As a provider of sophisticated financial services, Nomura Group recognizes that enhancing risk management is the most important management issue in helping to solve social issues and achieving sustainable growth. We are promoting group-wide efforts to enhance risk management, including promoting an appropriate risk culture among all people working in Nomura Group.
Risk Management Policy
Nomura Group is working to enhance our people’s knowledge and understanding of risks, as well as to properly recognize, evaluate and actively manage risks. We manage risks in accordance with the Code of Conduct, and in doing so we not only comply with rules and regulations, but also understand the reasons those rules and regulations were put in place, and manage risks based on high ethical standards. If risk management-related concerns or issues arise, we have a responsibility to proactively and promptly bring those concerns to managers and relevant departments, so as to ensure that the related risks are properly recognized and managed appropriately.
Fostering a sound risk culture is essential in order for risk management and a sense of responsibility to take root. In order to identify as many risks as possible that could lead to significant losses, we strive to understand the nature, impact, and probability of risks associated with our day-to-day operations and the products we handle. As a general rule, we strive to avoid risks that are difficult to identify and manage. In addition, recognizing the existence of unforeseen risks that cannot be identified at present, as financial professionals we work to increase our knowledge about risks and develop a corporate culture of correctly recognizing, assessing and managing risks.
The Three Lines of Defense in Risk Management
Nomura Group has adopted the following layered structure on the grounds that all employees are accountable for proactively managing risk.
First Line of Defense: Departments That Control Risk as Risk Owners
Departments involved in the first line of defense are responsible for complying with the risk management framework comprising the Risk Appetite Statement, company policies and procedures, as well as risk limits and other matters prescribed therein. In addition to complying with internal rules, they are responsible for appropriately managing risks in accordance with the Code of Conduct. Moreover, they develop systems to identify and manage risks by themselves by making appropriate use of the infrastructure, information, and analysis provided by the second line of defense.
Second Line of Defense: Departments That Monitor and Challenge Risk Management
Departments involved in the second line of defense develop a framework to appropriately manage risk and support the risk management activities of the first line of defense, monitor whether the business activities of the first line of defense are in line with the risk appetite, and report to the Board of Directors and management. In addition, they evaluate the risk management system developed by the first line from an independent position.
Third Line of Defense: Internal Audit
Departments of the third line of defense (Internal Audit) independently verify and evaluate the effectiveness of the first and second lines of defense respectively. The first line of defense manages risks appropriately in accordance with the Code of Conduct, the second line of defense supports the risk management activities and monitors the business activities of the first line of defense.
Risk Appetite Statement
To promote integrated risk management, Nomura Group defines risk appetite as the types and level of risk that Nomura Group is willing to assume in pursuit of its strategic objectives and business plans. The Risk Appetite Statement documents these types and levels of risk in writing.
The Risk Appetite Statement is approved by the Executive Management Board and receives the consent of the Board Risk Committee.
Compliance with the Risk Appetite Statement is monitored. In FY2021/22, we specified our policy of conducting risk management in accordance with the Nomura Group Code of Conduct, and specifically defined the roles and responsibilities of each of the three lines of defense.
Categories for Which Risk Appetite is Established
|Capital Adequacy and Liquidity||Nomura Group defines the level of capital adequacy and sound liquidity as risk appetite, taking into account the regulatory requirements, funding capacity, and business environment.|
|Financial Risk||Nomura Group allocates financial resources to each business in order to achieve corporate strategies and business plans, while remaining within the bounds of the risk appetite for capital adequacy and liquidity. Nomura Group defines the types and levels of financial risks that each business takes within its allocated resources as financial risk appetite.
In setting the financial risk appetite, Nomura Group classifies market and credit risks into segments according to the nature of business, and uses quantitative metrics or qualitative indicators as well as processes to capture these characteristics.
|Non-Financial Risk||Non-financial risks exist in daily activities and processes, and can result in a financial loss or significant adverse impact on Nomura Group, our clients and financial markets. It is therefore everyone's responsibility to manage non-financial risks in line with Nomura Group's risk appetite.|
Financial risk is the possibility of losses arising from Nomura Group's portfolio of financial instruments and financial transactions due to various factors. It consists of the following risks.
Nomura Group manages these risks by (1) setting limits, imposing risk charges, and limiting holdings; (2) managing the concentration risk of the obligor group and portfolio through individual review and approval processes; (3) determining the feasibility and terms of new transactions through individual deliberations; and (4) establishing a robust framework through requirements definition and process building.
|Mark to Market Risk||Risk of incurring losses due to a change in the value of assets or liabilities resulting from movements in interest rates, currencies, and prices of stocks and other securities.|
|Market Liquidity Risk||Risk that trading costs will increase due to the time taken to close positions, or that trading will become unfeasible due to rapid changes in the market.|
|Default Risk||Risk of incurring losses when a counterparty or issuer fails to meet its obligations.|
|Event Risk||Risks inherent in specific financial transactions, such as losses from events caused by discontinuous changes in the market. Events may or may not result from fluctuations in financial markets.|
|Model Risk||Nomura Group uses models for valuation of financial instruments, for measurement of key risks including Value at Risk and counterparty exposure, for estimating liquidity, and for asset price verification.
