Business Risks

Olympus Corporation applies the regulations in Note (31) listed in Form 2 of the “Cabinet Office Order on Disclosure of Corporate Affairs” following amendment in accordance with the “Cabinet Office Order Partially Amending the Cabinet Office Order on Disclosure of Corporate Affairs” (Cabinet Office Order No. 3 of January 31, 2019).

The business performance of the Olympus Group may be materially influenced by various risks (uncertainties) which may occur in the future. The Olympus Group has implemented a global Enterprise Risk Management Methodology to support the achievement of its business objectives which include inter alia its management philosophy and corporate strategy. Specifically, the Olympus Group’s risk management is based on the “Policy of Risk Management & Crisis Response” and related rules. The Olympus Group is undertaking Enterprise Risk Management from the perspective of both opportunities and threats. Opportunities are seized through active and appropriate risk taking leading to sustainable growth and value creation for the Olympus Group. Threats are identified, prioritized, and treated to ensure the achievement of business objectives and to prevent non-compliance.

In April 2023, the Olympus Group launched a new global organizational design to integrate the four functions Risk & Controls, Compliance, Privacy, and Information Security related to Governance, Risk and Compliance (GRC) into a global GRC organization. In addition, the Olympus Group started to transfer the existing Enterprise Risk Management Portfolio into an advanced methodology and performed a global Risk Assessment with all functions to validate and update Olympus Corporation’s global Risk Portfolio based on this enhanced methodology.

In particular, the elements of the enhanced Enterprise Risk Management System are:

  • A global Risk & Controls organization embedded into the GRC function,
  • An enhanced global Enterprise Risk Management Methodology and Approach, and
  • A globally harmonized Enterprise Risk Management Process.

Those three elements aim to ensure a streamlined Enterprise Risk Management that feeds into business and financial planning and safeguards the achievement of Olympus Corporation’s business objectives and its corporate strategy by supporting informed decision making.

Enterprise Risk Management Organizational Setup

The Olympus Group has established a new committee structure on both a global and regional level, the Global and Regional Risk Assurance and Compliance Committees (G-RACC and R-RACC, collectively the “RACCs”). The objectives of the RACCs are to establish, implement and manage a framework for addressing enterprise risk and complying with applicable policies, laws, and regulations. Recommendations, guidance and significant risks are regularly reported to the Olympus Group Executive Committee (GEC), the Board of Directors (Board), and the Audit Committee for ongoing monitoring.

The Olympus Group also identified and collaboratively nominated Risk Owners, i.e., Global Division and Function Heads and Regional Division and Function Heads and respective Risk Coordinators responsible for managing risks. Each Risk Owner is accountable to execute the necessary measures (organizational structure, process preparation, focus measures, etc.) in their designated area of risk.

< Enterprise Risk Management Organizational Chart >

Enterprise Risk Management Methodology and Approach

The Olympus Group has established a global Enterprise Risk Management Methodology and Approach which includes 5 calibrated Risk Categories (1. Strategic (incl. External), 2. Operations & Product, 3. Financial, 4. Governance, and 5. IT & Digital) and corresponding Risk Sub-Categories.

< Enterprise Risk Management Risk Categories >

The Olympus Group also introduced three Risk Evaluation Criteria (1. Exposure, 2. Vulnerability, 3. Velocity) to evaluate and display each individual risk that might have an effect on the achievement of Olympus’ business objectives as well as on the corporate strategy:

  • Exposure which is determined by likelihood and impact. The likelihood indicates the probability of a risk materializing, while the impact assesses the severity of the consequences if a risk does materialize. Likelihood and impact levels are defined as quantitative (financial) or qualitative criteria.
  • Vulnerability which refers to how well the organization is prepared to manage a risk if it occurs.
  • Velocity which indicates how fast Olympus Corporation would be affected by a risk after it occurs.

Based on the three criteria, the Olympus Group actively identifies, mitigates and monitors risks. Mitigation measures are regularly reviewed and tested for effectiveness.

The Olympus Group has also introduced a so-called “3D-Risk Matrix” to visualize and manage risks. It combines the Exposure with the perceived Vulnerability and adds the Velocity to the assessed risk. The matrix is split into four quadrants. Each of them gives an indication how the risk should be dealt with. The Olympus Group also introduced an updated IT application based on databases and dashboards to facilitate better and informed risk-based decision making.

