Risks in Business Operations

Risks that have the possibility of having a material impact on the decisions of investors are as follows.
Please note that any remarks concerning the future indicated in the descriptions have been made based on the adjudications made by the BIPROGY group (the Company and its consolidated subsidiaries) as of the end of March 2023.

Risks in Business Operations

[1] Risks from Economic Trends and the Market Environment

We are faced with risks of exposing our Group performance and financial situations to impacts in our business environments in an event where the environments are harmed through: economic conditions becoming worsened partly due to changes in the situations of the COVID-19 pandemic, intensified Sino-US rivalry, and the situation in Ukraine; customers reducing investments in or changing investment strategies about IT assets; and competitions becoming even toughened due to participants in our industry from other business sectors.
Furthermore, we keep in mind possibilities of revising our business strategies as we are faced with the concept of ESG (environment, society and governance) sinking in with: environmental awareness becoming heightened as exemplified in countermeasures against climate changes; social awareness becoming drastically transformed; tough environmental regulations becoming globally entailed; and changes in various types of governmental policies such as those for disaster countermeasures.
We will be watchful carefully and perform promptly in response to trends and changes in external environments.

[2] Procurement

We procure hardware, software and services from suppliers in Japan and overseas, and provide them to customers. There is a possibility that our Group’s business results could be impacted by changes in product specifications or delays or suspensions of products/services supply (as a result of unforeseen changes in business strategies or deteriorations of business conditions of the supplier companies). Also, we are aware of possible impairment of our social credibility and brand image (owing to occurrences of catastrophic system failures induced by problems of services that we procure and security incidents). We have been endeavoring to avoid such risks through measures to assess suppliers periodically and control qualities of service products that we deal in.

[3] Intellectual Property Rights

The Group has been executing business with the utmost care about intellectual property rights. We have been making efforts to protect our intellectual properties by obtaining intellectual property rights such as patent rights and trademark rights for our technologies as well as products and services. Furthermore, we have been exercising extreme caution not to infringe upon third parties’ intellectual property rights. However, there is a possibility that any third parties may infringe upon our intellectual property rights. Also, there are risks that third parties’ claiming that our products and services infringe upon their intellectual property rights may be developed into lawsuits, and costs may be incurred on our side.
Furthermore, there are risks that the Group may not be able to provide specific products or services in an event that we unexpectedly fail to obtain licenses of intellectual property rights necessary for our business execution from holders.
In addition, we are aware of risks that we cannot unexpectedly use intellectual property rights held by start-up companies that agree to join us in promoting open innovation by entering into capital or business tie-ups, if the companies fail to establish intellectual property rights due to a procedural defect.
These possibilities are likely to impact business results of the Group.
Therefore, our company group has made efforts to screen thoroughly alliance partners from the viewpoint of intellectual property rights, ensure our rights that we expect from alliance agreements with them, as well as obtain intellectual property rights.

[4] Project Management

The Group has worked on many projects such as those of outsourcing business in addition to those of its robust system development business as before.
Amid intensified market competition we have been facing customers who continually demand more sophisticated systems. As a result, system development projects have become increasingly complex. If a problem arises in the projects, there is a risk that the problem would require greater-than-expected costs and time to fix, which could incur a cost overrun and a delay of release date. Furthermore, we may face growing risks of safety and security that should be managed in projects as a result of diversification of products and services which we deal in. The Group has been enforcing operations to implement actual vs. budget variance management through the Project Review Committee authorizing whether or not system development projects or outsourcing projects can be operated based upon assessing risk contents contained therein from multifaceted viewpoints.
In addition, the Group has been working to increase productivity by systematizing and standardizing system development methods and continuously implement measures such as the project check system (which detects problems in a project at the development stage). The Group also implements the plan-do-check-act cycle of improvement predicated upon reviewing problematic projects, ascertaining true causes and implementing fundamental countermeasures and recurrence prevention measures. The Group has been making these efforts to detect problems early and prevent cost overruns.

