Based on the management principle, the Company implements governance systems that can effectively and efficiently realize this principle. The Company's basic view on corporate governance is to implement measures and develop necessary management oversight systems for sound progress while simultaneously securing the legal compliance and efficiency of management, and corporate governance is positioned as one of the highest priority management issues.
Corporate Governance Structure
Board of Directors
The Board of Directors is comprised of 15 Directors (including 5 external directors) . The Representative Director functions as the chairperson of the Board. The Board convenes its regular session once every month and can hold extraordinary sessions when necessary to resolve important management and legal issues. In addition, the Board supervises the execution of duties of Directors, and endeavors to secure the fairness, efficiency and transparency of the decision-making process. Furthermore, the term of office of a Director excluding members of the Audit and Supervisory Committee is one year, in order to establish a management system that can respond agilely to the changes in the business environment and clearly define the Director's management responsibility. Moreover, the term of office of a Director who are members of the Audit and Supervisory Committee is two year.
Audit and Supervisory Committee
The Audit and Supervisory Committee consists of four external directors. Based on the Rules of the Audit and Supervisory Committee, each member must share and conduct the task of attending the Board of Directors meetings and important meetings and operations, investigations of financial condition, etc. The Committee receives necessary reports from the Internal Audit Office and supervises the execution of duties by the Board (excluding members of the Audit and Supervisory Committee).
The Management Committee is the decision-making body for the execution of important business operations in order to strengthen the management oversight function through the separation of supervision and execution. The Management Committee is comprised of the Representative Directors and some Directors and Executive Officers, and convenes once a month or more, in principle. The Management Committee is formed to facilitate the efficient execution of operations, and make timely and appropriate decisions through deliberations on important matters related to the execution of operations carried out in accordance with the Basic Policy of the Board.
Nomination and Remuneration Committee
The Nomination and Remuneration Committee is a voluntary body covering matters pertaining to nomination and remuneration of Directors. The Nomination and Remuneration Committee is comprised of five Directors (of which, three are External Directors) and the chaired by an External Director. The Nomination and Remuneration Committee acts as an advisory body to the Board of Directors and make proposals to the Board of Directors when necessary, on matters concerning appointment of Directors, screening of candidates, Director's remuneration system, remuneration amount, and succession plans for the role of Representative Director by carrying out fair and objective deliberations that also take in account diversity and skill set.
Internal Audit Office
The Company establishes the Internal Audit Office which is comprised of three dedicated staff member that conduct the audit of material risks and internal controls of GMO-PG and its consolidated companies. Specifically, the Internal Audit Office conducts internal audits of each department of the Company and its consolidated subsidiaries to ascertain whether operations are compliant and conducive with legal regulations, Articles of Incorporation, internal rules, in accordance with the Rules on Internal Audit. The findings are reported to the Representative Director and also explained to the Audit and Supervisory Committee.
Risk Management Committee
The Company establishes a Risk Management Committee that undertakes risk management for the overall GMO-PG and its consolidated companies in an effective and efficient manner.
The Special Committee acts as an advisory body to the Board of Directors and consists of five external directors vested with the responsibility to deliberate on important transactions and actions with conflict of interest between controlling and non-controlling shareholders.
Continual Improvement of Governance
Selection Policies and Nomination Procedures of Directors
The selection of Directors makes due consideration of Directors who are equipped with the knowledge, experience and skill to effectively carry out their role and responsibility and will be mindful to achieve the appropriate size and diversity of the Board. Candidate for Directors will be selected on these policies and following the deliberations at the Nomination and Remuneration Committee, will be formally proposed to the Board for the decision.
Independence Standards for External Directors
In making the decision for designating External Directors including members of the Audit and Supervisory Committee as independent Directors, the Company designates as independent Directors those who fulfill the proprietary standards set forth in the Independence Standards and Rules for External Directors.
Evaluating the Effectiveness of the Board
The Company confirms that the Board's effectiveness is appropriately secured based on a wide perspective of its organizational design, nomination and remuneration as well as the Board's composition and its operation and by incorporating objective and quantifiable methods such as questionnaires to all Directors. Concurrently, the issues and problems revealed in the evaluation process is continuously addressed through improvement measures and its implementation in order to further enhance the Board's functions.
In order to secure the transparency of the remuneration determination process and the appropriateness of the remuneration amount, the Company establishes the Nomination and Remuneration Committee which is chaired by an External Director. The remuneration (including bonus and other payments) for Directors (excluding members of the Audit and Supervisory Committee) is decided by the Board of Directors following due deliberations by the Nomination and Remuneration Committee. The remuneration amount for each individual Director is decided by the Board and is deemed to basically align with the report from the Nomination and Remuneration Committee, following multi-faceted considerations including the consistency with policies determined by the Nomination and Remuneration Committee.
