Based on our ideology of “Everyone is the President,” we aspire to foster all partners (employees) to incorporate the same perspective as the management team in carrying out business activities to realize sustainable growth. The Company establishes the Employee Stock Ownership Plan to further raise awareness of participation in management by the partners and to aid in their asset accumulation.
Partners can purchase the Company’s shares from small installments, and the Company provides a 10% incentive payment for such share purchases. As of the end of December 2022, the participation rate in the Employee Share Ownership plan is 35%. Each partner continues to strive to raise the corporate value by sharing the same values as our general shareholders.

IR Activities

The Company carries out timely disclosure of management information and investor relations (IR) activities for shareholders and other investors to enhance the transparency of management in order to achieve the aims of corporate governance.

Information Disclosure Policy

Status of Risk Management Structure

In order to tackle the various risks associated with business operations, the Company has developed a risk management structure to secure stable growth and business continuity by optimizing and making permanent the cost required to carry out preemptive measures.
Specifically, the Risk Management Committee has been established comprised of head of divisions and GMO-PG and its consolidated companies to carry out risk assessment, formulating and executing countermeasures, and monitoring. This Committee comprehensively evaluates and manages various risks ranging from compliance risks such as corruption prevention, natural disaster related risks including climate change, risks associated with system security, etc.
The Board of Directors supervises the effectiveness and appropriateness of the corporate-wide risk management based on periodic reports on the discussions and evaluations of the Committee.
Note that there have been no material wrongdoing nor scandals during FY2022 due to the above initiatives.

Basic View

The mission of GMO-PG and its consolidated subsidiaries is to contribute to the realization of secure and convenient payment for both consumers and businesses, with the aim to become Japan's payment infrastructure. Information security measures and responses to protect information assets from external threats, while utilizing the information resources that are proprietary to GMO-PG's consolidated subsidiaries, are of the highest management priority.
Specifically, yearly educational and awareness-raising activities are scheduled to ensure that these measures take root. Education is thoroughly conducted periodically at the start of employment through compliance training programs on deeper understanding of procedures and purposes of security rules of the Company, basic policies and rules stipulated under the information security management system (ISO 27001), as well as through awareness-raising videos on information security measures. Additionally, improving the effectiveness of risks assessment is also carried out by inviting external experts to participate in Risk Management Committee and by assigning of employees with specialized knowledge to the Internal Audit Office.

Risks and Responses to Information Security

①System Failure and Information Security

・Risk

Risk of service disruptions caused by unforeseen system failures on the part of payment providers (such as credit card companies) and/or weaknesses in the Company's systems that result in the disruption of communication networks and the malfunctioning of applications caused by cyberattacks, computer viruses, and/or unauthorized computer access from an external source or natural disasters or accidents.

・Response

The following requisite and appropriate responses are enacted to mitigate risks, such as security measures against unauthorized access from external and internal sources, a 24-hour surveillance structure, duplication of system configuration, insurance policy enrollment, and development of internal rules on operations.

②Credit Card Information Breach at Merchants

・Risk

Risk of joint liability to cover the indemnity cost of reissuing credit cards when the merchant, etc., does not have the capacity to fulfill the obligation in the event of information leakage of credit card information occurring at the merchant.

・Response

In order to mitigate this risk, the Company undertakes strengthened management of merchants that store such information as well as promotes services where the credit card information is stored by the Company and not by the merchant.

③Potential Breach of Personal Information and Its Impact

・Risk

Risk of external leak of database information managed by the Company that contains personal information such as credit card information, names, addresses, telephone numbers, and email addresses.

・Response

The Company has implemented a solid system that qualifies for the PrivacyMark in order to ensure against this risk. In addition, as a member of the Japan Consumer Credit Association, personal information management operations are implemented in accordance with the Personal Information Protection Policy. Furthermore, the Company established the Risk Management Committee to implement effective and efficient risk management. The Risk Management Committee convenes once every quarter and reports its findings on risk management to the representative directors, Board of Directors, and Audit and Supervisory Committee.

The following certifications for information security have been certified as measures to strengthen the risk management structure.

