ガバナンスGovernance

Corporate Governance

Corporate Governance

Under our management principles, we will build a governance system that can effectively and efficiently achieve this. The Company's basic approach to Corporate Governance is to develop a management governance system and implement measures necessary for sound development while simultaneously ensuring management efficiency and legality, and we regard this as one of the most important management issues.

Corporate Governance Organizational Structure

Corporate Governance Organizational Structure

・Board of Directors

The Board of Directors consists of 15 directors (including External Director 5) and is chaired by the representative director. The Board of Directors, which meets regularly once a month and meets extraordinary meetings as necessary, makes decisions on statutory matters and important management matters, supervises the execution of duties by directors, and strives to ensure transparency, efficiency, and fairness in decision-making. In addition, in order to further clarify the management responsibilities of directors and build a management system that can respond quickly to changes in the business environment, the term of office of directors excluding those who are members of the Audit and Supervisory Committee is set at one year. The term of office of directors who are members of the Audit and Supervisory Committee is two years.

・Audit and Supervisory Committee

The Audit and Supervisory Committee consists of four members who are External Director members of the Audit and Supervisory Committee. In accordance with the rules of the Audit and Supervisory Committee, the Audit and Supervisory Committee conducts audits by each Audit and Supervisory Committee member, attending important meetings as well as the Board of Directors, investigating the status of operations and assets, etc., and giving necessary instructions to Internal Audit Office and receiving reports.

・Management Committee

The Management Committee is an important decision-making body for business execution to strengthen the management supervisory function by separating supervision and execution, and is composed of some directors and executive officers, including the representative director, and meets at least once a month in principle. The Management Committee deliberates on important matters related to business execution based on the basic policy established by the Board of Directors, and is held to contribute to appropriate and prompt decision-making and efficient business execution.

・Nomination and Remuneration Committee

The Nomination and Remuneration Committee shall be composed of directors (excluding those who are members of the Audit and Supervisory Committee). The committee consists of five directors (of which three are External Director), and External Director is appointed as the chairperson. As an advisory body to the Board of Directors, the Board of Directors deliberates on the policy for the appointment of Directors, etc., each candidate, the remuneration system for officers, the amount of remuneration, the plan for the successor of the Representative Director, etc., from an objective and fair perspective, and reports to the Board of Directors, etc. as necessary.

・ Internal Audit Office

The Company has established a Internal Audit Office with three dedicated staff members who conduct audits of the Group's material risks and internal controls. Specifically, in accordance with the Internal Audit Regulations established by the Company, the Company conducts internal audits of each department and subsidiary within the Company to ensure that business is being conducted legally and appropriately in accordance with statutory regulations, the Articles of Incorporation, and internal regulations, and reports the results to the Representative Director and explains them to the Audit and Supervisory Committee members.

・Risk Management Committee

In order to effectively and efficiently implement risk management for the entire Group, we have established a Risk Management Committee and are promoting initiatives throughout the Group.

・Special Committees

As an advisory body to the Board of Directors, the Special Committee is composed of five External Director members who are independent directors, and deliberates and examines important transactions and actions that conflict with the interests of the controlling shareholder and the minority shareholder in order to protect the interests of minority shareholders and strengthen the governance of the Board of Directors.

Continuous Improvement of Governance

・Policies and procedures for appointing directors

With regard to the appointment of Directors, the Company takes care to ensure that the Board of Directors has the knowledge, experience, and abilities necessary to effectively fulfill their roles and responsibilities, and that the Board of Directors is composed in a manner that balances the diversity (nationality, gender, and age) and the appropriate size of the Board of Directors. Candidates for directors are selected based on this approach, and after deliberation by the Nomination and Remuneration Committee, they are submitted to the Board of Directors for decision.

・Independence Standards for Outside Officers

In designating External Director, including those who are members of the Audit and Supervisory Committee, as independent officers, in order to determine their independence, the Company designates persons who meet the "Detailed Regulations on Independence Standards for Outside Officers" independently established by the Company as independent officers.