Furthermore, in order to further advance sustainability management, ESG indicators have been incorporated into the individual target of the Director in charge from FY ending September 2022. The remuneration of Directors who are members of the Audit and Supervisory Committee consist of a fixed remuneration amount in the interest of securing independence and objectivity from management, and the fixed remuneration amount is decided through discussions in the Audit and Supervisory Committee.
Directors' Skill Matrix
*1 GMO-ism refers to GMO Internet Group, Inc.’s collective corporate motto consisting of “Venture Spirit Declaration,” “55-Year Plan,” in addition to the “Rules for Senior Manager” and “Laws of Winning.”
*2 Number of Board meetings convened: 17; Number of Audit and Supervisory Committee meetings convened: 11; Number of Nomination and Remuneration Committee meetings convened: 2
Raising Awareness of Participation in Management through the Employee Stock Ownership Plan
Based on our ideology of “Everyone is the President,” we aspire to foster all partners (employees) to incorporate the same perspective as the management team in carrying out business activities to realize sustainable growth. The Company establishes the Employee Stock Ownership Plan to further raise awareness of participation in management by the partners and to aid in their asset accumulation.
Partners can purchase the Company’s shares from small installments, and the Company provides a 10% incentive payment for such share purchases. As of the end of December 2022, the participation rate in the Employee Share Ownership plan is 35%. Each partner continues to strive to raise the corporate value by sharing the same values as our general shareholders.
Engagement through IR Activities
The Company carries out timely disclosure of management information and investor relations (IR) activities for shareholders and other investors to enhance the transparency of management in order to achieve the aims of corporate governance.
Summary of Activities for FY2022 (from October 1, 2021 to September 30, 2022)
- Number of Events
- Financial results announcements and briefings
- 4 times
- One-on-one meetings
- Approx. 370
- Participation in broker conferences
- 16 times
Information Disclosure Policy
Status of Risk Management Structure
In order to tackle the various risks associated with business operations, the Company has developed a risk management structure to secure stable growth and business continuity by optimizing and making permanent the cost required to carry out preemptive measures.
Specifically, the Risk Management Committee has been established comprised of head of divisions and GMO-PG and its consolidated companies to carry out risk assessment, formulating and executing countermeasures, and monitoring. This Committee comprehensively evaluates and manages various risks ranging from compliance risks such as corruption prevention, natural disaster related risks including climate change, risks associated with system security, etc.
The Board of Directors supervises the effectiveness and appropriateness of the corporate-wide risk management based on periodic reports on the discussions and evaluations of the Committee.
Note that there have been no material wrongdoing nor scandals during FY2022 due to the above initiatives.
The mission of GMO-PG and its consolidated subsidiaries is to contribute to the realization of secure and convenient payment for both consumers and businesses, with the aim to become Japan's payment infrastructure. Information security measures and responses to protect information assets from external threats, while utilizing the information resources that are proprietary to GMO-PG's consolidated subsidiaries, are of the highest management priority.
Specifically, yearly educational and awareness-raising activities are scheduled to ensure that these measures take root. Education is thoroughly conducted periodically at the start of employment through compliance training programs on deeper understanding of procedures and purposes of security rules of the Company, basic policies and rules stipulated under the information security management system (ISO 27001), as well as through awareness-raising videos on information security measures. Additionally, improving the effectiveness of risks assessment is also carried out by inviting external experts to participate in Risk Management Committee and by assigning of employees with specialized knowledge to the Internal Audit Office.
Risks and Responses to Information Security
①System Failure and Information Security
Risk of service disruptions caused by unforeseen system failures on the part of payment providers (such as credit card companies) and/or weaknesses in the Company's systems that result in the disruption of communication networks and the malfunctioning of applications caused by cyberattacks, computer viruses, and/or unauthorized computer access from an external source or natural disasters or accidents.
The following requisite and appropriate responses are enacted to mitigate risks, such as security measures against unauthorized access from external and internal sources, a 24-hour surveillance structure, duplication of system configuration, insurance policy enrollment, and development of internal rules on operations.
②Credit Card Information Breach at Merchants
Risk of joint liability to cover the indemnity cost of reissuing credit cards when the merchant, etc., does not have the capacity to fulfill the obligation in the event of information leakage of credit card information occurring at the merchant.
In order to mitigate this risk, the Company undertakes strengthened management of merchants that store such information as well as promotes services where the credit card information is stored by the Company and not by the merchant.
