- HOME
- Sustainability
- Governance
- Risk Management
Risk Management
Approach and Policies
Group Policy (Governance)
The Nomura Real Estate Group regards risk management as a “business management methodology that aims to improve corporate value by managing all risks related to the attainment of corporate group organizational and business objectives in an integrated and unified manner while controlling risk within the company’s risk tolerance limits.” With the aim of ensuring the soundness of business management through proper management and operation of risks, the Group has formulated the Risk Management Regulations.
As its basic policy, the Group assures business continuity and stable development by implementing risk management and classifies its main risks into four categories, namely “A: Investment risk,” “B: External risk,” “C: Disaster risk,” “D: Internal risk.” Among them, risks listed below are regarded as important risks that should be managed, and performing effective and efficient risk management is provided according to the scale and characteristics of each risk. These include economic, environmental, geopolitical, and other risks that manifest themselves over the medium to long term. In addition, based on the recommendations of the Task Force on Climate-related Financial Disclosures (TCFD), the Group is promoting the management of and response to climate-related risks.
Important risks needing to be managed among main risks
・Risks that could have a major impact on Group management
・Risks that could have a major impact on society
・Risk of litigation or other serious problems
・Other major risks that should be managed by the Group
Main Risks
| Risk categories | Main risk items | |
|---|---|---|
| A: Investment risks | Risks related to individual investments (real estate investments, strategic investments (M&A), etc.) |
1. Risks associated with real estate investment |
|
2. Risks associated with strategic investment (M&A) and new businesses |
||
| B: External risks | Risks related to external factors influencing business |
3. Risks associated with market changes |
|
4. Risks generated by changes in economic conditions |
||
|
5. Risks generated by changes in political/social conditions/systems (laws and regulations, tax systems, accounting, others) |
||
|
6. Risks due to lagging behind in innovation and changes in the structure of society related to the business |
||
| C: Disaster risks | Risks generated by disasters that have a large impact on customers and business continuity |
7. Risks related to disasters (earthquakes, typhoons, floods, tsunamis, volcanic eruptions, major fires, epidemics of infectious diseases, etc.) that have a major impact on customers and business continuity |
| D: Internal risks | Operational risks occurring at the Company and each group company |
8. Risks related to the violation of laws and ordinances |
|
9. Risks related to quality defects |
||
|
10. Risks related to occurrence of information system crisis |
||
|
11. Risks from inadequate responses to matters related to human resources |
||
|
12. Risks related to occurrence of fraud and negligence |
||
Special Feature: Response to the Task Force on Climate-related Financial Disclosures (TCFD)
Management
Risk Management Structure
To discuss various risks related to Group management, the Company has prescribed the Management Committee as the integrated risk management entity and operates a system to regularly monitor, evaluate, and analyze the state of main risks and to provide the necessary guidance and advice to each business unit and Group company while regularly reporting details to the Board of Directors.
| A: Investment risks B: External risks |
Directly monitored by the Management Committee, which is the integrated management body. |
|---|---|
| C: Disaster risks D: Internal risks |
Regularly monitored, evaluated, and analyzed by the Risk Management Committee and established as a subordinate organization of the Management Committee. Basic policies regarding, for example, risk prevention, response when risk occurs, and preventing recurrence are discussed by the Risk Management Committee. |
Risk Management Committee
The Risk Management Committee, a subordinate body of the Management Committee, consists of directors and executive officers of Nomura Real Estate Holdings and each Group company appointed by the Board of Directors and is chaired by the officer in charge of the Group Legal Compliance Department (an executive officer of Nomura Real Estate Holdings). We also established the Group Risk Meeting, consisting mainly of directors and executive officers of each Group company appointed by the chair of the Risk Management Committee to share risk information and response policies within the Group.