・Evaluation of the effectiveness of the Board of Directors

The Group analyzes and evaluates the effectiveness of the Board of Directors once a year and strives to improve the functions of the Board of Directors.
Specifically, the Board of Directors is working to evaluate the effectiveness of the Board of Directors, incorporating objective and quantitative methods such as questionnaires to all directors inside and outside the company, and strives to ensure that the effectiveness of the Board of Directors is appropriately ensured from a wide range of perspectives, including organizational design and the nomination and remuneration of each director, as well as the composition and operation of the Board of Directors.
At the same time, with the aim of further strengthening functions, we are continuously formulating and implementing improvement measures for issues related to the Board of Directors, which were highlighted in the evaluation process.

・Remuneration of officers

In order to ensure the appropriateness of executive remuneration and the transparency of the decision-making process, the Company has established the Nomination and Remuneration Committee, chaired by External Director, as an advisory body to the Board of Directors. Directors (excluding those who are members of the Audit and Supervisory Committee) Remuneration (including bonuses, etc.) is determined by the Board of Directors after deliberation by the Nomination and Remuneration Committee.
Since the Nomination and Remuneration Committee conducts a multifaceted examination of the details of remuneration for individual directors, including consistency with the decision policy, the Board of Directors basically respects the report and determines that it is in line with the decision policy. In addition, the remuneration of directors who are members of the Audit and Supervisory Committee consists only of fixed remuneration from the viewpoint of emphasizing independence and objectivity in management, and the amount of remuneration for directors who are members of the Audit and Supervisory Committee is determined through consultation with the Audit and Supervisory Committee.
In addition, in order to further enhance sustainability management, ESG indicators have been incorporated into the individual targets of the officer in charge from the fiscal year ended September 2022.

Director Skills Matrix

identity position GMO-ism
Practice *1
enterprise
management
IT &
security
risk
management
Legal Finance,
accounting
payment processing company
business
finance global investment
(M&A)
ESG・
Sustainer
Ability
board of directors
Attendance rate *2
Audit & Supervisory Committee
Attendance rate *2
Nomination and Remuneration Committee
Attendance rate *2
Issei Ainoura President & Chief Executive Officer                   94% - -
Masatoshi Kumagai Chairman of the Board 100% - -
Ryu Muramatsu Director Executive Vice President 100% - -
Satoru Isozaki Director Executive Vice President 100% - 100%
Masashi Yasuda director 100% - 100%
Hirofumi Yamashita director 100% - -
Teruhiro Arai director 94% - -
Noriko Inagaki director 100% - -
Yuki Kawasaki director 100% - -
Takashi Shimahara director 94% - -
Fumio Kai director 100% 100% -
Kazutaka Yoshida Directors,
Audit & Supervisory Committee Member
100% 100% 100%
Kazuhiko Okamoto Directors,
Audit & Supervisory Committee Member
94% 94% 100%
Yumi Hokazono Directors,
Audit & Supervisory Committee Member
100% 100% 100%
Osamu Ohkawa Directors,
Audit & Supervisory Committee Member
- - -

*1 GMO-ism is a general term for the GMO Internet Group's unchanging goals, such as the Spirit Venture Declaration and the 55-Year Plan, as well as the corporate motto and Our values that express the Executives' Wisdom and the Law of Victory.
*2 Number of meetings of the Board of Directors: 17 Audit and Supervisory Committee meetings: 19 times, Number of meetings of the Nomination and Remuneration Committee: 2 times

Corporate Governance Report

Raising awareness of management participation through the employee stock ownership plan

Based on the concept of "all employees are the company's president," each and every one of our partners (employees) engages in business activities from the same perspective as management and achieves sustainable growth. We have introduced an employee stock ownership plan with the aim of further raising the awareness of our partners to participate in management and to assist in the formation of assets.
Partners can continue to purchase small amounts of our shares and receive a 10% incentive on the amount of their contributions. As of the end of September 2023, approximately 35% of our partners are members of the Employee Stock Ownership Plan, and each partner shares value with shareholders and strives to further enhance our corporate value.

Promoting Engagement through IR Activities

In order to achieve the objectives of Corporate Governance, we will conduct more transparent management through timely disclosure of management information to shareholders and investors (timely disclosure) and investor relations activities (investor relations).

