Sustainability

Governance

Corporate Governance

Basic Views

Based on the management principle, the Company implements governance systems that can effectively and efficiently realize this principle. The Company's basic view on corporate governance is to implement measures and develop necessary management oversight systems for sound progress while simultaneously securing the legal compliance and efficiency of management, and corporate governance is positioned as one of the highest priority management issues.

Corporate Governance Structure
Corporate Governance Structure
Board of Directors

The Board of Directors is comprised of 11 Directors (excluding members of the Audit and Supervisory Committee) and four directors that are members of the Audit and Supervisory Committee(of which, four are External Directors). The Representative Director functions as the chairperson of the Board. The Board convenes its regular session once every month and can hold extraordinary sessions when necessary to resolve important management and legal issues. In addition, the Board supervises the execution of duties of Directors, and endeavors to secure the fairness, efficiency and transparency of the decision-making process. Furthermore, the term of office of a Director (excluding members of the Audit and Supervisory Committee) is one year, in order to establish a management system that can respond agilely to the changes in the business environment and clearly define the Director's management responsibility.

Management Committee

The Management Committee is the decision-making body for the execution of important business operations in order to strengthen the management oversight function through the separation of supervision and execution. The Management Committee is comprised of the Representative Directors and some Directors and Executive Officers, and convenes once a month or more, in principle. The Management Committee is formed to facilitate the efficient execution of operations, and make timely and appropriate decisions through deliberations on important matters related to the execution of operations carried out in accordance with the Basic Policy of the Board.

Audit and Supervisory Committee

The Audit and Supervisory Committee is comprised of four Directors (of which, four are External Directors). Members of the Audit and Supervisory Committee oversee the execution of duties of Directors (excluding members of the Audit and Supervisory Committee) by conducting investigations of financial condition and business operations, and by attending meetings deemed important in addition to attending the Board of Directors meetings, in accordance with the Rules of the Audit and Supervisory Committee.

Nomination and Remuneration Committee

The Nomination and Remuneration Committee is a voluntary body covering matters pertaining to nomination and remuneration of Directors. The Nomination and Remuneration Committee is comprised of five Directors (of which, three are External Directors) and the chaired by an External Director. The Nomination and Remuneration Committee acts as an advisory body to the Board of Directors and make proposals to the Board of Directors when necessary, on matters concerning appointment of Directors, screening of candidates, Director's remuneration system, remuneration amount, and succession plans for the role of Representative Director by carrying out fair and objective deliberations that also take in account diversity and skill set.

Internal Audit Office

The Company establishes the Internal Audit Office which is comprised of three dedicated staff member that conduct the audit of material risks and internal controls of GMO-PG and its consolidated companies. Specifically, the Internal Audit Office conducts internal audits of each department of the Company and its consolidated subsidiaries to ascertain whether operations are compliant and conducive with legal regulations, Articles of Incorporation, internal rules, in accordance with the Rules on Internal Audit. The findings are reported to the Representative Director and also explained to the Audit and Supervisory Committee.

Risk Management Committee

The Company establishes a Risk Management Committee that undertakes risk management for the overall GMO-PG and its consolidated companies in an effective and efficient manner.

Special Committee

The Special Committee is established for the purpose of protecting interest of minority shareholders and strengthening governance of Board of Directors to which it acts as an advisory body, comprising of five independent External Directors, to deliberate and consider important transactions and actions where conflict of interest is deemed to exist between the controlling and minority shareholders.

Continual Improvement of Governance

Selection Policies and Nomination Procedures of Directors

The selection of Directors makes due consideration of Directors who are equipped with the knowledge, experience and skill to effectively carry out their role and responsibility and will be mindful to achieve the appropriate size and diversity of the Board. Candidate for Directors will be selected on these policies and following the deliberations at the Nomination and Remuneration Committee, will be formally proposed to the Board for the decision.

Independence Standards for External Directors

In making the decision for designating External Directors including members of the Audit and Supervisory Committee as independent Directors, the Company designates as independent Directors those who fulfill the proprietary standards set forth in the Independence Standards and Rules for External Directors.

Evaluating the Effectiveness of the Board

The Company confirms that the Board's effectiveness is appropriately secured based on a wide perspective of its organizational design, nomination and remuneration as well as the Board's composition and its operation and by incorporating objective and quantifiable methods such as questionnaires to all Directors. Concurrently, the issues and problems revealed in the evaluation process is continuously addressed through improvement measures and its implementation in order to further enhance the Board's functions.

