Robust Risk Management (strengthening BCM)

The JAL Group defines risk as an event or action that interferes with the achievement of an organization's mission, objectives and goals. We have established a company-wide risk management system and have selected priority risks in order to achieve sustainable growth and create social and corporate value through our business, as well as to minimize the damage caused when risks occur, and to achieve early resolution and recovery. To foster a risk culture, JAL Group conducts online risk management education for all employees and risk management training specifically targeted at organizational management positions.

In the development of products and services at the JAL Group, such as new aircraft cabin supplies and inflight meal options, various risks including financial risks, regulatory risks, and operational risks are taken into consideration when making decisions.

We will strengthen our business continuity management (BCM) for unknown viral infections, large-scale IT failures, and the anticipated Tokyo Metropolitan Earthquake. In addition, we will strengthen information security measures, including cybersecurity measures

The JAL Group defines risk as "any event or action that threatens the achievement of the mission, objectives, or goals of an individual or organization," thereby requiring all organization heads to manage risk as risk managers. For preventive risk management, risk managers conduct risk assessments twice a year, identify priority risks, and implement risk responses. Priority risks are reassessed by a specialized organization responsible for risk, and the risk responses are reinforced through workshop-style control self-assessments, and risk consulting is provided as necessary.

After classifying risks based on four characteristics (repeated, sporadic, external factor, internal factor), a risk map is prepared by evaluating risk probability and severity in each category.
Please seeBusiness risksfor details and handlings of each risk.

Please see Emerging RisksPDF that we identify with the most significant impact on the business in the future.

The Group Risk Management Council, chaired by the President, has been established under the supervision of the General Affairs Department Executive Officer, who is in charge of the Risk Management Department　to comprehensively manage the risks of the JAL Group　and stabilize management.　The council deliberates on the basic policy of risk management, response measures for priority risks identified through risk assessment and evaluation, and business continuity management (BCM), among other topics.
In our company, to clarify the responsibility for risks and each function and to exercise a mutual restraining function, we have defined the first, second, and third lines of defense according to this concept. The first line consists of group companies and business divisions that have direct management responsibility for risks. The second line includes the head office management departments that support and guide the business divisions. The third line is the audit department, which evaluates the work of the first and second lines, ensures its appropriateness, and provides necessary advice, with clear definitions in terms of business responsibilities.
Under this organizational structure, the risk management department is responsible for overall risk management under the supervision and leadership of the Group Risk Management Council and the Board of Directors. It conducts control risk assessments and risk consulting for high-priority risks in the first and second lines.
Furthermore, under the Group Risk Management Council, committees specializing in financial risk and information security risk have been established to provide more detailed and frequent responses. The responses to priority risks decided in the meeting are reported to the Board of Directors, where further measures are discussed as necessary, thus constructing a multi-layered risk governance structure.

Additionally, risks related to aviation safety are deliberated in the Group Safety Enhancement Council, and risks related to overall sustainability (such as environmental and human rights issues) are discussed in the Sustainability Promotion Council. The outcomes of these discussions are reported to the Board of Directors.

This Council is chaired by the President, and primarily comprises responsible General Managers of frontline divisions. The Council comprehensively manages operational risks and business risks to stabilize Group management. It also functions as a venue for providing progress reports, sharing information and making decisions on various matters, such as establishment of JAL Group Basic Policies on Risk Management, regular risk assessments, implementation of measures when risks eventuate, and risk auditing.

Operating under the Group Risk Management Council, the committee is chaired by the General Manager of General Affairs and comprises General Managers of relevant divisions. Its role is to conduct administrative work in support of the Group Risk Management Council, including any preparations that will contribute to making and executing decisions.
The committee also serves as the committee for personal information and information security, comprising General Managers of relevant divisions and chaired by the General Managers of the General Affairs and the IT Planning. The committee continuously looks at ways to strengthen information management.

This committee is chaired by the General Manager of Finance and Accounting and comprises the President, Executive Vice President and General Managers of relevant divisions. The committee identifies financial risks appropriately and strives to facilitate improvements in corporate management. Specifically, it conducts regular simulations of financial conditions and checks the content.
In case of a risk event which the committee determines will have a serious, quantifiable impact on the Group’s business performance, such as a major financial crisis or large-scale disaster, it will calculate the estimated financial impact and deal with the risk jointly with the Risk Management Council, as necessary.

This council is chaired by the President of Japan Airlines and comprises officers and presidents of Group airlines appointed by the general safety manager and Chair. The role of the committee is to ensure safety of the entire Group and promote safety management by establishing important policies on safety management, clarifying the status of corporate activities, and reviewing organizations, systems and measures, as necessary.

Operating under the Group Safety Enhancement Council, the committee maintains and strengthens collaborative, safety measures among departments, divisions and Group airlines with the aim of enhancing overall air transport safety of the Group. The committee comprises the General Manager of JAL Corporate Safety and Security (Chair), General Manager of safety management at JAL appointed by the Chair, and the general safety manager or responsible officer of safety of each Group airline.

In order to fulfill our mission as a public transportation system that plays a role in social infrastructure, we are promoting BCM and building a system that enables us to carry out operations appropriately in times of emergency.
In the event of an unknown viral infection, major IT failure, or an earthquake directly beneath Tokyo, we have established individual BCPs to protect the safety of our customers, employees, family members, and related personnel.
We have also established basic policies and systems necessary for the continuation of the JAL Group's important air transport services, including reservation and information services, and payment and settlement services.
In order to continue to improve the effectiveness and effectiveness of the BCP, we conduct regular training, utilizing the knowledge of external experts, and revise the BCP from time to time.
The JAL Group's business continuity capabilities have been highly evaluated by rating agencies.

In March 2020, we received a DBJ BCM rated loan from the Development Bank of Japan (DBJ), and the rating results commended Japan Airlines for "particularly advanced business continuity initiatives."

When risks (operational risks) associated with aviation safety, aviation security and other issues related to the air transport business eventuate, or are suspected or confirmed, they are reported quickly (within 15 minutes as a general guideline) to Integrated Operations Control (IOC). In JAL Group, the person responsible for determining the level of risk decides the applicable risk management level (from Level I to Level III) according to the situation and risk response is implemented. Exercises, reviews, education, and training are conducted regularly for each type of disaster or purpose in order to increase risk management awareness of every employee.

In light of the importance of information security in the advanced information and telecommunications society, we are working to strengthen the JAL Group's information security.