Risk Management

As a provider of sophisticated financial services, Nomura Group recognizes that enhancing risk management is the most important management issue in helping to solve social issues and achieving sustainable growth. We are promoting group-wide efforts to enhance risk management, including promoting an appropriate risk culture among all people working in Nomura Group.

Basic Philosophy

Nomura Group requires all staff, regardless of their positions, to proactively engage in risk management. The risk management activities in Nomura Group are based on the following principles.

Risk Management

Nomura Group's business activities are exposed to various risks including market, credit, operational, and liquidity risks. To identify risks that could lead to significant losses, Nomura Group strives to understand the characteristics, impact, and likelihood of risks associated with daily operations and transactions. Furthermore, we recognize that, at present, unforeseen risks that have not been confirmed may already exist and we continue to implement various efforts, including cultivating a corporate culture where all staff face risks properly. Excess over Risk Appetite or limits can damage the soundness of Nomura Group and acts that hinder Nomura Group's risk management are addressed strictly, and may be reflected in personnel evaluations and may constitute grounds for disciplinary action.

The Three Lines of Defense in Risk Management

Nomura Group has adopted the following layered structure on the grounds that all employees are accountable for proactively managing risk.

Image: The Three Lines of Defense in Risk Management

First Line of Defense: Departments That Control Risk as Risk Owners

Departments involved in the first line of defense are responsible for complying with the risk management framework comprising the Risk Appetite Statement, company policies and procedures, as well as risk limits and other matters prescribed therein. In addition to complying with internal rules, they are responsible for appropriately managing risks in accordance with the Code of Conduct. Moreover, they develop systems to identify and manage risks by themselves by making appropriate use of the infrastructure, information, and analysis provided by the second line of defense.

Second Line of Defense: Departments That Monitor and Challenge Risk Management

Departments involved in the second line of defense develop a framework to appropriately manage risk and support the risk management activities of the first line of defense, monitor whether the business activities of the first line of defense are in line with the risk appetite, and report to the Board of Directors and management. In addition, they evaluate the risk management system developed by the first line from an independent position.

Third Line of Defense: Internal Audit

Departments of the third line of defense (Internal Audit) independently verify and evaluate the effectiveness of the first and second lines of defense respectively. The first line of defense manages risks appropriately in accordance with the Code of Conduct, the second line of defense supports the risk management activities and monitors the business activities of the first line of defense.

Risk Appetite

To promote integrated risk management, Nomura Group defines the types and levels of risks that are acceptable to achieve management strategies and business plans, taking into account constraints from regulatory capital, liquidity, business conditions and other factors, as Risk Appetite. Risk Appetite Statement, which documents that definition, is reviewed at least annually and is subject to the approval of the Executive Management Board and the consent of the Board Risk Committee. Risk Appetite is managed using various metrics. Nomura Group and all of its staff are responsible for conducting business in compliance with the Risk Appetite.

Categories for Which Risk Appetite is Established

Capital Adequacy and Liquidity Nomura Group defines the level of capital adequacy and sound liquidity as risk appetite, taking into account the regulatory requirements, funding capacity, and business environment.
Financial Risk Nomura Group allocates financial resources to each business in order to achieve corporate strategies and business plans, while remaining within the bounds of the risk appetite for capital adequacy and liquidity. Nomura Group defines the types and levels of financial risks that each business takes within its allocated resources as financial risk appetite.
In setting the financial risk appetite, Nomura Group classifies market and credit risks into segments according to the nature of business, and uses quantitative metrics or qualitative indicators as well as processes to capture these characteristics.
Non-Financial Risk Non-financial risks exist in daily activities and processes, and can result in a financial loss or significant adverse impact on Nomura Group, our clients and financial markets. It is therefore everyone's responsibility to manage non-financial risks in line with Nomura Group's risk appetite.

Financial Risk

Financial risk is the possibility of losses arising from Nomura Group's portfolio of financial instruments and financial transactions due to various factors. It consists of the following risks.
Nomura Group manages these risks by (1) setting limits, imposing risk charges, and limiting holdings; (2) managing the concentration risk of the obligor group and portfolio through individual review and approval processes; (3) determining the feasibility and terms of new transactions through individual deliberations; and (4) establishing a robust framework through requirements definition and process building.

