Business Risks

June 2024

Risks that may have some impact on the Group's business results, share price and financial situation include the following. Forward-looking statements in this document are based on judgments made by the Group as of the date of submission of the Annual Securities Report.


<Risks due to information system faults or information security and Personal Information Protection failures>
The Group undertakes outsourced development and operation of information systems, etc. for the credit, distribution and service industries, as well as in-house services using external public cloud services. For this reason, the Group is engaged in the construction of data centers with the very latest equipment and robust security features, selecting public cloud services with sufficient requirements to provide services, and employee education and training with regard to both information security and technical aspects. However, in the unlikely event of information system faults (including communications network and electric power grid system faults) and/or information security failures (including personal information leaks due to threats such as computer viruses or cyber-attacks), there is a possibility of repercussions for the Group that may include a loss of confidence and credibility, loss of customers, and claims for damage compensation.
As measures against these risks, the Group uses firewalls, VPNs and other system-based measures to prevent unauthorized access, has built a system framework that conforms to an Information Security Management System (ISMS) as well as a Computer Security Incident Response Team (CSIRT), and conducts education and training on the protection of personal information. In addition, in order to respond to global business, we are working to strengthen our response to the GDPR (EU General Data Protection Regulation) and other internal rules and regulations that take into account the laws and regulations of each country and region.
<Risks associated with climate change and disasters>
The Group's Sustainability Policy states that the Group is committed to co-creating the future from a global perspective and developing a sustainable society. Climate change on a global scale may change the basis of life of our customers, business partners, and employees, which in turn may cause changes in the business environment. From a medium- to long-term perspective, we consider this to be an important risk to consider in order for our services to continue contributing to the improvement of our customers’ business challenges.
The Group operates systems operation businesses centered primarily around data centers as well as support services. The Group recognizes risks concerning fires, earthquakes, wars, infectious diseases, security and others. The Group’s data centers are designed to withstand earthquakes, fire and other threats, and ensure a certain level of safety. However, in the event of major earthquakes, fire or other natural disaster and/or equipment fault or operational error, there is a possibility of major interruption in the provision of services, which could impact the Group’s business performance and finances due to claims for compensation and loss of confidence and credibility. In addition, in the event that infectious diseases or other factors hamper access to the internal resources needed by company support employees or business partners, there is a risk to business continuity.
To avoid the faults and suspension of systems operation and support services, the Group implements a variety of measures including capital investment in equipment, security countermeasures, information gathering from business partners, procurement of routes for access from outside to the resources and the enrichment of internal education and training. The Group makes sure that these measures are effective not only to systems operation and support but also to system development, package sales and all internal back-office operations.
<Risks concerning securing and training engineering personnel>
At the same time as being knowledge-intensive, the design and construction of information systems also has some labor-intensive aspects. The Group recognizes that securing good engineering personnel with a certain level of skills is essential for expanding its business operations. At present, the Group has secured the engineers it needs through its personnel and education schemes. However, in the event that the Group becomes unable to secure the necessary numbers of good engineers and manpower that it requires due to a tight labor market, is unable to adequately follow up on new hires in a telework environment, or has large numbers of employees leaving the Group, there is a possibility of constraints being placed on the development of the Group’s business operations.
As measures against such risks, the Group strive to minimize mismatches by increasing contact points between applicants and employees of our group from application to interview and joining the company. In addition to online events, we also hold in-person internal events to promote real communication. Furthermore, we are committed to creating diverse career paths and a conducive working environment for specialists such as engineers, as well as employees experiencing life events such as childcare and caregiving.
<Risks concerning outsourced development>
For outsourced development projects exceeding a certain scale, the Group conducts reviews of the appropriateness of estimates by persons not involved in the project. The Group is also working continuously to improve the quality of its projects and enhance its management frameworks such as by promoting the standardization of project development methods, and training project managers. However, even for outsourced development projects where it is judged at the time of undertaking the project that appropriate profitability can be anticipated, there are some cases in which the project may later become unprofitable due to reasons such as project management problems during the development stage, unforeseen increases in the scope of the development, and increases in the number of work / man-hours. In such cases, there is a possibility of an impact on the Group’s business performance and finances due to the posting of losses for orders received, claims for damage compensation due to delays in delivery, and the posting of impairment losses on related assets.
As a measure against such risks, the Group implemented checks on proposals/project plans/project execution by the Project Council (introduced a check sheet (Project Council Check Sheet) to check the status of projects based on the same standards), maintenance of related rules, etc., and penetration of company-wide development standards and procedures. In addition, regular monitoring is conducted to ensure that projects are implemented in accordance with rules and procedures.
<Risks concerning software development for new products and services>
The Group has focused on the development of in-house services and software to enhance and maintain its market competitiveness. However, particularly with the development of new services, when the initially planned return on investment is no longer expected to be achieved due to the high degree of uncertainty and downward adjustments to future revenue plans, or delays and cost increases in development plans, there is a possibility that the Group may lower its valuation of fixed assets.
As a measure against such risks, the Group implements project progress monitoring using project organization meetings and tools such as milestone reviews, as well as developing relevant regulations and promoting modern development. In addition, specialized internal meetings and management meetings are held multiple times a month to review and share information on the status of new projects and other matters in order to understand customer needs.
<Risks concerning trends at specific clients>
Net sales to a specific client, specifically Credit Saison Co., Ltd., account for 30.2% of the Group’s overall net sales (for the consolidated fiscal year under review). In the event of a decline in the amount of sales to this client, there is a possibility that it could impact the Group’s business performance and finances.
The Group seeks to respond to such risks by driving the development of business operations in new technologies and new business domains as outlined in the basic corporate management policy, and by developing highly profitable business operations with respect to new markets and customers.
<Risks concerning intellectual property>
With regard to sales of mainstay Group products such as HULFT, DataSpider Servista and HULFT Square, the Group is focusing on global development and the customer digital transformation domain. In developing its operations in new technologies and business domains, the Group takes care to protect and preserve its own proprietary technologies and know-how, and to avoid infringing upon the intellectual property rights of third parties. However, due to differences in legislation in some regions, there is a possibility of problems occurring with regard to intellectual property rights, posing the risk of the Group incurring claims for damage compensation for infringement upon the intellectual property rights of others. There is also the possibility of the Group being unable to secure licenses from the owners of certain intellectual property rights, etc., and being unable to offer specific technologies, products and/or services as a result. In such cases, there is a possibility of an impact on the Group’s business performance and finances.
To avert such risks, the Group’s Compliance Division and other divisions in charge of quality improvement conduct checks with regard to the intellectual property of other companies, and appropriately manage the intellectual property owned by the Group itself.
<Risks related to exchange rate fluctuations>
The Group’s business performance and financial situation could be impacted in the event of sudden exchange rate fluctuations affecting the provision of products and services to overseas sites, intra-Group transactions such as development outsourcing, and global activities including the use of services from overseas vendors.
*This article uses machine translation.