Internal Audit

In order to contribute to the continuous enhancement of SMBC Group’s corporate value, we conduct assessments on the effectiveness of internal controls of each Business Unit, Risk Management and Compliance Departments, and other departments from an independent standpoint.

The purpose of internal audit at SMBC Group is to enhance and preserve the Group’s value by providing risk-based and objective assurance, advice, insights, and foresight to management and the Board of Directors from a standpoint independent of each Business Unit, Risk Management and Compliance Departments, and other departments.

SMBC Group’s Internal Audit Unit (Third Line of Defense) has been established to assure independence from the Business Units (First Line of defense) and Risk Management and Compliance Departments, etc. (Second Line of Defense). The Group CAE oversees Group-wide internal audit activities.

The Internal Audit Department of the Company conducts internal audits of the Company and Group companies, in accordance with the “Group Internal Audit Charter” and the basic audit policy approved by the Board of Directors and the Audit Committee. In addition, by continuously monitoring the internal audit activities of Group companies, we assess the appropriateness and effectiveness of the Group’s internal control framework. Major audit findings are promptly reported to the Board of Directors, Audit Committee, and Group Management Committee.

See Risk Management for details on the Three Lines of Defense.

• Risk Management 

Under the slogan of “One Team, New Audit,” SMBC Group has adopted the steady practice of “Audits That Contribute to Management,” as its core policy to support the realization of the Group’s “Growth with Quality.”

In addition to reporting individual audit findings, we are further contributing to enhancing the Group’s value by practicing Audits That Contribute to Management through analysis and reporting of the root causes which are common to multiple audit findings.

To ensure the steady implementation of “Audits That Contribute to Management,” SMBC Group is focusing on strengthening collaboration with management and the First and Second Lines of Defense, advancing audit frameworks, at both the group and the globe, and actively engaging in audits in emerging areas that attract significant public attention. We are also actively incorporating technologies, such as generative AI, to enhance audit effectiveness.

SMBC Group regularly hosts discussions with business unit heads, Group CxOs, and other parties to better understand executive perspectives on risk awareness.

We also continue to implement initiatives that strengthen constructive dialogue and collaboration with our First and Second Lines of Defense. Notably, we are expanding our Management Self-Identified Issues (MSII) framework, initially introduced at our overseas sites in Europe and North America, to domestic locations. This system enables departments, subject to audit, to actively report their self-identified issues and improvement plans to the Internal Audit Unit, helping embed the practice across the group and the globe. To deepen our understanding of dayto- day operations and to remain vigilant on evolving risks, we actively conduct off-site monitoring, such as collecting risk-related information and conducting interviews, and revise the audit plans accordingly.In support of more agile and cohesive communication with First Line and Second Line departments, the audit sections of both the Company and Sumitomo Mitsui Banking Corporation are organized in alignment with business unit and Group CxO structures. Moreover, we continuously share the significance of these initiatives aimed at the implementation of “Audits That Contribute to Management” along with information useful for site operations, through internal newsletters and seminars.

SMBC Group not only complies with the standards of the Institute of Internal Auditors (IIA), an international internal audit organization, but also actively adopts advanced practices from financial institutions in Japan and overseas. We are working to standardize audit procedures and systems and enhance quality assessment.

To address common issues across regions, we have established cross-regional expert teams that share information globally on daily operations and issues as needed. Additionally, we comprehensively share audit achievements and challenges from each region in global meetings to further improve the overall quality of the internal audit function.

SMBC Group is enhancing the audit capabilities of each Group company through information-sharing, unifying audit procedures across the Group, and holding joint meetings. We also continuously support Group companies’ Internal Audit departments by dispatching auditors and providing audit programs and reports.

Furthermore, to strengthen collaboration among Group companies, the Internal Audit departments of the Company, Sumitomo Mitsui Banking Corporation/SMBC Nikko Securities, and SMBC Trust Bank are co-located in the same building to promote more cooperative and integrated operations.

Our Internal Audit Department has appointed engagement ambassadors who formulate and promote initiatives to improve engagement for the purpose of fostering a sense of unity among auditors. Additionally, we have introduced a mentorship program where experienced auditors advise less-experienced staff one-on-one. We have also revised office layouts to encourage more communication and are holding group-wide sessions to deepen mutual understanding of each audit team’s work. Through these efforts, we are actively creating an environment that fosters a “One Team” mindset.

SMBC Group has established various programs to cultivate motivation and foster the development of individual auditors, encouraging them to actively pursue ongoing self improvement.

These efforts include practical training and support for obtaining international certifications such as Certified Internal Auditor (CIA) and Certified Information Systems Auditor (CISA), in order to enhance auditors’ expertise. We have also defined group-wide departmental KPIs, such as annual training goal progress rates and the rate of certification attainment rates. In addition to core auditing skills, we offer a wide range of training opportunities to develop key competencies necessary for audit activities, including communication and problem-solving skills, thereby promoting the overall growth of our auditors.

SMBC Group is also exploring audits in socially significant fields such as climate change, corporate culture, and the use of AI. By actively incorporating insights from Japan and abroad, and verifying the appropriateness of policies and rules, as well as their adaptability to future change, we aim to stay aligned with the diversification of SMBC Group's business.

To enhance early risk detection and improve audit efficiency, the Internal Audit Department has established a dedicated team specializing in the advancement of audit practices through the use of AI and data analytics. Key initiatives of the team include AI-based systems to detect inappropriate communications through email and recorded phone conversations, as well as AI models, trained on past audit results and various internal indicators, to assess risk levels at each branch. These efforts reflect our proactive use of technology and data. We will continue to expand these practices across the group and the globe.