The following is a supplement to the MS & AD Insurance Group's sustainability approach.

Subject period:

FY2021 (April 1, 2021 - March 31, 2022)

Corporate Governance

Supplement to the performance-based remuneration for directors

See "Corporate Governance" for an overview of the system.

1.Share of the CEO's short-term incentive

  • Performance-linked remuneration shall be linked with the business performance of the company and determined based on financial(*1) and non-financial(*2) indicators.The standard ratio between financial and non-financial indicators used in the calculation of performance-linked remuneration shall be50:50.
  • The stock-based remuneration components of performance-linked remuneration shall be calculated as follows, based on standard amounts for each position

     Standard amount per position × business performance coefficient

     (financial indicators × 20% + non-financial indicators × 80%)

  • The standard ratios of the components of compensation for the President and Director are as follows:

    <Breakdown of 25% of Stock-based remuneration>

    The ratio of financial indicators (indicators reflecting single fiscal year performance) is

    25% × 20% = 5%.

    The ratio of non-financial indicators (indicators to reflect medium- to long-term performance

    contributions) is 25% × 80% = 20%.

(*1)Financial indicators are indicators that are used to reflect business performance in a single fiscal year in officer remuneration.

(*2)Non-financial indicators are indicators that are used to reflect initiatives contributing to medium- to long-term business performance in officer remuneration.

2.Performance Period for Variable CEO Compensation

  • Performance-linked remuneration shall be linked with the business performance of the company and determined based on financial and non-financial indicators.
  • Financial and non-financial indicators have been selected after taking into consideration the Group’s Medium-Term Management Plan(FY2022-2025), which began in fiscal 2022 and will end in fiscal 2025 for a period of 4 years.

 

3.Claw back Clause

  • We have a claw back clause in place. (click here)

Management Ownership

Ratio of the amount converted into the fair value of shares to the amount of consolidated fixed remuneration of a person whose total amount of consolidated remuneration in fiscal 2021 is 100 million yen or more.

Name(s) Position Fixed remuneration
(million yen)		 Shares of the Company owned(*) Value equivalent to Market Value of the shares held / fixed compensation
Number of shares of
the Company owned		 Fair value(*)
(million yen)
Yasuyoshi Karasawa Director 61 46,046 183 3.17
Yasuzo Kanasugi Director 64 53,691 214
Noriyuki Hara Director,
President&CEO		 66 45,246 180 2.73

(*) March 31,2022 end-of-day basis

Risk Management

Impact of Significant Risks and Mitigation Measures

Massive Cyberattack

One of the important risks for our group is the risk of information systems being shut down, malfunctioning or used illegally, or information being leaked due to unauthorized access by cyber attacks or deficiencies in information systems. While cyber attacks themselves are a risk that can occur in the present, .we recognize it is increasing in light of recent geopolitical risks. Our Group makes every effort to improve information technology risk management system but  in the event of a cyber attack, large-scale information system outages, malfunction or unauthorized use, and information leaks may occur. The Group also underwrites insurance to compensate for cyber risk, and in the event of a cyber- attack, the Group makes claims payments. Therefore, we recognize that this risk is equally important for MS&AD as (1) a listed company and (2) an insurer.In addition, medium- to long-term risks are expected to steadily increase due to factors as  below.
・With the progress of DX and the steady use of cloud computing and remote work, the systematization domain of an organization becomes complex and the boundary with the Internet becomes ambiguous.
・The organization connected as supply chain due to the globalization of business expands significantly
・Digitization will spread at an accelerated pace through new technologies such as AI and quantum technologies.
As the scope of risks expands and becomes complex, damage to our company system and damage to customers insured by our company may become significant.

 

Impact

The impact of this risk on our Group can be summarized in accordance with the above two aspects.

(1)As a listed company:

  • Should this risk materialize, it will not only have the economic impact of an enormous cost input, such as investigation of the cause and impact by a specialized company, customer response, and provision of additional security measures, but it will also have a major impact of a decline in reputation/trust. In addition, the restoration of reputation is expected to take a long time over the medium to long term, and the Group's business performance is expected to be negatively affected by a decline in insurance premiums.

(2) As an insurer:

  • In order to respond to the progress of IT utilization and diffusion in enterprises, the Group sells insurance to compensate for cyber risk as one of its main products. However, in the event of frequent cyber attacks, there is a possibility that many insurance claims will be paid, which could have a large economic impact on the Group. The Group conducts stress tests on the assumption that a large amount of insurance claims will be paid in the event of a cyberattack, in order to confirm the amount of insurance claims paid and the amount of impact on the capital buffer(*1) in the event of stress.

(*1) Market value net assets minus the integrated risk amount.

Mitigation

measure

(1)As a listed company:

In order to respond to cyberattacks, multiple layers of defense are implemented, including "entry measures" to prevent unauthorized intrusion, "exit measures" to prevent information leakage, and "internal measures" such as detecting unauthorized viruses and behavior within the Group. At the same time, in light of the fact that the boundary between the organization and the Internet has become blurred due to the use of the cloud and the regularization of remote work, the introduction and examination of security measures are being promoted based on the concept of zero trust. Information on cyberattacks (mass suspicious emails, DDoS attacks, unauthorized access, etc.) on Group companies and other companies is grasped in a timely manner, and the impact on Group companies and the status of responses are confirmed. Technical measures are implemented, such as the introduction of various latest services and products for countermeasures as needed. Personnel and organizational measures are also being implemented, including employee education and training, and drills to prepare for possible attacks. In addition, an organization specializing in security (MS&AD-CSIRT(*2)) has been established to collect information on vulnerabilities in information systems and to coordinate information among Group companies.In addition to the above, the status of security measures is regularly checked by Group companies, including overseas bases, using the Group's common index to continuously maintain and improve the security level of the Group. From a medium- to long-term perspective, we are studying to prepare for the expansion of risks associated with the development of new technologies, such as the establishment of an AI governance system and participation in the Quantum Technology Study Group.
(2)As an insurer:
The Group aims to provide one-stop support for the establishment of a system to prevent cyber risks in multifaceted ways and evaluation of the risks held by companies from the viewpoints of preventing damage, minimizing damage, and quickly recovering from damage, etc., while informing customers on cyber risks. The Group provides menus corresponding to the phases of "development of a management system" such as training on cyber security and establishment of the CSIRT system, "defense and detection" such as system diagnosis and log monitoring, and "response and recovery" in cooperation with cybersecurity specialized companies.
(*2) Computer Security Incident Response Team: a team specialized in information security

 

Please refer to ERM and Risk Management for other important risks.

Contribute to Climate Change Mitigation and Adaptation

TCFD Scenario Analysis

Scenario Analysis has been updated in August 2022 in our TCFD disclosure (link below).

■Scenario Analysis excerpt

  Business area Contents Result Examples Scenario used
Physical Risk Insurance Underwriting Fluctuation in  loss paid by typhoon and storm surge in Japan

Typhoon  2050
Effects of change                            +5 to +50%
Effects of changing frequency

of occurrence                               -30 to +28%

 RCP4.5
RCP8.5
Transition Risk Investment Impact on investee companies by carbon costs EBIT at Risk   
Equity    2030
Low Carbon Price Scenario:             4.66%
Medium Carbon Price Scenario:        9.23%
High Carbon Price Scenario:            20.29%		 Developed by Trucost referring to Nationally determined contributions (NDCs), OECD and IEA.