Risk Management System (Information Security/Business Risks)

Risk Management Committee

To recognize and evaluate risks related to the execution of business comprehensively and conduct appropriate risk management, the Company has established risk management regulations, and to ensure the effectiveness of these, we have established the Risk Management Committee, which is chaired by the Chief Risk Management Officer. The Risk Management Committee determines risk management policies, evaluates risks, and examines matters such as risk prevention measures while strengthening the overall risk management system through the verify of individual matters. The range of risks to be assessed includes misconduct, fraud, and crime by officers and employees, and corruption, such as entertainment and gift-giving to public officials, etc. The Chief Risk Management Officer reports to the Board of Directors on risk management and other matters as necessary.

Information Security Management Committee and Personal Information Management Committee and the Information Security System

As well as establishing a Security Policy to maintain information security and a Privacy Policy to protect personal information, the Company has set up an Information Security Management Committee and a Personal Information Management Committee, both chaired by the Chief Information Management Officer, to ensure appropriate and effective management in each area. We have also appointed Information Security Management Officers at each of our Group companies and are implementing thorough training in information management for all Group employees and contractors. In response to recent increase in cyberattacks on internal information systems, including unauthorized access through the Internet and " targeted attacks " through the introduction of malware, we have established a Computer Security Incident Report Response Team (CSIRT) as part of our system for strengthening security measures for the websites providing internal systems and services and for preventing the spread of damage from such attacks.