The diversity and complexity of risk exposure at banks have been increasing along with the deregulation and globalization of the financial services sector, advances in financial technologies, and progress involving information and communication technologies. To maintain and improve the soundness of business operations, the Ehime Bank positions risk management as one of its highest priorities. Our goal is to maintain the proper balance as we seek to earn profits while keeping risk exposure at a suitable level with respect to our capacity to accept risk.

To manage risk in a timely and suitable manner, we have a Risk Management Department that oversees risk for all our operations and follows the Basic Policy for Risk Management established by the Board of Directors. This department gives us a framework for the comprehensive management of all categories of risk.

Credit risk, market risk, liquidity risk and operational risk are four key categories of risk at a bank. We have designed a department responsible for managing each of these risks and a risk management procedure. In addition, the Risk Management Department performs an overall assessment of these risks to verify that the level of total risk exposure does not exceed our capacity to accept risk exposure. There is also a Risk Management Committee, which is chaired by a representative director, that analyzes and discusses overall risk exposure and takes actions to further upgrade our risk management.

The Audit Department performs suitable and effective audits of the risk management framework on a regular basis in order to confirm the effectiveness of risk management. Audit reports are sent to the Board of Directors.

Credit risk is the risk of a decline in the value of assets or a loss caused by a decline in the financial condition or some other problem at an entity that has received credit.

Sound and proper banking operations require the accumulation of financially sound loans with good future prospects, based on the bank’s own responsibility, and the establishment of a strong foundation for extending loans. Ehime Bank has established a Credit Risk Management Policy for the purpose of maintaining a framework for the proper management of credit risk. In accordance with this policy, we have formulated Credit Risk Management Rules and a Credit Policy, which defines a basic code of conduct that serves as guidelines for business processes involving loans. In addition, there is an organizational structure led by credit examination and monitoring departments for the management of credit risk.

At Ehime Bank, three departments perform tasks involving loan examination, approval and monitoring processes. The Credit Department determines a credit limit for individual borrowers (including corporate groups) and takes actions for the diversification of risk and prevention of the undue concentration of credit risk at a particular customer. This department also establishes credit lines for individual industries in order to prevent the provision of too much credit to a single business sector. The Shipping Industry Finance Department is responsible for credit for this industry, which is a major business sector in the areas served by Ehime Bank. In this department, people who are very knowledgeable about the shipbuilding and marine transport sectors perform intermediate oversight of borrowers, collect information and study industry trends, and perform other activities. Credit Department II extends support to borrowers that are working on improving their business operations. To provide this support, this department uses its monitoring, management support and consulting capabilities and plays a major role in invigorating the economy of our home region.

We conduct self-assessments by using self-assessment standards. We also have standards for loan write-offs and the allowance for loan losses. In addition, we use our loan credit rating self-assessment system. These activities make it possible perform self-assessments periodically as borrowers announce results of operations and at any other time when a change occurs at a borrower. We use this framework for timely and accurate self-assessments and for the proper use of loan write-offs and the allowance for loan losses.

For write-offs and the loan loss allowance, we divide loans into three categories: normal loans, doubtful loans and substandard loans. The amount of the general allowance for loan losses is based on our forecast future losses on these loans by using past rates of losses in each category. For loans to quasi-bankrupt or bankrupt borrowers or borrowers with a high risk of bankruptcy, we estimate how much of each loan can be recovered by using collateral, guarantees and other coverage. The remaining amount is either written off directly or covered by an addition to the allowance for loan losses.

Ehime Bank uses a credit rating system for thorough credit examinations of prospective borrowers and the monitoring and intermediate management of outstanding loans. This system allows us to oversee and assess the credit risk of individual borrowers. We also perform portfolio management for the purpose of controlling overall exposure to credit risk.

The Asset Liability Management (ALM) Committee holds regular meetings to maintain a suitable level of earnings while dealing with a diverse array of risk factors associated with progress in the field of financial technology. The ALM Committee monitors anticipated risks, performs profit and risk simulations based on interest rate and foreign exchange rate forecasts, and uses other activities to determine the required actions. The goal is earning a level of profits that matches the level of risk exposure.

