(As of 31st March, 2020)
Matters that could have a material impact on our investors’ decisions in regard to NRI’s business and other operations are described below.
Please note that these items are representative examples of risks pertaining to our business as of the end of this fiscal year, but the potential risks are not limited to those listed below. Furthermore, any matters herein relating to future events are based on judgments by NRI as of the end of the fiscal year under review.
Group Risk Management Structure
For the purposes of risk management at NRI as a whole, we have appointed a Director in Charge of Risk Management (Representative Director, Member of the Board, Senior Executive Managing Director). We have also established an Integrated Risk Management Department within the Risk Management Supervisory Department.
The Integrated Risk Management Department is responsible for building and improving our risk management framework, for identifying, assessing, and monitoring risks, and for improving our general management structure.
An Integrated Risk Management Committee is convened twice annually, with the Director in Charge of Risk Management serving as Chairman. The committee evaluates our risk management PDCA cycle and discusses risk countermeasures, among other activities, with the results subsequently being reported to the Board of Directors.
NRI’s Risk Management Methods
① Establishing Risks
The risks that can potentially arise in the course of NRI’s business operations are classified into 13 categories, with additional risk items set for each risk category. These risk items are periodically evaluated by our representative departments for monitoring risks, which review the risk items as well as their level of importance and impact.
Among the 13 risk categories, those which are recognized as having particularly high levels of importance each fiscal year are selected at the Integrated Risk Management Committee as “priority risk management themes”. The priority risk management themes for the term ending March 2021 are as follows.
- Continue proper management of quality risks for our live systems
- Improve the management preparedness of information security
- Further strengthen the management of project risks
- Develop governance systems suitable for NRI
- Implement appropriate preparation for fulfilling our business continuity responsibilities
- Create comfortable working environments
② Risk Countermeasures
For each risk item, the representative departments for monitoring risks consider and implement risk reduction measures. Risk reduction measures are deliberated at the Integrated Risk Management Committee as needed, in coordination with the Risk Management Supervisory Department.
The implementation status of our risk reduction measures is periodically reported on and evaluated at the Integrated Risk Management Committee, in coordination with the Risk Management Supervisory Department. Instructions are then provided at the Integrated Risk Management Committee for formulating and implementing additional risk reduction measures as needed.
Risks Concerning the Covid-19 Pandemic
Concerns have been raised that the global spread of Covid-19 could have an impact on NRI’s business activities.
As far as risks related to contract signing are concerned, if our clients’ management circumstances change or they overhaul their information system investment plans, it is possible that they will not renew their agreements with NRI. Further, if our clients become less willing to make these investments, the acquisition of new clients could potentially fall short of our expectations.
Regarding risks to production, NRI’s officers and employees have followed the stay-at-home requests from the governments and local authorities of their respective countries by switching to work patterns based on teleworking, and the drop in labor productivity resulting from this work pattern changeover could render us unable to provide the high level of service expected by our clients, or lead to delays or other setbacks in our consulting and system development operations. NRI also outsources a certain amount of its system development work to subcontracting partners including ones in China and other offshore areas. Going forward, if this situation becomes long-term and more severe, it could affect our ability to secure stable subcontracting partners.
Not only could these effects have an impact on NRI’s business performance and financial condition, but they could also hinder our chances of being entrusted with services in the future. It should be noted that it remains unclear when the Covid-19 pandemic will end, and the risks that could potentially occur are not limited to the foregoing.
It is also worth noting that as a result of the global spread of Covid-19, we have established a Crisis Management Committee chaired by one of our directors. The Crisis Management Committee Chairman and Crisis Management Committee Secretariat, which is composed of members from the Integrated Risk Management Department, the Personnel Department, the General Affairs Department, and other supervisory departments, are verifying the situation and are discussing and implementing measures for issues that have arisen. The content discussed by the Crisis Management Committee Secretariat is periodically reported and deliberated on by the Senior Management Committee and the Board of Directors.
In addition, in terms of our efforts for preventing the spread of Covid-19 (current at the time of this publication), we have implemented measures including making proactive use of teleworking and recommending staggered working hours, spreading out work areas, ensuring more space between seats, and checking the health conditions of visitors by using thermographic cameras and taking their temperatures, with the aim of making sure that our officers and employees etc. remain in good health. Further, in order to prepare against infections or suspected infections in our companies, we have developed a system for reporting to the Crisis Management Committee Secretariat and created various response procedures including ones for identifying close contacts, carrying out disinfection, and making public announcements.
