Basic Policy for Risk Management
The Asset Management Company understands the locations, types and characteristics of risks and has established a system to manage each type, because accurately understanding the various risks inherent to managing One REIT's assets and appropriately managing potential resulting losses is key to investor protection.
In risk management, risk is defined as the possibility of future loss or the uncertainty of expected profit or achievement of objectives. Our basic approach in managing One REIT's assets is to identify risks, analyze their likelihood of occurrence and impact and consider and implement policies to deal with each appropriately.
Risk Management System
The Asset Management Company has established the Risk Management Regulations as its basic policy for risk management in managing One REIT's assets, Investment Risk Reporting Rules for investment risks, and internal regulations such as its Basic Policy for Administrative Risk Management and Operational Guidelines for Risk Event Records for administrative errors. In addition, we use a Risk Monitoring Checklist for risk management (identification, analysis, evaluation, monitoring, and implementation and verification of activities to mitigate risks).
The board of directors oversees the development of an appropriate risk management system based on an awareness of risks and their nature. The head of the Compliance Office is responsible for overall risk management while the head of each department is responsible for risk management in their own department. They manage risks by recognizing the nature, etc. of each risk and formulating appropriate management methods.
Performance
The number of times risk management was implemented will be posted after the aggregation of data.
- Number of risk management processes implemented Twice in FY2023.
Management of External Suppliers
Even in cases where the Asset Management Company outsources clerical work to an external supplier, it is not exempt from final responsibility for the outsourced work. Therefore, to protect the profits of the Asset Management Company’s investors and ensure sound governance, it manages the external suppliers that it selects in an appropriate manner.
Performance
The implementation rate of ongoing assessments of external suppliers will be posted after the aggregation of data.
- Implementation rate of ongoing assessments of external suppliers (PMs, etc.): 100.0% implementation rate in FY2023
Business Continuity Planning (BCP)
In accordance with the Basic Policy on Business Continuity Management of its sponsor, Mizuho Trust & Banking Co., Ltd., the Asset Management Company has formulated a Business Contingency Plan (BCP) with its parent company, Mizuho Realty One Co., Ltd., based on which it strives to avoid being placed in circumstances where maintaining operations is difficult due to the occurrence of a large-scale natural disaster, terrorist attack, pandemic, etc. Furthermore, to increase the effectiveness of BCP, the Asset Management Company also participates in safety confirmation training for the purpose of rapidly understanding the circumstances and safety of officers and employees in the event of a disaster and in evacuation drills, etc. at the head office building for the purpose of improving disaster awareness, which are conducted by Mizuho Realty One Co., Ltd.
Performance
The actual record will be posted after the aggregation of data.
- Number of times safety confirmation training was held: Twice in FY2023
- Number of times building evacuation drills were held: Twice in FY2023
Cybersecurity
The safe, stable operation of systems is a basic premise of securing investment markets' confidence in the Asset Management Company and ensuring appropriate governance, and improving and strengthening risk management systems is extremely important. the Asset Management Company's management, including the Board of Directors, therefore recognizes the importance of cybersecurity, and based on an outsourcing agreement, it entrusts tasks relating to cybersecurity to its parent company, Mizuho Realty One Co., Ltd., which implements the following measures.
System that does not permit infiltration by cyberattacks (system settings)
- Optimizing network equipment settings
- Introducing security software and optimizing updates
- Blocking remote access from equipment whose security settings are unknown, etc.
System that does not permit infiltration by cyberattacks (user education)
- In recognition of the risk of cyberattacks, conducting training and sharing examples of attacks for the purpose of enhancing resilience when cyberattacks occur
Constructing backup systems for the purpose of minimizing damage when cyberattacks occur
Performance
The number of times training on system risk was implemented will be posted after the aggregation of data.
Number of system risk drills: twice drills to counter targeted email attacks in FY2023