Activities for the fiscal year ending September 2023 Actual (October 1, 2022 ~ September 30, 2023)

activity number of times
Financial Results Announcement and Briefing 4 times
1-on-1 Meetings Approx. 400 times
Participation in conferences sponsored by securities companies 15 times
Total number of companies interviewed, including Group MTG Approx. 590 companies
Information Disclosure Policy

Risk

Status of Establishment of Risk Management System

We have established a risk management system to ensure business continuity and stable development by taking appropriate precautions at optimal and recurring costs for various risks in business operations.
Specifically, in accordance with the "Risk Management Regulations" established by the Company, the Company has established a Risk Management Committee consisting of the heads of each division and each company of the Company, and the committee, which meets at least once a quarter, assesses risks, examines and implements countermeasures, and monitors the status of implementation. The committee comprehensively evaluates and manages a wide range of risks, including risks related to compliance such as anti-corruption, risks related to disaster countermeasures including climate change, and risks related to system security.
In addition, the Board of Directors of the Company supervises the appropriateness and effectiveness of the Company's overall risk management processes by receiving regular reports on the results of discussions and verifications by the relevant committees.
As a result of the above initiatives, no serious fraud or scandals occurred in the fiscal year ended September 2023.

Information security

Basic Concept

Our mission is to contribute to the realization of a safe and convenient payment for consumers and businesses, aiming to be the infrastructure for Japan payment processes. In conducting corporate activities in accordance with this mission, we utilize our unique information assets and are working on information security measures based on the recognition that protecting information assets from external threats is the most important management issue.
Specifically, in order to prevent computer intrusions, computer viruses, cyber attacks, etc. by unauthorized means, we are taking appropriate measures such as security measures against unauthorized intrusion from the outside and inside, a 24-hour system monitoring system, and the development and operation of internal regulations.
In addition, we schedule education and awareness-raising activities every fiscal year, and operate and manage them so that measures take root in the organization. In addition to conducting thorough training at the time of joining the company, we regularly conduct training to deepen understanding of the basic policies and rules and ensure compliance, focusing on videos to raise awareness of thorough information security measures and the Company's security rules stipulated as an information security management system (ISO27001). In addition, personnel with specialized knowledge are assigned to Internal Audit Office, and external experts participate in the Risk Management Committee to enhance the effectiveness of risk assessments.

Information Security Risks and Countermeasures

(1) System downtime and information security

・Risk: Risk of service suspension due to natural disasters or accidents, computer intrusion by unauthorized means from the outside, disconnection of communication networks or application malfunctions due to computer viruses, cyber attacks, etc., or unexpected system downtime of payment processing business credit card companies, etc., or defects in the Company's systems.
・Countermeasures In order to avoid risks, we are taking appropriate measures as appropriate by taking security measures against unauthorized intrusion from outside and inside, a 24-hour system monitoring system, redundancy of system configurations, enrollment in insurance, and the development and operation of internal regulations.

(2) Leakage of card information from member stores, etc.

・Risk: Credit card information may be leaked from the Company's member stores, etc., and the merchant will be liable for compensation. payment In the event of incompetence, the Company may compensate for credit card reissuance fees, etc. as joint and several liability.
・Countermeasures In order to mitigate this risk, we are promoting services in which credit card information is held by the Company rather than the Merchants, etc., and by strengthening the management of the Merchants that hold the information.

(3) Possibility and impact of leakage of personal information

・Risk: Risk of leakage of important information such as credit card numbers and personal information such as names, addresses, telephone numbers, and e-mail addresses stored in databases under the management of the Company
・Countermeasures We are a member of the Japan Credit Association, and in addition to operating personal information management based on the personal information protection guidelines required by the association, we have established a thorough system such as acquiring the Privacy Mark. On the other hand, the Company has established a Risk Management Committee to effectively and efficiently implement risk management, and the Committee meets at least once a quarter to report the status of risk management examined to the Representative Director, the Board of Directors, and the Audit and Supervisory Committee as appropriate.

As part of our efforts to strengthen our risk management system, we have acquired the following certifications related to information security.

ISO27001

・Obtained ISO27001 conformity certification
All of our business sites have been certified to conform to ISO/IEC27001:2013 (domestic standard JISQ27001:2014), which is a global standard for information security management.