Risks Considered Particularly Critical
① Risks Concerning Quality
The information systems developed by NRI often serve as important platforms for client business, and it is essential that these systems operate stably after completion. Regarding financial sector systems, in particular, there are cases in which credibility is on the line not only for our clients but also for the entire financial market, and we are keenly aware of the weight of that reality.
NRI is seeking to improve quality the quality of system management and operation. We are constantly striving to maintain and improve the quality of services we provide, based on the ISO27001 information security management system, and ISO20000 IT service management system. When it comes to financial sector systems, we perform management status and other inspections on a prioritized basis and are formulating measures for responding to failures in the unlikely event they occur.
Data centers are essential infrastructure for the economy and society, and we are keenly aware of their importance. NRI put in place an operating structure that enhances their security and regularly evaluates and verifies their operating status.
Further, with regard to our outsourcing services, including our BPO (Business Process Outsourcing) services whereby we are entrusted with our clients’ business processes, we recognize the inherent nature of operation risks such as input errors or erroneous deliveries, and we are working on developing an even more robust management system.
Nevertheless, there is a possibility that the stability of data center operations may not meet the standards agreed to with clients, despite our efforts, as a result of human failure to follow correct operating procedures, equipment failure, or power outages and other infrastructure-related problems. Such adverse developments could not only have a negative impact on our performance but could also damage NRI’s reputation.
② Risks Concerning Information Security
With the penetration of Internet infrastructure, the dissemination of all kinds of information throughout society has become instantaneous. These technological advances on the one hand have expanded user bases and brought greater convenience, while also heightening the risk of information leaks from cyber-attacks and other kinds of unauthorized external network access. Information security management is no being closely scrutinized by society at large. In the information services industry, in which we regularly handle our clients’ confidential data, more sophisticated information security management and comprehensive employee training are needed.
In the area of personal information management, we have obtained Privacy Mark certification, accrediting our management system to protect personal information including national identity numbers. We conduct appropriate management of confidential information, and a portion of our business has obtained Information Security Management System certification. Among the steps we take to consistently maintain a high level of security, we have systems that control the entering and exiting of our buildings, ensure rigorous computer security management, and conduct training sessions on the protection of personal information. Especially at our data centers that operate our clients’ mission-critical systems, we have introduced stricter entry/exit controls which include using X-ray scanning of articles being brought into and out of the facilities. Furthermore, given the growing number of overseas subsidiaries resulting from the increasing globalization of our business activities, we are enhancing internal controls throughout NRI, such as by investigating information security compliance and running risk assessments.
However, if information leaks should occur despite our efforts, factors such as claims for compensation for damage from clients or a loss of confidence in NRI could potentially affect our business performance.
③ Risks Concerning Projects
Generally, information systems development projected are undertaken on a contract basis. We are obliged, under such a contract, to complete an information system and deliver it by the specified deadline. However, there may be times when more person-hours are required than initially estimated because of the client’s requests for a more advanced and complex system as well as requirement changes made before completion, which may delay delivery. Even after delivery, more work than expected may be needed to complete the contract, such as carrying out additional improvements on system performance. In particular, long-term projects that take several years to complete have a higher likelihood of being affected by requirement changes to respond to the changes in both technology and the surrounding environment. Information systems are also important social infrastructure, and we believe that quality management and risk management are essential from the development stage to achieve operational stability after system completion. For systems in the financial services sector in particular, the systems not only involve the reliability of our clients, but also the entire financial market, and we are very much aware of their importance.
Therefore, in order to deal with these situations, NRI is making efforts to ensure that project estimate examination before contract signing as well as project management after contract signing are done properly. These efforts include improving the management abilities of our project managers through training programs and providing quality management systems based on ISO (International Organization for Standardization) 9001. We established exclusive examination bodies, such as our systems development committee, for projects over a certain size in order to thoroughly review the progress of projects from planning all the way to stable operation. We will further develop examinations for and improvements to the system development process for systems in the financial services sector.
However, in the event extra costs are incurred, due for instance to increasing person-hours or performance improvement work conducted after delivery, the project’s final profitability may deteriorate. Moreover, if the client’s business is harmed because of a delay in delivery or because of problems with the delivered information system, not only may we be liable for the loss, but the situation might also damage NRI’s reputation.
