The GMO Internet Group always aims to prevent and reduce risks and is dedicated to strengthening its risk management to ensure the smooth continuation of business activities.
If a large risk does arise, we will respond in a swift and fitting manner based on the Venture Spirit Declaration and the GMO Internet Group Compliance Declaration to minimize the damage (loss) incurred by humanity, society, and the economy. In the unlikely event of a risk arising, we will strive to have an ever prepared and operational risk management system that can respond immediately.
By having an effective risk management system in place, our goal as a group is to protect our services, our customers, and our partners (employees) and create smiles and inspire everyone involved as we continue to grow.
The management system has been established in the group to be able to respond quickly to risks by determining the effects (risks) and uncertainties of achievement of the management targets in relation to the changes in the current business environment. For an understanding and analysis of the risks from various perspectives, the Group Risk Management Division: shares information with each department and the group companies; reports to the Risk Management Committee, which is made up of Deputy to the Group CEO and related general managers, about the identified risks; and gives the Committee an update on risks. The Risk Management Committee: identifies persons (risk owners) responsible for selecting and coping with the important risks; examines measures; gives instructions; and regularly reports at the Board of Directors meeting about the activity details.
The method of risk management
GMO Internet Group identifies significant risks affecting the GMO Internet Group’s brand image and management based on the result of the evaluation and establishment of each subsidiary's own risks taking into account the specialized nature of GMO’s various operations and guidelines such as COSO and GRI. We evaluate the identified risks, based on the impact and the likelihood of their occurrence, and a policy and a material risk that must be intensively managed are decided by the Risk Management Committee. We address the risk based on the policy, and the Group Risk Management Division gives an update on it, monitors the status of improvements, and refocuses the risk area. We manage the company-wide risk through the above process (a PDCA cycle). The Risk Management Committee is also responsible for the Compliance Declaration, which is regularly made known to partners. It has established the methods to report material risk information of incidents and fraudulent acts, etc. at a Group company, aims at rapid initial response, strives for containment at an early stage, and provides support to prevent a recurrence.
Internal reporting system
GMO Internet Group has established various helplines to respond properly to stakeholders' feedback, questions, and concerns.
GMO Helpline/Nadeshiko Helpline
In order to discover, ameliorate, or prevent all compliance risks, including overall bribery and corruption prevention in business activities, and human rights infringements at an early stage, we have a system that enables partners to consult with the company or solve problems, without undue worry, if they become aware of fraudulent acts or illegal acts in work, or if they see or hear acts that may be illegal though it’s uncertain whether the acts are clearly illegal. We also have female consultants in case the female partners are unlikely to consult with male consultants (available for use by male partners as well). Whistleblowing can also be anonymous.
Personal information, comments, or details of the consultation of individuals who consult with us will be managed under strict guard and we will never leak them to third parties without their acceptance. Retaliation against partners who have reported violations of laws and regulations to the company is prohibited if the reason behind it is whistleblowing.
External helpline to report problems
If the actions of our directors, partners, etc. are a possible violation of laws and regulations, we have an external helpline to report (or facilitate consultation on) those problems. This helpline is available for use by anyone outside the company, which includes customers and retired workers. Whistleblowing can also be anonymous.
The company has positively viewed the protection of information security as one of its key social responsibilities and formulated the Basic Information Security Policy and Twelve Commandments of Information Security Conduct Guidelines, and the management system has been established. Regarding cloud computing services targeting companies, for the purpose of protecting information assets from various threats and minimizing the risks, we have established an information security management system (ISMS) and acquired the certification of International Standard ISO27001.
Furthermore, GMO Internet Group owns GMO Cybersecurity by Ierae, Inc., which is Japan's leading white hat hacker organization, and has been providing a high degree of security measures against cyberattacks that are increasing significantly in and outside of Japan. In addition to vulnerability diagnosis for web and smartphone applications (security diagnosis) and penetration tests within the Group, GMO Internet Group implements initiatives to continue a sustainable business operation through guidance and seminars on cyber defense for partners who belong to our group.
At GMO Internet Group, in order to gain our customers' trust, we take care to maintain high moral standards and engage in fair business practices taking into account the specialized nature of GMO’s operations. GMO Internet Group will comply with guidelines relating to personal information protection set forth by the government agencies or industry associations and the laws and regulations.