[5] System Failure

The Group has come to deliver diversified systems and services that include mission-critical systems for customers’ businesses, financial and electricity systems/services in light of social infrastructure, and consumer services such as payment/settlement services and EC (electronic commerce). In the event of serious failures caused by system faults and cyberattacks, the Group may cause a broad range of impacts on our customers and consumers who use our systems/services provided via our customers. We will be exposed to the reputation risk of having our own social credibility and brand image damaged with compensation payments for such damages entailed. Eventually, we may have our Group business performance impacted.
Thus, the Group has been working to improve system/service quality measured in the metrics such as confidentiality, fault tolerance, resilience, and stability through setting recovery time targets after an unplanned service suspension that a system trouble should entail, and implementing quality assurance reviews in the system development phases. Furthermore, the Group has been making efforts to enable rapid responses in an event of an occurrence of system trouble after a system begins operations and stave off facing imminent risk by sharing information with related in-house departments through a system trouble management system.

[6] Information Security

The Group has opportunities to access many customers’ confidential personal and corporate information, as well as that of the Group itself, through business activities related to the development and provision of information systems. Therefore, the Group operating business in the ICT industry recognizes and positions management of information such as personal information as a highest-priority issue. We have maintained and operated our information management arrangements. Also, we have provided training to and guidance for subcontracting companies as well as all executives and employees of the Group.
However, a serious incident occurred on June 21, 2022, in which an employee of one of our second-tier subcontracting companies lost USB flash drives containing encrypted personal data in connection with a project which a customer had entrusted us with. The flash drives were found on June 24, 2022. Any leak of personal information was not confirmed. We received guidance on this incident from the Personal Information Protection Committee based on a relevant act on September 21, 2022. We reported to the organization on our situations of improvement.
We will make the utmost effort to prevent recurrence and recover trust by working on enhancing governance for our entire Group in light of appropriate handling of personal information, improving the system and operation of information management and re-enforcing training and guidance for all employees, officers and subcontracting companies with the aim of preventing recurrence of this incident and seeing our Group’s services used with peace of mind.
Although we of the entire Group have been working on the aforementioned efforts, the Group’s business performance may be affected in the future by reputational risk, such as the deterioration of the Group’s social credibility and brand image, as well as by costs spent for responding to the occurrence of this incident.
On the other hand, cyberattacks have been sophisticated and elaborated every day, and thus cybersecurity risks have become a key management issue. In this business environment, the Group has positioned cyberattacks as serious management risks in the information security basic policy. We established a project system through which we formulate and promote strategies to cope with cybersecurity risks under the aegis of Information Security Committee that oversees information security management for the entire Group. As indicated in the cybersecurity strategies, the Group has implemented a broad range of diverse security measures based on visions, goals and activity plans to enable continuous awareness of cybersecurity in business management.
Specifically, the Group has strengthened infrastructures for security measures from the viewpoint of Zero Trust Architecture in order to support an increase in the cloud services in accordance with the spread of teleworking. The Group has been endeavoring to strengthen the capabilities to detect and cope with incidents mainly through cybersecurity training for the techno-clad Computer Security Incident Response Team (CSIRT) dedicated for preventing cyberattacks and coping with incidents. Also, the Group has broadened the subject areas monitored by our internal Security Operation Center (SOC) teams engaged in monitoring and analyzing threats against the networks and servers in the Group.
To cope with the small possibility of an information leak in an emergency case that is beyond conventional imagination, the Group has insurance contracts to address the situation up to a certain extent.