Privacy mark

・Acquisition of the Privacy Mark
Regarding the handling of personal information, we have acquired the Privacy Mark, which certifies businesses that comply with the Japan Industrial Standard "JIS Q 15001:2017 Personal Information Protection Management System - Requirements" and have established a system to take appropriate protection measures for personal information.

PCI DSS

• Fully PCI DSS compliant
Our services are fully compliant with PCI DSSVER 3.2.1, a global security standard for the credit card industry, jointly formulated by five international credit card brands: JCB, American Express, Discover, MasterCard, and VISA. We provide peace of mind to all our customers with a safe Credit card payment.

Security compliance

compliance

compliance

We consider compliance to be a) laws and regulations, b) ethics and social norms, c) regulations, rules, procedures, etc., and d) management vision, etc., and we are working to raise awareness of compliance among all partners based on the recognition that "adaptation to social demands" (so-called "full set compliance"), including compliance with laws and regulations, is the subject of compliance.
The "Compliance Management Regulations" and "Internal Detailed Regulations on Scandals" stipulate that any scandal involving a compliance violation or a risk of such a scandal shall be promptly reported to the Corporate Support Division, and the Corporate Support Division shall report and cooperate with the Board of Directors, etc., to investigate necessary matters, implement necessary and appropriate measures to resolve them, and create and disseminate measures to prevent recurrence.
In addition, based on the annual audit plan, Internal Audit Office will check the status of compliance with relevant laws and regulations, the Articles of Incorporation, internal regulations, etc., and if a situation requiring improvement is identified, we will take corrective measures and continue to check the status of correction. In the event of an incident that appears to be a compliance violation within the company, we have established and operate a whistleblowing system in addition to a reporting system based on the normal chain of command.
In the fiscal year ended September 2023, we did not incur any costs related to compliance violations, including fines, penalties, and settlements related to corruption.

Code of Conduct

We recognize the importance of compliance with laws and regulations and the maintenance and improvement of corporate and employee ethics, and we have compiled it as a code of conduct, and we repeatedly make it known to our partners (employees) and encourage them.
We consider compliance to mean not only compliance with laws and regulations, maintenance and improvement of corporate and employee ethics, but also a full set of compliance that includes so-called "adaptation to social demands." In order to put these into practice, we comply with internal rules and strive to prevent problems from occurring through an open work environment and smooth communication. On the other hand, in the event of a problem, we have established a system to immediately report and consult with relevant parties, including superiors, and to promptly implement appropriate and effective improvement measures. In addition, the Risk Management Committee assesses risks related to compliance, including acts that violate the Code of Conduct, and the Board of Directors supervises the effectiveness of the development and operation of internal rules, including the Code of Conduct, by receiving reports on the results of verification by the Risk Management Committee.
Based on these efforts, our partners will regard this Code of Conduct as a guideline for their daily conduct and will act with common sense and responsibility as members of society.

Code of Conduct

Anti-Corruption

Basic Concept

The Company's "Code of Conduct for Officers and Employees" stipulates matters related to anti-corruption, such as compliance with the Antimonopoly Act, conflicts of interest, prohibition of gifts and entertainment to public officials or equivalent persons, prohibition of gifts and entertainment to business partners that exceed socially accepted norms, donations and donations in compliance with laws and regulations, and efforts to prevent money laundering, etc.

Anti-Corruption Initiatives

The Company conducts a merchant management review of merchants who intend to do business with the Company, including confirmation that they are not engaged in problematic business in light of public order and morals.
The Company's Board of Directors receives regular reports from the officer in charge of compliance on the status and results of the implementation of compliance measures, and supervises compliance throughout the Group.
The Company has established internal and external whistleblowing hotlines that ensure confidentiality, fairness, and objectivity.
We are working to foster a corporate culture of compliance by continuously disseminating our philosophy on compliance and messages from the management team to all employees, and by regularly reading and discussing them. In addition, the "Compliance Management Regulations" stipulate thorough dissemination and education on the significance and importance of compliance management, and regular training and follow-up are conducted.
In the fiscal year ended September 2023, no employees were subject to disciplinary action or dismissal for violating internal rules related to anti-corruption.

Political donations

We do not make political contributions.

