Robust Risk Management (Promotion of BCM)
The JAL Group recognizes that trust from society is a managerial resource for aviation infrastructure, where safety is the basic foundation of business continuity. To protect and enhance that trust, we conduct comprehensive risk management of our business activities to achieve stable management of the entire Group and promote activities to fulfill our corporate social responsibility. Even at Group companies which are not directly involved in air transport, we are coordinating within the Group to enhance the risk mindset and risk practices of all employees. Specifically, we have a standardized Risk Management Manual for the JAL Group, based on JAL Group Basic Policies on Risk Management, to control risks in order to achieve our management goals. Organization leaders bear responsibility for risk management. Risk is defined as "events or behaviors which threaten the achievement of the missions, goals, or targets of individuals or organizations," and is classified into two types: operational risks and business risks. Priority risks are selected from among the risks confronting each organization with reference to risk assessment criteria, and dealt with by effectively allocating resources. All priority risks of the JAL Group are aggregated, and critical risks are identified and treated intensively.
|Operational risks||Risks which directly bring about delay, suspension, or stoppage of products and services provided, accidents, or quality or safety problems in the air transport business|
|Business risks||Other risks excluding operational risks|
Risk Management Cycle
After classifying risks based on four characteristics (repeated, sporadic, external factor, internal factor), a risk map is prepared by evaluating risk probability and severity in each category.
Risk Management System
Group Risk Management Council
This Council is chaired by the President, and primarily comprises responsible General Managers of frontline divisions. The Council comprehensively manages operational risks and business risks to stabilize Group management. It also functions as a venue for providing progress reports, sharing information and making decisions on various matters, such as establishment of JAL Group Basic Policies on Risk Management, regular risk assessments, implementation of measures when risks eventuate, and risk auditing.
Risk Management Committee
Operating under the Group Risk Management Council, the committee is chaired by the General Manager of General Affairs and comprises General Managers of relevant divisions. Its role is to conduct administrative work in support of the Group Risk Management Council, including any preparations that will contribute to making and executing decisions.
The committee also serves as the committee for personal information and information security, comprising General Managers of relevant divisions and chaired by the General Managers of the General Affairs and the IT Planning. The committee continuously looks at ways to strengthen information management.
Financial Risk Committee
This committee is chaired by the General Manager of Finance and Accounting and comprises the President, Executive Vice President and General Managers of relevant divisions. The committee identifies financial risks appropriately and strives to facilitate improvements in corporate management. Specifically, it conducts regular simulations of financial conditions and checks the content.
In case of a risk event which the committee determines will have a serious, quantifiable impact on the Group’s business performance, such as a major financial crisis or large-scale disaster, it will calculate the estimated financial impact and deal with the risk jointly with the Risk Management Council, as necessary.
Group Safety Enhancement Council
This council is chaired by the President of Japan Airlines and comprises officers and presidents of Group airlines appointed by the general safety manager and Chair. The role of the committee is to ensure safety of the entire Group and promote safety management by establishing important policies on safety management, clarifying the status of corporate activities, and reviewing organizations, systems and measures, as necessary.
Group Operational Safety Promotion Committee
Operating under the Group Safety Enhancement Council, the committee maintains and strengthens collaborative, safety measures among departments, divisions and Group airlines with the aim of enhancing overall air transport safety of the Group. The committee comprises the General Manager of JAL Corporate Safety and Security (Chair), General Manager of safety management at JAL appointed by the Chair, and the general safety manager or responsible officer of safety of each Group airline.
Information Security Measures
The JAL Group fell victim to a data security breach in 2014. Hackers attacked JAL Mileage Bank systems and gained illegal access to the customer information management system. We deeply regret the inconvenience and concern caused to customers and all those affected by this incident. In response, we are strengthening information security as a top priority issue and taking steps to prevent recurrence. These steps include creating up a JAL Group Handbook on Protecting Personal Information, and revising information handling categories to strictly distinguish between customer information and other information and thereby ensure proper management. The Risk Management Committee also plays the role of a committee for personal information protection and IT security in order to reduce those risks. A robust system has been established to detect and monitor increasingly sophisticated and complex cyberattacks, and preventive measures will be continuously upgraded to the highest level.
Crisis Management System
When risks (operational risks) associated with aviation safety, aviation security and other issues related to the air transport business eventuate, or are suspected or confirmed, they are reported quickly (within 15 minutes as a general guideline) to Integrated Operations Control (IOC). In JAL Group, the person responsible for determining the level of risk decides the applicable risk management level (from Level I to Level III) according to the situation and risk response is implemented. Exercises, reviews, education, and training are conducted regularly for each type of disaster or purpose in order to increase risk management awareness of every employee.
|Level Ⅰ Response by the person responsible for handling the risk||
・The responsible person (leader of organization where the risk has eventuated) responds by assembling people deemed necessary.
・The responsible person advises the person responsible for determining the level of risk to shift to Level Ⅱ or Ⅲ according to the severity of the situation.
|Level Ⅱ Response by special committee||・A committee is formed by Vice Presidents of main departments with Vice President of General Affairs as Secretariat and risk response is implemented. Vice President of General Affairs advises the person responsible for determining the risk level to shift to Level Ⅲ or Ⅰ according to the situation.|
|Level Ⅲ Response by Command Office||・A Head Office Command Office chaired by the President (or Executive Vice President) is set up and normal operations quickly shift to the crisis management system.|
Business Continuity Plan (BCP)
To respond to specific risks that threaten our ability to fulfill our responsibilities as a public transport service provider such as pandemic influenza, unidentified infectious diseases or earthquakes, we have established a business continuity plan (BCP) that enables us to continue business effectively in a contingency based on guidelines established in collaboration with regulatory bodies and other relevant institutions. The BCP covers basic matters such as policies and procedures necessary to ensure the safety of customers, JAL Group staff and their families, and other affected persons, and to maintain air transport operations essential to the Group, including reservations, information provision, payments, and settlements. The plan is reviewed regularly and revised as required to improve its application.
During the outbreak of Ebola hemorrhagic fever in West Africa in 2014, we activated our BCP regarding responses to pandemic influenza or unidentified infectious diseases. We coordinated our actions with relevant government bodies, developed necessary systems and added the Policy for Handling the Ebola Virus Disease (International Flights) to our BCP. The same BCP was activated on January 21, 2020 for the COVID-19 outbreak, and is continuing at present.
In fiscal 2018, we reviewed regulations related to earthquakes and expanded our strategies and BCP to include, in particular, a potential earthquake striking Tokyo.
In fiscal 2019, we updated the JAL Group Risk Management Manual, including the establishment of regulations on business continuity management as the basis of each BCP. Japan Airlines Co., Ltd. was certified on November 30, 2019 as an Organization Contributing to National Resilience (Resilience Certification) by the Resilience Japan Promotion Council. On March 30, 2020, we received an A rating for BCM (special interest rate II) from the Development Bank of Japan.