Risk Management

Our Approach

Strengthening of compliance and risk management is positioned as a key issue in SMBC Group’s Principles of Action on Compliance and Risk. SMBC Group is therefore devoted to improving its systems in these areas in order to become a truly outstanding global group.

Risk Culture

In order for SMBC Group to realize and maintain a sustainable growth in corporate value as a "Top Tier Global Financial Group," each one of our colleagues should think and judge on their own if their actions meet the expectations and requirements of customers, markets, and other stakeholders, not just if they are compliant with laws and regulations. SMBC Group has established "Principles of Action on Compliance and Risk" for every colleague to hold onto as a "keystone" of their daily business. The principles include "Business based on the Risk Appetite Framework" and "We will conduct business operations with risk ownership of the risks, such as credit risk, market risk, liquidity risk, operational risk, and conduct risk, that arise in our own business." Relevant concrete measures to foster a sound risk culture include internal surveys for monitoring the compliance awareness and risk sensitivity of our colleagues, as well as communication of messages from top management to employees and internal training.

Risk Appetite Framework

SMBC Group has introduced a Risk Appetite Framework for controlling group-wide risks that clarifies the types and levels of risk that we are willing to take on or are prepared to tolerate in order to grow profits (risk appetite).

The Risk Appetite Framework is one of two pivots of our business management alongside business strategies. It functions as a management framework for sharing information on the operating environment and risks facing SMBC Group among management and for facilitating appropriate risk taking based thereon.

Risk Appetite Framework Positioning

Risk Appetite Framework Positioning

Risk Appetite Composition

Risk Appetite Composition
  • *1   Conduct risk is the risk that our conduct negatively affects customers, market integrity, effective competition, public interest, and SMBC Group’s stakeholders, through acts that violate laws and regulations or social norms.

Individual risk appetites have been established by strategies for each business unit as necessary based on the overall risk appetite of SMBC Group. Risk appetites are decided during the process of formulating business strategies and management policies with the approval of the Board of Directors. These risk appetites are set based on Top Risks that threaten to significantly impact management and on risk analyses (stress testing) that illustrate the impact if a risk should materialize.

In addition, risk register and Key Risk Events (KRE) are utilized as part of a system for assessing the risks present in new and existing business activities and for verifying the adequacy of Top Risks, risk appetites, and business strategies.

The outlooks for the operating environment and risks and the risk appetite situation are monitored throughout the course of the fiscal year. Risk Appetite Measures and business strategies are revised as necessary. For example, overall risk capital*2 has been selected as an indicator for risk appetite, which displays the soundness of SMBC Group. Overall risk capital is the aggregate of the risk capital amounts for each risk category. Management standards have been set for the upper limit for overall risk capital based on group-wide management constitution. Overall risk capital levels are thus monitored throughout the course of each fiscal year to clearly indicate risk-taking capacity and promote the sound taking of risks.

In addition, specific risk appetite indicators have been set for credit risk, market risk, liquidity risk, and other risk categories to facilitate appropriate management based on a quantitative understanding of risk appetite.

  • *2   The amount of capital required to cover the theoretical maximum potential loss arising from risks to business operations

Top Risks

SMBC Group identifies risks that threaten to significantly impact management as Top Risks.

The selection of Top Risks involves comprehensive screening of risk factors, evaluation of each risk scenario’s possibility of occurrence and potential impact on management, and discussion by the Risk Management Committee and the Management Committee. Top Risks are utilized to enhance risk management by being incorporated into discussions of the Risk Appetite Framework and the formulation of business strategies and into the creation of risk scenarios for stress testing.

Top Risks
  • World economic stagnation
  • Disasters such as large-scale earthquakes, storms, and floods
  • Highly volatiile financial markets/sudden deterioration of the foreign currency funding conditions
  • Inadequate responses to Cyber-attacks
  • Manifestation of a global financial crisis
  • Changes in industrial structure due to technological innovation
  • Japanese economic stagnation
  • Inadequate responses to climate change and conservation of natural capital
  • Japanese fiscal instability
  • Inadequate responses to human rights and other social issues
  • The U.S.-China struggle for supremacy
  • Misconduct damaging customer protection and market integrity
  • Growing tensions around Russia-Ukraine conflict
  • Inadequate preparedness for AML/CFT
  • Unstable situations in Asia and the Middle East
  • Inadequate responses to system failures
  • Political turmoil and social instability
  • Inadequate preparedness for heightened regulatory and supervisory scrutiny
  • Outbreak of serious infectious disease
  • Difficulty in securing human resources
  • Note: The above is only a portion of the risks recognized by SMBC Group. It is possible that the materialization of risks other than those listed above could have a significant impact on our management.

See page 153 of the Appendix for more information on top risks.

Stress Testing

At SMBC Group, we use stress testing to analyze and comprehend the impact on SMBC Group’s businesses of changes in economic or market conditions, in order to plan and execute forward-looking business strategies.