Tax Policy

Tax Policy

Basic Concept

Based on management principles "Pursue the spiritual and physical enrichment of our comrades by contributing to the progress and development of society," we will contribute to the development of the economies and local communities of each country through fair tax payments. We will file and pay taxes appropriately in accordance with the tax-related laws and regulations of each country and region in which we operate. In addition, we will strive to optimize tax costs, such as by utilizing preferential tax systems that are available within the scope of legitimate business activities. We will not take advantage of preferential tax treatment that deviates from the intent of the tax law, excessive tax planning that does not involve actual business conditions, or arbitrary tax avoidance measures that unfairly take advantage of tax havens.

Tax Governance

The responsibility for the Company's tax governance is assumed by the Director Executive Vice President, which is in charge of corporate operations, and under the supervision and guidance of the , the accounting department conducts tax practices under the guidance of the Accounting and Finance Executive Manager. In considering tax risks, we obtain advice from external advisors. In the event of a serious tax problem, it shall be reported to the Board of Directors.

Amount of tax paid by country (fiscal year ending September 2023)

Unit: 100,000,000
country Amount of tax paid
日本 95.5
アメリカ 0.1
Others (Southeast Asia, India, etc.) 0

*Aggregates corporate tax, etc.

Corporate Governance

Basic Views

Based on the management principle, the Company implements governance systems that can effectively and efficiently realize this principle. The Company's basic view on corporate governance is to implement measures and develop necessary management oversight systems for sound progress while simultaneously securing the legal compliance and efficiency of management, and corporate governance is positioned as one of the highest priority management issues.

Corporate Governance Structure

Corporate Governance Structure

Board of Directors

The Board of Directors is comprised of 15 Directors (including 5 external directors) . The Representative Director functions as the chairperson of the Board. The Board convenes its regular session once every month and can hold extraordinary sessions when necessary to resolve important management and legal issues. In addition, the Board supervises the execution of duties of Directors, and endeavors to secure the fairness, efficiency and transparency of the decision-making process. Furthermore, the term of office of a Director excluding members of the Audit and Supervisory Committee is one year, in order to establish a management system that can respond agilely to the changes in the business environment and clearly define the Director's management responsibility. Moreover, the term of office of a Director who are members of the Audit and Supervisory Committee is two year.

Audit and Supervisory Committee

The Audit and Supervisory Committee consists of four external directors. Based on the Rules of the Audit and Supervisory Committee, each member must share and conduct the task of attending the Board of Directors meetings and important meetings and operations, investigations of financial condition, etc. The Committee receives necessary reports from the Internal Audit Office and supervises the execution of duties by the Board (excluding members of the Audit and Supervisory Committee).

Management Committee

The Management Committee is the decision-making body for the execution of important business operations in order to strengthen the management oversight function through the separation of supervision and execution. The Management Committee is comprised of the Representative Directors and some Directors and Executive Officers, and convenes once a month or more, in principle. The Management Committee is formed to facilitate the efficient execution of operations, and make timely and appropriate decisions through deliberations on important matters related to the execution of operations carried out in accordance with the Basic Policy of the Board.

Nomination and Remuneration Committee

The Nomination and Remuneration Committee is a voluntary body covering matters pertaining to nomination and remuneration of Directors. The Nomination and Remuneration Committee is comprised of five Directors (of which, three are External Directors) and the chaired by an External Director. The Nomination and Remuneration Committee acts as an advisory body to the Board of Directors and make proposals to the Board of Directors when necessary, on matters concerning appointment of Directors, screening of candidates, Director's remuneration system, remuneration amount, and succession plans for the role of Representative Director by carrying out fair and objective deliberations that also take in account diversity and skill set.

Internal Audit Office

The Company establishes the Internal Audit Office which is comprised of three dedicated staff member that conduct the audit of material risks and internal controls of GMO-PG and its consolidated companies. Specifically, the Internal Audit Office conducts internal audits of each department of the Company and its consolidated subsidiaries to ascertain whether operations are compliant and conducive with legal regulations, Articles of Incorporation, internal rules, in accordance with the Rules on Internal Audit. The findings are reported to the Representative Director and also explained to the Audit and Supervisory Committee.

Risk Management Committee

The Company establishes a Risk Management Committee that undertakes risk management for the overall GMO-PG and its consolidated companies in an effective and efficient manner.

