Group business risks that may materially affect investor judgments are as follows.
These risks are based on information available to the Group and include key matters that could pose business risks.
The Group cannot cover all risks, however, and new ones could arise owing to various unforeseen factors, including those relating to changes in future economic conditions and in the industry climate.
These contents were excerpted from the Securities Report published on June 30, 2017.
1. Credit risk
Risk of increase in allowance for doubtful accounts
The Company anticipates that allowance for doubtful accounts will increase as the total amount of receivables grows and a certain percentage of receivables falls into arrears. In the case that the Company were to increase its provision of allowance for doubtful accounts in response to such unavoidable factors as economic trends and an increase in personal bankruptcy filings, there is the possibility that this may affect the Company's operating performance.
Claims for the repayment of excess interest are likely to have a minimal impact on the Company's operating performance since the Company complied with the interest rate ceilings stipulated in the Interest Limitation Law.
Member store risk
There is the possibility that member stores may fall into bankruptcy owing to deterioration in financial soundness, and that such stores may cease the provision of services or the delivery of goods to the Company's customers. If this were to happen, there is the possibility that the Company may become the subject of litigation by customers. In such cases, the Company may suffer damage, which may affect its operating performance.
Pursuant to a revision of the Installment Sales Law in 2008, if a specified-contract member store were to engage in inappropriate sales activity (excessive-volume sales, misrepresentation, etc.), customers subject to such behavior would be able to withdraw their declaration of intent regarding the application to enter into a contract with the seller. If inappropriate sales activity were recognized to have occurred, affected customers could claim refunds from the credit company. Furthermore, through the revision of the Installment Sales Law promulgated in December 2016, in the future credit card operations are also subject to a registration system, and regulatory agencies will carry out examinations regarding credit card member store countermeasures in such areas as fraudulent sales and security. Consequently, if there were an increase in inappropriate sales activity by member stores, the Company may suffer damage, which may affect its operating performance.
2. Market-related risk
Risk of increase in funding interest rates
As of March 31, 2017, the Group's overall fund procurement (including straight corporate bonds and commercial paper) fixed interest rate ratio (including swaps) stood at 48.7%, and the floating interest rate ratio stood at 51.3%. While funding interest rates fluctuate according to market trends, interest rates applied to loans extended by the Company and transaction conditions between the Company and member stores and customers in its credit card operations and installment sales finance operations are determined comprehensively through a variety of factors, including competitive conditions, and furthermore are contingent upon changes in member rules and contracts. Consequently, since a time lag arises before any increase in interest rates is reflected in transaction conditions, a change in the financial situation leading to funding interest rate fluctuations may affect the Group's operating performance. As of March 31, 2017, the Company has received the following credit ratings from Japan Credit Rating Agency, Ltd. (JCR), and Rating and Investment Information, Inc. (R&I): Long-term bonds both A-, commercial paper J-1 (JCR) and a-1 (R&I). The Company's commercial paper issuing limit is set at ¥400 billion, and the Company is able to raise funds at low interest rates in accordance with conditions in the financial markets. However, if the Group's operating performance were to deteriorate, its credit ratings and creditworthiness would be downgraded and it would be forced to raise funds at higher interest rates than normal. Consequently, the Company would face higher funding costs from capital markets and financial institutions, which may affect its operating performance.
Risk of decline in prices of investment securities
As of March 31, 2017, the Group holds investment securities amounting to ¥22,779 million (market-listed and unlisted shares, etc.) and property, plant and equipment amounting to ¥19,617 million (land, buildings and structures, etc.). There is the possibility that the Company may record valuation losses on such holdings owing to declines in market prices or impairment of investment value.
3. Administrative risk
In the operation of its businesses, the Group conducts a wide variety and high volume of administrative processing. The Group works to ensure that all administrative processing is carried out correctly and in accordance with fundamental rules, and aims to enhance the efficiency of these operations, including through the implementation of measures to improve the accuracy of processing, prevent fraud, and increase the level of processing systemization. However, in the event that an accident or fraud were to occur stemming from a failure to carry out correct administrative processing, depending on the nature and scale of such an occurrence, it may affect the trust of the Group's customers or member store businesses. In such a case, the Company may face liability for damages and a loss of public credibility, which may affect the Group's operating performance.