□Certified ISO 27001 Compliant
With a scope that encompasses all of our business locations, we have been certified as compliant with the ISO/IEC 27001:2013 global information security standard (within Japan, the JIS Q 27001: 2014standard).

□PrivacyMark Certified
In recognition of the appropriate measures to safeguard personal information, we have received PrivacyMark certification that signifies compliance with the Japanese Industrial Standard for personal information protection, JIS Q15001:2017.

□Fully PCI DSS Compliant
The services we provide are in full compliance with version 3.2.1 of the PCI DSS global security standard for the credit card industry, which was jointly formulated by the five global credit card brands: JCB, American Express, Discover, MasterCard, and Visa. As such, we are delivering peace of mind to all of our customers, in addition to securing credit card payments.

Basic View

The Company considers the scope of compliance that includes: a) laws and ordinances, b) ethics and social norms, c) rules, regulations, and procedures, and d) management vision. The Company works to raise the compliance mindset of all partners based on the awareness of “adapting to the demands of society” (known as the full-set compliance), which includes adherence to related government laws and ordinances.
Under the Rules of Compliance Management and Internal Rules Regarding Misconduct, all incidents of misconduct including compliance violations that occurred or is likely to occur must be reported to Corporate Support Division promptly, and the Corporate Support Division is stipulated to carry out necessary investigation and implement the required and appropriate response for resolution, as well as formulate and disseminate the preventative measures, with due reporting and collaboration with Corporate Support Division.
The Internal Audit Office reviews the state of compliance with ordinances, articles of incorporation, company rules and other such regulations based on the yearly Audit and Supervisory Plan. Corrective measures are undertaken if a circumstance is found to require improvement as well as follow-up to ensure these corrective measures are enforced. If an incident where a compliance violation is suspected occurs, the Company has developed and operates a whistleblower system in addition to the normal reporting system based on chain of command.
Note that no costs related to compliance violations, including penalties, fines and settlement payments related to corruption, have been incurred in FY2022.

Basic View

The Company's Code of Conduct for Directors and Employees stipulates related anti-corruption clauses including compliance with Act on Prohibition of Private Monopolization and Maintenance of Fair Trade (the Anti-Monopoly Act), acts of conflicts of interest, prohibition of gift-giving or entertainment of public officials or those deemed to be as well as overseas public officials or those deemed to be, prohibition of gift-giving and entertainment in excess of socially acceptable levels to business counterparts, measures on anti-money laundering and other similar acts and, contributions and charitable donations that abide with laws and ordinances.

Anti-Corruption Initiatives

The Company carries out the merchant management assessment on merchants that are likely to enter into a commercial transaction with the Company, to assess whether the business of the merchant is offensive to public order and standards of decency.
The Board of Directors monitors the compliance of GMO-PG and its consolidated companies by receiving regular reports on the compliance initiatives and its implementation from the officer in charge of compliance.
The Company has established a whistle-blower reporting system internally and externally that ensures confidentiality, fairness and objectivity.
The Company continuously works to disseminate the Company's principles and messages from top management that are related to compliance and foster a compliance culture through periodically reading aloud and debates. In addition, the Company conducts regular training and follow-up sessions in order to educate and thoroughly disseminate the significance and importance of compliance management as per the Rules on Compliance Management.
Note that there were no violations of the Code of Conduct related to anti-corruption and no eligible personnel for disciplinary actions and disciplinary dismissal during FY2022.

Political Donations

The Company does not make political donations.

Under the management principle to “By contributing to society, we pursue both spiritual and material prosperity for our partners.” the Company contributes to the economy and local community of that jurisdiction through the fair and full payment of taxes. The Company appropriately files and pays the taxes based on the relevant laws and regulations on taxation of that country/region in which the business activity takes place. In addition, the Company will endeavor to optimize its tax cost through the use of tax incentives and benefits within the scope of legitimate business activities. The Company will not engage in arbitrary tax avoidance measures to make unreasonable and unjust use of tax havens and excessive tax planning on non-existent businesses, nor abuse tax incentives in a manner not aligned with the purpose stated in the relevant tax law.

Security compliance