< Enterprise Risk Management Risk Evaluation Method >

Enterprise Risk Management Process

The main components of the Enterprise Risk Management Process are:

  • Risk Assessment to identify, analyze, and evaluate risks.
  • Risk Treatment to mitigate risk, coordinate and execute Risk Management Activities.
  • Risk Monitoring to design and implement monitoring procedures on risks and evaluate effectiveness on Risk Treatment activities.
  • Risk Reporting to aggregate and valuate risk and mitigating measures and report to relevant stakeholders regularly. Risk Reporting is developed and deployed internally as part of the annual plan.

The Enterprise Risk Management Process is based on the strong collaboration between the Risk & Controls Function and the Division/Business Functions following the principle of the Three Lines Model.

Risk & Controls is responsible to provide, maintain and develop the Enterprise Risk Methodology and operational guidance. We are promoting the spread of the new organizational structure and methods within the company.

< Enterprise Risk Management Process >

Macroeconomic Business Environment

Macroeconomic developments worldwide have been severely affected by the impact of the war in Ukraine and the situation in the Middle East region. Energy prices have risen and remain high on a global level. Inflationary developments are also aggravated by supply chain disruptions. Combined with noticeable skills shortages, this has been leading to an overall slowdown in the economy and consumption. However, inflation is falling faster than expected in most regions, in the midst of unwinding supply-side issues and restrictive monetary policy.

Geopolitical instability is also one of the greatest threats to economic growth, and other potential high-impact supply chain risk events including cyber-attacks, high-impact weather events, and uncertainty in the procurement of raw materials and components have increased in recent years. Material price increases and product shortages resulting from external issues (e.g., increasing trade barriers and lower raw material availability) require intensive focus on strong supplier management.

Awareness of the impact that environmental issues may have on business operations has reached significant levels and has become an inherent business requirement from stakeholders.

On the technology front, digital transformation is accelerating across all areas. In response to this, there is a trend towards shortened development cycles being requested. Practical application of technology innovation (AI/robotics/ICT) is also progressing rapidly.

Industry-specific Business Environment

In the medical field, healthcare system reforms are being continuously implemented in Japan and overseas with the aim of curbing medical care costs and improving the quality of life of patients by improving the safety and efficacy of healthcare services. As a result, legal and regulatory requirements for medical device applications and registrations in each country, including the US Food and Drug Administration (FDA) and European Medical Device Regulations (EU-MDR), are increasing every year. In addition, the requirements concerning infection prevention and reprocessing (i.e., cleaning, disinfection, and sterilization) are becoming more complex.

The hurdles and complexities for technology development are increasing due to changes in healthcare policies in various countries, reductions in healthcare costs, tighter healthcare-related laws and regulations, and further increased demands for infection prevention and reprocessing. Accordingly, the business environment is becoming more demanding, not only due to new and alternative technologies, but also due to the entrants into the medical industry from other industries, including large technology companies.

Furthermore, there is a growing need for healthcare as societies progressively age, particularly in developed countries. There are efforts underway in various countries to reform healthcare systems, aiming to optimize the provision of effective, high quality healthcare services in spite of rising healthcare costs. Under such circumstances, there are many competitors in the business areas in which the Olympus Group is involved, and technological innovation is also progressing. Especially, competition in the Therapeutic Solutions Business is intensifying more than ever before.

In the Chinese market, although trade friction between the U.S. and China is intensifying, and uncertainty surrounding the Chinese market is intensifying in the form of Chinese government policies favoring national production and the promotion of concentrated purchasing, the Olympus Group sees the Chinese market as a market with the potential for sustainable growth. Furthermore, other emerging markets are also experiencing increasing healthcare needs and economic growth potential.

In the industries in which the Olympus Group operates, competition for talent is intensifying globally, and changes in the labor market are leading to higher retirement rates. Recruitment, development, and retention of personnel is becoming increasingly important.

The Olympus Group’s Risk State for the Fiscal Year Ended March 31, 2024

Based on the Olympus Group’s global Risk Assessment performed in the fiscal year ended March 31, 2024, risks impacting the Olympus Group have been identified, quantified, and prioritized.

Risks designated as “Improve” in the 3D-Risk Matrix have been prioritized for Risk Treatment. For the risks in the “Test” quadrant controls are in place. Routine audits ensure that the existing controls are designed well and operate effectively. Risks located in the “Monitor” quadrant are subject to periodic re-evaluation to ensure that their Risk Exposure is still at an acceptable level or to initiate additional Risk Treatment where necessary.

The Olympus Group reports the following top risks per Risk Category:

Risk Category “Strategy (incl. External)”
Type Opportunity and Threat
Risk Scenarios

This Risk Category consists of the following sub-categories: Planning & Resource Allocation, Business Development & Investment, Communication & Stakeholder Management, Market Dynamics, and Force Majeure.