Special Committee

The Special Committee acts as an advisory body to the Board of Directors and consists of five external directors vested with the responsibility to deliberate on important transactions and actions with conflict of interest between controlling and non-controlling shareholders.

Continual Improvement of Governance

Selection Policies and Nomination Procedures of Directors

The selection of Directors makes due consideration of Directors who are equipped with the knowledge, experience and skill to effectively carry out their role and responsibility and will be mindful to achieve the appropriate size and diversity of the Board. Candidate for Directors will be selected on these policies and following the deliberations at the Nomination and Remuneration Committee, will be formally proposed to the Board for the decision.

Independence Standards for External Directors

In making the decision for designating External Directors including members of the Audit and Supervisory Committee as independent Directors, the Company designates as independent Directors those who fulfill the proprietary standards set forth in the Independence Standards and Rules for External Directors.

Evaluating the Effectiveness of the Board

The Company confirms that the Board's effectiveness is appropriately secured based on a wide perspective of its organizational design, nomination and remuneration as well as the Board' s composition and its operation and by incorporating objective and quantifiable methods such as questionnaires to all Directors. Concurrently, the issues and problems revealed in the evaluation process is continuously addressed through improvement measures and its implementation in order to further enhance the Board's functions.

Director's Remuneration

In order to secure the transparency of the remuneration determination process and the appropriateness of the remuneration amount, the Company establishes the Nomination and Remuneration Committee which is chaired by an External Director. The remuneration (including bonus and other payments) for Directors (excluding members of the Audit and Supervisory Committee) is decided by the Board of Directors following due deliberations by the Nomination and Remuneration Committee. The remuneration amount for each individual Director is decided by the Board and is deemed to basically align with the report from the Nomination and Remuneration Committee, following multi-faceted considerations including the consistency with policies determined by the Nomination and Remuneration Committee.
Furthermore, in order to further advance sustainability management, ESG indicators have been incorporated into the individual target of the Director in charge from FY ending September 2022. The remuneration of Directors who are members of the Audit and Supervisory Committee consist of a fixed remuneration amount in the interest of securing independence and objectivity from management, and the fixed remuneration amount is decided through discussions in the Audit and Supervisory Committee.

Directors' Skill Matrix

Name Position Practice of GMO-ism*1 Corporate
Management
IT/Security Risk
Management
Legal Affairs Treasury and
Accounting
Payment
Processing
Business
Finance Global Investment
(M&A)
ESG/
Sustainability
Attendance rate
for Board meeting*2
Attendance rate
for Audit and
Supervisory Committee*2
Attendance rate
for Nomination
and Remuneration Committee*2
Issei Ainoura President and Chief Executive Office                   100% - -
Masatoshi Kumagai Chairman and Director 88% - -
Ryu Muramatsu Director,Executive Vice President 100% - -
Satoru Isozaki Director, Executive Vice President 100% - 100%
Masashi Yasuda Director 100% - 100%
Hirofumi Yamashita Director 94% - -
Teruhiro Arai Director 92% - -
Noriko Inagaki Director 100% - -
Yuki Kawasaki Director 100% - -
Takashi Shimahara Director 100% - -
Akio Sato External Director 88% - -
Kazutaka Yoshida External Director, Audit and Supervisory Committee 100% 100% 100%
Kazuhiko Okamoto External Director, Audit and Supervisory Committee 100% 100% 100%
Yumi Hokazono External Director, Audit and Supervisory Committee 100% 100% 100%
Fumio Kai External Director, Audit and Supervisory Committee 92% 100% -

*1 GMO-ism refers to GMO Internet Group, Inc.'s collective corporate motto consisting of "Venture Spirit Declaration," "55-Year Plan," in addition to the " Rules for Senior Manager" and "Laws of Winning."
*2 Number of Board meetings convened: 17; Number of Audit and Supervisory Committee meetings convened: 11; Number of Nomination and Remuneration Committee meetings convened: 2

Corporate Governance

Raising Awareness of Participation in Management through the Employee Stock Ownership Plan

Based on our ideology of "Everyone is the President," we aspire to foster all partners (employees) to incorporate the same perspective as the management team in carrying out business activities to realize sustainable growth. The Company establishes the Employee Stock Ownership Plan to further raise awareness of participation in management by the partners and to aid in their asset accumulation.
Partners can purchase the Company's shares from small installments, and the Company provides a 10% incentive payment for such share purchases. As of the end of December 2022, the participation rate in the Employee Share Ownership plan is 35%. Each partner continues to strive to raise the corporate value by sharing the same values as our general shareholders.

