Risk Management

Preserve Corporate Value through Safe and Reliable Business Operations

Basic Approach

As the ANA Group has a wide range of business activity that is focused on air transportation, we may be affected by various changes in the business environment.
The ANA Group implements risk management from two perspectives: risk management and crisis response. For our risk management activities, we conduct regular risk analyses within the organization, and update measures based on the results of the analyses. We also establish basic systems and procedures for responding to emergencies and conduct regular drills to prepare for such emergencies. We are building and operating a system to minimize the impact on our business and prevent recurrences by responding accurately to crises in a timely manner.

Operating Risks PDF Opens in a new window.In the case of an external site,it may or may not meet accessibility guidelines.

Risk Prevention

Each Group company implements independent risk management activities (identifying risks, analyzing and evaluating these risks, planning and implementing countermeasures, and monitoring the results). The Group companies monitor and evaluate progress, effectiveness, and level of achievement of the measures taken with respect to significant risks identified in each organization. The ANA Group's General Administration Department takes the lead in implementing measures to address issues faced by the Group, and the Group ESG Management Promotion Committee monitors progress.

Total Risk Management (TRM) requires the establishment of a comprehensive PDCA process (TRM cycle) that goes beyond individual risk management processes as 'Risk Information Extraction' → 'Risk Assessment' → 'Risk Control (Mitigation/Avoidance/Transfer/Acceptance)' → 'Risk Review'. This TRM cycle aims to integrate and manage individual risk management activities across the entire organization in a systematic, effective, efficient, and continuous manner to improve the likelihood of achieving organizational goals and objectives. Here's an overview of the TRM cycle: [Plan] - to establishe risk management policies based on the company's philosophy and overall strategy - to develops business plans to achieve management objectives - to define clearly risk appetite policies, determining acceptable risk levels within the business plans [Do] - to execute the business plans - to monitors progress - to conducts individual risk management activities, focusing on predetermined key risk areas [Check] - to evaluate TRM performance through internal audits - to obtain assessments from external organizations to verify TRM effectiveness [Action] - to implement improvements to address vulnerabilities identified during the Check phase - to incorporates lessons learned into the next planning cycle [Foundation for TRM Cycle] The TRM cycle is built upon: - leadership from top management - "risk culture" supported by employee education and risk management metrics incorporated into incentive systems [Communication] The organization communicates its risk management efforts through: - Securities reports - Integrated reports - Shareholders' meetings etc These approaches ensure transparent communication with customers, investors, and other stakeholders regarding the company's risk management practices and performance.By implementing this comprehensive TRM cycle, organizations can more effectively manage risks across all levels and functions, ultimately increasing their chances of achieving their strategic objectives.

Crisis Management in Response to a Risk

In the event of a crisis, we collect accurate information and implement measures to minimize damage, investigate the cause and prevent recurrence.
The overall response is stipulated in the Crisis Management Manual, and a level is determined according to detailed information about the crisis and respond promptly in cooperation with related parties inside and outside the company. In the case of serious incidents, the Head Office Crisis Management Center, headed by the President, will be established to quickly respond to emergency situations. To deal with crises such as accidents, hijackings, etc. that directly affect the operation of aircraft, the company has established detailed procedures in the Emergency Response Manual (ERM) and conducts crisis response training, presuming the cooperation with related parties inside and outside the company.

Risk Management Structure

The Group ESG Management Promotion Committee monitors progress of measures in accordance with the ANA Group Total Risk Management Regulations, which stipulate the basic terms of the group's risk management system.
Under the Chief ESG Promotion Officer (CEPO), who is responsible for the promotion of ESG management (promotion of risk management and information security), each group company has established a risk management system by having in place an ESG Promotion Officer (EPO) as responsible for promoting it and an ESG Promotion Leader (EPL) to actively promote it.
Sustainability-related risks are also handled within the total risk management structure.
Each EPL assumes a role to conduct risk management (risk prevention) operations according to plans and take swift action while working with the secretariat in the event of a crisis.

The Group ESG Management Promotion Committee identifies the ANA Group's key risks and monitors the progress of measures. The Chief ESG Promotion Officer (CEPO) oversees risk management as the highest authority for promoting ESG management, and provides instructions and supervision to the ESG Promotion Officers (EPO), who are responsible for promoting ESG management at each Group company, the ESG Promotion Leaders (EPL), who are the driving force behind ESG management promotion. EPO and EPL systematically implement preventive measures (identifying risks, analyzing and evaluating risks, considering and implementing measures, monitoring), and in the event of a crisis, they respond to the crisis (collecting information, implementing initial responses, determining the cause, formulating measures to prevent recurrence), and they work with the Risk Management Team of the Group General Administration to comprehensively grasp all company risks, and they are building a risk management system.

Chief ESG Promotion Officer (CEPO)

Jun TANEIE. ANA HOLDINGS INC Member of the Board, Executive Vice President
Assignment in the Company: the Company Chairman of Group ESG Management Promotion Committee, In charge of Group Risk & Compliance, Legal & Insurance, General Administration

She has extensive experience in marketing. She has engaged in spreading and promoting the Group's diversity, equity and inclusion, and has actively reported the achievements at domestic and international conferences and other venues. From April 2024, she is promoting ESG management and risk management. With regard to IT and digital-related areas, she has experience in the strategic reinforcement of the marketing system infrastructure, where she was responsible for overseeing the planning, development and operation of the system. She has extensive knowledge and experience of the Company's system structure, information security, potential risks and their management.

The three lines of defense

To effectively implement risk management, three lines of defense have been established, as shown in the diagram.

In order for effective risk management, we have established the three lines of defense. The first line of defense refers to business departments which own and manage risks. The second line of defense refers to administrative departments which monitor risk management of the first line of defense. The third line of defense refers to internal audit department which provides advices on risk management from an independent position. Each of the three lines of defense plays its role in preventing risks.

Major Initiatives

Implementation of Education

ANA Group regularly provides education and training on risk management to all levels of the company (directors, managers and staff) in order to deepen their understanding of risk management and to foster an effective risk culture.

  • Conducting study sessions for directors (including independent outside directors) on total risk management.
  • Implementation of e-learning related to total risk management for directors and employees

Business Continuity Plan (BCP)

Information Security

Security Export Control

Data & Privacy Governance
(Protection of Personal Information)

pagetop