Risk Management System (Conceptual Diagram)
With regard to risk management, each Business Unit manager will supervise the risk management of their affiliated business unit and report on the situation to the Management Committee or Risk Management Committee as necessary. Concurrently, the president of each Group company (the head of each division at Nomura Real Estate Development) is responsible for reporting risk management matters to the Business Unit Manager in a timely and appropriate manner. In addition, we defined the organization in charge of business in each Group company as the first line of risk management, the organization in charge of corporate operations at the Company and each Group company as the second line of risk management, and the organization in charge of internal audits at the Company and each Group company as the third line of risk management. With each line playing its role in risk management, we have established an appropriate defense line.
The risk management system refers to ISO 31000 and the risk management framework of The Institute of Internal Auditors (IIA)—Japan.
For further details, refer to pages 10 to 19 of the Financial Report.
Results
Performance Data
| FY2019 | FY2020 | FY2021 | FY2022 | |
|---|---|---|---|---|
| Number of Risk Management Committee meetings and Group Risk Liaison Committee meetings | 12 | 13 | 13 | 13 |
Risks of particular focus (in fiscal 2023) in the risk categories
| Risk categories | Main risk items |
|---|---|
| A: Investment risks |
・Risk of inability to secure the expected business volume and making it difficult to secure the expected business volume and achieve the profit growth projected in the Mid- to Long-term Business Plan due to intensifying competition for land acquisition, etc. ・Risk that the Company will not earn the expected profits due to an increase in construction expenses caused by soaring materials prices, delays in construction periods, soaring energy procurement costs, etc. ・Risk of profitability deterioration and delays in anticipated project schedule due to changes in economic conditions regarding projects with long-term project timeframes and large investment budgets, such as redevelopment projects |
| B: External risks |
・Risks arising from the impacts of prices for housing sales, property sales, as well as sale prices of asset replacement properties, due to changes in Japan’s real estate market and financial conditions ・Risk arising from deterioration in profitability and delay in profit recovery timing in overseas business due to deterioration in economies and real estate markets, deterioration in the financial condition of general contractors and JV partners, and other factors in countries overseas ・Risk of a reduced competitive advantage of the Company’s businesses due to delays in response to changes in lifestyles and values, response to accelerating advances in digital technology, and response to sustainability and human resources, etc. |
| C: Disaster risks |
・Risk of inability to continue business due to increasingly severe natural disasters such as earthquakes, typhoons, and torrential rains |
| D: Internal risks |
・Risk due to inadequate design and construction in the real estate development business ・Risk due to delay in preparing personnel systems to secure diverse human resources and enable human resources to continue playing an active role ・Risk due to information leak by cyberattack, impact on business continuity, and incurrence and expansion of damage, etc. ・Risk of violating laws and regulations and hindering the realization of smooth transactions with counterparties due to delays in strengthening the transaction system to realize the passing of appropriate price on to customers in light of rising material prices, energy costs, among other costs. |
Initiatives
Stress Testing
The profitability of each business in the Group may deteriorate and the value of assets held by the Group may decline as a result of economic trends, market changes, and changes in social conditions and systems in Japan and overseas.
We conduct stress tests in multiple patterns to determine whether such possibilities are within the range of acceptable risk and then report the results of the stress tests to the Board of Directors as appropriate.
Information Security Measures
The Group has established the Information Security Regulations, which prescribe personal information, trade secrets, and other highly confidential information as important information and which stipulate basic matters regarding the management system and handling of such information. The regulations assign a chief information security officer (concurrently held by the officer in charge of internal audit and compliance, who serves as chairperson of the Risk Management Committee), a document information officer (general manager of the Group Legal Compliance Department) and an electronic information officer (general manager of the ICT Management Department) as administrators to maintain and improve the level of systemic information management and security.
Furthermore, to keep pace with the increase in businesses using rapidly expanding digital technologies, as well as the surge in teleworking and the modal change in business due to the use of cloud computing, the Group is striving to strengthen information security within the Company by creating and applying its Information Handling Guidelines. These guidelines provide instructions on storage and management methods for important information, response to information leaks, response to information system loss, and other issues.