4. System risk
The Group's core computer system, called "JANET," is installed at an information center managed by a contracted operations company. This information center has taken earthquake countermeasures and installed multiple electric power supply lines as well as electrical generator equipment. Hence, even if outside supply were disrupted, the center could remain operational for several days using its own supply. The information center makes a backup of data necessary for the resumption of operations, which is stored at a separate location more than 60 kilometers away.
To prepare for cases in which input/output (I/O) processing capacity becomes insufficient, with regard to such critical operations as member store settlement operations, the Company has implemented such measures as the establishment of a secure management system to make alternate processing possible. However, in the case that a malfunction or outage occurs in the core computer system, operations may be suspended and in such cases there is the possibility of disruption to customer services.
The Group uses JANET to centrally manages most customer personal and credit information, as well as most information relating to business operations, such as member store transaction conditions. JANET comprises a dedicated network, and external access paths are completely blocked. Furthermore, although the Company implements a range of other measures as part of its security management as summarized below, in the case that such measures were insufficient and an information leak occurred, it may adversely affect the trust placed in the Group and its management situation.
- JANET terminal functions are set up in such a way that each user is restricted to an authorized set of functions necessary for business operations, depending on the terminal's location and the user's position and job.
- Each set of terminal operations is recorded in a log, which is monitored to ensure that operations are valid.
- Terminals are all controlled through a system of locks, and the terminal equipment cannot be removed from its installed location.
- Terminals do not include I/O ports for removable recording media, and the equipment is configured so that individuals cannot introduce, input, output, or record data.
- System access for system developers and operators must be authorized in advance and requires the application for and approval of a user ID, which must be surrendered again after use. Monitoring is carried out on a daily basis to ensure that usage is appropriate.
- Within the scope of "Management of the JANET Host System and the Web System Development, Maintenance and Operation," the Company has acquired certification under the international standard relating to information security, ISO/IEC 27001:2013. Based on this standard, the Company is able to effectively pursue measures relating to information security.
5. Cybersecurity risk
The Group's computer systems include the use of firewalls, an intrusion prevention system (IPS), Web application firewalls (WAF), and other tools as cybersecurity measures. However, owing to such contingencies as cyberattacks from external sources, other unauthorized access, and virus infection, there is the possibility that information leaks may occur, and the system may experience service outages and malfunctions. In such cases, operations may be suspended and the Company may be liable for compensation for damages resulting from suspension of operations. Such a situation may cause a loss of confidence in the Group and have a negative impact on trust placed in the Group and its management situation.
6. Compliance risk
Within the Group, the Company conducts money lending, credit card, installment sales finance operations, and fund settlement operations (prepaid card and fund transfer operations), and the Company's consolidated subsidiaries conduct servicer and other operations. Pursuant to laws and regulations, these businesses require registration with or permits issued by the relevant authorities. To ensure strict compliance with laws and regulations, the Group has established compliance systems. However, in the event that the Group engaged in activity that was in violation of laws or regulations, the Group may be subject to punishment by relevant authorities pursuant to laws and regulations (business improvement order, partial or full business suspension order, revocation of registration, etc.), which may affect the Company's operating performance.
Installment Sales Law
The Company's credit card and installment sales finance operations are subject to the Installment Sales Law. For this reason, the Company must ensure that its business operations comply with the conduct rules stipulated in this law (examination of amount of expected ability to pay, delivery of written documents, member store investigation, and appropriate management of credit card numbers, etc.) as well as civil rules (plea for suspension of payments, credit contract cooling off, and damages relating to cancellation of contracts, etc.). The Company must also comply with the voluntary rules of the Accredited Installment Sales Association.
Money Lender Business Law
The Company's financing business is subject to the Money Lender Business Law. For this reason, the Company must ensure that its business operations comply with various regulations stipulated in this law (prohibition of excessive lending, disclosure of lending conditions and indicators, delivery of written documents, keeping of account ledger, collection activity regulation, return of claim deed, etc.) and voluntary rules of the Japan Financial Services Association.
