to perform work as expected
  • Risk of infringing on customers' human rights as a result of an outsourced company fraudulently acquiring SoftBank group and customer information or using it for other purposes
 Conduct periodic audits of outsourced companies' work
(b) Use of other companies' facilities
  • Other companies' management resources
 Risk of becoming unable to continue using communication line facilities owned by other operators Use multiple operators' communication line facilities
(c) Procurement of various equipment
  • Supply disruptions
  • Delivery delays
 Risk of supply disruptions, delivery delays, etc. in the procurement of telecommunication equipment, etc. Build networks by procuring equipment from multiple suppliers
g. Use of the SoftBank brand
  • Brand use
 Risk that our actions negatively impact the trust or interests of SoftBank Group Corp. and we become unable to use the SoftBank brand Bolster the system for checking prior to using the brand, release materials related to brand use, and conduct training
h. Service interruption or degradation due to related system failure
  • System failures
 Risk of becoming unable to continuously provide service for customer-facing systems, the PayPay smartphone payment system, etc. due to human error, equipment/system problems, cyber attack by a third party, hacking, or other unauthorized access Add redundancy to the network and clarify recovery procedures in case of failure or other accidents
i. Training and securing human resources
  • Human resources (hiring, job changes, training)
  • Labor management (overwork, etc.)
  • Human rights
  • Diversity
  • Risk of being unable to secure engineers or other human resources necessary for business operation as planned
  • Risk of reducing society's trust and confidence in SoftBank due to being unable to meet social demands for consideration for basic human rights
  • Risk of reducing society's trust and confidence in SoftBank due to being unable to meet social demands for for respecting diversity and demonstrating their full potential
  • Adopt a remuneration system that considers the expertise of human resources with high market value
  • Establish a human rights policy and human rights due diligence process; conduct risk assessments
  • Ensure company-wide awareness of efforts related to diversity; conduct training

2. Risk related to laws, regulations,
and compliance

Risk items Typical risk examples Risk reduction measures
a. Laws, regulations, systems, etc.
  • Regulations based on laws
  • Affiliated companies
  • Risk of violating laws/regulations; risk of new or revised laws/regulations that have adverse effects on operations
  • Risk of damaging society's trust in the company in the event that misconduct, etc. by an affiliated company cannot be prevented
  • Monitor revisions of laws/regulations; consult with lawyers and other external experts as necessary
  • Bolster reporting systems and communication with each affiliated company; understand affiliated companies' risks through risk assessments, etc.
b. Lawsuits, etc.
  • Contract disputes
  • Lawsuits
 Risk of negatively impacting the SoftBank group's corporate image due to infringing upon the rights of a third party Confirm laws, regulations, systems, and agreement terms on contracts, etc.

3. Risk related to finance and accounting

Risk items Typical risk examples Risk reduction measures
a. Fund procurement and leasing
  • Liquidity
  • Credit control
  • Exchange/interest rates
  • Financial markets
 Risk of increased fund procurement cost due to rising interest rates, etc. Build a financial base to hold sufficient funds by diversifying means of fund procurement
b. Changes to accounting and tax systems
  • Covenants
  • Tax/accounting
 Risk of impact to the SoftBank group's business development, financial condition, and performance due to additional tax burden caused by changes to accounting/tax systems, etc. Consult with external experts such as tax advisors as necessary
c. Impairment loss
  • Impairment loss
 Risk of impact to the SoftBank group's business development, financial condition, and performance due to impairment loss Build a system for periodic monitoring

4. Other

Risk items Typical risk examples Risk reduction measures
a. Leadership team
  • Leadership team
 Risk of impact to the SoftBank group's business development if unforeseen circumstances affect the leadership team Build an organizational structure that can take over work duties
b. Relationship with the parent company
Parent company control or substantial influence over matters to be resolved at a general meeting of shareholders
  • Independence
  • Objectivity
  • Transparency
 Possibility of the parent company having substantial influence over matters to be resolved at a general meeting of shareholders Exercise the option to establish a Special Committee, nominating committee and compensation committee in order to ensure independence

Emerging risks

In addition, SoftBank also reviews risks on a periodic basis to identify and manage emerging risks that can potentially have a substantial impact on the business*1. We consider these identified emerging risks from short-term and medium- to long-term standpoints*2 and take measures to address them.
The emerging risks for FY 2022 are as follows.

[Notes]
  1. *1
    Risks that do not currently exist or are not recognized, but may appear or change due to changes in the external environment, etc. and can potentially have a substantial impact on the business that requires changes to business strategy or business models.
  2. *2
    In general, we consider “medium- to long-term” to be a timeframe of three to five years or longer.

International affairs
(including economic security, etc.)

