The Group’s View of Risk Management
The Group defines risk as “uncertainties that have both potential positive and negative sides that could have an impact on the achievement of targets by a company’s management.” The Company has positioned risk management as the “activity that increases corporate value by managing risks by reasonable and optimal methods from a company-wide perspective” to achieve sustainable corporate growth by addressing the positive side and the negative side of risk properly.
Enterprise Risk Management (ERM) Centered on the Risk Management Committee
J. Front Retailing has a Risk Management Committee, which is chaired by the President and Representative Executive Officer and comprises Executive Officers and others. The committee has a secretariat headed by an officer in charge of risk management. The secretariat shares important matters decided by the committee with operating companies to promote enterprise risk management (ERM). We position risk as the starting point of strategy and link risk with strategy so that risk management will enhance corporate value.
Risk Management Process
The Group promotes risk management through the following processes. Specifically, we are striving to ensure that risks of high importance to the Group are not overlooked, under the external and internal environmental analyses, and based on the recognition of the management team including Directors and the persons responsible for practical operation.
Over the medium-term, we have positioned “corporate risks” as having extremely high importance for the Group’s management, and have used these as starting points for the Group Medium-term Business Plan.
Furthermore, the risks for the fiscal year identified from “corporate risks” are summarized in the “JFR Group Risk List,” evaluated using a “risk map,” then ranked by priority before implementing countermeasures. For “corporate risks” and the “JFR Group Risk List,” changes in the environment surrounding risks and the progress of measures are monitored semiannually, and the Risk Management Committee discusses the matters and then reports their contents to the Board of Directors.
Latest Environmental Changes and Risk Awareness
COVID-19 has an unprecedented impact on the Group’s management. With a high probability of the disease’s spreading intermittently in the future, the situation remains unpredictable. However, the Company believes that the impact of the spread of COVID-19 will diminish gradually due largely to experience in infection control to date, the progress of vaccination, and the widespread of use of pills.
In the meantime, Russia’s invasion of Ukraine has escalated the prices of fuels and crops, which has been also spreading to other products, causing higher costs of living worldwide. And a difference in financial policy between Japan and Western countries is sharply weakening the yen. This yen depreciation is adding fuel to high costs of living and further stagnates consumption, which has affected the operating results of the Group profoundly.
The impact of COVID-19 is further accelerating changes in consumer values, consumer behavior, what is required of the retail business, etc. The establishment of remote working and people’s lifestyles, and even the way that cities function are all changing dramatically, and the Department Store Business and the SC Business, which are the core businesses of the Group, cannot avoid evolution to a new business model.
As one of the relevant measures, the Group is promoting the “Real×Digital Strategy.” While making investment with priority in areas such as luxury items, art, and watches in “real,” the Group will develop diverse channels fusing with physical channels by expanding businesses that utilize online spaces in “digital” to provide truly valuable products in a timely and appropriate manner.
In addition, we once again recognized during the COVID-19 pandemic that initiatives are not supported unless they are sustainable. Consumers’ awareness of a “sustainable community and society” is increasing due to the COVID-19 pandemic, and many companies are also trying to redefine their existence in conformity with such awareness. Fortunately, the Group has the corporate credos leading to sustainable management “Service before profit” and “Abjure all evil and practice all good,” which have been kept for 300 years and 400 years, respectively, and will continue to move ahead steadily towards sustainable growth going forward.
Recently, the Group focuses on response to natural disasters, of which risk awareness is growing, for example, by strengthening a business continuity plan (BCP) on the assumption of disasters. Also with regard to epidemic prevention, based on an analysis of our response to COVID-19, the Company has updated its “New Infectious Disease Response Manual,” which sets out the emergency response for ensuring the safety of human life and minimizing the impact on business in the event that a new infectious disease occurs in the future, as well as matters relating to the preparation of systems during normal times.
Furthermore, we will monitor infection trends and if signs of spreading appear, we will analyze the impact according to multiple scenarios and respond dynamically.
To prepare against natural disasters that threaten business continuity, we will strengthen our systems from a perspective of continuing key operations (funding and payment operations) and securing important infrastructure (systems, etc.). Moreover, we have been continuously implementing BCP training for rapidly recovering from a disaster and restarting operations.
Information Security Measures
In March 2022, the Company established the Group System Unit, to upgrade and improve the Group’s overall system infrastructure and realize the safe operation of information systems and highly robust security. Recent incidents are becoming more diverse and complex year by year, and we believe that further initiatives are needed in both hard and soft measures.
In terms of hard aspects, we are phasing in security products and monitoring services that can detect suspicious behavior on a terminal and respond rapidly when an incident occurs. We also use multi-factor authentication for logging on to the system, enabling us to restrict devices that can connect and prevent unauthorized access due to password leaks and so forth.
In terms of the soft aspects, considering recent changes in IT usage environment, we will revamp the Group security guidelines. Moreover, we are working to increase the level of literacy among all employees by using e-learning and conducting targeted attack email training based on information about the latest incidents.
In addition, in order to strengthen the security management system, we established CSIRT* in the Company and joined the Nippon CSIRT Association. The Company works with people responsible for information security management of the Group companies to develop manuals in preparation for incidents while continuously providing incident response training. By doing so, we go on strengthening the security management system of the entire Group.
And as employee education is an important element to ensure information security, we continue activities to raise the level of information security, including e-learning-based education and targeted attack email training for all employees
* CSIRT: Computer Security Incident Response Team