Director's Remuneration

In order to secure the transparency of the remuneration determination process and the appropriateness of the remuneration amount, the Company establishes the Nomination and Remuneration Committee which is chaired by an External Director. The remuneration (including bonus and other payments) for Directors (excluding members of the Audit and Supervisory Committee) is decided by the Board of Directors following due deliberations by the Nomination and Remuneration Committee. The remuneration amount for each individual Director is decided by the Board and is deemed to basically align with the report from the Nomination and Remuneration Committee, following multi-faceted considerations including the consistency with policies determined by the Nomination and Remuneration Committee. The remuneration of Directors who are members of the Audit and Supervisory Committee consist of a fixed remuneration amount in the interest of securing independence and objectivity from management, and the fixed remuneration amount is decided through discussions in the Audit and Supervisory Committee.

・Directors' BIP Trust

The Company adopts the BIP Trust (Board Incentive Plan) for bonuses paid to Directors as part of a performance-based compensation scheme for Directors. This is a medium-to long-term incentive plan wherein common shares are distributed at the time of retirement based on the achievement of business targets of each year. This incentivizes Directors to carry out management in awareness of the stock price and financial results from a medium-to long-term perspective and to share common interest with shareholders from a medium- to long-term view.

Directors' Skill Matrix

* The attendance of the Audit and Supervisory Board for FY2021 (transitioned to company with an Audit and Supervisory Committee from December 19, 2021)
* Number of Board meetings convened: 18; Number of Board of Auditors' meetings convened: 13; Number of Nomination and Remuneration Committee meetingsconvened: 3

Corporate Governance

Raising Awareness of Participation in Management through the Employee Stock Ownership Plan

Based on our ideology of “Everyone is the President,” we aspire to foster all partners (employees) to incorporate the same perspective as the management team in carrying out business activities to realize sustainable growth. The Company establishes the Employee Stock Ownership Plan to further raise awareness of participation in management by the partners and to aid in their asset accumulation.
Partners can purchase the Company's shares from small installments, and the Company provides a 10% incentive payment for such share purchases. As of the end of December 2021, the participation rate in the Employee Share Ownership Plan is 40%. Each partner continues to strive to raise the corporate value by sharing the same values as our general shareholders.

Engagement through IR Activities

IR Activities

The Company carries out timely disclosure of management information and investor relations (IR) activities for shareholders and other investors to enhance the transparency of management in order to achieve the aims of corporate governance.

Summary of Activities for FY2021 (from October 1, 2020 to September 30, 2021)
Activity
Number of Events
Financial results announcements and briefings
4 times
One-on-one meetings
Approx. 330
Participation in broker conferences
9 times

Information Disclosure Policy

Risk Management

Status of Risk Management Structure

In order to tackle the various risks associated with business operations, the Company has developed a risk management structure to secure stable growth and business continuity by optimizing and making permanent the cost required to carry out preemptive measures.
Specifically, the Risk Management Committee has been established comprised of head of divisions and GMO-PG and its consolidated companies to carry out risk assessment, formulating and executing countermeasures, and monitoring. This Committee comprehensively evaluates and manages various risks ranging from compliance risks such as corruption prevention, natural disaster related risks including climate change, risks associated with system security, etc.
The Board of Directors supervises the effectiveness and appropriateness of the corporate-wide risk management based on periodic reports on the discussions and evaluations of the Committee.
Note that there have been no material wrongdoing nor scandals during FY2021 due to the above initiatives.

Information Security

Basic View

The mission of GMO-PG and its consolidated subsidiaries is to contribute to the realization of secure and convenient payment for both consumers and businesses, with the aim to become Japan's payment infrastructure. Information security measures and responses to protect information assets from external threats, while utilizing the information resources that are proprietary to GMO-PG's consolidated subsidiaries, are of the highest management priority.
Specifically, yearly educational and awareness-raising activities are scheduled to ensure that these measures take root. Education is thoroughly conducted periodically at the start of employment through compliance training programs on deeper understanding of procedures and purposes of security rules of the Company, basic policies and rules stipulated under the information security management system (ISO 27001), as well as through awareness-raising videos on information security measures. Additionally, improving the effectiveness of risks assessment is also carried out by inviting external experts to participate in Risk Management Committee and by assigning of employees with specialized knowledge to the Internal Audit Office.

