Risk Management
Regulations Relating to the Management of Risk of Loss and Other Relevant Risk Management System of the DeNA Group
・ The Compliance and Risk Management Unit shall be responsible for the following:
- Administration of the DeNA Group’s risk management processes (including the identification, management, and monitoring of risk) and risk management support for each department
- (a) in coordination with the corporate departments, the internal audit department and all risk management committees, (A) comprehensive assessment of the DeNA Group’s business and operational risks, (B) preparation of a summary of the results of analysis, evaluation and measures against risk and (C) continuous and centralized management and monitoring of risk-related information; (b) periodic reporting of such management and monitoring to the Board of Directors, the corporate auditors and management meetings; and (c) providing the views of the department on the deliberations and resolutions of the Board of Directors and management meetings of DeNA and, as necessary, of any subsidiary of DeNA;
- Collection of primary risk-related information in coordination with the customer service, public relations, internal audit (which operates the whistleblowing hotline system) and other related departments; and
- In case of any unexpected event, follow crisis management procedures to ensure prompt and accurate reporting, communication and handling of the issue.
・If the responsible head of the Compliance and Risk Management Unit has any concerns about the risk awareness and assessment of any representative director or executive officer in their business judgment, they may directly raise those concerns at any meeting of the Board of Directors or management meeting of DeNA or, as necessary, at the meeting of the Board of Directors of any subsidiary of DeNA.
・DeNA’s Board of Directors shall appoint and remove the responsible head of the Compliance and Risk Management Unit through a resolution.
・Security and management of information assets (including personal information) and compliance with related laws and regulations are of critical importance to the business operations of the DeNA Group. Accordingly, a committee chaired by the President & CEO of DeNA shall have exclusive jurisdiction over matters relating to the foregoing, and the information security department shall manage such matters under the basic policies established by that committee and in coordination with the Compliance and Risk Management Unit.
・If the Compliance and Risk Management Unit or the internal audit department becomes aware (through the internal audit department, internal whistleblowing hotline or otherwise) of any material violation of laws, regulations or the Articles of Incorporation, any inappropriate action or any possibility of serious risk of loss on DeNA Group, it shall promptly report to DeNA’s directors (other than directors who may have a conflict of interest) and corporate auditors.
Operation Status of System Management of Risk of Loss
・For each of the DeNA Group’s organizations a risk manager is appointed for that organization, and this risk manager coordinates with the compliance and risk management department to identify business and operational risks, and after analyzing
and evaluating (categorization and quantification), organizes response measures and manages overall. The risk manager also aims to share awareness internally about risks judged to be important during the analysis and evaluation. The DeNA Group
also periodically reviews the risk analysis and evaluation results based on the above risk monitoring, and reviews the management approach, to keep the risk management in line with business trends.
・The compliance and risk management department coordinates with each DeNA Group organization, encourages autonomous risk management in each organization, and promotes and monitors the comprehensive identification and central management of
risks that were identified and analyzed & evaluated in each organization and information of the response to said risks. The compliance and risk management department also periodically coordinates with the internal audit department, which
operates the internal whistleblowing hotline, the customer support department and public relations department on information they obtain, among others, to ascertain primary information that could lead to risk.
・The compliance and risk management department periodically reports to the Board of Directors about the management and monitoring situation for risk in the DeNA Group, and on the content of initiatives to reduce risk. The compliance and risk
management department also periodically obtains information that could lead to risks for the DeNA Group related to changes in the external environment surrounding DeNA’s business environment, and shares this information with each DeNA Group
organization.
・The DeNA Group aims to make appropriate information sharing and quick response possible in case of an unexpected event by periodically reviewing the crisis management procedures and ensuring awareness through training and other measures. In
addition, the compliance and risk management department coordinates with each organization to operate the crisis management procedures.
・The compliance and risk management department established a response process for unexpected events that includes coordinating with each organization to review the business continuity plan and adding new business continuity plans related to
infectious disease.
・DeNA shall convene meetings of the information security management committee and personal information management committee periodically and as necessary. These committees define the daily work policy relating to handling information asset
protection, management, and laws and regulations in the DeNA Group. These committees also check and monitor the determination of specific measures and progress thereof relating to the DeNA Group’s information security and personal information
protection.