④ Risks Concerning Group Governance
NRI not only invests in various companies in the interest of creating future business opportunities, but also takes equity stakes in clients to strengthen business relationships, with consideration for the expected return on investment. We also undertake M&A and form business alliances in an effort to grow our global operating base.
Such actions involve careful prior examination of the target company’s financial standing and its business activities, and decisions are made only after the necessary and sufficient information has been gathered and due diligence exercised. In terms of our system for promoting global strategies, we have established regional headquarters or holding companies in North America, Asia, and Australia, and are working to reinforce our governance structure with a focus on our acquired subsidiaries. We also provide them with support for formulating and executing global strategies, primarily through our newly established global headquarters organization, and are actively enhancing governance for all of our overseas subsidiaries including our acquired subsidiaries.
Nevertheless, in the event that clear problems that were unrecognized by NRI arise after an M&A or alliance is carried out, or if expected benefits fail to materialize, NRI’s business performance might be negatively affected by, among other things, the need to apply impairment accounting procedures to goodwill.
⑤ Risks Concerning Business Continuation
With the advance of globalization of business activities and a widely networked environment, the kind of damage that could result from unforeseen events such as natural disasters or system failures has only grown in scale, requiring the reinforcement of a crisis management system.
NRI has developed a contingency plan (emergency response plan) outlining our initial response system and action guidelines to be followed in the event of pandemics such as Covid-19, natural disasters such as major earthquakes, typhoons, and floods, large-scale system disruptions, or other incidents or accidents that impair our business and the execution of operations. While taking proactive measures and conducting repeated drills, we are working to upgrade and reinforce its crisis management structure, including by establishing a structure to achieve smoother business continuation and preparing the infrastructure necessary to ensure such continuation. The main office buildings where NRI is located have sophisticated disaster prevention features for facilitating business continuity, and our Tokyo headquarters, Yokohama Center, and Osaka Center in particular have the highest level of disaster prevention features in Japan. Also, the data centers held by NRI meet the highest Japanese standards for disaster preparation, in terms of security measures and earthquake resistance among other aspects. They feature wide-area disaster control measures such as mutual back-up and functional distribution linked with the data centers in the Kanto and Kansai areas. We intend to further reinforce our backup systems for NRI’s information assets contained within these data centers, and are taking measures based on standards agreed upon with clients regarding their information assets in our keeping. Further, to ensure that we can continue to execute operations even if Covid-19 or a large-scale natural disaster or other event prevents NRI members from coming to work, we are creating a more telework-friendly environment and are continually reviewing our business continuation plans.
However, in the event of a contingency or situation that exceeds the capabilities of one company, in which interruption of operations is unavoidable, the provision of services at the standards agreed upon with clients may not be feasible, and this could potentially affect NRI’s performance.
⑥ Risks Concerning the Hiring and Fostering of Human Resources
NRI believes that the specialized expertise of our employees is the foundation of our high value-added services. In addition, hiring and fostering highly specialized human resources and establishing personnel systems and workplace environments that allow these individuals to demonstrate their full potential is necessary to build long-term trusting relationships between NRI and our clients and ultimately enable us to achieve medium- to long-term growth.
We perceive our employees as valuable human assets and are dedicated to creating a system that allows us to secure and develop these assets. We strive to recruit highly capable staff with specialized skills, while focusing on the work-life balance of employees, constructing a personnel system that accommodates diverse working methods and values, and implementing improvements to the working environment. As part of our strategies for personnel development systems, we offer assistance to and subsidize our employees to obtain various licenses and qualifications and hold many human resources development seminars at a facility dedicated to employee education and training, including to help them master new technologies in the field of DX (digital transformation). We also encourage employees to improve themselves by taking advantage of NRI’s internal certification program. Despite these efforts, if we fail to secure and develop professionals who can respond to the highly specialized demands of our clients, NRI’s business performance could suffer. Furthermore, if workplace conditions worsen and cause employees’ mental and physical health to deteriorate, this could possibly lead to a drop in worker productivity and attrition.
Risks We Recognize as Important
① Risks Concerning Management Strategies
a. Price competition in the information services industry
Competition is fierce among service providers in the information services industry. Intense price competition could occur in the future as a result of the continuing participation by new service providers from other industries, emergence of overseas providers, and an increase in demand for packaged products.
Under these business circumstances, NRI strives to differentiate our services from those of our competitors by offering high value-added services that enhance our ability to offer end-to-end services from consulting to system development and system management and operation. We also strive to improve productivity.