③Potential Breach of Personal Information and Its Impact
Risk of external leak of database information managed by the Company that contains personal information such as credit card information, names, addresses, telephone numbers, and email addresses.
The Company has implemented a solid system that qualifies for the PrivacyMark in order to ensure against this risk. In addition, as a member of the Japan Consumer Credit Association, personal information management operations are implemented in accordance with the Personal Information Protection Policy. Furthermore, the Company established the Risk Management Committee to implement effective and efficient risk management. The Risk Management Committee convenes once every quarter and reports its findings on risk management to the representative directors, Board of Directors, and Audit and Supervisory Committee.
The following certifications for information security have been certified as measures to strengthen the risk management structure.
□Certified ISO 27001 Compliant
With a scope that encompasses all of our business locations, we have been certified as compliant with the ISO/IEC 27001:2013 global information security standard (within Japan, the JIS Q 27001: 2014standard).
In recognition of the appropriate measures to safeguard personal information, we have received PrivacyMark certification that signifies compliance with the Japanese Industrial Standard for personal information protection, JIS Q15001:2017.
□Fully PCI DSS Compliant
The services we provide are in full compliance with version 3.2.1 of the PCI DSS global security standard for the credit card industry, which was jointly formulated by the five global credit card brands: JCB, American Express, Discover, MasterCard, and Visa. As such, we are delivering peace of mind to all of our customers, in addition to securing credit card payments.
Compliance (Legal Compliance)
The Company considers the scope of compliance that includes: a) laws and ordinances, b) ethics and social norms, c) rules, regulations, and procedures, and d) management vision. The Company works to raise the compliance mindset of all partners based on the awareness of “adapting to the demands of society” (known as the full-set compliance), which includes adherence to related government laws and ordinances.
Under the Rules of Compliance Management and Internal Rules Regarding Misconduct, all incidents of misconduct including compliance violations that occurred or is likely to occur must be reported to Corporate Support Division promptly, and the Corporate Support Division is stipulated to carry out necessary investigation and implement the required and appropriate response for resolution, as well as formulate and disseminate the preventative measures, with due reporting and collaboration with Corporate Support Division.
The Internal Audit Office reviews the state of compliance with ordinances, articles of incorporation, company rules and other such regulations based on the yearly Audit and Supervisory Plan. Corrective measures are undertaken if a circumstance is found to require improvement as well as follow-up to ensure these corrective measures are enforced. If an incident where a compliance violation is suspected occurs, the Company has developed and operates a whistleblower system in addition to the normal reporting system based on chain of command.
Note that no costs related to compliance violations, including penalties, fines and settlement payments related to corruption, have been incurred in FY2022.
The Company's Code of Conduct for Directors and Employees stipulates related anti-corruption clauses including compliance with Act on Prohibition of Private Monopolization and Maintenance of Fair Trade (the Anti-Monopoly Act), acts of conflicts of interest, prohibition of gift-giving or entertainment of public officials or those deemed to be as well as overseas public officials or those deemed to be, prohibition of gift-giving and entertainment in excess of socially acceptable levels to business counterparts, measures on anti-money laundering and other similar acts and, contributions and charitable donations that abide with laws and ordinances.
The Company carries out the merchant management assessment on merchants that are likely to enter into a commercial transaction with the Company, to assess whether the business of the merchant is offensive to public order and standards of decency.
The Board of Directors monitors the compliance of GMO-PG and its consolidated companies by receiving regular reports on the compliance initiatives and its implementation from the officer in charge of compliance.
The Company has established a whistle-blower reporting system internally and externally that ensures confidentiality, fairness and objectivity.
The Company continuously works to disseminate the Company's principles and messages from top management that are related to compliance and foster a compliance culture through periodically reading aloud and debates. In addition, the Company conducts regular training and follow-up sessions in order to educate and thoroughly disseminate the significance and importance of compliance management as per the Rules on Compliance Management.
Note that there were no violations of the Code of Conduct related to anti-corruption and no eligible personnel for disciplinary actions and disciplinary dismissal during FY2022.
The Company does not make political donations.
Under the management principle to “By contributing to society, we pursue both spiritual and material prosperity for our partners.” the Company contributes to the economy and local community of that jurisdiction through the fair and full payment of taxes. The Company appropriately files and pays the taxes based on the relevant laws and regulations on taxation of that country/region in which the business activity takes place. In addition, the Company will endeavor to optimize its tax cost through the use of tax incentives and benefits within the scope of legitimate business activities. The Company will not engage in arbitrary tax avoidance measures to make unreasonable and unjust use of tax havens and excessive tax planning on non-existent businesses, nor abuse tax incentives in a manner not aligned with the purpose stated in the relevant tax law.