Strengthening of compliance and risk management is positioned as a key issue in SMBC Group’s Principles of Action on Compliance and Risk. SMBC Group is therefore devoted to improving its systems in these areas in order to become a truly outstanding global group.
In order for SMBC Group to realize and maintain a sustainable growth in corporate value as a “Top Tier Global Financial Group,” each one of our colleagues should think and judge on their own if their actions meet the expectations and requirements of customers, markets, and other stakeholders, not just if they are compliant with laws and regulations.
SMBC Group has established “Principles of Action on Compliance and Risk” in order for every colleague to hold onto as a “keystone” of their daily business. The principles include “Business based on the Risk Appetite Framework” and “We will conduct business operations with risk ownership of the risks, such as credit risk, market risk, liquidity risk, operational risk, and conduct risk, that arise in our own business.” Concrete measures include internal surveys for monitoring the compliance awareness and risk sensitivity of our colleagues as well as internal training for fostering a sound risk culture.
Risk Appetite Framework
SMBC Group has introduced a Risk Appetite Framework for controlling group-wide risks that clarifies the types and levels of risk that we are willing to take on or are prepared to tolerate in order to grow profits (risk appetite).
The Risk Appetite Framework is one of two pivots of our business management alongside business strategies.
It functions as a management framework for sharing information on the operating environment and risks facing SMBC Group among management and for facilitating appropriate risk taking based thereon.
Risk Appetite Framework Positioning
Risk Appetite Composition
- *1 Conduct risk is the risk that our conduct negatively affects customers, market integrity, effective competition, public interest, and SMBC Group’s stakeholders, through acts that violate laws and regulations or social norms.
Individual risk appetites have been established by strategies for each business unit as necessary based on the overall risk appetite of SMBC Group. Risk appetites are decided during the process of formulating business strategies and management policies. These risk appetites are set based on Top Risks that threaten to significantly impact management and on risk analyses (stress testing) that illustrate the impact if a risk should materialize.
In addition, risk register and Key Risk Events (KRE) are utilized as part of a system for assessing the risks present in new and existing business activities and for verifying the adequacy of Top Risks, risk appetites, and business strategies.
The outlooks for the operating environment and risks and the risk appetite situation are monitored throughout the course of the fiscal year. Risk Appetite Measures and business strategies are revised as necessary. For example, overall risk capital*2 has been selected as an indicator for risk appetite, which displays the soundness of SMBC Group.Overall risk capital is the aggregate of the risk capital amounts for each risk category. Management standards have been set for the upper limit for overall risk capital based on group-wide management constitution. Overall risk capital levels are thus monitored throughout the course of each fiscal year to clearly indicate risk-taking capacity and promote the sound taking ofrisks.
In addition, specific risk appetite indicators have been set for credit risk, market risk, liquidity risk, and other risk categories to facilitate appropriate management based on a quantitative understanding of risk appetite.
- *2 The amount of capital required to cover the theoretical maximum potential loss arising from risks of business operations.
SMBC Group identifies risks that threaten to significantly impact management as Top Risks.
The selection of Top Risks involves comprehensive screening of risk factors, evaluation of each risk scenario’s possibility of occurrence and potential impact on management, and discussion by the Risk Management Committee and the Management Committee. Top Risks are utilized to enhance risk management by being incorporated into discussions of the Risk Appetite Framework and the formulation of business strategies and into the creation of risk scenarios for stress testing.
The above is only a portion of the risks recognized by SMBC Group. It is possible that the materialization of risks other than those listed above could have a significant impact on our management.
Please see Appendix for Top Risks.
At SMBC Group, we use stress testing to analyze and comprehend the impact on SMBC Group’s businesses of changes in economic or market conditions, in order to plan and execute forward-looking business strategies.
In our stress testing, we prepare multiple risk scenarios including macroeconomic variables such as GDP, stock prices, interest rates, and foreign exchange rates based on the aforementioned Top Risks, discussions with experts and related departments.
When developing business strategies, we set out scenarios assuming stressed business environments such as serious economic recessions and market disruption for the sake of assessing risk-taking capabilities at SMBC Group and verifying whether adequate soundness can be maintained under stress.
During a fiscal year, we will undertake stress testing on a flexible basis to assess the potential impact on our business and to take the appropriate response in case a serious risk event occurs. For example, stress tests have been conducted with regard to the intensifying struggle for supremacy between the U.S. and China, and the prolonged impacts of the COVID-19 pandemic, to verify the soundness of SMBC Group’s capital and confirm the appropriate actions to be taken.
In addition, we conduct detailed stress testing for individual risks such as credit risk, market risk, and liquidity risk, so as to decide and review risk-taking strategies.
We are also in line with the recommendations of the Task Force on Climate-related Financial Disclosures (TCFD). As part of our efforts in this regard, we have included climaterelated risk* in our Top Risks, and scenario analyses on physical and transition risks have been conducted to estimate the potential credit-related expenses.
- * Natural disasters resulting from extreme weather (physical risks) and carbon-related stranded assets due to the transition to a carbon-neutral society (transition risks) and so forth.
A risk register is formulated by each business unit for the purpose of realizing more sophisticated risk governance and enhancing business units’ risk ownership. In formulating these registers, business units communicate with risk management departments to identify the risks present in their business, and these risks are reflected in business strategies after they have been evaluated and the adequacy of measures for controlling them has been verified.
Key Risk Events
Key Risk Events (KRE), external events that indicate the increased threat of risks, have been identified to ascertain the symptoms of the potential risks. KRE are utilized to analyze and assess how likely similar cases will occur in SMBC Group and what effects such similar cases will have on SMBC Group, and to enhance our risk management system.
Risk Management Systems
Based on the recognition of the importance of risk management, top management is actively involved in the risk management process, and systems are in place for verifying and monitoring the effectiveness and appropriateness of this process. Specifically, the group-wide basic policies for risk management and the Risk Appetites for entire SMBC Group are determined by the Management Committee and authorized by the Board of Directors. After that, the status of risk management based on these policies and risk appetites is reported to the Board of Directors by the Group CRO four times per year.
If the outlooks for the operating environment and risks change drastically from the assumption in the beginning of the fiscal year, we will review the Risk Appetite for entire group in a timely and appropriate manner with approval by the Board of Directors.
Also, we have defined three lines of defense and clarified related roles and responsibilities of relevant divisions. With these provisions in place, risk management systems have been established based on the characteristics of particular businesses, and measures are being put in place to strengthen and improve the effectiveness of these systems in accordance with these basic policies for risk management.
Furthermore, SMBC Group is strengthening group-wide risk management systems through the Group CRO Committee and the Global CRO Committee.
SMBC Group's Risk Management System
Definition of SMBC Group's Three Lines of Defense
The Basel Committee on Banking Supervision’s “Corporate governance principles for banks” recommends “three lines of defense” as a framework for risk management and governance. Based on this framework, we have clarified the roles and responsibilities of each unit as indicated below and we are taking steps to achieve more effective and stronger risk management and compliance systems.
Response to the COVID-19 Pandemic
The rapid changes seen around the world in FY2020 in the circumstances surrounding the COVID-19 pandemic made for a consistently opaque global economic outlook. In response to this uncertainty, SMBC Group strove to respond to customer funding demands to the greatest extent possible while using stress tests and up-to-date information to quantitatively assess the adequacy of capital and liquidity whenever deemed necessary.
Furthermore, we reinforced information security and practiced exhaustive information management to combat the cyber attack and financial crime risks arising in response to changes in lifestyles and workstyles.
These verification processes and risk countermeasures will continue to be implemented based on discussion by the Management Committee and the Risk Committee going forward.