The highest rated risks are geopolitical threats, supply chain interruptions and challenges to business development in a volatile market. This category includes risks related to market competition.

  • We need to launch products that are competitive in terms of price, technology, quality, etc. into the market in a timely manner, but earnings may be adversely affected depending on the results.
  • The selection of targets for mergers and acquisitions offers both opportunity and threats and requires a careful, risk-based selection, pre signing due diligence and an integration process following up on due diligence findings and post-closing due diligence. If we are not able to sufficiently mitigate these risks, the Olympus Group’s business execution may be adversely affected, or its business performance and financial position may be adversely affected due to impairment of goodwill or other related expenses.
Risk Treatment

To manage above risks the Olympus Group has been focusing on the following top Risk Treatment activities:

  • The Olympus Group monitors the competitive environment, including the emergence of alternative technologies and products in the market, and works towards expediting the selection and development of new technologies that should be adopted in cooperation with marketing, intellectual property and relevant departments. We actively consider not only in-house development, but also the incorporation of external technologies through M&A and alliances, etc. The Olympus Group is working towards the development of new high-value added products and technologies that meet the market needs.
  • Increasing supply chain visibility to reduce vulnerability to supply chain disruptions.
  • Enhancement and harmonization of the global Business Continuity Management System.
  • Review and enhancement of the Merger & Acquisition process.
Connection with company strategy and policies Innovation for Growth, Productivity
Risk Category “Operations & Product”
Type Opportunity and Threat
Risk Scenarios

This Risk Category consists of the following sub-categories: Research & Development (R&D), Manufacturing & Repair, End-to-end Supply Chain, Sales, Marketing & Service, Quality, Physical Assets, and People & HR.

The most significant risks belong to Product Quality, End-to-End Supply Chain and Marketing & Sales. These risks include the availability of products as well as product lifecycle.

In particular, these are:

  • Risks associated with the follow up activities of the FDA warning letters received in the fiscal year ended March 31, 2023. The initialization of a major quality improvement program and remediation activities utilized significant resources in Manufacturing, Quality, Supply Chain Management and R&D that had to be balanced and integrated into routine operations. If we are not able to sufficiently mitigate these risks, the Olympus Group’s business execution may be adversely affected.
  • The need for improving Olympus Corporation’s resilience against external disruptions in the supply chain has been identified in the course of increasing number of geopolitical crises, natural disasters and other supply chain challenges. An example of a natural disaster risk was the 2024 Noto Peninsula Earthquake. This affected a key supplier to Olympus Corporation’s manufacturing operations and its supply of materials in the short to middle term.
Risk Treatment

The Olympus Group has been focusing on improving the stability of the End-to-End Supply Chain and quality processes to provide a premium service and supply to customers, with a primary focus on patient safety. Key activities are:

  • A global multi-year quality program has been initialized to globally and sustainably enhance and harmonize the Quality Management System and Quality processes.
  • Projects to improve the supply chain visibility and to maintain independence from suppliers.
  • Enhancement and harmonization of the global Business Continuity Management System
Connection with company strategy and policies Patient Safety and Sustainability, Productivity
Risk Category “Financial”
Type Opportunity and Threat
Risk Scenarios

This Risk Category consists of the following sub-categories: Capital Structure, Accounting & Reporting, Liquidity & Credit, Revenue Cycle, and Tax.

The Olympus Group provides products and services in various markets all over the world and recognizes the risks associated with foreign currencies exchange rate fluctuations. The Olympus Group’s business performance may be adversely affected by a strong yen, while it may be positively affected by a weak yen. We hedge foreign currency-denominated receivables and payables where possible, however in the event that sudden exchange fluctuations occur or if receivables and payables being hedged differ significantly from expectations, the Olympus Group’s business performance may be adversely affected.

The Olympus Group finances itself by, among others, loans from financial institutions as well as issuance of bonds. Changes in the financial markets may have an adverse impact on our financing capacities. Furthermore, if the financing cost rises due to the deterioration of the Olympus Group’s business performance, the financing of the Olympus Group may be adversely affected, while if the financing cost decreases due to the improvement of the business performance, it may be positively affected.

The Olympus Group’s tax burden may be increased due to changes in applicable tax laws or changes in their interpretations and application guidelines in jurisdiction of each country in the world. The valuation allowance for deferred tax assets may need to be increased as a result of recoverability reassessment due to changes in business conditions or the implementation of organizational restructuring. If such situations occur, it may adversely affect the Olympus Group’s business performance and financial position.

