Incident Management System

ORIX has rules in place for addressing operational risk incidents, and manages operational risk according to the degree of managerial impact.
As a general rule, when an incident occurs, each department of ORIX Corporation and all consolidated companies promptly report it to the relevant designated department^*1 in accordance with the Group’s common reporting standards. We then follow the basic policies for action prescribed by the regulations to address the incident responsibly and appropriately until it is resolved.
The ERM Department is in charge of the secretariat for managing incidents. This department collaborates with relevant departments and people^*2 responsible for managing specific risks to provide support to the affected departments and companies in accordance with the facts and degree of impact of each case, and remains involved until resolution.
For incidents which are judged to have a material impact on management (or when this is expected to the case), the CEO considers the situation based on facts and makes the final decision about establishing a crisis response headquarters, policies, and initiatives to address the incident. The CEO then leads the crisis response headquarters if established.
We investigate the causes of incidents, implement measures to prevent recurrence, and aim through the appropriate management of operational risk to both improve the satisfaction of our stakeholders and maintain society’s trust in ORIX.

*1 ORIX designates the relevant department to receive reports when an incident occurs according to the specifics of the incident and degree of impact.
*2 ORIX designates persons in charge of addressing incidents according to the facts and degree of impact.

Systems for Incident Management