[7] Human Resources

We face an intensified IT talent war due to fiercer business competitions in the global arena, where companies further earnestly take on digital transformation amidst their suffering a global shortage of skilled information technology experts who are aging more rapidly than the small young workforce are matured and gain mastery. Furthermore, given that we witness significant changes in the industrial structures and business environment, it is material to secure proven engineers who continue to be innovative and further satisfy diversified social issues and customer needs. If the Group is unable to secure those personnel that we need, the Group’s ability to maintain continuous growth potential would be impacted.
The Group has employed new graduates from the mid-and long-term viewpoint as well as candidates with work experience such as semi-recent graduates from the viewpoint of prioritizing potential abilities and mid-career recruits who can hit the ground running, in light of employing and developing personnel pursuant to the management strategies. Furthermore, we have implemented various types of workforce development measures based on training and system improvements to help workforce learn and master higher skills. In addition, we have promoted diversification of workforce and work styles and visualization of human capital through: helping various types of employees such as women, seniors, foreign nationals, and disabled play active roles; developing a personnel system to enable flexible work styles and workplace environments upon the strength of technologies; establishing “intrapersonal diversity” of executives and employees in light of the definition of ROLES (roles for business performance); and promoting workforce flowability on the basis of that data.
Also, we have attempted to improve engagement in the executives and employees through regular survey-based research composed of analysis and feedback.
Furthermore, we established the Social Committee as a decision-making organization about materiality issues in the area of society including human assets. We have taken measures to promote sustainability management through reducing risks related to human assets.We face an intensified IT talent war due to fiercer business competitions in the global arena, where companies further earnestly take on digital transformation amidst their suffering a global shortage of skilled information technology experts who are aging more rapidly than the small young workforce are matured and gain mastery. Furthermore, given that we witness significant changes in the industrial structures and business environment, it is material to secure proven engineers who continue to be innovative and further satisfy diversified social issues and customer needs. If the Group is unable to secure those personnel that we need, the Group’s ability to maintain continuous growth potential would be impacted.
The Group has employed new graduates from the mid-and long-term viewpoint as well as candidates with work experience such as semi-recent graduates from the viewpoint of prioritizing potential abilities and mid-career recruits who can hit the ground running, in light of employing and developing personnel pursuant to the management strategies. Furthermore, we have implemented various types of workforce development measures based on training and system improvements to help workforce learn and master higher skills. In addition, we have promoted diversification of workforce and work styles and visualization of human capital through: helping various types of employees such as women, seniors, foreign nationals, and disabled play active roles; developing a personnel system to enable flexible work styles and workplace environments upon the strength of technologies; establishing “intrapersonal diversity” of executives and employees in light of the definition of ROLES (roles for business performance); and promoting workforce flowability on the basis of that data.
Also, we have attempted to improve engagement in the executives and employees through regular survey-based research composed of analysis and feedback.
Furthermore, we established the Social Committee as a decision-making organization about materiality issues in the area of society including human assets. We have taken measures to promote sustainability management through reducing risks related to human assets.

[8] Investments

We face an intensified IT talent war due to fiercer business competitions in the global arena, where companies further earnestly take on digital transformation amidst their suffering a global shortage of skilled information technology experts who are aging more rapidly than the small young workforce are matured and gain mastery. Furthermore, given that we witness significant changes in the industrial structures and business environment, it is material to secure proven engineers who continue to be innovative and further satisfy diversified social issues and customer needs. If the Group is unable to secure those personnel that we need, the Group’s ability to maintain continuous growth potential would be impacted.
The Group has employed new graduates from the mid-and long-term viewpoint as well as candidates with work experience such as semi-recent graduates from the viewpoint of prioritizing potential abilities and mid-career recruits who can hit the ground running, in light of employing and developing personnel pursuant to the management strategies. Furthermore, we have implemented various types of workforce development measures based on training and system improvements to help workforce learn and master higher skills. In addition, we have promoted diversification of workforce and work styles and visualization of human capital through: helping various types of employees such as women, seniors, foreign nationals, and disabled play active roles; developing a personnel system to enable flexible work styles and workplace environments upon the strength of technologies; establishing “intrapersonal diversity” of executives and employees in light of the definition of ROLES (roles for business performance); and promoting workforce flowability on the basis of that data.
Also, we have attempted to improve engagement in the executives and employees through regular survey-based research composed of analysis and feedback.
Furthermore, we established the Social Committee as a decision-making organization about materiality issues in the area of society including human assets. We have taken measures to promote sustainability management through reducing risks related to human assets.