However, if price competition becomes more intense than forecasted, NRI’s business performance may be adversely affected.
b. Stability of management and operation services business
The expansion of system management and operation services requires various investments, such as real estate for data centers and equipment for operations and software. Return on such investments is obtained over the long term through client contracts.
Many contracts for system management and operation services span more than one year or are automatically renewed in the case of one-year contracts. Accordingly, sales are deemed relatively stable; moreover, NRI strives to achieve a steady return on investments through careful management of work in progress and continuous credit control of clients.
Nevertheless, there is no guarantee that this stability in sales of system management and operation will continue in the future; each time a client business undergoes a merger or bankruptcy, or when a client decides to overhaul its information systems strategies, there is a possibility that it will not renew its contract with NRI.
c. Investment in software
NRI invests in software to expand our business, including product sales, shared online services and outsourcing services. In many cases, the software is designed for specific use and cannot be readily adapted for other applications, which means that careful consideration must go into the decision to make such an investment.
At NRI, we exhaustively discuss the legitimacy of each business plan before commencing software development. We also have an internal system whereby regular checks on the plan’s progress enable prompt revision to the plan when necessary, both in the development stage and after completion. However, with this type of software investment, there is never a total guarantee that the initial investment will be recovered, and there is a chance the capital will not be recovered and a loss will be incurred.
d. Technological changes in the information services industry
In the information services industry, we must constantly match market needs that often change as information technology evolves.
Acknowledging such a changing business climate, NRI is striving to respond rapidly to technological innovations by being active in the investigation and research of advanced, basic, and productional and developmental IT through implementing a cross-sectional system.
However, if technological innovations rapidly advance in a wide range of areas, and if our response to these changes is delayed, it could adversely affect NRI's business performance.
e. Capital relationship with Nomura Holdings, Inc. and its affiliates
As of March 31, 2020, Nomura Holdings, Inc. held 28.8% of the voting rights of NRI (including 11.2% of indirectly held voting rights).
There is no guarantee that the percentage of voting rights held by Nomura Holdings, Inc. and its affiliates will remain stable. Furthermore, the exercise of voting rights by Nomura Holdings, Inc. and its affiliates may not necessarily be aligned with the interests of other NRI shareholders.
② Risks Concerning Compliance
a. Intellectual property rights
NRI sees the growing importance of intellectual property rights related to information systems and software, such as patents for business models related to e-commerce.
With these circumstances in mind, in the development of information systems, NRI is constantly investigating any and all possible breaches of other parties’ patents. Furthermore, through education, training and other measures, we are raising employee awareness of intellectual property rights. At the same time, we recognize that intellectual property is an important business resource, so by proactively investing in applications for patents, we are rigorously protecting the intellectual property of NRI.
If, despite these measures, any product or service of NRI breaches the intellectual property rights of a third party, not only would this potentially make NRI liable for reparations, but NRI might also be ordered to stop using an information system, or service, which could interfere with business execution. There is also the possibility that NRI's intellectual property could be breached by a third party.
b. Laws and regulations
NRI is subject to domestic and overseas laws and regulations when conducting business activities. In recent years, further legal compliance has been required for labor laws and regulations. NRI has established a compliance structure, and makes every effort to ensure compliance with laws and regulations and create a good workplace environment.
However, there is a possibility that the breach of laws and regulations or the implementation of new laws and regulations could have a negative impact on NRI's operations and performance.
③ Risks Concerning Subcontracting Partners
To expand our production capacity, improve productivity, and make use of the highly specialized know-how of outside corporations, NRI outsources some business operations. Many of these outsourcing operations are carried out under subcontracting contracts.
a. Good business relationships with subcontractors
In the fiscal year ended March 31, 2020, subcontractors were responsible for 40% of NRI's actual production. It is essential to secure top-level subcontractors and maintain a good business relationship with them in order to smoothly carry out NRI's operation.
We strive to secure superior subcontracting partners by performing corporate screening regularly and searching for new collaborating partners both domestically and overseas. Furthermore, we are conducting activities to raise productivity and quality, including activities with subcontracting partners, through such measures as the sharing of project risks through e-Partner contracts, a contracted business partner with high levels of specialized business expertise, as well as demands for greater security and thorough information management on the part of subcontracting partners.
Our subcontracting partners are not only in Japan, but also in various overseas locations, including China. Currently, Chinese companies account for 17% of NRI’s subcontracting costs. We are therefore striving to strengthen this system of cooperation by regularly dispatching executives and employees to China to visit subcontracting partners and check the status of projects.