We use the most advanced risk management system for ALM analysis. One method is the creation of interest rate scenarios. This entails performing an overall determination of market risk and liquidity risk associated with interest rate and stock price movements as well as analyzing the economic and financial environments. We also use statistical methods to anticipate future levels of earnings and risk. The objective is to constantly upgrade our risk management skills.

In addition, we have frameworks for the management of market risk and liquidity risk that are based on the basic policy established by the Board of Directors. Our goal is to maintain the best possible balance between earnings and risk as we continue to improve our ALM capabilities.

Operational risk is the risk of incurring losses caused by an accident involving business operations, the improper operation of use of a system, or an external event such as an earthquake or fire.

The Ehime Bank has Operational Risk Management Rules for the all-inclusive and proper management of this category of risk. We divide operational risk into six categories: clerical risk, IT system risk, human risk, compliance risk, property risk and reputational risk. We have designated a department that is responsible for each risk category. In addition, the Risk Management Department supervises other departments that are involved with the management of operational risk factors.

Clerical risk is the risk of incurring losses caused by the failure of people to perform their duties accurately or by an accident, fraud or other event.

The Ehime Bank understands that speedy and accurate clerical processes are the foundation of sound business operations. We are also very aware of the importance of managing information properly. We use numerous initiatives for the prevention of clerical errors, accidents and fraud. Activities include training programs, the establishment of rules and manuals, and the reinforcement of system checks. We are also upgrading clerical process guidance and education activities.

IT system risk is the risk of incurring losses caused by a problem involving a computer system, such as an interruption in its operation, a mistake in the system’s use, a hardware of software issue, or some other factor. This risk also includes losses caused by the fraudulent use of a computer system.

For the protection of information, the Ehime Bank has a security policy that defines the basic policy and rules for business activities that utilize information. There are different management structures to match the importance of IT systems and information that are utilized.

For the most critical IT systems, we have a back-up center so that business activities are not interrupted even in the event of a powerful earthquake or some other major disaster.

To protect data involving customers, we have an extensive security management system that includes encryption and measures to prevent unauthorized access from external sources. When developing new IT systems, we perform thorough preliminary tests with the goal of preventing problems when the systems become operational.

With respect to cybersecurity risk, we have set up a Computer Security Incident Response Team (CSIRT, pronounced “see-sirt”) to manage countermeasures against cyberattacks, which have grown more sophisticated and serious in recent years and become one of our top management priorities.

We are also formulating and implementing measures to prepare for and prevent security risk incidents before they occur, based on annual planning and ongoing collection and analysis of information on attack trends. These measures include third-party evaluations of our web and email environments and cyber training for employees.

The Ehime Bank Anti-Money Laundering/Combating the Financing of Terrorism (AML/CFT) Committee holds regular meetings and we comply with the AML/CFT Guidelines of the Financial Services Agency announced in February 2018. Furthermore, based on revised guidelines announced in April 2019, we are using results of criminal proceeds transfer risk surveys of the National Public Safety Commission, Financial Action Task Force statements and other information for strengthening our risk management capabilities concerning the increasingly diverse methods used for money laundering and the prevention of involvement with the financing of terrorism.

In addition to the preceding risk management activities, we have a system in place for responding to a crisis, which can be anything from a major earthquake or other natural disaster to the outbreak of a new strain of influenza. We have a business continuity plan, which includes key operations that should receive priority when an emergency occurs, and a framework for taking the necessary actions.

To respond to difficulties created by the global COVID-19 pandemic, we are taking actions as required in accordance with the Ehime Bank business continuity plan.

For cybersecurity risk, which is a category of IT system risk, we have a Computer Security Incident Response Team that implements preventive measures and establishes and operates a framework for dealing with any cybersecurity incidents.

We conduct drills and other training activities to be prepared for emergencies. In the event of a crisis, our first priority is the safety of our customers. In addition, we are reinforcing our ability to continue providing the financial services that our customers require even during a crisis.