Foresight in sight

Investor Relations

Risks in Business Operations

Risks that have the possibility of having a material impact on the decisions of investors are as follows.
Please note that any remarks concerning the future indicated in the descriptions have been made based on the adjudications made by the BIPROGY group (the Company and its consolidated subsidiaries) as of the end of March 2022.

1.Impacts from the Novel Coronavirus Pandemic

The BIPROGY Group has been implementing business continuity plans predicated upon the long-established ‘Action Plan for Measures against Novel Influenza’ in order to cope with the Novel Coronavirus pandemic. The plans correspond to all phases of the pandemic: the phase of emergence overseas, the early phases of emergence in Japan, the spreading phase and recovery phases.
Our basic policies are stated below.
  1. Place maximum priority on human life.
  2. Cooperate in a whole-of-society pandemic approach in compliance with guidance and recommendations issued by the national and regional governments.
  3. Secure safety before continuing and resuming business operations.
We established the Novel Coronavirus Response Headquarters. Under the control of the Headquarters, pursuant to the basic policies above, we have taken specific measures to: analyze and assess characteristics of Corona-Virus Infectious Disease -2019 (COVID-19) and several types of situations; promote teleworking and online meetings partly for customer interaction to the extent that information security for employees of our group companies and our business partners is ensured; and, help them to perform nonteleworkable duties through a staggered hours system and risk mitigation measures. Also, we know and control health situations of our entire group company employees and their families as well as their work situations through daily safety confirmation.
The BIPROGY Group companies have continuously worked on business continuity under the condition that we endeavor to prevent COVID-19 from spreading across the entire communities including our group employees and business partner employees as well as customers.
We hope that the pandemic will gradually fade away in the wake of the launch of Japan’s vaccination program. However, we are faced with new threats such as variants. We are concerned with the possibilities that our Group businesses will be exposed to impacts from the pandemic lingering partly through a resurgence of new coronavirus infections.
The risks are exemplified by those that: customers may reduce their IT investments in light of their business situations; our project proposal activities may stagnate specifically if we attempt to entice new customers; and it may take us a long time for procuring products through impacted supply chains.
Furthermore, we are aware of risks about booking off-shore system developers of our partners partly in China and Vietnam who develop systems and deliver support services as we entrust. We are also faced with risks of delaying system development projects and delivering degraded services in an event where our off-shore development sites are closed even temporarily as a result of outbreaks.
We recognize that these risks may impact our Group business performances. We will carefully watch developments and trends as well as changes in the external environment and take appropriate measures in a timely manner.

2.Other Risks in Business Operations

[1] Risks from Economic Trends and the Market Environment

We are faced with risks of exposing our Group performance and financial situations to impacts in our business environments in an event where the environments are harmed through: the COVID-19 pandemic becoming prolonged globally; economic conditions becoming worsened partly due to intensified Sino-US rivalry; customers reducing investments in or changing investment strategies about IT assets; and competitions becoming even toughened due to participants in our industry from other business sectors.
Furthermore, we keep in mind possibilities of revising our business strategies as we are faced with the concept of ESG (environment, society and governance) sinking in with: environmental awareness becoming heightened as exemplified in countermeasures against climate changes; social awareness becoming drastically transformed; tough environmental regulations becoming globally entailed; and changes in various types of governmental policies such as those for disaster countermeasures.
We will be watchful carefully and perform promptly in response to trends and changes in external environments.

[2] Procurement

We procure hardware, software and services from suppliers in Japan and overseas, and provide them to customers. There is a possibility that our Group’s business results could be impacted by changes in product specifications or suspensions of products/services supply (as a result of unforeseen changes in business strategies or deteriorations of business conditions of the supplier companies). Also, we are aware of possible impairment of our social credibility and brand image (owing to occurrences of catastrophic system failures induced by problems of services that we procure and security incidents). We have been endeavoring to avoid such risks through measures to assess suppliers periodically and control qualities of service products that we deal in.

