Robust Risk Management (strengthening BCM)
Basic Concept
The JAL Group defines risk as an event or action that interferes with the achievement of an organization's mission, objectives and goals. We have established a company-wide risk management system and have selected priority risks in order to achieve sustainable growth and create social and corporate value through our business, as well as to minimize the damage caused when risks occur, and to achieve early resolution and recovery. To foster a risk culture, JAL Group conducts online risk management education for all employees and risk management training specifically targeted at organizational management positions.
We will strengthen our business continuity management (BCM) for unknown viral infections, large-scale IT failures, and the anticipated Tokyo Metropolitan Earthquake. In addition, we will strengthen information security measures, including cybersecurity measures
Risk Categories
Risk Management Cycle
The JAL Group defines risk as "any event or action that threatens the achievement of the mission, objectives, or goals of an individual or organization," thereby requiring all organization heads to manage risk as risk managers. For preventive risk management, risk managers conduct risk assessments twice a year, identify priority risks, and implement risk responses. Priority risks are reassessed by a specialized organization responsible for risk, and the risk responses are reinforced through workshop-style control self-assessments, and risk consulting is provided as necessary.
Risk Map
After classifying risks based on four characteristics (repeated, sporadic,
external factor, internal factor), a risk map is prepared by evaluating risk
probability and severity in each category.
Please seeBusiness risksfor details and handlings of each risk.
Please see Emerging RisksPDF that we identify with the most significant impact on the business in the future.
Risk Management System
The Group Risk Management Council, chaired by the President, has been established under the supervision of the General Affairs Department Executive Officer, who is in charge of the Risk Management Department to comprehensively manage the risks of the JAL Group and stabilize management. The council deliberates on the basic policy of risk management, response measures for priority risks identified through risk assessment and evaluation, and business continuity management (BCM), among other topics.
In our company, to clarify the responsibility for risks and each function and to exercise a mutual restraining function, we have defined the first, second, and third lines of defense according to this concept. The first line consists of group companies and business divisions that have direct management responsibility for risks. The second line includes the head office management departments that support and guide the business divisions. The third line is the audit department, which evaluates the work of the first and second lines, ensures its appropriateness, and provides necessary advice, with clear definitions in terms of business responsibilities.
Under this organizational structure, the risk management department is responsible for overall risk management under the supervision and leadership of the Group Risk Management Council and the Board of Directors. It conducts control risk assessments and risk consulting for high-priority risks in the first and second lines.
Furthermore, under the Group Risk Management Council, committees specializing in financial risk and information security risk have been established to provide more detailed and frequent responses. The responses to priority risks decided in the meeting are reported to the Board of Directors, where further measures are discussed as necessary, thus constructing a multi-layered risk governance structure.
Additionally, risks related to aviation safety are deliberated in the Group Safety Enhancement Council, and risks related to overall sustainability (such as environmental and human rights issues) are discussed in the Sustainability Promotion Council. The outcomes of these discussions are reported to the Board of Directors.
Group Risk Management Council
This Council is chaired by the President, and primarily comprises responsible General Managers of frontline divisions. The Council comprehensively manages operational risks and business risks to stabilize Group management. It also functions as a venue for providing progress reports, sharing information and making decisions on various matters, such as establishment of JAL Group Basic Policies on Risk Management, regular risk assessments, implementation of measures when risks eventuate, and risk auditing.
Risk Management Committee
Operating under the Group Risk Management Council, the committee is chaired by the General Manager of General Affairs and comprises General Managers of relevant divisions. Its role is to conduct administrative work in support of the Group Risk Management Council, including any preparations that will contribute to making and executing decisions.
The committee also serves as the committee for personal information and information security, comprising General
Managers of relevant divisions and chaired by the General Managers of the General Affairs and the IT Planning.
The committee continuously looks at ways to strengthen information management.
Financial Risk Committee
This committee is chaired by the General Manager of Finance and Accounting and comprises the President, Executive Vice President and General Managers of relevant divisions. The committee identifies financial risks appropriately and strives to facilitate improvements in corporate management. Specifically, it conducts regular simulations of financial conditions and checks the content.
In case of a risk event which the committee determines will have a serious, quantifiable impact on the Group’s business performance, such as a major financial crisis or large-scale disaster, it will calculate the estimated financial impact and deal with the risk jointly with the Risk Management Council, as necessary.
Group Safety Enhancement Council
This council is chaired by the President of Japan Airlines and comprises officers and presidents of Group airlines appointed by the general safety manager and Chair. The role of the committee is to ensure safety of the entire Group and promote safety management by establishing important policies on safety management, clarifying the status of corporate activities, and reviewing organizations, systems and measures, as necessary.
Group Operational Safety Promotion Committee
Operating under the Group Safety Enhancement Council, the committee maintains and strengthens collaborative, safety measures among departments, divisions and Group airlines with the aim of enhancing overall air transport safety of the Group. The committee comprises the General Manager of JAL Corporate Safety and Security (Chair), General Manager of safety management at JAL appointed by the Chair, and the general safety manager or responsible officer of safety of each Group airline.
Enhancement of BCM (Business Continuity Management)
In order to fulfill our mission as a public transportation system that plays a role in social infrastructure, we are promoting BCM and building a system that enables us to carry out operations appropriately in times of emergency.
In the event of an unknown viral infection, major IT failure, or an earthquake directly beneath Tokyo, we have established individual BCPs to protect the safety of our customers, employees, family members, and related personnel.
We have also established basic policies and systems necessary for the continuation of the JAL Group's important air transport services, including reservation and information services, and payment and settlement services.
In order to continue to improve the effectiveness and effectiveness of the BCP, we conduct regular training, utilizing the knowledge of external experts, and revise the BCP from time to time.
The JAL Group's business continuity capabilities have been highly evaluated by rating agencies.
Crisis Management System
When risks (operational risks) associated with aviation safety, aviation security and other issues related to the air transport business eventuate, or are suspected or confirmed, they are reported quickly (within 15 minutes as a general guideline) to Integrated Operations Control (IOC). In JAL Group, the person responsible for determining the level of risk decides the applicable risk management level (from Level I to Level III) according to the situation and risk response is implemented. Exercises, reviews, education, and training are conducted regularly for each type of disaster or purpose in order to increase risk management awareness of every employee.
Information Security Measures
In light of the importance of information security in the advanced information and telecommunications society, we are working to strengthen the JAL Group's information security.