Risk definition Risk of restrictions on or difficulty continuing SoftBank business due to worsening political, social, military, or cultural relations or rising tension between countries
Typical risk examples
  • Delays/difficulty in procuring base stations, network equipment, purchased products (mobile devices, etc.), or development materials from domestic/international suppliers
  • Increased cyber attacks in retaliation for sanctions on countries in conflict
  • Difficulty in procuring energy (fossil fuel, gas, etc.) due to political factors; impact of rising procurement costs on revenue
  • Regulations excluding foreign products that pose a threat from core infrastructure (such as base stations)
  • Delays in starting service due to prior inspection of core infrastructure by countries, etc.
  • Tightened legal regulations in each country due to global data governance
Impact on business

SoftBank has offices and affiliated companies in Europe, America, Asia, and around the world, provides products and services to domestic and international customers, and procures telecommunications equipment, products for our customers, and development materials from a wide range of domestic and international suppliers. We work with many international suppliers in the telecommunications business in particular, creating the potential for substantial business impacts from issues such as confrontation between countries on the international stage, regional conflicts, terrorism, and military action. In addition, our telecommunications business uses large amounts of electricity at base stations, network facilities, data centers, etc. to provide our customers with a high-quality communication environment, and 5G requires more power than 4G. Based on these conditions:

In the short term, there is a possibility of global shipping delays for telecommunications-related equipment due to aviation or marine shipping restrictions imposed by countries in conflict or related countries, shortages of semiconductors for mobile devices, etc. due to logistical delays in affected regions, supply chain disruptions due to delays or suspension of suppliers' business activities caused by cyber attacks in retaliation for sanctions on countries in conflict, etc. These may have a large impact on SoftBank's telecommunications business.

In the medium- to long-term, there is a possibility of costs involved in changing suppliers or equipment for base stations or network equipment as a result of conflict increasing crude oil prices and leading in turn to cost increases for shipping, etc. in the supply chain, or changes in the international political landscape leading to changes to national policy or regulations. There is also a possibility that SoftBank's business development, financial condition, and performance will be impacted in the event that changes in the international political landscape lead to regulations or restrictions on suppliers and combine with global increases in crude oil prices, etc. to result in continued increases in power prices, or in the event that obstacles to energy procurement will lead to difficulty in providing a stable supply of services and products.
Countermeasures

We are monitoring and gathering information on international situations, and laws and regulations in countries where it provides services as well as countries where suppliers are based, as well as consult with external experts as necessary to:
In the short term, we are working on distribution and diversification of suppliers to strengthen the supply chain by distributing risk in case of disruptions.
In the medium- to long-term, we work to reduce risk by continuing to work on research and development for practical use of next-generation batteries, working toward adoption of communications infrastructure with low environmental impact being developed by an affiliated company, and further coordinating with government and industry organizations in order to minimize the impact of rising power prices on our revenue on top of monitoring and gathering information on international developments.

Climate change

Risk definition Risk of financial losses from adoption of carbon taxes and renewable energy and increased restoration/maintenance costs due to frequency and severity of natural disasters; risk of damage to society's trust and confidence in SoftBank as a result of insufficiently responding to environmental issues
Typical risk examples
  • Increased power costs due to shift to renewable energy
  • Damage to society's trust and confidence in SoftBank if customers, etc. decide environmental efforts are insufficient
  • Increased tax burden due to adoption of carbon taxes
  • Increased restoration/maintenance costs due to frequency and severity of natural disasters and resulting equipment damage
  • Procurement delays/difficulties for base station equipment, etc. as a result of supply chain disruptions due to natural disasters linked to climate change
  • Revenue impact from difficulty in procuring energy (fossil fuel, gas, etc.) due to climate change and rising procurement costs
Impact on business

SoftBank's telecommunications business uses large amounts of electricity at base stations, network facilities, data centers, etc. to provide our customers with a high-quality communication environment, and 5G requires more power than 4G. As we work toward reducing greenhouse gas emissions:

In the short term, there is a possibility that our business development, financial condition, and performance will be impacted by increased power costs due to the shift to renewable energy. In addition, there is a possibility that business operations will be impacted in the event that the SoftBank group's efforts or disclosures related to climate change are seen as insufficient, or in the event that we are unable to win the understanding of customers, employees, suppliers, investors, communities, nations, government agencies, etc.

In the medium- to long-term, there is a possibility of increased tax burden due to adoption of carbon taxes, etc. as well as a possibility of increased restoration/maintenance costs due to frequency and severity of natural disasters and resulting equipment damage. In the event that energy procurement costs continue to rise as a result of increased demand due to the shift toward renewable energy, there is a possibility that power procurement costs for base stations, data centers, etc. will be affected, impacting our business development, financial condition, and performance.
Countermeasures

We aim to switch the power used for business activities to 100% virtual renewable energy*1 by 2030*2, the year targeted for achievement of SDGs. We are also working toward “Carbon Neutral 2030” to achieve virtually zero greenhouse gas emissions through the use of AI, IoT, and other cutting-edge technologies for energy conservation.