Risks and Responses to Information Security
①System Failure and Information Security
・Risk
Risk of service disruptions caused by unforeseen system failures on the part of payment providers (such as credit card companies) and/or weaknesses in the Company's systems that result in the disruption of communication networks and the malfunctioning of applications caused by cyberattacks, computer viruses, and/or unauthorized computer access from an external source or natural disasters or accidents.
・Response
The following requisite and appropriate responses are enacted to mitigate risks, such as security measures against unauthorized access from external and internal sources, a 24-hour surveillance structure, duplication of system configuration, insurance policy enrollment, and development of internal rules on operations.
②Credit Card Information Breach at Merchants
・Risk
Risk of joint liability to cover the indemnity cost of reissuing credit cards when the merchant, etc., does not have the capacity to fulfill the obligation in the event of information leakage of credit card information occurring at the merchant.
・Response
In order to mitigate this risk, the Company undertakes strengthened management of merchants that store such information as well as promotes services where the credit card information is stored by the Company and not by the merchant.
③Potential Breach of Personal Information and Its Impact
・Risk
Risk of external leak of database information managed by the Company that contains personal information such as credit card information, names, addresses, telephone numbers, and email addresses.
・Response
The Company has implemented a solid system that qualifies for the PrivacyMark in order to ensure against this risk. In addition, as a member of the Japan Consumer Credit Association, personal information management operations are implemented in accordance with the Personal Information Protection Policy. Furthermore, the Company established the Risk Management Committee to implement effective and efficient risk management. The Risk Management Committee convenes once every quarter and reports its findings on risk management to the representative directors, Board of Directors, and Audit and Supervisory Committee.
The following certifications for information security have been certified as measures to strengthen the risk management structure.

・Certified ISO 27001 Compliant
With a scope that encompasses all of our business locations, we have been certified as compliant with the ISO/IEC 27001:2013 global information security standard (within Japan, the JIS Q 27001: 2014standard).

ISO27001

・PrivacyMark Certified
In recognition of the appropriate measures to safeguard personal information, we have received PrivacyMark certification that signifies compliance with the Japanese Industrial Standard for personal information protection, JIS Q15001:2017.

ISO27001

・Fully PCI DSS Compliant
The services we provide are in full compliance with version 3.2.1 of the PCI DSS global security standard for the credit card industry, which was jointly formulated by the five global credit card brands: JCB, American Express, Discover, MasterCard, and Visa. As such, we are delivering peace of mind to all of our customers, in addition to securing credit card payments.

ISO27001

Compliance (Legal Compliance)

Basic View

The Company considers the scope of compliance that includes: a) ordinances, b) ethics and social norms, c) rules, regulations, and procedures, and d) management vision. The Company works to raise the compliance mindset of all partners based on the awareness of “adapting to the demands of society” (known as the full-set compliance), which includes adherence to related government ordinances.
The Internal Audit Office reviews the state of compliance with ordinances, articles of incorporation, company rules and other such regulations based on the yearly Audit and Supervisory Plan. Corrective measures are undertaken if a circumstance is found to require improvement as well as follow-up to ensure these corrective measures are enforced. If an incident where a compliance violation is suspected occurs, the Company has developed and operates a whistleblower system in addition to the normal reporting system based on chain of command.
Note that no costs related to compliance violations have been incurred in FY2021.

Anti-Corruption

Basic View

The internal rules of the Company strictly prohibit the receiving and accepting of economic benefits that are illegal or related to fraudulent activities, including inappropriate entertainment and gift-giving, and the receiving and accepting of bribes. In addition, the Company will thoroughly work to comply with Anti-monopoly Act and laws on prohibition of cartels, the Act on Prevention of Transfer of Criminal Proceeds which stipulates AML/CFT activities with a specified business operator.

Anti-Corruption Initiatives

The Board of Directors monitors the compliance of GMO-PG and its consolidated companies by receiving regular reports on the compliance initiatives and its implementation from the officer in charge of compliance.
The Company has established a whistle-blower reporting system internally and externally that ensures confidentiality, fairness and objectivity.
The Company continuously works to disseminate the Company's principles and messages from top management that are related to compliance and foster a compliance culture through periodically reading aloud and debates. In addition, the Company also conducts regular training and follow-up sessions as well.

Political Donations

The Company does not make political donations.

Tax Policy

Under the management principle to “By contributing to society, we pursue both spiritual and material prosperity for our partners.” the Company contributes to the economy and local community of that jurisdiction through the fair and full payment of taxes. The Company appropriately files and pays the taxes based on the relevant laws and regulations on taxation of that country/region in which the business activity takes place. In addition, the Company will endeavor to optimize its tax cost through the use of tax incentives and benefits within the scope of legitimate business activities. The Company will not engage in arbitrary tax avoidance measures to make unreasonable and unjust use of tax havens and excessive tax planning on non-existent businesses, nor abuse tax incentives in a manner not aligned with the purpose stated in the relevant tax law.

Security compliance