[3] Intellectual Property Rights

The Group has been executing business with the utmost care about intellectual property rights. We have been making efforts to protect our intellectual properties by obtaining intellectual property rights such as patent rights and trademark rights for our technologies as well as products and services. Furthermore, we have been exercising extreme caution not to infringe upon third parties’ intellectual property rights. However, there is a possibility that any third parties may infringe upon our intellectual property rights. Also, there are risks that third parties’ claiming that our products and services infringe upon their intellectual property rights may be developed into lawsuits, and costs may be incurred on our side.
Furthermore, there are risks that the Group may not be able to provide specific products or services in an event that we unexpectedly fail to obtain licenses of intellectual property rights necessary for our business execution from holders.
In addition, we are aware of risks that we cannot unexpectedly use intellectual property rights held by start-up companies that agree to join us in promoting open innovation by entering into capital or business tie-ups, if the companies fail to establish intellectual property rights due to a procedural defect.
These possibilities are likely to impact business results of the Group.
Therefore, our company group has made efforts to screen thoroughly alliance partner candidates from the viewpoint of intellectual property rights in order to ensure our rights that we expect from alliance agreements with them, as well as obtain intellectual property rights.

[4] Project Management

The Group has worked on many projects such as those of outsourcing business in addition to those of its robust system development business as before.
Amid intensified market competition we have been facing customers who continually demand more sophisticated systems. As a result, system development projects have become increasingly complex. If a problem arises in the projects, there is a risk that the problem would require greater-than-expected costs and time to fix, which could incur a cost overrun and a delay of release date. Furthermore, we may face growing risks of safety and security that should be managed in projects as a result of diversification of products and services which we deal in. To stave off such risks, the Group has made painstaking efforts to operate a system that we established in order to assess any risks of projects from multifaceted viewpoints, monitor service delivery situations, and evaluate the situations at the Project Review Committee.
In addition, the Group has been working to increase productivity by systematizing and standardizing system development methods and continuously implement measures such as the project check system (which detects problems in a project at the development stage). The Group also implements the plan-do-check-act cycle of improvement predicated upon reviewing problematic projects, ascertaining true causes and implementing fundamental countermeasures and recurrence prevention measures. The Group has been making these efforts to detect problems early and prevent cost overruns.

[5] System Failure

The Group has come to deliver diversified systems and services that include mission-critical systems for customers’ businesses, financial and electricity infrastructure systems/services, and consumer services such as payment/settlement services and EC (electronic commerce). In the event of serious failures caused by system faults and cyberattacks, the Group may cause a broad range of impacts on our customers and consumers who use our systems/services provided via our customers. We will be exposed to the reputation risk of having our own social credibility and brand image damaged with compensation payments for such damages entailed. Eventually, we may have our Group business performance impacted.
Thus, the Group has been working to improve system/service quality measured in the metrics such as confidentiality, fault tolerance, resilience, and stability through setting recovery time targets after an unplanned service suspension that a system trouble should entail, and implementing quality assurance reviews in the system development phases and system inspections before and after service launch. Furthermore, the Group has been making efforts to enable rapid responses in an event of an occurrence of system trouble and stave off facing imminent risk by sharing information with related in-house departments through a system trouble management system.

[6] Information Security

The Group has opportunities to access many customers’ confidential personal and corporate information, as well as that of the Group itself, through business activities related to the development and provision of information systems. Therefore, the Group operating business in the ICT industry recognizes and positions information management as a high-priority issue. We have maintained and operated our information management arrangements. Also, we have provided training to and guidance for subcontracting companies as well as all executives and employees of the Group.
However, a serious incident occurred on June 21, 2022. An employee of our second-tier subcontracting company lost USB flash drives that contained encrypted personal information of a customer. The flash drives were found on June 24, 2022. We have been promoting investigations on whether personal information was leaked or not in cooperation with the concerned institutions.
Our Group performances are likely to be subject to impacts such as expenses to deal with the incident as well as reputational risk exemplified by harm and disgrace thus caused to our social credibility and brand image.
The Group takes seriously the occurrence of this incident. We will improve the information management system and operations, and provide training to and guidance for subcontracting companies as well as all executives and employees of the entire group. We will thus strive to prevent recurrence and devote ourselves to regaining trust.
However, cyberattacks have been sophisticated and elaborated every day, and thus cybersecurity risks have become a key management issue. In this business environment, the Group has positioned cyberattacks as serious management risks in the information security basic policy. We established a project system through which we formulate and promote strategies to cope with cybersecurity risks under the aegis of Information Security Committee that oversees information security management for the entire Group. As indicated in the cybersecurity strategies, the Group has implemented a broad range of diverse security measures based on visions, goals and activity plans to enable continuous awareness of cybersecurity in business management.
To cope with the small possibility of an information leak in an emergency case that is beyond conventional imagination, the Group has insurance contracts to address the situation up to a certain extent.
Specifically, the Company Group has strengthened the platform for security measures in order to cope with an increase in teleworkers and cloud computing system use. The Group has been endeavoring to strengthen the capabilities to detect and cope with incidents mainly through cybersecurity training for the techno-clad Computer Security Incident Response Team (CSIRT) dedicated for preventing cyberattacks and coping with incidents. Also, the Group has broadened the subject areas monitored by our internal Security Operation Center (SOC) teams engaged in monitoring and analyzing threats against the networks and servers in the Group.

