HOME Sustainability Governance Risk Management

Risk Management

1. Policy and Basic Concept

Our basic policy is to grasp the various risks across our group, assess the risk characteristics such as the frequency of their occurrence and their expected impact, and then manage those risks in an integrated manner. In doing so, we identify particularly serious risks which may have a significant impact on our financial condition and social credibility. We then manage those risks and take consolidated measures against them.

2. Risk Management Structure

  • The Risk Management Committee, an advisory body to the Board of Directors, manages risks over our entire group and sets the policies for measures against them in our company. It submits its determinations to the Board of Directors. The Board of Directors then votes on the final policy. Moreover, the Board of Directors has established the Risk Management Rules and appointed a Chief Risk Officer (CRO) in line with that. The Risk Management Division supervised by the CRO is the division in charge of those rules. The division conducts specific risk management across our entire group.
  • We have defined six risk categories: human resource risks, strategy risks, information risks, sustainability risks, governance risks and compliance risks. Within those categories, we have further identified specific risk items within those categories. We have defined the four categories we assume have the largest uncertain impact among those categories as "top risks": human resource risks, strategy risks, information risks and sustainability risks. We have appointed officers in charge of those risks as the "Risk Owners." In addition, the Risk Management Committee re-assesses and selects each risk item and then extracts the top risks every year.
  • Business divisions on the frontline also consider risks when drafting various measures in each of their activities. They take responsibility for risk management over their areas of responsibility. Moreover, corporate divisions with responsibility for those areas take measures together with the business divisions from a company-wide perspective. At the same time, those divisions grasp the causes of risks and their trends and then introduce measures against them together with the Risk Management Division which supervises risks over our entire group.
  • We conduct reviews periodically on the effectiveness of the risk management structure. We then report the findings to the Board of Directors.
  • The Sustainability Promotion Committee meets at least once a year to grasp risks, consider policies for measures against them, draft those policies and examine the penetration of the management organization in relation to human rights, climate change, occupational safety and other sustainability-related risks to promote sustainability. The committee reports its findings to the Board of Directors. In addition, the Chief Sustainability Officer (CSO) makes a report to the CRO. At the same time, the Sustainability Promotion Division supervised by the CSO works with the Risk Management Division supervised by the CRO to concretely grasp risks and respond to them.
  • We have established a reporting organization across our subsidiaries from the perspective of risk management over our entire group. Together with this, we periodically check the risks related to business uncovered by our subsidiaries and the status of measures taken against them.

Overview of Our Risk Management Structure

Overview of Our Risk Management Structure

FY2023 Risk Management Committee (2nd Meeting)

Chair: Corporate Officer SVP in Charge of Risk Management, CIO, CTO, CSO, CRO
Members: President, CEO
Executive Vice President, Human Resource & Development and Legal & Compliance;
Corporate Officer SVP, Corporate Planning;
Corporate Officer in Charge of Financial Supervision & General Affairs, CFO
Main agenda items
    • Re-evaluation of risks and update of the risk map
    • Direction of response to information risk and human rights risk

FY2023 Risk Management Committee (1st Meeting)

Chair: Corporate Officer SVP in Charge of Risk Management, CIO, CTO, CSO, CRO
Members: President, CEO
Executive Vice President, Human Resource & Development and Legal & Compliance;
Corporate Officer SVP, Corporate Planning;
Corporate Officer in Charge of Financial Supervision & General Affairs, CFO
Main agenda items
    • Initial risk map and top risks
    • Appointment of risk owners for top risks
    • Risks, opportunities, and material issues

Our Risk Map

Our Risk Map

List of Our Risks

Category Risks Risk Details
Human resource risks 1. Securing human resources Downsizing and stagnation of business due to difficulty in securing the necessary human resources for business growth (aging etc.)
2. Human resource development Insufficient human resource development and a decline in engagement (lack of investment in human capital and systemization of education, etc.)
3. Labor (troubles) Labor troubles, insufficient agreement on working conditions and disputes relating to the payment of wages, etc.
4. Labor (occupational accidents) Occupational accidents and insufficient development of occupational health and safety, etc.
Strategy risks 1. Business strategies Delays in changing business models or strengthening competitive advantage, and insufficient supervision of targets and progress, etc.
2. Investment and partnerships Losses due to the impossibility of recovering expected earnings (capital costs) and lack of alliances with partners, etc.
3. Overseas business Country risks in the countries and regions where we have advanced (political, economic and legal), development delays, and recovery of investment
4. New business models Decrease in sales due to the emergence of new business models by competitors and those entering from other industries, etc.
5. Intensified competition and subordination Lower prices, deteriorating earnings, and loss of competitiveness and decline in sales due to concentration and diversification of specific customers and markets, etc.
Information risks 1. Information leakage and falsification Loss, damage, external leakage and falsification of information assets that relate to business, etc.
2. Personal information protection Initiatives to protect personal information, non-personal information and privacy-related information
3. Cyberattacks Interruption or suspension of systems and operations due to attacks, and the loss, damage or external leakage of information assets
4. System and business suspension Suspension of systems and operations due to system malfunctions and equipment aging, etc.
5. Technology trends Delays in the research and development of next-generation technologies, and delays in the introduction of new services
Sustainability risks 1. Climate change Impact on business operation and supply chains at contact centers in Japan and overseas (heavy rain, floods and working hours), and the costs
2. Human rights Human rights violations (in all business processes, recruitment, working conditions and working environment)
Governance risks 1. Business management Earnings, shareholders and stakeholders, and disclosure and investor relation management, etc.
2. Finance Trust (associated companies), fundraising (interest rates), liquidity, asset impairment and financial reporting, etc.
3. Quality incidents Inadequate business and management organization
4. Reputation Loss in confidence from the market relating to internal controls, risk management, business continuity and sustainability, etc.
5. Natural disasters Impact on the business functions of headquarters and contact centers (interruptions)
6. Contractor management Third-party management at recruitment agencies, etc. (human resource supply capacity, trustworthiness and compliance)
Compliance risks 1. Law/ordinance and system changes Tightening of laws/ordinances and systems and the increase in costs to deal with them (human rights and the environment, etc.)
2. Conduct risks Acts that contradict the behavior and results expected by stakeholders in addition to violations of laws/ordinances and lawsuits*
3. Harassment All forms of harassment including workplace bullying, sexual harassment and customer harassment
4. Legal (information utilization) Tightening of laws and regulations relating to the utilization of information specific to our company such as dialogue data and business information linked to that, etc.