Fund Settlement Law
The Company's prepaid card and fund transfer businesses are subject to the Fund Settlement Law. Consequently, in its provision of services relating to fund settlement the Company must ensure that it has established a compliance system covering legal requirements, protections for users, and an operational system that complies with voluntary rules set by a certified association for payment service providers, which stipulates security maintenance requirements for fund settlement systems.
Act on Prevention of Transfer of Criminal Proceeds
The Group's credit card business, finance business, fund transfer business, and lease business are subject to the Act on Prevention of Transfer of Criminal Proceeds. Consequently, the Company must ensure that operations comply with checks at the time transactions occur and notifications regarding suspicious transactions as stipulated in the Act on Prevention of Transfer of Criminal Proceeds.
7. Information-related risk
The nature of the Group's business involves the acquisition, retention, and use of a large volume of personal information, particularly centered on personal credit information (including credit card numbers and other stand-alone information). Although the Group has rigorously handled such information since prior to the enactment of the Personal Information Protection Law, in the event of a leak or loss of personal information from the Group or its outside contractors, or the fraudulent use of such information, the Group may face a loss of credibility and liability for damages, which may affect the Company's operating performance. In addition, if the Company were to commit a legal violation as a business operator that handles personal information, it may be subject to administrative measures, including recommendations and orders.
Led by the Compliance Control Department, the Group strives to ensure that personal information and information related to Japan's national identification number system, is handled appropriately and to maintain sound security management. The Company and four of its consolidated subsidiaries have acquired Privacy Mark certification, a system to assess measures to protect personal information, from the Japan Information Processing Development Corporation (JIPDEC), and are working to ensure its effectiveness.
8. Disaster risk
In preparation for unexpected situations, including earthquakes, large-scale disasters, and accidents, the Group has established a safety-confirmation system, prepared a disaster response manual, formulated operational rules for its Emergency Response Committee, and established a Business Continuity Plan (BCP). These and other measures are focused on building the Group's crisis management system. However, in the event of a crisis whose scale exceeds the Group's assumptions, leading to decisive damage to the Group's physical and human assets, there is the possibility that this may result in the suspension of operations or make the continuation of operations problematic.
9. Tangible asset risk
There is the possibility that tangible assets owned by the Group may sustain damage owing to natural disasters, such as earthquakes and typhoons, or man-made disasters, such as acts of terrorism. The Group regularly ascertains the status of the movable property and real estate assets that it manages, and implements disaster prevention and crime prevention measures.
10. Personnel risk
Since the Group undertakes business operations involving a wide array of fields, it has an ongoing program for recruiting high-quality personnel, and it is essential for the Group to develop and train the people it has employed. However, if the Group were unable to recruit or retain high-quality personnel, or it became unable to adequately train its employees, this may affect the Group's operating performance.
11. Reputation risk
The Group's reputation is extremely important to the maintenance of its relationships with customers, investors, regulatory agencies, and society in general. Its reputation may be damaged by any of a diverse range of factors, including compliance violations, employee fraud, computer system failures, or the behavior of third parties that is difficult or impossible to control. If the Group were unable to avoid such factors or respond adequately to such factors, it may lose current or future customers or investors, and this may affect the Group's operating performance.
12. Related-company risk
The Group comprises the Company and its affiliates (five consolidated subsidiaries and two equity-method affiliate)(as of March 31, 2017). With regard to the Group's consolidated-to-nonconsolidated ratio, the portion accounted for by the Company is extremely high. However, in the case that a business risk relating to an affiliate materialized on a significant scale, this may affect the Group's operating performance.
13. Overseas business risk
The Group is working to expand its business in overseas markets, centering on Southeast Asia. The Company has operations in Vietnam, Indonesia, and the Philippines. Engaging in these overseas business operations carries a range of inherent risks. For example, unlike in Japan, there may be unforeseen changes in laws or regulations, there is the risk of political or economic turmoil, and there is exchange rate fluctuation risk. If such risks were to materialize, it may affect the Group's operating performance.
See Business Position in the Securities Report for details of business and other risks.