Risk Management

The environment surrounding enterprises is changing constantly, and risks have more complexity and variety. SoftBank corp. strives to reduce risks and prevent the occurrence of risk events by having the risk management structure to identify risks and take measures against them and implementing a PDCA cycle regularly in order to reduce and prevent the occurrence of risks at an early stage.

Risk management structure

SoftBank Corp has the risk management structure that enables us to analyze risks from various perspectives to identify risks and prevent the occurrence of risk events. Each division creates business plans analyzing risks, and the Risk Management Office identifies comprehensive risks from the whole organization and examines the measures against risks and reports to the Risk Management Committee which is organized with CEO, representative directors, CFO, etc and is participated by the auditors and related directors, etc. The Risk Management Committee decides the importance and the person responsible for each risk, orders to take measures against risks, and reports to the board of directors. The Internal Audit Office audits the progress of the whole risk management structure and its status from the independent perspective.

Risk management methods

SoftBank manages risks based on a PDCA cycle implemented by the Risk Management Office: (1) conducting annual risk assessment in order to identify risks, and deciding the importance of risks and policy and plan at the Risk Management Committee, (2) taking measures against risks based on the policy and plan, (3) monitoring the progress of measures against risks by the Risk Management Office, and (4) improvement of measures.

Substantial risks

SoftBank has identified the following substantial risks that accompany business activities and work on a day-to-day basis to reduce and prevent such risks.

[Note]
  1. *
    The Risk Management Committee is led by a director with experience in information security (CEO Miyakawa) and oversees major risks.
Risk item Typical risk example Risk reduction measure
Communication service Risks of providing a network
  • Communication network fault
  • Degradation of service quality by the increase of traffic and the limited usage of frequency
  • Interference of network service delivery occured by natural disaster and pandemic
  • Strengthen the telecommunication network based on the future prediction of traffic
  • Introduction of network redundancy and measures against power outages at network centers and base stations
Information system Service halt and service degradation risks due to related system failure
  • The risk that the service cannot be continuously provided due to human error in the customer system, equipment/system problem, cyber attack by a third party, hacking or other unauthorized access (e.g. PayPay)
  • Network redundancy
  • Clarifying recovery procedure in case of failure
Information security Risks of information leakage such as personal information, trade secrets, and technical information
Risks of inappropriate use of products and services provided by our company
  • Information leakage and information loss
  • Inappropriate management of information assets
  • Inappropriate management of information at outsourced companies
  • Information leakage and information loss due to hacking, cyber attack
  • Intentional information leakage by company's employee
  • Establish entry/exit control rules by limiting the work area for confidential information
  • Monitor and prevent unauthorized access due to cyber attacks from outside the company
  • Isolate the networks according to the security level of information
External environment Risks related to changes in politics, economy, social conditions, regulations, market environment, and competition with other companies
  • Political situation (domestic/ international)
  • Law amendment
  • Economic fluctuations
  • Interest rate and currency exchange fluctuations
  • Demographic change
  • Respect for human rights
  • Diversity
  • Climate change
  • Corporate social responsibility
  • Fierce competition within the telecommunication industry with existing competitors and new entrants into the field
  • Introducing products/ services/ sales methods that meet the target consumer needs
Risks related to changes in technology and business models
  • Technological innovation
  • Situation of competitors
  • Customer expectation
  • Risks that the company can not respond to a rapid change in business climate such as technological innovation and appearance of new business model
  • Researching about latest technology trends and market trends
  • Take trial experiments for introducing a service which is technically competitive
  • Reviewing alliances with other companies
Business judgement Risks related to corporate acquisition, business alliances, establishment of joint ventures
  • Investment and loan
  • The risk that the investee companies will not achieve the expected results
  • Risk that business partnerships and joint ventures do not produce the expected results
  • Making a investment decision with enough due diligence and prescribed approval process
Risks of dependence on other companies' management resources
  • Risk of being unable to continue using communication line facilities owned by other operators
  • Interruption and delivery delay of telecommunication equipment supply
  • Adopting a policy of using communication line facilities of multiple operators
  • Adopting a policy of procuring equipment from multiple suppliers and building a network
Relationship risk with Parent Company
  • Independence
  • Objectivity
  • Transparency
  • Critical impacts to make decisions at a stockholder's meeting influenced by Parent Company
  • Independence is ensured by establishing a nomination committee and compensation committee, which is composed of independent outside directors and CEO and chaired by an independent outside director
Personnel labor management Risks related to training and securing human resources
  • Human resources (recruitment/ job-changing)
  • Personnel management
  • Risk of not being able to secure human resources essential for business operations
  • Making new reward system that can remunerate highly competitive human resources
Legal and compliance Legal and compliance risks
  • Legal regulation
  • Law/regulation violation
  • Legal reform and new regulation which have adverse effects for company's business
  • Paying attention to the trend of regulatory amendments
  • Consult with a external expert (e.g.lawyer)
Finance Financial and accounting risks
  • Liquidity
  • Credit control
  • Covenants
  • Tax/ accounting
  • Increase of the fund procurement cost incurred by rising interest rates
  • Accounting system changes
  • Impairment loss
  • Build a financial base to hold sufficient funds by diversifying funding means
  • Consult with a external expert (e.g.tax advisor)
[Note]
  1. *
    These are just some of the risks that accompany business activities. Please see Risk Factors for further details.