* Examples of standards: corporate philosophy, code of conduct, social norms, commercial practices, market practices, ethics, ESG and SDGs

Our Top Risks and Risk Owners

Top Risks Risk Owners Operations Supervised
Human resource risks Takehiko Go,
Director and Corporate Officer SVP
Personnel and Business Process Innovation
Strategy risks Toyohisa Tsuji,
Director and Corporate Officer SVP
Corporate planning, business strategies, solutions promotion and public relations
Information risks Shinsuke Kageyama,
Corporate Officer SVP
Information system (CIO and CTO), sustainability (CSO), legal affairs and compliance (CCO, CISO and CPO) and risk management (CRO)
Sustainability risks

Organization Responsible for Risks and the Risks for Which They Are Responsible

Organization Responsible for Risks Risks for Which the Organization Is Responsible (Total: 26)
Human Resource & Development Division Securing human resource risks, human resource development risks, labor (trouble) risks and labor (occupational accident) risks
Corporate Planning Division Business strategy risks, investment and partnership risks, new business model risks, intensified competition and subordination risks, and natural disaster risks
CIO Information leakage and falsification risks, personal information leakage risks, cyberattack risks, system and business suspension risks, and technology trend risks
Sustainability Promotion Division Human rights risks and climate change risks
Business Development Unit Overseas business risks
Business Management Division Business management risks, quality incident risks and contractor management risks (third party risks)
Finance Division Finance risks
PR & IR Division Reputation risks
Legal & Compliance Division Law/ordinance and system change risks, conduct risks, harassment risks, and legal (information utilization) risks

3. Information Risk Management

Security Risk Management

Policy and Basic Concept

  • We aim to reduce and avoid information and data security risks by taking a structured approach to ensure a high level of information security. The Information Security Policy is communicated to all of our executives and employees and serves as the overarching policy that guides our information management initiatives. We have also established the Basic Information Management Rules, which includes a code of conduct specific to information and data security to which our executives and employees must comply with. More specifically, rules and standards are strictly set regarding information management risk management, personal information protection and management, document management and IT security to prevent information leakage and breaches.

Organization and Systems

Organization and Systems

Personal Information Protection

Cyber Security

  • We have established the BELL-CSIRT division as the Computer Security Incident Response Team (CSIRT). This is a specialist organization under the Chief Information Officer (CIO). We established it to be able to respond promptly in the event a cyber-attack results in an incident.
    • We have introduced 24-hour monitoring with the Security Operation Center (SOC) and a Computer Security Incident Response Team (CSIRT) organization
    • We provide training to all our employees twice a year to be able to respond to targeted e-mail attacks
    • We are strengthening communication to improve the literacy of our employees and ferment awareness among them about cybersecurity (Security News, etc.)
    • We have opened the Cyber Security Portal on Intranet to showcase the latest trends and examples about cybersecurity

4. Business Continuity Plan (BCP)

Policy and Basic Concept

  • We have established the Crisis Management Plan (Business Continuity Plan Guidelines) for our entire group. This plan defines our basic policy to prevent the interruption of key business or to recover in the shortest possible time if it is interrupted for any occurrence that may interrupt our business including natural disasters (such as major earthquakes), pandemics, terrorist attacks, major accidents, cyberattacks and security incidents.
  • Our basic policy for business continuity activities is as follows.
    1. Ensure the safety in life and health of our employees and their families as our top priority
    2. Secure the trust of stakeholders within and outside our company by continuing business and recovering business at an early stage
    3. Contribute to maintaining the vitality of the local economy by striving to survive as a company and to keep employing workers
    4. Proactively provide support for the recovery and reconstruction of the community and our customers
  • We have formulated a plan for in the event of a major disaster divided into the following four phases from the activation of our business continuity plan to full-scale resumption of business. This plan defines who will take command and what we will deal with in each phase.
    1. Alert system
    2. Emergency response: Activation of the BCP
    3. Emergency response: Recovery of business
    4. Cancelation of the emergency response: Cancelation of the BCP


  • We have introduced a system to confirm the safety of our employees (including temporary employees). We conduct simultaneous drills every year and share the response status company-wide. That raises awareness and promotes use of the system.
  • We deploy stockpiled supplies and emergency supplies according to the distribution standards depending on the capacity of each of our contact centers so that our employees can spend their time with peace of mind until they can return home or until relief supplies arrive in the event of a disaster.
    • Facilities where supplies are deployed: All facilities of BELLSYSTEM24 Holdings and BELLSYSTEM24 (centers, branches, headquarters, small offices and recruitment facilities, etc.)
    • Stockpiled supplies:
      1. Preserved water
      2. Preserved food
      3. Thermal sheets
      4. Flashlights with radio
      5. Tool sets
      6. Helmets
      7. First aid kits
      8. Disaster emergency power generators
      9. Emergency blankets
      10. Emergency toilets