Engagement through IR Activities

IR Activities

The Company carries out timely disclosure of management information and investor relations (IR) activities for shareholders and other investors to enhance the transparency of management in order to achieve the aims of corporate governance.

Summary of Activities for FY2022 (from October 1, 2021 to September 30, 2022)

Activity Number of Events
Financial results announcements and briefings 4 times
One-on-one meetings Approx. 370
Participation in broker conferences 16 times
Information Disclosure Policy

Risk Management

Status of Risk Management Structure

In order to tackle the various risks associated with business operations, the Company has developed a risk management structure to secure stable growth and business continuity by optimizing and making permanent the cost required to carry out preemptive measures.
Specifically, the Risk Management Committee has been established comprised of head of divisions and GMO-PG and its consolidated companies to carry out risk assessment, formulating and executing countermeasures, and monitoring. This Committee comprehensively evaluates and manages various risks ranging from compliance risks such as corruption prevention, natural disaster related risks including climate change, risks associated with system security, etc.
The Board of Directors supervises the effectiveness and appropriateness of the corporate-wide risk management based on periodic reports on the discussions and evaluations of the Committee.
Note that there have been no material wrongdoing nor scandals during FY2022 due to the above initiatives.

Information Security

Basic View

The mission of GMO-PG and its consolidated subsidiaries is to contribute to the realization of secure and convenient payment for both consumers and businesses, with the aim to become Japan's payment infrastructure. Information security measures and responses to protect information assets from external threats, while utilizing the information resources that are proprietary to GMO-PG's consolidated subsidiaries, are of the highest management priority.
Specifically, yearly educational and awareness-raising activities are scheduled to ensure that these measures take root. Education is thoroughly conducted periodically at the start of employment through compliance training programs on deeper understanding of procedures and purposes of security rules of the Company, basic policies and rules stipulated under the information security management system (ISO 27001), as well as through awareness-raising videos on information security measures. Additionally, improving the effectiveness of risks assessment is also carried out by inviting external experts to participate in Risk Management Committee and by assigning of employees with specialized knowledge to the Internal Audit Office.

Risks and Responses to Information Security

①System Failure and Information Security
・Risk Risk of service disruptions caused by unforeseen system failures on the part of payment providers (such as credit card companies) and/or weaknesses in the Company's systems that result in the disruption of communication networks and the malfunctioning of applications caused by cyberattacks, computer viruses, and/or unauthorized computer access from an external source or natural disasters or accidents.
・Response The following requisite and appropriate responses are enacted to mitigate risks, such as security measures against unauthorized access from external and internal sources, a 24-hour surveillance structure, duplication of system configuration, insurance policy enrollment, and development of internal rules on operations.
②Credit Card Information Breach at Merchants
・Risk Risk of joint liability to cover the indemnity cost of reissuing credit cards when the merchant, etc., does not have the capacity to fulfill the obligation in the event of information leakage of credit card information occurring at the merchant.
・Response In order to mitigate this risk, the Company undertakes strengthened management of merchants that store such information as well as promotes services where the credit card information is stored by the Company and not by the merchant.
③Potential Breach of Personal Information and Its Impact
・Risk Risk of external leak of database information managed by the Company that contains personal information such as credit card information, names, addresses, telephone numbers, and email addresses.
・Response The Company has implemented a solid system that qualifies for the PrivacyMark in order to ensure against this risk. In addition, as a member of the Japan Consumer Credit Association, personal information management operations are implemented in accordance with the Personal Information Protection Policy. Furthermore, the Company established the Risk Management Committee to implement effective and efficient risk management. The Risk Management Committee convenes once every quarter and reports its findings on risk management to the representative directors, Board of Directors, and Audit and Supervisory Committee.
The following certifications for information security have been certified as measures to strengthen the risk management structure.
ISO27001

Certified ISO 27001 Compliant
With a scope that encompasses all of our business locations, we have been certified as compliant with the ISO/IEC 27001:2013 global information security standard (within Japan, the JIS Q 27001: 2014standard).