The Group intends to strengthen our competitiveness and expand our businesses. Thus, we make large investments with the aim of providing new products and services.
The Group has implemented investments into and M&As activities targeted at partner companies who own advanced technologies and expertise, partly on a global basis. Likewise, we have continued and even increased investments in start-up companies and funds.
We make these investments without necessarily having sufficient returns guaranteed. The investments may impact the Group performance results in an event of discrepancies from partner companies in business strategies or from our initial assumptions about business growth.
Thus, the Group entrusts with individual investment projects the R&D/Investment Committee and the Project Review Committee as well as their overseer, the Executive Council. The internal bodies carefully determine the appropriateness of business plans and other factors in order to minimize risks from investment decisions.

The Group intends to strengthen our competitiveness and expand our businesses. Thus, we make large investments in light of providing new products and services with the aim of strengthening competitiveness and expanding businesses.
The Group has implemented investments into and M&As activities targeted at partner companies who own advanced technologies and expertise, partly on a global basis. Likewise, we have continued and even increased investments in start-up companies and funds.
We make these investments without necessarily having sufficient returns guaranteed. The investments may impact the Group performance results in an event of discrepancies from partner companies in business strategies or from our initial assumptions about business growth.
Thus, the Group entrusts with individual investment projects the R&D/Investment Committee and the Project Review Committee as well as their overseer, the Executive Council. The internal bodies carefully determine the appropriateness of business plans and other factors in order to minimize risks from investment decisions.

[9] Compliance

Diversified and complicated compliance risks will be entailed partly by creating new businesses.
In an event of inadequate data handling and other material compliance violations that we may commit through operating more data utilization businesses and service-provision type businesses in the future, in addition to handling personnel labor issues such as working long hours, power harassment and sexual harassment, the Group may have our social credibility harmed, pay damage compensation, and have business relationships re-examined by our key business partners. Eventually, our Group’s business results could be impacted.
The Group aims to stave off such risks through formulating the Charter of Corporate Behavior, the Group Compliance Basic Regulations, and the Group Code of Conduct and establishing compliance promotion systems. We have endeavored to ensure that all of the Group’s executives and employees comply with laws and regulations, social norms, and in-house regulations and perform ethical behavior.

[10] Natural Disasters and Infectious Diseases

In an event that an occurrence of natural disaster such as an earthquake or terrorist attack damages devastatingly social infrastructure or the Group’s major business bases, the Group will be forced to bear a significant amount of costs in order to cope with the situation. Similarly, in an event that the Group must restrict activities of many of our employees and business partners in order to secure their safety and well-being in the wake of an outbreak of infectious disease, as well as prevent a spread, our business activities such as service provision will be impacted enormously, which will eventually be reflected in the business results.
The Group aims to cope with business continuity risks partly caused by earthquakes and infectious diseases. Thus, we established a business continuity plan (BCP). We have implemented Business Continuity Project to review and improve the plan continuously from the viewpoints of ensuring safety, resuming internal businesses, and serving customers. The Group has planned and implemented training sessions such as safety confirmation drills and comprehensive simulation-based training sessions in order to make preparations against disaster occurrences. The training drills and sessions are designed for employees, organization leaders, and disaster control headquarters members. Comprehensive simulation-based training sessions are organized in accordance with scenarios of specific event occurrence in order to train participants to play individual roles about damage situation reports, response instructions, and feedback reports.
In response to COVID-19 that recently spread, the Group worked on ensuring business continuity with an eye on preventing the spread of the infectious disease in the entirety of society with the priority given to our Group employees, partner companies and customers, in line with the Novel Influenza Response Action Plan which had been formulated previously. The Group will endeavor to enable business continuity in light of new infectious diseases spreading, on the basis of using knowledge that we acquired from responding to COVID-19, with the greatest priority given to ensuring the safety of customers, partner companies and employees.