Risk Management and Risk Governance

Risk Management

ORIX has established a company-wide risk management system to accurately identify and appropriately manage the various risks associated with our business activities. The Board of Directors has ultimate oversight responsibility for the overall management of the company, including risk management, and determines company-wide policies and basic frameworks.
The Representative Executive Officers (CEO and COO) are responsible for establishing and maintaining the risk management systems necessary for the operation of each business division based on the company-wide risk appetite which is in turn based on the business strategy established by the Board of Directors. Responses to various risks are decided through deliberation bodies such as the Executive Committee, which is chaired by the CEO, and the Investment and Credit Committee. The status of risk management in the business divisions is monitored through coordinated efforts of the internal control-related functions. Specifically, each business division formulates within its annual business plan a risk management plan which takes into account the risks specific to its business. Furthermore, through an annual self-verification program, the division identifies risks that could have a significant impact on business operations and verifies whether the division is adequately addressing these significant risks. The ERM department continuously evaluates company-wide risks, including credit risk, market risk, liquidity risk, and operational risk, and provides support for improvements as necessary. Through these procedures, we secure the effectiveness of company-wide risk management.

Risk Governance

ORIX has established and operates an internal control system that takes into account risk management, compliance, Group company management, audit systems, and other aspects in order to respond quickly and flexibly to changes in the business environment and enable efficient business execution and effective management. The Board of Directors bears ultimate responsibility for this risk governance system and its operation, and determines the overall approach. ORIX has established the following division of roles based on the three-line defense model in order to implement robust risk governance. Business divisions (first line) identify, assess, and manage risks related to their assigned business operations in accordance with the policies and frameworks established by internal control-related departments. Internal control-related departments (second line) monitor the risk response status of business divisions from a specialized, cross-company perspective and encourage improvements as necessary. The internal audit department (third line), independent from business divisions and internal control-related departments, verifies and evaluates the effectiveness of the entire risk governance process and recommends corrective measures if any deficiencies are identified. In addition, external and internal reporting hotlines complement our risk governance as a mechanism for identifying signs of risk incidents.

Summary of ORIX's Internal Control System (with some additions) (As of June 30, 2025)

Executive bodies manage risk under the supervision of the Board of Directors. These bodies and their responsibilities are as follows.