Risk Management and Risk Governance
Risk Management
ORIX has established a company-wide risk management system to accurately identify and appropriately manage the various risks associated with our business activities. The Board of Directors has ultimate oversight responsibility for the overall management of the company, including risk management, and determines company-wide policies and basic frameworks.
The Representative Executive Officers (CEO and COO) are responsible for establishing and maintaining the risk management systems necessary for the operation of each business division based on the company-wide risk appetite which is in turn based on the business strategy established by the Board of Directors. Responses to various risks are decided through deliberation bodies such as the Executive Committee, which is chaired by the CEO, and the Investment and Credit Committee. The status of risk management in the business divisions is monitored through coordinated efforts of the internal control-related functions. Specifically, each business division formulates within its annual business plan a risk management plan which takes into account the risks specific to its business. Furthermore, through an annual self-verification program, the division identifies risks that could have a significant impact on business operations and verifies whether the division is adequately addressing these significant risks. The ERM department continuously evaluates company-wide risks, including credit risk, market risk, liquidity risk, and operational risk, and provides support for improvements as necessary. Through these procedures, we secure the effectiveness of company-wide risk management.
Risk Governance
ORIX has established and operates an internal control system that takes into account risk management, compliance, Group company management, audit systems, and other aspects in order to respond quickly and flexibly to changes in the business environment and enable efficient business execution and effective management. The Board of Directors bears ultimate responsibility for this risk governance system and its operation, and determines the overall approach. ORIX has established the following division of roles based on the three-line defense model in order to implement robust risk governance. Business divisions (first line) identify, assess, and manage risks related to their assigned business operations in accordance with the policies and frameworks established by internal control-related departments. Internal control-related departments (second line) monitor the risk response status of business divisions from a specialized, cross-company perspective and encourage improvements as necessary. The internal audit department (third line), independent from business divisions and internal control-related departments, verifies and evaluates the effectiveness of the entire risk governance process and recommends corrective measures if any deficiencies are identified. In addition, external and internal reporting hotlines complement our risk governance as a mechanism for identifying signs of risk incidents.
Summary of ORIX's Internal Control System (with some additions) (As of June 30, 2025)

Executive bodies manage risk under the supervision of the Board of Directors. These bodies and their responsibilities are as follows.
Executive Bodies | Roles |
---|---|
Executive Committee | Deliberates on capital policy, asset and liability management, accounting and taxation, compliance, personnel, and other important management matters. Reports to the Board of Directors as necessary. |
Investment and Credit Committee | Deliberates on specific investment and lending transactions. If needed, matters are additionally deliberated by the Executive Committee and reported to the Board of Directors. |
Information Technology Management Committee | Deliberates on important matters concerning fundamental IT policies and strategies as well as the introduction and maintenance of IT systems. |
Sustainability Committee | Deliberates on important matters related to sustainability. Reports to the Board of Directors as necessary. |
Disclosure Committee | Aggregates important information, considers needs and methods for timely disclosure, and coordinates disclosure. |
Business Unit Strategy Meeting | A forum for business unit managers to discuss strategy and changes in the business environment with top management. |
Group Executive Officer Committee | A forum for all executive officers to share important information related to Group business administration. |