In the short term, we bolster our efforts and promote energy conservation by using renewable energy to reduce CO2 emissions for base station power consumption (which makes up the majority of the electrical power used in our business activities), transitioning to energy-saving equipment, and improving the efficiency of energy use by expanding the use of IoT and AI. We are making progress on greenhouse gas emission reduction by implementing energy conservation in steps, from 30% renewable energy for base station power consumption in FY 2020 to 50% in FY 2021 and 70% in FY 2022. We also offer information about our CO2 reduction efforts to help promote understanding of our efforts.

In the medium- to long-term, we continue to work to promote redundancy in the core network and secure communications during disasters using a moored balloon radio relay system in order to bolster efforts to prevent and mitigate disasters. In addition, as one initiative aimed at achieving carbon neutrality in 2030, we are currently working on the joint development of large-capacity, high specific energy density, and lightweight lithium ion batteries.
[Notes]
  1. *1
    Refers to electricity that is essentially 100% renewable energy that utilizes non-fossil fuel certificates that specify renewable energy.
  2. *2
    Targets Scope 1 (direct emissions of greenhouse gas by SoftBank) and Scope 2 (indirect emissions through use of electricity, heat, and steam provided by other companies) for SoftBank Corp.
Risk management

Addressing emergency

In a major disaster, personnel from each company will gather and analyze information on the damage in their areas of responsibility. Based on the impact of the damage, an Emergency Response Headquarters will be established and take action to rapidly restore the telecommunications network.

Emergency response headquaters structure

  • Emergency response headquaters structure

Structure based on disaster response agreements

To assist swift restoration efforts in the event of a major disaster or emergency, SoftBank has signed “Disaster Response Agreements” with Japan's Ministry of Defense and the Japan Coast Guard for the purpose of securing communications and mutually cooperating in a wide range of areas.

As communications are a necessary means of assisting life-saving activities following a disaster, SoftBank provides satellite mobile phones, SoftBank mobile phones and other communication equipment to the Ministry of Defense and the Japan Coast Guard. Furthermore, the Ministry and Coast Guard provides SoftBank with logistics assistance and the ability to use their facilities and equipment so SoftBank can better secure communications and conduct restoration activities in affected areas.

SoftBank will continue to work closely with the Ministry of Defense, Coast Guard and other related institutions in disaster preparedness and carry out its responsibilities to society as a communications carrier.

Emergency operational plans

SoftBank Corp. is working to ensure the provision of stable telecommunications services and to ensure the safety of customers in emergency situations such as natural disasters, terrorist attacks or pandemics.

Disaster operational plan

Japan's Disaster Countermeasures Basic Act was established for the purpose of protecting national land as well as citizens' lives, livelihoods and property, and to maintain social order and secure public welfare in the event of a disaster. The Act's disaster management system stipulates the roles and responsibilities of the national government, local governments and designated public corporations.

Under the Act, SoftBank is designated public corporations as set out by the national government, and thus formulate Disaster operational plans. The company has established systems for disaster prevention and preparedness, and in the case of disasters, respond in accordance with their Disaster operational plans while working closely with relevant government organizations and public corporations.

Civil protection
operational plan

The Law concerning the Measures for Protection of the People in Armed Attack Situations etc. (“the Civil Protection Law”) was formulated with the aim of protecting the lives, health and assets of citizens in the event of an armed attack and minimizing the impact of an armed attack on citizens' lives and on the nation's economy. The Civil Protection Law allocates roles to the national government, prefectural and municipal governments, cities, towns and villages, defines the roles of designated public institutions and delineates an organizational framework for protecting civilians.

SoftBank, which is designated public institutions, has developed a Civil protection operational plan based on the Civil Protection Law. In the event of the threat or occurrence of a terrorist attack, the company will coordinate with other relevant institutions in accordance with the Civil protection operational plan.

New flu strains countermeasure
operational plan

In its Guidelines on Measures against New Flu Strains, the Japanese government sets out strengthened measures to counter new strains of influenza for the purpose of protecting citizens' lives and health, and to minimize any potential impact on daily life and the economy. The Guidelines stipulate the roles and responsibilities of designated public companies and a management system for emergencies.

Under the Guidelines, SoftBank, which is designated public corporation as set out by the national government, is formulating Operational Plans in line with the government's action plan. Incorporating systems for before an outbreak occurs and after an outbreak occurs outside Japan, infection countermeasures and other items into the Operational Plans, SoftBank will work closely with relevant government organizations and public corporations to respond to an outbreak.