Risk Management

With ongoing changes to society and the environment, companies face rapidly diversifying risks.
As a company that operates a wide range of businesses globally, in order to continue to maximize corporate value, we have established a robust management system by quickly identifying and addressing risks.

Risk Management System

To achieve sustainable development amidst rapid changes in business and society, we have established a risk management system centered on three areas: Enterprise Risk Management (ERM), Incident Management and Business Continuity Plan (BCP).

Enterprise Risk Management (ERM)

Risk Management

Our business activities are diverse, both in Japan and overseas, and involve a variety of risks. Therefore, it is important to integrate our identification, evaluation and optimization of risk factors for the Rakuten Group as a whole, to ensure that we achieve our business goals.
Rakuten Group defines risk as uncertainties that could affect our ability to achieve our business goals. We manage risks for the entire Rakuten Group by a process of assessing risks and the corresponding countermeasures taken at each organization, and reporting up to senior executive management of the Group.
With regard to Group-wide risks, the Group Risk and Compliance Committee meets four times a year for reporting and discussion. The most important risks are reported and discussed at meetings of the Board of Directors. Through a combination of bottom-up risk response by front-line staff and Group-wide risk monitoring by senior executive management, combined with our PDCA cycles, we have created and implemented an integrated ERM system.

Incident Management

Rakuten Group takes measures to prevent incidents that could lead to business interruptions and disruptions, losses, emergencies or potential crises by establishing Group regulations and providing training to employees. In the event of an incident, we have systems and reporting procedures in place at the Group level for implementing measures that minimize impact on various stakeholders by promptly identifying, assessing, and responding to the incident. Specifically, the type of incident and the degree of impact — such as financial losses, damages to users, impact on business continuity and reputation — are evaluated, and reporting procedures and responses are defined.
Furthermore, based on the information collected, we work to prevent the recurrence of incidents by investigating and analyzing their causes, as well as planning and implementing recurrence prevention measures, and monitoring their effectiveness.

Business Continuity Plan (BCP)

Our Business Continuity Plan (BCP) aims to minimize the damage to our business assets in the event of an emergency while ensuring the continuity and early recovery of our core activities.
In 2020, we implemented a BCP initiative in response to the COVID-19 pandemic. The Coronavirus Response Headquarters was promptly set up, roles for each department were clarified and a system was established for collecting and sharing information globally. In addition, we formulated an Emergency Response Guideline at the Group level, which stipulates policies and responses in accordance with each phase of the pandemic.

Examples of Major Risks and Corresponding Responses

Described below are examples of risks that may have a major impact on Rakuten Group’s business activities and their corresponding responses.
(Excerpt taken from the Business Risk section of the FY2020 Annual Securities Report)

Risk Idem Overview of Risk Response

Risks related to information security and privacy

Providing a wide range of services on the Internet comes with the possibility of not being able to ensure system availability or information integrity due to criminal activity.

Various measures are taken such as establishing an Information Security Management System (ISMS) and acquiring ISO/IEC27001 certification.
For our overseas businesses, we thoroughly comply with local laws and regulations regarding the protection of personal information.
▶For details, visit here

Risks related to laws and regulations, etc.

Our diverse range of businesses are subject to a wide variety of laws and regulations in Japan and overseas, which may impact the Group’s businesses, operating results, and financial position.

Our Chief Operating Officer (COO) and Function Chief Compliance Officer (CCO), as well as the Company Compliance Officer appointed at each Internal Company, promote Group-wide compliance initiatives.
▶For details, visit here

Risks related to natural disasters, pandemics, etc.

Natural disasters such as earthquakes, typhoons, and tsunamis, as well as pandemics, could significantly impact the businesses, operating results, and financial position of the Group.

We minimize these risks with the formulation of a Business Continuity Plan (BCP), which is further strengthened by safety drills for executives and employees, as well as information system backups.
In response to the COVID-19 pandemic, we have implemented a variety of infection prevention measures in the workplace to reduce the risk of cluster outbreaks and infection among executives and employees. We have also promoted work-from-home in accordance with the state of the pandemic.

Risks related to overseas Business operations

Development of global services entails a variety of risks, including legal restrictions, economic and political instability, differences in communication environment and commercial practices.

We closely monitor the situation in each country and take measures to comply with local laws and regulations while establishing an appropriate compliance system at each local Group company. By improving our earning structure efficiency—which leverages the Rakuten Ecosystem—we launch new businesses swiftly and shift our business models flexibly, while controlling costs in a timely manner and reducing the risk of pressure on the Group’s earnings.