The primary goal of our business operations is to fulfill our social responsibilities to all of our stakeholders, including our direct customers, shareholders, employees, trading partners, bondholders, and local communities. In order to achieve this goal, we will strengthen our management capabilities and build a corporate governance system designed to accelerate decision making, ensure proper execution of business, and increase efficiency and transparency.
Management Decision Making, Execution, and Oversight of Business
LIFULL is a company with an Audit & Supervisory Board. Also, the Company has established a corporate officer system to enhance the soundness and efficiency of management by separating management and executive functions.
In principle, the Board of Directors convenes once per month and, in addition to carrying out decision making on basic policies and other important matters, supervises the execution of business by the managing officers in line with said decisions. In addition, a management committee consisting mainly of the Company’s full-time directors and managing officers convenes each week to make proposals to the Board of Directors on matters related to strategic decision making and deliberate in advance decisions to be made by the Board of Directors.
All Audit & Supervisory d Board members attend the monthly Board of Directors meetings and full-time Audit & Supervisory Board members attend management committee meetings and other important meetings and generally supervise the execution of business by directors. In addition, in principle, a meeting of the Audit & Supervisory Board is convened once per month wherein Audit & Supervisory Board members exchange opinions on issues discussed at the meeting of the Board of Directors and the status of the Company’s management, draw up auditing plans including auditing policies, and determine important matters related to auditing. Owing to strengthened cooperation between directors and Audit & Supervisory Board members, under the current system, the Audit & Supervisory Board members play an effective role in the Company’s decision making process.
Corporate Governance System
Remuneration of Directors and Audit & Supervisory Board Members
Remuneration of directors is comprised of fixed remuneration and performance-linked remuneration. The target remuneration level is equal to the total of fixed remuneration and performance-linked remuneration and the higher a director’s position in the rank, the greater the performance-linked portion of his/her target remuneration. In order to increase the incentive of performance-linked remuneration, the amount calculated based on performance evaluation is paid as remuneration to the director in the following fiscal year. Performance-linked remuneration includes both monetary and non-monetary remuneration.
In order to ensure the fairness and impartiality of Audit & Supervisory Board members, as Audit & Supervisory Board members are responsible for auditing the business execution of the entire Group, remuneration of Audit & Supervisory Board members consists solely of fixed remuneration and the amount of remuneration for the position of each Audit & Supervisory Board members is decided by the Audit & Supervisory Board.
Risk Management System
The Company has established a Risk Management Committee chaired by the representative director and a risk management system has been established wherein all risks that could have a significant impact on the Group are centrally managed. In order to ensure that the Company maintains a sound financial position and achieves higher earnings stability by streamlining our operations, we have also established a department specializing in the maintenance of internal control systems and we have established a system to check and improve the maintenance of internal regulations and the status of operations. Also, we have established a system to prevent risks related to irrecoverable debts and illegal transactions in order by strengthen the checking system employed by the legal department, supplier audit department, and in purchasing operations.
Risk Management System
Independence Standards for Outside Directors and Outside Audit & Supervisory Board Members
The Company has established the following selection criteria for outside directors in order to enable it to select highly independent outside directors. However, if the Board of Directors reasonably determines that a candidate is suitable for the post of outside director, the criteria set out in this policy cannot exclude the candidate from being selected. However, a candidate selected in this manner cannot be appointed as an independent director.
If none of the following attributes applies to an outside director or outside member of the Audit & Supervisory Board, the Company judges that such person is independent from the Company.
a. A person who executes business on behalf of the Company or its affiliated companies*1
b. A person who has an important business relationship with the Company*2 or who executes business on behalf of such a person*1
c. A person who is a major shareholder (directly or indirectly holding 10% or more of the voting rights) of the Company or who executes business on behalf of such a person
d. A person who executes business on behalf of a major investor (directly or indirectly holding 10% or more of the voting rights) of the Company or its affiliated companies
e. A consultant, an accounting expert, or a legal expert who receives a considerable amount of cash or other assets*3 other than remunerations as a director of the Company or its affiliated companies (when a party who receives such assets is an organization, such as a corporation or an association, this shall refer to a person who is associated with that organization)
f. A person to whom an y of (a) to (e) above have applied in the past three years
g. A person who is a close r elative of a person to whom an y of (a) to (e) above apply*4
＊1 A person who executes business on behalf of the Company or its affiliated companies includes directors (other than outside directors), executives, and corporate officers and employees, etc.
＊2 “A person who has an important business relationship” as defined in Article 2, Paragraph 3, Item 19 of the Ordinance for Enforcement of the Companies Act
＊3 “a considerable amount of cash or other as sets” is defined as cash or other assets of ¥10 million or more received in the previous fiscal year other than those received as remuneration as a corporate officer
＊4 “a close relative” is defined as relatives and those sharing a means of livelihood
Information Security Policy
The LIFULL Group, as an information service provider, aims at secure maintenance and utilization of information received from customers and information in Group companies, and sets forth a policy on information security to give customers a feeling of safety and reliability.
In addition, based on this policy, we have adopted rules to ensure information security, educate employees, and make every effort to appropriately manage all types of information.
Activities to Enhance Information Security
Information security management structure
The LIFULL Group ISMS structure is based on information security literate employees who continuously protect all information assets and information systems related to the business of the company in their daily activities according to the information security policy.
The LIFULL Group has created the Confidential Information Management Committee as the decision-making body on information security for the Group. The Committee consists of a chairperson, members, and secretaries. The Committee regularly deliberates and approves general information security matters, together with the persons in charge of information system management. Heads of departments are the managers of information and information systems in their respective departments, and are responsible for their management. In addition, managers audit whether the ISMS structure and operations are working properly and effectively for them and take steps to maintain and improve information security.
Acquisition of ISMS (Information Security Management System) certifications
LIFULL Co., Ltd. and a number of its subsidiaries have undergone third-party inspections of all business and acquired certifications based on the international standard ISO/IEC 27001 and domestic standard JIS Q 27001 for information security management systems since 2006. Domestic group companies observe the information security rules of LIFULL Co., Ltd. and perform information security according to the same management system.
Integration of CSIRT and affiliation with the Nippon CSIRT Association
The LIFULL Group had been operating according to the ISO 27001 before the integration of CSIRT. With more complicated and sophisticated cyberattacks, the Group has recognized the need to set up a system on the premise that incidents would occur and integrated CSIRT as a support system to respond to security incidents. In October 2018, LIFULL-CSIRT, the CSIRT of the LIFULL Group, was established and was affiliated with and registered with the Nippon CSIRT Association. We will continue our efforts to improve cyber security and prevent security incidents throughout the LIFULL Group.
Going forward, we will build a system of close collaboration, not only with organizations in the group, but also with other companies, to enhance security measures. In addition, when an incident occurs, we will take steps to resolve it while minimizing damage.
*1: CSIRT (Computer Security Incident Response Team) is a generic name of an organization that responds to incidents (accidents and emergencies) involving computer security. It collects and analyzes incident information, vulnerability information, and attack predicting information at any time; creates response policies and procedures; and performs other activities.