Model uncertainty due to simplification, incorrect use of a model, or reduced model suitability in the current market environment can lead to financial losses and failure to satisfy regulatory requirements. This is called model risk.
Non-financial risk includes Operational Risk and Reputational Risk.
Risk of financial loss or non-financial impact arising from inadequate or failed internal processes, people and systems, or from external events. Nomura Group's approach to operational risk management includes four core processes: operational risk event reporting, risk and control self assessment (RCSA), monitoring using key risk indicators (KRI), and scenario analysis. Managed operational risks are divided into the 10 categories below.
Compliance risk also includes conduct risk, which is the risk that the conduct of any member of Nomura Group deviates from the social norms and ethics required of a financial institution, and, as a result, adversely affects client protection and the soundness of the market.
|Compliance Risk||Risk of financial loss or reputational damage due to violations of financial services laws, rules or regulations, and improper conduct which disrupts the integrity of the financial markets and causes unfair client treatment.|
|Legal Risk||Risk of financial loss or reputational damage due to (i) ambiguity and/or insufficiency in contractual terms to secure Nomura's legal rights and/or enforceability of the contractual terms; (ii) failure to comply with applicable laws and regulations; and/or (iii) failure to adopt to changes in laws and regulations.|
|IT and Cyber Security||Risk of financial loss or reputational damage due to (i) poor performance or unavailability of IT systems; (ii) data corruption and/or; (iii) unauthorised or improper access to IT systems and data from within or outside the institution.|
|Business Resilience||Risk of financial loss or reputational damage due to inability to resume normal business operations during a business disruption event and damage to or unavailability of physical assets from natural disasters and other events.|
|Third-Party||Risk of financial loss or reputational damage due to failure of third-party to perform in line with expectations|
|Financial Reporting & Tax||Risk of financial loss or reputational damage due to material misstatement or omission in the firm's (i) external financial reporting, regulatory reporting or internal financial management reporting; and/or (ii) external tax reporting or payments.|
|People||Risk of financial loss, staff impact or reputational damage due to acts inconsistent with employment or health and safety laws or employment norms and agreements.|
|Transaction Lifecycle||Risk of financial loss or reputational damage due to failures in transaction processing and/or process management.|
|Prudential Risk Frameworks||Risk of financial loss or reputational damage due to inadequate prudential risk management frameworks.|
|Fraud||Risk of financial loss or reputational damage due to intent to defraud, misappropriate property or conduct unauthorized activity by an internal or third party.|
The possible damage to Nomura's reputation and associated risk to earnings, capital or liquidity arising from any association, action or inaction which could be perceived by stakeholders to be inappropriate, unethical or inconsistent with Nomura Group's values and corporate philosophy. All personnel must consider the impact of their actions or inactions on Nomura's reputation and apply high standards to their behavior as set out in the Nomura Group Code of Conduct.
Risk Management Governance and Oversight
Nomura has established an organizational structure to facilitate effective business operations and management of risks.
As of October 2022
Board Risk Committee
In order to ensure independence from the execution side, the Board Risk Committee, chaired by an outside director, assists the Board of Directors in supervising Nomura Group’s risk management and contributes to the sophistication of risk management. The Board Risk Committee provides consent for the Risk Appetite Statement and the key designs of the risk management framework, and oversees the outcomes of analysis and verification of the risk environment, the future forecasts of the risk environment, along with overseeing the status of execution of overall risk management and medium- to long-term risk strategies.
Executive Management Board
The Executive Management Board deliberates on and determines management strategies, the allocation of management resources, and important management matters for Nomura Group, and seeks to increase shareholder value by promoting the effective use of management resources and having a consensus regarding the execution of business. Key responsibilities of the Executive Management Board include approval of management resource allocation and limits, approval of business plans and budgets, and reporting to the Board of Directors.
Group Risk Management Committee
Upon delegation from the Executive Management Board, the Group Risk Management Committee deliberates on and determines important matters concerning Nomura Group’s enterprise risk management to contribute to the sound and smooth operation of businesses. As the decision-making body for risk management on the execution side, the Group Risk Management Committee develops a framework for integrated risk management consistent with the risk appetite, and conducts necessary deliberations on strengthening risk management systems based on reports from business divisions.