Addressing Cyber and System Risks
As the use of cloud services has become more prevalent across the Group, society is experiencing increasing damage from ransomware attacks that attempt to gain unauthorized access to corporate networks and PCs and render systems and data unusable. The Group therefore recognizes that system outages, information leaks, and other incidents associated with caused by cyber-attacks represent new risks that threaten business continuity and must be urgently addressed.
In response to the threats mentioned above, we are adopting a two-pronged strategy: risk avoidance to strengthen our defenses against cyber and system risks and risk reduction in the event a serious incident occurs.
Establishment of Information Handling Guidelines and Dissemination within the Group
The Group has established Information Handling Guidelines for all employees, including part-time and temporary, on how to handle information as well as an information system and devices to reduce risks such as information leaks.
The guidelines stipulate rules for the use of information, storage, and disposal by authorized officers and employees only, and rules for how to respond in the event of a leak and provide information to outsourcing companies.
To disseminate these rules, we conduct information security training for all Group officers and employees several times a year, and in the event any issues arise that require immediately informing everyone about them, we send out emails and post information on our intranet.
In addition, in response to the emergence of generative AI, we have established certain rules such as only permitting internal use and setting a secret mode to prevent information leaks or infringement of copyrights, privacy, and other rights, and the risk of false information.
Nomura Real Estate Holdings Personal Information Protection Policy
The Group considers the appropriate protection of personal information to be an essential aspect of its business operations, and it manages customers’ personal information with great care in accordance with the Act on the Protection of Personal Information and related laws and regulations.
Risk Management Relating to Society and the Environment
The Group is also aware of risks relating to social and environmental issues. The details are reported to the Sustainability Committee (chaired by the president and Group CEO of Nomura Real Estate Holdings), which is made up of directors and others from Nomura Real Estate Holdings and Group companies. Key issues are reported to the Board of Directors, which deliberates on how to deal with them. In fiscal 2022, the committee discussed issues including the Group’s Renewable Energy Policy and Sustainability Policy and reported three times to the Board of Directors.
| Issues reported |
・Renewable Energy Procurement Policy ・Revised Procurement Guidelines ・First-half activity results and second-half policy, FY2021 environmental data and variance analysis report |
|---|
Provision for Lawsuits Involving Violations of Laws and Regulations, and Environmental, Social, and Governance (ESG) Issues
In accordance with Japanese GAAP, reserves are recorded in the consolidated financial statements when it is probable that they will be incurred and the amount can be reasonably estimated.
There were no significant provisions at the end of March 2022 related to fines and settlements incurred in the future arising from cases prior to fiscal 2022.
Inquiry Desks
Inquiry desks have been set up at Nomura Real Estate Holdings and at each Group company in order to respond quickly and appropriately when a problem with a product or service is found. Significant risk information gathered at these desks is reported to the Risk Management Committee and shared within the Group, and measures to prevent reoccurrence are implemented.
Business Continuity Plan Established for Disasters
The Group formulated a business continuity plan (BSP) of action in anticipation of a disaster. The BCP sets up a chain of command during an emergency and allocates duties for the continuation of business as well as establishing structures for minimizing the impact of a disaster. A disaster response headquarters drill is conducted once a year to confirm emergency preparations toward ensuring the safety of officers and employees, establishing a chain of command, and restoring business.
In addition, a disaster response headquarters establishment drill is conducted once a year with the president of Nomura Real Estate Holdings as the head and other members of the Disaster Response Headquarters participating. During the drill, implementation of initial responses specified in the BCP (ensuring the safety of officers and employees, establishing a chain of command, and restoring business) is confirmed and other actions are taken to prepare for an earthquake and other emergencies.
Confirming the Safety of Officers and Employees
The Group introduced a safety confirmation system that uses the Internet and emails to rapidly determine the status of harm to and safety of officers and employees during emergencies, and it conducts safety confirmation drills for Group officers and employees four times a year.
Sustainability
- The Nomura Real Estate Group’s Stance on Sustainability
- Climate Change and the Natural Environment
- Society and Employees
- ESG Data