PrivacyMark

PrivacyMark Certified
In recognition of the appropriate measures to safeguard personal information, we have received PrivacyMark certification that signifies compliance with the Japanese Industrial Standard for personal information protection, JIS Q15001:2017.

PCI DSS

Fully PCI DSS Compliant
The services we provide are in full compliance with version 3.2.1 of the PCI DSS global security standard for the credit card industry, which was jointly formulated by the five global credit card brands: JCB, American Express, Discover, MasterCard, and Visa. As such, we are delivering peace of mind to all of our customers, in addition to securing credit card payments.

Compliance (Legal Compliance)

Basic View

The Company considers the scope of compliance that includes: a) laws and ordinances, b) ethics and social norms, c) rules, regulations, and procedures, and d) management vision. The Company works to raise the compliance mindset of all partners based on the awareness of "adapting to the demands of society" (known as the full-set compliance), which includes adherence to related government laws and ordinances.
Under the Rules of Compliance Management and Internal Rules Regarding Misconduct, all incidents of misconduct including compliance violations that occurred or is likely to occur must be reported to Corporate Support Division promptly, and the Corporate Support Division is stipulated to carry out necessary investigation and implement the required and appropriate response for resolution, as well as formulate and disseminate the preventative measures, with due reporting and collaboration with Corporate Support Division.
The Internal Audit Office reviews the state of compliance with ordinances, articles of incorporation, company rules and other such regulations based on the yearly Audit and Supervisory Plan. Corrective measures are undertaken if a circumstance is found to require improvement as well as follow-up to ensure these corrective measures are enforced. If an incident where a compliance violation is suspected occurs, the Company has developed and operates a whistleblower system in addition to the normal reporting system based on chain of command.
Note that no costs related to compliance violations, including penalties, fines and settlement payments related to corruption, have been incurred in FY2022.

Anti-Corruption

Basic View

The Company's Code of Conduct for Directors and Employees stipulates related anti-corruption clauses including compliance with Act on Prohibition of Private Monopolization and Maintenance of Fair Trade (the Anti-Monopoly Act), acts of conflicts of interest, prohibition of gift-giving or entertainment of public officials or those deemed to be as well as overseas public officials or those deemed to be, prohibition of gift-giving and entertainment in excess of socially acceptable levels to business counterparts, measures on anti-money laundering and other similar acts and, contributions and charitable donations that abide with laws and ordinances.

Anti-Corruption Initiatives

The Company carries out the merchant management assessment on merchants that are likely to enter into a commercial transaction with the Company, to assess whether the business of the merchant is offensive to public order and standards of decency.
The Board of Directors monitors the compliance of GMO-PG and its consolidated companies by receiving regular reports on the compliance initiatives and its implementation from the officer in charge of compliance.
The Company has established a whistle-blower reporting system internally and externally that ensures confidentiality, fairness and objectivity.
The Company continuously works to disseminate the Company's principles and messages from top management that are related to compliance and foster a compliance culture through periodically reading aloud and debates. In addition, the Company conducts regular training and follow-up sessions in order to educate and thoroughly disseminate the significance and importance of compliance management as per the Rules on Compliance Management.
Note that there were no violations of the Code of Conduct related to anti-corruption and no eligible personnel for disciplinary actions and disciplinary dismissal during FY2022.

Political Donations

The Company does not make political donations.

Tax Policy

Under the management principle to "By contributing to society, we pursue both spiritual and material prosperity for our partners." the Company contributes to the economy and local community of that jurisdiction through the fair and full payment of taxes. The Company appropriately files and pays the taxes based on the relevant laws and regulations on taxation of that country/region in which the business activity takes place. In addition, the Company will endeavor to optimize its tax cost through the use of tax incentives and benefits within the scope of legitimate business activities. The Company will not engage in arbitrary tax avoidance measures to make unreasonable and unjust use of tax havens and excessive tax planning on non-existent businesses, nor abuse tax incentives in a manner not aligned with the purpose stated in the relevant tax law.

Security compliance