Risk Management Initiatives

The purpose of Seven Bank’s risk management is to ensure healthy and effi cient management as aiming at an improvement in corporate value by appropriately managing various kinds of risks related to management.

Every fiscal year, the Board of Directors establishes the “Basic Policy on Risk Control,” which specifies the overall risk management policy, specific risk management policies and the organization and system for risk management. In accordance with this policy, the Executive Committee establishes detailed rules and regulations related to risk management and confirms the companywide risk status every quarter. The Bank’s risk management structure includes the Risk Management Division, which is responsible for supervising overall risk management activities, specific risk management divisions and the Internal Audit Division to perform internal audits. We have also established the Risk Management Committee and the Security Committee, chaired by the officer in charge of the Risk Management Division, and the Asset-Liability Management (ALM) Committee, chaired by the officer in charge of the Planning Division, as advisory bodies to the Executive Committee concerning risk management. The Group companies also establish risk management system aligned with the Company’s policy and confirm their risk status, including their specific risks.
In FY2023, in light of the expansion of our business, we strengthened the Seven Bank Group’s risk management system by including those companies that have newly joined the Group in the existing framework.

The Bank observes its basic policies relating to overall risk management, which are governed by the Basic Policy on Risk Control and Overall Risk Management Rules, established under the policy. We gain an overall grasp of our risks including climate change by assessing each of the Bank’s risk categories and manage them by comparing them with our equity. Additionally, we are striving for enhanced risk management through priority items for risk management set by the Board of Directors.

Currently, our risk management activities relating to credit risk are limited to the ATM settlement business, the ALM of interbank deposits placed with top-rated partner fi nancial institutions, bonds, the lending of funds in the call-money market, temporary ATM payment amounts due and small personal loans, to minimize credit risk. In addition, the Bank performs self-assessment of asset quality as appropriate and establishes an allowance for credit losses in accordance with its self-assessment and reserve rules.

It is stipulated that the limits on the maximum level of funds at risk, the market position limits and the loss allowance limits, shall be set. The Risk Management Division measures and monitors market risk in light of these limits and reports the results to management, including the Executive Committee. At the ALM Committee meeting held every quarter, the Bank’s market risk position, expected trends in interest rates and other matters are reported and the policy for the ALM operation is determined.

It is stipulated that the limits regarding the cash gaps arising from differences between the period of the management of invested funds and the timing of the liquidation shall be set. The Risk Management Division measures and monitors liquidity risk in light of these limits and reports the results to management, including the Executive Committee. To prepare for emergency events requiring immediate funding, the Bank has devised preemptive comprehensive countermeasures to be able to take quick and flexible Companywide action by risk scenario, and therefore does not expect to experience a major liquidity problem.

Recognizing that operational risks may come to the surface in all business divisions, the Bank has established the structure to identify, evaluate, monitor, control, and reduce risks. Risk categories are as follows.

Understanding appropriate management of customers’ information including personal information and confidential information is an essential factor to ensure customers’ trust in the Seven Bank, we establish an information management structure to prevent information leakage, fraudulent access, and falsification by implementing security management measures in accordance with laws and regulations, and various guidelines.

7BK-CSIRT (Computer Security Incident response Team), a dedicated team for cyber security management of the Seven Bank Group, is in charge of the Bank-wide management of cyber security risks and is composed of members from multiple divisions. The team responds to a wide range of attacks on the Bank’s services and systems, including cyber attacks, skimming, fake cards, fraudulent access, and information leakage.
7BK-CSIRT conducts training and drills to be able to immediately respond in case of cyber incidents, by taking actions such as information coordination and external response. The initiatives of the team include cooperation with industry organizations and promotion of activities in the security community.
7BK-CSIRT also engages in Security by Design in which security methodology is incorporated as an essential factor at the planning stage of new services, considering increasingly sophisticated cyber attacks and proactive promotion of new technologies. This enables the Seven Bank to provide safe and secure services. Not only 7BK-CSIRT members but also our employees in charge of planning and designing services who are involved Security by Design deepen their knowledge through seminars about preventative measures against fraudulent use of services and other learning opportunities.
Believing the balanced combination of human resources, mechanism, and technology is necessary to maintain security, the Bank is working on each of them.

To fulfill our social responsibility as a bank, Seven Bank has defined the following three operations as top priorities for continuity in the event of a disaster, large-scale accident, or other crisis: the ATM business; the fund settlement business serving banks and ATM partners; and withdrawals from the Bank’s accounts and money transfer operations. Each division has also created a Business Continuity Plan (BCP) to enable continuity of these essential operations in the event of an accident, disaster, or other crisis. To further ensure the business continuity, each division regularly conducts the business continuity training, envisioning damage to data centers and other facilities.