Risk Category Definition
Mark to Market Risk Risk of incurring losses due to a change in the value of assets or liabilities resulting from movements in interest rates, currencies, and prices of stocks and other securities.
Market Liquidity Risk Risk that trading costs will increase due to the time taken to close positions, or that trading will become unfeasible due to rapid changes in the market.
Default Risk Risk of incurring losses when a counterparty or issuer fails to meet its obligations.
Event Risk Risks inherent in specific financial transactions, such as losses from events caused by discontinuous changes in the market. Events may or may not result from fluctuations in financial markets.
Model Risk Nomura Group uses models for valuation of financial instruments, for measurement of key risks including Value at Risk and counterparty exposure, for estimating liquidity, and for asset price verification.
Model uncertainty due to simplification, incorrect use of a model, or reduced model suitability in the current market environment can lead to financial losses and failure to satisfy regulatory requirements. This is called model risk.

Non-Financial Risk

Non-financial risk includes Operational Risk and Reputational Risk.

Operational Risk

Risk of financial loss or non-financial impact arising from inadequate or failed internal processes, people and systems, or from external events. Nomura Group's approach to operational risk management includes four core processes: operational risk event reporting, risk and control self assessment (RCSA), monitoring using key risk indicators (KRI), and scenario analysis. Managed operational risks are divided into the 10 categories below.
Compliance risk also includes conduct risk, which is the risk that the conduct of any member of Nomura Group deviates from the social norms and ethics required of a financial institution, and, as a result, adversely affects client protection and the soundness of the market.

Risk Category Definition
Compliance Risk Risk of financial loss or reputational damage due to violations of financial services laws, rules or regulations, and improper conduct which disrupts the integrity of the financial markets and causes unfair client treatment.
Legal Risk Risk of financial loss or reputational damage due to (i) ambiguity and/or insufficiency in contractual terms to secure Nomura's legal rights and/or enforceability of the contractual terms; (ii) failure to comply with applicable laws and regulations; and/or (iii) failure to adopt to changes in laws and regulations.
IT and Cyber Security Risk of financial loss or reputational damage due to (i) poor performance or unavailability of IT systems; (ii) data corruption and/or; (iii) unauthorised or improper access to IT systems and data from within or outside the institution.
Business Resilience Risk of financial loss or reputational damage due to inability to resume normal business operations during a business disruption event and damage to or unavailability of physical assets from natural disasters and other events.
Third-Party Risk of financial loss or reputational damage due to failure of third-party to perform in line with expectations
Financial Reporting & Tax Risk of financial loss or reputational damage due to material misstatement or omission in the firm's (i) external financial reporting, regulatory reporting or internal financial management reporting; and/or (ii) external tax reporting or payments.
People Risk of financial loss, staff impact or reputational damage due to acts inconsistent with employment or health and safety laws or employment norms and agreements.
Transaction Lifecycle Risk of financial loss or reputational damage due to failures in transaction processing and/or process management.
Prudential Risk Frameworks Risk of financial loss or reputational damage due to inadequate prudential risk management frameworks.
Fraud Risk of financial loss or reputational damage due to intent to defraud, misappropriate property or conduct unauthorized activity by an internal or third party.

Reputational Risk

The possible damage to Nomura's reputation and associated risk to earnings, capital or liquidity arising from any association, action or inaction which could be perceived by stakeholders to be inappropriate, unethical or inconsistent with Nomura Group's values and corporate philosophy. All personnel must consider the impact of their actions or inactions on Nomura's reputation and apply high standards to their behavior as set out in the Nomura Group Code of Conduct.

Risk Management Governance and Oversight

Nomura has established an organizational structure to facilitate effective business operations and management of risks.

As of September 2023

Image: Risk Management Governance and Oversight

Board Risk Committee

In order to ensure independence from the execution side, the Board Risk Committee, chaired by an outside director, assists the Board of Directors in supervising Nomura Group's risk management and contributes to the sophistication of risk management. The Board Risk Committee provides consent for the Risk Appetite Statement and the key designs of the risk management framework, and oversees the outcomes of analysis and verification of the risk environment, the future forecasts of the risk environment, along with overseeing the status of execution of overall risk management and medium- to long-term risk strategies.

Executive Management Board

The Executive Management Board deliberates on and determines management strategies, the allocation of management resources, and important management matters for Nomura Group, and seeks to increase shareholder value by promoting the effective use of management resources and having a consensus regarding the execution of business. Key responsibilities of the Executive Management Board include approval of management resource allocation and limits, approval of business plans and budgets, and reporting to the Board of Directors.

Group Risk Management Committee

Upon delegation from the Executive Management Board, the Group Risk Management Committee deliberates on and determines important matters concerning Nomura Group's enterprise risk management to contribute to the sound and smooth operation of businesses. As the decision-making body for risk management on the execution side, the Group Risk Management Committee develops a framework for integrated risk management consistent with the risk appetite, and conducts necessary deliberations on strengthening risk management systems based on reports from business divisions.

Connecting Markets East & West