Risk Management

Basic Approach

Since SMBC Group has positioned strengthening of compliance and risk management as a key issue, it is devoted to improving its systems in these areas in order to become a truly outstanding global group.

Risk Management Systems

Based on the recognition of the importance of risk management, top management is actively involved in the risk management process, and systems are in place for verifying and monitoring the effectiveness and appropriateness of this process. Specifically, the group-wide basic policies for risk management and the risk appetites are determined by the Management Committee and authorized by the Board of Directors. After that, the status of risk management based on these policies and risk appetites is reported to the Board of Directors by the Group CRO.

If the outlooks for the operating environment and risks change drastically from the assumption in the beginning of the fiscal year, we will review the Risk Appetite for the entire group in a timely and appropriate manner with approval by the Board of Directors. Furthermore, SMBC Group is strengthening groupwide risk management systems through the Group CRO Committee and the Global CRO Committee.

SMBC Group’s Risk Management System

SMBC Group’s Risk Management SystemDisplay enlarged image

Three Lines of Defense

The Basel Committee on Banking Supervision’s corporate governance principles for banks recommends “three lines of defense” as a framework for risk governance. Based on this framework, SMBC Group has clarified the roles and responsibilities of each unit.

Principal Organizations Roles and Responsibilities
First Line
Business Units
As risk owners concerning their operations, business units shall identify/evaluate risks and implement measures to reduce and manage risks accordance with the basic principles provided by Second Line. They shall also monitor risks and report within First Line and to Second Line. Additionally, they shall work to create and foster a sound risk culture.
Second Line
Risk Management and Compliance Departments
The Risk Management and Compliance Departments shall draft and develop basic principles and frameworks in order to establish risk management and compliance systems as well as provide oversight, monitoring, and develop training programs for First Line.
Third Line
Audit Department
Independent from First Line and Second Line, the Audit Department shall assess and verify the effectiveness and appropriateness of risk management and compliance systems, and report as well as provide recommendations to the Audit Committee and the SMBC Group Management Committee.

Risk Culture

In order for SMBC Group to realize and maintain a sustainable growth in corporate value as a Top Tier Global Financial Group, each one of our colleagues should think and judge on their own if their actions meet the expectations and requirements of customers, markets, and other stakeholders, not just if they are compliant with laws and regulations. SMBC Group has established the “Behavioral Guideline on Compliance and Risk” for every colleague to hold onto as a “keystone” of their daily business, providing a proper way to look at compliance and risk. Relevant concrete measures to foster a sound risk culture include internal surveys for monitoring the compliance awareness and risk sensitivity of our colleagues, as well as communication of messages from top management to employees, internal training, and a commendation system.

Behavioral Guideline on Compliance and Risk

Behavioral Guideline on Compliance and RiskDisplay enlarged image

Risk Appetite Framework

SMBC Group has introduced a Risk Appetite Framework for controlling group-wide risks that clarifies the types and levels of risk that we are willing to take on or are prepared to tolerate in order to grow profits (risk appetite). It is one of two pillars of our business management alongside business strategies. In formulating business strategies and related matters, particularly significant management risks are identified as “top risks,” and risk analysis is conducted through stress testing. Taking into account the potential impact should risks materialize, the Board of Directors sets the risk appetite for each risk category, such as credit risk, market risk, and liquidity risk. Furthermore, individual risk appetites have been established for each business unit based on the business's strategy and the overall risk appetite of SMBC Group to facilitate appropriate management.

The outlooks for the operating environment and risks and the risk appetite situation are monitored throughout the course of the fiscal year. Measures and business strategies are revised in a flexible manner.

Additionally, in light of rising geopolitical risks, cyberattacks, and the increasing frequency of natural disasters, each posing a serious threat to business operations, we are working to strengthen our operational resilience. This includes not only our existing risk management framework, but also the ability to maintain critical operations and recover swiftly in the event of a disruption.

Risk Appetite Framework Positioning

Risk Appetite Framework PositioningDisplay enlarged image
Top Risks*
  • Political turmoil and social instability
  • Intensification of U.S.- China struggle for supremacy
  • Growing tensions over Russia-Ukraine conflict
  • Unstable situations in Asia and the Middle East
  • Increasing threats in cyberspace
  • World economic stagnation
  • Highly volatile markets, sudden deterioration of Non-JPY funding
  • Manifestation of a global financial crisis
  • Japanese economic stagnation
  • Japanese fiscal instability
  • Outbreak of serious infectious disease
  • Increase in disasters such as large-scale earthquakes, storms, and floods
  • Delayed response to industry structural changes caused by technological innovation
  • Sophistication of disinformation and unexpected rapid spread of information
  • Divide in policy, regulation and social norm on environment and human rights issues
  • Misconduct damaging customer protection and market integrity
  • Inadequate preparedness for AML/CFT
  • Inadequate responses to system failures
  • Inadequate preparedness for heightened regulatory and supervisory scrutiny
  • Difficulty in securing human resources
  • Note: The above is only a portion of the risks recognized by SMBC Group. It is possible that the materialization of risks other than those listed above could have a significant impact on our management.

See the Appendix for more information on top risks.

Stress testing

At SMBC Group, in addition to detecting early signs of risk through the collection of information on external events and other factors, we use stress testing to analyze and comprehend the impact of changes in economic or market conditions on SMBC Group's businesses, in order to plan and execute forward-looking business strategies. Based on the identification of top risks and discussions with experts, we develop scenarios that assume severe conditions such as deep recessions or market turmoil, in order to assess the Group’s risk-taking capacity and verify whether financial soundness can be maintained under stress.

In addition, when significant risk events occur during the fiscal year, we swiftly conduct stress tests to explore appropriate response measures.

Beyond these assessments, we also carry out detailed stress testing for credit, market, and liquidity risks, using the results to inform and revise our risk-taking policies.

Risk register

A risk register is formulated for the purpose of realizing more sophisticated risk governance and enhancing business units’ risk ownership. In formulating these registers, business units communicate with risk management departments to identify the risks present in their business, and these risks are reflected in business strategies after they have been evaluated and the adequacy of measures for controlling them has been verified.