In our stress testing, we prepare multiple risk scenarios including macroeconomic variables such as GDP, equity prices, interest rates, and foreign exchange rates based on the aforementioned Top Risks, discussions with experts and related departments.

When developing business strategies, we set out scenarios assuming stressed business environments such as serious economic recessions and market disruption for the sake of assessing risk-taking capabilities at SMBC Group and verifying whether adequate soundness can be maintained under stress. For example, we are conducting stress testing assuming the deepening of the real estate crisis in China, the changes in monetary policies in Japan, Europe, and the United States, the occurrence of a global financial crisis, and the rise of fiscal concerns in Japan to verify the soundness of SMBC Group’s capital and confirm the appropriate actions to be taken.

During a fiscal year, we will conduct stress testing in a timely manner to assess the potential impact on our business and to take the appropriate actions in case a serious risk event occurs.

In addition, we conduct detailed stress testing for individual risks such as credit risk, market risk, and liquidity risk, so as to decide and review risk-taking strategies. For example, we analyze liquidity risk under a severe scenario that combines idiosyncratic factors of the SMBC Group and market-wide factors.

We are also conducting scenario analyses on physical and transition risks related to climate change.

Please see "Efforts Addressing Climate Change" for information on our approach to climate change

Risk Register

A risk register is formulated by each business unit for the purpose of realizing more sophisticated risk governance and enhancing business units’ risk ownership. In formulating these registers, business units communicate with risk management departments to identify the risks present in their business, and these risks are reflected in business strategies after they have been evaluated and the adequacy of measures for controlling them has been verified.

Key Risk Events

Key Risk Events (KRE), external events that indicate the increased threat of risks, have been identified to ascertain the symptoms of the potential risks. KRE are utilized to analyze and assess how likely similar cases will occur in SMBC Group and what effects such similar cases will have on SMBC Group, and to enhance our risk management system.

Operational resilience

In recent years, the risk environment surrounding financial institutions has been rapidly changing. This includes the emergence of pandemics and increasingly sophisticated cyberattacks, as well as reliance on IT systems and the spread of cloud service use.

To adapt to this environment, in addition to our existing risk management framework, we recognize that strengthening our capability for continued and prompt restoration of critical operations on the assumption of business interruptions—that is, our operational resilience—is a key responsibility that we bear. We are addressing this as follows.

We are striving to ensure effectiveness through reviews based on the internal/external environment and operation of the following cycle:

  • 1. Identify critical operations that could pose significant risk in the event of a disruption in service delivery
  • 2. Set the tolerable time for interruption to critical operations, taking into consideration alternative means, etc.
  • 3. Identify management resources essential to the provision of critical operations and organize their interdependencies
  • 4. Conduct scenario testing to verify the appropriateness of resource allocation, and review periodically

Risk Management Systems

Based on the recognition of the importance of risk management, top management is actively involved in the risk management process, and systems are in place for verifying and monitoring the effectiveness and appropriateness of this process. Specifically, the groupwide basic policies for risk management and the Risk Appetites for the entire SMBC Group are determined by the Management Committee and authorized by the Board of Directors. After that, the status of risk management based on these policies and risk appetites is reported to the Board of Directors by the Group CRO four times per year.

If the outlooks for the operating environment and risks change drastically from the assumption in the beginning of the fiscal year, we will review the Risk Appetite for the entire group in a timely and appropriate manner with approval by the Board of Directors.

We have also clarified related roles and responsibilities of relevant divisions in light of our three lines of defense. With these provisions in place, risk management systems have been established based on the characteristics of particular businesses, and measures are being put in place to strengthen and improve the effectiveness of these systems in accordance with these basic policies for risk management.

Furthermore, SMBC Group is strengthening groupwide risk management systems through the Group CRO Committee and the Global CRO Committee.

SMBC Group's Risk Management System

SMBC Group's Risk Management SystemEnlarge image

Three Lines of Defense

The Basel Committee on Banking Supervision's corporate governance principles for banks recommends "three lines of defense" as a framework for risk management and governance. Based on this framework, we have clarified the roles and responsibilities of each unit, as shown in the table on the right, and we are taking steps to achieve more effective and stronger risk management and compliance frameworks.

Definition of SMBC Group's Three Lines of Defense Enlarge image

Proactive Risk Management in an Uncertain External Environment

We recognize that the external environment surrounding us is extremely uncertain, given that numerous elections will be held in 2024, including the U.S. presidential election, which is expected to change the political environment globally, and that geopolitical risks, such as Russia's invasion of Ukraine and Middle East conflicts involving Iran, Hamas, and Israel, continue to be of great concern.

We identify risks arising from such an environment as top risks and respond, following risk analysis, including stress testing and discussions at the Management Committee, the Risk Committee, and the Board of Directors.

We will ensure appropriate risk management by continuing to capture early signs of risk events through the collection of information of external environment and by working closely and globally with relevant departments.