Establishment of emergency
response department

In a major disaster, personnel from each company will gather and analyze information on the damage in their areas of responsibility. Based on the impact of the damage, an Emergency Response Department will be established and take action to rapidly restore the telecommunications network.

Structure based on
disaster response agreements

To assist swift restoration efforts in the event of a major disaster or emergency, SoftBank has signed “Disaster Response Agreements” with Japan's Ministry of Defense and the Japan Coast Guard for the purpose of securing communications and mutually cooperating in a wide range of areas.

As communications are a necessary means of assisting life-saving activities following a disaster, SoftBank provides satellite mobile phones, SoftBank mobile phones and other communication equipment to the Ministry of Defense and the Japan Coast Guard. Furthermore, the Ministry and Coast Guard provides SoftBank with logistics assistance and the ability to use their facilities and equipment so SoftBank can better secure communications and conduct restoration activities in affected areas.

SoftBank will continue to work closely with the Ministry of Defense, Coast Guard and other related institutions in disaster preparedness and carry out its responsibilities to society as a communications carrier.

Emergency operational plans

SoftBank Corp. is working to ensure the provision of stable telecommunications services and to ensure the safety of customers in emergency situations such as natural disasters, terrorist attacks or pandemics.

Disaster operational plan

Japan's Disaster Countermeasures Basic Act was established for the purpose of protecting national land as well as citizens' lives, livelihoods and property, and to maintain social order and secure public welfare in the event of a disaster. The Act's disaster management system stipulates the roles and responsibilities of the national government, local governments and designated public corporations.

Under the Act, SoftBank is designated public corporations as set out by the national government, and thus formulate Disaster operational plans. The company has established systems for disaster prevention and preparedness, and in the case of disasters, respond in accordance with their Disaster operational plans while working closely with relevant government organizations and public corporations.

Civil protection
operational plan

The Law concerning the Measures for Protection of the People in Armed Attack Situations etc. (“the Civil Protection Law”) was formulated with the aim of protecting the lives, health and assets of citizens in the event of an armed attack and minimizing the impact of an armed attack on citizens' lives and on the nation's economy. The Civil Protection Law allocates roles to the national government, prefectural and municipal governments, cities, towns and villages, defines the roles of designated public institutions and delineates an organizational framework for protecting civilians.

SoftBank, which is designated public institutions, has developed a Civil protection operational plan based on the Civil Protection Law. In the event of the threat or occurrence of a terrorist attack, the company will coordinate with other relevant institutions in accordance with the Civil protection operational plan.

New flu strains countermeasure
operational plan

In its Guidelines on Measures against New Flu Strains, the Japanese government sets out strengthened measures to counter new strains of influenza for the purpose of protecting citizens' lives and health, and to minimize any potential impact on daily life and the economy. The Guidelines stipulate the roles and responsibilities of designated public companies and a management system for emergencies.

Under the Guidelines, SoftBank, which is designated public corporation as set out by the national government, is formulating Operational Plans in line with the government's action plan. Incorporating systems for before an outbreak occurs and after an outbreak occurs outside Japan, infection countermeasures and other items into the Operational Plans, SoftBank will work closely with relevant government organizations and public corporations to respond to an outbreak.