We also recognize risks related to credit risks of customers, suppliers, etc.

Risk Treatment

The Olympus Group uses derivative instruments such as forward exchange contracts, currency swaps, etc. to reduce the risk of exchange fluctuations. Furthermore, we are working to reduce foreign currency denominated receivables and payables through improving the efficiency of the Olympus Group’s funds by introducing global cash pooling.

For risks related to financing, the Olympus Group is reducing funding costs through the diversification of funding methods such as the issuance of commercial paper and public bonds. The Olympus Group adopts a fixed interest rate policy for long-term interest-bearing debt to limit the impact of rising interest rates. In addition, we are working to improve the efficiency of the Olympus Group’s funds and strengthen financial management by introducing global cash pooling.

In regard to changes in applicable tax laws in each jurisdiction, or changes in their interpretations and application guidelines, the Olympus Group is monitoring the amendments to laws and changes in regulations and making changes as appropriate to rules for transactions within the Olympus Group. In regard to deferred tax assets, the Olympus Group is monitoring the profitability of each group company and controlling the financial results so that the respective companies can appropriately secure profitability while also paying close attention in cases of business combinations for changes in profitability following such restructuring in order to minimize risks.

With respect to credit risk, the Company monitors the financial condition of credit recipients and takes action as necessary.

Connection with company strategy and policies Productivity
Risk Category “Governance”
Type Opportunity and Threat
Risk Scenarios

This Risk Category consists of the following sub-categories: Culture, Regulatory, Legal, Compliance, Data Privacy, and Corporate Governance.

These risks relate to the following areas:

  • A lack of integration of contract management processes and contract management database may cause a lack of transparency and potentially trigger contract breaches, claims or liabilities.
  • The Olympus Group is facing numerous medical device regulations and laws as well a complex web of trade regulations where incomplete documentation or breaches may immediately impact product availability.
  • The remediation activities underway to address the FDA warning letters received in the fiscal year ended March 31, 2023 need to be fully executed in order to comply with regulations. Depending on future progress, additional regulatory actions may be taken by the FDA.
  • A lack of a globally consistent Business Continuity Management system.
Risk Treatment

The following key activities have been started and/or implemented:

  • A project has been initiated to assess and enhance contract management processes.
  • Integration of regulatory improvement projects into the global quality enhancement program to enhance overall quality and regulatory systems.
  • A close communication between Olympus Corporation and the regulatory authorities to ensure alignment of plans and expectations.
  • A project for developing and implementing a globally consistent Business Continuity Management system has been kicked-off and is being implemented to harmonize existing Business Continuity Measures.
Connection with company strategy and policies Patient Safety and Sustainability
Risk Category “IT & Digital”
Type Opportunity and Threat
Risk Scenarios

This Risk Category consists of the following sub-categories: IT Security & Cyber, IT Applications, IT Governance, IT Infrastructure & Services, and Digital.

Cyber Security breaches are evaluated as high risks and require constant attention and adjustment.

As Olympus products are increasingly utilizing digital technologies to improve quality and efficiency of patients´ treatments, the measures to protect against cyber security breaches extend from product development all along value chain.

Risk Treatment

Top treatment measures to avoid or manage Cyber Security breaches include:

  • An enhanced IT and Information Security organization has been established to maintain and manage the IT and information security management topics. A global project has been run and is continued to enhance the overall security posture of the Olympus Group.
  • An IT Risk Management Framework that directly feeds into the Enterprise Risk Management System has been implemented.
  • Security and collaboration requirements with Third Party Providers have been and/or are being reviewed and enhanced.
  • Business Continuity Plans and Disaster Recovery Plans are being enhanced in line within a project to globally harmonize Business Continuity Management to minimize effects on customers and patients in case Cyber Security breach materializes.
  • To protect products and digital services from Cyber Security breach, a global initiative was launched to implement measures including technologies and processes considering latest Cyber Security requirements.
  • Employees are educated in periodic manner about Cyber Security threats as well as preventive measures they can do in their daily jobs.
Connection with company strategy and policies Patient Safety and Sustainability, Productivity

Due to the change in the Risk Assessment Methodology and the full review of the Olympus Group’s Risk Portfolio, the content and the order of the risks have changed. After the re-evaluation, the below risks have been ranked lower than the above Top Risks and therefore are not mentioned. These risks are still covered in our current Risk Portfolio and are being addressed and monitored.

  • Risks associated with Litigation
  • Risks associated with Human Resources
  • Sustainability risks, including those related to climate and the environment

May 17, 2024 Updated

Tokyo Stock Exchange