Business risks
June 2025
Of the matters relating to the business status, accounting status, etc. described in the securities report, the major risks that management recognizes as having the potential to have a significant impact on the financial position, operating results, and cash flow status of the consolidated company are as follows:
Please note that the matters relating to the future are based on judgments made by the Group as of the date of submission of the securities report.
Risks related to disruptions to information systems or inadequate information security and personal information protection
Our Group provides systems outsourcing services to the financial and distribution/retail industries, and also provides our own services using external public cloud services. Therefore, we select public cloud services that meet the necessary and sufficient requirements for providing services, and we work to educate our employees on information security and technology. However, in the unlikely event that a malfunction occurs in these information systems, including communication networks and power systems, or if there is an information security deficiency, such as a leak of personal information due to a computer virus or cyber attack, our Group may suffer a loss of credibility, a loss of customers, and compensation for damages.
As a countermeasure against such risks, our Group has established a system that complies with ISMS (Information Security Management System), and in order to respond to global business, we are working to strengthen our response by establishing internal rules that take into consideration the laws and regulations of each country and region, including the GDPR (EU General Data Protection Regulation).As preventive measures, we have established a CSIRT (Computer Security Incident Response Team), educated employees on personal information protection, established security incident response procedures, conducted regular training, and raised awareness within the company using the latest case studies.We have also introduced the CSPM (Cloud Security Posture Management) service as a measure to detect configuration errors that could lead to unauthorized access or information leaks, and have implemented incident detection and notification measures for important services.
Climate change and disaster risks
Our Group's sustainability policy states that we will co-create the future from a global perspective and work to develop a sustainable society. Global climate change is likely to change the livelihoods of our customers, business partners, and employees, and ultimately cause changes in the business environment. From a medium- to long-term perspective, we believe this is an important risk that must be considered in order for our services to continue to contribute to improving our customers' business challenges.
The Group is also aware of risks associated with system operations and support service operations, including fire, earthquakes, war, infectious diseases, and security. While data centers are equipped with earthquake- and fire-resistant measures to ensure a certain level of safety, the occurrence of a major earthquake, fire, or other natural disaster, equipment malfunction, or operational error could seriously disrupt the provision of services, potentially resulting in compensation for damages and loss of trust, which could have an adverse effect on the Group's business performance and financial position. Furthermore, if our employees or business partners providing support are unable to access the necessary resources due to an infectious disease or other reason, there is a risk that business continuity may become impossible.
In order to avoid disruptions or outages in system operations and support services, our group implements various measures, such as security measures, information gathering from business partners, securing access routes to resources from outside the company, and enhancing in-house training. These measures are not limited to system operations and support, but are effective for system development, package sales, and all internal back-office departments.
Risks related to securing and training engineers
The design and construction of information systems, etc., are knowledge-intensive tasks that are also labor-intensive, and we recognize that securing excellent engineers with skills above a certain level is essential for business expansion. At present, the Group's personnel and education systems are able to secure the necessary engineers, but if the Group is unable to secure the excellent engineers or labor force it needs due to a tight labor market, if there is insufficient support for new employees in a teleworking environment, or if a large number of Group employees resign, this could restrict the Group's business development.
As a countermeasure to this risk, the Group is working to minimize mismatches by increasing contact with Group employees throughout the process from application to interview and joining the company, to stimulate real communication by holding in-person as well as online internal events, and to create diverse career paths and easy-to-work systems and environments for employees in specialized professions such as engineers and those facing life events such as childcare and elderly care.
Risks related to contract development
For contract development projects of a certain size or larger, the Group conducts "reviews of the appropriateness of estimates by persons not involved in the project," and is continually working to improve project quality and strengthen its management system, including promoting the standardization of project development methods and training project managers. However, even contract development projects that are deemed to be reasonably profitable at the time of acceptance may become unprofitable due to project management issues during the development stage, unexpected expansion of the development scope, an increase in work hours, etc. In such cases, the Group's business performance and financial position may be affected, including the recording of order losses, compensation for damages due to delivery delays, and the recording of impairment losses on related assets.
As a countermeasure against this risk, our group has implemented measures such as having the Project Council check proposals, project plans, and project execution (introducing a check sheet (Project Council Check Sheet) that can confirm project status using the same standards), establishing related rules, and spreading company-wide development standards and procedures. In addition, we regularly monitor whether projects are being implemented in accordance with rules and procedures.
Risks related to software development for new products and services
The Group is focusing on the development of its own services and software as an important investment to strengthen and maintain market competitiveness. However, the development of new services in particular involves a high degree of uncertainty. If the investment recovery plan is not expected to achieve the initial plan due to downward revisions to future revenue plans, delays in development plans, cost increases, etc., it may be necessary to record impairment losses on fixed assets.
As a countermeasure against this risk, our group monitors project progress through project councils and milestone reviews, establishes related rules, promotes modern development, etc. In addition, in order to understand customer needs, information is shared at management meetings regarding the status of new projects, etc.
Risks related to the actions of specific business partners
Sales to Credit Saison Co., Ltd. account for 28.4% of the Group's total sales (for the current consolidated fiscal year), and a decrease in sales to this company could have an impact on the Group's business performance and financial position.
The Group will address these risks by promoting business expansion into new technologies and new fields as outlined in its management policy, and by developing more profitable businesses into new markets and customers.
Intellectual property risks
In sales of our core products, including "HULFT," "DataSpider Servista," and "HULFT Square Square," we are promoting global expansion and focusing on our customers' digital transformation. As we expand our business into these new technologies and new fields, we take great care to protect and preserve our proprietary technology and know-how and to avoid infringing on the intellectual property rights of third parties. However, issues regarding intellectual property rights may arise due to differences in legal systems in some regions. This could result in us being sued for damages for infringing on the intellectual property rights of others. Furthermore, we may be unable to obtain licenses from intellectual property rights holders, which could result in us being unable to provide certain technologies, products, or services. Either of these events could have an adverse effect on our business performance and financial condition.
To avoid such risks, the Group's compliance and risk management departments are primarily responsible for checking the intellectual property of other companies and for appropriately managing the intellectual property held by the Group.
Risks related to exchange rate fluctuations
If sudden exchange rate fluctuations occur in the Group's global business activities, such as the provision of products and services to overseas bases, development outsourcing, and other intra-group transactions, or the use of services from overseas vendors, this could affect the Group's business performance and financial position.