[7] Skilled Employees

We face an intensified IT talent war due to fiercer business competitions in the global arena, where companies further earnestly take on digital transformation amidst their suffering a global shortage of skilled information technology experts who are aging more rapidly than the small young workforce are matured and gain mastery.
Furthermore, given that we witness significant changes in the industrial structures and business environment, it is material to secure proven engineers who continue to be innovative and further satisfy diversified social issues and customer needs. If the Group is unable to secure those personnel that we need, the Group’s ability to maintain continuous growth potential would be impacted.
The Group has employed new graduates and recent graduates with work experience from a viewpoint of prioritizing potential abilities rather than actual employment experience, mid-career recruits who can hit the ground running, from the mid-and long-term viewpoint of employing and developing personnel pursuant to the management strategies.
Furthermore, we have implemented various types of workforce development measures based on training and system improvements to help workforce learn and master higher skills.
In addition, we have promoted diversification of workforce and work styles and visualization of human capital through: helping various types of employees such as women, seniors, foreign nationals, and disabled play active roles; developing a personnel system to enable flexible work styles and workplace environments upon the strength of technologies; establishing “intrapersonal diversity” of executives and employees in light of the definition of ROLES (roles for business performance); and promoting workforce flowability on the basis of that data.
Also, we have attempted to improve engagement in the executives and employees through regular survey-based research composed of analysis and feedback.
Furthermore, we established the Social Committee as a decision-making organization about materiality issues in the area of society including human assets. We have taken measures to promote sustainability management through reducing risks related to human assets.

[8] Investments

The Group intends to strengthen our competitiveness and expand our businesses. Thus, we make large investments with the aim of providing new products and services.
The Group has implemented investments into and M&As activities targeted at partner companies who own advanced technologies and expertise, partly on a global basis. Likewise, we have continued and even increased investments in start-up companies and funds.
We make these investments without necessarily having sufficient returns guaranteed. The investments may impact the Group performance results in an event of discrepancies from partner companies in business strategies or from our initial assumptions about business growth.
Thus, the Group entrusts with individual investment projects the R&D/Investment Committee and the Project Review Committee as well as their overseer, the Executive Council. The internal bodies carefully determine the appropriateness of business plans and other factors in order to minimize risks from investment decisions.

[9] Compliance

Diversified and complicated compliance risks will be entailed partly by creating new businesses.
In an event of inadequate data handling and other material compliance violations that we may commit from dealing more in data utilization businesses and service-provision type businesses in the future, the Group may have our social credibility harmed, pay damage compensation, and eventually have business relationships re-examined by our key business partners.
Negative impacts of such risks may be augmented by personnel and labor issues such as long working hours as well as power harassment and sexual harassment, collectively impacting our business results.
The Group aims to stave off such risks through compliance promotion systems established pursuant to the Charter of Corporate Behavior, the Group Compliance Basic Regulations, and the Group Code of Conduct. We have endeavored to ensure that all of the Group’s executives and employees conduct ethical behavior in compliance with laws and regulations, social norms, and in-house regulations.

[10] Natural Disasters and Infectious Diseases

In an event that an occurrence of natural disaster such as an earthquake or terrorist attack damages devastatingly social infrastructure or the Group’s major business bases, the Group will be forced to bear a significant amount of costs in order to cope with the situation.
Similarly, in an event that the Group must restrict activities of many of our employees and business partners in order to secure their safety and well-being in the wake of an outbreak of infectious disease, as well as prevent a spread, our business activities such as service provision will be impacted enormously, which will eventually be reflected in the business results.
The Group aims to cope with business continuity risks partly caused by earthquakes and Infectious Diseases. Thus, we established a business continuity plan (BCP). We have implemented Business Continuity Project to review and improve the plan continuously from the viewpoints of ensuring safety, resuming internal businesses, and serving customers. The Group has implemented premediated training sessions such as safety confirmation drills and comprehensive simulation-based training sessions in order to make preparations against disaster occurrences. The training drills and sessions are designed for employees, organization leaders, and disaster control headquarters members. Comprehensive simulation-based training sessions are organized in accordance with scenarios of specific event occurrence in order to train participants to play individual roles about damage situation reports, response instructions, and feedback reports.