In spite of all these efforts, if we fail to secure superior subcontracting partners or maintain a good business relationship with them, we might not be able to conduct business smoothly. Especially in subcontracting to a subcontracting partner overseas, an unexpected event might occur caused by political, economic, or social factors which are different from those in Japan.
b. Contract work
There have been calls for appropriate responses in compliance with labor-related laws when contracting business outsourcing work is carried out under service contracts. NRI has formulated guidelines relating to contract work to raise common awareness of this problem and to allow the awareness to take root in NRI. In addition, we host meetings to explain our policies to subcontracting partners as part of our drive for entirely appropriate business outsourcing.
If despite these efforts, work outside the scope of the contract work is carried out and disguised contract issues and so forth arise, NRI may lose credibility.
④ Risks Concerning Social Responsibility
Global social issues including climate change are becoming more severe, and as international organizations have agreed on targets aimed at solving these social problems such as the Paris Agreement and the United Nations Sustainable Development Goals (SDGs), companies also face increasing expectations for their social responsibility initiatives. For the problem of climate change in particular, there is a rapidly growing movement in the global information services industry to utilize renewable energy when providing information services.
With so much uncertainty surrounding the future regarding climate change, the impact of carbon taxes and renewable energy prices will depend greatly on political and technological efforts as well. For this reason, NRI has heeded the recommendations by the Financial Stability Board’s Task Force on Climate-related Financial Disclosures (TCFD), and is running scenario analyses to identify the business-related risks and opportunities being brought about by climate change. The multiple data centers owned by NRI have the highest level of environmental performance in Japan, while also employing environmental management systems based on ISO 14001 standards. We have set an environmental target of 36% renewable energy usage for our data centers by FY2030, and 100% renewable energy for NRI as a whole by 2050. However, if our transition to these target levels of renewable energy falls behind schedule, or if societal demand for action against climate change quickly accelerates and we are late to respond, NRI’s social image could suffer.
Furthermore, NRI has grown in size to the point of employing over 13,000 people around the world, with an additional 12,500 employees across our partner companies, and we must inevitably deal with human rights-related issues, including in supply chains. The information services industry also has established a belief that personal information handled by companies, including Japan's “My Number” individual ID numbers, should considered “digital rights”. This information must therefore be handled with the utmost care, and AI (artificial intelligence) systems development will require that design and operations be conducted with consideration for human rights.
NRI has developed a Human Rights Report and AI Ethics Guidelines detailing the nature of our activities in this area and our policy going forward, and we are making efforts to reduce any adverse human rights impacts from our practices. The social image of NRI could suffer if we are unable to appropriately address these human rights-related issues.
⑤ Risks Concerning Securities Holdings
NRI holds stocks of client companies with a view to strengthening business ties, and holds bonds for investment purposes.
In the event of business deterioration or bankruptcy at an issuer, NRI may incur an impairment loss or be unable to recover our investment for these securities. Moreover, market prices for these securities fluctuate in line with the economic environment, market trends, and earnings at issuers. Such fluctuations can affect NRI's financial position.
⑥ Risks Concerning Assets and Liabilities Related to Retirement Benefits
NRI has established a defined contribution pension system and a retirement allowance system as our defined-benefit system. The allowance for employee retirement benefits will fluctuate according to changes in the amount of retirement benefit obligations and pension plan assets.
Retirement benefit obligations are calculated using a number of assumptions and estimates, such as employment termination trends and discount rates. A change in any of these factors could change the amount. Meanwhile, pension plan assets fluctuate according to trends in the stock market and interest rates. Moreover, if any change in the pension plan is adopted, it could affect the liabilities of retirement benefit obligations.
⑦ Risks Concerning Lawsuits
On April 30, 2015, NRI was served notice of a lawsuit brought against it by Japan Post Information Technology Co., Ltd, which is currently in litigation.
The lawsuit states that Japan Post Information Technology, when transferring its communication network that connects nationwide postal offices over to a new communication line, placed an order, to procure communication line service and related maintenance operations from Softbank Group Corp., and an order for network transfer management and streamlining services from NRI. The suit alleges that Japan Post Information Technology was harmed by delays in the transfer over to the new communication lines and is seeking a joint payment of 16,150 million yen from Softbank and NRI.
Depending on the outcome of this litigation, NRI’s business performance may be adversely impacted.
- Philosophy & Vision
- NRI's strengths
- NRI Group Companies and offices