Vantec Risk Management Basic Policy

The Vantec group companies (the “group companies”) identify, assess, and control a wide variety of potential risks in the face of uncertainty, which may affect each entity’s operations as a going concern, recognize the importance of enterprise risk management, and continue to make progress in enhancing comprehensive risk management system.

Vantec categorizes its corporate risk into eight components that are defined as follows.

1. 1. Credit Risk
   Controls:
   To establish a credit lines policy for customers.
   To set a proper limit on each customer’s credit as well as quickly and accurately revise the limit in response to unexpected changes of its credit condition.
   Definitions:
   Risk of incurring financial losses derived from customers' default on its payment obligations due to bankruptcy, business failure, insufficient funding, or other reasons.
2. 2. Business Risk
   Controls:
   To periodically monitor return on investment (ROI) for each business project.
   Definitions:
   (1) Risk of investment on a new business project
   The risk of impairing its corporate value due to the investment decision which underestimates a required cost of capital.
   (2) Risk of deterioration of ROI of an on-going project
   The risk of damaging its corporate value that may arise from deterioration of a targeted ROI of this project resolved by the BODs’ meeting.
   (3) Risk of continuing a deficit business
   The risk of accumulating financial losses caused by continuing business deficits without setting any definite criteria for withdrawal.
3. 3. Compliance Risk
   Controls & definitions:
   See Compliance section.
4. 4. Operational Risk
   Controls:
   To ensure reliability and accuracy of financial reporting.
   Definitions:
   The risk of incurring financial losses caused by material events such as clerical errors, noncompliance of operational procedures, accidents, and employee frauds.
   (The category of risk recognition is limited in the scope of compiling financial  statements.)
5. 5. Legal Risk
   Controls:
   Signed contracts/agreements are strictly in control, and these drafts are routinely reviewed by legal staff of the compliance section. Reforms of existing laws and regulations related with corporate activities are occasionally monitored.
   Definitions:
   The risk of incurring economical losses as well as legal claims (or litigations ) from outside parties (including customers) due to the failure (or the delay) in setting out counter plans of the following each item:
   1) Investigation of enforcements and revisions of applicable laws and regulations, and control over and response to the compliance with the laws and regulations.
   2) Continuous legal check on contracts/agreements, and filings of the created documents as well as storage of their administrative data in the stage of completing these documents or responding to various legal actions.
   3) Proper responses to lawsuits filed by a contractual party or other parties and to inspections conducted by governmental/local authorities for investigating suspicious violations against applicable laws and regulations.
   4) Proper responses to the events that may arise from legal uncertainties.
6. 6. Natural Disaster Risk
   Controls:
   To prepare for natural disasters, including preparation and notification of disaster risk control manuals and an emergency communication route chart.
   Definitions:
   The risk of human, material, and economical losses due to natural disasters such as an earthquake, a volcanic eruption, a tsunami, a high tide, a typhoon, a cataract, an abnormal climate, a spread of the epidemic/ a pandemic/ an outbreak of unidentified illness, a biohazard, or any other natural phenomenon.
7. 7. Health and Safety Management Risk
   Controls:
   To continuously improve the health and safety management system, including education systems and monitoring systems for prevention of industrial accidents or traffic accidents caused by employees or subcontractors.
   Definitions :
   1) Safety risk
   The risk of incurring losses on the group companies due to accidents (automobile / freight / environment / finished car）occurred during the course of performing duties committed to fulfill contracts with customers or due to accidents occurred during workers’ commuting time. This risk may have unfavorable effects on the operations for providing services to customers.
   2) Health risk
   The risk of incurring losses on the group companies, due to industrial accidents, overworks, or inappropriate working environments. This risk may have unfavorable effects on the operations for providing services to customers.
8. 8. IT System Risk
   Controls:
   To prevent suspension of operations due to IT system failure or troubles. To take adequate steps for confidential corporate and personal information, protection of copyrights, illegal access, and computer virus.
   Definitions:
   (1) Risk of system failure
   The risk of incurring losses on our customers, business partners, or the group companies, due to delay or disorder in providing services to such parties caused by IT system failure in hardware, software, blackout, or network down.
   (2) Risk of IT system breakdown by natural disasters
   The risk of having a material negative impact on corporate activities due to destruction of a part of or the whole IT system caused by natural disasters such as an earthquake, fire, or flood. This risk leads to a long-time suspension of operations, or difficulties in maintaining proper functions of IT systems.
   (3) Risk of data leakage
   The risk of incurring material losses on customers, business partners, or the group companies due to damaged social credit caused by data leakage (whatever on purpose, by mistake, or by hacking from outside) of confidential corporate information, customer information, business partners’ information, or personal information.
   (4) Risk of unauthorized usage of licenses
   The risk of impairing corporate reputation due to the illegal usage of unauthorized copies, leading to lawsuits or announcements in public of the fact filed by license holders.
   (5) Risk of virus infection
   The risk of impairing corporate reputation due to the virus infection through e-mails or data storage media such as Web/USB, thereby causing data destruction, data leakage, and virus diffusion on customers.